Somewhere in Mastercard’s St. Louis Tech Hub, Deputy Chief Security Officer Alissa Abdullah can be found working on ways to secure the things that Mastercard consumers want, and what they don’t realize they want yet.
At the global payment solutions company, Abdullah—who also goes by “Dr. Jay,” a nod to her PhD in IT management and her time as Jimmy Jay, her persona from when she served as a radio DJ—is a “cybersecurity futurist.”
“I think about the future and the future adversary and then I think, how do we prepare ourselves in that type of ecosystem?” Abdullah said. “How do we prepare ourselves? How do we prepare our customers?”
IT Brew caught up with the radio DJ-turned-security professional to discuss her role at Mastercard and how she navigates blending cybersecurity with evolving customer preferences.
The conversation below has been edited for length and clarity.
What were some of your greatest achievements in your first few years at Mastercard?
I would say one of my biggest impacts has been zero trust. That is something that’s been in the industry for a while, but it was coming in and saying, “We have to make sure that zero trust is embedded in our DNA.” The adversary is attacking us constantly. We’ve got to flip that on its head, and say, “I’m going to build a network and an infrastructure where nothing is open.”
Early on, another thing that I did was modern access. We have classic access, and then we have modern access and modern authentication. We also use MFA [multi-factor authentication]as much as we can. MFA wasn’t pervasive when we started out on this journey. Now, everything is either MFA, and it’s phishing-proof MFA.
What does your ideal cybersecurity world look like in your industry?
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
My great, great, great, great grandkids probably won’t even reach my ideal world, but my ideal world is a world where the customer doesn’t have to think about cybersecurity because the technologists are smart people. I want to get rid of passwords. Mastercard is getting rid of card numbers on cards…We’re using AI to anticipate and to figure out if the over 146 billion transactions on our network annually are fraudulent or not. Those are things to me that we are putting in place to reach that ideal world.
How do you evolve your cybersecurity strategy around evolving consumer behaviors and their payment preferences?
When you think about consumer behaviors, we are the leaders of consumer behavior. You did not know you wanted to use your device to pay until we put it in there. So, we secured that and we partnered with Apple to do that. The next thing we’re thinking about is how do I get rid of the device and how do I just use my retina or some type of biometric and pay in that way?
What are some of the most common mistakes you see companies, small and large, make when securing payment systems or data?
I think small businesses don’t know where to start. Cybersecurity is so big, so do you start at preventing? Do you start at protecting? Do you start at defending? It’s just so big and you just don’t know where to start and I think that’s the biggest issue. But then there are basic things, such as multi-factor authentication. Small businesses have a hard time wrapping their mind around, “I should have turned on two-factor authentication.” Those are basic things.