Mark Rhodes-Ousley – Fremont Bank
- Written by: David Harry
- Produced by: Victor Martins & Andrew Melson
- Estimated reading time: 4 mins
If it seems stories about ransomware and cyberattacks are never ending, there’s a good reason for it.
According to the FBI, there were more than 847,000 cybercrime complaints in 2021, a 7 percent increase from the nearly 792,000 such complaints in 2020. The cost of cyber scams, such as extortion, identity theft and data breaches, increased from $4.2 billion in 2020 to $6.9 billion in 2021.
The pace hasn’t slowed in the first months of 2022. As the Firewall Times reports, the hacker group Lapsus$ breached Microsoft as well as Okta, an authentication company. Hackers also broke into Crypto.com, stealing $18 million in bitcoin and $15 million in Ethereum cryptocurrencies. The attack affected almost 500 accounts, although Crypto.com reported it had reimbursed theft victims.
So, there’s plenty to occupy Mark Rhodes-Ousley, who’s made a career of cybersecurity for nearly 30 years and is senior vice president and chief information security officer for Fremont Bank in Northern California. The author of two books on cybersecurity and information security, Rhodes-Ousley is helping the bank safely navigate to the cloud.
“I see people getting scammed and it bothers me,” he says. “Spreading the word is the best way to go about stopping that from happening. If I can help one person to recognize and avoid a scam, that’s a win.”
Headquartered in Fremont, California, a city bordering San Jose, Fremont Bank was founded in 1964. It has branches in San Jose, Monterey, Mountain View, Walnut Creek, Concord and San Francisco.
“Fremont Bank is known for being community-minded and helping its clients,” says Rhodes-Ousley, who joined the bank in 2012. “I’m known for visiting business clients and working through security breaches they’ve had. Not many banks do that and it’s, in part, why I landed here.”
He says cloud migrations can cause anxiety because they do require IT departments to give up control of the on-premises network and IT infrastructure.
However, the loss of control for managing systems and IT infrastructure is offset by reduced costs for hardware. Plus, major cloud providers such as Amazon, Microsoft, IBM and Google offer better cybersecurity tools than most companies can afford on their own. Those tools are also routinely upgraded as new threats emerge.
“You’re essentially renting someone else’s computer,” Rhodes-Ousley says. “But the cloud can be much easier to secure than a data center. It also lends a level of affordability.”
Ask the experts
When considering the cloud or homegrown cybersecurity efforts, Rhodes-Ousley prefers to bring in third-party expertise to analyze the approach and find solutions.
He’s turned to The Soter Group, an Arlington, Virginia-based company, known for supporting key federal government cybersecurity programs, both technical and non-technical. It also provides objective federal and cybersecurity market research and consulting services to the private sector.
Rhodes-Ousley began working with The Soter Group while collaborating with a federal government program known as Cyber APEX, whose mission was to rapidly design, develop and protype cybersecurity technologies to solve outstanding security concerns identified by the financial sector.
He and others in the collaboration relied on The Soter Group team for market research and emerging technology recommendations. When it came to Fremont Bank’s cloud migration, Rhodes-Ousley turned to them again.
“They do the research and come back with really good, quality answers,” he says. “It’s important to me not to solely rely on internal expertise and staff.”
Rhodes-Ousley also works with Optiv, a cyber advisory and solutions leader, to provide him with technology and managed services for cybersecurity programs and policies on premises. He’s worked with Optiv for 15 years and says the company has not only provided technology at affordable prices but has also provided highly skilled engineers to help with installations.
At Fremont Bank—and at other banks if asked—Rhodes-Ousley teaches employees about current scams. He also leads regular phishing tests at Fremont Bank, saying it’s human nature for people to open messages that look urgent and seem to be from someone familiar.
“This is how breaches start,” he says. “People need to stop, think and check.”
Rhodes-Ousley wrote “Network Security: The Complete Reference” in 2003 and a second edition, “Information Security: The Complete Reference,” in 2012 to help others in his profession.
“Information security is different than other fields because we’re not in competition with each other,” he says. “Our adversaries are sophisticated and well-funded. The more we professionals collaborate, the stronger we are.”
A native of Southern California, he earned his bachelor’s degree in applied mathematics from the University of California San Diego in 1991. He got his start in cybersecurity in 1994 while serving as a senior consultant helping build the network connecting county government offices in Santa Clara County.
In doing so, he also linked county libraries to the internet and built a firewall to protect the system from hackers at a time when firewalls were not commonly available commercially. It piqued his interest in cybersecurity and redirected his career.
In the ensuing years, Rhodes-Ousley consulted on information and cybersecurity for companies including Hitachi Data Systems, Sun Microsystems, Merrill Lynch (and its acquired companies, including First Franklin) and SunPower Corp. He earned his Certified Information Systems Security Professional credential in 2003.
“Cybersecurity isn’t all about technology,” Rhodes-Ousley says. “You have to be able to write policy and speak to people. There’s no particular skillset needed to get into it—you just need to have interest and ability to learn because it’s so diverse.”
View this feature in the Summer I 2022 Edition here.
Showcase your feature on your website with a custom “As Featured in Toggle” badge that links directly to your article!
Copy and paste this script into your page coding (ideally right before the closing