Dr. Trebor Z. Evans – Dollar Bank

Any chief information security officer who believes he or she can ease up on the job ought to think again. So reminds Dr. Trebor Z. Evans, who makes a mission out of securing data while enabling the business operations at the Pittsburgh-based Dollar Bank.

“You can’t be too comfortable for a moment,” the ever-businesslike Evans tells Toggle in November. “In the time it takes for you to sit down, someone could have invaded your networks.”

That hasn’t happened on Evans’ watch, although someone has likely tried. For while Dollar Bank may not be international, it still is an $8 billion operation as well as one of the nation’s largest mutual savings institutions. Needless to say, its money is just as green as what’s found in the vaults anywhere else.

The smaller banks may even be targeted more than the industry heavyweights, Evans warns, explaining that hackers assume such institutions lack sophisticated security systems. With the shift to online banking having put ever more data into cyberspace—and increasingly sensitive data at that—Evans reiterates the need for the kind of nonstop vigilance that seems in his DNA.

“I’m not happy unless I’m stressed,” he says. “And the duties of a CISO keep me happy.”

Happy days

That said, Evans has done much to mitigate the stress of his dual roles as CISO and senior vice president.

On the security front, Evans has ensured efficiency through a risk-based approach that prioritizes areas in need of the most stringent precautions. Only he’s not about to be too descriptive, almost sounding like a lawyer honoring a client’s need for utmost confidentiality.

“We’re very proactive about info-security, but I can’t get into details,” Evans says. “Suffice to say, we try to prevent hacking through due diligence, risk-management and our overall cyber posture. Any time a good CISO hears about what happened at Equifax, LinkedIn or Home Depot, he or she will look at the situation and see what can be learned, not only about the root cause of the breach but how the company behaved afterward.”

Not so well in the case of Equifax, whose 2017 breach exposed the vital data of, at last count, nearly 150 million Americans. The consumer credit reporting agency waited six weeks to disclose the hacking, and the Government Accountability Office recently traced the vulnerability to a single internet-facing web server with out-of-date software that left information exposed for 76 days.

That IT crew at Equifax—and those of many other companies that suffered a similar embarrassment—might be well-advised to enroll in one of the many online courses Evans teaches through Southern New Hampshire University.

Making the grade

An adjunct professor at the Manchester, N.H., school since early 2011, Evans recently was approved for SNHU’s new master’s program in cybersecurity. His undergraduate and graduate-level courses would seem to touch upon all areas that should be of concern to a CISO: Incident Detection and Response, Cybersecurity Capstone, Information Technology, Advanced Information Technology, Management of Information Technology, Human Factors in Security, Cyberlaw and Ethics, and more.

But intense as that subject matter is on security, Evans reminds that his role encompasses other areas. An IT professional can’t be siloed and reach his or her potential.

“It’s one of my mottos: I securely enable the business,” says Evans, who recently was honored by the Pittsburgh Technology Council as 2018 CISO of the Year in the Gigabyte Division. “While it’s natural for a CISO to focus on the security aspect of that statement, I try to remember that I’m here to enable the business, but have to do so securely.”

That includes avoiding becoming a “Department of No.” More specifically, it means being able to identify a risk to another department’s intentions and providing the means to lessen the chances of something going awry. And Evans’ opportunities for input are indeed expanding.

While his educational background includes a BS in info-tech and an MBA in business administration from South University, a Master’s certificate in project management from the University of Pittsburgh, and a doctorate in instructional management and leadership from Robert Morris University, Evans admits to being short on the accounting expertise so necessary to advance in banking.

But how that’s changing, with Dollar Bank covering Evans’ tuition at the Pennsylvania Bankers Association Advanced School of Banking, a three-year program that he expects to complete in 2019.

A worthy investment in a man who figures to be among the most vital cogs at Dollar Bank. For Evans has acquitted himself well in multiple roles since joining the bank in 2012 as an assistant vice president in what would become the cybersecurity department, ascending to CISO three years later and having the senior VP title added to his letterhead in early 2017.

It’s one intense curriculum at the Advanced School of Banking, explains Evans, who has to balance it among his Dollar Bank and SNHU responsibilities, as well as extracurricular activities that include serving on collegiate advisory boards and past volunteering with the therapy dog teams at a nursing home and the University of Pittsburgh.

By the time he scores that prestigious certificate from the Advanced School of Banking, Evans will have sat through classroom lectures, done summer residencies, completed intensive quarterly assignments and applied the lessons at Dollar Bank. Such a schedule would seem to allow little time for relaxing, but as Evans reminds, that should never be in a CISO’s job description.

“Any CISO who believes it’s time to relax should probably end their journey in that role,” he advises. “The wrong kind of people take notice.”