Arthur Hinds, CompSci Alum, Protects TD Bank Customers from Digital Thieves

When someone's job is to protect more than a trillion dollars, you take their advice on cybersecurity seriously — so we should listen to Arthur Hinds '17, TD Bank Group's global head of threat defense operations, who approaches his job by remembering basic lessons learned at NJIT and staying on top of the latest cybersecurity automation tools.

Hinds took a non-traditional route to becoming a Highlander. He was born in South Korea, moved to the U.S. and spent a decade working in bars, restaurants and hotels before starting at Hudson County Community College, ultimately transferring to New Jersey Institute of Technology and earning a B.S. in computer science.

"I was pretty sure that I wanted to be a software engineer and developer and followed all the major trends. I was really aligned with the startup culture and thought that was what I was going to do," Hinds explained. But then, "I took Professor Curtmola's class in crypto and I really just started to like it … It sparked a huge interest for me."

Freelance work and an internship out of school led Hinds to employment at a consultancy. "The firm I was with, it was applications security, so we did the full gamut. Things like penetration testing and code review. As I moved and matured in my career, it moved from pen testing, offensive security, into program maturity and understanding where companies were at, really more management," he noted.

"It is fun. Some people have a breaker mentality. Some people have a builder mentality. For me there's a combination of both, to be someone who can identify weaknesses in software systems, protocols and procedures, whatever it is. You can be good at that without knowing how to build it, but if you do know how to build it, or if you have built those types of things, then you can be even better at it," Hinds observed, adding that he works in languages such as Python, C and banking-industry stalwart COBOL. "So to me the really interesting thing is you get to unwrap the covers of how something is, and put yourself in the shoes of those who built it, in order to break them. But certainly it's not like what you see in movies and TV."

"I use many of the fundamental lessons that I learned at NJIT, in my professional career, all the time. I use the computability theory. I use that a lot in security when someone tries to apply the wrong fit, in terms of I'm going to try and do something, transform data in some way. But they didn't do it in a way that matches the computability theory's modeling, like regular expression to regular language, versus context-free grammars. When they try to do it that way then they end up with a mismatch in size of language, and then suddenly you're open to an exploit potentially. The computer's only as smart as you're making it at that moment, and those negative use cases sometimes result in vulnerability. I learned that at NJIT in my classes and I use it professionally all the time."

In technology trends, Hinds is most excited about machine learning and automation tools, and their ability to massively increase a programmer's productivity. "I think there's a lot of enrichment to enable people that's happening right now," he said, noting that it's long been easy to acquire attack technology, but now the pendulum may swing back in favor of defenders because the new tools make their role less reactionary.

What's his dream job? "I would say I'm almost living that right now, just because it's ever evolving. What I'm doing is really fun. I enjoy it a lot. I'm learning new things all the time," Hinds said. And he's not tied to a desk: his home office is in Manhattan, although he talked to NJIT News from Singapore, where he was traveling to meet with a TD security team there.

But his favorite thing right now is that his work makes a difference. He cited the 2021-2022 Log4Shell attack, one of the worst computer vulnerabilities ever discovered. He was empowered to quickly bring together diverse security experts who otherwise might never have collaborated. "We were able to position our defenses well. There are numerous lines of defense when we're talking about attackers who are trying to exploit, for any company. We follow industry standards-plus, as much as we can."

Hinds said he has fond memories and life lessons learned from Ying Wu College of Computing faculty including Curtmola, who leads the Cybersecurity Research Center; Professor and current department chairman Vincent Oria; and Associate Professor Andrew Sohn. He recalled the most important ones, applicable to undergraduates and global banks alike: "There are some appropriate urgency lessons," Hinds said. "You do have to really care. You have to make yourself about it, even if it's manufactured urgency on those projects. They pay back 10,000 fold. If you're not willing to do that [in college] then when are you going to start?"