Board Member Spotlight: Murray Kenyon, Vice President, Cybersecurity Partnerships Executive | US Bank

It’s around your one-year anniversary of joining our Board of Directors! What has been most meaningful to you since joining? 

It’s so important to understand where the cybersecurity/information security community is going so your own institution can stay in step or leverage lessons others have learned, so you don’t have to make your own mistakes to learn them. Although I’m pretty well “plugged in,” building new relationships with NCA leaders and Board Members has been invaluable to me in the conduct of my day-to-day responsibilities. 

How does US Bank’s cybersecurity interests align with the National Cybersecurity Alliance mission to educate and empower our global digital society? 

We are tightly aligned. While NCA focuses on educating and empowering the global digital society, U.S. Bank is focused on educating and empowering our digital customer base. More and more, people are moving to digital banking and we want them to have the knowledge and means to do it in a secure fashion that enhances both their resources and well-being, but also helps the Bank secure our piece of the global digital ecosystem. 

Before entering the private sector, you spent 33 years at the National Security Agency. What have you learned from that career transition?   

Hmmm… I think, foremost, I learned that the interests of the national security community and critical infrastructure owners and operators are not that far apart. We’re both interested in three types of intelligence: documentary (knowing what happened), interpretive (understanding why it happened), and predictive (postulating what will happen next). We still need to draw tighter linkages between government and industry in terms of trusting one another with our most sensitive information, but we’ve made strides in this area. Working together, we can continue to expand the “sensor network” to include both national resources and the millions or billions of internet-connected devices used in the private sector. Doing this will make us better at spotting malicious activity, diagnosing it, and building collaborative mitigation strategies that safeguard the things we care about as a nation.

As a Cybersecurity Partnerships Executive, you must recognize the importance of one of our focus areas: creating strong partnerships between governments and corporations to foster a greater “digital” good. Why is it so important that we build these partnerships? 

There’s strength in numbers and the more partnerships you build, the greater the likelihood that one firm will be able to draw on another firm to acquire capabilities that, otherwise, they might have to create or purchase on their own. Nevertheless, numbers for numbers’ sake don’t always result in much benefit. In fact, the numbers often have to be the “right” numbers. I like to distinguish between durable and discretionary partnerships. The durable ones endure because they offer enduring value or, sometimes, because they’re just the right thing to do (certain government partnerships, for instance). Discretionary partnerships have immediate or short-term benefit but might not be something you need to sustain for the long term. 

How would you describe a successful day at work?  

First of all, no two days are alike in my world—and I love it that way. So, it’s hard to describe a successful day. Most often, something achieved on any given day is the result of days or weeks or months of background work to cultivate value-added relationships so the individual entities don’t have to “go it alone” and invent their own approaches to solving an issue at hand. Of course, it’s gratifying if one of these long-term efforts results in a “flash of success” on a particular day, and we’re delighted when they do. But it seems just as frequent when the small successes build on one another day-after-day until, one day, you realize, “Hey! We’ve made it to a really good place!” 

This year for Cybersecurity Awareness Month, we are focusing on four key behaviors that will help people stay safe online: Enabling multi-factor authentication; Using strong passwords and a password manager; Updating software; and Recognizing and reporting phishing. Is there a behavior you would add to this list if you could?  

I’d add multi-factor authentication and using strong passwords to the list. Just kidding; they’re already on the list, but I’d foot-stomp their importance. 

What do you like most about being a part of the cybersecurity community? 

I love the fact that companies that are in tooth-and-nail competition on the business side are cheek-by-jowl in cybersecurity collaboration. I also love the fact that the government really does want to help the private sector to be more secure in cyberspace (although, sometimes, the authorities, or lack thereof, delegated to particular government agencies can get in the way). I had the privilege of starting to get involved in this collaboration during the latter stages of my government career, so I knew it happened. Nevertheless, when I entered the private sector, I was—and still am—amazed at how much it happens. 

What is one goal, personal or professional, that you have for this year? 

It’s not really a this-year goal, but I want to continue to institutionalize partnerships as a core part of doing the cybersecurity business. Every professional working in architecture, authentication, compliance, regulation, governance, and other disciplines should devote part of their time to cultivating and maintaining relationships with colleagues at other firms that can both offer and present opportunities to share knowledge that will make us all better at what we do. 

How do you like to spend your summer? 

My wife and I bought a camping trailer last year. Think air conditioning and memory foam and our own shower! So, we started on the “glamping” journey last summer and are continuing it this summer. I’ve even spent some time this year working from the trailer in campgrounds that have WiFi access.