Cybersecurity and Economic Stability: An interview with former NYDFS Superintendent, Maria Vullo

Marc Schein spends this episode of CHATTINN CYBER introducing podcast listeners to the former Superintendent of New York State Department of Financial Services, Maria Vullo.  From 2016-2019, Ms. Vullo spent her years in service working to implement DFS cybersecurity regulations in an effort to prevent economic turmoil that could result from a data incident within financial services. Maria Vullos’ drive to enact NY state-wide cybersecurity regulation was, in part, realized from the devastating effects of the 2008 financial crisis. At a time where our nation’s economy experienced the biggest downturn since the Great Depression, both the private and public sectors felt the crushing effects of recession.   

Ms. Vullo’s career first began after graduating from NYU’s School of Law. Obtaining a federal clerkship with Paul, Weiss, Rifkind, Wharton & Garrison LLP in 1988, Ms. Vullo was promptly asked to return as a litigation partner where she continued to work in the private sector for 27 years. While invested in cases concerning civil, criminal, and regulatory matters (many of which involved financial services), Ms. Vullo also devoted herself to women’s and human rights through pro bono litigations and leadership roles in NPOs. 

But the pinnacle of Maria’s professional career so far is found in the 23 NYCRR 500 regulation, also known as part 500. In March of 2017, the state of New York enacted a series of policies specific to all DFS-regulated institutions, including state-chartered banks, certain money transmitters, and all insurance companies and agents licensed to do business in NY.  Part 500 requires entities to meet standards for cybersecurity protection in areas such as policy, programs risk assessment, and incident response. 

“I did it because my job as Superintendent was the protection of the safety and soundness and the fiscal health of the institutions that I was responsible for overseeing. Cybersecurity is such a risk that I thought it was important to set out certain minimum standards that they all have to comply with.” 

Since many New York insurance companies and banks operate throughout the nation as well, the country has seen a spread of cybersecurity regulations across states, making strides towards a national model. 

“We went through a very elaborate process and had a lot of professionals looking at what was the best regulation to do and I think we accomplished that, and I also think it’s important for these principles to be more widely dispersed both for the protection of the industry and also to provide a consistent framework for companies to have to follow.” 

Retired from the DFS and now consulting at her own firm, Maria Vullo sees that there is a lot of work still to be done within the country. She believes that a lot of good can come out of both the private and public sector as long as people and their welfare are always the compass that drives endeavors. To learn more about Ms. Vullo’s impact throughout the decades and how she believes the field of cybersecurity still needs to advance, listen in to this episode of CHATTIN CYBER with Marc Schein.



Cyber Security: An Invisible War Fought From the Home Front

In this episode, Marc Schein interviews former Congressman Patrick Murphy. Beginning as a Division 1 athlete turned West Point faculty member, the Pennsylvania native eventually entered into a multi-tour deployment after 9/11 and then returned to the U.S. to serve in Congress. Accomplishing much more than the average American within just a few short decades, Murphy has experienced and witnessed some of the major formational moments that have rocked our country both for better and for worse.

Following in the footsteps of many war veterans like Sam Walton of Walmart, Ralph Roberts of Comcast, Phil Knight and Bill Bowerman of Nike, and Frederick Smith of FedEX, Patrick Murphy’s commitment to bolstering the success and advancement of our country did not end upon leaving the field or the office. Years later, this “soldier for life” finds himself once again serving the American people, this time in the form of cyber security.

Murphy explains, “In warfare, we [say that] the first four domains are air, sea, space, and land. The fifth domain is cyber. That fifth domain isn’t just in the battlefield. It’s here.” Schein and Murphy discuss how U.S. cyber safety is not a hypothetical, distant threat but an active, invisible war that exists both nationally and internationally. Financial institutions, energy grids, the telecom industry, and personal data are all at risk for a breach at any moment. “That war,” begins Murphy, “is being fought on your iphone and on your desktop at home…and at your workplace.”

Serving as a member of the Cyberspace Solarium Commission, Murphy meets weekly with other public and private sector leaders who, in part, are in charge of creating recommendation reports that detail a national approach toward cyber threats. Believing that these threats will only increase as we move into this new decade, Murphy advocates that we all need to participate in the cyber battle. Both public and private sectors should adhere to the recommendations released this March and learn to practice “proper cyber hygiene.” Listen in to this episode to gain an understanding of basic cyber issues and what you can do to be a part of the solution.