Kwame Fields – Federal Home Loan Bank of San Francisco
Kwame Fields sees it all the time, but it still surprises him. As the chief information security officer and chief diversity officer for FHLBank San Francisco, he cannot believe how many people still use passwords that don’t meet even the basic standard for security.
“You can have every piece of cybersecurity infrastructure in place, but the ultimate protection comes from ensuring your end users take security seriously,” Fields says.
He says his organization wants employees to think of their work environment and home environment as equally important to protect. Having an unsecure home network often means someone isn’t as serious about security in the workplace, Fields says. And changing that mindset is an everyday battle.
“We don’t want security to be complex for people, and we don’t want it to be a burden, but it has to be a part of their thought process each day,” Fields says.
Training and education
In 2022, Fields says he and his team are working hard to eliminate ineffective passwords and to bring increased security and data protection to member banks and employees starting with training and education.
“Everyone learns differently and sometimes they feel they are too busy to pay attention,” Fields says. “But bad actors only have to be right once. We have to be right every time.”
As part of training, he and his staff conduct monthly phishing campaigns, in which fake emails are sent that replicates an email that may encourage employees to click on a link that could contain a virus if it were real. The employees who fall for the fake communications are given additional training.
In addition to conducting phishing campaigns, Fields says his department provides mandatory information security training twice a year. There’s also a new security champions program that rewards those who take extra training or participate in sponsored events.
Fields says hackers often used to be thought of as outcasts from society living in basements. But now, he says bad actors are part of real organizations that have human resource departments, benefits and customer service—this means that information security professionals likely are always chasing the hackers.
“CISOs used to be perceived as the only ones accountable for security breaches because management assumed the security perimeters were designed to be impenetrable,” Fields says. “Now, we know no perimeter or single security tool is foolproof, so it’s important to have a quick response.”
Buying into security
Operating under a “not if, but when” philosophy has made it easier to get buy-in from the leadership—and the employees—on the need for a robust cybersecurity infrastructure, Fields says. And he’s doing many things at FHLBank San Francisco to put those parameters in place.
One is making the organization and its users less reliant on passwords by leaning into biometrics. Most people have smartphones with technology that can use a fingerprint or facial recognition to authenticate. And soon using a 12-character or 16-character password will go the way of the dodo bird.
“Someone’s face or fingerprint is much more reliable than a password,” Fields says. “Passwords will remain, for now, but they won’t be the primary mechanism for access.”
As a financial institution, there are several points of exposure to protect and monitor because of the money involved in the business, from transactions with hundreds of member banks and credit unions to broker-dealers and the Federal Reserve. And there’s no point in spending money to increase security if there’s a gaping hole in the firewall or other barriers of protection, Fields says.
“They’ve bought into cybersecurity and we’re making a lot of investments behind the scenes,” Fields says, noting the investment in cybersecurity has increased by about 5 percent the past few years. “It’s not that hard to sell people on the effectiveness of these solutions.”
Following the tech
Growing up in central Ohio, Fields developed an interest in computers and technology young because his father was always one of the first on the block with the newest gadgets. His family owned a computer before most of their neighbors, and Fields says he quickly became fascinated with technology.
“But I didn’t know how to turn it into a career until my junior year in college,” he says.
Fields earned a degree in computer engineering from the University of Michigan and a master’s degree in technology management from the University of Phoenix. He worked as a senior consultant for Andersen Consulting—now Accenture—for more than five years and then spent nearly four years as a manager for American Electric Power.
After more than four years in IT roles for Cardinal Health, Fields worked his way up to vice president for IT risk management for JP Morgan Chase in Columbus, Ohio. He then spent nearly four years in executive positions for E*TRADE and founded the company’s diversity and inclusion counsel. Fields joined FHLBank San Francisco in December 2017 and added the chief diversity officer role in July 2020.
“The ground is always shifting beneath you, and the work is always a challenge,” Fields says. “The problems we faced last week are different than the ones we’re facing now and the ones we’ll face in the future.”
View this feature in the Fall I 2022 Edition here.
Showcase your feature on your website with a custom “As Featured in Toggle” badge that links directly to your article!
Copy and paste this script into your page coding (ideally right before the closing