The Man who Protects the CME’s Futures from Cyberthreats

Photo by Sheila Barabad.

Cyber attacks and the individuals behind them are a growing threat to every industry. From retail companies to large global corporations, more and more headlines explain how these institution have been hacked.

As CME Group’s managing director and chief information security officer (CISO), Gil Vega is in charge of establishing an information-security strategy for the world’s largest futures and options marketplace.

The old stereotype of a lone hacker hunkered over a basement computer doesn’t apply to modern adversaries, Vega says. Today, his team faces threats from a variety of hacker types: domestic and abroad. “Fifteen years ago, the largest threats were from individuals tinkering with computers and defacing websites,” Vega says. “Now, entire nations have engaged in full-fledged cyber warfare. It’s a different landscape.”

As financial institutions continue to expand their digital presence, the number of malicious incidents is expected to rise. It’s a troublesome reality; a data breach at a major financial institution can reverberate throughout the country and can have serious implications for the global economy, Vega says. The CME Group is no different.

“Financial institutions are highly targeted because of our place in the market,” Vega says. “At CME Group, we take every type of security issue seriously and place the highest priority on protecting our customers’ information. We have numerous safeguards and surveillance systems that are continuously updated.”

Vega and his team are responsible for providing a “resilient environment” for consumers, which means developing access management solutions, monitoring assets, and other efforts to prevent cyber attacks.

“Fifteen years ago, the largest threat was individuals tinkering with computers and defacing websites. Now, entire nations have engaged in full-fledged cyber warfare.”

It’s a job he was born to do. As a kid, Vega always knew he would work in law enforcement. “That ’60s cop show ‘Adam-12’ really got my imagination going,” he recalls. After high school, he joined the US Army and worked for the military police during Operation Desert Storm. Two deployments later, Vega used the GI Bill to get a degree in computer information systems, and later went back to school to get a master’s degree in technology.

After serving as a police officer in Washington for nine years, Vega moved into the cybersecurity industry in the late 1990s—the height of the dot-com bubble—as a security analyst for a technology company. As the company launched its first web domain, Vega took control of information systems support and witnessed the dawn of a powerful opponent.

“Back then, there was a growing capacity of people tinkering around the globe, defacing websites and disrupting companies just for the fun of it,” he says. “My company supported having someone dedicated to that area, and I never looked back.”

In his current post, Vega has built a team dedicated to deterring hackers of every volition. Vega, a consummate expert in his industry, admits he doesn’t need to be the smartest guy in the room, but he does need a team that is confident enough to raise new ideas.

Vega focuses his leadership energies on creating a climate of collaboration—both throughout his team and throughout the finance industry. Every year, cyber attackers become more sophisticated. Those dedicated to stopping them need to keep up the pace.

“We’re dealing with advanced and capable attackers making more and more sophisticated attacks,” he says. “But our industry has built a response. We partner with peers and competitors to understand those groups and the tools they use, and we share information across the industry.”

That collaborative spirit allows Vega and his peers to dynamically change their security systems, if need be, to protect against growing threats. It’s an exceptional characteristic of an industry driven by competition, and one that Vega foresees will save it from virtual adversaries.