Executive Vice President and Chief Information Security Officer, Mastercard
As a young boy growing up in Philadelphia, Ron Green listened to his father and his uncles swap stories about their jobs as police officers. Ron knew that he, too, wanted to be a police officer when he grew up. When the time came, his father said “no” and insisted that his son go to college—so Green chose the U.S. Military Academy at West Point. He just couldn’t shake that notion of wanting “to protect and serve.”
Green planned on being a career Army officer. He loved his assignments of leading troops, but there were too many times when his service took him away from his troop leadership roles. His passion was leadership, so Green left the Army with the intention to become a police officer. Once again, Ron’s and his father’s goals for his future did not align. “My dad encouraged me to join a federal agency rather than a police force because the level of violence was different,” says Green. “I applied to various federal agencies and ended up with the U.S. Secret Service.”
As a special agent with the Secret Service, he provided protection to presidents, vice presidents and foreign heads of state. He traveled abroad to protect the president and vice president. He also worked cases of counterfeiting crimes. “I had a degree in engineering and my peers had degrees in criminal justice. When we did our search warrants, we would run them through computers,” says Green. “My peers would look at me to do the computer work because of my engineering background. Then the head of the Secret Service pulled me into a formal training program pertaining to computer forensics. I was part of the first team of people that got trained in computer forensics in a program run by the Secret Service, the IRS, and the Customs Service.”
Investigating cybercrime
Green moved from the Secret Service office in Phoenix to the headquarters in Washington, D.C., to join what was called, at the time, the Electronic Crimes Branch. “That’s a branch where cyber-capable agents would help agents in the field with training and support of their investigations. We supported international or large-scale operations that involved cybercrimes,” explains Green.
“I loved my work and this was the toughest job to leave, but I decided to leave the Secret Service for family reasons. My wife and I had just had our third child, and I was missing things in my children’s lives because of the nature of my work,” says Green. “Also, there was some level of danger involved in my job, and it just wasn’t right to put my family through that.”
One particular case gave Green the opportunity to work closely with Bank of America. BoA asked Green to join them to build out the bank’s cyber investigations program and electronic discovery program. He then became a business information security officer—essentially a CISO with business areas of responsibility. After a while, he moved into electronic commerce and ATMs. “They tried to turn me into a banker, but I’m a security guy at heart,” says Green. He left BoA for his next opportunity at Research in Motion, maker of Blackberry devices.
“I had a great time with RIM,” says Green. “I built out their investigations program and brought in some really cool technologies. My role there included both cyber and physical security.” After a few years with RIM, Green moved on to his next opportunity, this time with Fidelity National Information Services (FIS). He was the deputy CISO at FIS for a little over a year, until Mastercard tapped him to be an executive vice president and CISO. “Somewhere along the way during my early days with Mastercard, they also gave me responsibility for the physical security program too, so I am a cyber/physical security guy now,” explains Green.
Protecting the ecosystem
Green was an early board member of the FS-ISAC, between about 2004 and 2009. “It was early in my time at Bank of America. In those days, there was some attention to security, but not quite enough,” says Green. “The banking DDoS attacks hit and it helped to wake organizations up to the importance of sharing information to protect not just yourself but the entire ecosystem. The FS-ISAC has grown substantially since my days on the board.”
Over the course of his career, Green really has seen and experienced a lot. “I feel old because I can remember the days when my colleagues and I would watch hackers steal large data sets of credit card and personal data. The attacker would go back to the victim company and say, ‘If you give me $15,000, I won’t publish this information on the Internet.’ We’d get back with the hacker and tell him we’d pay the money but he had to meet us to get it. So, the guy would meet us in person and we would arrest him. But we always wondered, why don’t hackers just use the information? And now they do.”
Job security
Green says there will always be a need for people with the ability to protect logical information. “I don’t think the need ever goes away,” he says. “When it comes to your computer or logical infrastructure, people are constantly trying to figure out a way to break in and steal information. There will always be a need for people in the cybersecurity space and it will continue to grow. But there’s no magic to what we do. We all follow best practices. There’s a certain level of hygiene you are supposed to do to maintain your environment. You can learn newer ways to protect things, but you have to have the right level of hygiene—not just from your technical folks and your technology and equipment, but also your employees. They need to think about protection just overall as part of what they do.”
Social engineering is a major problem to try to overcome, according to Green. “Social engineering plays a role in breaches, because that’s how attackers get a foothold. People need to think about security in everything that they do. It helps to protect them and their environment at home, and if they can think about it more, it helps them protect us here in our environment.”
It’s an arms race
The big talk in cybersecurity solutions these days is machine learning and artificial intelligence. Vendors are all racing to put elements of AI in their security tools. Green foresees a day when attackers, too, will use AI as part of their arsenal. “It’s an arms race,” he claims. “We come up with a security control or a protective measure, and then they spend time to figure out how to exploit it at scale. The arms race just goes back and forth. I believe the same holds true for artificial intelligence. The bad guys will figure out how they can use it to their advantage and then figure out a way, at scale, to overcome the controls we put in place.”
When he’s not fighting the good fight to defeat cyber-attackers at work, Green enjoys his home life with his wife, three daughters and son. “I’m half Samoan, so when the movie Moana came out, my girls really liked it and could relate. It was a big thing for them to see the Samoan culture in the movie,” says Green.
Ron Green might not have gotten his chance to be a police officer, but with his long-term career spanning everything from protecting presidents to fighting cybercrime, he certainly has had his chance “to protect and serve.”