Alan Daines Centralizes Cybersecurity at FactSet

FactSet CISO Alan Daines draws on his security expertise to rebuild the company’s cybersecurity from scratch

Alan Daines, FactSet Research SystemsPhoto: Jake Grubman

It wasn’t until Alan Daines went into management that he started noticing peculiar changes around him. “When you don’t manage people, you don’t appreciate what makes someone effective,” the senior vice president and chief information security officer at FactSet Research Systems says. “You may look around you and make judgements on people’s performance based on your own perception of their intellectual capacity or their technical expertise.”

But, the first year that Daines turned into a leader, that all changed. In the leadership calibration process and examination of the way that other leaders approached their own team members, Daines says assumptions went right out the window.

“People I assumed would be rock stars on their teams were actually struggling,” Daines says. “Those who seemed average, at best, turned out to be rock stars.” It taught Daines an enduring lesson: the smartest and the loudest isn’t always the most effective. And one who has solved fifteen problems but not the single problem they were tasked to tackle is not an overachiever, Daines says. “You’ve actually failed.”

The SVP has spent his career helping build effective teams who take a proactive approach to cybersecurity, offering up far more than bare-bones risk mitigation. In coming to FactSet, Daines has been able to architect that building from square one.

A Willingness to Grow the Hard Way 

The CIO’s most significant growth has come from his capacity to effectively accept and integrate feedback. “I’ve gotten some very good but very tough and constructive feedback many times in my career,” Daines admits. “I could have reacted in many different ways: fighting, resisting. But, I looked at them as a way to make me better and improve.”

He admits that the emotional component of taking criticism can be a difficult one to navigate, but that upon reflection, resisting the urge to respond emotionally was always the best decision.

It was the same dedication to personal growth that lead Daines to FactSet in 2018 after spending nearly twenty years in a multitude of roles at Dell. He had the most senior cybersecurity position, amassed a number of accomplishments, and built the organization that was up to 350 people when Daines departed Dell. “But,” he says, “I’d never built anything from scratch.”

“FactSet’s clients are some of the biggest financial industries in the world. We have the opportunity to differentiate ourselves by how we do security here.”

Cybersecurity From Scratch

At the C-suite level, Daines says the chance to have complete autonomy in building out a function was just too much to pass up. The forty-year-old financial and data company was flush with internal technical and security expertise, but it was siloed and unaligned.

“A reorganization was necessary, and the company needed to centralize and upscale their security,” Daines says of FactSet. “Our clients were developing a great expectation of a centralized security model, and the opportunity to build that with complete autonomy and support from the organization was very attractive.”

Had Daines chosen to leave Dell any earlier, he says it might have been a much more daunting task. But Dell’s 2016 acquisition of EMC was a perfect primer for rebuilding a security organization. It included the stripping down of every function, the rebuilding of those functions, and the restructuring of the teams within those functions.

And it was more than EMC. Daines says the amount of transformation that occurred at Dell over nearly two decades made organizational effectiveness a point of passion for him. “That’s why in coming to FactSet, it’s really exciting to look at the business problems and see how security can potentially be the solution,” Daines says.

He says he understands many may see security as no more than a behind-the-scenes function whose sole capacity is just to keep make sure nothing breaks. “But FactSet’s clients are some of the biggest financial industries in the world,” Daines says. “We have the opportunity to differentiate ourselves by how we do security here.”

Permission to Disrupt

Daines says that one of the most interesting components of driving change at FactSet is the fact that the culture is so safety guarded. The CIO’s own interview process included two separate meetings with the CEO and countless other members of the organization to make sure an “industry hire” would be a good fit for a company whose leadership is primarily composed of people who started out in entry-level positions at FactSet decades ago. “My personality is highly collaborative, and I think that was part of my appeal to the company,” Daines says.

The leader says that in communicating the major challenges to tackle to stakeholders, he’s making sure that all parties understand progress is about the completion of agreed upon initiatives. Going rogue just isn’t an option.

“I don’t care about the fifty other things you’re doing. These are the issues that matter,” Daines says. It’s the only issue where the CIO doesn’t welcome feedback.