All Crypto Culture Design Education Engineering Ideas News Uncategorized

Safety First: A Conversation Between Robinhood’s Security Team Leaders

Safety First: A Conversation Between Robinhood’s Security Team Leaders

Robinhood was founded on a simple idea: that our financial markets should be accessible to all. With customers at the heart of our decisions, Robinhood is lowering barriers and providing greater access to financial information and investing. Together, we are building products and services that help create a financial system everyone can participate in.

The Robinhood team is incredibly excited to welcome Katelyn Perna as Crypto Chief Information Security Officer. To help the Robinhood community understand more about her work and how it speaks to our larger mission, she sat down to chat with our Chief Security Officer, Erika Dean.  

Read on as Katelyn and Erika discuss their roles at Robinhood, how Katelyn manages security in more places than one, and why security is integral to Robinhood’s everyday operations. Plus, Katelyn offers some great advice for all Robinhoodies. 

Erika Dean: Hi! My name is Erika Dean, and I’m the Chief Security Officer here at Robinhood. Katelyn, can you please introduce yourself?

Katelyn Perna: Hey! I’m Katelyn (or KP), and I’m the Crypto Chief Information Security Officer for Robinhood. I recently started in February! 

Erika: Wonderful! So, security is an integral part of Robinhood, as you know. How do you think your work on crypto adds to Robinhood’s larger mission statement to democratize finance for all with our safety-first value in mind?

Katelyn: All of the Robinhood subsidiaries, including Robinhood Crypto (RHC), aim to democratize finance further. RHC’s mission statement and goal is cost-effective crypto trading, and we think that is an important part of democratizing access to the next generation of financial assets. We aim to help users diversify their asset portfolio via exposure to crypto assets. Custody is security, particularly when it comes to keeping crypto assets safe. My role, the function of my team, and our teams together, is really helping the crypto business achieve their mission of democratizing access to a new asset class as safely as possible. A lot of security principles go into how we design our custody systems and infrastructure. Crypto is very different from traditional assets, so we do a lot of secure-by-design from a product standpoint and then also focus on a defense in depth approach around application security, incident response, insider threat, monitoring, logging, threat detection, and disaster recovery. What do you think, Erika?

Erika: I totally agree with those points. It is really important to understand the priorities and initiatives to ensure that you’re able to secure the business appropriately. And it really does uphold our safety-first value that we have here at Robinhood.

Katelyn: How has your work as Robinhood’s Chief Security Officer changed how you look at what we’re doing overall to democratize finance for everyone?

Erika: Great question. It’s essential. We can’t offer great products and services that enable democratization if we cannot secure it. The ramifications are too great. We are dealing with people’s finances. A breach could also impact their personal data…. So it’s really, really important that we take all of that into consideration. To be able to democratize finance for all, that can’t happen if we’re breached and we’re not actually securing the company. So that’s a huge part of Robinhood. It is one of the reasons I was so excited to come work here, because security is such a large part of the company as a whole. On that note, what’s something that the average Robinhoodie might not know about our team’s work?

Katelyn: I think the average person would probably be surprised at how cross-functional we really are and how integrated we are with the various lines of business. Especially for me, I could go from a call with engineering, then to marketing, and then to a call with our fraud team. I think there are security components and considerations to everything we do, even to the comms that we’re sending out and how we convey trust in RHC and our products. I think the average person would probably be surprised at how many teams I talk to every day.

Erika: You know what I would also add on? You’re in an entity CSO role. That’s not very common in a company our size. I think Robinhoodies would also be very surprised to know that we have one dedicated for each business. That is very unique to our company. 

Katelyn: I think so, too. With that, how do you feel Robinhood handles security differently from other places you’ve been or other businesses you’ve seen? 

Erika: I really think it is rare to have a company that holds security with such high regard – it is how everyone operates. I can’t tell you how many people reach out to me about potential security concerns or say, “Hey, Erika, what do I do about this?” And I imagine you get the same thing, Katelyn, from your crypto business. To me, that’s unique. Most of the time, it’s Security having to push it into other organizations. I sometimes have Engineering come to me and say, “How can we do security better?” That’s rare. It is rare for a company to have it so engrained throughout the entire organization to where they’re coming to you wanting more security, which to me is super great. The other part is that it goes all the way up to the board of directors being able to talk about security every quarter when we meet. Do you feel the same way?

Katelyn: Yes, I do. You know, I’ve only been here since February, but I think one of the things I was pleasantly surprised with was the security culture that is already here. So, shout out to Erika and the team for that. It’s been great, it’s made my job a lot easier. People come to me and engage me with things that they’re worried about, things that I can help with, and I think that’s been super impressive overall.

Erika: I love that. What’s the one piece of advice about security that you would offer to every Robinhood user?

Katelyn: I think I’m very big on paranoia as policy. You know, you talked about this earlier: you’re dealing with money, maybe a lot of it, maybe your life savings. I think if something feels wrong or off, trust your instincts. Maybe slow down a little and question what’s happening. The most common mistakes I’ve seen from users are feeling rushed, rushing through something, seeing something, and thinking, “I knew that wasn’t right, but I clicked it anyway,” or “I knew I should have done XYZ.” There’s usually a lot of remorse after something bad happens. So, I always preach paranoia as policy. The more paranoid you are about your stuff, your apps, and your crypto, the safer you will hopefully be. And if it feels wrong, it’s probably wrong. So go with that. 

Erika: That’s so great, Katelyn. It was such a pleasure chatting with you today!

Katelyn: Same! I always love talking to you as well!

Safety is always a number one priority at Robinhood; we understand that you place a lot of trust in our services, and we’re constantly working to ensure Robinhood is one of the safest places for you to build your financial future.

We are always looking for more individuals who share our commitment to building a diverse team and creating an inclusive environment as we continue in our journey in democratizing finance for all. Stay connected with us — join our talent community and check out our open roles!

© 2024 Robinhood Markets, Inc.

3616076

Related news

Share this
Subscribe to our newsroom