Tessian Spotlight: Pierre-Yves Geffe, Chief Information Officer for Swedbank Luxembourg

Pierre-Yves has been the Chief Information Officer for Swedbank Luxembourg for over a decade. Originally hired to restructure the bank’s IT operations, he overhauled the IT teams into a highly agile workforce and successfully led numerous IT implementations and migrations. Before joining Swedbank, Pierre-Yves worked in IT at both the Luxembourg Stock Exchange and IBM.

What are the greatest challenges you have overcome since you became CIO?

The greatest challenge is hiring and attracting the best employees. My strategy from the beginning was to automate as many processes as possible so that I could hire the best people. Steve Jobs once said “It doesn’t make sense to hire smart people and tell them what to do; we hire smart people so they can tell us what to do.”. I couldn’t agree more with this and that is how we try to attract people here. We are committed to automating processes and staying on the edge of innovation. Slowly, the bank has started to change and become much more flexible and efficient. It was a difficult process but I think we have managed to do it.

What are the specific tactics you use to engage the board?

Chief Information Officers sometimes have difficulty getting complex ideas across to the rest of the board. The board is made up of mainly commercial, financial and legal executives so I find that the best way to express my ideas is through analogies. It is more effective to break down technical aspects into fundamental analogies as this helps them understand the IT perspective much better. This also helps us justify spending on IT initiatives, showing how they will help the business.

What are the most important security indicators that banks should care about?

I pay most attention to human resources because keeping talent is a factor that almost every other IT goal depends on. A company, especially a bank, needs to make sure that employees are happy to work there because the nature of the job cannot allow for mistakes to happen. Unhappy employees are much more likely to make a mistake which could lead to something like a data breach. Because of this, I have no problem allowing them to focus on any personal issues first so that when they come into work they are as happy and effective as possible. The cost of employee mistakes will be much higher than the cost of letting them focus on any personal challenges first.

What needs to change about how most organizations are handling their IT?

Most organizations do not think about how happy their employees are. They don’t understand that if you take good care of your employees, then they will take good care of the organization, especially in IT and cybersecurity. Happy employees are much more likely to behave in a compliant and secure manner.

What are the greatest information security threats to the banking industry?

A lack of employee education when it comes to cybersecurity risks is a very big threat. Lots of employees tend to get phishing emails and many click on the links included in the email without knowing the risks involved. One way of tackling this could be to be very close to the users and remain up-to-date with how users are treating these threats. However, this can only take you so far. Luckily, we have been able to escape any major risks for now but it is an ongoing process.

Do you have any advice for new CIOs to help set them up for success?

You have to get out of the office. Meet with your peers and industry experts, go to workshops and networking events. You should also read blogs and articles constantly to remain on top of the newest technologies, solutions and threats. Ultimately, if you are curious and flexible in your approach to solving a problem in IT then you have the right tools to get started.

About Tessian

Tessian is building the world’s first Human Layer Security platform to fulfil our mission to keep the world’s most sensitive data and systems private and secure. Using stateful machine learning to analyze historical email data, Tessian’s Parallax Engine can predict for this user, at this point in time, does this email look like a security threat?