In this episode, Ed Nell is joined by Leanne Wilson, Senior Technical Delivery Manager and Security Consultant at Vertali, to explore the Digital Operational Resilience Act (DORA) and its impact on the financial sector. Leanne unpacks the regulation’s key pillars, risk management, third-party oversight, and operational resilience and discusses how financial institutions can approach compliance without getting overwhelmed. From mapping IT ecosystems to realistic penetration testing, she emphasizes that DORA isn’t just about compliance; it’s about building a culture of resilience.

Key Takeaways

DORA Is a Mindset, Not a Checklist: Leanne emphasizes that real compliance goes beyond ticking boxes. Organizations must embed resilience into their culture, with board-level accountability and continuous review.

Visibility Is the Starting Point: Before institutions can manage risk, they need full visibility of their IT estate, including cloud infrastructure, third-party systems, and sprawling enterprise networks.

Third-Party Risk Is Business Risk: With complex and interconnected supply chains, third-party vulnerabilities can quickly become internal issues. Early-stage procurement and contract clauses are vital for control.

Simulate Chaos, Not Comfort: Effective operational resilience testing should mimic real-world disasters. Tabletop exercises alone aren’t enough, organizations must test systems, people, and processes under pressure.

Mainframes Must Be Included: Mainframes often do the financial heavy lifting, yet are overlooked in many cyber strategies. DORA-compliant testing and risk planning must cover these critical systems.

Best Moments

“Start small, gain visibility, and make resilience a shared responsibility across your organization.”

“If your vendor gets hit, and they’re part of your operations, it becomes your problem very quickly.”

“You can’t protect what you can’t see. Visibility and ownership are the foundation.”

“Resilience isn’t a department, it’s an organizational capability.”

“Pen testing should be specific. A mainframe needs a mainframe expert—not someone used to testing laptops.”

About Vertali

Vertali is a leading cyber security company specialising in IBM® mainframe infrastructure. With deep expertise, innovative software, and trusted resources, Vertali supports organisations across the UK and globally, particularly in finance, retail, utilities, and government sectors.

100% focused on mainframe systems, Vertali helps organizations secure and optimize their operations. By combining advanced technology with expert insights, Vertali delivers powerful cybersecurity solutions and consulting services that protect against evolving threats. Driven by a proactive approach, Vertali enables businesses to build resilient systems, safeguard sensitive data, and maintain smooth, uninterrupted operations in the face of cyber risks.

About Leanne Wilson

With more than a decade’s experience in mainframes, systems engineering and cybersecurity, Leanne leads Vertali’s technical delivery of mainframe security and infrastructure projects. Her focus is on helping organizations to secure, protect and optimize their infrastructure and related applications. An ISACA Certified Information Security Manager (CISM), Leanne has an MSC in cybersecurity, regularly presents at industry events, and writes articles for channels including SHARE’d Intelligence, Planet Mainframe and TechChannel.

Hosted on Acast. See acast.com/privacy for more information.