Cybersecurity Expert Patrick Keating Knows How to Beat Banks’ Online Threats
Cybersecurity leadership isn’t often born behind a drum kit. But for Patrick Keating, music, rhythm, improvisation, and precision became the foundation of a remarkable career protecting banks from a continuous onslaught of dangerous digital threats. Now President and CEO of Keysec Advisors, the former bandmate is a trusted advisor to community banks and financial institutions navigating the ever-evolving landscape of cyber risk.
I’ve always been about fixing and building things. That goes back to my band days. You learn fast when there’s no backup plan—and that translates directly to how I lead security programs.
— Patrick Keating
His insights are clear, but his journey to the C-suite was anything but predictable.
A Measured Path Forward
Keating’s story starts in a tiny Cherry Hill, N.J., bedroom not far from where he lives today. Amid the neighborhood sounds of stickball and songbirds came a louder rhythm—Keating and his brother hammering out tunes on guitar and drums, thanks to a patient mom who let them fill their modest bungalow with noise and ambition.
“I had a full drum set crammed into a room smaller than a prison cell,” he laughs. “And a half-stack amp—because of course I couldn’t go with a small speaker.”
Drumming took hold in seventh grade, after he saw his school jazz band perform Sing, Sing, Sing. “That five-minute solo blew my mind,” he recalls. “I told my mom, ‘I’m going to play drums.’ She rolled her eyes. But I meant it.
CAPTION: Sing, Sing, Sing by Benny Goodman, via YouTube – the song that blew Keating’s mind
”Soon, Keating wasn’t just performing, he was promoting. He booked bar gigs, ran the band’s MySpace page (in all its retro glory), and pushed original songs. “That was my first look at the business side of something creative. It taught me the power of messaging, knowing your audience, and presenting yourself clearly, skills I use every day in cybersecurity consulting.”
He adds, “Whether I was trying to convince a booking agent to give us a Friday slot, or a CEO to greenlight a security protocol, it came down to the same thing: influence. Can you make people care about what you’re saying?”
Various Gigs
Keating considered a financial services career early in his professional search. He recalls, “I interviewed for a PNC Bank teller slot while I was still heavily into the band. I had hair down the middle of my back. They told me to cut it if I wanted the job. I figured the change to my look for the sake of a career move wasn’t a big deal and that I was okay with it.”
That adaptability landed him the role.
Two years later, he migrated to Sterling Bank, again serving bank customers from behind a teller window.
From there, Keating left the financial services industry to give healthcare a try. It was something of a legacy industry for him; several of his family members had succeeded in that line of work and they enthusiastically presented it to Keating as a worthy career option.
Roughly three years after graduating high-school, Keating took a position at a local hospital as an orderly. But his launch into the medical profession fell apart almost immediately.
Modulating to IT
“The day before I was to start,” Keating recalls, “I was playing basketball and broke my ankle.”
He showed up anyway, hobbling on crutches. Unable to keep up with the other new orderlies, he was reassigned—thanks to a casual mention that he “knew something about computers.”
“They put me in a Q&A area to test core systems. It was pretty mindless, but I was competent enough to do it.”
Then came a twist of fate.
“I was working alone during lunch when the phone rang and rang. Everyone else was at the cafeteria—crutches made that a no-go for me—so I finally answered it.”
A woman on the line needed printer help, just two doors down. He came to her aid, fixing “…something minor—a print queue issue maybe—but she was super grateful.”
Later that day, Keating’s supervisor walked in.
“Do you know who you helped?” asked Keating’s boss. “That was the CEO’s executive assistant. She’s now singing your praises.”
It changed everything. “After that,” Keating says, “people started asking if I was into computers. And I was.”
A Banking Encore
Looking to interweave his tech abilities into his financial skills, Keating returned to Sterling Bank as a part-time computer operator. He was excited about the new opportunity for reasons that included a professional step away from healthcare. “As it turned out, I’m icky around blood,” he admits.
“I realized I could speak three IT languages—technology, frontline and executive,” Keating explains. “A lot of IT folks struggle to talk to boards. And a lot of execs don’t understand tech. And if we are being honest, the frontline folks don’t exactly love it when the IT guy takes over their computer for 20 minutes to run patches and updates with little understandable explanations. So, understanding this, I naturally became a translator.”
He eventually ran Sterling Bank’s IT department and helped lead the bank through a complex acquisition. “I had to remap thousands of customer IDs live. At that time, Sterling Bank wasn’t using full ID numbers in customer records. They were using digit numbers.
There were significant risks if this didn’t work correctly. Customers could go dark, payments might not get made, customers service reps in the branches would get hundreds of calls from angry customers.
The Bank’s reputation was on the line; my reputation was on the line- just to give you an idea of the kind of pressure I was under.
“So, I figured I could create a code to remove two zeros from the middle of every customer’s ID number. But I had to run it live.
“I practiced to make sure my code was good. I worked out all the kinks until I was sure it was good.
“I was prepared to do this. I remember getting the final file that I had to execute.
“But before I did it, to be completely honest, I thought Okay, I’m going to throw up and then come back and do this. That’s how high the stakes were.
“I did the final review of the code, executed it, got the file, sent it out, and waited.
“After about 10 minutes, I got the call: ‘All right. Good to go. We look solid. Q&A tested. We’re fine.’”
The update worked flawlessly. As steady handed as Mission: Impossible’s Ethan Hunt knowing precisely which wire —red or black—to cut on a ticking time bomb, Keating’s instincts were spot on.
Movies where someone has to defuse a bomb is a great analogy for the world of IT. No one outside the room ever knows how close you come to disaster. That’s IT. That’s just a moment in the life of information security.
— Patrick Keating
Maintaining Harmony from the Inside
Later, as CISO at Sun National Bank, Keating inherited a department under a formal agreement. The OCC report stated that the bank needed to build an information security management system. He recalls, “They basically didn’t have a program that would be even considered baseline,” meaning he had to build policies, procedures, and proper overall governance, a vulnerability patch management program, and security awareness training, all from the ground up.
“I got the OCC report and thought, ‘I made a mistake taking this job.’ I called my wife and said, ‘I don’t know if I can do this.’ She said, ‘Just go in for one more day.’”
That “one more day” turned into an 18-month transformation, far less than the three-year window typical for this kind of project.
“That experience taught me: You don’t have to be perfect. Just make things better, one piece at a time. That focus on the short term rather than trying to get my arms around all the issues at once actually saved time throughout the entire project,” he states.
The rapid turnaround had no ill effect on the overall quality of the work completed. He had a 98 percent reduction in open vulnerabilities, reducing cyber risk dramatically, among other positive outcomes.
From Operator to Advisor: A Career Reinvention
After leading bank turnarounds and or ground-up programs for Sun National, Sterling Bank & Trust, and Capital Bank of New Jersey, Keating launched Keysec Advisors to support banks that don’t need—or can’t afford—a full-time CISO.
“The number one threat to any community bank is still someone clicking a bad link. And that includes CEOs.” This fundamental vulnerability often exposes banks to the latest banking scams that target both employees and customers.
That’s why Keating relies on monthly phishing simulations. “I don’t just send the same email. I vary it—sender, urgency, context. Hackers don’t repeat themselves, so neither do I.”
He doesn’t shame employees who fall for test emails. It’s his philosophy on security culture that truly makes a difference:
It’s not about punishment. It’s about behavior. One of my favorite moments is when a teller says, ‘You’re not going to trick me this time.’ That’s when I know they’re paying attention.
— Patrick Keating
Having All Players Reading from the Same Score
Keating insists that cybersecurity must be part of daily culture—not just a policy.
“One of the first things I tell CEOs is: Put cybersecurity on the meeting agenda as an item. Not under IT. Give it its own bullet point. That prominence sends as signal: This matters.”He sends out monthly “top three tips” emails and encourages gamified learning. “It’s like trivia at lunch. Fun, but meaningful. That’s how you build good habits.”
He’s firm but fair. “I’ve had execs say, ‘Give me the names of everyone who failed the phishing test.’ I push back. A single click isn’t the issue. It’s the repeat offenders. That’s where you intervene.”
As a result of his vast and varied experience, Keating has honed an innate ability to assist financial service providers across all their needs and levels of technical understanding and successfully provide counsel. In the same manner in which he once interpreted music to instrumentalists, he now deciphers technology’s most complex specificities for everyday users in banks and financial institutions across the U.S.
His once shaggy hair may have ceded to a more professional hairstyle, but his inspirational creativity to problem-solve is just as powerful as it was during his music heyday.
A Trio of Cyber Vulnerabilities
Across hundreds of bank assessments, Keating sees the same three weak points again and again:
- Poor patch and vulnerability management
- Weak endpoint detection and response (EDR)
- Inconsistent or misconfigured multifactor authentication (MFA)
“If you’re missing any of those, you’re leaving the door open,” he says. “That’s the ransomware kill chain—phishing, lateral movement, privilege escalation. Break the chain early, and the attack fails.”
Even banks with outsourced cores aren’t safe. “Ransomware doesn’t care who runs your core. If your phones are down or you lose access to email, you’re out of business.”
Accompaniment by the Board
Keating also trains boards directly. “Yes, even the directors need phishing training. I’ve had board members blithely click links and some who refuse to be included. But here’s the truth: You are the whale. You’re who the attackers want.”
He emphasizes communication and trust. “If I can explain to someone why MFA is annoying now but prevents disaster later, I’ve done my job.”
Conducting Business Safely from the Top
His message to leadership is clear: “Don’t treat cybersecurity as an IT expense. It’s a separate business risk and can be a business enabler. Done right, it protects revenue, trust, and brand.”
When it comes to embedding security into the fabric of a bank, Keating emphasizes the continuous nature required:
If you do Security training once a year, that’s not in your bank’s culture. That’s an event. Culture is what happens every day.
— Patrick Keating
Final Measures
Keating brings the same passion and discipline to cybersecurity that he once brought to his high-school drum solos.
“Everything is learnable. Everything is fixable. If you take it one step at a time—and you’re willing to get uncomfortable—you’ll be amazed at what you can accomplish.”
That’s the beat he brings to every client. And in today’s threat landscape, it’s the kind of rhythm banks can’t afford to ignore.
