From “WarGames” to Wall Street: Frank Vesce’s Cybersecurity Journey

In episode 98 of The New CISO Podcast, host Steve Moore welcomes Frank Vesce, CISO at Allvue Systems, for a discussion on the technical and human facets of security. Read on to learn about Frank’s professional journey, his unique approach to interviewing, and his motivation to mentor.

In this article:

• A cybersecurity expert’s origin story
• Hiring tactics: beyond the resume
• Understanding complaint dynamics in cybersecurity
• From finance to Coast Guard tabletop exercises
• What’s in a word?
• A personal note: giving back to foster kids
• Advice for the new CISO: balance tech with humanity
• Conclusion

A cybersecurity expert’s origin story

The 1983 movie “WarGames” is etched in many people’s minds. For Frank and countless others, it wasn’t just an iconic film featuring Matthew Broderick’s character hacking his way to near-global annihilation; it was the inception of a lifelong passion for technology and artificial intelligence (AI). “I still watch that today. It’s such a great film,” Frank muses. “That’s what got me intrigued into the whole bad actor thing and understanding how to compromise systems.”

While studying coding at Pace University, his interests deepened with the true-crime book “The Cuckoo’s Egg,” in which Clifford Stoll chronicles the tale of tracking down a hacker at Lawrence Berkeley National Laboratory in the late ‘80s. Stoll’s seminal work served as a wake-up call to many institutions about the importance of computer security. His story demonstrates that even seemingly minor discrepancies can be indicators of larger, more sinister activities.

Frank reflects, “It was a combination of ‘WarGames,’ which I always watch every time it’s on, and that book. That’s really what’s got me into technology and what’s known today as cybersecurity.”

But it was at Goldman Sachs that Frank truly honed his skills. Guided by stalwarts like Phil Venables, Frank learned that cybersecurity was more than just codes and firewalls; it was about navigating the intricacies of leadership, resilience, and team dynamics. He recalls, “I would have to say it was really at Goldman… That’s really where I dug in and I just excelled from there.”

Hiring tactics: beyond the resume

Frank’s unorthodox interview approach at Goldman Sachs might have raised a few eyebrows, but it was rooted in a simple philosophy: in high-pressure environments, understanding a candidate’s genuine reactions can be golden. 

Why the emphasis on reactions? Frank explains that everyone can present a polished version of themselves in a formal interview. But the real essence of a candidate shines through in unplanned, real-world scenarios. By intentionally addressing a candidate by the wrong name, he would test their reaction under pressure. Frank’s unconventional technique was his way of finding candidates with authentic character, adept for an intense workplace.

Understanding complaint dynamics in cybersecurity 

Understanding the essence of complaints reveals much more than what’s on the surface, especially in security. Instead of taking complaints at face value, it’s about unpacking the hidden motivations behind them. Frank refers to a fascinating study by Alyson Meister, professor of leadership and organizational behavior at IMD Business School in Switzerland, that identifies four distinct categories of complaints:

1. Productive complainers: Frank describes these individuals as the ones who not only pinpoint problems, “but might even offer a solution… That’s the best type.”
2. Venters: According to Frank, venting “is more of an emotional type of complaint.” These individuals aren’t seeking solutions. “They just want you to listen. And that type of person’s okay… You don’t know…what’s been going on in their personal life. And that affects how they’re going to work.”
3. Chronic complainers: This group, Frank says, tends to have a “pessimistic, critical view of their role, their work, their life, the people around them. They’re…very toxic.”
4. Malicious complainers: Frank warns that this type “is sort of destructive in the way they complain; they use it to undermine you to gain an advantage…backstabbing.”

Frank emphasizes the importance of recognizing where individuals might fit within these categories. Additionally, having a mentor can be invaluable in helping navigate these interpersonal challenges. He draws a parallel to cybersecurity, pointing out that human behaviors can lead to vulnerabilities, such as susceptibility to phishing attacks. “The human aspect in information security is the weakest link. We have tons of smart people that can engineer anything, build a web server from scratch. Great. But are you thinking about the end user? When they go to use it, are there holes in there? Are they going to expose passwords? That’s why I always think about the human part of it.” 

From finance to Coast Guard tabletop exercises

Frank has worn many hats in his career, including as a volunteer cybersecurity advisor to the U.S. Coast Guard. But why would the Coast Guard need expertise from the financial sector? The answer is twofold.

First, the Coast Guard sought to understand and navigate complex cybersecurity challenges, but they hadn’t yet conducted any tabletop exercises (strategic simulations used by organizations to gauge their crisis response efficacy). Second, they had aspirations of elevating their cyber capabilities to a level that would persuade Congress to allocate more funding for them. Frank’s government-outsider perspective offered the novel insights they needed.

In regards to tabletop exercises, Frank highlights the importance of relevance: “Teams need to understand how to translate what they see on the technology side into ‘What does this mean on the business side?’”

Frank also notes that external communication during crises is where most companies falter. His advice? Embrace standardized communication templates to ensure messaging consistency and foster public trust.

What’s in a word?

While at Goldman Sachs, Frank had a firsthand experience of how a single word can impact perceptions. He shares a story about an assignment he was given, for which he used the word “re-engineering.” To Frank, this term was neutral; after all, it was commonplace in his prior role at Bell Labs. But for a colleague at Goldman Sachs, it carried a negative connotation, making him feel that since his efforts needed retooling, they were undervalued. He would have preferred a gentler word: “enhance.”

Realizing the need for this colleague to be an advocate, Frank adopted the word “enhance.” He didn’t stop there. To foster collaboration and show appreciation, Frank consistently mentioned the colleague’s name and contributions when talking about the project. Reflecting on this, Frank says, “He became such an advocate of our program because I give him credit all the time.” Frank often shares this advice with others: “Be careful of the words that you use… You’ll gain a lot more buy-in from people and collaboration.” Sometimes it’s the choice of a single word that can make or break a project’s reception.

A personal note: giving back to foster kids

Frank’s cybersecurity journey is intertwined with his personal story, which began in a Brooklyn orphanage. He then spent a short time in foster care before being adopted into a loving family with an adopted sister. That start in life imbued him with a desire to give back.

He found resonance with the mission of Year Up, a nonprofit championing inner-city youth, and Casey Family Programs, the nation’s largest foster care initiative. He expresses, “When I heard the stat that there were over 30,000 kids…aging out of the foster care system, and only six percent actually go to college… I wanted to do something to fix it. Goldman put a cohort together and we were mentoring…youths aging out of the system that want to go to college. They just needed somebody to help mentor them.”

At the invitation of Casey Foster Care and with the support of Goldman Sachs, Frank and a colleague testified before Congress on the importance of private-sector collaborations with nonprofits, asking Congress to allocate funds for these programs. Frank recalls, “That was a very humbling moment in my life.”

Advice for the new CISO: Balance tech with humanity

As in every episode, Steve ends the conversation with the question, “What does being a new CISO mean to you?”

As Frank rightly puts it, being a new CISO isn’t just about understanding the technicalities. “There’s a big focus on being human… It’s focusing less on the engineering aspects…and focusing more on the risk aspects, the business side.” 

Frank ties the crucial human element back to cybersecurity: “Phishing is a prime example…. Humans are going to make mistakes… Try to understand why they’re making those mistakes.”

He recommends an increased focus on education and awareness, and to “let technology do its thing. You have engineers, you have smart people working for you. Let them worry about securing your infrastructure. Focus on the human part of it.”

Drawing on Voltaire’s wisdom, Frank concludes, “Perfect is the enemy of good. I think people need to embrace that a little bit more. I think too many people in my field aim for perfection and they have to realize that it’s okay to fail… Einstein says, ‘Failure is a success in progress.’”

Conclusion

Peeling away the layers of his cybersecurity persona, Frank’s personal journey is one of resilience and gratitude. His commitment to giving back highlights the very human side of a tech luminary. At its core, his story is a reminder that amidst the codes, firewalls, and technology, it’s the personal touch that truly makes a difference.

The New CISO Podcast: Ep. 98 – Listen Now

For more insights from Frank and Steve, listen to the episode or read the transcript.