MES IT Security Advisory Board member Janet Stone discusses her day-to-day work with one of the nation’s largest insurance companies as well as the challenges she faces in keeping her company safe and secure.
An expert in IT, Janet Stone’s resume includes projects with the U.S. Air Force, Naval Space and Warfare, Boeing, and the Washington University School of Medicine. Today, Stone works as the lead program/project manager, business risks and controls for USAA, where she dedicates her talents to cryptology, IT strategy, and overseas projects in digital, social, treasury, and actuarial spaces.
Stone is no stranger to the Midsize Enterprise Summit: IT Security event, but now she’s added to her plate as a new member of the event’s Advisory Board.
Stone sat down with The Channel Company recently to give some insight into her work at USAA and the biggest challenges she faces in an industry constantly under attack by cyber threats.
How has IT impacted your company/industry up to this point, and how would you like to see it develop in this field in the future?
USAA receives about 200,000 intrusion attempts a day (yes, we are a big target); therefore, it is imperative that we stay proactive and innovative when it comes to security. We are constantly looking for bleeding-edge technologies and are not afraid to be early adopters if it will allow us a measure of protection for our members and the company as a whole.
What challenges do you face in your role when it comes to IT?
In the past, testing and controls were an afterthought and was the perpetual sacrifice when it came to saving time or schedule on projects. Now that USAA has become 100% agile, there is a lot more built-in quality, more attention to controls and increased rigor surrounding security with hardening of code prior to release from the runway into the production environment.
What do you believe is the most important aspect of IT impacting your role today?
Ensuring that business writes appropriate controls for their processes when it comes to business continuity, and working closely with IT on knowledge transfer of thresholds, failures, and access rights.
Where are you investing your IT dollars this year, and/or what projects are you working on?
USAA has a main pillar this year of being a compliant company. That means that we must adhere to all laws and regulations pertaining to a bank, insurance and security company of our size. In addition, we have to prove substantial audit tracking and protection of our member data along with effective intrusion, detection, and correction of any data breach attempts.
How has this changed from previous years?
Due to increased regulatory scrutiny, USAA has increased their security budget by 40%, and placed a lot more visibility and man power on ensuring a heightened secure environment for our assets and member data.
What IT goals do you hope to reach in the near future that you may not be pursuing right now?
We have a lot of innovative projects that we would like to pilot in the industry that are temporarily on hold due to the redirection of priorities
What advice would you share with midmarket CIOs and other IT leaders?
Lessons learned from quick turnaround from IT-centric to more security IT-centric development experience growing from a midsize company to a large company with increased regulatory and security controls.
Why did you get involved in MES?
Have been involved for years. I love seeing new products in the marketplace, having one-on-one conversations with the vendors (I don’t usually get that) to see if their product might be a good fit. I am also able to make contacts with other industry leader in IT which has been very valuable since a lot of them can tell me about some of the products they have used along with the pluses and negatives.
Any final thoughts you’d like to share?
I find a lot of value in the meetings [at MES] and I am very happy to see one devoted strictly to IT security due to its critical need in the IT field.