Georgia Fintech Academy

Episode 17: Fintech cybersecurity with DefenseStorm - DJ Landreneau/DefenseStorm and Michael Olajide, Georgia State Robinson College of Business

July 16, 2020 Georgia Fintech Academy Season 1 Episode 17
Georgia Fintech Academy
Episode 17: Fintech cybersecurity with DefenseStorm - DJ Landreneau/DefenseStorm and Michael Olajide, Georgia State Robinson College of Business
Show Notes Transcript

DJ Landreneau of DefenseStorm joins Michael Olajide from the Georgia State Robinson College of Business to discuss recent information security trends in banking and the broad capabilities of DefenseStorm. 

Speaker 1:

Welcome to the Georgia FinTech Academy podcast. The Georgia FinTech Academy is a collaboration between Georgia's FinTech industry and the university system of Georgia. This talent development initiative addresses a massive demand for FinTech professionals and give learners the specialized education experiences needed to enter the FinTech sector.

Speaker 2:

Everybody. This is Tommy Marshall, the executive director of the Georgia FinTech Academy, and welcome to episode 17 of the Georgia FinTech Academy podcast. It's great to have you back it's July 16th, 2020, uh, in the, in the national news, we continue to see a kind of resurgence, unfortunately, of the Corona virus, uh, mainly in the Southeast, uh, United States. We're sitting in Georgia and our friends to the South in Florida have really been seeing some, uh, surge, uh, in the university system. We're looking forward to students coming back in about exactly one month. Uh, the plan continues to be, to have students back on campus, uh, across our system. Uh, and we are here to talk about FinTech, uh, and I'm really excited to have DJ Landor new here with us from defense storm. Welcome DJ,

Speaker 3:

Thank you very much. Good to be here. And,

Speaker 2:

Uh, Michael[inaudible] has rejoined us, um, Michael's from Georgia state and welcome back, Michael. It's great to have him. Thank you for having me back. Uh, today we're gonna talk about cybersecurity in financial services, this, uh, defense storm's a fantastic, uh, uh, Georgia based, uh, FinTech company and, uh, DJs represented defense storm today. But DJ, before we get into talking too much about defense storm, uh, we wanna hear, um, about you and your career in FinTech. Tell us about that.

Speaker 3:

Sure. Well, um, after spending 11 years in the military, um, I got involved in the financial service industry by starting out as a consultant working really for community banks. Now, the name of the company was called Brentech, it's a relatively young company and, uh, one of the principles that it started it up, I've been in the Navy with. And so, uh, I was looking at, uh, what was I going to do post Navy, uh, go fly for the airlines to go back to school or do something else. And Jeff, uh, said, why don't I come down and take a look at what they're doing? And it was interesting, um, up to that point in time, about the only thing I knew about banking was I had a checkbook and I knew I needed to have enough money in my checking account. So I hadn't bounced check. So I spent some time with one of our first customers learning all about banking, uh, getting all antidotes and, um, and it started doing consulting for the community banks and really liked it liked the challenge, um, liked helping community bankers. And so, um, that kinda got me started down that path of financial services and really in the banking side, um, from there, um, went up to Atlanta to S one corporation, um, where I worked for a couple of years, mostly overseas living in, in Europe, um, helping our partners over there, um, describe sell and support the product, um, came back from that posting and, and had a really great opportunity to, uh, to really go directly into banking, um, and went up to a rather large community bank, um, in Virginia as the chief technology officer and, uh, and had a great time now for the first time I was actually being a banker and, um, had office in Virginia, the holding company was main street financial corporation. It was a multi-bank holding company. The bank was Piedmont trust bank, and about 1,000,000,005 and assets combined were about 3.5 billion in assets. And we had banks I'm stretching from the Southwest corner of Virginia all the way up into college park, Maryland. Yeah. A lot of really cool things going when I sh going on, when I showed up, you know, internet, um, and networking and, you know, getting all the bank plugged into all of that email, distributed to all the users, all that kind of stuff. And this was right around a one or two K timeframe. And so then of course, had to deal with, uh, the Y2K

Speaker 2:

Michael Y2K, you know, I actually do not. That would be, um, year 2000 Y two K is that is, Oh, so you still don't know, we're talking about the DJ clue, Michael, and what we're talking about.

Speaker 3:

Yeah. So there was this, uh, back back in, in 19 bats, it was probably about 1998, 99 timeframe. You know, all the big brains had predicted that, um, all the computers were going to fail because the internal clocks couldn't roll over and, uh, and go to the 2000 year timeframe

Speaker 2:

Because they were all double byte. And so it all, they were capturing in the, in the systems, and this is mainly mainframe system problem. Um, which, you know, again, you're probably going to look at us like, we're crazy as we're telling the history, but like, this was no joke. There was, uh, the challenge was, it was double by. And so you'd set you in every, you think of every single customer, just as an example has a birth date that has to be in the system because you need to, um, you know, you need to understand the age of your customer, obviously as you're underwriting them or offering them a deposit or whatever. Um, and so you would be capturing their, their, uh, their birthday just with the last two digits. So, you know, I mean, for a lot of customers, who've been 19 say 72. Um, so all you would have is to 72. And so now we needed to be capturing, um, four bytes. So the one nine, seven two, or the two, uh, zero, or I guess when this was happening, everything was before 2000. Um, so, so sorry, I'll take you go back to your story, DJ.

Speaker 3:

No, that's fine. That's fine. Um, so, um, so, so we got through that, uh, the world did not end, um, and then along came BB and T and made the shareholders of the holding company and offer that was too good to refuse. And so we were acquired by BB and T. Oh, cool. Yeah. Um, and so, um, rather than, than take a position with BB and T, um, uh, I had an opportunity, uh, to go with, uh, some company that had been actually consulting for us and doing some charter reorganization at main street. Um, and they had an idea that they wanted to start a pure internet bank. And so I went up with them and we, we didn't know what a bank up in the DC area. We actually took an old DC charter, which had national powers, um, and, and assume that charter. Um, and so, um, and so we started that, we started that organization up, um, and then started shopping around for, for, you know, uh, funding. And it ended up being Countrywide, uh, wanting to take a major equity stake, but then as they got more involved in it, they figured out that they at the 25% level they'd be regulated as a bank holding company. So they just went ahead and took the whole thing. Okay, cool. Um, they did not need a chief information officer in Calabasas, California.

Speaker 2:

That's what became Countrywide bank. That's correct. That, uh, let's see. Was it Tim? Uh, witness? I remember that

Speaker 3:

So well. So when, when they acquired us, um, Jim Fure, Ash, uh, who had been with pure asking a company and management consulting company with ed is his dad and Mark Suter. Uh, they both went out to Calabasas and I went back into more of a consulting, um, and ended up with a couple of different software companies. Um, and that's what I was doing, kind of fast-forwarding um, when I bumped into Jeff Lunsford out on the West coast, and he told me about, um, this, uh, this company that he had just started, uh, back then, it was named to Presidio, um, and pitched the idea to me and wanted me to become a board, uh, to basically take over as the chief customer officer. And so, um, we had a couple of different discussions. I ended up talking to the current CEO and garden. Desario had some great conversations, uh, really liked the concept and what they wanted to do. Um, and so it came a board, um, back in 2014.

Speaker 2:

Wow. That is a great, uh, uh, reveal around just sort of like a lot of the history of FinTech banking and just, um, going back into the mid nineties. Yeah,

Speaker 3:

Yeah. Like, and like Tommy, like we were talking before we started the podcast, you know, the, the FinTech and the banking specifically, the banking community is such a, at the end of the day, it's such a small community. It's true. Um,

Speaker 2:

You hit on some key things you hit on[inaudible], which was, you know, kind of a key player, not only in creating security first national bank, which is one of the first online banks ever, but then creating the technology that many of the medium and large size banks used to power their online banking service. And, um, even bill payment, right. Was, was S one technologies. And then, um, the, and then Countrywide bank of course became a key, um, provider or a source of funds for Countrywide. And, um, it's, um, I guess the eventual demise, um, in the crisis of 2008, I think all of those bank assets were acquired by, um, what's now Mitsubishi financial, um, union bank out in that part of the world. Um, and then into the creation of defense store. That's fantastic.

Speaker 3:

Yeah. Yeah. And, and yeah, just the people that, you know, if you look at kind of the roster currently at defense storm, the number of people that, um, have been involved with[inaudible] or involved with each other, that was important as we were building the team that, you know, we're really kind of started both from a customer perspective and an investor perspective and an employee perspective. We had all worked together and known each other in some form or fashion in the past. So there's that immediate kind of, you know, not only trust, but working rapport with everybody. So we weren't building it. I would say we didn't really build the defense storm team from scratch.

Speaker 2:

Um, also, um, one thing we skipped over was, um, my name is in the Navy. Were you a Navy pilot? Cause we, uh, we seem to be attracting Navy pilots onto our podcasts, um, rehab, uh, Jason Jones, uh, on, uh, uh, three or four episodes ago. Uh he's with right now real estate. And, uh, he has, the name is silent

Speaker 3:

As well. The one thing I will say is that we like to refer to ourselves as Naval aviators because the pilot, somebody that actually drives a boat.

Speaker 2:

Fantastic. Um, it's great to have you back with us and representing Robinson college of Georgia state, um, and, uh, it's been great having you as part of the Georgia FinTech Academy and particularly our, um, student advisory council. Um, we, I appreciate your, um, your input and feedback on the, on the program. And, uh, thanks for joining me today as we learn more about defense storm. Um, let's so let's go back to that. Let's go back. I w we want to hear more about, um, you know, defense storm, your business, your value prop, what you're addressing in this, uh, banking space, which I know is a critical, critical, uh, offering as of course, cybersecurity and information security are just more important than ever for all companies. And of course, for banks.

Speaker 3:

Um, okay. Where do you want me to start them? Um,

Speaker 2:

Um, about kind of, um, you know, the, the types of, uh, financial institutions you all, uh, look to address, and then just tell us a little bit about, you know, when you're in, um, with, with these clients, uh, what, what they're looking for from, uh, from a defense storm.

Speaker 3:

Sure, sure. Um, so, you know, I'll say the first thing is that, um, you know, as a cyber security company, um, we, our, our, our market is financial services. We market to banks and credit unions. Um, we are bankers. And so we understand the domain space. We understand the challenges that that industry faces on, uh, you know, both from a, from a business standpoint, from a regulatory standpoint, et cetera. And so, um, you know, a lot of what we have done, um, for the company in terms of both product and, um, and staffing and procedures, et cetera, is all geared towards financial services. Um, that's not to say that, you know, we couldn't take our platform and, and go horizontal and market to other industries, but we chose to focus specifically on the financial services industry. And so a lot of what you would see within the application, um, everything from just the straight cybersecurity or the SIM piece of it, if you will, um, to some of the new stuff that we've got rolling out, which we're really excited about, which would be more on the compliance side of the house and how, um, we can leverage the data that's coming into the platform to allow our clients to not only, um, make sure that they're safe and secure from a cyber security standpoint, but also make sure that they're able to demonstrate to their auditors and the regulators that they're doing, all the appropriate things. I used to boil it down back in the old days. And, and the, our marketing and sales team would probably kill me if they heard me say this, but, you know, um, I would say, um, you know, banks want to be safe and must be compliant. Now that doesn't mean that just because you're compliant that you're safe. Uh, but, um, you know, you can put all the, all the systems and security in the, in, in place to be safe, but if you're not doing the things that the regulators want you to do from a compliance standpoint, you're going to get dinged, you know, start getting letters and life starts to get really miserable.

Speaker 2:

The, um, and then when you're, yeah. What, what would you say are the like major info security risk, um, that are front of mind for your clients right now?

Speaker 3:

Well, you know, the, the human factor stills T tends to be the most weak, weak part of the system. Um, and so what I mean by that, well, you know, we still see the majority of, of, you know, call it hacks or breaches, whatever term you want to put on to it, you know, um, coming into the form of either a fish or an email and so, you know, training. Um, but you know, it's the, the, the challenge is, is, is, is monitoring all that data to make sure that when something does happen and you can see that it happened. So a typical attack path would be, you know, um, customer service rep in a bank gets an email message, and they're getting, they're getting hundreds of messages a day, and, uh, the bad actors are getting craftier and craftier, their grammar is getting better. Um, they're getting more targeted, you know, and just kind of as a side note, you know, community banks, you know, being part of the community have typically put a lot of information out on the web, you know, on their marketing website, they've got the list of board of directors. They've got the it management team, they've got all the charities that they're getting ready to do, or events that are coming up. Well, the bad actors will leverage that. So you get very targeted, um, you know, email attacks against, uh, against the bank employees, you know, and they, they, they click on the link and know, that's it. Um, you know, now you've got something and you got to drop, or you got some kind of attack on the machine. Um, and, uh, and so then it's gonna start exploiting the network. And so the ability to capture all of that network data, all of that information and consolidate into one place, and then here's probably a more important part. Um, cause you know, we have a team of trained, experienced cybersecurity experts that watch that for our clients. Not only do we bring to bear, you know, first-class, first-in-class technology, that's extremely scalable. Um, we bring to bear the people cause it's always about, you know, the people and the, and the technology working in conjunction with each other to solve the business problem in this case, this is problem is, is, is finding the attacks and then mitigating or remediating the attack.

Speaker 2:

Right? And so in some way, I'll just tell me if this is fair. Um, the, the kind of expertise level that may be a JP Morgan chase or a bank of America can, um, afford to have on air, uh, staff, um, you're able to bring that same level of expertise, um, to your, to your clients that are in this kind of 200 million to 20 billion assets range and, uh, and let them have access to that expertise through what defense storm brings to the table.

Speaker 3:

Yeah. So, so a concrete example for you just to kind of underpin what you just said, you know, you and I are running a$200 million bank and just for people who aren't familiar with banking, you know, you're talking about a small, medium sized business at the end of the day. Um, you might have probably 25 employees, maybe 30 employees at this bank. And Oh, by the way, let's just go ahead and let's look at our bank, uh, in a very rural part of the middle of America. Um, you're probably two and a half to three hours from the closest major metropolitan area. It's not, you've got to try and consolidate all this information into one place, so you can analyze it and then have somebody that can look at it and understand it. And oftentimes, you know, these small community banks that were, that were that you and I are fictitiously running at the moment, you've got one person that's running all of it, that's doing the help desk, that's installing software everything. And there's not enough time. There's not enough hours of the day, not to mention that you probably have a hard time finding somebody. That's got the expertise to understand what the attack is and how to go about remediating and or mitigating it. So we bring that expertise. We're able to consolidate that expertise, uh, draw upon because we're located in major Metro areas and, and draw upon, um, you know, basically nationally to bring in cyber security experts that watch all of this data for our clients.

Speaker 2:

That's and

Speaker 3:

The cool, the cool thing about our applications, because it's, it's, it's a, it's a, a SAS based a web based application, you know, uh, you know, in our, if you go through and you read our marketing and sales literature, you'll see us as true managed in there. And what we mean by co-managed is that, you know, I'll call it a white box application, the application that you, that, that you see, quote, unquote, deployed into your environment, you have access to. In fact, we always see 1% of our customer base where they not only are, you know, we're, so we're using it for cyber security, their turnaround, and leveraging it on the information technology, the it side of the house, but they're able to also see everything that we're doing in the application. So we're really working as a combined team, you know, um, in, in the military we have a term called force multiplier, you know, and that's what we are. So where that one person, it, that one, that one, one person it shop, um, can now go back to focusing on, you know, doing their day-to-day job for running the it shop and let us handle the cyber security piece, but we're still working together at with them. And, and when I meet with our clients, I tell them, you know, the best way to get the most, um, bang for the buck of our subscription is to embrace us as part of that team, is this just to pretend that, you know, they have just onboarded a new person in their it department that runs cybersecurity and to, and to keep us involved with them, everything from, you know, we meet, we typically meet with our clients on a weekly or bimonthly basis and go through it and, you know, any changes to the network, anything coming down and get updates from them. And we tell them at that point in time, this is what we've seen over the past week. Um, so we're highly engaged with our clients and we don't see that in a lot of other offerings. Yeah.

Speaker 2:

And I'm sure that has been, um, a huge value recognition or just over just something in just the last three or four months as these, uh, you know, community banks have just been all hands on deck trying to push out, uh, these paycheck protection loans, uh, as an example, I mean, I just thought the community bankers I've, I've had a chance to spend some time talking to over the last three or four months. It's just, um, it just seems like they've been working day and night to address that loan volume and, uh, and kind of knowing partners like you, or kind of watching their back, um, as they've been rolling that out on, my imaginings has been hugely valuable to them.

Speaker 3:

Well, not only, not only that, um, but really, uh, also from the standpoint of that, they've had to shift how they do business on a day-to-day basis. So, you know, up until, you know, the third quarter of last year, fourth quarter of last year, you know, all of their systems for the most part were all internal systems. And then all of a sudden, all their employees worked internally to the, the physical locations save for maybe a handful of loan officers or, you know, execs that had laptops. And we were doing business either outside of the organization or from home, et cetera. And then almost overnight, they had to go to a distributed workforce, issuing laptops and rethinking about how they do security, VPNs, et cetera. Right. And so, and so we were there, you know, so, um, you know, all those systems sending in log data to us and then analyze it and watch and make sure that nothing was going awry or miss for them.

Speaker 2:

Right. So just in a, in the transitioning of that work force, the number of end points have it kind of multiplied very quickly and that's created, um, a greater, um, kind of set of potential vulnerabilities that have needed to be managed. Uh, and that, uh, and then I'm just imagining that because of the service you've offered, are you able to be kind of able to quickly scale to that and respond to that change in their profile?

Speaker 3:

Yeah. And, you know, just kind of, you know, one of the, one of the things that has helped facilitate that was one of our early tenants on how we go about doing business. And I remember back when I was at main street, financial corporation is the chief technology officer and reviewing vendor proposals for new technology systems. And oftentimes it was, you know, based on amount of data or based on, you know, something that I would have to forward predict over the next three to five years of the life of the contract to get the number right. And what we don't do, we don't, we don't prompt like that. We price on an asset based model. Um, and so, you know, the idea there is that we don't want any dark corners in the network. As soon as all your data, we built a system that was scale. We want all the data we price based on your assets, so you can forward predict. So when applying that model to, when they had to, you know, all of a sudden by all these laptops and farm there and distribute their workforce, all they needed to do was put the agent on and didn't have to worry about, okay, well, I'm not going to increase in either the number of endpoints I increased the amount of data. They didn't have to worry about any of that. They just had to worry about configuring their workforce and knowing that we would have their cybersecurity back.

Speaker 2:

Yeah, that's great. That's really, that's interesting to me like how the model really encourages them to, to, to be as practical as possible.

Speaker 3:

Yeah. That that's resonated extremely well. The fact that we are focused on financial services has resonated extremely well. And the fact that we bring experienced trained professionals to bear on their data has resonated extremely well. Yeah. Actually I do have a question.

Speaker 4:

So you guys have any specific organizational goals for the back half of this year,

Speaker 3:

Organizational goals or Yama from technology or from how we're gonna grow the organization technology. Now, the biggest thing we're focusing on right now from a pro promo product roadmap, um, would be on what we're calling active compliance 2.0, which is, you know, kind of, you look at, uh, the three legs of a stool. There's the cyber security, there's the people. And then there's the compliance aspect of it. And that's a feature set that we are rolling out now, um, that we're really excited about. Um, and that'll, that'll probably consume the, the, the most part of this next, um, you know, second into third quarter,

Speaker 2:

Michael, I'm just curious, like, as you're listening to DJ talk about their company, is anything, um, kind of resonating for you in terms of what you've been learning in your experiences with EWI AWS?

Speaker 4:

Oh, definitely. I think there's a need for better security, especially in the cloud.

Speaker 2:

Yeah. Cool.

Speaker 3:

Yeah. And that was one of the challenges that we faced early on was, you know, because we are a SAS based application, AWS based, um, was, and I'm going back, you know, six years ago now, five years, five and a half years ago. Um, I don't want to put any of my data in the cloud. Cloud's not secure cause not safe. And so, you know, we had to work through that now it's almost, it's a, non-starter, nobody was even thinking about it. And I've seen a big shift, not only with our clients, but within the industry currently it's, I'll call it a hybrid model where they're still ground-based, but there's more cloud-based stuff. Typically what I'm seeing is, is, um, get exchange Microsoft exchange out of the four walls and put exchange out. So two or three 65. Um, but we're also seeing a lot of penetration into, uh, both Azure and AWS as they move their on-prem workloads out of the four walls and up into the cloud just to gain those efficiencies and cost savings. Yeah.

Speaker 2:

It's been very exciting for me to see, um, banks of small, medium, large, all beginning to get more comfortable and moving more applications and to, into cloud environments, um, and just a variety of different, uh, possibilities that begins to unlock, uh, from a, um, you know, creating new applications, taking advantage of new capabilities for customers. Um, it's really exciting to see that happening in the, in the industry.

Speaker 4:

Great.

Speaker 2:

I want to move towards hearing each of you FinTech related news. That's caught your attention in the last week. Uh, let me start with you, Michael, what FinTech news has caught your attention?

Speaker 4:

So two bits of news that really caught my eye, um, the first one was demos, actually creating a business profiles feature for small and mid businesses to actually create a robust presence on yet. The second was how Goldman Sachs actually saw a$20 billion growth, very similar to positive.

Speaker 2:

Yeah, the, uh, the Goldman Sachs news had caught my attention as well that they had, they just yesterday had reported their, um, Q2, um, financial information and that they had come up to$92 billion in, um, assets or, or deposits posit. Sorry. And that was a$20 billion increase, uh, over the period of the, um, of the, uh, since the outbreak of the pen. And, um, and then I'd written down that they were around 250 billion in consumer revenue in the, in the quarter. Um, that was cool to hear. How about you DJ? Any news catch your eye?

Speaker 3:

Yeah, uh, uh, probably the biggest thing that I saw and I don't know, maybe I'm a little bias towards it because it's one of our customers was the NCO, um, uh, uh, initial public offering and you know, what a great success story that they've got, um, a Young's company that does some great things, um, and finding, um, how banks initially do do, um, do mortgages and loans and then, you know, cascading out from there. But, uh, stock is looking really strong. Um, you know, initially they, they plan to go out at 31 and they opened at 71 a share. And, uh, you know, when I looked this morning, they were still trading up trading really strong, uh, expect to see nothing but great things coming out of that company from here into the future.

Speaker 2:

Yeah. That, um, I'm a huge Encino fan, uh, and was so excited to see them have that successful IPO on NASDAQ. Um, earlier this week, um, I've had a chance, uh, to meet, um, Pierre and chip Mahan and, and, uh, and Neil Underwood. And, um, when I was at Accenture and my FinTech role at Accenture and Siena was a huge partner of ours and are still is of partnering with centers. And, um, that just a great, great partnership, great business relationship. Yeah.

Speaker 3:

Yeah. Keying off of some of the, some of the discussion we had earlier about how, just how small of an industry it is and how tight knit everybody is, you know, that's a, that's another one of the[inaudible], um, you know, in group, you know, both Pierre, uh, chip Neil and others were all at[inaudible]. Mm

Speaker 2:

Hmm. Yeah. I love that. Well, um, I'm going to need to wrap things up here, but wanna, thank you, DJ and Michael, for being part of the podcast this week. I hope you'll both return and, um, wish a wish you both look and look forward to seeing, um, the, what I'm sure will be great future success of 10 store.

Speaker 3:

Yeah. Tommy, thank you very much. Really appreciate you giving us the opportunity to talk about FinTech and about defense room of tickler,

Speaker 1:

Georgia FinTech Academy podcasts are available on iTunes and Spotify to obtain additional information about the Georgia FinTech Academy. Please visit our website@georgiafintechacademy.org.