By Sarah Hendricks
The word “cybersecurity” may bring to mind a man working in the dead of night, typing away at his computer, but the world is changing. Truth be told, cybersecurity is fundamental to many agencies, especially those that deal with financial data, and the experts are working around the clock to make sure private data is kept private.
Stan Buch is the deputy chief information officer at the Office of the Comptroller of the Currency, part of the Department of the Treasury. The OCC is a regulatory agency that oversees all of the national banks in America, as well as federal branches and agencies of foreign banks.
Buch is the leader of a group of tech professionals inside the agency. Their responsibility is to help make sure the OCC runs smoothly in the technical realm so that others can monitor the banking system. Buch in particular is tasked with crafting the direction that IT will take within the organization and helping to shape the tech security within the OCC.
“Cybersecurity is a thread that runs throughout everything we do in information technology,” Buch said. He called the work they do an “enabler” of the business; “We don’t necessarily drive the business, but we can make the business more effective,” he said.
Hackers are one of the biggest challenges to the tech industry, including information tech. Teams like Buch’s will release new technology designed to protect data. Hackers will then find a way around it, prompting teams to develop and deploy more solutions.
“It’s a constant battle,” said Buch.
Most professionals recognize two kinds of hackers. The first are “white-hat” hackers, or those who will inform a company once they find an exploit, and professionals appreciate working with them to help tighten their defenses. It’s the “black-hat” or malicious hackers who cybersecurity authorities worry about. Those hackers steal or manipulate whatever data they can find without notifying their victim; and with infiltration of tech into every aspect of life, the risk of hacks that can cripple entire cities is very real.
“When the hacks start disrupting people’s lifestyles because of attacks against electrical grids, water facilities, infrastructure, that’s when it will be very painful,” said Buch. “Those are some of the things that … scare me the most.”
But hackers aren’t the only ones who are threatening the security of companies. Buch said that people inside an organization can hurt it too, often without realizing it.
“Sophisticated hackers are very good at mining social behavior,” Buch said. A typical example is phishing emails, which try to impersonate an official or otherwise convince the victim to respond with critical information, such as the latest spike in IRS phishing emails.
“I’ve seen employees actually write passwords on Sticky Notes and hide them somewhere, just in case they forget it,” Buch said. “Those are the types of behaviors that can cause challenges down the road.”
Buch had an unlikely beginning compared to the typical path of information tech professionals today. He began his career as an air-traffic controller in the military. “That was nothing more than a grandiose computer operator because that system had a lot of computers as part of the job,” he said.
Back in the early days, computers less powerful than the modern iPhone took up an entire room. The only real jobs were the key-punch operators, who punched in the code on cards, and the computer operators, who ran those cards through the computer.
The computer world is quite different today. “The technology has evolved to the point now where you have the Internet, and you have wireless, and we have all kinds of different capabilities now, and to support IT now requires all of these different types of disciplines, so it’s an incredibly diverse field to be involved in,” Buch said.
After the military, he became involved in software development and went to Regis University to get his computer science degree. He then worked for several years on the IT team at the US Department of Housing and Urban Development, including as the director for the department’s Open Government implementation plan, which focused on government transparency.
Over time, he was promoted to executive positions, all the while teaching IT courses at various universities in the DC-Metro area. He then moved to his current position at the OCC.
What does he do now? “A typical day is meeting after meeting after meeting,” Buch said.
“My responsibility now is to remove obstacles for those working for me so that they can be successful,” Buch said. “Many times I see the work they’re doing and I remember the fun days, actually able to get in there and develop code.”
“The thing I enjoy most is the people,” Buch said. “A day doesn’t go by where I don’t learn something from someone.” He said that many companies are looking for new people who are talented and interested in learning.
“If you love change, this is an incredible field to be a part of, because what we are experiencing with technology today, nobody could have envisioned 20 years ago,” he said. “20 years is not that much time. But the Internet now looks totally different than it did only 10 years ago.”
“It is amazing what has happened in technology.”