Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

5 minutes with Nick McKenzie - The state of cybersecurity in financial services

By Maria Henriquez
5mw McKenzie
August 23, 2021

Bugcrowd’s Group Chief Information & Security Officer Nick McKenzie, who oversees all aspects of the company’s information technology and security strategy, architecture, operations and governance, discusses the top cybersecurity challenges facing financial institutions.

 

Security: What is your background? What is your current role and responsibilities? 

McKenzie: I recently started my new role at Bugcrowd as Group Chief Information (CIO) & Security Officer (CSO) in April and (interestingly enough) came in as a Bugcrowd customer from the banking industry! I’m loving the change.

My role wears three hats - running enterprise technology and the cybersecurity function globally and as the General Manager for APAC.

Prior to this role, I have held cybersecurity leadership positions for the past 20 years, most recently being the former Executive General Manager and Chief Security Officer at National Australia Bank (NAB), one of Australia’s four largest financial institutions. At NAB, I oversaw the enterprise security portfolio, including cyber, physical security, architecture, partnerships and ventures, and operational fraud capabilities to protect customers and employees, support business growth and enable an operationally resilient bank. I’ve also worked in various IT Risk and Cybersecurity leadership roles at Standard Chartered Bank, J.P. Morgan, and the Union Bank of Switzerland (UBS) while serving as an advisory board member for Google, Amazon Web Services and Digital Shadows. 

 

Security: What are the top cybersecurity challenges facing financial institutions? 

McKenzie: Growing and retaining internal capability and talent, protecting customer data from attacks and fraud, fostering external public and private partnerships while establishing a more frictionless cybersecurity experience for both customers and staff is top of mind at financial institutions. This is all against a backdrop spurred by the pandemic where internal and external fraud is increasing, technology regulatory mandates are compounding, and organized crime groups and nation-states have constant bulls-eyes on these companies’ backs due to the data they hold. It’s a true perfect storm for financial institutions right now, quite apocalyptic juggling all these risk verticals, so I tip my hat every day to the CSO/CISO’s and security teams living through such dynamics.

 

Security: How does that differ from 1-2 years ago? 

McKenzie: The perennial dilemma faced is that blue cables have now become largely obsolete and rapid digitization agendas with new work from home (WFH) norms have accelerated sprawl and pace. The traditional controls you would expect to invest in and focus on years ago have been thrown out the door. Cyber strategies need to adapt to this change in the threat landscape quickly.

As the digital attack surface and remote access channels spun out of control in this cloud-operated world we now live in, threat actors are increasingly targeting organizations’ weakest links—from WFH users to 3rd party supply chains. The digital rush to enable the business or staff also leads to basic design control failures, sometimes caused via ‘security shortcuts’ or trade-offs made with the businesses to get them moving. This has further opened the door to enterprise-wide destructive cyberattacks - the kind you read about pretty much every week these days, it seems. To mitigate these risks, organizations must adopt new educational tools, technical solutions, and business strategies. 

 

Security: How can crowdsourced security help financial organizations solve these issues? 

McKenzie: At its core, cybersecurity is principally a human problem - it requires a diversity of intelligence to uncover and troubleshoot security issues in technology, and (on the flip side of the coin) it requires fixes, trade-offs, or ‘bumps’ in the changes of behavior of the people who interact with or design the technology on a daily basis.

While all banks and financial institutions traditionally have a plethora of security tools and technologies that pick up some ‘known’ issues or exposures in systems or code, these tools simply lack human ingenuity and diverse thinking. There is a lack in the ability to continuously learn, understand and navigate laterally across multiple business processes, infrastructure, or application logic flows like a motivated threat actor would. This is where you unearth all the high-value findings that will ultimately protect against further exposures to the organization and its customers. This is where connecting to the researcher community, and crowdsourced security models come into play.

To meet the challenges mentioned above, financial institutions need a ‘human’ force multiplier for their security strategy that allows them to leverage (en masse) highly skilled security professionals, extensible technology and actionable cybersecurity intelligence to keep employees and customers secure. That is why organizations are increasingly adopting crowdsourced security programs, such as bug bounty programs or vulnerability disclosure programs (VDPs). By making crowdsourced security programs an integral component of their security posture, financial organizations can ditch the ‘one-size fits all’ perspective in favor of a layered security approach with continuous access to skilled security professionals tailored to fit their needs. 

 

Security: What does it take to be an exceptional security researcher, and what qualities do they need to succeed? 

McKenzie: Researchers play a tremendous role in the success of any security program. They must understand tech stacks front to back to identify vulnerabilities, but most importantly, they must be able to think differently and go outside the box - thinking multiple control steps ahead. To be an exceptional security researcher, they also must be willing to adapt and learn continuously, including learnings around the non-technical and business processes side (e.g., how does a particular company or industry vertical operate, which systems are traditionally used and interface with one another, which business processes chain together, and so on). With an ever-changing technology landscape, researchers must constantly keep educating themselves with new tools, business acumen and cybersecurity concerns specific to particular industries. This can be done by taking advantage of offers for individuals or organizations to gain access to knowledge sharing and the co-creation of security resources. Naturally, this encourages more creativity and helps organizations arrive at solutions to their problems sooner.   

KEYWORDS: cyber security financial services governance risk risk management security management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Unlock the future of cybersecurity news with Security.
As a leader in enterprise security, we have you covered with the information to keep you ahead of the curve.

JOIN TODAY

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • 5 minutes with Waskelis

    5 minutes with Todd Waskelis - Cybersecurity consulting during the pandemic

    See More
  • 5 minutes with Jain

    5 minutes with Vishal Jain - Navigating cybersecurity in a hybrid work environment

    See More
  • 5mw Heywood

    5 minutes with Nick Heywood - Security considerations for the hybrid workplace

    See More

Events

View AllSubmit An Event
  • July 17, 2025

    Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

    From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!