Brenda Ferraro is the Head of Technology Third Party Governance at Wells Fargo. She has transformed the third party risk management program from relying on outdated questionnaires to using innovative techniques like continuous evaluation and real-time risk management. This involves partnering with third parties to share risk information on an automated portal and using tools like machine learning to better understand third party risks. Her goal is to make third party risk management more proactive and reduce reliance on reactive practices. She aims to influence other banking institutions to adopt these cutting-edge approaches to strengthen security across the industry.
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
10 Most Influential Leaders in Cybersecurity, 2022.pdf
1. VOL 11I ISSUE 08 I 2022
Enabling Betterments for Safe Cyber Spaces
Brenda
Ferraro
Head of Technology Third
Party Governance
Wells Fargo
1
1
1 Most
Leaders
Leaders
Leadersin
Cyber Security
Cyber Security
Cyber Security
2022
Influential
2.
3.
4. othing is ever truly free. The internet might seem to be a
Nfree service, but the cost of scrolling the net without
paying a cent is you. Every platform we sign up for requires
an email account and agreement to their privacy terms, a
seemingly harmless request that has resulted in potentially serious
concerns for not only individuals but also democracies of the
world.
The internet has become a necessity of life in modern society. For
the average user, the cost of trading themselves and their data to
be able to use the net might not seem like a fair trade, but
alternatives have hardly existed till now.
It is an open secret that user data is being sold on the black market
and is being used to manipulate people and societies. The
Cambridge Analytica scandal and other such incidents have played
an eye-opening role in the critical damage user tracking can do.
Events such as these have perhaps highlighted the importance of
tackling data privacy not only at the individual and organizational
level but also lawfully and governmentally.
Consequently, the biggest tech companies with the most browser
usage statics, Google and Apple, have made changes to their
privacy terms. Numerous regulatory bodies have also stepped in,
increasingly requiring websites to be more transparent in what
data they are collecting and to whom they are sharing with.
Undoubtedly, there has been pushback. Companies like Facebook
and Twitter rely on advertising and user data for the majority of
their revenue. Others have presented valid arguments that
EDITOR’S NOTE
The Data Privacy
Debate
5. shutting out other companies from tracking user data would result in a Google, Apple, and Microsoft
monopoly because they still track users who use their browsers. There are also startups that have come
up with alternative models that hope to strike a balance between the user and advertiser.
As the debate on privacy and security rages on, we at CIOLook decided to launch the '10 Most Influential
Leaders in Cybersecurity, 2022.' In this edition, we approached various leaders in cybersecurity to get a
diverse perspective on the happenings of the cyber world and its impact on organizations and societies.
Sakshi Shrivastava
SakshiShrivastava
1
1
1 Most
Leaders
Leaders
Leadersin
Cyber Security
Cyber Security
Cyber Security
2022
Influential
6. C O V E R S T O R Y
08
Enabling Betterments for Safe Cyber Spaces
Brenda
Ferraro
7. 20
The Quality Challenge
Your Backbone to RPA Success
16
Industry Intel
Rethinking the products
of today
for a better tomorrow
24
Leader’s Viewpoint
Its all about Evolving
9. Brief
Company Name
Boch Systems West Africa provides customized solutions
dealing with data security, data misuse, web attacks, and digital
forensics.
Featured Person
Boch Systems West Africa
bochsystems.net
Akinlawon Babajide
Fayokun
Ethical Hacker
Tapad Graph is evolving with the changes to privacy regulation
and data deprecation across our customer's most essential touch
points with consumers to support their efforts without
disruption.
Tapad
tapad.com
Ben Rothke
Senior Information
Security Manager
Wells Fargo’s vision is to satisfy its customers’ financial needs
and help them succeed financially.
Wells Fargo
wellsfargo.com
Brenda Ferraro
Head of Technology
Third Party
Governance
Eversource is a business & residential energy provider in CT.
Access information about your residential account, outages,
programs, safety tips and more.
Eversource,
eversource.com
Chris Leigh,
CISO
Petrofac Limited is an international energy services company
that designs, builds, manages and maintains oil, gas, refining,
petrochemicals and renewable energy infrastructure.
Petrofac
petrofac.com
George Eapen
Group CIO
J.P. Morgan is a global leader in financial services offering
solutions to the world's most important corporations,
governments and institutions.
JP Morgan
jpmorganchase.com
Marissa Reese Wood,
Executive Director
Academy offers the best brands under one roof — curated to
make the most of every budget.
academy
academy.com
Mark Alvarado,
Director of Cyber Security
& IT Compliance
Cybertronium is a Cybersecurity Product, Services and
Training company that provides highly focused skills training
with 100% hands-on practical experience.
Cybertronium
cybertronium.com
Priyanka Jayakumar,
Cybersecurity Blogger
The CERT Division is a leader in cybersecurity.
CERT Division at the
Software Engineering
Institute
dell.com/en-in
Bobbie Stempfley
Vice President
FirstBank offers banking solutions for businesses and
consumers including loans, mortgages, checking and savings
accounts, online and mobile banking.
FirstBank
efirstbank.com
Brenden Smith
CISO
11. Brenda
Ferraro
Brenda
Ferraro
Enabling Betterments for Safe Cyber Spaces
C O V E R S T O R Y
I was sent off to receive a process
mastery certification which I leveraged
to drive innovations and influence to
enhance processes using innovative
techniques to eliminate risk out of the
third-party ecosystem.
12. certification which I leveraged to drive innovations and
influence skills to enhance processes using cutting edge
techniques to eliminate risk out of the third-party
ecosystem.”
Over the years, Brenda learned how to properly
navigate the cyber security world through tenacity and
surrounding herself with people who thrived on making
a difference, which helped turn her into a third-party
risk and incident management strategic anomaly.
Embarking with a Mission
Wells Fargo's Technology embodies a 6-S Strategy as
their vision to foster paths of new frontiers, powered
by a mission to deliver – stable, secure, scalable, and
innovative services at speeds that delight and satisfy
the customers and unleash the potential and skills of
the employees.
She is influencing the Technology Third Party
Governance modernization program as the new
frontier for Third Party Governance. She believes that
recognizing the current way of doing business worked
well in the past, but it is also a ripe time for taking the
process and workflow and transitioning to a more
modern transformation.
eliability is required for one to feel protected
Rfrom every potential threat. It initially begins
with parents and slowly, as it turns out, becomes
essential in every instance – from consuming food to
using technology.
While the present cuisines are traced and doubly
layered at every step of the process to ensure safety,
one may wonder about the elements that are ensuring
consumer protection in the new age of the internet
world. As per current statistics, the internet has
become a vulnerable spot for everyone – from children
to the elderly. Apart from its social repercussions, it
hurts the global economy, too, costing the world around
$10.4 trillion annually by 2025.
But global leaders are curating a durable, cost-effective,
and stronger solution than the rising incidences of
multiple types of cyber-attacks.
One such leader is Head of Technology Third Party
Governance – Brenda Ferraro, who made a 360-degree
turn in her career choices from first selecting arts to
now managing complexthird party programs. Marching
forward with her passion in the field and resolving the
ever-emerging technological challenges, she is
fabricating an internet world that is secure for
everyone.
This purpose is enhanced by her active role in Wells
Fargo, a company that is providing its customers with
secured financial services and simplifying lives with
everyday checks. They aim to protect account holders
from any kind of threat in the financial sector.
Let us dive to read more about how Brenda is leading
change in this sector!
The Unfolding
Brenda's journey as a business leader, throughout her
career to the position at Wells Fargo, was not a
traditional one. She had to face challenges as a female
in a world where there are 15 percent or fewer female
leaders; what she brought to the table was experience
rather than a degree.
Talking about the process and subsequent
accomplishments because of this approach, she shares,
"Early on in my career, executives took notice of my ability
to break down processes and reconstruct them by removing
delay and waste. I was sent off to receive a process mastery
I found myself pulled back
into the financial sector
when I was asked to help
Wells Fargo transform their
Technology Third Party
Governance program.
13. Cultivating/ Habituating to Dynamism with Values
Brenda thinks that transforming an organization from
doing what they are used to for many decades to
embarking on a future of cutting-edge techniques is a
huge occasion for the organization as well as its
employees.
For this, the key elements and strengths that she looks
for in the people and culture are the ability to change,
do things differently, and make a difference for not only
themselves or their department but also for others
outside their area of control. This, she thinks, should be
supplemented with the values of sincerity, logic, trust,
and the ability to get things done at a rapid pace
without complaint.
She comments, "Time can be a transformation's and a
modernization's worst enemy. It takes courage and the
ability to see past the norm to create something that has
not been done before. The strength to beat all odds seems
so cliché; however, that is what is required to become better
than the best and better than great.”
Knowing the Essentials to Deliver Beyond
Brenda opines that leveraging a give-me-what-you-got
approach to third-party management will help to
provide a broad spectrum of intelligence that can be
formidable in making risk-based decisions.
She finds that many who try to accomplish proactive
risk management do not get past the legacy techniques
that have been used and that employees are used to.
"Best practices are not best practices if everyone is using
them", comments Brenda. Her experience suggests that
techniques need to be stretched far beyond what is
thought to be possible, and only then can one break
barriers making way for fundamentals that have not yet
been discovered.
Every company where she had the opportunity to
influence has received the recommendation to build a
portal where information can be shared to combat the
advisories and the attacks. She says, "It is not easy to
manage a real-time bi-directional portal for your third
parties. But your third parties and your internal
stakeholders deserve automation that provides
transparency of what risks are present or being
remediated.”
While briefing about the company's services, she says,
"Our program functions and techniques are being refocused
on how we partner with our Third Parties. The cutting edge,
not best practice, builds in fundamentals of what we call –
continuous evaluation and real time risk management."
Because of this, she states, "Questionnaire and survey
responses will be reduced, and questionnaire fatigue will be
history due to a capability where third party questionnaire
responses can be harmonized with threat intelligence and
other means to better understand third party risk
assurance. As a part of governance, the machine learning
and artificial intelligence reporting will be on steroids due to
the Key Risk, Performance, and Control indicators captured
for transparency in Metrics & Measures to heighten risk
management awareness.”
Starting from Arts to Now in Cybersecurity – The
Motivation Behind
Back when Brenda was attending high school into
college, she did not have third-party risk management
as her career of choice. She says, "I wanted to be a triple
threat in the art of music, singing, and theater. The thought
of cyber security, third party, incident management, and
process management never once crossed my mind."
She supposed that focusing on the arts provided her
with the ability to think ahead, gave her the platform to
speak in front of people, and learn about how to create
grandiose things.
Throughout her career, she has had the pleasure to help
define and design strategies at large and medium-sized
companies of every sector. She started in the financial
industry and found her way back to the industry but
with a different twist towards banking. Sharing her
moment of realization, she says, "I was caught off guard
with the compliance and regulatory requirements that
banks are subject to uphold. I quickly discovered how
critical and important control management is for the banks.
I found myself pulled back into the financial sector when I
was asked to help Wells Fargo transform their Technology
Third Party Governance program."
For her, this is not a job; it is a love for creating
something big, something different, something exciting
and new. Even something that other third-party
programs, industry agnostic, will want to use to help
drive risk out of their ecosystem as well.
14. Initiating an Advanced Era in Risk Management
Brenda observes that change for some people is not
comfortable, so over-communication is the key. She
further adds, "Keep in mind that transforming an
organization and a program cannot be built using a
platform or a software program. Platforms and software
can be leveraged to implement automation where possible
but cannot be used to define or design your techniques or
talent.”
Every resource that works with her wants to provide
them with the ability to succeed in their career. Brenda
shares, "I would like to share, with each person I interact
with, the ability to take what they learn and spread it
globally. Specifically for the banking industry, I would like to
see third party programs use continuous evaluations where
questionnaires become a trend of the past."
Continuing with these strings of thoughts, she says,
"Something for the history books, of course, but something
that we need to let go of – as we did with corded
telephones, or cassette recorders, or VHS tapes. Yes, I just
dated myself, but if you think about it, evolution is
inevitable and why not be a part of how it is transformed to
make your mark?”
Information gathering is not what one should be
focused on for third-party risk management. Brenda is
sure that the new age of risk management is a
partnership and the ability to harmonize what the third
party tells and what threat intelligence knows about
their practices.
Targeting the Upcoming
The present becomes the past in seconds, so it is true
for the future that turns into the present in no time;
hence it requires leaders to be quick and already decide
on what they foresee.
For Brenda, the next momentous change in the banking
sector is migrating from reactive to proactive risk
management. She asks, "Wouldn't it be spectacular to
have the ability to act on incidents with rapid response
techniques that will inform the information security and
technology space specifically what action needs to take
place without having to request information from third-
party business partners?"
She invokes each one to imagine the ability to be
already informed about the impact a known third party
Our program functions and
techniques are being
refocused on how we
partner with our Third
Parties. The cutting edge,
not best practice, is
building in fundamentals of
what we
call – continuous
evaluation and risk
management.
15. Security, as well as Incident Management, can be a
thankless job. As a woman, or even non-gender specific,
this career field changes constantly. It is not for the
weak of heart. And, if one has the stamina and the drive
to make a change in the world, then never give up
because unchartered territory will not come easy, yet
unchartered territory is extremely adventurous and
exciting.
Lastly, she pens an essential and motivating thought
where she says, "Each one of us has something special to
bring to the table; make sure you bring that stellar
capability to light. Make a mark on the world, on a person,
on a process. Do not just make a legacy;
become the legacy.”
I desire to fulfill the needs of
the company and to make
sure I am helping those
working with me to succeed
as a cohesive organization
that creates a positive impact
to any department internally
and externally where we can.
will endure and to help them rather than polling these
third parties to determine if an incident impacts them.
Probing deeper, she questions, "Wouldn't it be great if
you could determine weak security domains with trending
data to help to combat the vulnerabilities proactively as an
ecosystem that thrives on making it difficult for the
advisories?”
At Wells Fargo, they are preparing to be the first in the
banking industry that will be the front runners in
concert with their peers. The company's new ways of
business will foster the knowledge to know who is
impacted by a vulnerability without having to ask and
strengthen not only Wells Fargo and its Third Parties
but also a fellow on a global front.
Curving with Ticking Time
The common question asked by an individual is about
their future goals. In that long list, Brenda's name is
included too. So, sharing the details about how she
envisions her future to be, she says, "My future goals at
Wells Fargo are determined by where the company needs
me. I am unwavering to help lead and influence those
around me in a way that fits their desire to grow, their way
of being valued, and their overall learning style."
Adding on, she says, "I desire to fulfill the needs of the
company and to make sure I am helping those working with
me to succeed as a cohesive organization that creates a
positive impact to any department internally and externally
where we can.”
Bits and Bytes of Advice
Before motivating the young generation, she makes
them realize an important fact. She says, "When I
worked in the vendor space, which is not really the dark side
as I learned so very quickly, I just didn't realize how much I
missed the corporate sector. Both types of industries are
vastly different. Both demanding and of course both
rewarding.”
Speaking from her ocean of experience so far, she
conveys, "If you aspire to build a third-party risk
management program or going into incident management, I
recommend you take a good look at what your dreams are
for your life and turn that dream into a reality. Never lose
sight of focus towards the good that you should share with
others.”
She thinks that Cyber Security and Information
16.
17. 1 Year
12 Issues
$250
6 Months
6 Issues
$130
3 Months
3 Issues
$70
1 Month
1 Issue
$25
CHOOSE OUR SUBSCRIPTION
Stay in the known.
Subscribe to CIOLOOK
Get CIOLOOK Magazine in print, and
digital on www.ciolook.com