Cryptocurrency and cybersecurity are inseparable. As our Chief Information Security Officer, Norah Beers dedicates her time managing a dynamic digital threat landscape. In this edition of “5 Questions With…” she explains what led her to this field, and why she’s taking her experience in integrated risk management for financial services and applying it to cryptocurrency:
Q: Welcome to Grayscale! What are some of the highlights of your professional career that led you to this moment, as Grayscale’s new Chief Information Security Officer?
A:I’ve been in the broader risk management space for more than a decade, and most of that in information security, but I came up in the industry via an abnormal route. I did a stint in Strategy Consulting out of college, and then joined Bridgewater’s management training program. I found I was most drawn to the challenges of risk management. You have to look at the big picture, prioritize, and balance risk reduction with all the other goals of the organization. Also, I’m mission-oriented, and since risk inherently matters to every part of the organization, it’s easy to pull a team together and make progress.
After I got some experience on the Finance, Legal & Compliance, and Security teams, I was partnered with the (then new) CSO to overhaul Bridgewater’s security program, just as the CTO was doing the same for the full tech stack. That transformation took about four years and touched every aspect of security as well as technology productivity, infrastructure, and business continuity. It was a great survey of everything in the field, and I’m excited to use that experience at Grayscale.
Q: How did you “get into” crypto? What piqued your interest in the asset class?
A: Crypto was born out of security, so I understand the underlying tech and I love that so many people in the space are security-minded. This is a new adventure for me, but information security has always been a fast-paced field, and the disruption caused by crypto is spurring tremendous innovation. I’m so excited to work in the thick of that.
Q: In the face of constant change, how do you approach information security, broadly, and what does it take to stay not just one — but two steps ahead of these changes — to identify potential future vulnerabilities?
A: That’s what is so exciting about security: threats evolve quickly and that incentivizes innovation on the defense side to try to keep up– even more so in the crypto space. There are lots of great resources available to stay on top of emerging threats, as well as approaches or tools to contain them, but practically, you can’t eliminate all risks and still have a productive company. You should have layers of controls around what matters most, and you still need to be prepared in case those fail. I think it’s important to understand the company you are protecting, what matters to them, how do they do work, and create a security strategy tailored to them and based on their risk tolerance.
Q: Keeping this next question simple: why Grayscale?
A: I knew I wanted to build a security program at a fast-growing firm that utilized my background, but beyond those initial filters, I really wanted to work with a great team and with smart, driven people who share my values.
I believe the most effective organizations encourage individuals to take ownership and drive change, while building cohesive teams that work toward a common goal. As I got to know the team at Grayscale, I could see that everyone was rowing in the same direction. You don’t end up with a company full of entrepreneurial people working together well by accident – it’s clearly a purposeful ethos. It gave me confidence that this was the right place for me.
Q: What is something you know now that you wish you knew at the start of your career?
A: Success is not an end goal. For a long time, I was focused on activities and efforts that would open new opportunities for me — doing well in school, finding the right internships, and taking jobs that would make me attractive to future employers – but I don’t think I effectively balanced that with narrowing down what I really wanted to do. That left me with tons of opportunity, but not a lot of direction. The two are obviously not mutually exclusive. Having an array of experiences can tell you what you want, but only if you listen. If I had it to do over, I would step back periodically to think about what I had learned and set purposeful goals with those learnings in mind.