In this interview from the AWS Financial Services Symposium 2025, Jessie Skibbe, head of AWS Security Assurance Services (SAS), and Brian Jakovich, managing director at Vertical Relevance, join theCUBE Research’s Dave Vellante and Scott Hebner to examine how financial institutions can accelerate cloud adoption without sacrificing security or compliance. They unpack the SAS mission to close cloud-migration risk gaps that traditional controls miss, detailing how the service converts frameworks like FFIEC, OCC and SEC Reg SCI into prescriptive, “secure-by-design” blueprints that win rapid sign-off from bank compliance teams.
Skibbe and Jakovich dive into the partnership model, outlining how Vertical Relevance’s deep engineering bench amplifies SAS value by packaging preventive guardrails, detective alerts and policy-as-code patterns into reusable solutions for high-stakes workloads – such as real-time payments. They share metrics boards care about, showing how governance automation can trim weeks off migration timelines while lowering total cost of ownership, and explore the role of generative AI in modernizing legacy estates, personalizing customer engagement and scaling operations across complex financial domains.
Looking ahead, the duo previews the 12- to 18-month roadmap: expanded attestations, tighter service integrations and new controls to keep pace with emerging regulatory demands – all designed to let dev teams innovate fast, stay secure and deliver long-term value. From ROI proof points to future-proof governance, this conversation is a playbook for financial leaders seeking speed, security and regulatory confidence in the cloud.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
AWS Financial Services Symposium 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For AWS Financial Services Symposium 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for AWS Financial Services Symposium 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
AWS Financial Services Symposium 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to AWS Financial Services Symposium 2025
Please sign in with LinkedIn to continue to AWS Financial Services Symposium 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Jessie Skibbe, AWS & Brian Jakovich, Vertical Relevance Inc.
In this insightful session at the AWS Financial Services Symposium, Dave Vellante and Scott Hebner of theCUBE engage with Chris Parrish of SAS. They explore the integration of artificial intelligence (AI) in the financial services sector, providing a comprehensive examination of how SAS facilitates this transformative journey.
Parrish brings a wealth of expertise from SAS, offering insights into the company's strategic direction and AI applications. With Vellante and Hebner, the discussion covers a broad range of topics, including the role of large language models, agentic AI, and the challenges and opportunities these elements present to the financial services landscape.
The conversation highlights SAS's resilient efforts to evolve traditional data analytics by incorporating innovative AI solutions. Parrish emphasizes the importance of trust and governance in deploying AI technologies effectively, attributing this to the unique verticalization and domain-specific approaches SAS employs. They discuss these facets with theCUBE analysts and share insights from SAS.
Jessie Skibbe, AWS & Brian Jakovich, Vertical Relevance Inc.
Jessie Skibbe
Head of AWS Security Assurance Services, LLCAWS
Brian Jakovich
Managing DirectorVertical Relevance
In this interview from the AWS Financial Services Symposium 2025, Jessie Skibbe, head of AWS Security Assurance Services (SAS), and Brian Jakovich, managing director at Vertical Relevance, join theCUBE Research’s Dave Vellante and Scott Hebner to examine how financial institutions can accelerate cloud adoption without sacrificing security or compliance. They unpack the SAS mission to close cloud-migration risk gaps that traditional controls miss, detailing how the service converts frameworks like FFIEC, OCC and SEC Reg SCI into prescriptive, “secure-by-design...Read more
exploreKeep Exploring
What industries does the specialized team of industry certified auditors at AWS primarily work with in terms of compliance and regulatory obligations?add
What are the key focuses of Vertical Relevance's partnership with AWS and their work with financial services clients?add
What were the outcomes of the work done alongside Vertical Relevance in terms of speed, cost savings, and efficiency?add
What is a common challenge for customers in the financial services industry who are wanting to integrate AI into their workflows?add
What industry is often seen as a leading indicator for the possibilities of technology due to its complexity in security and regulation?add
Jessie Skibbe, AWS & Brian Jakovich, Vertical Relevance Inc.
search
Scott Hebner
>> Hello, everyone. Welcome back to thCUBE's continuing coverage of the AWS Financial Services Symposium 2025 in New York City. I'm Scott Hebner, and I'm here with Jessie Skibbe, the head of AWS Security Assurance Services; and Brian Jakovich, the Managing Director at Vertical Relevance, an AWS partner specializing in digital transformation in the financial services sector. Thank you both for joining us here today.
Brian Jakovich
>> Thanks for having us.
Jessie Skibbe
>> Thank you.
Scott Hebner
>> It's been a really good show so far. We've learned a ton here, and I think the crowd has doubled in what it was last year, so a lot of interest in what's going on with AWS and financial services, which is good to see. But Jessie, let's start with you, just get big picture here. For those financial services institutions that are unfamiliar with AWS Security Assurance Services, what specific gaps in cloud migration and risk management do these services cover that other AWS services do not?
Jessie Skibbe
>> Yeah, I think it's interesting that not every AWS customer knows that we have a highly specialized team of industry certified auditors that actually help our customers navigate the complexity of compliance on AWS. Our practice is entirely on the customer side of the shared responsibility model, Scott. We help customers as they migrate to the cloud, provide that assessor lens to make sure that they're able to meet their regulatory obligations. Very big important feature that they have to comply with when they migrate to AWS, and so we help them accelerate that journey as they're moving to the cloud.
Scott Hebner
>> We're here at a financial services conference. Do you do that across industries, or is it primarily in the highly regulated industries like financial services?
Jessie Skibbe
>> A majority of our business is financial services, but we do also quite a bit of work in the public sector space, healthcare, as well as energy is trending. Essentially wherever there is obstacles that our customers have to overcome as it relates to compliance obligations, regulatory scrutiny, that we can help them. I mean, it's not something that we would turn anyone away, but the biggest pain points is typically with financial services, given the number of regulatory requirements that they have to meet and the ever-changing global landscape connected to that.
Scott Hebner
>> Yeah. You've hit on my observation, which is it's ever evolving, isn't it?
Jessie Skibbe
>> Yes.
Scott Hebner
>> For landscape, particularly in FinTech. How do these services help translate these very complex frameworks that I know in financial services you have to really pay attention to the federal financial institutions, examination cloud, and OCC and SEC regulation, all those kind of things. How do you help them turn those into actionable blueprints that can speed the approval process along the finance team?
Jessie Skibbe
>> Well, what's interesting is that it's quite simple. I guess in my opinion, I've been doing this for a little over six years now, and it's a translation of a non-technical requirement to a technical implementation. Everything in a cloud environment is code, and so how do you take a very high-level regulatory requirement that's sometimes written as in legalese, how do you take that and turn it into deployable code in your AWS environment? We have been able to do that successfully in developing that deep skill set on AWS and also having that auditor viewpoint, right? We're able to translate all of those requirements into essentially a codified environment to be able to automate, and also not only the deployment of the AWS environment, but also continuous monitoring and the ability to audit without screenshots or shoulder surfing. We take a very non-technical requirement and we translate that into the technical requirement that a developer needs to be able to build
Scott Hebner
>> And then help them evolve with the regulatory landscape, right?
Jessie Skibbe
>> Right.
Scott Hebner
>> Got it. Brian, let's pull you into this. Just tell us a little bit about Vertical Relevance and your partnership with AWS.
Brian Jakovich
>> Yeah. So Vertical Relevance. We are a business and technology consulting firm, really focused on doing a couple things really, really well. One, we only work with AWS, which is why Jessie and us have such a tight relationship. And then we primarily focus on financial services almost exclusively. Really, it's having that combination of that business experience and understanding what these financial services customers are struggling with and how to approach that. So the different regulatory requirements, the MRAs and MRIAs that they deal with, really everything around that. And then that deep technology experience of building and automating the controls that Jessie is referring to, that's really where we excel and where the SaaS relationship and us have really molded together is their expertise in being able to do the auditing, providing that experience to the customer. And then our tight relationship of us building the controls has really been a match made in heaven where we've really helped a lot of these big financial services customers build and develop and streamline their operations to the point where they're not, as Jessie referred to, they're not screenshotting things, they're not going through very long continuous cycles of their auditing activities. Instead, we're automating these things and they have click button activities so it's really been a great relationship so far, and we're excited to continue it.
Scott Hebner
>> So basically, it's two sides of the same coin. You guys are partnering to come together and help solve slightly different facets of what the client needs
Brian Jakovich
>> Very much so, and there's a lot of blends throughout the entire activity.
Scott Hebner
>> What are some of the unique capabilities that you bring to the AWS security services in terms of the value prop, and then how do you actually avoid duplication of effort, particularly when you're in these larger firms that probably have a lot of partnerships going on and a lot of projects?
Brian Jakovich
>> I think really from our perspective, where we really focus in on is the hands-on technical capabilities, right? Building the controls, building assets that we have that automate the control development, and then basically creating that entire landscape of everything that needs to be accomplished in order for the audits to go ahead and pass. That's really where we've been majority of our focus in is there is providing that hands-on expertise, the capability, plus the assets that we bring to reduce the time, the cost, and the risk of building out these very large control landscapes.
Scott Hebner
>> Jessie, as the other side of the coin then, you're obviously focusing on the auditability and the translation, is that how more the business things, is that how you-
Jessie Skibbe
>> Add just a little tiny bit of history too. We kept finding ourselves working on similar projects with Vertical Relevance. What's interesting, Scott, is that now we're proactive about how we work together, making it easy for the customer to say, "I need help automating my compliance. I need to unblock our cloud migration because we're being held by security assurance," for example. And so now, when a customer needs that type of help, they can contact me, they can contact Brian, and we're going to come together with work streams that we've delivered for multiple customers. We've taken some of the reactive confusion out of it, and we've come forward with this very direct partnership where we can guide the customer in a much more accelerated fashion.
Scott Hebner
>> I suspect the more you work together, the more you create best practices, and you continue to get better and better at what you're providing.
Jessie Skibbe
>> Exactly.
Brian Jakovich
>> Yep.
Scott Hebner
>> Yeah. Well, how about, could you give us a concrete example of maybe perhaps a security engineering solution where you guys have packaged it up a partnership and something like real-time payment workloads or something like that, and what the ROI and outcomes that come from that?
Brian Jakovich
>> This is the real world of working through this, a very large payment company that was going through the process of really rebuilding part of really half of their business on on AWS. As part of that, they had to put in really from ground zero all the controls to satisfy different compliance requirements. PCI would be one of them, but they also need to be able to do the auditing at many, many times a year, right? 50, 100 plus times per year, which is much more than your standard operating procedure. They could not do this in a manual capacity, or they'd have to hire a small army and reduce the capacity in which the product could flow through to be able to make different changes to the products and such. As part of that, we really joined forces working through building out an entire compliance. From what they consider the AWS landing zone, so the baseline of an AWS environment and all the controls to satisfy PCI and many other compliance requirements, and then provide this from an automated evidence. So basically they got to the point where it wasn't how many person hours were spent on doing a compliance evaluation or do an audit, it was really being able to spin up an environment and then click button to do the evidence collection, which it was unbelievably painful before, and basically gave them the ability to operate a different capacity working with the auditors and their customers that needed to audit. Jessie, anything you want to add?
Jessie Skibbe
>> Yeah, I definitely want to add, I remember, I know the customer you're speaking about, Brian. This is a memorable one, because when they were first evaluating can I move this workload to cloud, which is something that happens quite often, and this was a PCI workload, and the unique thing was that I have PCI QSA, so qualified security assessors on my team that are also working for AWS, and so we were able to come in and do a really early evaluation of their environment and say, "We know we can get you to being PCI-compliant with this workload."
A lot of our customers will say, "Let's migrate these workloads, but let's leave these PCI workloads still on-prem," and they're not able to leverage the innovative power of AWS because they're too nervous that they won't be able to meet PCI compliance. So we were there alongside of Vertical Relevance, and the outcome of this is pretty amazing because I know we were able to get them moving, I think it was a 40% faster, and their migration journey, we were able to create a complete end-to-end automated evidence collection system where, and I don't remember the total number of assessments. It was ongoing assessments throughout the year, but they were able to come back to us, I think it was around 65% cost savings in performing assessments. These were entire teams of people gathering evidence manually. But because of the work that we did, not only did we demonstrate that PCI compliance could be achieved, but we actually accelerated their audit, their internal assessment, saving them almost 70% cost. And so it was an incredible story. I know they've shared it in some instances, but it was a great combination of Vertical Relevance and AWS PCI QSAs working together to get this customer that had to have PCI compliance. It was a business requirement. We were able to meet that requirement and help them save money as an outcome.
Scott Hebner
>> The joint offering goes from the initial design all the way to the implementation, and it's not helping to ensure a secure and compliant implementation, but you're saving money, you're saving time to production and speeding things up in a very limited-
Jessie Skibbe
>> Yeah, it's like having an auditor and an engineer as best friends, and you can just call them up on the phone and say, "Hey, I need your help."
Scott Hebner
>> You guys are, I can tell.
Brian Jakovich
>> Exactly. Now, the other, so we're talking about what there was a problem with auditing and how do you speed up that activity, reduce the level of effort for doing these audits. But one of the outcomes also that they gained and lots of other organizations gained is the ability to really ramp up the development ability when you don't have that being a blocker where every single time you want to make a change, release new product, being able to operate at speed and have this automated way of being able to validate, does this hit all my requirements or not? That's enabled their ability to really go wide with development and certainly increase their production throughput. It's an added and very important aspect of doing this. It often is overlooked.
Scott Hebner
>> You're helping them secure by design right up front with the repeatable patterns that you learned over time, right through implementation. And in terms of every day as things start to operate, my understanding is you have governance automation built into it, guardrails, things like policy as code preventive controls, detective alerts, all those kinds of things that the more the dev teams don't really need to worry as much about that and not trigger additional client compliance alerts and alarms. That's just going to allow them to move quicker, right?
Brian Jakovich
>> Every time, yep. It's the preventive detective reactive and proactive controls. You put that around your ecosystem and you're able to operate very, very quickly. It's a game changer.
Scott Hebner
>> The automation's built into it in terms of the guardrails.
Brian Jakovich
>> Yeah.
Scott Hebner
>> Yeah. When you're talking to the development team, I think it's quite clear the value of this, because I know the stress out big time around regulatory compliance and security polls and things of that nature. But if you're talking to a CFO, how do you bring to life the ROI of just having this stronger, faster security governance built in and allowing them to move quicker and things of that nature? How would a CFO look at this?
Jessie Skibbe
>> Can I take that one, Brian? You can add to it.
Brian Jakovich
>> Please.
Jessie Skibbe
>> Because I feel like the CFO, the CIO care about the same thing, and they make the decision to move to cloud because they want to get to that ROI. And in a heavily regulated environment, I've actually had customer scenarios where they would come back and say, "Well, we're trying to decide if we should slow down because we've got some considerable security governance controls to implement, or if we should speed up." Because a lot of times in financial services, they have resiliency requirements that they have to meet with their regulator. A C level executive that comes to me and says, "I'm trying to decide whether or not I should slow down or speed up."
What I say to them is, "You can speed up if you speed up safely."
Like a lot of the guardrails we're talking about, Brian was talking about implementing compliance as code, bridging the gap between security and infrastructure. All these things that we can help to accelerate allows the CFO, the CIO, to get to their faster ROI that they want to achieve by moving to cloud in a safe and secure way, so they don't have to make a decision between slowing down or speeding up. They can absolutely go fast, and we can help them be safe while they go fast.
Brian Jakovich
>> Yeah, it's like the decoder ring that aligns the CISO and the CTO's goals that gets everyone on the same page.
Scott Hebner
>> So if we're sitting here a year from now, say we're back here at this conference, what new controls or service integrations, what should financial institutions expect from this alliance as you go through time here next couple of years or so?
Jessie Skibbe
>> Well, there's a good chance that Brian and I may be replaced by AI agents.
Brian Jakovich
>> If we're doing it right.
Jessie Skibbe
>> No, honestly though, there's so much potential and innovation with AI in the world of compliance that I personally am so excited about, not only leveraging AI to help customers automate their compliance, but creating controls around AI use cases is one of the things that we're really focusing on right now because there's a lot of financial institutions that want to implement AI solutions, but they're very nervous about, how do I explain the risk mitigation strategy to a regulator? There are and solutions that we can build around AI application. So honestly, everything is, we're going to be looking for better and more creative ways to leverage AI, both to solve compliance challenges and both placing compliance solutions around AI. That's my prediction.
Brian Jakovich
>> I echo that entirely, right? We really would like to get all these customers to have a nice foundation in place that they're accelerating, that they've bought into the concept of compliance as code, that they're able to move at the pace that the innovation requires. AI and generative AI included, but really enabling these customers to move it there at the speeds that they want to. That really is the goal.
Scott Hebner
>> Yeah, I've been doing a lot of research on the transformation from AI assistants, which basically are what everyone's familiar with. They're largely based on generative AI. They're automating tasks, helping you gather information, things of that nature. When you get into a world of agentic AI and AI agents, they're supposed to be able to help you achieve goals and make decisions and problem solve. That's a whole new world, and my research is showing that some 67% are reluctant to move to that new world because of the trust issue and trust being a combination of making decisions, having the agents help you make decisions is a much bigger stake than generating something or automating a known task, and you unwind that trust issue. You get very quickly into security and regulatory compliance and privacy, and obviously the accuracy of all the decision-making and the lack of explainability and all that. But I think as this world evolves into the world of AI and into agentic AI, what you guys provide together, because even more critical, because those regulations, that landscape is not only moving fast and changing, but it's so fragmented, right?
Brian Jakovich
>> Yeah. Honestly, it's a great discussion topic about how you approach that and simply getting that foundation in place is really what's holding up a lot of these customers. A lot of these customers in financial services, they want to do more with AI, with agentic AI, they want to incorporate that as part of the workflows to be for, let's say, asset management to be able handling the research instead of, or to be able to increase their speed of doing their analysis across different sectors or regions. But their pain point is just simply being able to adopt it, being able to incorporate that as part of their systems, and it's a growing pain, but our hope is to be able to basically put the foundation in place so that they can build their agentic solutions, to build their RAG-based architectures, everything that they want to do. That's the goal.
Scott Hebner
>> And Jessie, I'd imagine, obviously this is a big journey, so it all starts with securing and making sure your cloud infrastructure is compliant, and then that's just going to make it that much easier to build the AI capabilities on top of it. As you invest into the future, it makes a ton of sense a little bit.
Jessie Skibbe
>> Well, there's a lot of potential to remove some of the lower level tasks and allow people to do higher value work. I mean, that's what I'm honestly excited about in this realm because not only do we want to help customers adopt AI, because again, this is where we really add value, being able to translate out as an AI application work in that very technical lens, how do we translate it? How do we speak to a regulator about how that AI application is functioning? That's something that we can help customers do that translation because we understand the underlying AI technology. And so I think that in itself is important, but to help customers look for ways to automate internal, very tactical processes that AI can do, I mean, I'm excited about all of it to be honest, because this world of compliance is so ripe for automation and innovation, and that's what Brian and I want to help our customers get to so that they can do the higher volume work and secure the environment.
Scott Hebner
>> Those higher value opportunities are coming even faster. I mean, these innovation cycles are now moving at warp speed. I can tell you the one thing I've definitely learned over my career in high-tech is pay attention to what's happening in financial services, because what happens there often happens everywhere. There's not too many industries that are more complex to secure and deal with the regulatory landscape and just the fast-paced nature of it, so definitely a leading indicator of what's possible with technology. Brian, Jessie, thanks so much for coming on theCUBE. It's been a pleasure talking with both of you. And for all of you, thank you for tuning in. You're watching theCUBE's coverage of the AWS Financial Services Symposium. Visit thecube.net and siliconangle.com to watch all the coverage of the event, and we'll be right back after a short break. We are the leader in enterprise tech news and analysis, see you again soon.
Scott Hebner