author photo
By SecureWorld News Team
Tue | Jul 9, 2019 | 8:30 AM PDT

If there's one thing I learned working directly with CISOs in a previous role, it is this: large banks typically have very mature cybersecurity programs that are loaded with talent and are very well-funded.

But how well-funded came as a surprise to many in InfoSec when they saw some jaw-dropping numbers on the cybersecurity spend at JPMorgan Chase.

The company's CEO revealed the amount in a note to shareholders this year:

"I have written in previous letters about the enormous effort and resources we dedicate to protect ourselves and our clients—we spend nearly $600 million a year on these efforts and have more than 3,000 employees deployed to this mission in some way. Indirectly, we also spend a lot of time and effort trying to protect our company in different ways as part of the ordinary course of running the business."

Cybersecurity: the biggest threat to the U.S. financial system?

Cybersecurity clearly is serious business at JPMorgan Chase. 

And CEO Jamie Dimon also wrote that cybersecurity may very well be the biggest threat to the U.S. financial system.

Because, he says, cyber risk extends well beyond JPMorgan Chase's security spend. 

"... the financial system is interconnected, and adversaries are smart and relentless—so we must continue to be vigilant. The good news is that the industry (plus many other industries), along with the full power of the federal government, is increasingly being mobilized to combat this threat."

[RELATED: The U.S. Bank BISO: 'This Is My Role']

JP Morgan Chase hires former U.S. Bank CISO

JPMorgan Chase recently hired Chief Information Security Officer Jason Witty from U.S. Bank.

We interviewed Witty (a SecureWorld Advisory Council member) on where CISOs should focus. witty-youtube

Watch his two-minute interview as he unpacks the following priorities:

  1. Communication: Learn to speak Klingon to your team and English to everyone else.
  2. Team: Build a great team with continuous training and workforce development.
  3. Detection & Response: Plan to fail, he says, by focusing on detective controls and having a comprehensive response plan practiced and ready.

Looking for a new role in cybersecurity?

This may not be a surprise given what is written here: JPMorgan Chase is hiring.

The company has dozens of cybersecurity openings right now.

[RELATED: This CISO Believes in Test-Driven Security]