Donna Ross – Radian Group Inc.

It’s a three-legged stool, she says. People, processes and technology being the three essential ingredients that comprise data security at Radian Group Inc., a Philadelphia firm that manages risk and provides services for the mortgage and real estate industries.

Seems unusual that Donna Ross would list technology last. Especially since it’s what differentiates a chief information security officer like her from less tech-savvy mortals.

Well, she doesn’t downplay tech’s role. Experience has just taught her to keep it in perspective.

“Technology alone doesn’t solve any problem,” the personable Ross tells Toggle in September. “It’s not a silver bullet. If you just throw technology at a problem, you’ll only make it worse through automation. It’s where a lot of security officers go wrong.”

But not at Radian, where Ross recently celebrated her fourth anniversary as the firm’s first CISO.

A dream enabler

A most specialized firm, she says of her employer, for Radian’s focus is enabling the American dream of home ownership through products that span the mortgage and real estate spectrum. That includes a lot of sensitive information entrusted by home seekers to Ross and her team of around 20 full-timers, contractors and managed service providers.

Thus the need for a CISO, the bosses reasoned in 2016 when Radian’s growth brought about well-founded concerns. Better to ensure an enterprise information security strategy before a breach, and Ross—a midcareer infotech veteran with an impressive resume—seemed ideal for the job.

She was called upon to assess needs, strategize, set a budget, assemble a team and implement solutions. She emphasizes that some basic common sense and humility are just as important as tech expertise in getting the process rolling.

“Most important is hiring people smarter than you and getting out of their way,” Ross says. “And it should be a diverse team—you want input from people with different lenses and experiences as well as technological and non-technological skills.”

With that diverse talent assembled in a war room setting, Ross encouraged members to feed off each other’s ideas. She found it encouraging when one person floated a proposal followed by another asking, “what if?” Somebody else might offer an answer met by another “what if?” or, better yet, a “here’s how.”

Through such exercises, progress and teamwork emerged, sustaining the second CISO cycle, which includes the fine-tuning, the reevaluations, the pushing of continued improvement and automation. “Humans fight humans and machines fight machines,” Ross says. “You do need some level of automation in your security.”

Some matters confidential

That said, she chooses not to discuss firewalls or other means to ward off hackers. There’s a forever war between the so-called white and black hats of information security, and as far as she’s concerned, the details of Radian’s defensive infrastructure are classified.

But here again, the people and the processes are just as vital as the technological precautions. Through that mix comes what Ross describes as the service of cyber defense in which technology has a role, the same holding true for every other type of risk management.

“Risk is an interesting subject,” she says. “We use a quantifiable rather than qualitative approach. We look at risk in terms of dollars.”

The threats and vulnerabilities in this sensitive area will always change, with Ross and Radian on the same page when it comes to being proactive. The firm, after all, was proactive when it hired Ross prior to any breach. They’ve taken the same approach when it comes to buying new technology, updating systems and sticking with or changing vendors—while, of course, not neglecting the people and processes aspects of the equation.

“I’ll just say it’s a lot broader than just buying widgets,” she says about Radian’s cyber defense. “But this is what I love about info security.”

A marketing-tech mix

It may not have been her first love, however, for Ross graduated State University of New York-Brockport with an economics degree in 1978. Years later she’d further her academic creds with a certificate in network administration from Bucks County Community College and attending Rochester Institute of Technology’s Executive MBA program, but first work at a decidedly non-tech job at Prudential’s marketing department in Fort Washington, PA.

That proved a worthwhile stint, a person in infotech taking Ross under his wing. She’s since done the same with other young people displaying initiative and competence.

“If you’re ever offered a position outside your expertise, it’s because they see something in you,” she says. “Take advantage of it. You’ve everything to gain.”

The marketing experience also benefited her growth, Ross says, explaining how even in today’s digital world, a technological person may need to convince a company of an unrecognized need.

Ross has been doing that since her Prudential years from 1991 to 2000, carving a professional path through New England and the mid-Atlantic. She went on to manage data security and risk at GMAC Mortgage, handled various tech positions at GMAC ResCap, served as director of IT information risk management at Corning Inc., became CISO and chief compliance officer at Accolade Inc., and then on to Radian.

It’s satisfying, she says, to come to a company, identify its needs, implement changes and immerse in community activities that for her have included board membership with Philadelphia’s Anna Crusis Women’s Choir and volunteering at a Boston food bank. If a new challenge presents itself elsewhere, she’ll be all ears.

Recently she’s had more time to herself. Not that Ross is working less, she’s just mostly been doing so from home and being spared Philly’s bumper-to-bumper traffic. That’s allowed her to further professional and personal interests, the former including an online course in Agile and the latter being one in coffee making.

“I’m a continuous learner. I love to read and learn new subjects,” she says. “And I’m glad to be in a field where I can satisfy my need to grow and mentor others in this profession.”