Ep 40: Defending Clients and Securing AI Agents with CIBC Chief Security Officer Keith Gordon

Evan Reiser: Hi there, and welcome to Enterprise AI Defenders, a show that highlights how enterprise security leaders are using innovative technologies to stop the most sophisticated cyber attacks. In each episode, Fortune 500 CISOs share how AI has changed the threat landscape, real-world examples of modern attacks, and the role AI can play in the future of cybersecurity. I'm Evan Reiser, the CEO and founder of Abnormal AI.

Mike Britton: And I'm Mike Britton, the CIO of Abnormal AI.

Evan: Today on the show, Mike is talking with Keith Gordon, Chief Security Officer at CIBC. CIBC is one of Canada's largest banks, with operations spanning retail, commercial, capital markets, and wealth management. As CSO, Keith oversees cybersecurity, fraud, physical security, and third-party risk across the bank's global footprint.

A few things stuck with me from this conversation:

First, one of CIBC's commercial clients got hit with a deepfake video of someone they thought was their own CEO, asking them to move money. Back-office detection caught it, but the attack was real. The lesson? Phishing isn't just an email problem anymore.

Second, CIBC's been building behavioral biometrics in-house from scratch for two years, and fraud losses are actually trending down. But scam losses are going through the roof. The bank can catch the attacker, but it can't always catch a customer who's been convinced their bank is lying to them.

And finally, Keith's framing on agentic AI stuck with me. Giving an agent the right access doesn't answer whether it should use that access. He calls it micro-segmentation for the AI age: keep agents in their lane, but with enough room to learn. His read on today's controls is that they aren't there yet.

Mike: Keith, thank you so much for joining us today. Just to start, can you give our audience an overview of your career and your current role at CIBC?

Keith Gordon: Yeah, sure, Mike, and good to see you. My career has been one that’s been filled with lots of interesting things. I never thought that I would end up in cyber. I actually didn’t even know what it was early on, because my degree was actually in marketing and math, and that’s kind of where I thought I would go do my thing.

I ended up in e-commerce back when it became a thing. I was the only guy in marketing who knew anything about computers, so I got the job doing that, but then ended up at Bank of America when we were building out online banking for the first time. I had that question-and-answer session with my boss, when I said, “Hey, what keeps you up at night?” And he said, “The bad guys getting in the back door and us not knowing it.” And then I asked the question that changed my career, and that was, “Okay, well, where’s our security team?” He said, “We don’t have it. Go build it.” Now, mind you, this was 25 years ago, so it’s not like today. This was in the early days when security was not something that was built in. It was an afterthought at best.

But it really started that trajectory of starting to understand all of the elements of a security program. I spent 14 years at Bank of America, a couple of years at Capital One, a handful of years at Ally Financial, and now six years at CIBC. My career has varied amongst all of the different elements of cyber. Plus I’ve done fraud and physical security. So, it’s been a really broad spectrum of things that I’ve done, where at CIBC, as the Chief Security Officer, I now have all of those elements underneath my team.

Mike: I’d love for you to give our audience an overview of CIBC and what CIBC does. I know you’ve given us some of the details, but as far as what you control as Chief Security Officer at CIBC, maybe some elements that may not necessarily be under a typical CSO.

Keith: We are a full-service bank: retail, commercial, corporate, big capital markets. But interestingly, we are a very large US bank, too, in wealth management and corporate commercial capital markets. We’re a top-25 bank in the US, but again, not a big retail presence, so you haven’t heard about it as much. And then the other interesting part is, we are the largest bank in the Caribbean. And no, I haven’t been down there to go visit my team in the Caribbean. Everybody always asks.

If you think about what we do, it’s very much like any other large global multinational bank. From my team’s perspective, I’ve got a global view. I’ve got responsibility around cybersecurity, third-party risk. We have a team that we call Fusion. Think about Fusion as an integrated place where we’re doing all of incident management, intelligence gathering, business continuity through operational resilience. So, it’s really those horizontal functions to help protect and operate the team or operate the bank.

Mike: When we think about the risk that AI poses from an attacker’s perspective, what are some of the types of attacks that you think are out there that maybe didn’t exist a few years ago, due to cyber criminals and nation-states and others leveraging AI for bad?

Keith: Yeah, I’m going to break it out in two different ways. One is from a client viewpoint. Obviously the threat actors are leveraging AI significantly when they’re doing their direct attacks on the client, looking to defraud them, using really, really good phishing now, where they look real. They’re doing a great job, not only in email, but also in voice. We’ve seen direct attacks on voice going to a client, and we’ve even seen it over video, where one of our commercial accounts had a fraudster come at them, and they did a deepfake of who they thought was their CEO, trying to get them to do some money movement. Now, thankfully, we were able to catch it from some of our back-office detection, but still, it was real and it happened.

But the part that concerns me the most really is outside of our boundary, meaning where the threat actors are targeting our clients from a scam viewpoint. They’re convincing our clients to go do things, and they look legitimate, because it’s our client actually doing the transaction. And even though we try to tell them, “This isn’t real, this is a scam,” they don’t believe us, or they’re being coached by the threat actor on what we might say: “Hey, your bank is going to tell you this. They’re going to try to tell you this is not real.” So from a client viewpoint, significant risk, because the client is the path of least resistance and the lowest on the maturity scale.

Mike: Are there things that you guys have found successful in trying to get better visibility into when those things happen?

Keith: Yeah. From a behavior perspective, this is one of the areas where we’ve been doing our own internal model development for really the past two years. I’ve got a data science team that’s constantly evolving our own internal models. These are not models that we’ve purchased externally. These are ones that we’ve built to try to get to a much more granular view of what I call behavioral biometrics.

How do we know that it’s our client at the other end? When we validate that it is our client, is this abnormal behavior? And are we seeing this type of similar behavior potentially from other clients that may be either being defrauded or scammed? We’ve done a significant amount of uplift to the point where, I almost hate to say this out loud, but our fraud losses are actually slightly dipping, where our scam losses… I shouldn’t say “ours,” because our clients are the ones, unfortunately, that have to take the hit for the scams. But scam losses are going through the roof.

Mike: Does that kind of make you rethink how you do training as well? Just training internally, training with your customers on how some of the attackers have changed, how the attack techniques have changed as well?

Keith: 100%. And we have to. We can’t not (I guess that’s a double negative), but we can’t not escalate what we’re doing with our clients, and also with the industry. So, working with the ABA in the US and the CBA in Canada to try to pour in more information and intelligence to them to help them be better at educating the communities.

But that’s just on the client side. As I look at it, our CEO literally just asked me a couple weeks ago what kept me up at night, which I thought was interesting. I hadn’t gotten that question in a while. But in the age of AI, and the escalation and the acceleration of what we’re seeing in the marketplace, our third-party ecosystem was one that… it’s the unknown unknown for us. Because we can only go so far from a contractual perspective, but our third parties are going to be just as at risk as we are from an attacker viewpoint. They don’t traditionally have the same kind of budget that I’ve had for the past 20 years to build a fortress around the bank. Our third parties, I think, will become one of the most exposed areas in financial services over the next couple of years.

As you look at how AI is going to enable the threat actors, it’s going to be our third-party service providers. They’re going to have to really up their game, whether it’s doing a much more accelerated view of patching, but also maybe that added layer at the perimeter to start to look at different types of behaviors that may not be fraudulent, but may be different types of cyber attack vectors that we may be seeing.

Mike: What are your thoughts on these new frontier models? And how should we be thinking about them, as far as: how do we leverage them with our own internal processes and things that we’re doing from a security perspective? Obviously, Mythos is not available to the public, but what is CIBC doing? Or what are some examples you hear in financial services where you try to stay ahead of the attackers, because at some point they’ll have these same types of models, as well?

Keith: We’re going to have to have tight coordination with our third parties as we roll this out. But we are being, I would say, probably more aggressive than some other peers, because we started a little bit earlier on our AI journey. We developed our own internal AI instance that we built from scratch a couple of years ago, so it’s available to every employee in the bank. We’ve trained them on it. And now we’re looking at: how can we just extend that architecture that we’ve built for our own internal use, to then drive that deeper into our code development and our QA, and really make this a win for us, where we’re going to become more efficient, we’re going to become more secure inherently, just by increasing the use of them and incorporating them in our DevSecOps pipelines, as an example. We’re going to include the latest versions that we can in those pipelines, and it’s just going to be how we operate.

Mike: Are there some areas where your teams have surprised you with their approach on AI? Maybe some wins where you weren’t quite certain that AI would have an outsize benefit, and it ended up showing you a lot of potential? Or maybe some examples of where AI’s really helped your cyber program?

Keith: One is in the SOC. Our ability to take in and open up more alerts to come in: as our environment grows, you get more alerts, but then our ability to translate those alerts down to the ones that really matter has significantly changed our SOC. We don’t have folks looking manually at all of the low-level alerts anymore. It’s just fully automated, and we just get the ones that matter.

Secondly, our insider threat program. Same thing: if you think about the amount of data that sits across our environment that every employee is doing all the time, our ability to not only bring that together, but to understand what it is down to the element, wasn’t possible. So, using advanced analytics and AI to help synthesize the data and get to the stuff that really matters, and then using some of the fraud model capabilities that we were doing from a transaction perspective, doing similar types of modeling in our insider threat program, to look at something that says, “okay, well, that does look anomalous, but it does go with their job. Maybe they only do it once a year.” Previously we would alert on it, and you know, investigations into whatever. But now we’re like, nope, we’re good. We’re covered there.

And then obviously fraud. I’ve talked about that a minute ago, where we are significantly uplifting our ability to do transaction verification and identity verification through use of AI.

Mike: I would also imagine you’re, probably like a lot of other organizations, out there with agentic AI, as well. So, it’s not just identities of humans, but it’s also agentic identities. What are you guys doing around that, as far as: how do you manage the risks of identities for non-humans?

Keith: Yeah, it’s interesting. I don’t know if it was good or bad, but a few years ago we had self-identified a risk around noncompliance with non-human accounts. It was just really where we weren’t following our own compliance standards that we’d put in place. Nothing crazy. But what that allowed us to do is to really understand how we were using non-human identities across the bank, and put in automation to help us know what they’re doing, but then also to keep them refreshed on a cycle that we should be looking at passwords and that sort of thing.

So, we had done all of the hard work the past four years to get to this place where now, with AI, I think a lot of peers, I’m just going to make a guess, may not have that same level of understanding of what a non-human identity is and where they are. And we’ve already got that inventory, and we’ve already got the interaction model and the automation built to help us now be able to just pivot a little bit to say, it’s not just around point in time, we are going to have to add that behavior aspect on top of it.

Because I look at AI in two different ways. We’ve got to build AI for security, like what AI capabilities are reacting to make us more secure. But we also have to have security for AI. We’ve got to make sure that these agents, where they may be provisioned and they may have the right access to do something, but should they be doing it? We’ve never thought about those types of things before, because if you think about a script, a script does what a script is supposed to do. And now we’re enabling these agents to potentially go evolve as they’re continuing to operate. So, that’s a whole different landscape of risk that ultimately could create risk if these agents start to go rogue. So, it’s like, how do we create the guardrails?

Mike: Where do you think maybe we need some different innovation on identity governance? Because I fear with agentic, it’s not so much that it’s a form of rogue, but it’s more of, I fear AI wants to be helpful and useful. And so I fear, in its desire to please, it will go and do things it shouldn’t, or find access to things it shouldn’t. Where do you think some innovation needs to happen on the vendor landscape to help solve those types of problems?

Keith: Yeah. It’s one of those things that is concerning to me for sure. But how do we ensure that… I mentioned the word a second ago around guardrails. How can we create guardrails, just like maybe 10, 15 years ago when we went from segmentation to micro-segmentation? We took the logical architecture, and we went from pretty wide lanes to a bunch of smaller lanes within that one.

I think we’ve got to come up with something similar with agentic, because we’ve got to find a way to keep them in their lane, but still give them enough breadth and wiggle room to still grow and learn a little bit, but not to hop over the lanes. I don’t know what you want to call it, but I think it’s kind of micro-segmentation in the AI age. That’s, for me personally, that’s how I look at an area where we don’t have good controls. We have controls, but I wouldn’t say in this new age they’re adequate.

Mike: How do you partner with your business? Because I’m sure your business has similar mandates on leveraging AI, and it’s super easy to do it. How do you stay with them on making sure those guardrails apply for the new ways that they want to innovate within the business?

Keith: Yeah. We’ve done that through our own internal rollout of AI. We don’t allow any direct external use of any AI models, so we’ve brought it all in internally. We’ve got recipes that have been pre-built that we can enable our employees with. For those that are developers, we’ve given them their own environment where they can leverage our internal tool. But again, we are managing the ecosystem of this, what we call CAI (CIBC AI). I know it was novel, but whatever.

We’ve got all eyes around it, so we’ve got a lot of control on what goes into it and then what gets created as a recipe. So, we’ve got good inventories now. If we had given access external, then obviously we would have no idea what was getting built there. But we’ve got good visibility on it internally now.

Mike: Where do you feel the market’s going from a regulatory perspective? Obviously the US is a little slower on federal AI mandates, you’ve got the EU AI Act, Canada is doing its thing, as well. So, what’s your take on where regulations are heading when it comes to AI and generative AI?

Keith: Yeah, I’m a little worried, because I think a lot of regulators are operating from a regulatory viewpoint without really understanding the operational impacts of what they might be putting in place. It’s one of the reasons I’m actually glad that the US is going a little bit slower, because I think it’s allowing us to learn a little bit around: what is this thing? And from a company risk, it’s allowing us to look at it from our own risk viewpoint without having this regulatory compliance viewpoint sitting over here at the same time, which may or may not be in conflict.

So, I think Canada, obviously, and Europe, they’re moving much more aggressively. But I do get a little bit worried that ultimately what may come out of it from a compliance viewpoint may not make sense with our business model. And it may not allow us to fully take advantage of some of the benefits that AI is going to bring us from an efficiency view. Because you see it every day on LinkedIn about, “oh, this company is going to be cutting 10% of their workforce just due to efficiencies gained in AI.” I mean, is that real? I don’t know. Are we seeing efficiencies? For sure. But we’re not just going to lay off 20% of our workforce. We look at it as a way to become more profitable.

Mike: Well, that’s a good point. How do you balance that with your team? Because there is a lot of personal fear from some people on, “I don’t want to embrace AI because it’s going to replace my job.” How do you balance that with your workforce? And maybe a second part to that question: what are you looking at now as you bring on new talent into your workforce? Does that change the profile of the person you’re looking at in this new age of AI?

Keith: One of the things that I’m hopeful is that most banks are on a clip of a continued 5 to 7% growth on an annual basis. I’d like to slow that growth by leveraging AI to make me more efficient, and leveraging the people that I’ve got to go do some of that more meaningful work. Because it’s a way that I can potentially give back to the company’s bottom line by becoming more efficient, rather than just growing 5 to 7% forever. How can I get better at what we do, using tools to make me more efficient, and just go that route?

But the other question, around: how is our recruiting different? I will say, for traditional cyber and traditional fraud roles, even corporate security roles, I don’t know that it’s changing a ton right now. But in areas where we are focusing on model development or data science, obviously, it’s very different skills that are very hard to find. Everybody wants them. But also, we are trying to bring in new talent at a much more aggressive rate. So, folks that have been in college, that are living right now in an age of AI: it’s just how they operate normally. Bringing them in and putting them in places where they can provide benefit back to us.

We’ve actually been doing some challenges on innovation. How can you use AI to innovate what we do? We just did some quick random tests like that, and we threw out, “hey, if you want this, you’re going to get 200 points.” We have this internal system that we use where you get points, and you can turn the points in for stuff. But we got like 300 ideas in two and a half weeks. It was crazy. So, obviously folks are beginning to think differently, and we’re just trying to find ways to pull that out.

Mike: This has been a really good conversation. One of the things that we do on our podcast is we have a little bit of a lightning round at the very end. It’s kind of the short, bite-sized tweet answer for just some rapid-fire questions. They’re all meant to be a little less on the techie side, a little bit more thought leadership type of stuff.

So, now that you’ve been in this role, and you’ve been a CSO multiple times, what advice would you give a security leader stepping into their very first CISO or CSO job? Maybe something they might overestimate or underestimate about the job.

Keith: Yeah, a couple of things. One is: don’t go in thinking you know everything. You have to trust in your team, especially when you get to a CSO that has multiple different and variant types of functions. You’ve got to trust in the team. But at the same time, culture is everything, because the world in which we live between cyber and fraud, it can be sometimes overwhelming for our teams. And creating a positive culture creates positive outcomes. So, I’d say, don’t overestimate what you think you know, but then also don’t underestimate the impact that you can make culturally as a team.

Mike: There’s so much information out there, and technology changes so fast. What’s the best way for security leaders to stay up to date on just new things in AI, new things in technology in general, and their implications from a cyber perspective?

Keith: Yeah, well, I don’t know about you, Mike, but I’ve got a laundry list of daily intel updates I get emailed to me every single day. There are lots of intelligence firms that are out there willing to, if you just go sign up, they’ll email you stuff every single day, everything from super technical all the way up to headlines. And every single morning, I start a little bit earlier, and the first 30 minutes of my day, that’s what I’m reading. I’m reading the summary of what’s been happening in the past 24 hours. And then, of course, I’ve got my normal websites that I like to go to that allow me to read a little bit more depth about some of the articles that I may be seeing coming out, because the daily intel updates are just the headlines, but in some cases I need to go down a little bit deeper.

Mike: We always love to ask this one. It’s more of the personal side of things. What’s a book that you’ve read that’s had a big impact on you, and why? And it doesn’t have to be cyber or even work related.

Keith: I’m going to link it back to something I just said a second ago, but it’s actually right over there on my bookshelf. It’s How to Win Friends and Influence People. You know, it’s an old book, very old book, actually. But it gets back to how you treat people, and the culture that you create in a relationship absolutely creates better outcomes.

One of the things that I did that was an offshoot of that book was, when I joined CIBC, the first thing I did in my first year was I met with every director and above in my entire team. Now, we’ve got a big team; that was like 160 people. But I gave 160 people 30 minutes of my time, one on one. And I didn’t talk about work. I just said, “tell me about yourself. Tell me about your journey. How’d you get here? Tell me about your family.” And really, what that did was, it set the precedent around what I care about. I care about them as a person first, but then it also gave them a connection to me personally.

So, I have found that since then, I get people coming directly to me, shooting me notes, saying, “Hey Keith, I was just thinking about this, wanted to get your thoughts.” Or, “Hey, I just noticed this risk that I wanted to highlight to somebody, and I thought I’d start with you.” That’s powerful.

Mike: All right, so final question on the lightning round. You’ve had a very storied career, a lot of accomplishments. What gives you hope, or what inspires you, for the next generation of CISOs and security leaders that are on deck, that are coming up now?

Keith: What we didn’t have 20, 25 years ago when I started was all of these tools. In many cases, we were figuring it out and working with some companies to go build it because we said, “we’ve got a gap here. Please, someone go build it and we’ll buy it.” So, I think it’s the good and the bad of the current ecosystem: there’s an overwhelming amount of service providers and software companies out there, but I think using something as foundational as NIST as a framework, and then overlaying that framework with an assessment of where you are, and then you can link directly into the market to understand what you can go get. It’s so much easier than it ever was, and so much more organized, which I think helps the CISOs of the future.

But I would also say, it is incumbent upon folks like me and others that are in the retirement range, that as we make that move, we’re not leaving the industry, we’re staying connected to it, to give back, to help mentor, coach, and be a part of other up-and-coming CISOs’ lives.

Mike: Well, that brings us to the end of this episode. Keith, I want to thank you again for joining us today. Just really enjoyed your insight and all of the various topics you talked about. And definitely inspiring to hear you talk about how AI is being leveraged at CIBC, and just your thoughts on cybersecurity in general. So, thanks for joining us.

Keith: Thank you for inviting me. This has been great.

Evan: That was Keith Gordon, Chief Security Officer at CIBC. 

Mike: I'm Mike Britton, the CIO of Abnormal AI.

Evan: And I'm Evan Reiser, founder and CEO of Abnormal AI. Thanks for listening to Enterprise AI Defenders. Please be sure to subscribe, so you never miss an episode. Learn more about how AI is transforming the enterprise from top executives at enterprisesoftware.blog

Mike: This show is produced by Abnormal Studios. See you next time!