Ian Rathie
Managing Director, Chief Information Security Officer
Fitch Group
Ian Rathie is the Managing Director, Chief Information Security Officer at Fitch Group, and a Governing Body Member of the New York CISO community.
Learn more about the New York CISO community here.
Give us a brief overview of the path that led to your current role.
In 1999, I was working in Canada for a government project, developing APIs for a secure network, connecting doctors, pharmacies, hospitals, etc. to the provincial health system. I was bored with the role, and wanted to get some broader experience, so I started submitting resumes in the US.
After a lot of calls, I ended up getting an offer at First USA, which was the 2nd largest credit card company in the US at the time. The job was to work with developers to help them build more secure code. I ended up building out an entire application security program, first for First USA and then for Bank One. When Bank One was acquired, that program ended up being adopted at JPMC.
From there, I went to Goldman Sachs to help build their application security program, and eventually moved out to the business as a control officer. When the financial crisis happened, Goldman Sachs created a new US bank, and I was asked to be the CISO. From there I built out the Goldman Sachs Bank program, and then moved to a larger business unit to build out a program there. I left in 2019 and did some traveling, and then was recruited for the job at Fitch.
What is one of your guiding leadership principles?
I give the people that work for me a lot of autonomy to make decisions and get the job done the way that works best for them. I coach them and help them to be successful. This means that, occasionally, I am helping them to avoid mistakes or even recover from mistakes. I try to be there for the folks that work for me, providing encouragement and assistance when needed.
With disruption being a key theme of recent years, where do you see the CISO role going in the next 1-2 years?
These roles need to be closer to and more involved with business strategies and business decisions. Business leaders make risk decisions all the time in other realms, such as credit risk, market risk, project risk, etc. There is still a mentality that cyber risks are a technology problem that can be fixed by simply spending enough money.
Increasingly, cyber risk needs to be presented to and consumed by business leaders. Future cyber leaders will need to be more business-focused and have the ability to communicate clearly and persuasively in business terms. Future cyber leaders will need to operate at a higher level, where they are peers with technology leaders such as CIOs and CTOs.
What advice would you give to someone just starting out as a CISO?
- Learn as much as possible about the businesses that you work with. There is great value in understanding how the company or organization you work for operates as a business and how it makes money. This gives you the ability to participate more fully in conversations with the business, and can really make you stand out as a technologist who understands the business.
- Listen more than you talk. This does not mean to not speak up and bring your expertise to the table. It means taking the time to actively listen and really understand what people are telling you. For many of us, this is a learned skill. It is often tempting to think about what you’re going to say instead of listening fully to others. Master the art of listening.
- Pick your battles. Sometimes people are not going to listen to your advice and recommendations. If those people are senior business leaders, they have the right to make risk decisions. It is okay to make sure they understand the implications of their decisions and that those decisions are properly documented, but it is usually not very productive to fight a decision that has already been made. At times this can be very difficult, especially if you know there are likely to be problems. Sometimes things need to fail before they change… and sometimes, you’re not right.
Tell us 3 fun facts about yourself.
- I got married in Vegas by Elvis during the pandemic. The date was an arithmetic progression, 7/14/21.
- I have been learning to cook for the past 5 years, and I am starting to get pretty good at it. I’m proud of my ability to quickly scan our fridge and throw together a tasty meal.
- I am a cat dad. Somewhat against my will, but I do all of the feeding and have grown quite attached to the furry little narcissists.
What is the value of joining an Evanta community?
It’s being part of a community of folks with the same problems and issues. Being able to reach out easily to peers at other organizations for advice, networking, and, to some extent… therapy. It can be very enlightening (and empowering) to talk to others in the same field and realize they are struggling with the same things you are.
Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.