Jim Connell, Chief Information Officer of Sierra Pacific Mortgage, says changes in his industry and escalating online threats make it mission-critical that his organization employ a vCISO to handle its cybersecurity. A vCISO (often pronounced “v-SEE-so”) is a virtual Chief Information Security Officer, and has become an important position in the cybersecurity industry.
As Sierra Pacific‘s vCISO, Quest’s Joe Hagerty takes a C-suite-level responsibility for the organization’s entire security position. As the word “virtual” in the title implies, he is able to do so while saving Sierra Pacific the sizable expense of hiring an in-house CISO. While working as an employee of Quest, Hagerty is able to help Connell deliver fortified IT security thanks to an agreement in which he devotes two days a week to Sierra Pacific and essentially provides 24/7 emergency availability.
Connell says Sierra Pacific needs a partner with executive security experience partly because of increasingly strict governmental oversight. In the wake of the 2008 mortgage crisis that helped trigger the Great Recession, new federal and state regulations changed fundamental elements of his company’s workflow. In today’s mortgage industry, there are countless reports that need to be sent to various agencies, numerous Internet audits, and—most importantly—tightened security requirements.
Cybersecurity now sits at the core of Sierra Pacific’s essential business. Because his company manages hundreds of millions of dollars and has detailed financial information about tens of thousands of individuals, it is a prime target for cyber criminals. “And over the past decade, as we all know, cyber crime has exploded,” Connell says.
Connell, who has been an IT director and senior project manager for more than two decades, witnessed the evolution of cyber criminals first hand. “First there were the ‘hackers’—vandals who just enjoyed breaking into networks,” he says. “Then the solo criminals showed up, and then teams in garages. Now there are state actors—nations funding institutions that work out of office buildings filled with experts in specific roles.”
“Obviously if something goes bad with your IT security, that’s a red-alert emergency,” Connell says. “We recognized early on that we did not have the skill sets or tools to tackle that challenge. That’s why we formed our partnership with Quest.”
Quest helped Sierra Pacific build an in-depth security model with layers of defenses, including multiple firewalls. Quest installed protections such as multi-factor authentication throughout the operation and helped the entire team develop defensive protocols.
All of this paid off in 2017, Connell says, when the security team discovered that bad actors had broken into Sierra Pacific’s email server and had begun forwarding emails to offshore accounts.
“Joe and the Quest team were able to stop the attack quickly and remediate the issue without any financial losses to any of our customers,” Connell says.
To ensure that consumers are protected from such attacks, the 49 states where Sierra Pacific operates each have their own set of security auditing and reporting requirements, which Quest helps the organization navigate.
“We are not just checking boxes“ Connell says. “We are being prudent by protecting our business and our customers. And it’s important to us that our partners have top-down integrity.”