2 min read

Case Study: GNB Bank

Cade Williams : Jul 29, 2025

Incident Response vCISO Virtual CISO Community Banking Third-Party Risk Management

Case Study: GNB Bank

Introduction

Here at Bedel Security, we exclusively work with financial institutions to lead and provide strategy for their information security and cybersecurity environments. Being that this is such a topical issue every bank faces, we want to detail how we, a vCISO provider, have helped banks across the country. We interviewed one of our customers, GNB Bank, a $630 million dollar community bank in Iowa, navigating increasing cybersecurity demands with limited internal resources.

Background

Before partnering with Bedel Security, GNB Bank’s cybersecurity program was described as “kind of just thrown together—disorganized and random” said Jacob Pabst, CFO. They leaned heavily on internal staff and another third party, but lacked the manpower and specialized expertise required to keep pace with regulatory expectations.

“We were doing the bare minimum and hoping we didn’t get in trouble with the regulators. Exams were much more stressful before we had Bedel.”
–Jacob Pabst, CFO.

The bank’s biggest concern was the risk to its reputation and overall risk exposure due to cyber-related incidents. With limited resources and growing regulatory pressure, leadership knew the status quo was no longer sustainable.

Choosing a vCISO

Initially, there was internal debate about whether to hire a full-time, in-house CISO or to engage a virtual one. Ultimately, the bank’s leadership chose Bedel Security’s vCISO service.

“In-person CISOs are hard to find, expensive, and you only get one person. With Bedel, we got a whole team. It just didn’t make economic sense to hire in-house.”
–Jacob Pabst, CFO.

Implementation

The onboarding process was smooth and well-organized—even with multiple stakeholders involved. The timing couldn’t have been better: an exam was scheduled right after the onboarding.

“We started seeing value immediately. Having Bedel involved gave us peace of mind, and the examiners appreciated it too.”
–Jacob Pabst, CFO.

Impact

The bank has seen significant improvements in its cybersecurity posture:

Enhanced and updated cybersecurity policies and risk assessments.
Increased board confidence in the cybersecurity program.
Improved alignment with GLBA and other regulatory frameworks.
Staff empowerment through shared knowledge and training.
Streamlined processes for managing risk and compliance.

“Everything is beefed up. We feel a lot more comfortable with where we’re at now. The board feels more confident, and our staff feels supported.”
–Jacob Pabst, CFO.

Regulatory Exam Results

Bedel Security’s presence made a measurable difference during the bank’s most recent exam with the Federal Reserve.

“We felt more ready and prepared. Bedel filled a lot of holes in our program. The entire exam process was smoother because of their participation”
–Doug Boheman, IT Director.

Examiners responded positively, leading to a notably less stressful exam experience than in years past.

Third-Party Management & Incident Response

Bedel Security has also helped the bank manage third-party vendors more effectively and respond to critical incidents, such as the Fiserv MOVEit breach.

“Our vCISO coordinated incident response efficiently, helping us navigate the situation with confidence and clarity."
–Tina Herzog, Director of Compliance.

Working Relationship

The bank considers the Bedel Security team an extension of their own.

“I view your team as employees of our bank. I couldn’t ask for a better third-party relationship. We have a lot of vendor relationships, and Bedel is one of the best.”
–Jake Pabst, CFO.

Closing Thoughts

Our two final questions for GNB Bank were these: what do you value most in our relationship, and what would your advice be to other banks?

“The responsiveness, the expertise, the peace of mind. You can't hire this kind of expertise internally. Having your knowledge and support has been a huge weight off my shoulders.”
–Jake Pabst, CFO

To other community banks considering a vCISO, the bank’s leadership was direct:

“You’d be missing out not to do it this way. So many fewer headaches, way more cost-effective, and you get real expertise. Not sure why you would do it any other way.”
–Jake Pabst, CFO

Interested in learning more? Reach out to get the conversation started!

Cade Williams
Business Development Associate
Bedel Security®
Cwilliams@bedelsecurity.com
Schedule some time to chat here

Ask the Right Question to Build your Information Security Program

Ask the Right Question to Build your Information Security Program

Chris Bedel : Mar 15, 2024

Information Security Program vCISO Virtual CISO Outsourcing Cybersecurity

Read More

vCISO Questions and Answers 06: Who should consider a vCISO? Is it a new concept? And what happens when an F.I. with a vCISO wants to hire an in-house CISO?

vCISO Questions and Answers 06: Who should consider a vCISO? Is it a new concept? And what happens when an F.I. with a vCISO wants to hire an in-house CISO?

Chris Bedel : Jul 7, 2021

{% video_player "embed_player" overrideable=False, type='scriptV4', hide_playlist=True, viral_sharing=False, embed_button=False, autoplay=False,...

CISO Information Security Program Strategic Planning CISO Services vCISO Virtual CISO Outsourced CISO In-house CISO Banks Credit Unions

Read More

Sometimes the Security of a Community Bank Isn't About Cyber

Sometimes the Security of a Community Bank Isn't About Cyber

Chris Bedel : Apr 1, 2022

I love community banking.

CISO Information Security Program CISO Services vCISO Virtual CISO Outsourced CISO In-house CISO Banks Culture

Read More