Lora Vaughn McIntosh of Simmons Bank: “When we collaborate and engage outside our bubbles, we can come up with stronger solutions.”

I think that it’s finally sinking in that by diversifying a company’s workforce, you benefit from many different insights and perspectives that are good for solving problems. Diversity brings lots of viewpoints to the table. When we collaborate and engage outside our bubbles, we can come up with stronger solutions.

As a part of my series about strong female finance leaders, I had the pleasure of interviewing Lora Vaughn McIntosh, chief information security officer at Simmons Bank. Lora brings 15 years of cybersecurity experience to her current role of overseeing programs to secure Simmons’ assets and data. Lora joined Simmons from Regions Bank, where she most recently served as manager of the cybersecurity operations center. In this role, Lora oversaw and supported 24/7 security monitoring and incident response. Lora holds a Bachelor of Science degree in computer science from Birmingham-Southern College and is a certified information systems security professional (CISSP). She has been a member of Women in CyberSecurity, a nonprofit membership organization dedicated to bringing together women in cybersecurity since 2014.

Thank you so much for doing this with us! Can you tell us the “backstory” about what brought you to the banking/finance field?

As an information security specialist, industry makes a really big difference in how my field is viewed, approached and valued. I started my career with the Department of Defense where security was a very big deal, for obvious reasons. When I left government service, I was really just looking for a place that allowed me to be closer to family. I got lucky when I landed a position at Regions Bank in Birmingham, Alabama — it turned out that after the Department of Defense, the next best place for someone who wants to make a difference protecting systems, networks and data is the financial services industry. When you’re working to secure the IT assets of a bank, you don’t have to explain why it’s important to be secure since people intuitively understand that money is at stake. Bankers appreciate risk, so when you can articulate technology risks in a way that makes sense to the non-techies, they’re really receptive.

Can you share with our readers the most interesting or amusing story that occurred to you in your career so far?

Early in my career I spent a lot of time enforcing acceptable use of the internet from bank computers. The internet searches and online behaviors I saw were so entertaining that I gave an awareness talk several times that I called “The Top 10 Things NOT to Do on Your Computer at Work.” I think the people who were searching for ways to hack into their coworkers’ computers or bypass the web filter were some of the most comical misbehaviors, at least among those that are safe for print. After a certain point, nothing surprised me. My advice to everyone: If you wouldn’t want your coworkers, boss or mom to see something, then don’t do it at work!

Are you working on any exciting new projects now? How do you think that will help people?

Simmons Bank is undergoing a major technology transformation right now. As part of that, I’m building out a modernized Security Operations Center, or SOC. As a company, we’ve grown significantly over the past five years, so we’ve had to ensure that our ability to detect and respond to threats like phishing and other computer-based attacks keeps pace with our growth. We’re investing a lot of time and money into technology, processes and people so that we can effectively protect our systems, data and — most importantly — our customers.

What do you think makes your company stand out? Can you share a story?

Simmons Bank is really committed to investing in its people and technology. There are a lot of people coming into Simmons from outside the bank to help the company grow. It’s a great team with broad experience, but one of the things that led me to Simmons was the fact that the bank is investing $100 million in technology over a five-year period. That’s very exciting for us and will have a sweeping impact on not only our IT Department and business units, but also our customers. Once we complete this technological transformation, our customers are going to have an exceptional user experience and a strong confidence that their bank has their back when it comes to security.

Wall Street and finance used to be an “all-white boys club.” This has changed a lot recently. In your opinion, what caused this change?

I think that it’s finally sinking in that by diversifying a company’s workforce, you benefit from many different insights and perspectives that are good for solving problems. Diversity brings lots of viewpoints to the table. When we collaborate and engage outside our bubbles, we can come up with stronger solutions.

Of course, despite the progress, we still have a lot more work to do to achieve parity. According to this report in CNBC, less than 17 percent of senior positions in investment banks are held by women. In your opinion or experience, what three things can be done by a) individuals b) companies and/or c) society to support this movement going forward?

1. We all tend to hire people like ourselves — it’s human nature. I think that we have to be intentional in our hiring to make sure we aren’t just selecting candidates whose experiences mirror our own.

2. Women need to support each other. I agree with that Madeline Albright quote that “There’s a special place in hell for women who don’t help each other.” If you see a woman in your organization who has potential, help her rise! Mentor her. Talk her up inside the organization. Nominate her for the next big thing.

3. Speak up… respectfully. When you see something that’s unfair or biased, call it out. When you’re in a leadership role, I think you have a responsibility to fight for others. Things only change when leaders speak up about inequality.

You are a “finance insider.” If you had to advise your adult child about five non-intuitive things one should do to become more financially literate, what would you say? Can you please give a story or example for each piece of advice?

My advice really boils down to protecting your financial assets through online safety. I don’t feel especially qualified to give financial advice, per say, but my focus is to effectively guard data and finances.

1. Use a unique username/password combination. Password re-use is the root cause of many compromises. Financial institutions are frequently targeted by credential stuffing, a fraud technique where bad guys get a list of usernames and passwords from a data breach and then try those credentials on other online platforms. These attacks are very successful because many people use the same username and password for multiple systems.

Financial institutions take proactive measures to prevent these attacks from succeeding, but it’s still in your best interest to use unique passwords. The strongest passwords are long (15 characters or more) and don’t include dictionary words. I recommend that individuals use a password manager to make this easier. Most password managers will even create strong, random passwords for you.

2. Monitor your accounts and credit cards. Monitoring your accounts for suspicious activity is essential. Even if your online security is good, your account or card information can be stolen through other means. I had a situation a few months ago where I didn’t have alerts set, but I check my credit card statements every week. There were about 10 charges on my card that I didn’t make. I was able to get my credit card company to send me a new card and reverse the charges that the fraudster had racked up. Even so, alerts would have saved me a good bit of hassle. If your financial provider doesn’t have alert capabilities, a financial aggregator can help.

3. Only download mobile apps from the official app store. Apps for mobile banking and financial management are great tools to help consumers take better control of their finances, and many of them have useful features like the ability to lock a lost or stolen credit card. All that’s great, but you always want to download apps from the proper app store for your phone (Apple’s app store for iPhone or Google Play for Android phones). Apps downloaded from other locations could have malicious software implanted into them.

4. Don’t click email links. If you receive an email that looks like it’s from a financial institution and contains a link, be skeptical. Many financial institutions have moved away from sending links in emails. To be on the safe side, it’s always best to type the institution’s URL into your browser’s address bar. It’s all too easy for fraudsters to disguise links in an email so that they look legitimate.

5. Don’t bank (or do anything sensitive) on public Wi-Fi. Doing almost anything while connected to public Wi-Fi can incur risk, but that’s particularly true for banking or accessing sensitive platforms. While your connections to these platforms should be encrypted, public Wi-Fi can be home to sketchy systems and individuals who want to steal your information. It’s always safest to conduct sensitive transactions over your cellular connection or private Wi-Fi connection.

Logging into any platform while using a public Wi-Fi connection is like having a private conversation in a room full of people — you don’t know that anyone else is listening, but they could be.

None of us are able to achieve success without some help along the way. Is there a particular person who you are grateful towards who helped get you to where you are? Can you share a story about that?

There are lots of people who have helped me get where I am today, but I’m probably most grateful to my former manager, the chief information security officer (CISO) at my last bank. During one of our regular one-on-one meetings he asked me what I wanted to do next. I was uncertain but knew that I wanted to do more than what I was doing at that time, maybe be a CISO one day. It was a pretty frank discussion. He pointed out that I’d been doing the same thing for several years and would need to do something else to move up. Then he gave me the opportunity to move into a different role inside the organization managing the cybersecurity operations center. Quite frankly, I didn’t like that role, but it was great for my career. After about a year, I was offered the CISO role at Simmons Bank. If he hadn’t had that conversation and pushed me to try something different, I wouldn’t be where I am right now.

Can you please give us your favorite “Life Lesson Quote”? Can you share how that was relevant to you in your life?

My absolute favorite quote is from Laurel Thatcher Ulrich: “Well-behaved women rarely make history.” Many times in my life, I haven’t wanted or done what was expected of me. Early on in my IT career, it wasn’t uncommon for me to be the only woman in the room or on a team. Sometimes, vendors would ignore me and only speak to my male coworkers, or they would assume that I was only there to get coffee and take notes. This quote has always inspired me to speak up for myself and others, even if that means that someone will think I’m too bold.

You are a person of great influence. If you could inspire a movement that would bring the most amount of good to the greatest amount of people, what would that be? You never know what your idea can trigger. :-)

For such a wealthy country, the United States has significant numbers of people impacted by food insecurity and hunger. I recently read that 63 million tons of food are wasted every year. There have been some creative approaches to dealing with food waste, like subscription boxes for “ugly” produce that doesn’t sell well in grocery stores and apps that allow grocers to re-sell foods approaching their sell-by dates. Better yet, I’d like to see programs that connect fresh produce that is headed for the landfill to food banks and those in need.

Thank you for joining us!