Artificial intelligence will keep wealth and investment management services firm JM Finn secure, and with careful consideration of the business requirements, deliver business process improvements. Jon Cosson, Head of IT and CISO for JM Finn, was at the recent Nutanix .Next conference in Chicago, USA, and answered our questions on how he is balancing increased security, infrastructure modernisation and AI opportunities.Q: Before we discuss AI, since joining JM Finn in 1999, you have carried out a significant modernisation of the technology infrastructure of the financial services organisation, to meet the needs of AI, and your organisation. Have you continued to modernise the infrastructure?Cosson: In the last quarter, we completed the latest refresh. We carry out an infrastructure refresh every four to five years. We continue to operate a mixed environment, we are 70% on-premise and 30% in the cloud, and find this is the best fit for the business, as we know we can protect the crown jewels, our data.Q: Will that approach to infrastructure change as your business begins to use AI?Cosson: When we need extra power to run AI or for large processing, we are looking at keeping the governance with encryption, so we can use GPUs, but keep control of the data. I expect we will manage the compute and the large language model (LLM) from our own data centres.Q: Your most recent infrastructure refresh, did that enable you to rationalise your technology estate?Cosson: We had some IBM legacy systems that were 20 years old. They were serious number crunchers for the business, but we have now retired these and moved everything onto a Nutanix environment. This was the last piece of legacy technology to replace, and it did create a lot of anticipation, but the move went well, and those processes are now on Microsoft SQL on Nutanix managed virtualised infrastructure.We are getting improved resilience and savings as we have shut down one part of the data centre, and that means we generate less heat, use less power, and save space. JM Finn has gone from 20 racks to six that are running hundreds of virtual servers, using 15 nodes, and yet the workloads have increased.Q: You are also the CISO for JM Finn, is AI a worry for you?Cosson: We have been using AI for over 15 years as our cyber security is based on it for threat detection. With cyber security, if you see the threat, it is already too late. We humans are not quick enough to intercept something that moves so quickly. The attacker could be using AI to propagate and hide, so you must have AI. In cyber security, you need the latest cutting-edge technology because the bad guys are using it, which means you have to think outside of the box, and that is why AI is so important.Q: As well as the technology to defend the organisation, what else as a CISO do you have to consider?Cosson: The supply chains of the organisation, you have to know who your suppliers are using to carry out tasks for your organisation. It is not good thinking, oh, that partner is in Canada, for example, and leaving it at that, you have to know who their suppliers are. It is about knowing where your data is, and making sure it is always possible for you to control the data and be able to demonstrate that you are in control.That means data sovereignty is very important to JM Finn, we have to align with the General Data Protection Regulation (GDPR), especially as our clients are high-net-worth individuals, so I need to know exactly where our data is.Q: You mentioned the customers of JM Finn, I assume this means they demand 100% accuracy, does that pose a problem for AI and its propensity to hallucinate?Cosson: I like to approach AI with the words of former US President Ronald Reagan, ‘you have to trust, and you have to verify,’ and that is how we have to look at technology. Use it, but verify. Q: What shaped that view?Cosson: I love cars, and in a modern car, you have a button you can push, and the car will park itself. You are in the car, and if the car hits somebody, you cannot say it was the button that hit the person; you are in charge of the car, and you make the decisions.Q: So what do you need to do as a technology leader to ensure AI can be trusted and verified?Cosson: We need to make sure that the data is right, categorised well, stored correctly, and with good sovereignty. Then you can let AI do what it does well, as AI needs good data.Q: How is AI challenging your organisation?Cosson: We are having to educate both our staff and our clients to be extra vigilant. We have seen emails that are so believable, also voice cloning, and it has come on leaps and bounds.But AI is also an opportunity, we use AI for research, for example, you don’t need to spend hours searching for data. As an organisation, we have to make sure that the tools don’t dictate to us. People don’t want to talk to a computer in brokerage, you need a human.Returning to cyber security, though, you don’t have that luxury; you have to block first and then ask questions.Q: Can the AI and tech sector learn from financial services?Cosson: In stock broking, when you make a trade, you go out to the market and look for, say £100,000 worth of shares in a major telco, and you find the best deals; that is called market making, and much of it is automatic. I think the same will happen with data and compute processing. As a CIO, you will see that you have a large load coming, and the system will look for the best rate to process that. Mark ChillingworthEditor & FounderHorizon Digital Leadership NetworkYes