A conversation with our Chief Information Security Officer
copy gray iconlinkedin graytwitter grey

A conversation with our Chief Information Security Officer

December 19, 2022

The third of Clarke's three laws says “Any sufficiently advanced technology is indistinguishable from magic”. Security is one of those advanced technologies. When it works, it works, and to the beneficiary, it could feel a bit like magic. The invisibility of security obfuscates the sophistication and rigor that go on behind the scenes to make everything secure. 

In this conversation, Jeff Hudesman, Pinwheel’s Chief Information Security Officer, goes behind the scenes of Pinwheel’s security posture, painting a very visible picture of how we prioritize security. 

Q: Jeff, please walk us through your background and how you first got involved in information security?

A: Well, I’ve been in security for about 15 years now. I’ve always been the kind of person that needs to be constantly learning new things and security is an area where new things are developing all the time. There are new technologies, new vulnerabilities and new exploits. All new technologies and products have their own security risks and characteristics that make them unique. These characteristics first attracted me to information security and I’ve never left. Over the last 15 years I’ve held global leadership positions at companies such as DailyPay, Sony and PR Newswire. I also advise several startups and nonprofits. 

Q: So you’ve been Pinwheel’s CISO for about a year and a half now. What are the benefits of Pinwheel hiring a CISO so early on?

A: At Pinwheel, we decided that hiring a CISO very early on would be in our and our customer’s best interest. There are many benefits to having a CISO, especially at a fintech company that wants to build long-lasting solutions that truly benefit customers. We wanted to ensure security and compliance are a top consideration every step of the way. A few of the most significant benefits include improved security, risk management, reputation as well as enhanced compliance and better decision making. 

Q: Can you elaborate a bit on the benefits and how it relates to Pinwheel and its customers?

A: Absolutely. 

  • Improved security: A CISO is responsible for implementing and overseeing the organization's security strategy, which can help to improve the overall security posture of the organization.
  • Enhanced compliance: A CISO can help an organization to meet regulatory requirements and standards, such as PCI DSS, by implementing appropriate security controls.
  • Improved risk management: A CISO can help an organization to identify, assess, and manage risks to its technology systems and data, which can help to prevent costly security incidents and data breaches.
  • Better decision making: A CISO can provide valuable insights and guidance to the organization's leadership team, helping them to make informed decisions about technology and security.
  • Improved reputation: Having a CISO can demonstrate to customers, partners, and other stakeholders that the organization takes security seriously and is committed to protecting its technology systems and data. This can help to improve the organization's reputation and build trust with its stakeholders.

Q: I know a big focus of Pinwheel is to always ensure our customers' data is protected. How do we do this?

Protecting customer data is important for several reasons. First, it is important to protect customer data because it is sensitive and personal. This information can be used to identify individuals and can be misused if it falls into the wrong hands. Second, protecting customer data is important because it is the law. There are strict laws in place that require companies to protect the personal information of their customers. Finally, protecting customer data is important for a company's reputation. If a company fails to protect its customers' data, it can damage its reputation and customers may lose trust in the company. There are several measures that we take to protect our customer’s data. Some of these include:

  • 100% on-shore development: We reduce risk exposure by keeping sensitive user data only in the United States.
  • Build using the latest cloud technologies: We use modern cloud technologies to host the Pinwheel API. By using cloud infrastructure, we’re able to leverage advanced security mechanisms to better protect data.
  • Enforcing multi-factor authentication: This requires users to provide multiple forms of authentication to access their accounts.
  • Securing the supply chain: We automatically analyze all open-source packages and their dependencies for supply chain risk. This enables our team to act and defend our software supply chain from malicious actors.
  • Encrypting data: We help keep your data safe and private with bank-level encryption protocols like the Advanced Encryption Standard (AES 256) and Transport Layer Security (TLS).
  • 24/7 monitoring: Our systems are monitored 24/7 to respond to and resolve any potential issues.
  • Independent security testing: Pinwheel’s API and security controls are regularly audited by industry-leading security testers.
  • Providing security training: Providing regular security training to employees helps raise awareness of security best practices and reduces the likelihood of security incidents.
  • Conducting regular security assessments: Regular security assessments help an organization to identify and address potential security vulnerabilities.
  • Check out our Information Security Overview here for more information on how Pinwheel addresses information security.

Q: What does the future hold for security and privacy? 

A: There are several emerging trends that are likely to shape the field in the coming years. The first trend I’m seeing is increased use of artificial intelligence and machine learning. As these technologies become more advanced, they are likely to be used more widely to help detect and prevent security threats. The next is an even greater emphasis on privacy. As concerns about the collection and use of personal data continue to grow, there is likely to be an increased focus on privacy and the protection of personal information. More stringent regulations is another. Governments around the world are likely to continue to implement new regulations to protect the security and privacy of individuals and organizations. Supply chain risk will continue to soar. The continued surge in risk to the supply chain will force CISOs to reevaluate their vetting of partners and update risk management practices. Lastly, human error continues to be a top-tier threat. Social engineering and phishing continue to be top threat vectors for malicious actors. Accidental data leaks and misconfigurations will only grow as cloud complexity increases.

Q: Pinwheel has earned a number of certifications including its status as a CRA and the highest marks on the latest Security Scorecard. We’ve also earned SOC 2 Type 2 and ISO 27001 certifications.  Why are these certifications so important?

First off, being a CRA allows Pinwheel to provide consumer-permissioned income and employment data to our clients while ensuring that consumers have protections available under the Fair Credit Reporting Act. We wanted to be a CRA because our clients are regulated lenders, and want to respect the laws of lending. We were the first provider in the industry to earn CRA status and have always acted in the best interest of our customers. 

As for the next certifications, SOC 2 and ISO 27001 are both industry-recognized standards that provide organizations with a framework for implementing effective controls to protect their technology systems and data. SOC 2 certification is specifically focused on security, availability, processing integrity, confidentiality, and privacy, while ISO 27001 certification focuses on information security management. 

Obtaining SOC 2 and ISO 27001 certification can be beneficial for organizations in several ways. These certifications can help to demonstrate to customers, partners, and other stakeholders that the organization takes security seriously and has implemented appropriate controls to protect its systems and data. This can help to build trust and improve the organization's reputation.

Additionally, SOC 2 and ISO 27001 certification can help organizations to comply with industry regulations and standards, such as PCI DSS, which require organizations to implement certain security controls. This can help to avoid costly fines and penalties. 

Overall, obtaining SOC 2 and ISO 27001 certification can provide organizations with a number of benefits, including improved security, enhanced compliance, and improved reputation.

Get in touch with us to learn more about how Pinwheel is committed to information security and helps banks become their customers' primary financial institution.

Always stay up to date

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
View our Privacy Policy   ➔

Up next

Citizens & Pinwheel Talk Primacy

Citizens & Pinwheel Talk Primacy

A conversation with Chris Powell, EVP & Head of Deposits, Citizens Bank and Kurtis Lin, Co-Founder & CEO, Pinwheel. Last month, Pinwheel hosted a webinar with the Consumer Bankers Association to explore our latest research on The Power of Primacy conducted in partnership with The Digital Banking Report. In a discussion moderated by Pinwheel CMO, Crystal Gopman, Chris Powell, EVP and Head of Deposits at Citizens Bank and Pinwheel CEO, Kurtis Lin, delved deep into the challenges banks are facing today as they compete for share of wealth with the modern consumer. 

Read more  ➔
Be the Amazon of banks  

Be the Amazon of banks  

The next time you’re browsing on your phone, add this idea to your cart: Does your bank need to engage customers less like an overworked teller and more like Amazon?In a climate of exploding technology and regulatory scrutiny, the BAI Banking Outlook: 2024 Trends survey identified the customer digital experience as a top priority for this year, citing technology integration and intuitive platforms as the pathways to engagement that’s personal, frictionless – and even somewhat fun. But as you know, fraud mitigation and other protocols can introduce drag and result in user drop-off. “Somewhat unfairly, customers measure their bank’s digital delivery of services against the practices of world-class online retailers,” the survey concludes. 

Read more  ➔
Enhancing digital trust: Inside Pinwheel's commitment to security

Enhancing digital trust: Inside Pinwheel's commitment to security

Ensuring Digital Security in the rapidly evolving digital world, the importance of security cannot be overstated. As the Chief Information Security Officer at Pinwheel, I'm at the forefront of our battle against digital threats. Our mission is clear: to safeguard our clients' data with the most robust security measures available. This dedication is embodied in our two flagship products: Pinwheel Core and Pinwheel Prime.

Read more  ➔
Who’s making money moves in 2024?

Who’s making money moves in 2024?

Are your new customer acquisition goals higher than ever in 2024? Yes? Then, you’re on trend. Late last year, the BAI surveyed 102 financial services organizations to gain insights for the coming year. The findings of the study, the BAI 2024 Banking Outlook, placed customer acquisition in the top two priorities—just behind deposit growth—for bankers. Coming in third? You can probably guess. Enhanced digital banking experiences. And we’re here for it. 

Read more  ➔
New study confirms direct deposit unlocks primacy

New study confirms direct deposit unlocks primacy

The report highlights a significant disconnect between banks' customer acquisition strategies and consumer behavior. While banks continue to invest heavily in account opening incentives, such as cash bonuses and promotional offers, these efforts often fall short of their intended goal. To the dismay of banks, although they spend high acquisition costs to attract new customers, many of these accounts remain dormant.

Read more  ➔
Consumer bank switching behavior demystified

Consumer bank switching behavior demystified

My january piece on the offer wars got me thinking: what actually motivates consumers to switch banks? Are rich account opening incentives turning heads, or is our industry missing the mark? To answer this question, we partnered with Savanta research to understand the inner dialogue of a consumer contemplating a new banking relationship.

Read more  ➔
The metrics you care about the most are now available in real-time

The metrics you care about the most are now available in real-time

Pinwheel was founded to unlock powerful income data for financial institutions, so that they can better serve their users with more personalized products, driving long term relationships that are proven to deliver better financial outcomes. Introducing the Dashboard Activity Page for Real-Time Engagement Insights.

Read more  ➔
New Jack Henry partnership makes it easier for community banks to take advantage of Pinwheel

New Jack Henry partnership makes it easier for community banks to take advantage of Pinwheel

We are thrilled to announce Pinwheel's new strategic partnership with Jack Henry, a leading financial technology company, which gives their customers a fast path to implementation for the industry's top performing Direct Deposit Switching solution. This collaboration is set to revolutionize the digital direct deposit setup experience for accountholders at community and regional financial institutions.

Read more  ➔
Pinwheel's CMO discusses bank competition for primacy in 2024

Pinwheel's CMO discusses bank competition for primacy in 2024

Banks rival top brands like Coke and P&G as the highest spending advertisers in the world. And bank marketing teams - channeling their best Cardi B energy - literally make money move with hundreds of millions of dollars at their disposal to hit annual growth goals. While the accounts keep rolling in, there’s a frantic scramble as institutions fumble in their attempts to convert active customers and meaningful engagement through aggressive, unsustainable offers. 

Read more  ➔
Hear from Pinwheel’s Chief revenue officer on growing profitably in 2024

Hear from Pinwheel’s Chief revenue officer on growing profitably in 2024

As the Chief Revenue Officer at Pinwheel, I speak to executives from the world’s top banks every day and I see first hand how rapidly the financial services industry is changing. With approximately 94% of the U.S. population holding bank accounts and a staggering 13 million new accounts opened in 2022, the competitive quest for primacy, or being the primary account for a customer, is more intense than ever. That’s why digital advertising spend is on track to close out 2023 by surpassing $30 billion.

Read more  ➔
Introducing the next generation of Automated Direct Deposit Switching

Introducing the next generation of Automated Direct Deposit Switching

Introducing our first-of-its-kind, reimagined automated direct deposit switching experience, expected to at least double end-to-end conversion.

Read more  ➔
Know Your Fraudster Q&A with Robert Reynolds

Know Your Fraudster Q&A with Robert Reynolds

Read more  ➔
Fraud Fighers Chapter 1: Know Your Fraudster

Fraud Fighers Chapter 1: Know Your Fraudster

Read more  ➔
This is how banks close the loop with branch guests: Introducing Pinwheel Smart Branch

This is how banks close the loop with branch guests: Introducing Pinwheel Smart Branch

Read more  ➔
Introducing Pinwheel Deposit Switch 2.0, a revolutionary upgrade that maximizes coverage and conversion for every US worker

Introducing Pinwheel Deposit Switch 2.0, a revolutionary upgrade that maximizes coverage and conversion for every US worker

Deposit Switch 2.0 allows every US worker to update their direct deposit settings regardless of where their direct deposit comes from.

Read more  ➔
Key factors to consider before implementing a payroll connectivity API

Key factors to consider before implementing a payroll connectivity API

Before integrating a payroll connectivity API, you should evaluate it based on coverage, conversion, implementation, security, and compliance.

Read more  ➔
Enhance credit line management with income data

Enhance credit line management with income data

Read more  ➔
See your customers’ earnings weeks into the future with projected earnings

See your customers’ earnings weeks into the future with projected earnings

Read more  ➔
How to reduce default risk with consumer-permissioned data

How to reduce default risk with consumer-permissioned data

Read more  ➔
Digital lending technologies and trends that are shaping the industry

Digital lending technologies and trends that are shaping the industry

Read more  ➔
4 technologies that improve fraud detection in banking

4 technologies that improve fraud detection in banking

Read more  ➔
Why automated income verification is a must-have feature for lenders

Why automated income verification is a must-have feature for lenders

Read more  ➔
December product release: 10% increase in conversion, enhanced security and access to pay frequency data

December product release: 10% increase in conversion, enhanced security and access to pay frequency data

Read more  ➔
A conversation with our Chief Information Security Officer

A conversation with our Chief Information Security Officer

Read more  ➔
Former CFPB Deputy Director Raj Date Joins Pinwheel as an Advisor

Former CFPB Deputy Director Raj Date Joins Pinwheel as an Advisor

Read more  ➔
Cash flow underwriting: Benefits & how to access cash flow data

Cash flow underwriting: Benefits & how to access cash flow data

Read more  ➔
Why banks need a payroll connectivity API that prioritizes information security

Why banks need a payroll connectivity API that prioritizes information security

Read more  ➔
How alternative credit data can benefit lenders

How alternative credit data can benefit lenders

Read more  ➔
Tech Spotlight: Implementing your first feature flag

Tech Spotlight: Implementing your first feature flag

Read more  ➔
Pinwheel Welcomes New Advisor, Ethan Yeh, to Advance Pinwheel’s Data Science Strategy

Pinwheel Welcomes New Advisor, Ethan Yeh, to Advance Pinwheel’s Data Science Strategy

Read more  ➔
Tech spotlight: Securing access control across internal services

Tech spotlight: Securing access control across internal services

Read more  ➔
The anatomy and potential of payroll data: Transforming complex data into insights

The anatomy and potential of payroll data: Transforming complex data into insights

Read more  ➔
Beyond the credit score: Propelling consumer finance into the future with income data

Beyond the credit score: Propelling consumer finance into the future with income data

Read more  ➔
Ayokunle (Ayo) Omojola joins Pinwheel’s Board of Directors

Ayokunle (Ayo) Omojola joins Pinwheel’s Board of Directors

Read more  ➔
Conquering conversion: Engineering practices developed to help customers

Conquering conversion: Engineering practices developed to help customers

Read more  ➔
Driving Customer Delight: From implementation and beyond

Driving Customer Delight: From implementation and beyond

Read more  ➔
Pinwheel Supports Open Finance Data Security Standard

Pinwheel Supports Open Finance Data Security Standard

Read more  ➔
How we design Pinwheel to solve real customer problems

How we design Pinwheel to solve real customer problems

Read more  ➔
What is consumer-permissioned data and what are its benefits?

What is consumer-permissioned data and what are its benefits?

Read more  ➔
How payroll data connectivity can help financial service providers in tumultuous market conditions

How payroll data connectivity can help financial service providers in tumultuous market conditions

Read more  ➔
Pinwheel now supports document uploads to supplement payroll data

Pinwheel now supports document uploads to supplement payroll data

Read more  ➔
Brian Karimi-Pashaki joins Pinwheel as Partnerships Lead

Brian Karimi-Pashaki joins Pinwheel as Partnerships Lead

Read more  ➔
Optimizing for conversion with smarter employer mappings

Optimizing for conversion with smarter employer mappings

Read more  ➔
What are super apps and how will they impact financial services?

What are super apps and how will they impact financial services?

Read more  ➔
Increase conversions and maximize share of wallet with Pinwheel's new UX update

Increase conversions and maximize share of wallet with Pinwheel's new UX update

Read more  ➔
Pinwheel announces support for taxes

Pinwheel announces support for taxes

Read more  ➔
Ryan Nier Joins Pinwheel as the Company’s first General Counsel

Ryan Nier Joins Pinwheel as the Company’s first General Counsel

Read more  ➔
The future of enabling earned wage access

The future of enabling earned wage access

Read more  ➔
Deliver earned wage access faster with Pinwheel Earnings Stream

Deliver earned wage access faster with Pinwheel Earnings Stream

Pinwheel Earnings Stream provides the necessary data and intelligence to reliably offer earned wage access (EWA) at scale.

Read more  ➔
Digital transformation in banking in 2022: What it means, trends & examples

Digital transformation in banking in 2022: What it means, trends & examples

Read more  ➔
June product release: Expanded connectivity to employers, a custom experience with Link API and more

June product release: Expanded connectivity to employers, a custom experience with Link API and more

Read more  ➔
Pinwheelie Spotlight: LaRena Iocco, Software Engineer

Pinwheelie Spotlight: LaRena Iocco, Software Engineer

Read more  ➔
Build fully custom experiences with Pinwheel’s Link API

Build fully custom experiences with Pinwheel’s Link API

Read more  ➔
Pinwheel expands connectivity to 1.5M employers

Pinwheel expands connectivity to 1.5M employers

Read more  ➔
Robert Reynolds joins Pinwheel as Head of Product

Robert Reynolds joins Pinwheel as Head of Product

Read more  ➔
Pinwheel obtains highest security certification in the industry

Pinwheel obtains highest security certification in the industry

Read more  ➔
Lauren Crossett becomes Pinwheel’s first Chief Revenue Officer

Lauren Crossett becomes Pinwheel’s first Chief Revenue Officer

Read more  ➔
Everything you should know about the role of APIs in banking

Everything you should know about the role of APIs in banking

Read more  ➔
Open finance: What is it and how does it impact financial services?

Open finance: What is it and how does it impact financial services?

Read more  ➔
How automated direct deposit switching benefits traditional banks

How automated direct deposit switching benefits traditional banks

Read more  ➔
Pinwheel Secure: Authentication optimized for market-leading conversion

Pinwheel Secure: Authentication optimized for market-leading conversion

Read more  ➔
Pinwheelie Spotlight: Elena Churilova, Software Engineer, Integrations

Pinwheelie Spotlight: Elena Churilova, Software Engineer, Integrations

Read more  ➔
May product release: Localization and downloadable pay stubs

May product release: Localization and downloadable pay stubs

Read more  ➔
How a payroll API can level up lenders and renters

How a payroll API can level up lenders and renters

Read more  ➔
The power of payroll APIs in consumer finance

The power of payroll APIs in consumer finance

Read more  ➔
Data Talks: Pinwheel’s Fortune 1000 coverage and top employer trends

Data Talks: Pinwheel’s Fortune 1000 coverage and top employer trends

Read more  ➔
April product release: Enabling connectivity to time and attendance data for 25M US workers

April product release: Enabling connectivity to time and attendance data for 25M US workers

Read more  ➔
Tech spotlight: Increasing engineering momentum at a systems level

Tech spotlight: Increasing engineering momentum at a systems level

Read more  ➔
How crypto exchanges can turn direct deposits into a fiat onramp

How crypto exchanges can turn direct deposits into a fiat onramp

Read more  ➔
March product release: Time and attendance coverage and Pinwheel's new online home

March product release: Time and attendance coverage and Pinwheel's new online home

Read more  ➔
Pinwheelie spotlight: Arianna Gelwicks, Tech Recruiting

Pinwheelie spotlight: Arianna Gelwicks, Tech Recruiting

Read more  ➔
What is payroll data and how it benefits proptech companies

What is payroll data and how it benefits proptech companies

Read more  ➔
Earned wage access: What is it and why does it matter?

Earned wage access: What is it and why does it matter?

Read more  ➔
How fintech APIs are transforming financial services

How fintech APIs are transforming financial services

Read more  ➔
Webinar: Unleash growth with income and payroll APIs

Webinar: Unleash growth with income and payroll APIs

Read more  ➔
February product release: Updated Link UX and data quality

February product release: Updated Link UX and data quality

Read more  ➔
Tech spotlight: Floating footer with React functional components

Tech spotlight: Floating footer with React functional components

Read more  ➔
Why a direct deposit switching API is a must-have for banks and neobanks

Why a direct deposit switching API is a must-have for banks and neobanks

Read more  ➔
Pinwheelie spotlight: Hale Ahangi, People Operations Lead

Pinwheelie spotlight: Hale Ahangi, People Operations Lead

Read more  ➔
Shift from a vicious to virtuous cycle: The foundation for a fairer financial system

Shift from a vicious to virtuous cycle: The foundation for a fairer financial system

Read more  ➔
January product release: Recurring access to income & employment

January product release: Recurring access to income & employment

Read more  ➔
Pinwheel’s Series B and our path towards a fairer financial future

Pinwheel’s Series B and our path towards a fairer financial future

We're excited to share that we have raised a $50M Series B funding round led by GGV Capital with participation from many others.

Read more  ➔
Tech spotlight: How to implement async requests in your Python code

Tech spotlight: How to implement async requests in your Python code

Read more  ➔
Pinwheelie spotlight: Devin DeCaro-Brown, Product Manager

Pinwheelie spotlight: Devin DeCaro-Brown, Product Manager

Read more  ➔
2021 recap and product update: An amazing year for Pinwheel

2021 recap and product update: An amazing year for Pinwheel

Read more  ➔
Charles Tsang joins Pinwheel as Head of Marketing

Charles Tsang joins Pinwheel as Head of Marketing

Read more  ➔
Pinwheelie spotlight: Octavio Roscioli, Senior Software Engineer

Pinwheelie spotlight: Octavio Roscioli, Senior Software Engineer

Read more  ➔
November product release: Beta launch of income & employment monitoring

November product release: Beta launch of income & employment monitoring

Read more  ➔
How can payroll data help with one’s financial picture?

How can payroll data help with one’s financial picture?

Read more  ➔
Pinwheelie spotlight: Caroline Lo, Software Engineer

Pinwheelie spotlight: Caroline Lo, Software Engineer

Read more  ➔
2021 company onsite: Bringing Pinwheelies together

2021 company onsite: Bringing Pinwheelies together

Read more  ➔
October product release: Beta launch of direct deposit allocation monitoring

October product release: Beta launch of direct deposit allocation monitoring

Read more  ➔
Why payroll data access is inevitable on your product roadmap

Why payroll data access is inevitable on your product roadmap

Read more  ➔
Security spotlight: SOC 2 compliance

Security spotlight: SOC 2 compliance

Read more  ➔
Jeff Hudesman joins Pinwheel as Chief Information Security Officer

Jeff Hudesman joins Pinwheel as Chief Information Security Officer

Read more  ➔
Welcoming John Whitfield, VP of Engineering

Welcoming John Whitfield, VP of Engineering

Read more  ➔
Announcing Pinwheel’s FCRA Compliance

Announcing Pinwheel’s FCRA Compliance

Read more  ➔
Pinwheel's statement on Section 1033

Pinwheel's statement on Section 1033

Read more  ➔
Pinwheel raises $20M Series A

Pinwheel raises $20M Series A

Read more  ➔
If I were a fintech founder

If I were a fintech founder

Read more  ➔

Related content

Why banks need a payroll connectivity API that prioritizes information security
Why banks need a payroll connectivity API that prioritizes information security
December 6, 2022
Read more ➔
How payroll data connectivity can help financial service providers in tumultuous market conditions
How payroll data connectivity can help financial service providers in tumultuous market conditions
August 30, 2022
Read more ➔
Pinwheel Supports Open Finance Data Security Standard
Pinwheel Supports Open Finance Data Security Standard
September 16, 2022
Read more ➔