Lance McGrath
CSO
Danske Bank
Lance McGrath is the Chief Security Officer at Danske Bank, where he oversees their cyber and physical security programs whilst also executing a risk-driven transformation plan to move away from legacy technologies. Lance also serves as a board member of the NFCERT association, where he serves under a supervisory role. Additionally, Lance has an MBA from the University of St. Gallen.
Learn more about the Nordic CISO community here.
Give us a brief overview of the path that led to your current role.
A series of poor life decisions, beginning with a teenage impulse to break into an online BBS system in the early 90s, put me into a downward spiral, eventually culminating in a Chief Security Officer title.
A techie all my life, I have written code in more than a dozen languages, administered large unix networks for a Fortune 100 company, and learned the art of abstracted and careful communication through a decade of consulting working for Switzerland’s largest and most successful multinational and national companies.
However, a Danish wife brought me to my current role, where I have the privilege of spearheading the security agenda at Danske Bank, keeping our clients, their assets, and our staff safe from harm.
What is one of your guiding leadership principles?
Transparency always. Sure, there are secrets that need to be kept; but those are few and far between. Transparency is about being open in your intent so that it can be challenged and bettered. Transparency is about building trust by admitting when you’re wrong or you’ve made a mistake.
Transparency is about helping your team to grow by giving them insight into what you do in other aspects of your role. Transparency is, quite simply, the central way you get the best out of people.
With disruption being a key theme of recent years, where do you see the CISO role going in the next 1-2 years?
Being a CISO has never been about disruption, in my opinion, but rather about enablement. Security is not the end goal (unless you work for a bank, of course!) but it is a fundamental requirement to living in a digital society.
Here in the Nordics, we are already highly digital but will become even more so in the next few years. I expect that my role is going to be largely about enabling that journey through appropriate control. But it will also be about governance and giving assurance to boards – whether in their role overseeing the CISO or as an external advisor to other companies – that the amount of risk they are taking in the cyber and digital fields is appropriate. With increasing requirements coming into force for board cyber expertise around the world, the demands on CISOs are going to increase dramatically here.
What advice would you give to someone just starting out as a CISO?
Never be afraid to go deep into something – just know how to tell the story. I have not met a management body or board yet who wanted a super high-level abstraction, but expecting them to understand without the context and a shared vocabulary is just silly. They gain faith knowing that you can articulate the challenges but also have clear depth, which they see as parallel to control. Give them that confidence. Tell them what they need to know but use their language whilst doing so!
Tell us three fun facts about yourself.
- My wife wanted me to come to Denmark. The deal I struck was that if I agreed to move, she would kill all the spiders. It holds to this day.
- When I first came to Europe some 20 years ago, I had to delay my trip by a day because my passport hadn’t arrived yet. At the age of 25, I had never had a passport before!
- My favourite ice cream flavour is cookie dough. But I’d just as soon leave out the ice cream and go straight to the dough.
What is the value of joining an Evanta community?
Connection to peers across sectors. I have significant exposure to peers in finance across Europe and the world but am less engaged with Nordic CISOs in other industries – this community is my ticket for cultivating these connections!
Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.