Rohbair Jean, CISO at American Financing, brings a seasoned and grounded perspective to the cybersecurity landscape in one of the most regulated sectors in the U.S.—the mortgage industry. With responsibilities that span multistate compliance, cyber risk mitigation, AI adoption, and vendor oversight, Rohbair exemplifies a pragmatic, business-aligned security leader. In this episode, he and Matthew Connor dive into the evolving responsibilities of CISOs in small to mid-sized organizations, where tight budgets meet enterprise-level risk.
From dealing with legacy systems like Vista to leveraging MDRs and third-party vendors, Rohbair emphasizes a realistic, risk-based approach to cybersecurity. His perspective is shaped by the balance between ideal security practices and what a business can realistically support—advocating for honest communication with leadership and shifting from "no" to "yes, and here are the consequences."
Here’s a glimpse of what you’ll learn:
- Why compliance is just the starting line—not the finish line—in cybersecurity
- How to build a mature vendor management program even in a lean IT team
- Creative strategies for using MSSPs, MDRs, and AI to monitor risk affordably
- Why tabletop exercises can reveal blind spots in your security plan
- How social engineering remains the most effective tool for attackers
- Using AI to enhance employee security awareness and detect anomalies
- Why legacy systems like Vista still exist and how to handle them smartly
In this episode…
Rohbair Jean sheds light on the unique challenges of securing a mortgage company operating across all 50 states, each with different regulatory requirements. He discusses how compliance often trails behind real-world threats, urging leaders not to treat frameworks like NIST or GLBA as finish lines but as baselines. His advice? Use compliance as a springboard and then build resilience through layered defense and cultural awareness.
The conversation shifts to vendor management, where Rohbair outlines a thorough, cross-departmental approach. He details how American Financing uses external platforms to track third-party risks, conducts mid-year reviews, and leverages SOC 2 Type 2 certifications to vet vendors. He reminds listeners that breaches tied to vendors, as seen with Target and Home Depot, will always put the brand itself on the hook.
On vulnerability management and tooling, Rohbair makes a compelling case for using MSSPs and MDRs to keep pace with threats without breaking the budget. He names Arctic Wolf, Rapid7, and SentinelOne as providers that offer strong value, particularly for organizations that can't afford to staff a 24/7 SOC.
Finally, the discussion turns to AI—both its promise and its peril. Rohbair notes that AI has improved anomaly detection and employee training, but it has also dramatically expanded the attack surface. With deepfakes and voice spoofing now entering the scene, he predicts identity and access management will become the new frontline of defense. Yet despite the risks, Rohbair remains an optimist: "Our best days are still ahead of us."
Resources mentioned in this episode:
Matthew Connor on LinkedInCyberLynx
Rohbair Jean on LinkedIn
American Financing Website
Sponsor for this episode...
This episode is brought to you by CyberLynx.com
CyberL-Y-N-X.com.
CyberLynx is a complete technology solution provider to ensure your business has the most reliable and professional IT service.
The bottom line is we help protect you from cyber attacks, malware attacks, and the dreaded Dark Web.
Our professional support includes managed IT services, IT help desk services, cybersecurity services, data backup and recovery, and VoIP services. Our reputable and experienced team, quick response time, and hassle-free process ensures that clients are 100% satisfied.
To learn more, visit cyberlynx.com, email us at help@cyberlynx.com, or give us a call at 202-996-6600.
