Tech Icon Spotlight: Darren Challey

VP, CISO at Remitly

 

What do nuclear engineering and cybersecurity have in common? Both are hard, technical problems with zero margin for error–precisely the type of challenge that Darren Challey enjoys the most.

 

From designing systems for the nuclear naval fleet to leading cybersecurity efforts at GE, Expedia, and Amazon, Challey has built a unique leadership style that ensures his teams take an intelligent approach to risk. As the CISO at the global payments platform Remitly, he is taking that same approach to protect international money transfers from fraud and attack.

 

Riviera Partners spoke to Challey to hear his perspective on cybersecurity as a business issue, how his approach to leadership has adapted over the years, the critical role communication plays in security, and the unexpected impact leaders can have on others.

01

Security is a
business problem,
not a technical problem

02

Pick a
persona

03

There’s no such
thing as too
much communication

04

Mentorship
takes
many forms

01

Security is a
business problem,
not a technical problem

When Challey transitioned to cybersecurity nearly 20 years ago, it was a burgeoning specialty tucked deep under IT’s remit. While many organizations still treat cybersecurity as a technical function, Challey believes that the smart organizations are the ones that approach cybersecurity as a business issue. 

“Cybersecurity should be a part of the product strategy, while the CISO should be included in any business discussion,” he said. “Security should have the ability to be directly involved with every department, whether its HR, marketing, sales, or operations. A security leader should be a business leader, not just a technical leader.”

“A security leader should be a business leader, not just a technical leader.”

02

Pick a
persona

Every leader develops their leadership style in their own way. The key is to develop a style that is authentic and organic to who you are as a person, rather than try to adopt the style of another. 

“Many years ago, I had a mentor who gave me the really hard feedback that I was behaving differently in the corporate environment than I was outside the office. The feedback was essentially, ‘When we go out to dinner, people love you, but when you sit down at that desk you become somebody different.’ I had the epiphany that I didn’t need to be two different people,” Challey said.

Since that conversation, Challey has worked to meld those two personas together to create a leadership style that can demand results without alienating staff. 

“I realized I don’t have to have a hard persona or be a jerk. I’m a bit quirky and no longer feel like I have to hide that. The person who is at an audit committee meeting can be the same person who’s reading a book to their kids at night.”

“The person who is at an audit committee meeting can be the same person who’s reading a book to their kids at night.”

03

There’s no such
thing as too
much communication

In the world of cybersecurity, communication is job one. The more that cybersecurity leaders can communicate risk to their business partners, the better decisions the business can make about when to embrace risk and when to pull back. 

“Communication is essential to risk management. You can’t manage risk in a vacuum; you need to make sure your executives are brought along on that journey so they truly understand what you are recommending and what they are signing off on,” Challey said. “I try to avoid surprises; If you’re consistently not surprising your leadership, that’s a good measure of how effective you are.”

Communication is especially important for growth-minded companies seeking first-mover advantage and accelerated speed to market. “A smaller organization may need to lean into risk because there’s inherent value in getting to market, while a larger organization may be more risk averse since the risk isn’t worth the reward. As a security leader, I have to help those decision makers understand the trade-offs,” he said.

To keep the right people in the know, Challey has developed a rigorous communications plan that defines what needs to be communicated to whom. “I have about 40 different items that define what messages need to be sent to which audiences and when. This keeps others accountable, because it can’t all be up to security.” 

“I try to avoid surprises; If you’re consistently not surprising your leadership, that’s a good measure of how effective you are.”

04

Mentorship
takes
many forms

Many leaders take great pride in the role they play helping others advance their career. While these opportunities often come in the form of formal mentorship, you never know the impact that even a chance encounter can have on the path of another. 

Technical leaders should realize how informal mentoring and small moments can affect the careers of their team. By fostering an environment where advice and feedback are freely shared, a leader can make a lasting difference. 

“I’ve had some really surprising moments with people who tell me years later how much my mentoring meant to them, and I didn’t realize I was mentoring them. They would bring up some advice or support I had provided them, which I had no knowledge of at the time how impactful it was for them,” Challey said. “It’s always a real pleasure when someone shares how my actions have been meaningful to them.”

“It’s always a real pleasure when someone shares how my actions have been meaningful to them.”

Accessibility by WAH