Securing Anywhere Services: Q&A with Emily Heath, Senior Vice President, Chief Trust & Security Officer
We sat down with Emily Heath, DocuSign's Senior Vice President and Chief Trust & Security Officer, to learn about what inspires her and how she thinks about security and ensuring customer trust.
Your career began as a financial crime detective in the UK. Tell us about that and how your career evolved into a leadership role in security and trust?
Chasing criminals has been in my blood for a very long time. I worked as an undercover detective for a while. I did surveillance, a small stint in drug squad work—which was not for me—then, I moved into investigating financial crime. When I left law enforcement, I started my technology career. I took a position as the lead program manager for a software implementation working with the movie studios. Over my IT career, I’ve also led infrastructure, supply chain systems, business applications and development teams. Leading a team of security and trust professionals at DocuSign is a very natural fit for me, combining my investigations and technical backgrounds together.
What attracted you to DocuSign?
I was the Chief Information Security Officer for United Airlines before I came to DocuSign, and I saw this amazing opportunity for DocuSign to double down on trust and what that really means. Customers trust us with sensitive agreements and their signatures, and that’s a mission I feel strongly about protecting. At DocuSign, we’re a part of our customers’ ecosystem, and we take that very seriously. Part of the attraction for me was the ability to take all of that to scale for a company that was growing at such a fast pace. It also doesn’t hurt that I get to work with great people.
This year, DocuSign was recognized by CSO Online as a top 50 organization for security initiatives. What are the specific initiatives DocuSign was recognized for and how do they impact customers?
We were recognized for our Education & Awareness program, which helps DocuSign employees cultivate an incredibly high awareness of security in their day to day jobs - making us more secure. There is an amazing security and trust culture here at DocuSign.
Businesses worldwide rely on the DocuSign Agreement Cloud for sensitive and time-critical transactions. What are your key priorities for maintaining the secure, compliant and available environment that customers trust?
There is a security element and there's a trust element. The security part is making sure our code is secure, that every server and cloud environment has security, that we're monitoring it, and we have good security hygiene. All of our customers absolutely expect that from us and they should. DocuSign allows customers complete transparency into how we operate from a security perspective.
On the other hand, trust is all about building relationships with people, it’s about that high level of transparency and dependability, showing up and doing the things that you say you're going to do. We get to know our customers and their security teams - you can’t trust people you don't know, and we want customers to feel very comfortable about how we operate.
According to DocuSign CEO Dan Springer, DocuSign aims to succeed in the new Anywhere Economy. What does the Anywhere Economy mean to you from a security perspective?
In the Anywhere Economy, people need to be able to access systems and data securely. And the DocuSign Agreement Cloud platform let’s you do that from virtually any device anytime from almost anywhere in the world and do it securely. In the DocuSign Agreement Cloud, we enable our customers to have multi-factor authentication and assigned admin controls, and we provide visibility into who has accessed which agreements. The added layers that we build in allow our customers to strengthen their own security posture. The Agreement Cloud makes you more secure, reducing risk and reducing data sprawl.
October is Cybersecurity Awareness month. What’s one tip that everyone can follow to prevent security mishaps or breaches?
Change your passwords frequently! The one thing that criminals want are your credentials, the most common way they get them is through phishing emails. There's a common misconception that hackers are sitting in a basement or an attic somewhere “hacking” into a company, the reality is they send emails to busy people!
What do you look for when recruiting talent to your team?
I encourage my hiring managers to recruit for skill sets, not titles. That really opens the aperture as to where you look for talent. Smart people learn. My leadership team is a great example, they are very different people and personalities, and that's by design. They think differently, they challenge each other differently. When you get that level of diversity, and it's a safe place for people to really challenge each other while having each others’ backs, magical things happen.
Women and minorities are underrepresented in cybersecurity positions. What is your advice for those who aspire to security leadership roles?
Do it; just do it. People think that you have to be a hacker to be in security. You don't. The security community is extremely supportive and open, and wants to see people succeed. I have people on my team who were tour guides, construction workers, people who worked in finance and legal, as analysts and engineers in IT jobs. I would encourage people not to think about the lack of what they have and, instead, think about how they can apply their skills to problem solving in cybersecurity, the day-to-day skills can be learned. This diversity of thought and diversity of backgrounds is what inspires unique thinking and helps us find solutions more quickly.
You are the Executive Sponsor of PRIDE, the DocuSign employee resource group (ERG) for LGBTQIA employees, which stands for Professionalism, Respect, Integrity, Diversity and Excellence. What are the greatest challenges and benefits of PRIDE?
When you think about belonging in an organization, it is important that people see that there are others like them. The PRIDE ERG is very active. Our members of PRIDE are incredible, they are huge advocates and they get involved.
We host many events to raise awareness and gain allies. These efforts have helped create a safe place and inclusive culture at DocuSign and that encourages our employees to show up more as their authentic selves. Yet unlike many ERGs, the challenge for PRIDE is that sometimes employees fear joining because they may out themsleves ot sometimes members dont want to ask others to join, because what does “gay” look like? It's very much a self-disclosed group of people because gay doesn't have a single face. We rely on people who do feel comfortable in themselves to share their stories, which so many do and it is incredibly inspiring.
Do you have a guiding principle that influences, supports your creativity or leadership style?
Yes, I have many. But my mantra is let's not forget that we're human beings first. When you can get people to work together and do so in a way that cares for one another, amazing things can happen. Oftentimes, in the work we do, we get numb to the fact that there are criminals on the other end of what we're doing. And we get lost in numbers and code and attacks. I always encourage teams to pop up their heads and check in on one another. That camaraderie and spirit with your team makes us stronger and more secure because everyone's looking out for one another.
DocuSign’s values are Trusted. Loved. Responsible. Which is your favorite value and why?
Trust. Trust inspires love, you can't love someone you don't trust, and you can't be responsible if you're not trusted. Trust is the foundation of absolutely every relationship we have.
The CEO of DocuSign, Dan Springer, said he wants everybody to look back at their time and say they did the work of their life at DocuSign. Are you?
Yes, absolutely! How many times do you get the opportunity to be involved in a company with such hyper growth and amazing people? Not many. It's exciting to be a part of that. A big reason why I came to DocuSign was the opportunity to influence the direction of how we are building trust with our customers, partners, our employees and our signers. It just doesn't get any more meaningful than that.
Besides work, what other endeavors do you find gratifying?
I absolutely love to cook. I have a food blog. For me, it's a way of loving people. Many times, when I go to the grocery store, I just want to cry at how beautiful the vegetables look. How can I do this piece of food justice? What am I going to do with it? I get so much joy from shopping for food, looking at what's in season and cooking for people I love.
Interested in doing the work of your life at DocuSign? Check out our openings. We’d love to talk.