Have the intestinal fortitude to be unpopular for more than five minutes. It’s really important both to preserve relationships and to hold the line. At critical junctures, choose to hold the line over doing what would be easier in the moment. As a security professional, I’ve had to deliver tough messages to management about the security health of their projects. In these situations, I come to the conversation prepared for resistance, confident that my facts are solid, and with a big smile. And, I always have ideas on a wellness plan and ways my team and I can help. It’s challenging to share difficult messages, but it is necessary. You do everyone a disservice by minimizing.
As a part of our series about strong women leaders, I had the pleasure of interviewing Bethany De Lude. De Lude is the Chief Information Security Officer (CISO) at Cred, a leading global blockchain-based financial services company that smartly manages and protects digital assets to deliver financial freedom to participants in the decentralized economy. She is a top-performing and results-driven information security executive with broad expertise safeguarding mission-critical information, systems, and infrastructures and building robust security programs for organizations in multiple sectors, including financial, research & advisory, non-profit, and the U.S. federal government. Bethany is an engaging speaker, a patent holder, and a recent finalist for the prestigious Women of Influence Award sponsored by the Executive Women’s Forum.
Thank you so much for doing this with us! Can you tell us a bit about your “backstory”? What led you to this particular career path?
In the moment, I sometimes think that my career has been a series of fortunate accidents. As a mom, I’ve delighted in those moments when one of my sons knows his mind and dives passionately into an area of interest. Unfortunately for my mom, I was not that kid. I had a strong aptitude for STEM subjects, loved tackling hard problems, and excelled broadly but without a focused direction. In college, I pursued a curriculum that was both challenging and had enough electives that I could try lots of different subjects. Ultimately, I earned my degree in mathematics.
As a new graduate, I coalesced around three career choices — actuary, teacher, national intelligence resource. When the U.S. National Security Agency (NSA) answered with an accelerated program in information security, the die was cast, and my passion ignited. Mom could now exhale. Not only had I found my calling, but I was also at the forefront of an emerging field that now impacts nearly every aspect of our lives.
Think about it, large scale hacks teach us that basic life activities, such as swiping a credit card, surfing the Internet, and entrusting our information to private and public sector institutions, can lead to financial loss, identity theft, and reputational harm when there are lapses in security. In this field, there is always something to learn and a lesson to heed, which has kept my agile mind, natural curiosity, and restless spirit engaged for over twenty-five years.
Upon reflection, however, I think the die was cast even before joining the NSA. Back in middle school, I participated in a gifted and talented program that provided students access to a course of study at the U.S. Naval Academy in Annapolis. What did I take? A course on cryptographic techniques. Perhaps way back then, a part of me knew exactly where my heart and mind were headed.
Can you share the most interesting story that happened to you since you began leading your company?
Historically, I’ve worked with many traditional organizations, which engenders a certain cultural formality and professional conservatism. Since joining a future-building fintech company, I’ve learned incredibly interesting facts about members of my professional network. Stories about tenures with startups missed opportunities, and personal investments in crypto have been shared openly and without edit. One of the best was about an attorney whose spouse did not want him to leave a lucrative partnership to be associated with a “shoe salesman”. Well, long story short, if you like footwear with a swish, you can imagine the “what ifs” that have chased this individual. Something about taking a leadership position in an industry with great risk/reward potential has created a space for people I admire and respect to engage on a whole new level.
Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?
When I was in graduate school, I needed to use a work project as a case study, which presented special challenges for me since my work was largely classified. After going through the necessary approvals, the stage was set for me to move forward, culminating in an interesting — and unclassified — paper on identifier friend or foe systems. A few months later, a stern voice was heard from my branch chief’s office stating (loudly) to a colleague, “Clearly, you did not write this,” with a heightened emphasis on the word clearly. Coming to his rescue, I explained that he had helped me fulfill a graduate school requirement by partnering with me on a school project, peer-reviewing deliverables to ensure they met security protocols for release, etc., so it made sense to use the unclassified paper as the foundation for the classified report. From that point forward, I became conscious of “tells” in my writing and learned to be more creative and diverse in my language choices as well as more open and receptive to other writing styles.
Ok, thank you for that. Let’s now jump to the primary focus of our interview. What is it about the position of an executive that most attracted you to it?
As I’ve advanced in my career, a few truths have emerged that have fundamentally transformed my outlook. Early on, I thought the best thing I could do to support an organization’s mission was to be its very best individual contributor. Over time, I’ve learned there is nothing I can develop in isolation that cannot be improved by collaborating with others and engaging in spirited debate. I’ve also observed that many leaders lack management courage, which I define as unflinching integrity in the face of extraordinary pressure to remain silent or acquiesce, i.e., sharing information no one wants to hear, which is critical to be heard, even at great personal cost. And, lastly and most importantly, I’ve learned that I can only achieve my best by inspiring others to do their best. The opportunity to bring the concepts of spirited debate, management courage and inspirational leadership to an organization in support of its security health is the best value proposition in the world to me.
Most of our readers — in fact, most people — think they have a pretty good idea of what an executive does. But in just a few words can you explain what an executive does that is different from the responsibilities of the other leaders?
As a CISO, I foster security-aware cultures that understand protecting an organization’s information assets is a strategic imperative in which everyone plays a role. A CISO cannot work in a silo. Information security must be viewed as a thread woven horizontally across all aspects of a business. Gaining horizontal buy-in and busting the myth that security happens in a vertical is key to a CISO’s success and distinguishes this leadership role from those that are more strictly business line focused.
What is the one thing that you enjoy most about being an executive?
As an executive, it’s my job to create an environment in which everyone can succeed, knows what excellence looks like, and is excited to have challenging work. Done well, I get rewarded tenfold with the joy that comes from sparking someone’s curiosity, watching them step out of their comfort zone and try new things, and, ultimately, take on new roles and responsibilities. Nothing beats chatting with a former protege and reminiscing about where they were when we met and how far their star has risen.
What are the downsides of being an executive?
As a leader, you have to message the good and the bad with clarity, poise, timeliness, and transparency. You are also the first to give credit to others and take responsibility for negative outcomes. Sometimes, this means delivering hard truths related to performance management, budget, headcount, and project outcomes. While this comes with the territory, it is never routine or easy to reduce headcount.
What are the “myths” that you would like to dispel about being an executive? Can you explain what you mean?
As a CISO, there is a myth that you must be the strongest technologist on the bench. Early on, one person could fully understand the various technologies integral to an organization’s defense-in-depth strategy. This is no longer the case. The rate at which technology is changing, threats are emerging, and business models (e.g., migration to SaaS, PaaS, IaaS, on-premise, and hybrid architectures) evolving nullifies this long-held notion. Today’s CISO needs to cultivate credible relationships with stakeholders across the company; speak “business” and “security” languages fluently; recruit, retain, and inspire terrific talent; and market security effectively while appreciating and understanding the technology stack.
In your opinion, what are the biggest challenges faced by women executives that aren’t typically faced by their male counterparts?
As a woman executive, I hold myself to a markedly higher standard than my peers because the stakes are higher for my gender. And, whether you know it or not, everyone is closely watching. By consistently demonstrating excellence and being prepared, I’ve been able to achieve my goals despite an unlevel playing field. For example, I have been referred to as “Little Missy” and “Young Lady” inboard and senior leadership meetings at which I was the only person of my gender. I’ve had technical conversations in hallways referred to as “meetings of the Mom Squad.” In these and similar situations, I’ve learned to diplomatically and with humor reframe the discussion and elevate the discourse. Over time, relentlessly pursuing positive outcomes generates an undeniable force for change and personal success. When “Little Missy” turned on her microphone, the moniker died on the spot. Lastly, women need to remain true to their nature. It is a tremendous edge. Women tend to be excellent communicators, listeners, multi-taskers, mediators, relationship builders, and nurturers. Collectively, these are formidable leadership traits. Add subject matter expertise, confidence, and experience to the mix, and glass ceilings can be shattered. Be yourself.
What is the most striking difference between your actual job and how you thought the job would be?
Nearly every “best practice” study tells you that you have to navigate, balance, and maintain positive relationships among people, processes, and technology to transform and effectively manage an organization. In my experience, it’s all about people. Until and unless you create strong relationships, you will not be fully effective as a leader and the organization will not achieve its potential. So, while often recruited to solve a specific problem, the one I find myself working on first pertains to relationships and cultural issues that impede success.
Certainly, not everyone is cut out to be an executive. In your opinion, which specific traits increase the likelihood that a person will be a successful executive, and what type of person should avoid aspiring to be an executive?
Simply stated, ask yourself, “is it more important for me to shine or for my team to shine?”. If it is the latter, call me. I want to work with you and we will build a terrific organization. If it is the former, remain a stellar individual contributor. In my experience, a leader who makes their people feel valued is significantly more likely to achieve positive and enduring business outcomes than one that primarily self-promotes. A leader that frames the conversation in terms of “our” and “we” will never starve for talent.
What advice would you give to other women leaders to help their team to thrive?
Because women are underrepresented in the C-suite, it is important to be keenly aware that your actions are being watched and to embrace this scrutiny as an opportunity to be a positive role model for other women. Take this responsibility very seriously. When I left a prior CISO role, I was overwhelmed by the outpouring of gratitude from women across the company for giving them the confidence to strive for higher-level positions, return to graduate school, and pursue professional certifications. Carrying this mantle is an honor.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
So true. Everywhere I have worked, I’ve learned invaluable lessons from and developed deep relationships with professionals that have lasted long past my tenure with a company. While narrowing the field is difficult, top billing goes to Maria McMahon, a direct report at the Centers for Medicare & Medicaid Services (CMS). In case she is reading this article, thank you, Maria McMahon! At a critical juncture in my career, she taught me the difference between being “right” and being “effective”. We were under significant pressure to create, publish, and implement a comprehensive suite of security policies, standards, and new processes to enhance CMS’s security program. Knowing we were doing the right things, I wanted to launch swiftly and identified an accelerated path for navigating the various approval processes. I can still see Maria’s face as she listened, nodded at my clever approach, and then thoughtfully proposed, “Yes, but don’t you think it would be good to run it by X, Y, and Z? I know they may not add a lot of value and that their review time will push against our deadlines, but if we don’t, they definitely will create opposition that we may not be able to overcome.” She was right. We pivoted, took the time to garner broad support of our objectives, and set in motion a security-culture revolution. Thereafter, I take the time to understand, work within, and strategically influence the political and cultural landscape so that good ideas are heard, pressure tested, enhanced, and pursued in a workable form.
How have you used your success to make the world a better place?
Helping young people prepare for “what comes next” has been a passion of mine. I’ve spent many years working with students at my high school to improve their resumes and practice their interview skills. I’ve also spoken to graduate and undergraduate students in cybersecurity about hot topics in the field, areas of specialization and a “day-in-the-life” of a security professional to inform their career pursuits. At work, I encourage my teams to create opportunities for interns and to participate in outreach efforts with local “at-risk” schools. In addition, I have sponsored many colleagues for security certifications and welcomed many new Certified Information Systems Security Professionals into the fold. Lastly, while I can’t take credit, I like to think my STEM background and first place science fair trophy inspired my nieces to enter and win first place trophies in multiple science fairs!
What are your “5 Things I Wish Someone Told Me Before I Started” and why? (Please share a story or example for each.)
- Whatever you are doing, you are doing that and marketing. As you move up the ladder, it’s extremely important to be compelling in your communications so that there is enthusiasm for your ideas. In a prior CISO role, I brought on-board a communications expert. From that point forward, our presentations shined, our posters and tips sparkled, and the security office became “the” star organization. Our pride in our work, consumable messaging, and professionalism set us apart and our budget definitely benefited.
- Have the intestinal fortitude to be unpopular for more than five minutes. It’s really important both to preserve relationships and to hold the line. At critical junctures, choose to hold the line over doing what would be easier in the moment. As a security professional, I’ve had to deliver tough messages to management about the security health of their projects. In these situations, I come to the conversation prepared for resistance, confident that my facts are solid, and with a big smile. And, I always have ideas on a wellness plan and ways my team and I can help. It’s challenging to share difficult messages, but it is necessary. You do everyone a disservice by minimizing.
- It never gets easier. As you ascend the corporate ladder, the nature of your work changes, but it does not dampen. In fact, the opposite occurs as you become responsible not just for yourself, but for the people around you — above, below, horizontal and external. Somewhat naively, I thought it must be terrific to get to a point where you know everything needed to be successful and effective. I’ve learned that is a myth. If anything, you need to be more agile minded and expansive in your views to ensure you understand the organization’s priorities so that your area is effectively supporting the mission to the greatest extent possible.
- Change is your friend. As much as I’ve hated to leave prior positions, it is often the only way to develop new skills and to stay relevant in your field. If it turns out to be a great fit, stay, learn, and contribute until you’ve made a substantive impact and reaped the available lessons. If not a good fit, contribute and learn as much as you can until a new opportunity is available. With that in mind, take risks, be uncomfortable, push yourself, and grow. If you are lucky, life is long so make it interesting!
- Demonstrate management courage in key moments. You’ll recognize these moments when they present themselves and so will your colleagues. When they present themselves, demonstrate impeccable integrity. In an early CISO role, I was presenting my first 30-days observations at a board meeting, the most concerning of which was that the ratio of known to unknown risks was out of alignment. Why? There was virtually no data about security risks due to a systemic absence of security assessment activities, security testing, and security policies. The COO was not pleased with my observation as he was in the final stages of overseeing a multi-year project to migrate mission-critical systems from legacy to more modern technologies and platforms. Point blank, accompanied by a banging fist on the table, he interrupted my presentation and asked if the risk of a security breach during the migration that weekend was red, yellow, or green. After explaining there was no information with which to provide an informed answer, the table was struck and the question asked again. With a clear steady voice, I responded, “I don’t know, X, what’s the color of lucky?” The silence in the room was broken by my being invited to continue my presentation. When I returned to my office, which was a thirty-minute drive from headquarters, people were lined up outside my door to shake my hand. It was unclear at that moment if we were or were not exchanging our last handshakes. Fortunately, I kept my job and gained the support I needed to turn the security program into an organizational asset.
You are a person of great influence. If you could inspire a movement that would bring the most amount of good for the greatest number of people, what would that be? You never know what your idea can trigger.
I’d like to say the “Kindness” movement, but I believe Ellen Degeneres has already cornered the market. So, I’ll go with the “Just One Hour” movement and have it be a call to service for everyone to spend one hour a week doing something unexpected for another person — host a study hall, take a meal to a neighbor, weed a garden, read a book, clean the front steps, etc. — anything that fills another person’s need and requires your time. Hopefully, the intrinsic rewards of that hour spark “Just One Day” and then “Just One Week” movements.
Can you please give us your favorite “Life Lesson Quote”? Can you share how that was relevant to you in your life?
I am an avid reader, so this is a really tough one. Last year, I even structured my keynote for UNCW’s 2019 Cybersecurity Awareness Colloquia around my favorite quotes. One that stands out is from Albert Einstein. He stated, “if you can’t explain it simply, you don’t understand it well enough.” Being in a technical field, I push people to explain concepts absent jargon so that information is more readily understood across stakeholders, which reduces confusion and promotes effective collaboration. I’ve also noticed that breaking the conversation down in this manner often reveals holes that were being paved over with jargon. In life, the same is true. Effective storytelling is so important for sharing our histories, imparting lessons, and building connections with others. Doing so requires speaking in a way that resonates, which is far more important than showcasing a complex vocabulary.
We are very blessed that some very prominent names in Business, VC funding, Sports, and Entertainment read this column. Is there a person in the world, or in the US with whom you would love to have a private breakfast or lunch with, and why? He or she might just see this if we tag them
Elon Musk. It would be incredible to spend time with someone who has a boundless ability to pioneer technology and drive innovation. I cannot think of another modern individual who has changed the trajectory of multiple industries — electronic vehicles, space travel, transportation, sustainable power, etc. — through unparalleled energy, vision, and resolve.
Thank you for these fantastic insights. We greatly appreciate the time you spent on this.