Brian Schaeffer, CISA, CISSP
Brian Schaeffer, CISA, CISSP, is senior vice president and chief information officer (CIO) at Liberty Bell Bank. Schaeffer has 17 years of experience in IT and information security within financial services, health care, publishing and the public sector. Schaeffer has served as CIO for Liberty Bell Bank since 2002, building the bank from its inception to a US $170 million asset-size community bank supporting a four-branch operation in southern New Jersey, USA. He is currently the president of the Philadelphia Chapter of InfraGard, an information-sharing and analysis effort between the US government and an association of businesses, academic institutions, and state and local law enforcement agencies.
You are an active member of both ISACA and Infragard Member Alliance (IMA) (www.infragardmembers.org). As an ISACA member, what particular value do you find in IMA? How do you see the two organizations correlating, and how does IMA provide value to you as an ISACA member?
As an ISACA member, I think InfraGard provides me an opportunity to broaden my professional horizons. Besides having access to law enforcement professionals, the knowledge I gain from attending InfraGard meetings has helped me to round out what I have learned through ISACA. Certain events, especially those that are cyberrelated, transcend both groups. Being able to hear two perspectives really helps to round out the important aspects of a given issue. Beyond that, what I find helpful in being a member of both organizations is having access to smart people with diverse knowledge. In my experience, it is generally who you know, not what you know, that gets you out of a tough situation.
After having served as a systems administrator and chief technology officer (CTO) for many years, you expanded into security. Did you find this to be a natural progression and do you find your administrator background of value?
Information security is woven into a large part of systems administration. Each operations system or application has its own set of permissions and controls that need to be configured. You also have to be knowledgeable about how networks work and how business functions. All of this knowledge served as a foundation for building and evaluating information security in the enterprise. So, the transition was natural and extremely useful.
As an entrepreneur and founding officer of a bank, what unique challenges have you encountered in your role as chief technology/information/security officer?
Well, in the beginning, you are doing everything. One moment you are drawing out the network on a white board, the next you are unboxing and configuring servers and routers. It is both extremely exciting and tremendously stressful. You have to be able to stomach the ups and downs of entrepreneurial life. You also find yourself working on things outside your realm of expertise. There were many regulatory things I had to do as well as help the chief financial officer (CFO) with some of the public accounting reporting. One thing is sure, there is never a dull moment.
How do you believe the certifications you have attained have advanced or enhanced your career? What certifications do you look for when hiring new members of your team?
I believe my certifications have enhanced my career. Their biggest value was in dealing with the bank regulators. Regulators are always trying to ensure that the person leading the project is appropriately qualified. My certifications, in conjunction with my work experience, have helped me to build confidence with bank regulators. When looking for candidates I like to see certain certifications, such as Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP). With certifications that require continuing education credits, it is easy to verify whether someone is staying current in the profession. This also shows some initiative, a trait all employers like to see in a candidate.
What has been your biggest workplace or career challenge and how did you face it?
I guess one of the biggest challenges was starting Liberty Bell Bank. In the beginning, none of us knew how or what to do. There is no book that gives you step-by-step instructions on how to build a bank. We had to do a tremendous amount of leg work to get things rolling. In addition to our particular specialties (mine being IT), we had to build all of the regulatory and compliance programs from scratch. We spent hundreds of hours pulling everything together. We engaged some professional help and asked lots of questions. It was an extremely challenging and stressful time, but ultimately very rewarding.
Enjoying this article? To read the most current ISACA Journal articles, become a member or subscribe to the Journal.
The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.
Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.
© 2012 ISACA. All rights reserved.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.