Devon BryanExecutive Vice President and Chief Information Security Officer
Federal Reserve System
Devon Bryan is Executive Vice President and Chief Information Security Officer for the Federal Reserve System. As Chief Information Security Officer (CISO), Devon oversees information security, including incident response, for the enterprise, ensuring information security architecture, standards, policies and programs remain effective and efficient. Devon was appointed System CISO in February 2016. Devon came to the Federal Reserve from Fortune 500 payroll and human resources provider ADP, where he served as Global Chief Information Security Officer (CISO). Devon led ADP’s information security strategy, collaborating across the company’s geographically dispersed business operations to ensure coordination, consensus, and effective execution across global operations. Prior to joining ADP in 2011, he served as the Deputy Chief Information Security Officer (CISO) for the Internal Revenue Service (IRS) after directing the IRS’s FISMA-compliant information security program and leading the IRS’s incident response team. His information security career began in the U.S. Air Force, where he served as a Captain and lead engineer working on systems and programs to protect the critical network and communications tools of the Air Force’s Air Combat Command. Devon is Co-Founder & President of ICMCP (International Consortium of Minority Cybersecurity Professionals), which he launched in an attempt to bridge the ‘great minority cyber divide’ by providing academic scholarships, innovative outreach, mentoring and networking programs targeting minority cyber security professionals worldwide and by promoting academic and technical excellence in our tradecraft. Devon received a Bachelor of Science, Applied Mathematics from South Dakota Technological University and a Master of Science, Computer Science from Colorado Technological University, graduating Summa Cum Laude. He holds multiple certifications: CISSP, CIPP/US, CIPP/EU, and CISA and participates in several industry forums and is a sought after speaker and writer on emerging cyber security trends and issues.
A security culture needs to be embraced prior to security work. Within the security industry there is a problem of empathy where the victims of the cyber security breaches are punished. The whole world, which utilizes security systems, needs to be engaged to be effective. The true diversity of people who use the systems must be protected and represented. This means the security teams needs to include the variety of cultures and thinking protected. Clearly cyber criminals do not discriminate based on gender and strategies must be implemented to create and inform a growing, strategic workforce and pipeline. In this session, explore efforts for achieving a truly diverse industry and ways to recruit and retain diverse talent including women and minorities.
•Planning long term with staff development and culture awareness
•Widening talent searches outside of IT
•Creating and empowering cross-functional teams