Student Profile

Ebony Smith

Senior Vice President, Counsel , BNY

Class of 2026

1. You have a substantial, heavily tech-oriented portfolio at BNY. If there is any one aspect that takes up most of your time, what would that be? What is the biggest challenge in handling this set of responsibilities?

Much of my work focuses on navigating the intersection of cybersecurity and regulatory risk for a global financial institution. I spend a large portion of my time supporting our Office of Regulatory Relations and lines of businesses on regulatory, supervisory, and policy engagements involving cybersecurity resilience, privacy, and emerging technologies, including payments, and more recently, artificial intelligence (AI).

The biggest challenge is keeping pace with the rapid evolution of technology and regulatory expectations across multiple jurisdictions. Large financial institutions operate within a complex web of global regulations, and ensuring alignment between innovation and compliance requires constant coordination across legal, technical, and business teams.

2. To what degree do you interface with the tech experts at the bank? Is it important that you understand the nuts and bolts of the very dynamic, rapidly evolving cyber/AI area? Why or why not?

I work closely with our Information Security, Data, Resilience, and Technology teams on both regulatory and policy issues. Understanding the technical aspects, whether it’s how a cyber incident response framework is structured or how AI models are trained, governed, and secured, is essential.

While I don’t need to code, having functional literacy in cybersecurity and AI allows me to ask sharper questions, interpret risk through a legal and policy lens, and translate technical findings into clear regulatory and growth strategies. This fluency also strengthens collaboration as our technologists appreciate when legal understands the “why” behind the systems, and regulators expect counsel to understand foundational concepts and terminology.

3. What motivated you to pursue the MSCRS degree?

I pursued the MSCRS degree to deepen my expertise at the intersection of law, technology, and strategy, and to strengthen my ability to lead organizations in addressing complex cybersecurity and risk challenges. Throughout my career advising on cyber and privacy matters across the public and private sectors, I’ve recognized that the most resilient institutions are those where legal, technical, and business perspectives operate in true alignment. Advancing my technical and strategic fluency allows me to help bridge those disciplines, translating complex issues into actionable, enterprise-level solutions that enhance governance, compliance, and resilience.

The program’s multidisciplinary design, integrating law, engineering, and business risk, aligns seamlessly with that mission. It is also one of the most prestigious executive programs in cybersecurity risk management, bringing together global leaders from government, finance, technology, and other critical sectors. Learning alongside such accomplished professionals, under the guidance of renowned faculty and practitioners shaping the future of cybersecurity and risk governance globally, provides an unparalleled opportunity to refine my leadership approach and contribute meaningfully to advancing the field.

4. Which aspect of the MSCRS program do you find the most helpful to you in your day-to-day job, and why?

The most valuable aspect has been peering into multi-disciplinary views of the integration of real-world analysis and technical frameworks, for example, how we apply concepts like the NIST Cybersecurity Framework and risk quantification models to complex hypothetical scenarios. This hands-on approach has shaped how I evaluate regulatory and policy considerations and my contribution to internal discussions about cyber governance, resilience, and AI security oversight. It has also reinforced the importance of collaboration between technical experts, risk professionals, and lawyers, mirroring how issues arise in practice.

5. What do you find are the strengths of the program—e.g., faculty, cohort, curriculum, speakers?

The program’s greatest strength is its community. The faculty bring cutting-edge experience from government, industry, and academia, while the cohort includes diverse professionals—lawyers, engineers, compliance officers, technologists, and public leaders—who challenge each other to think critically and holistically.

The curriculum moves fluidly between technical, regulatory, and strategic dimensions, reflecting the true complexity of cybersecurity. I also value the guest speakers, who represent some of the most advanced companies and public institutions globally. They bring timely insight on the intersection of cybersecurity and emerging topics involving AI, cloud and quantum computing regulation, critical infrastructure, and global cyber operations, directly connecting classroom theory to real-world developments.

6. Any additional reflections?

The MSCRS program has reinforced that cybersecurity is not just a technical challenge, it’s a leadership and strategy discipline. The ability to synthesize law, technology, and human behavior is becoming indispensable. I’ve found that the program doesn’t just educate; it transforms how we think about risk, resilience, and the role of professionals who sit at that critical intersection. I’m grateful to be part of a growing legacy of individuals shaping the future of cybersecurity and technology globally.