Casey Watkins – FTI Consulting

Given the breadth of Casey Watkins’ IT career in the military and civilian life, it would be easy to say he’s seen it all.

“I’ve been a cybersecurity professional for almost 20 years and have a diverse background in the field, having worked at global firms in various cybersecurity roles,” Watkins says. “I’ve amassed a wide array of skillsets related to cybersecurity and risk management in general.”

Casey Watkins | Global Head of Cybersecurity and Privacy | FTI Consulting

Still, he hasn’t seen it all, and that’s what matters in his role as global head of cybersecurity and privacy at FTI Consulting.

In the 14 years since he joined FTI, the nature of cybersecurity threats has evolved from malware inserted into innocuous looking emails to more direct attacks, such as ransomware that can freeze a company’s operations.

“We take compliance very seriously,” Watkins says. “We want to make sure FTI is giving our clients the assurance to take the next steps, due diligence-wise, and show we’re going the extra mile to make sure their data is secured.”

Hazard prevention

FTI was founded in 1982 in a small warehouse in Annapolis, Maryland, by Dan Luczak and Joseph Reynolds. It was first a forensics and litigation firm providing technological courtroom evidence with computer models that helped explain the technical aspects of a case. Now, it’s a global consulting firm with offices in 29 countries on six continents.

FTI is a public firm that earned $2.46 billion in revenues in 2020 and now has more than 6,000 employees who can advise on possible antitrust matters, risk and compliance, company turnarounds and restructuring, and cyber security. The company serves industry sectors including aerospace and defense, agriculture, health care and life sciences. It also has public sector and government clients.

Cyberattacks don’t even have to be direct to do damage, Watkins says, because cybercriminals can breach a company’s vendors or partners and expand the attacks through that network.

The COVID-19 pandemic has upped the ante, as well, because while remote work has allowed companies to continue operations, it can also be more difficult for a CISO to monitor how employees are using the IT network entirely.

Protection requires collaboration

Such was the case at FTI, where Watkins says the company had already embraced remote and hybrid work schedules pre-pandemic and could still monitor network use and remove threats.

“We’ve been spending a lot of time over the last few years in access management, in particular, driving automation to better handle access management,” Watkins says.

That’s included improving end point threat detection and response, using Cisco’s umbrella to enforce security and help prevent malicious activity (including ransomware), and partnering with a managed security services provider to provide security operations center monitoring.

Over the last few years, FTI and Watkins have also enjoyed a very successful partnership with FireEye and Mandiant, which FireEye acquired in 2013.

In 2019, Watkins engaged the company to assess FTI’s security infrastructure and program. He says the assessment reaffirmed some things he was aware of and provided additional support for acceleration of some planned program upgrades.

“We asked Mandiant to perform the assessment because they have a great reputation. If you look at many of the high-profile incidents that occur, and you’ll likely see them in the investigation,” he says, noting the recent SolarWinds attack.

FTI has also migrated to the cloud, a project completed in 2019. It’s a hybrid environment, a combination of Amazon Web Services and Microsoft Azure, Watkins says.

While relying on partners to secure FTI’s network and protect data it keeps for itself and clients, Watkins says he also considers network users “the human firewall.” It’s a theme he learned from business partners at Inspired eLearning.

“Phishing remains the primary risk vector for bringing malware into the environment,” he explains. “So we’re always trying to morph training and the ability for people to recognize fraud and phishing and for people to help us detect it.”

From shells to cybersecurity

The son of a U.S. Air Force veteran, Watkins moved frequently before his family settled in Northern Virginia when he was in high school. Although he took some programming courses as an undergraduate, it was not until he became a logistics officer in the U.S. Army that he was really introduced to computer technology.

Watkins began his Army service in 1985 after earning a bachelor’s degree in environmental sciences and history from Virginia Tech. He entered active duty as a field artillery officer. When he shifted to logistics management, it required working with databases to record and analyze equipment status and readiness. He also earned a master’s degree in information systems while on active duty.

Watkins left active duty in 1992 (he remained in the U.S. Army Reserves until 2005) and worked in a non-tech job in banking. He also earned an MBA from Webster University’s Walker School of Business & Technology in 1996 and an additional undergraduate degree in network systems administration in 1999.

Watkins shifted to the IT field in 1998 when he worked as a systems analyst and then as an IT software solutions sales manager for Bell and Howell. In 2001, he became a network engineer and later senior manager of cybersecurity operations at Cendant. In 2003, he earned a Master of Science in Computer Information Systems, with emphasis on database and network engineering from Regis University’s Anderson School of Business and Technology.

Watkins also has graduate certificates in information security from Colorado Technical University, earned from 2002-2004. Before joining FTI consulting in 2007, Watkins was a senior cybersecurity risk manager at Fannie Mae, which finances mortgage lenders.

“I’m always thinking about what our risks and threats to the enterprise,” Watkins says. “Our primary product is information, and therefore safeguarding client’s information or work products done on their behalf is always front of mind.”

View this feature in the Fall II 2021 Edition here.