How does Equals Money get non-technical employees to care about security?

The company runs a security champions program open to any employee, provides specialized training, and offers internal recognition through badges. They also conduct company-wide training to ensure all staff, including customer service teams, understand evolving threats and know the right channels to escalate concerns.

How does Equals Money handle the challenge of shadow AI tools?

The company proactively deployed ChatGPT enterprise-wide to prevent employees from using unsanctioned AI tools. They track employee identity touchpoints across platforms using tools like Okta's IPSM to detect unauthorized AI agent usage, recognizing that shadow AI poses unique risks because AI agents can connect to multiple services autonomously.

Okta: Embedding Security Culture to Accelerate Product Innovation

Name: Okta: Embedding Security Culture to Accelerate Product Innovation
Uploaded: 2026-05-07T05:47:00-04:00
Duration: 11 min 55 s
Description: Equals Money COO/CPO James Simcox sits down with Okta and shares how to embed a secure-by-design culture into product roadmaps and operations to accelerate innovation and safety. Read the full article on Okta's newsroom for more: https://www.okta.com/...

Okta

05/07/2026

0 (0%)

Report Like Favorite

TL;DR

Equals Money treats security as everyone's responsibility through a security champions program and monthly executive-level security councils, recognizing that financial services breaches result in immediate monetary loss.
The company uses adaptive risk controls via Okta Auth0 to reduce authentication friction at login and intervene contextually during high-risk actions, balancing security with customer experience across diverse user segments.
Developers are trained in secure-by-design principles from day one, which actually accelerates shipping by preventing late-stage security blockers and rework.
Shadow AI presents new risks beyond traditional shadow IT because AI agents can autonomously connect to multiple services; Equals Money proactively deployed enterprise ChatGPT to reduce unsanctioned AI tool usage.

Security as a Cultural Foundation

James Simcox, COO and CPO at Equals Money, discusses how the financial services company has embedded security into every layer of its organization rather than treating it as a siloed function. The company operates a security champions program where employees from any team can receive specialized training and compete for internal recognition, reinforcing that security is everyone's responsibility. This approach is particularly critical for a financial services firm where a breach could result in immediate monetary loss rather than requiring secondary exploitation of stolen data. The executive team, including the CEO, actively participates in monthly security councils to discuss challenges and demonstrate leadership commitment to security culture.

Balancing Security with Customer Experience

The conversation explores how Equals Money uses adaptive risk controls to reduce customer friction while maintaining strong security postures. Rather than implementing heavy authentication requirements at login, the company leverages Okta's Auth0 to assess risk contextually and intervene only when suspicious actions occur, such as large payments or unusual card activity. This approach is especially important for business customers using web browsers who lack biometric authentication options available on mobile devices. The company must also accommodate diverse customer segments through its indirect business channels, from older customers who prefer SMS and phone calls to mobile-first users who expect seamless biometric authentication, requiring flexible security journeys tailored to different user behaviors.

Secure-by-Design Development and Shadow AI Challenges

Simcox explains how Equals Money has shifted developer culture to view security as an accelerator rather than a blocker by embedding security considerations from the start of the development process. The company promotes internal mobility from engineering into security roles to maintain organizational knowledge and ensure security teams understand product development realities. On the emerging challenge of shadow AI, Equals Money proactively deployed ChatGPT enterprise-wide to prevent employees from using unsanctioned AI tools, though Simcox acknowledges that shadow AI presents unique risks compared to traditional shadow IT because AI agents can connect to multiple services and operate autonomously. The company relies on identity and access management tools to track touchpoints across employee identities and detect unauthorized AI tool usage.

Chapters

0:00 - Introduction
0:37 - Security Culture at Equals Money
2:57 - ROI of Security
4:53 - Security in Product Roadmaps
7:58 - Cultural Shift and Training
10:06 - Shadow AI Challenges
11:41 - Closing

Key Quotes

0:50 "Security is actually everyone's responsibility at Equals. So even as far as like, it's not very often that people have a CEO or CPO talking about security, but I do it all the time because it's important for me, as much as the CTO, as much as our CEO, that we have the security kind of across the whole business."
1:42 "If someone breaks into our systems, they can walk out with billions of dollars, right? Our customer's money, which is gone, and that's not going to work for us, right? As a financial services business, we have to build on trust and our customers have to believe that we're taking security seriously."
4:19 "Pushing the security challenge to the customer to the point of the action, not at the point of the login, because you can't always get it right up front, and if you're too secure with customers sometimes, they can just be like, this is not a product that I want to use, it's getting in my way, right? ..."
7:13 "Nothing worse than building a feature, getting to the point of release, and people go, well, you can't release that, because it's completely insecure. And so if we've built it that way to start with, people realize actually that gets you to ship things faster, because you're not going to get a weird blocker later on where you haven't thought about it."
9:46 "A few years ago, you could be pretty certain if you spoke to someone on the phone, and they sounded like the right age, and they gave the right information quickly enough that it made sense. Now with AI, I can just create all that myself. I can responsibly answer questions. If you change tack on security questions, you can just create an answer straight away."

Categories:

» Data Protection

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

05/07/2026

01:00 PM

05/07/2026

World Password Day: Strategies for Managing Your Existing Passwords.

https://www.truthinit.com/index.php/channel/1915/world-password-day-strategies-for-managing-your-existing-passwords/
05/12/2026

01:00 PM

05/12/2026

Transforming Black Box to Glass Box: Revealing Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-to-glass-box-revealing-hidden-threats-and-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Effective Strategies for Safeguarding Active Directory and Minimizing Data Risks

https://www.truthinit.com/index.php/channel/1888/effective-strategies-for-safeguarding-active-directory-and-minimizing-data-risks/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming Black Box to Glass Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-black-box-to-glass-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Establishing AI Governance Foundations for GenAI at Every Deployment Stage

https://www.truthinit.com/index.php/channel/1936/establishing-ai-governance-foundations-for-genai-at-every-deployment-stage/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/28/2026

10:00 AM

05/28/2026

Harnessing AI: Transforming Perception into Purposeful Mastery

https://www.truthinit.com/index.php/channel/1924/harnessing-ai-transforming-perception-into-purposeful-mastery/
06/02/2026

01:00 PM

06/02/2026

Spring of Satori: Insights into Our New Findings and the 2026 Threat Landscape

https://www.truthinit.com/index.php/channel/1930/spring-of-satori-insights-into-our-new-findings-and-the-2026-threat-landscape/
06/04/2026

02:00 AM

06/04/2026

Mastering the Unseen: Managing Shadow AI and Agentic MCP Traffic

https://www.truthinit.com/index.php/channel/1948/mastering-the-unseen-managing-shadow-ai-and-agentic-mcp-traffic/