Embracing the Joy of Turning Around Struggling Ventures and Constantly Striving for Improvement!

Think about a time when you faced a formidable challenge. Did you not emerge from that experience stronger, wiser, and more resilient? Challenges have an incredible capacity to foster personal growth. They compel us to delve into our inner resources, tap into our creativity, and discover strengths we might not have known existed. “Can a business truly thrive without facing and overcoming challenges? Is there joy in smooth sailing, or is it in the storm that we discover our true capabilities?”

These are the questions that resonate with James Tewes, a seasoned professional whose passion lies not in the comfort of well-established enterprises but in the thrill of turning the tides for struggling businesses.

As the Chief Information Security Officer at Greengage, he embodies the spirit of transformation. He shares, “I often honestly have found enjoyment in all the sectors that I have worked in, but it must involve a challenge. Coming into a business that is already working and functioning well does not interest me.” For him, the allure lies in the prospect of revitalizing a struggling enterprise, whether it’s addressing aging infrastructure, modernizing security measures after an audit reveals vulnerabilities, or even building a business from the ground up.

The heart of James’s professional satisfaction lies in the process of turning a business around and adding substantial value. “What makes me happy and gives me the reason to get up and work is when I can turn a business around and add considerable value,” he emphasizes.

Never content with merely meeting the requirements, he is known for seeking opportunities to enhance both himself and the projects he undertakes. His approach is structured, and methodical, and goes beyond the ordinary. “I have never been someone who was happy simply to do what was needed and no more. I would always look for ways to improve both myself and the project or environment that I am working on,” he notes.

Constantly refreshing his skills and delving deep into the products he works with, James exemplifies a commitment to excellence and a relentless pursuit of improvement. His journey at Greengage is not just about securing information; it’s about fortifying businesses, navigating challenges, and turning adversity into triumph. In the world of business alchemy, he is the maestro orchestrating the transformation of challenges into opportunities.

Below are the interview highlights:

Could you please elaborate on Greengage and its inception story?

Greengage is a digital finance pioneer that provides a platform of relationship-based e-money account services to SMEs, high-net-worth individuals, and digital asset firms to the highest ethical, secure, and compliance standards. Alongside our account services, we provide clients access to a B2B lending platform offering digital sources of money. Our tailored services are delivered by people, empowered by technology.

Greengage was founded in 2018, and we now have over 30 staff and excellent client feedback. We embrace new technology in digital assets and our core proposition as a means to add value to our clients in their day-to-day endeavors.

Through Founder’s Eyes:

Sean Kiernan is the Founder and CEO of Greengage, and they set up the firm with a view to building a service-led organization to support our clients in navigating the bridge between traditional financial services and digital innovation. Sean has extensive experience in financial services, having worked in various executive management positions. He founded Greengage after working at the first bank in the world to offer crypto products to clients, Falcon Private Bank, where he served as the COO and interim CEO of the London operation until he left to establish Greengage. Prior to that, he held management positions at Clariden Leu, a division of Credit Suisse, and Zurich Financial Services. Mr. Kiernan has an MBA from the University of St. Gallen and a BSc from Georgetown University.

Can you summarize your 28 years of experience in infrastructure and cybersecurity, emphasizing key achievements?

Throughout my career, which began at the age of 17, I’ve had the privilege of working for esteemed companies and collaborating with exceptional colleagues on exciting and challenging projects. Notably, a few milestones include:

• London 2012 Olympics and Paralympics: Working on this project was a unique privilege. The high visibility and pressure during this global event required quick learning and problem-solving. I identified and resolved environmental issues promptly, ensuring a smooth operation of the infrastructure during the live games, which had a global viewership exceeding 3 billion.

The project involved managing over 10,000 servers and workstations and 8,000 users, spanning static core infrastructure and dynamic event locations. Teams worked around the clock, addressing critical changes and fixes during the live games and executing planned changes at night to prepare for the following day’s events.

• British Petroleum (BP): At BP, a significant achievement was contributing to the data center consolidation project. This involved building primary and secondary data centers in London and decommissioning all European data centers. My role in building the initial core server infrastructure facilitated the migration of approximately 40,000 servers, significantly reducing the physical server footprint through virtualization.
• Harrods Bank: Initially hired as a consultant for infrastructure refresh, I played a crucial role in understanding and migrating legacy systems. Working in the complex environment of the banking sector, I contributed to scaling up the bank’s staff and systems, witnessing a 400% increase in size. My focus on security remained paramount throughout, ensuring a seamless migration and ultimately leading to the bank’s sale to a challenger bank.
• Sonali Bank: After joining as a security consultant, I addressed gaps highlighted in an external cybersecurity audit. Implementing the necessary security layers significantly improved the bank’s security posture. Taking over the IT department, I crafted an 18-month roadmap, modernizing the infrastructure and leaving the bank in an enhanced and secure state.

In each role, my commitment to learning, problem-solving, and prioritizing security has been central to achieving successful outcomes.

Among the financial, Oil & Gas, Sports, Manufacturing, and Government sectors, which presented the most unique challenges, and how did you address them?

In the financial sector, I’ve experienced challenges that are particularly daunting due to the intricate technologies and customized nature of products. Security measures must be meticulously implemented to protect the environment and clients, while strict adherence to regulations is paramount. Successfully overcoming these challenges hinges on a profound understanding of products, configurations, and security measures at the granular level. Thorough planning and end-to-end testing, including robust rollback plans, are essential. Involving banking teams in testing is critical, as relying solely on IT can lead to significant oversights. Testing must cover all possible scenarios, accounting for the varying activities banks conduct hourly, daily, weekly, and monthly. Failure to test comprehensively can result in seemingly successful upgrades that reveal issues days or weeks later. In the financial industry, any failure in upgrades or system changes can lead to substantial financial and customer repercussions, causing severe reputational damage to the business. Major outages are often attributed to inadequate testing and a failure to test rollback procedures thoroughly.

Can you share an example of effectively communicating a complex technical issue to stakeholders at different business levels?

In my experience, effective communication within a business requires tailoring your message to the audience’s varying levels of understanding. Particularly in IT, where technical proficiency can differ widely, it’s crucial to focus on the business impact, necessary actions for resolution, and the implications of inaction. By emphasizing these aspects and presenting with confidence, I’ve noticed increased buy-in from the business. It’s essential to avoid overly technical discussions, as executives may disengage, leading to resistance against proposed changes.

For instance, in a scenario involving a financial institution, I needed to upgrade and replace key payment gateways to enhance resilience. Despite initial doubts from my direct management about securing funding, I successfully engaged with the bank’s leadership. I provided a high-level rationale for the work, offering a straightforward technical overview that resonated with all levels of understanding. This approach proved successful in obtaining the required funding and steering the project to completion.

Can you highlight a successful implementation of a cybersecurity solution that significantly improved an organization’s security posture?

Working at Sonali Bank UK, I prioritized implementing a comprehensive MDR (Managed Detection and Response) solution as a vital defense measure. For smaller banks like ours, MDR covers essential components like a 24×7 SOC, SIEM, Vulnerability Scanning, Cloud Posture Management, and Endpoint management. Limited resources often expose smaller banks to vulnerabilities, making continuous monitoring crucial. In the financial sector, risk awareness isn’t a 9-5 affair; it demands 24×7 vigilance. Any claim of complete security is unrealistic. As a CISO, honesty about potential threats is vital, and taking proactive steps to safeguard both the bank’s and clients’ data is paramount.

In your role, collaboration with third-party support and suppliers is crucial. How do you ensure effective partnerships and smooth integration with external entities?

Effective collaboration hinges on adeptly managing partnerships and workflows, a task contingent on the involved companies. Employing skilled project managers significantly influences workflow and change management. Establishing centralized communication points among companies is pivotal to ensuring prompt and efficient work execution. Collaborating with proficient, communicative, and adaptive companies enhances the overall experience. However, encountering less cooperative entities poses challenges, impeding progress in implementations, changes, and bug fixes. The judicious choice of tracking tools proves vital for monitoring extensive workflows and task statuses and preemptively addressing potential issues, facilitating collaborative problem-solving and timely resolution.

Reflecting on your career, what accomplishment or project are you most proud of, and how did it positively impact the businesses you worked with?

I would say my current role as CISO of Greengage is one of my proudest. While I have enjoyed many projects at various companies, at Greengage we were in the fortunate position of building a financial institution environment from the ground up. This is a great challenge: having the ability to design the most optimal architecture using the most appropriate products for all infrastructure and security layers, rather than what often happens traditionally: inheriting the chosen products by historic teams, which may not be the right products for their purpose.

This enabled the business to successfully go live with its e-money offering and start onboarding its customers, which was a proud moment for the business and proves what can be achieved with the hard work of all the teams.