Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      Public money, private plans: MPs demand Post Office transparency

      13 June 2025

      Coal to cash: South Africa gets major boost for energy shift

      13 June 2025

      China is behind in AI chips – but for how much longer?

      13 June 2025

      Singapore soared – why can’t we? Lessons South Africa refuses to learn

      13 June 2025

      10 red flags for Apple investors

      13 June 2025
    • World

      Yahoo tries to make its mail service relevant again

      13 June 2025

      Qualcomm shows off new chip for AI smart glasses

      11 June 2025

      Trump tariffs to dim 2025 smartphone shipments

      4 June 2025

      Shrimp Jesus and the AI ad invasion

      4 June 2025

      Apple slams EU rules as ‘flawed and costly’ in major legal pushback

      2 June 2025
    • In-depth

      Grok promised bias-free chat. Then came the edits

      2 June 2025

      Digital fortress: We go inside JB5, Teraco’s giant new AI-ready data centre

      30 May 2025

      Sam Altman and Jony Ive’s big bet to out-Apple Apple

      22 May 2025

      South Africa unveils big state digital reform programme

      12 May 2025

      Is this the end of Google Search as we know it?

      12 May 2025
    • TCS

      TechCentral Nexus S0E1: Starlink, BEE and a new leader at Vodacom

      8 June 2025

      TCS+ | The future of mobile money, with MTN’s Kagiso Mothibi

      6 June 2025

      TCS+ | AI is more than hype: Workday execs unpack real human impact

      4 June 2025

      TCS | Sentiv, and the story behind the buyout of Altron Nexus

      3 June 2025

      TCS | Signal restored: Unpacking the Blue Label and Cell C turnaround

      28 May 2025
    • Opinion

      Beyond the box: why IT distribution depends on real partnerships

      2 June 2025

      South Africa’s next crisis? Being offline in an AI-driven world

      2 June 2025

      Digital giants boost South African news media – and get blamed for it

      29 May 2025

      Solar panic? The truth about SSEG, fines and municipal rules

      14 April 2025

      Data protection must be crypto industry’s top priority

      9 April 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » In-depth » Absa CSO Sandro Bucchianeri on running cybersecurity for a major bank

    Absa CSO Sandro Bucchianeri on running cybersecurity for a major bank

    By Duncan McLeod9 January 2020
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp
    Absa chief security officer Sandro Bucchianeri

    The skills crisis in the cybersecurity field in South Africa is so severe that the major banks have reached a “gentleman’s agreement” not to poach each other’s staff for fear of exacerbating the situation.

    In an interview with TechCentral, Absa chief security officer Sandro Bucchianeri said that although the bank has been able to secure the skills it needs, it’s been with “great difficulty”.

    “I have a gentleman’s agreement with the other banks that we will never poach their people and they won’t do the same. We can’t stop people from applying for roles, but we won’t actively go and poach them, because that just compounds the problem,” Bucchianeri said.

    An edited transcript of TechCentral’s wide-ranging interview with Bucchianeri follows.

    TechCentral: What’s your career background?

    Bucchianeri: I’m a kid from the Cape Flats, but spent the best part of 14 years abroad. I worked for the likes of VeriSign, which bought Mark Shuttleworth’s Thawte Consulting business in the early 2000s. I worked for VeriSign for about 11 years, living in the US, then moving to London, then to Abu Dhabi before ultimately coming home in August 2017 to join Absa. In total, I’ve spent about 22 years in cybersecurity.

    TechCentral: Absa is currently going through a separation from former parent Barclays. How does that affect your portfolio?

    Bucchianeri: The separation programme is a three-year journey. It will be done in June 2020. I was originally brought in to look after technology security as chief technology security officer. When the previous incumbent left, I was given the role to take over the security function. In essence, we are setting everything up from scratch. In the past, Barclays looked after everything security related. They would send through policies and solutions and the team here would implement them. We have now flipped it, where we have had to set up a security function from scratch, which we have now done.

    TechCentral: What does your day-to-day job entail?

    Bucchianeri: Meetings, and lots of them. Most of it is about driving the strategy forward and maturing the function we provide to the organisation.

    TechCentral: There have been significant distributed denial-of-service attacks against local banks and Internet service providers in recent months. How has Absa been affected?

    Bucchianeri: We have been attacked, just like the other banks. Fortunately, the solutions we have in place have successfully mitigated those attacks. While we may have been attacked – and we are attacked on a daily basis, just like any other organisation that’s connected to the Internet – the solutions and teams we have in place have ensured there is minimal to zero impact on our customer base.

    TechCentral: Has there been a dramatic acceleration of these attacks in recent months?

    Bucchianeri: Yes, but it’s a global thing, not just South Africa. You also hear a lot more about breaches around the world, not because there are more breaches necessarily, but because people are talking about them more. People are sharing a whole lot more. From a security perspective, we don’t talk about competitive advantage anymore, we talk about collaboration, because if something is happening to me, I can help the blue bank or the green bank mitigate an attack and vice versa. We try to share things – not sensitive information, but indicators of compromise that we can utilise to better defend ourselves as the financial ecosystem collectively.

    TechCentral: What are the most common attack vectors?

    Bucchianeri: Denial of service is one; phishing is a massive one. We are seeing a huge increase globally in insider threats, too, with syndicates paying insiders to install malicious software in the internal environment.

    TechCentral: How do you tackle that?

    Bucchianeri: We have an “insider trust programme”, which looks at different risk indicators and uses that data to better defend the organisation – understanding what’s happening in a given area, using multiple data sources to feed into our defence controls.

    TechCentral: The financial services sector is heavily regulated. How do regulators deal with cybersecurity?

    Bucchianeri: The regulators ask how we protect ourselves – our customer data and our systems. We have to give them assurances and the comfort that we are protected. From 2020, you will see regulators demanding a whole lot more.

    TechCentral: What are the rules around disclosure after an incident?

    Bucchianeri: We subscribe to the guidance notes from the South African Reserve Bank. If there is an incident, we have to inform the regulator and we take the approach of being open, honest and transparent, whether it’s with the regulator or the customer base, because it’s much easier to manage the message that way. These things do happen – breaches and attacks do happen. It’s how you manage it that will determine your success or failure and help you manage your reputation.

    TechCentral: If there was a significant successful attack on the bank, what would your steps be to deal with it? Who would you inform first?

    Bucchianeri: We run the scenarios in our incident response plans. Also, when we do our crisis management planning with our board and with our exco, we run through these scenarios. Depending on the severity of the data that was lost or compromised, we have certain playbooks we would invoke. The playbook would then inform us exactly who we call in, who we don’t call in, who we inform, all those kinds of things. The relationship we have with marketing and communications (the PR team) is vitally important. We have engagement with our exco and with the CEO specifically so he understands his role in the incident.

    My direct line into the exco and the board is very clear. The support I receive from both those two entities is phenomenal. We have quarterly updates with the board so they understand the cyber-risk and the physical and resilience risks. It’s better to be prepared. We can’t cover for everything, but we cover for the bulk of what our risk position is.

    Understanding what your risk appetite is, is important. There isn’t a bottomless pit of cash for security, so you have to manage the risk versus the benefit.

    TechCentral: How has your spending on cybersecurity changed over the years?

    Bucchianeri: Because it’s a new function, it’s been on the high side. But the typical average globally is 6-12% of the IT budget, but we are always looking to reduce that number. If the cost of protecting an asset is more than the asset is worth, it makes no sense. Understanding your risk tolerance is very important when you talk budgets.

    TechCentral: What advice would you give to the boards and CEOs of other companies that must have conversations with people like you in their organisations? What questions should they be asking?

    Bucchianeri: Typical things include, where does security sit in your organisation? How important is security? Who gets fired when something goes wrong? Where does the accountability lie? You still see security people reporting in through the CIO. That’s a massive conflict. I don’t report in through the CIO, who is my peer. If I did report into him, and I raised issues around vulnerability management, he could veto my concerns because it serves his interest and the agenda he’s shaping. That’s why security needs to be on its own. Everything needs to feed into risk in the sense that you need to raise those issues on your risk registers. Ninety percent of the time, the CSO or CISO (chief information security officer) reports into the CIO. That is slowly changing but depends on the risk profile of the organisation. It’s not an IT problem, it’s a business problem.

    TechCentral: Given the pronounced skills shortage in cybersecurity, can you find the skills you need?

    Bucchianeri: With great difficulty. I have a gentleman’s agreement with the other banks that we will never poach their people and they won’t do the same. We can’t stop people from applying for roles, but we won’t actively go and poach them, because that just compounds the problem.

    We have set up a Cybersecurity Academy with the Maharishi Institute in Johannesburg. We bring marginalised youth through the institute, giving them a hot skill and financial empowerment so they can earn a living. We started this programme in March 2019 with a group of 24 kids. At the end of their certification, they become qualified cybersecurity analysts. They are either hired by us, or one of the many companies that need these skills. We want to set an academy up on the Cape Flats and, ultimately, we want to train 300 people a year.

    We have also partnered with the Hein Wagner Academy for the blind in Worcester where we will train marginalised blind kids in cybersecurity.  — © 2020 NewsCentral Media



    Absa Barclays Sandro Bucchianeri top
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleAlphabet poised to join trillion-dollar club
    Next Article Telkom crashes through R30/share as sell-off continues

    Related Posts

    Absa chairman Sello Moloko to step down

    7 May 2025

    Economic growth could triple this year: Absa

    26 March 2025

    Kenny Fihla is new Absa CEO

    17 March 2025
    Company News

    Huawei Watch Fit 4 Series: smarter sensors, sharper design, stronger performance

    13 June 2025

    Change Logic and BankservAfrica set new benchmark with PayShap roll-out

    13 June 2025

    SAPHILA 2025 – transcending with purpose, connection and AI-powered vision

    13 June 2025
    Opinion

    Beyond the box: why IT distribution depends on real partnerships

    2 June 2025

    South Africa’s next crisis? Being offline in an AI-driven world

    2 June 2025

    Digital giants boost South African news media – and get blamed for it

    29 May 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.