Cultivating a Mission-Driven Security Mindset

JPMorgan Chase’s Chief Information Security Officer (CISO) talks about cybersecurity’s pivotal role in safeguarding the largest financial institution in the United States.

Written by Olivia McClure
Published on Nov. 07, 2023
Brand Studio Logo

Roughly 80 million U.S. customers bank with JPMorgan Chase and rely on the firm to protect trillions of dollars in payments every day. 

Providing best-in-class cybersecurity protection is no small task. Pat Opet, the firm’s global CISO and Head of Cybersecurity and Technology Controls (CTC), leads a focused and committed team of nearly 2,500 professionals worldwide. The team owns the strategy, design, development, and deployment of the firm’s defensive systems and technology controls. Every day, each professional helps to protect the bank and its customers, and ultimately the world economy.

 

JPMorgan Chase’s CTC team at work. 
JPMorgan Chase

 

The team protects JPMorgan Chase’s customers, clients, and employees by analyzing and monitoring the threat landscape, such as identifying a critical vulnerability on the internet or the techniques a cyber threat actor could use to attack the firm. This information is used to ensure there are multiple layers of controls in place to prevent a cybersecurity incident. The threat landscape constantly shifts, and our teams respond by building and deploying new technology solutions, including artificial intelligence, to stay ahead of the evolving threats. As a systemically important global financial institution, JPMorgan Chase must utilize innovative solutions and keep up with new and emerging technologies at all times. 

 

How does JPMorgan Chase emphasize the importance of cybersecurity?

 

Pat Opet
Global Chief Information Security Officer and Head of Cybersecurity and Technology Controls • JPMorganChase

Cybersecurity is a top priority for the firm. We’re constantly investing in our defenses and ensuring that we have the best talent. We train the firm’s global workforce on best practices to keep JPMorgan Chase safe from cyberattacks. 

We run no-notice drills to test the firm’s security incident response processes and discover how quickly and efficiently teams can handle and remediate an incident. It is essential to test our practices and have all relevant parties capable of doing so. We also run various attack simulations using tabletop exercises and JPMorgan Chase’s cyber range, which is a hands-on-keyboard training environment used to upskill and refresh technology skills. 

Protecting the firm is a mission-focused job and our leaders and their teams take a lot of pride in it. At JPMorgan Chase, cybersecurity is not considered a roadblock, but an enabler of innovative and unique business initiatives. And because of this, we are able to attract top talent, continually invest in our people and technology, and access a vast array of tools and capabilities to identify and mitigate threats. 

We have a saying and a belief inside the firm: ‘Cybersecurity is everyone’s responsibility.’”

 

Pat Opet talks with CTC team member in front of multi-screen desk setup.
JPMorgan Chase

 

How does the firm partner with other financial institutions and government agencies? 

It is critical that we work closely with government agencies and our financial services peers in support of a secure and resilient financial ecosystem. At JPMorgan Chase, we believe that an attack on one of us is an attack on all of us.

We’ve fostered relationships with U.S. government agencies—as well as other financial services and technology companies—so our teams can proactively share intelligence to help prevent attacks and collaborate on cybersecurity defense best practices. In these relationships, there is a strong focus on intelligence development, sector resiliency, exercises to test these partnerships during times of crisis, and operational collaboration. 

The increase in private-public information and intelligence sharing is leading to shared outcomes, such as a financial-sector-defined risk register and joint approach to understanding and mitigating cloud concentration risk.

On a tactical level, working with government agencies broadens our access to real-time intelligence on a range of cybersecurity issues. This helps us prioritize threats to the firm and financial sector. We’re often sourcing unique intelligence that helps inform how we design our defenses to best protect the firm. 

Our collaboration in the cybersecurity space helps protect the financial system and the customers and clients who depend on us. 

 

What priorities do you have for the culture of the Cybersecurity and Technology Controls team? 

Talent is our biggest priority. We have a keen focus on diversity, equity and inclusion because bringing together diverse perspectives, backgrounds and experiences can lead to more innovative and effective solutions for complex security challenges. This is powerful in helping to address biases in technology development and enhances overall digital safety and trust.  

Equally important to DEI is that we have the best experts, who have sharp technical skills and relentless attention to details. Our team is laser-focused, and works around the clock, handing off to one another across time zones to ensure 24/7 coverage. Our subject matter experts focus on the most complex challenges in cybersecurity today. The stakes are high, and as we discussed earlier, cybersecurity is a team sport. So everyone must be a team player. 

Cybersecurity is a team sport.” 

 

 JPMorgan Chase’s CTC team sits around a conference table, talking and laughing.
JPMorgan Chase

 

 

©2023 JPMorgan Chase & Co. All rights reserved. JPMorgan Chase is an Equal Opportunity Employer, including Disability/Veterans.

Responses have been edited for length and clarity. Images provided by JPMorgan Chase.