Bank of America’s Amanda Sorensen, senior vice president of the Business Information Security Office, is focused on risk mitigation, staying ahead of cybercriminals and monitoring cyberattacks at the $3.1 trillion bank.
The Charlotte, N.C.-based bank announced that it had increased its projected technology spend by $400 million for 2023 to $3.8 billion at a conference hosted by wealth management firm Bernstein this month. That spend is geared toward generative AI and payment development, Chief Executive Brian Moynihan said at the event.
Additionally, the bank was granted 608 patents in 2022, a 19% increase year over year, about 27% of which were related to information security, according to Bank of America.
In an interview with Bank Automation News, Sorensen discussed cybersecurity efforts throughout the bank, including monitoring ransomware, staying ahead of cybercriminals and using a threat-led approach. What follows is an edited version of the conversation:
Bank Automation News: What cybersecurity trends are you following in 2023?
Amanda Sorensen: At Bank of America, we continue to make investments in our people and technology to keep clients’ information secure. The cyber landscape continues to evolve. Ransomware is a common tactic of cybercriminals, so I’m definitely following the nuances of these attacks.
There have been headlines lately on generative AI and what that may mean for cybercriminals, as well as cybersecurity teams, and I think it will be interesting to see how that develops.
We continue to invest in partnerships to build a trusted community among banks for cyberthreat information sharing and to keep an open dialogue and debate on cybersecurity. We also offer educational tools and resources to our clients so they can stay current with trends.
BAN: What is your role on Bank of America’s cybersecurity team?
AS: I lead the BISO team at Bank of America. The team enables the cybersecurity organization and the technology teams, as well as the frontline business units by advising on cybersecurity matters and driving reduction of cybersecurity risk.
I would describe my leadership style as very hands on. I like to understand the work that I’m leading in the organization, and I enjoy getting to know my teammates. Through a working relationship with my team, we establish a mutual level of transparency, which is effective in solving potential issues early.
BAN: What technologies are at the forefront for innovative cybersecurity teams?
AS: By using a threat-led approach to cybersecurity, you’re continuously monitoring for anything new or changing in the landscape and adapting your defenses accordingly. Understanding how controls perform against known threats gives security teams visibility into where evolution is needed to defend against the threat.
BAN: How do you plan and stay ahead of cybersecurity for the future?
AS: The Business Information Security Office (BISO) team partners effectively across the broader company to solve problems and share current information, allowing the bank to be nimble in its response to the evolving threat landscape. We’re part of the bank’s nearly 3,000 cyber experts located across 17 countries operating around the clock and around the world to identify, prevent and mitigate information security risks.
BAN: What is the best leadership advice you’ve received? How do you relay that advice to your team?
AS: When I was a new manager, it was difficult for me to give feedback. Then, someone suggested that I change my perspective, reframing feedback from a negative experience to one that helps the recipient. So now when I have to give uncomfortable or difficult feedback, I follow that advice and really think about it as something that I owe this person. Feedback provides opportunities for improvement and potential career advancement at all levels.
