Interview with

Nashira Washington Layade

SVP, Chief Information Security Officer for Realogy Holdings Corp.

Original Interview, June 28, 2018

Nashira Washington Layade is SVP, Chief Information Security Officer for Realogy Holdings Corp. The company elevated the CISO role to an SVP level when Layade arrived. Born in Brooklyn, she was convinced she would go to Harvard and become a divorce lawyer. With a strong aptitude in math and science, Nashira's dad had other plans.

Tell us a little bit about your background and what drove you into the tech industry.

My dad told me I was going to be an engineer. I went to a high school summer program at Massachusetts Institute of Technology (MIT) and studied tech and loved it, but I thought, "Okay, fine. I'll be an engineer." For college, I got into MIT, but chose University of Pennsylvania for the opportunity to combine both engineering and business classes at Wharton, much to my parents' disappointment.

I majored in Computer Science and between my junior and senior year, I landed an internship at Telcordia Technologies and was offered a full-time job upon graduating. At Telcordia, I was first introduced to InfoSec, and I fell in love and never looked back. There, I was supposed to be a consultant and do assessments of banks, primarily in South America, but the company took a downturn.

After Telcordia, I went to The Windermere Group as a United States government contractor. I worked out of Fort Monmouth supporting the first Afghan war, Operation Enduring Freedom, doing intrusion detection and penetration testing to keep the systems safe there.

The cyclical nature of government contract work and its financial uncertainty wasn't something Nashira liked. And, she was ready to put down roots and buy a home. Just over a year after graduating, she was hired at Bloomberg LP.

I was 23 and worked third shift at Bloomberg, which was not so good for my social life. I worked 12-hour shifts, from 7 PM Saturday night to 7AM Wednesday morning. Because I had off Wednesday through Friday, I was able to get a master's degree in Telecommunication Networks at Polytechnic University before it merged with New York University.

At Bloomberg, I worked in the data center monitoring their Intrusion Detection Systems. After 10 months, there was an opportunity on the corporate side to work directly for the CISO. They were looking for someone with 5 to 7 years' experience. I had 3-years' experience, but thought, ‘Heck I'll let someone tell me NO before I tell myself NO.' I got hired. My boss was really amazing, taught me a lot and didn't hold me back.

After working for Bloomberg for 3 years, I was ready for another challenge and wanted to learn more about the tech industry. Citibank hired me to do security analysis for mergers & acquisitions but then converted my role into conducting third-party vendor reviews. It was a massive organization, and I was able to move around the organization supporting both corporate as well as a revenue generating business unit.

With respect to changing jobs and taking on new challenges, what is your guiding principle?

I do not fear change, and I don't fear taking on new and challenging roles. I search for opportunities that allow me to expand both my knowledge and skill-base. One thing I've been very big on is stability because my mortgage has to be paid. After three and a half years at Citi, I went to Prudential Financial in Newark. This was at the time when HIPAA Hi-Tech and the Massachusetts data breach privacy law came out. My role was a 50-50 split between information security and data privacy. During that time, I got married, pregnant and took some time off to deal with a family emergency.

In 2011, Nashira was hired at Time Warner, which was developing and maturing its corporate security program.

Similar to when I was at Bloomberg, Time Warner was another acceleration point for my career. Before I joined the company, they didn't have a data privacy program in place. I ran the corporate information security, data privacy and information risk management program for nearly five years.

By this time, I'd been in the field for 16 years building my career to be a CISO. When Time Warner's first CISO role posted, I didn't apply because of the decentralized nature of the organization. If something were to impact any of the TW divisions, it may have impacted the entire company and impacted the stock price. It was too risky operating in a decentralized organization, and the CISO has the ultimate responsibility for cyber risk across the enterprise. I knew I wanted to be a CISO, but the Time Warner model didn't work for me. The opportunity at Realogy came along and it offered a chance to build - I love to build.

You've had significant roles and 5 major organizations since graduating college. What lessons did you learn at each organization?

Bloomberg, Global Head, Sept 2002 - Nov 2005:   Allow other people to say ‘no,' but don't say ‘no' to yourself. I only had 3 years' experience in the field, not the minimum five years' experience required in the job posting. My boss liked me, saw something in me, and hired me. Just go for it.

Citibank, VP Senior Risk Control Officer, Nov 2005 - March 2009:   Don't be afraid to move around. The great thing about being in an organization with 300,000 employees is you can dicsover different parts of the organization. For me, the big thing was moving from a corporate position to working in a business unit, so I could fully understand the complaints, and how to resolve them.

Prudential Financial, Director InfoSec, March 2009 - January 2011:   Prudential was all about the data security. It was the first time I had a reporting line into women. Prior to this role, I worked mostly for and with men. By comparison it was such an emotionally toxic environment. I learned how to be mindful of managing. That experience made me a kick ass manager and taught me how women sometimes overcompensate due to the different way we are often judged in Corporate America.

Realogy, SVP Chief Information Security Officer:   Compared to the other organizations for which I've worked, it's unregulated. That's one of the reasons I love it. I can be a little more creative. I've been able to transform the security program - now it's more risk-based. Here, I can build and, I I mentioned earlier, I get excited about building.

How do you develop women in the organization?

I have a team of 33. Five of them are women that are responsible for the information security and privacy of 12,000 employees and 55,000+ agents. We have to kick ass. This year we became a sponsor of the Executive Women's Forum. I am very vocal with both my team and HR about my interest in hiring from a diverse candidate base, with a specific emphasis on women. I'm all about encouraging women, supporting them, and pushing them to reach their maximum potential (and beyond). I send the women on my team articles, industry events, and anything of interest that will build them up and motivate them. I talk to them… really talk to them and ask where they want to be and how I can help make the next best move for their career.

I'm also aware of how men interact. I grab pizza, beers, and talk football. Just because I'm a woman, doesn't mean I can't be one of the boys as well. My office is a revolving door.

What about equal pay?

When I first started at Realogy, I conducted a salary evaluation to self-educate. I also talk to my staff about market reference range & other concepts to help them understand their market worth.

Have you always been able to have so-called life/work balance?

Part of my rationale for leaving Time Warner was that my work/life balance started to get crazy. When I first started there, I worked from home once a week. Unfortunately, there were changes in management that did not support remote-work and other types of flexibility that I relied upon. That's not what I signed up for.

My priority is my son. He is first. Period. Point blank. I often tell my husband that if I die first, there are only three paragraphs to summarize my life and that he should not waste any letters, words, sentences, paragraphs about what I accomplished professionally. I love my career but being a CISO does not define me. It's what I do, not who I am. My husband knows to use my three paragraphs to describe who I was as a Wife, a Mom, and a Christian and talk about how I helped my community.

I was blessed that my mom was a teacher. I had her around during summers. During the summer, my son stays with my parents in Georgia because I'm working. I bust my behind to give him a good life. I believe, fundamentally, that parents are minimally responsible to provide as good a life as their parents provided for them. My parents sacrificed A LOT to send me to schools like Andover and the University of Pennsylvania while supporting all my extracurricular activities (piano, viola, gymnastics, swimming, etc.).

Having have worked under so many talented men, what do you say are your best qualities?

I'm personable. I'm honest. I share a lot with my team and I give them my time. Every one of my direct reports has my home and personal cell phone numbers. They know that if they need me, all they have to do is pick up the phone. They also know I fight for them and protect them to get the job done. If there is conflict, blame me…so & so was following my direction.

From an executive management perspective, I'm strategic and get things done. I work really hard and smart. Give me time and I'll figure the problem out. I also know that when I get home, I have to be a mommy and wife.

Do you bring different qualities?

While I have a technical background, I haven't strictly focused on technology in years. I have to gauge technology and listen to the business needs: What technology can I implement to get you what you need.

Regulatory and technology perspectives are strengths of mine. I can use a regulation to guide my decision. Some of the other CISOs are hard core technologists. They get caught up in that. In my opinion, being a CISO is all about risk management. The board is expecting me to manage cyber and information risk.

It is important for me to be seen as a partner to the business. Often, security is the voice of "No," which is the roadblock. I take the time to listen before I act.

Essentially there has been a revolution in security since you started. Can you elaborate a bit?

When I first got into InfoSec in 2000-2002, B2B started to explode; just an advance in the technology in general. It has really shifted from straight network security, which is why my master's degree is in telecom. Now the field combines cyber security, general InfoSec, risk management, infrastructure, incident response, technical cyber-security, training, and awareness. 18 years ago, the multi-faceted nature of InfoSec did not exist.

Do you still have a "love affair" with InfoSec?

Yes, I still have a love affair with InfoSec. I felt the same way when I was first introduced to the field. I've been blessed to reach this stage of my career before the age of 40. I plan to retire at age 59. So, 20 years to go. I'm grappling with what's next. I'm flirting with law school and am figuring out how to bridge that with my security experience. I did what my dad wanted me to do in pursuing the engineering, but I am a big supporter of having underrepresented minorities pursue careers in math and science.

Is it ever too early to start building a foundation for success?

Not at all. My son is exasperated at how much I push math and science on him, but it's the way I was raised. My parents consistently pushed me to always be a top student. I once got a 92 percent on a test and my father said ‘Baby, you can do better. You can get a 100." The next test I made the 100 and his response was "Oh, this is good baby, but did you ask for extra credit?" I was only in the fourth or fifth grade at the time.

Because of that foundation, I constantly push myself and those around me. There is no such thing as "good enough" or resting on laurels. I always ask myself "What's next? What's next to achieve and conquer Nashira?" I do realize that at some point I have to slow down. I am sometimes afraid that I'll get to 59, retire, and my brain will conk out from over-exhaustion from being constantly pushed. It won't know how to rest and relax.

If you were to meet the most interesting person in the world, what is it you would want them to know about you?

That staying grounded matters. My family is everything, and I've been blessed beyond belief. My parents have been amazing. They worked their tails off to get me where I am. Considering where I grew up, statistically speaking, I'm not supposed to be where I am. It's important to remember from where you came and to give back.

You describe the company mission at Realogy: "We do real-estate and holistic management of real-estate." What worries you most as CISO?

It's really interesting to partner with independent agents, many in the 50-60 age range, who are responsible for the largest transaction of a person's life. They're not employees, and I cannot control their devices. Reputational risk is huge. If something major were to happen to one of our brands, it can present a major risk to our company. This is what keeps me up at night.

Deborah Feyerick

All interviews were conducted by Deborah Feyerick, an award-winning National Correspondent specializing in security, crime, terrorism and breaking news. Deborah was part of CNN's team of anchors & reporters for 20 years.