Skip to main content

Q2 Takes Home Prestigious Top 100 Information Security Team Award

By Nick Silver, Q2’s Director of Information Security

Those of us who work in the security industry generally don’t want to be noticed. If we’re doing our jobs correctly, we should be invisible and if we’re called out, it’s usually only when something goes wrong. 

But this is an exception to that rule. My team and I are honored to be recognized as a Top 100 Information Security Team by the prestigious OnCon Icon Awards, which represent some of the top individuals and teams around the globe. We’re particularly pleased to be among a distinguished group of winners that include Nasdaq, Fannie Mae, the Social Security Administration and the U.S. Secret Service. The fact that the awards are determined by peer and community voting makes the recognition all the more meaningful.

The OnConferences team screens and nominates the candidates, and the finalists are voted on by the public. Respondents are asked to vote for teams they have observed making a considerable impact on their organization, making strong contributions to their job function community through thought leadership, showing innovation in their projects and whose leader demonstrates exceptional leadership. 

While winners are not given insight into the voting results, I can say with confidence that this award is all about our phenomenal team. This year, Q2 is celebrating its 20th anniversary. When I joined the company nearly six years ago, everyone on Q2’s security team had basically the same job title, the same job description, the same everything. We all had to do it all, which is atypical for security organizations that have niches and specialties (including forensics, incident response or engineering and offensive testing) inside of information security. Our team has been remarkable in having the flexibility to move into all those different subspecialties. 

Across our industry, security teams are operating in an increasingly predatory environment, with cyberattacks doubling since the pandemic. It’s no secret that the financial sector is particularly exposed to cyber risks. There were 3,348 reported cyber incidents in the financial industry worldwide in 2023 — up from 1,829 the previous year and the most since 2013. 

In this highly challenging climate, our security team is tasked with protecting the data of the top banks and credit unions in the United States. 

More than 450 banks and credit unions in the U.S. run on our platform. We're working at a pretty incredible scale, and we’re doing it with a fraction of the resources of large banks. To be able to provide services and protect our end data at the scale at which we're operating requires us to punch above our weight class, so to speak. It requires a great deal of expertise and talent, and I believe that a big part of what we’re celebrating is the team’s innovation with their projects.

One of the cornerstones of our innovation approach is our zero trust strategy, which goes beyond the basics of zero trust to tackle the security risks of privileged access and zero-day attacks. Our innovative solution is to drop the hands-on approach to infrastructure management and move fully into software development life cycle methodology, managing our security tools and infrastructure with infrastructure as code (IaC). This approach improves auditability, consistency and reliability and enables automated security checks to run before infrastructure or policy changes are provisioned to production.

Successful execution is a balancing act. Our security team has to set a high minimum threshold for our customers, while equipping them with options and tools to achieve their risk appetite and fine tune how they want to go to market with their customers. We then come back around and offer best practices and guidance on their policies, alerting them if one of those policies falls short of the benchmark. We don't get to make all of our security decisions in a silo, considering only what's best for Q2. We’re always thinking about the broader ecosystem. 

Q2 is a mission-driven organization and the security team is intrinsically motivated to stand up to the bad guys. We work long hours in a daily battle to stay ahead of the curve and one step ahead of the threats. To that end, we’re at the forefront of protecting against the coming threat of quantum computers. The OnCon Icon Award is a positive reminder that what we do matters and that we are making a difference.