Banking is one of the most targeted and most regulated sectors in cybersecurity. The leaders in this feature are protecting consumer deposits, credit card platforms, wealth management systems, and the correspondent banking infrastructure that moves money across borders. Their programs operate under FFIEC guidelines, OCC examination cycles, and the constant scrutiny of regulators who treat cybersecurity as a safety and soundness issue rather than a compliance checkbox. Their backgrounds reflect the full range of how security leaders arrive at the banking CISO seat, from network engineering and business continuity to national security research and consulting, and what they share is accountability to institutions where a security failure is never just a technology problem.
Drew Osborne — CISO, Credit One Bank
Drew Osborne pioneered Credit One Bank’s inaugural CISO role in January 2021, building an independent cyber risk function from the ground up inside a bank that serves millions of credit card customers. His program encompasses a modern risk-based cybersecurity approach, IT risk management under FFIEC and OCC guidelines, threat intelligence, continuous testing of security controls, websites, and mobile applications, and earned positive recognition from regulators across examination cycles. Before Credit One, he spent two and a half years as a principal security consultant through his own practice, advising financial services firms, technology startups, and federal clients on cybersecurity modernization, cloud security strategy, and MITRE ATT&CK framework implementation. His deepest institutional tenure is nearly six years as SVP and CISO at Bank of the West, where he managed an $18 million OpEx and $6.5 million CapEx budget, launched a security architecture group that saved more than $6 million in project and licensing costs, automated third-party risk management saving $1.45 million annually, integrated a SOC and forensics capability into a unified fusion center, and improved security project success rates from 60 percent to 98 percent. Before Bank of the West, he spent nearly four years as CISO and managing director at TD Ameritrade, overseeing information security and fraud prevention for an internet platform serving more than 11 million retail customers, reducing fraud losses by $1.8 million annually and cutting operating expenses by $1.75 million through insourcing and vendor renegotiation. His career also includes CSO roles at MarketLive and Boardvantage, where he built PCI-DSS compliance programs and designed secure network infrastructure for Fortune 500 clients.
Donna Hart — CISO, SMBC Group
Donna Hart joined SMBC Group as CISO in February 2026, bringing a career built almost entirely inside large financial institutions. She spent more than five years as CISO at Ally Financial in Charlotte, leading security for a digital-first bank serving millions of auto finance, mortgage, and banking customers. Before Ally, she spent more than fifteen years at Wells Fargo across desktop engineer, manager of logical network services, manager of network engineering and performance engineering, manager of network integration during the Wells Fargo and Wachovia merger, director of production management technologies, global director of network security engineering and operations leading more than 250 employees, and global director of security infrastructure engineering reporting directly to the CISO. That progression from desktop engineer through successive network and security leadership roles spanning nearly sixteen years at one of the largest banks in the country reflects a career built through operational depth at every layer of the technology and security stack before stepping into the CISO seat. She now leads security for SMBC Group’s US operations, part of one of Japan’s largest banking groups.
Rich Friedberg — CISO, Envestnet
Rich Friedberg joined Envestnet as CISO in February 2026, bringing a career built across national security research, financial services security, and SaaS platform security. Before Envestnet, he spent more than four years as CISO at Live Oak Bank, a digitally native small business lender, where he served on the American Bankers Association’s Cybersecurity and Operational Resilience Advisory Committee and on the Institute for Security and Technology’s Ransomware Task Force. Before Live Oak Bank, he spent three years as VP and CISO for the card division at Capital One and more than three years as VP and CISO at Blackbaud. His foundational career includes nearly eight years as information security manager at Fannie Mae and six years at Carnegie Mellon’s CERT Coordination Center as deputy director of cyber threat and vulnerability analysis and technical manager of network situational awareness. He serves as adjunct faculty in Carnegie Mellon’s executive education CISO certificate program, having helped train more than 1,000 CISOs and senior security leaders, and invests in emerging cybersecurity and fintech companies through SVCI and as an angel investor.
Nina Wyatt — CISO, Sunflower Bank
Nina Wyatt returned to Sunflower Bank as CISO in November 2025, having previously served as SVP and CISO and VP of IT risk at the same institution from 2017 through 2020. Between her two tenures at Sunflower Bank, she spent nearly five years at AHEAD across senior technical consultant, principal consultant lead, and director of security and compliance practice roles, and five months as director of business continuity management at Rock Central. Before her first stint at Sunflower Bank, she spent more than four years as business continuity program lead at Quicken Loans and a year and a half as AVP of business continuity at Chemical Bank, and began her career spending seven years as a security representative at General Dynamics Land Systems. That background in business continuity, physical security, IT risk, and GRC built across defense, mortgage, and banking environments reflects a security leader whose breadth of governance experience shapes how she approaches the integrated risk mandate of a community bank CISO.
Justin Titus — CISO, Yukon National Bank
Justin Titus stepped into the CISO role at Yukon National Bank in April 2025, bringing thirty years of IT experience built progressively toward security leadership. His career spans network operations at QuikTrip, messaging architecture at ConocoPhillips, directory services and infrastructure engineering at Devon Energy, datacenter operations at the American Cancer Society, cybersecurity analysis at Oklahoma Blood Institute, and a cyber analyst role at COLSA before joining Yukon National Bank. That progression from network operations and infrastructure engineering through cybersecurity analysis reflects a practitioner who developed deep technical foundations across energy, healthcare, and nonprofit environments before stepping into banking security leadership. His core strengths in Active Directory, Microsoft infrastructure, Cisco networking, and security as it relates to directory services and layer 3 architecture give him a grounded operational understanding of the systems he now leads from a security perspective at a community bank.
Banking Security Is Personal
Every leader in this feature is ultimately protecting people’s money and the trust those people place in the institutions that hold it. That is not abstract accountability. It is the reason banking regulators treat cybersecurity as a safety and soundness issue, the reason OCC examiners ask hard questions, and the reason FFIEC guidelines exist. The leaders in this feature build their programs with that accountability at the center, because in banking, the consequence of a security failure is measured not just in breach costs but in the erosion of something that financial institutions spend decades building: the trust of the people they serve.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.