Holly Ridgeway has not only cultivated a diverse and impressive résumé of her own cybersecurity experience in the government, law enforcement and consulting, as well as the financial industry, but she has also put together an equally diverse IT security team at Citizens Bank.
As the chief security officer and executive vice president of Providence, Rhode Island-headquartered Citizens Bank, with more than $227 billion in assets for more than five years, Ridgeway has brought to her role nearly a quarter century of experience (since 1998) working in IT security for the FBI, the Department of Justice, as well as PNC Bank, and as a consultant with Mandiant.
The skillset she brings to Citizens Bank is particularly relevant, as more bad actors and cybercrime syndicates that previously attacked government and law enforcement targets, are increasingly aiming their scams at big banks — in order to make a political statement, and potentially refill their coffers.
“Government intelligence, law enforcement and banking are the highest targeted areas,” Ridgeway said. “Being in the law enforcement and intelligence communities years ago has provided me with a very strong baseline into what we’re seeing the financial industry now.”
Having helped establish and run the DoJ cyber defense center, among other accomplishments, Ridgeway has gained a critical and experienced view of how cybercriminals operate. But, perhaps even more important, she has developed an appreciation and respect for the input of individuals who are not as well-versed in banking IT security, as she sees their input as a key component to developing security systems and architectures that incorporate the outsider view.
Having worked with the former Citizens Bank chief information officer Mary Ellen Baker at PNC Bank (who retired last month), Ridgeway was recruited by Baker at Citizens to “help mature" the bank’s IT security program. Like Baker, Ridgeway shared a similar philosophy of being proactive in the bank’s cybersecurity stance, creating a diverse team, and looking to talent as well as years in the field. Case in point: When Citizens Bank recently acquired another bank, Ridgeway spotted another female leader in the other bank’s IT security team, whom she recognized as a “high performer.” As a result, Ridgeway promoted this other IT security professional and put her in charge of all the bank’s security acquisitions.
“Security has so drastically changed in the past 20-plus years,” Ridgeway said. “We can’t just hit one area... to successfully establish a security posture.” Instead, Ridgeway said that her team draws strength from the fact that its various members have come up through compliance, IT, lines of business and policy, creating a more diverse set of viewpoints from which they can create new security plans and procedures.
“Everyone comes to security from a different pathway,” Ridgeway said, adding that cybersecurity has only been recognized as a significant concern within the past couple of decades.
In particular, the Mandiant consulting work was “really interesting, [it allowed me] to gain knowledge of many different sectors globally.”