When the pandemic made digital signatures imperative, Emily Heath was on hand to help people feel more comfortable.
Listen to Heath’s full conversation with our CEO Daniel Barber on the Grailcast.
The Pandemic’s Impact on Heath’s Work
During the height of the pandemic, DocuSign helped governments move money for the Payment Protection Program and other relief efforts. The organization supported schools and hospitals in securing critical equipment. And, of course, the business facilitated millions of signatures for individuals who could no longer get to their banks, employers, or business partners in person.
“People still need signatures, and in the days of COVID, there’s no other options,” DocuSign Senior Vice President and Chief Trust & Security Officer Emily Heath said on The Grailcast. “It was pretty heartwarming to see how we could truly be a part of the digital journey that made a major difference in people’s lives.”
Although people were becoming more comfortable with digital signatures before the pandemic, many folks still had qualms about putting their most sensitive data – from social security numbers to bank account information – into a digital form. They needed to know that they could trust DocuSign to protect their data, which is where Heath and her team came in.
“What we’re trying to do is inspire a feeling,” she said. Security is an essential part of that. Most consumers care most about their personal relationship with a business: they need to feel like they can trust the provider.
How the Docusign Team Builds Trust With Privacy and Security
Heath builds trust by taking an “open book” approach to privacy and security. She aims for transparency throughout the organization, taking steps like dedicating webpages to an overview of security measures.
“As an organization, the way you build trust is through transparency,” Heath said. She also thinks about the various organizational ecosystems that DocuSign fits into.
“Everywhere you’ve got any connection is a potential attack vector,” she said. To protect customers’ trust in DocuSign, Heath makes sure that her team thoroughly understands the digital footprint of DocuSign, including where data flows and which third parties have access to it. “The more you leverage technology and resources, the more we have to pay attention to it,” Heath said.
Heath’s Unique Trajectory to Becoming a Security Leader
Heath fell into security almost by default. She began her career as a detective in England, investigating high-yield investment fraud. After she moved into the private sector and more regulation entered the data security space, she was tasked with overseeing compliance.
“With some form of law enforcement and legal background, I was anointed to be the person to figure out what all of this meant,” she said.
She worked in security at AECOM and United Airlines before joining DocuSign in October 2019, just before the pandemic. Although COVID brought more demand for secure digital signatures, Heath said her team rose to the challenge. “To see how people working together can really, truly make a difference in times that are just difficult, I’d say that was a really pleasant surprise,” she said. Experts regularly help each other, not just within DocuSign, but in the security sector in general.
On Finding Comradarie in the Security Industry
“Nobody wants to see anyone else in the headlines,” she said. “It’s one of the wonderful, magnificent things about this industry. We’re all trying to fight crime at the end of the day. Let’s not forget there are criminals coming for us. And the way for us to solve those problems is to work together.”
That goal unified the industry, Heath said.
“I don’t hesitate to ask for help, and when other people ask for help, we don’t hesitate to give it,” she said.
The same applies to people who are getting into the industry. Data security isn’t just for hackers, Heath said. She said that a variety of analytical skill sets are needed to keep data safe, so getting experience in different parts of security and technology will strengthen your qualifications.
To keep abreast of the latest information, Heath uses these resources:
- The Wall Street Journal: Heath starts every day reading the newspaper. “Security and privacy have so many facets that… keeping tabs on day-to-day activities that are happening in the world is just a part of our job,” she said.
- Cybersecurity Ventures and Cybercrime Magazine: Digital resource focused on the latest trends in cybercrime and security threats.
- CSO Magazine: A digital publication focused on security news and analysis.
- Annual reports: Organizations including the Ponemon Institute, CrowdStrike, FireEye, and Monday all put out annual reports that are helpful for understanding trends in the industry. “These security organizations spend a ton of time, money and effort on R&D, and they show that in their annual reports,” Heath said.
- Social media: Heath has a dedicated Twitter feed that she “constantly” monitors.
Most importantly, Heath gets her information from her colleagues and other data and security professionals.
“There is a camaraderie and a spirit that people want to help people out, genuinely,” she said.
To get the newest Grailcast episodes and blog summaries in your inbox, subscribe to our newsletter.