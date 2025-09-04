The financial services industry is under pressure to build secure, resilient systems, given the high value nature of the information it holds alongside growing regulatory demands, such as the EU’s Digital Operational Resilience Act (DORA) Act. This means the sector has tended to be ahead of the curve with developments in cybersecurity, including establishing mature corporate governance strategies and tackling the growing use of AI by attackers. David Ramirez, CISO at fintech firm Broadridge, has spent most of his 30-year cybersecurity career working in financial services, with leadership roles at brands including Brown Brothers Harriman and Capital One. Ramirez spoke to Infosecurity about how the financial sector has pivoted to enhance its corporate governance strategies and AI defensive capabilities, offering advice to other CISOs on how to approach these areas. He discussed how AI is changing the types of skillsets required and who is winning the AI arms race between attackers and defenders.

Infosecurity Magazine: Research has shown that threat actors are extensively using AI to target the financial sector, such as deploying deepfakes to defraud companies. What new techniques/tools are you seeing being deployed in this space? David Ramirez: We do a lot of threat intelligence and monitor the trends. Deepfakes are definitely starting to pop out. There are reports of both fake voice and video being used. We’re also seeing information about large language models (LLMs) designed for phishing. It’s something that’s starting to appear more in threat intelligence. It will accelerate once it gets to critical mass because threat actors also need to learn and adjust to the new techniques and capabilities. We’re going to see more of these attacks happening. IM: What are the most effective deployments of AI in cybersecurity you have seen in the financial sector? DR: Cybersecurity is in a privileged space because most of the work can be prioritized and aligned into different structures and models. For example, in governance, risk and compliance (GRC), we have seen good examples of AI being used to accelerate work, reviewing all the security policies, dealing with third-party risk management questionnaires. Also, you can engage with the end users and delivery of training using AI. It simplifies the whole process, you don’t have to spend hours trying to find somebody to record a video. Now you can quickly create material. From the detection perspective, it provides quick analysis and prioritization from alerts. It’s helping us react faster to events, getting to the right information at the right time. We’re also exploring the topic of data loss prevention (DLP), so how to simplify and accelerate analysis of DLP alerts. It’s the same for access management. Across the industry we see a lot of existing vendors adopting AI features and also startups coming up with agentic AI solutions to accelerate some of the work that we need to do. It is putting us into a position where we can be faster and more efficient, enabling us to reallocate time and resources for the challenges that we have. IM: Who do you believe is winning the AI arms race between attackers and defenders? DR: The volume of new solutions on the defenders’ side is very encouraging. The industry as a whole has embraced AI and we see real solutions working and making things easier to manage. There’s the cliche of the attacker only needs to be win once, cybersecurity teams have to win every day. That’s the imbalance of that arms race. But I see a lot of development, features and offers for defenders. Right now, there’s a lot of investment, time and energy in this space, and we will have more time to do some of the other work. Three years ago, we were in a situation where there wasn’t enough time to do all of the things that we wanted to do. But now AI and LLMs are becoming accelerators to move things faster and that’s a great opportunity. IM: Has the rapid development of AI impacted the types of skills and roles you hire for in your cybersecurity team? DR: About 10 years ago, we started to see the need to have staff with stronger coding skills, a stronger understanding of security as a code. APIs and scripting became more available. Now AI is making that even more important, because you don’t really have the option of somebody just clicking on the screen and making a decision based on that. You need them to be able to engage with the AI agents and automate things.

"The type of skills that you need are now more towards automation, scripting and coding"