Like most children, Mike Newborn wanted to understand everything about the world around him. Growing up, he often took apart household objects—a hobby his parents tolerated with surprising patience. As he got older, he learned how to repair common electronics like music players. His self-taught skills later transferred to building computers and serving as an unofficial IT guru for his family and friends. This passion and natural aptitude for solving tricky tech problems followed him to the University of Virginia, where he completed several internships focused on IT technical support. He also may or may not have crashed the school’s network for an hour or so while attempting to recruit his friends for an online video game (the rumors remain unsubstantiated, according to Newborn).
When he landed his first full-time job at Network Solutions (VeriSign), the position combined his love of solving difficult technological problems with a desire to help people. As an IT consultant, Newborn gained valuable hands-on experience that shaped his career path. At the time, the organization was responsible for running a sizable portion of the Domain Name Service (DNS) for the internet.
“I was immediately thrown into cybersecurity,” he says. “My first big project at Network Solutions required helping a large financial institution address a network security challenge.”
His time at the company also involved working on many projects and initiatives, including running security preventative, detective, and response technologies, managing security incidents, overseeing security architecture, implementing application security, and managing internal governance and risk teams.
Following his tenure at Network Solutions, Newborn earned senior cybersecurity roles at Bloomberg and McKinsey & Company. “Each experience was extremely enlightening and helped me build on my skillset,” he reflects.
Today, he is the Chief Information Security Officer (CISO) at Navy Federal Credit Union.
Here, Newborn shares why he’s inspired by his work, how his team tackled the unforeseen challenges brought on by the COVID-19 pandemic, and his best advice for IT candidates looking to earn leadership roles at Navy Federal and beyond.
What led to your job at Navy Federal Credit Union, and how did you know the company would be a good fit?
One day while boarding a flight for a work trip, I got a LinkedIn notification from a recruiter at Navy Federal Credit Union. I tend to ignore these requests, but my family had recently expressed concerns about the amount of travel I’d been doing. I thought I would explore other opportunities that could provide a better work-life balance.
I quickly discovered that Navy Federal offered the benefits of a financial institution and would likely provide strong funding and support for cyber risk management. At the same time, they were committed to supporting their members who put their lives on the line to protect my family and our country. On top of that, Navy Federal was undergoing a digital transformation, which was similar to the work I was already doing at McKinsey. In addition to researching online, I spoke with friends and colleagues to better understand the company’s culture and reputation. What cinched the deal was the interactions I had during my interview process. I decided to be myself and interview them while they were interviewing me.
In the end, I accepted their job offer and, in the process, I convinced the CEO to implement a new policy allowing employees to wear jeans to work. This was important because I knew that to recruit and retain top talent, we needed to offer a flexible dress code and foster a fun, more relaxed work environment. To sum it up, I was looking for a place where I could be challenged, make a positive impact through meaningful work, have strong program support, enjoy a collegial environment, and gain work-life balance.
What are your core responsibilities as Navy Federal Credit Union’s Chief Information Security Officer (CISO)? Why does this work excite or inspire you?
I’m responsible for all things associated with cyber risk management. I work with and alongside talented people who support our mission and vision. Our responsibilities include incident detection and response, penetration testing, application security, vulnerability management, governance and risk management, and regular briefings with senior leadership and our board. Information security risk represents one of our top risk areas for the organization, so our work is impactful, invigorating, challenging, and fun.
You have over 25 years of experience in the information security field and have been at Navy Federal since 2019. What’s one highlight or accomplishment of your career that you’re most proud of, and why?
Early in my career, while I was at VeriSign, we experienced a large, distributed denial of service attack (DDoS) on the DNS infrastructure that had the potential to disrupt the integrity of the internet.
My office telephone rang; someone on the other end said they were with The White House Situation Room and wanted an intelligence update on the ongoing attack. I thought it was a prank, but I put the caller on hold to check with my boss. He confirmed the call was legit and had “forgotten” to tell me he’d given them my office number!
This event pushed me to create a more robust DDoS mitigation capability for the company, leading to a new service for VeriSign’s clients to protect their infrastructure from similar attacks.
What’s the biggest challenge you’ve faced thus far in your tenure at Navy Federal, and how did you overcome it?
The COVID-19 pandemic presented a big challenge for our members and employees. As we were used to an in-person office culture, our remote access and monitoring capabilities needed refining for a large remote workforce.
However, our teams pulled together in a crisis. Within weeks, we quickly deployed more end-user workstations, upgraded our multifactor authentication system, and scaled key components of our technology stack to support over 24,000 team members worldwide. Simultaneously, we enhanced our monitoring and cyber risk management practices to ensure the appropriate protections and capabilities remained in place.
What are some common misconceptions about your role and industry, and how would you respond to them?
One common misconception is that cybersecurity professionals act as sand in the gears of business processes. Security professionals can best support key stakeholders when they are informed of all material risks and are trusted to co-create safe business solutions.
Another misconception is that cyber risk management professionals use fear, uncertainty, and doubt to scare leadership into following their advice. While it’s true that cyber risk is a top enterprise risk, cyber professionals best serve their organizations with pragmatic guidance. Rather than over-indexing on fear, explaining the real risks to your business partner and acknowledging the pros and cons of different directions goes a long way. It’s not uncommon for a responsible business partner to react to something scary they read online and try to do the right thing to protect Navy Federal members by pivoting away from their original plans. This is where a good cyber advisor can tell them, “Yes, and here’s what you can do to reduce our risk and minimize any potential concerns.” This will cultivate long-term partnerships based on trust and ensure balanced investments for the business.
How would you describe your leadership style? How have you evolved or grown as a leader since joining Navy Federal?
Generally, I embrace a combination of servant leadership and a federated decision-making process. I believe in a feedback-oriented culture, ensuring everybody knows where they stand and how to make an impact.
Over the past five and a half years, my appreciation for the complexities of our business has evolved. I’ve concentrated on building stronger cross-departmental relationships with peers and key stakeholders. This has paid dividends in breaking down silos across teams, working more efficiently, materially improving our overall cyber maturity and moving faster with our digital transformation efforts. Thanks to this approach and the phenomenal work in the department, the Security organization is now viewed as a much stronger business partner.
How does Navy Federal’s culture empower employees to take control of their careers? How have you been personally supported to thrive and succeed?
Navy Federal’s culture provides many opportunities for career growth and internal mobility, including training opportunities, mentorship programs, job shadowing, and focused programs that allow employees to gain exposure to other areas of the business.
I’ve been able to explore different avenues that benefit the company and my specific career aspirations. For example, I’ve joined customer advisory boards, an external venture capitalist advisory board, and a nonprofit board. Additionally, I’ve had the chance to attend external industry events and retain memberships in cybersecurity-related networks.
What advice do you have for those looking to transition into a leadership role at Navy Federal? What should they do to be successful at the company and in their careers?
You’ll need a few key ingredients to succeed: passion, partnership, and opportunity. It’s important to enjoy what you’re doing and have a strong drive to learn and grow. Study different leadership techniques and understand Navy Federal’s leadership culture. You need to be willing to see things from different viewpoints and lead with empathy. It’s also helpful to connect the dots between projects and initiatives—understand where you and your team fit in, and why.
Partnership is also important, especially at the more senior leadership levels within the organization. To frame yourself as a trusted advisor in your field, you’ll need to develop strong, trustworthy relationships with your peers and leadership. So, it’s important to put in the time to build strong relationships across the organization.
Finally, have a solid game plan and understand how to stand out so that when an opportunity comes up, you don’t have to ask because they ask you!