Rohbair Jean sheds light on the unique challenges of securing a mortgage company operating across all 50 states, each with different regulatory requirements. He discusses how compliance often trails behind real-world threats, urging leaders not to treat frameworks like NIST or GLBA as finish lines but as baselines. His advice? Use compliance as a springboard and then build resilience through layered defense and cultural awareness.
The conversation shifts to vendor management, where Rohbair outlines a thorough, cross-departmental approach. He details how American Financing uses external platforms to track third-party risks, conducts mid-year reviews, and leverages SOC 2 Type 2 certifications to vet vendors. He reminds listeners that breaches tied to vendors, as seen with Target and Home Depot, will always put the brand itself on the hook.
On vulnerability management and tooling, Rohbair makes a compelling case for using MSSPs and MDRs to keep pace with threats without breaking the budget. He names Arctic Wolf, Rapid7, and SentinelOne as providers that offer strong value, particularly for organizations that can't afford to staff a 24/7 SOC.
Finally, the discussion turns to AI—both its promise and its peril. Rohbair notes that AI has improved anomaly detection and employee training, but it has also dramatically expanded the attack surface. With deepfakes and voice spoofing now entering the scene, he predicts identity and access management will become the new frontline of defense. Yet despite the risks, Rohbair remains an optimist: "Our best days are still ahead of us."