Podcast Transcript of Debbie Wheeler, Fifth Third Bank CISO

Education and Certifications
Information Security Technology
Risk Management

Richard Swart: Hi, this is Richard Swart with Information Security Media Group. Today I’ll be speaking with Debbie Wheeler, CISO of Fifth Third Bank. How are you doing this morning, Debbie?

Debbie Wheeler: I’m doing well. Thank you.

Swart: I appreciate you taking time to talk to us today. I’d like talk about some of your experience. I know you have an extensive background in information security, and you’ve also spent quite a bit of time there at Fifth Third Bank working on issues around identity access management. I was wondering if you would tell our listeners, what are the critical success factors for an identity and access management program.

Wheeler: I’d have to start with understanding what roles the organization uses or needs. That’s probably first and foremost. And some of the conversations that Fifth Third has had with some other financial organizations that are attempting to implement identity and access management programs, specifically around provisioning; roles are the number one concern that’s raised over and over again. Fifth Third started about four years ago defining the roles that they were going to use to provision access, and having that structure in place has allowed us to very rapidly deploy over 200 applications to a centralized provisioning product from which we delegate and administer access and entitlement. I think the biggest challenges in trying to obtain or administer an access and identity management program are really selling the value to senior management.