Joyce Chiu, Eileen Barbara and Eric Traynor don’t sit on the same team, but they — and their coworkers companywide — share a common goal: to safeguard tens of millions of people’s information across the globe.
Chiu, a member of the Corporate Functions Technology team, is responsible for enhancing MetLife’s digital employee experience, and security is at the heart of every decision she makes. Barbara sits on MetLife’s IT security team and is charged with governing global security risk, controls and compliance. And Traynor, as part of MetLife’s Global Technology organization, is responsible for enabling security and mitigating risk in U.S. technology platforms.
“MetLife’s cybersecurity operations run on both talented, evolving individuals and the evolution of cutting-edge technology,” said Traynor.
Barbara and Chiu both nodded in agreement, indicating the statement represents not only those who work in cybersecurity for MetLife, but the entire company.
Opportunities in security abound at MetLife. It’s a massive undertaking with many moving parts – quite literally. Barbara said the firm’s global IT security group encompasses several different focus areas, from authentication and access controls to cloud security and monitoring.
Having many teams focused on various disciplines is critical to ensuring that the right systems are in place to protect the firm’s most precious asset – its people.
“And as threats have evolved, we’ve evolved – shifting from a focus on cyber defense to cyber resilience,” Barbara said. “It’s not just a matter of having the right controls in place.
“Protecting our people is our highest priority,” she continued. “And with a continuous aim to grow and advance capabilities, team members have many opportunities to jump into exciting projects and challenge themselves.”
As new security threats emerge, Barbara added, the firm stays one step ahead, offering its people the chance to grow alongside the organization.
It’s that heightened focus which earned MetLife a place among the Forbes’ most cybersecure companies in 2023.
“As threats have evolved, we’ve evolved — shifting from a focus on cyber defense to cyber resilience.”
AI: All In on Innovation
360 billion.
That’s the number of events that are logged in MetLife’s systems each month.
“To provide a bit more context,” Barbara explained, “an event is an activity or occurrence that takes place within the network that could potentially lead to a security breach. And these are activities people perform in their day-to-day jobs, such as sending or receiving emails to making changes to data directly in a database. All these events, which are recorded in logs, can be normal or abnormal, trivial or significant.”
With an information load of this size, leveraging AI will allow MetLife to identify events that can harm the organization.
“Threat actors are evolving their tactics using AI, so we’re evolving ours to ensure we stay a step ahead,” added Traynor.
“Threat actors are evolving their tactics using AI, so we’re evolving ours to ensure we stay a step ahead.”
AI is also being explored for use in other areas across the organization. “We don’t shy away from innovation,” Traynor said, noting that the global security team is adding a deeper level of maturity to its traditional practices. In addition to threat modeling, the team is enhancing its security architecture reviews by ensuring that the right teams are looking at security design patterns. This feeds into cyber attack modeling, Traynor explained, which allows them to approximate threats.
“I prefer to think of it as continuous security rather than just ‘shift left,’” he said, referencing the concept of adding security testing earlier on in the application development phase.
According to Chiu, MetLife actively prioritizes security rather than treating it as an afterthought. That includes continuously educating employees about cyber threats and how to identify them. “For quite a number of years, we’ve held concentrated campaigns to ensure employees remain aware and alert of ongoing threats,” she said.
‘See The Bigger Picture’
While large enterprises aren’t typically associated with creativity and silo-shattering, MetLife’s global security team is changing that.
Chiu said there’s more room for creativity in cybersecurity than many people may think. Team members are always exploring out-of-the-box solutions together as they lean more toward an agile delivery model and focus on achieving common goals.
For Traynor, this emphasis on creative collaboration, coupled with the size of the company and its resources, enables global security team members to continuously learn.
“There’s a lot of opportunity to see the bigger picture,” he said.
“There’s a lot of opportunity to see the bigger picture.”
Since joining MetLife roughly five years ago, Traynor has seen the firm continuously put its people first; a facet of the culture he feels is often lost at large organizations.
“What I’m constantly struck by is that the company really does care about its employees,” he said.
Whether they’re focused on access controls or cloud security, global security team members at MetLife are constantly seen, heard — and empowered.
Barbara believes the greatest aspect of driving the firm’s cybersecurity efforts is the clear understanding of how it contributes to MetLife’s purpose: ‘Always with you, building a more confident future.’
“You know how you impact the customer, which is something I haven’t seen at other organizations,” she said.
And as Barbara put it, to work on cybersecurity at the firm is to affect the lives of every customer and every employee.
“Cybersecurity is everybody’s responsibility,” Chiu said. “It touches everyone across the organization, no matter where you are.”