Murray W. Kenyon is Vice President and Cybersecurity Partnership Executive in Information Security Services at U.S. Bank, one of the largest commercial banks in the United States.
He fosters partnerships with Government, Trade Associations, Information Sharing and Analysis Centers, Educational Institutions, and Advocacy organizations focused on Cybersecurity in the nation’s critical infrastructure. Murray is a seasoned leader of national-level initiatives, with over 35 years of experience—in the Federal Government and Private Sector—in cyber- and information security, geo-political analysis, intelligence operations, information sharing, and critical infrastructure protection.
Prior to joining U.S. Bank, Murray was Senior Vice President for Technology Risk Management at BITS, the technology security division of the Financial Services Roundtable (now the Bank Policy Institute), an association of the nation’s largest integrated financial institutions. In leading the BITS Cybersecurity program, he worked with member institutions to focus on cyber preparedness, information and technology sharing, shaping cybersecurity legislation and regulations, Cross-Sector and Industry-Government collaboration, and convening experts from the Private and Public Sectors to solve problems facing the Financial Sector.
Before entering the Private Sector, Murray spent 33 years in analytic, staff, and leadership positions at the National Security Agency (NSA). Rising to the Defense Intelligence Senior Executive Service, his roles included operational and technical management, inter-agency and international liaison, stakeholder and industry engagement, and overseeing national policy for the secure operation of Federal Government IT and communications systems.
As Senior Executive Account Manager for the Financial Sector, he organized NSA technical assistance to law enforcement agencies in responding to cybersecurity incidents in the Private Sector. He led NSA participation in cybersecurity exercise programs between the Government and Financial Sector and, working with the Department of Homeland Security, helped educate hundreds of industry executives on the cyber threat to the Private Sector. Murray received his Bachelor of Arts degree from Asbury University, and earned Master of Science degrees from the Joint Military Intelligence College (Strategic Intelligence) and the National War College (National Security Strategy).
He serves on Cybersecurity Advisory Boards for New York University, the University of West Florida, Carroll Community College (Maryland), and is a member of the Visiting Committee for the National Cybersecurity Training and Education Center.
Get to know Murray Kenyon
What has been the most meaningful part of serving on NCA’s Board of Directors?
It’s so important to understand where the cybersecurity/information security community is going so your own institution can stay in step or leverage lessons others have learned, so you don’t have to make your own mistakes to learn them. Although I’m pretty well “plugged in,” building new relationships with NCA leaders and Board Members has been invaluable to me in the conduct of my day-to-day responsibilities.
How do U.S. Bank’s cybersecurity interests align with our mission?
We are tightly aligned. While NCA focuses on educating and empowering the global digital society, U.S. Bank is focused on educating and empowering our digital customer base. More and more, people are moving to digital banking and we want them to have the knowledge and means to do it in a secure fashion that enhances both their resources and well-being, but also helps the Bank secure our piece of the global digital ecosystem.
Before entering the private sector, you spent 33 years at the National Security Agency. What have you learned from the career transition?
Hmmm… I think, foremost, I learned that the interests of the national security community and critical infrastructure owners and operators are not that far apart. We’re both interested in three types of intelligence: documentary (knowing what happened), interpretive (understanding why it happened), and predictive (postulating what will happen next). We still need to draw tighter linkages between government and industry in terms of trusting one another with our most sensitive information, but we’ve made strides in this area. Working together, we can continue to expand the “sensor network” to include both national resources and the millions or billions of internet-connected devices used in the private sector. Doing this will make us better at spotting malicious activity, diagnosing it, and building collaborative mitigation strategies that safeguard the things we care about as a nation.
As a cybersecurity partnerships executive, why do you think partnerships play such an important role in cybersecurity?
There’s strength in numbers and the more partnerships you build, the greater the likelihood that one firm will be able to draw on another firm to acquire capabilities that, otherwise, they might have to create or purchase on their own. Nevertheless, numbers for numbers’ sake don’t always result in much benefit. In fact, the numbers often have to be the “right” numbers. I like to distinguish between durable and discretionary partnerships. The durable ones endure because they offer enduring value or, sometimes, because they’re just the right thing to do (certain government partnerships, for instance). Discretionary partnerships have immediate or short-term benefit but might not be something you need to sustain for the long term.
How would you describe a successful day at work?
First of all, no two days are alike in my world—and I love it that way. So, it’s hard to describe a successful day. Most often, something achieved on any given day is the result of days or weeks or months of background work to cultivate value-added relationships so the individual entities don’t have to “go it alone” and invent their own approaches to solving an issue at hand. Of course, it’s gratifying if one of these long-term efforts results in a “flash of success” on a particular day, and we’re delighted when they do. But it seems just as frequent when the small successes build on one another day-after-day until, one day, you realize, “Hey! We’ve made it to a really good place!”
What do you like most about being part of the cybersecurity community?
I love the fact that companies that are in tooth-and-nail competition on the business side are cheek-by-jowl in cybersecurity collaboration. I also love the fact that the government really does want to help the private sector to be more secure in cyberspace (although, sometimes, the authorities, or lack thereof, delegated to particular government agencies can get in the way). I had the privilege of starting to get involved in this collaboration during the latter stages of my government career, so I knew it happened. Nevertheless, when I entered the private sector, I was—and still am—amazed at how much it happens.