Day in the Life, Member Exclusive

‘Our profession has a high burnout’: A day in the life of Paul Tucker, chief security and privacy officer at BOK Financial

  • Paul Tucker started out in marketing before transitioning to IT and information security.
  • This is a day in Tucker’s life as he leads a team of cyber defenders against the world’s hackers.

Email a Friend

‘Our profession has a high burnout’: A day in the life of Paul Tucker, chief security and privacy officer at BOK Financial

Paul Tucker is the senior vice president and chief information security and privacy officer at Bank of Oklamoma (BOK) Financial. In this role, Tucker leads the cybersecurity team responsible for the bank’s efforts to protect information important to the bank’s operations while ensuring the bank’s overall cyber resiliency and its customers’ privacy.

Tucker’s a native Oklahoma boy -- his kids are fourth-generation Oklahomans, and Tucker’s pretty deeply invested in the community, having run the local youth club for a decade as one of his community interests. Though he graduated with a marketing degree, he didn’t feel like that kind of work was a good fit for him. His best friend, on the other hand, worked in technology and helped him transition to working with computers and IT. Tucker eventually worked his way into multiple security positions, and ultimately into management. 

As chief information security and privacy officer, Tucker oversees cybersecurity, risk management, data privacy and online digital security solutions for ten markets -- but all of that can be a mouthful. If you ask Tucker, he sees himself as a hero in a good-versus-evil, hero-versus-villain epic.

“I tell people that I lead a group of cyber defenders who protect consumer money and data from hackers,” says Tucker. 

Tucker is usually awake by six in the morning. He spends the first hour of his day consuming a breakfast of eggs and turkey while mulling over research articles that help him become a better leader. On his 25 minute commute to work, Tucker sometimes listens to music, TED Talks or podcasts on topics he knows nothing about. Sometimes it will be on something as benign and inconsequential a subject as gardening. Other times, he’ll find himself diving headfirst into a subject that’s in direct opposition to his personal positions. 

“That way, it’s not about cybersecurity,” says Tucker. “As passionate as I am about this profession, it can start to wear on you.”

About the time everyone gets into the office, they have what is called a ‘common operational picture’ meeting.

“It’s a military term,” says Tucker. “Generals used it as a concept to collaborate and give situational awareness to their teams.”

Tucker very much sees himself as a general, his team as his soldiers and the meeting as an exercise in cybersecurity war games. Between 8:30 am and 9 am for the past 15 years, Tucker holds these meetings to go over attacks that BOK Financial experiences or fends off over the past 24 hours. They also dissect attacks experienced by other companies to make sure those don’t happen to BOK. 

The rest of his day can be divided into three buckets -- meetings, emails, and phone calls and powerpoints.

Tucker receives a ‘tremendous amount of threat intelligence’ in his inbox from firms like The Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry consortium dedicated to reducing cyber risk in the global financial system.

Growing up in sports, Tucker developed a harsh competitive streak and he’s carried that competition to the workplace. He says it’s really helped him develop ‘tremendous grit’ in this job. 

“Attacks can come millions of times a day. We have to be right millions of times,” says Tucker. “The hacker just needs to be right one time.”

He says that when he was working in IT, his adversary would have been whatever technological challenges the hardware or software would throw at him -- which he found pretty monotonous and safe. Now that he works in information security, he’s directly interacting with someone who’s trying to do him and his company harm. 

“[In cybersecurity] there’s a human on the other side who’s my adversary who’s trying to get something that I have that I don’t want them to have,” says Tucker. 

Tucker is also often fielding calls from project leaders and working on a digital roadmap for these projects that need a level of cybersecurity. So when a new product is deployed, it is a secure product. Similarly, he’s also tasked with several managerial responsibilities that include governance meetings to comply with regulators as well as internal and external audits. He’s also often dealing with customers or clients who’ve read the news on ransomware and want to know how the bank is mitigating privacy and security risks.

Tucker admits the job is extremely stressful.

“If you don’t manage it appropriately, it can definitely consume you,” says Tucker. “Our profession has a high burnout.”

To keep himself grounded, Tucker visits the local YMCA four nights a week to take exercise classes with friends who promise to hold each other accountable. Three of those four nights he does yoga. In his spare time, often on the weekends, Tucker will gather the wife and kids and take their newly bought camper to a nearby lake -- a great way to disconnect, considering there’s usually no cell phone coverage in those areas. He and his family have gone on these getaways 10 times during the spring. 

Despite the high pressure, there’s little Tucker would change about his job. 

“I’ve been doing this for 23 years and I can’t imagine myself doing anything else,” says Tucker.

0 comments on “‘Our profession has a high burnout’: A day in the life of Paul Tucker, chief security and privacy officer at BOK Financial”

Data Snacks, Member Exclusive

Data Snack: Almost half of Gen Z use social media as their primary source of financial advice

  • The next generation of Suze Ormans is popping up on TikTok, teaching young Americans how to manage their personal finances.
  • And Gen Z is certainly listening, which tells us why they do banking differently than their parents.
Lindi Miti | February 07, 2023
10-Q, Member Exclusive

Visa vs Mastercard: Who performed better in Q4 2022?

  • The 10-Q newsletter is now part of your Tearsheet Pro subscription, and we're excited to bring you the brand new look of the weekly 10-Q newsletter.
  • Results for Visa and Mastercard's quarter ending 31 Dec 2022 are in – let's take a look.
Sara Khairi | February 06, 2023
Member Exclusive

Tearsheet Briefing: Fintech changed consumer finance — how are regulators thinking about this?

  • Welcome to the first Tearsheet Briefing, featuring weekly insights from our reporters on the intersection of finance and technology – exclusively for Tearsheet PRO members.
  • In our first briefing, we're exploring how the entry of fintech and non-bank firms has added complexity to the financial system, and its implications from a regulatory standpoint.
Sara Khairi | February 03, 2023
Announcement, Member Exclusive

Welcome to the Tearsheet PRO Newsletter

  • We're excited to introduce our new member-only newsletter, featuring fresh and exclusive content from Tearsheet Editors Zack Miller and Iulia Ciutina.
  • Tearsheet PRO is designed to connect the dots, challenge conventional thinking, and keep your finger on the pulse of established and emerging trends. In your inbox every Wednesday.
Iulia Ciutina | February 02, 2023
10-Q, Member Exclusive

Weekly 10-Q: Check cashing fees are getting an overhaul from New York’s financial regulator

  • The New York State Department of Financial Services is putting into practice an updated check cashing regulation following the proposed regulation announced in June last year.
  • And, feeling the heat of the economic downturn, JPMorgan's board has decided that CEO Jamie Dimon will take home the same base pay in 2023 as he did last year -- with no special award or bonus.
Sara Khairi | January 31, 2023
More Articles