Hung Lee – Kasasa
- Written by: Mary Raitt Jordan
- Produced by: Dave Gushee
- Estimated reading time: 4 mins
It’s a different lens Hung Lee looks through when he thinks about information security.
As chief information security officer for financial technology and marketing services firm Kasasa, he likens his approach to an orchestra: Sometimes the section of development initiatives needs a bold entrance with greater fortissimo, while security needs the subtlety of pianissimo. Not everyone plays the same instrument, but they all have to make music together.
When Lee joined the Austin, Texas-based fintech company in March 2019, his focus was synthesizing what he viewed as disparate functions.
“My priority was to bring the organization’s development, security and operations teams into closer alignment in order to protect our customers and consumer data, and infuse security into our product portfolio,” Lee says. “The goal was to help departments go beyond coexisting—sharing strategies and information only when necessary to working—to coalescing as a single unit.”
Adopting a customer-centric approach
Founded in 2003, Kasasa serves the marketing needs of the financial industry with branded products such as rewards-based checking accounts, ATM fee refunds, no monthly service fees and higher returns on interest-bearing accounts. With nearly 500 employees, Kasasa won seven marketing awards in 2019 and was recognized by organizations such as American Bankers Association, Austin Business Journal, and the International Data Corporation (IDC).
Kasasa prides itself on its ability to create raving customers. To exceed customers’ ever-rising security expectations, Lee believed the security program needed to pivot and adopt the same customer-centric approach toward external and internal customers.
Having previously worked for HP where he audited IT in security departments, Lee set to work rebranding the company’s security program. Key to his approach, he says, was being a “builder,” to make security better, not a “maintainer,” who accepts the status quo.
Building partnerships throughout the business included holding 23 one-on-one meetings in Lee’s first two weeks.
“Those early conversations enabled key stakeholders to better understand who I am and what my philosophies are so that we can share the overall security vision,” he says.
Lee believes that building trust and a great team serve as the foundation for everything.
To that end, Lee attributes the core components of his leadership style to books such as “Good to Great” and “Built to Last” by James C. Collins, a researcher of business management, company sustainability and growth. Another top pick was “Leaders Eat Last” by Simon Sinek that looked at why some teams pull together and others don’t.
“Leading Security teams with a ‘just cause’ of protecting people from cybercriminals is an idealistic maxim that everyone can share and buy into,” Lee says. “Our customers trust us with their most cherished asset, their consumer data, and protecting that data from imminent danger is a noble mission to wake up for every morning.”
Separate from the social-capital component, Lee set about consolidating security tools.
“It’s a very common problem in tech organizations—a weird belief— that you have to stick with the hardware and software you inherit,” Lee says. “Eliminating unused and redundant products saved more than $100,000 in six months.”
The role isn’t lacking for nuts-and-bolts projects such as leading privacy compliance efforts, managing budgets and service portfolios, coordinating penetration tests—Lee handles it all with the support of his growing team of security professionals and vendors.
That’s included rolling out a corporate security and awareness training program, which has cut down the click-through rate of simulated phishing attacks to single digits, as well as a rollout of AWS’ native security suite to fortify and achieve newfound attack visibility in Kasasa’s SaaS platform.
Having the courage to say ‘yes’
In a funny twist to Lee’s story, he actually interviewed for Kasasa’s CISO role in 2017.
“After an hour interviewing, I didn’t feel I was ready and withdrew myself. That was a big mistake,” Lee says. “If I had had the courage to proceed, I could’ve jumped in and built Kasasa security from the ground up. Lesson learned.”
To Lee, he had the credentials, but the timing wasn’t right.
With a bachelor’s degree in business administration/management information systems from the University of Texas at Austin – McCombs School of Business in 2002, he went on to successfully work at companies such as Deloitte as an enterprise risk services (ERS) consultant in 2004 and Indeed.com as information security manager in 2012.
He was also a member of the Forbes Technology Council and had certifications with the EC-Council and ISACA, a non-profit association focused on information security, risk management and governance.
But Kasasa never forgot him. When the prior CISO departed in 2018, Kasasa’s CTO invited Lee to lunch. He was ready.
Lee says the legacy that he leaves behind is most significant to him. His plan is to work in three-year cycles to help companies achieve success—and move on to his next adventure.
“It’s all about my work as a mentor and coach,” Lee says. “Growing and developing the next generation of leaders is highly fulfilling for me.”
Showcase your feature on your website with a custom “As Featured in Toggle” badge that links directly to your article!
Copy and paste this script into your page coding (ideally right before the closing