New Credit Union IT Security Association Ramping Up; Aims to Bring Together Those Protecting the Nation's CUs' IT Systems

AUSTIN, Texas – After months of research and networking, security industry veteran Kelly Dowell says the Credit Union Information Security Professionals Association (CUISPA) is getting ready to roll. Dowell has been criss-crossing the country, talking to credit unions, vendors and others to put together the organization, which will aim to serve the information and peer networking needs of the people responsible for protecting the technology and financial assets of thousands of credit unions and millions of members across the country. “There are more than 10,000 credit union IT professionals in the United States,” Dowell says. “Each day they all go to work and address similar challenges. Consider the possibilities if this group were to begin cooperating.” Dowell intends the CUISPA to be a major force in fostering that cooperation. He began forming the group about a year ago, about 10 years after he co-founded a security consulting firm that ultimately worked with more than 400 financial institutions and vendors. “We have organized a network of individuals, CU IT admins and staff that will support progress and provide feedback,” Dowell says. An initial board of directors has been formed and “thanks to many gracious individuals, we are happy to say that the CUISPA is ready to begin accepting memberships.” Why should a CU join? “First are the direct benefits,” Dowell says. “CUISPA will provide access to a network of CU IT peers, a knowledge base, solution discounts, alerting services and education. “Second, CUISPA is an effort to help the industry as a whole. Through cooperation, CUISPA can improve security within every credit union.” A membership drive will begin soon, and Dowell says more than 60 credit unions, along with corporates such as Corporate One and WesCorp and some well-known security vendors specializing in the credit union space, have made commitments, including SecureWorks in Atlanta and South Carolina-based PM Systems Corp. The group’s combination of diversity and common interests and challenges may make it particularly effective for sharing information about topics that normally aren’t dinner table fare, observes one credit union security veteran who’s interested in getting involved. “Credit unions have traditionally enjoyed the benefits of cooperating with each other, and putting together an organization like this that focuses specifically on security concerns should free up information that can tend to be kept under the carpet,” says Tom Giangreco, information security officer at $4.9 billion Orange County Teachers Federal Credit Union in Southern California. “We can share issues and solutions and maybe not have to re-invent the wheel every time we have to meet a new challenge at our own credit unions,” says Giangreco, who has petitioned to be a member of the CUISPA’s initial board of directors. Giangreco observes that large credit unions like his are working on areas of security such as electronic signatures that are leading edge and also the focus of technology consortiums that the big banks have put together. “If banks are cooperating on things like this, I’d like to see what credit unions can do as well,” the OCTCU security specialist says, adding that “large and small credit unions alike can benefit from this.” Chia Yang agrees. “I joined CUISPA because I think it will be a great resource for keeping informed about computer-related issues while building networking relationships with other IT professionals,” says the technology systems administrator at $48 million Electrus Federal Credit Union in Brooklyn Center, Minn. “I like the idea of having a portal where IT individuals can collaborate, sharing knowledge and solutions,” says Yang, who says his biggest challenge is “securing member information and data while providing more access to the members themselves.” Dowell stresses that the organization is for verified credit union professionals and that vendors are being encouraged to contribute to the effort, financially and intellectually, through an Affiliate Member Program which will recognize the vendors for their contributions while maintaining impartiality. That sounds just fine, says one of the vendors making an early commitment to CUISPA. “Security has become a crucial component of every credit union’s operations, and while we have improved information security measures, the increasing sophistication of the perpetrators forces us to stay on top of the situation,” says Niels Taylor, director of PM Systems’ CU Defense services. “Open communication and peer knowledge exchange is a tremendous step in the right direction. We are happy to support the CUISPA and its important cause,” Taylor says. Serving that cause will take a number of forms, Dowell says. A private online forum is one. Work also has begun on possible annual conferences. And one of the CUISPA’s first efforts will be to foster regional peer group meetings, which Dowell says will be opportunities for CUISPA members and other credit union IT professionals to get together conveniently and inexpensively. The first three will be two-hour lunchtime sessions (with lunch on CUISPA) tentatively set for Dec. 8 in Las Vegas, Dec. 9 in San Diego and Dec. 10 in Los Angeles. More information is available in the Feedback Forum at www.cuispa.org, Dowell says. “Security is an issue that we must all address,” Dowell says. “Implementing a firewall or AV product is one thing, but having the knowledge to continually address new threats is another. Cooperation can be hugely valuable. Why are so many addressing the challenges independently? Why not leverage each other to create a resource that benefits everyone? “I see the CUISPA as a chance to foster cooperation and turn our industry into one of the best managed, from a security perspective, in the financial services business.” He does recognize that won’t necessarily be easy. “Conceptually, the CUISPA is a no-brainer,” Dowell says. “Turning the concept into reality is another story. Vendor-backed efforts fall prey to over-zealous marketing. Volunteer efforts typically fizzle when volunteers become too busy with their primary obligations. “The association must be completely independent and governed by the members, although it must have a dedicated team to ensure progress. As the executive director, I am tasked with promoting membership to ensure the funding that will allow us to provide quality benefits back to the members and the industry.” -