SINC’s Director of Content Annie Liljegren spoke with Deena Swatzie in August 2021, and has edited this interview for length and clarity.
My guest today is Deena Swatzie, GVP Cyber Security Strategy and Digital Innovation at Truist (formerly SunTrust), and who’ll be featured at our 2021 Southeast Forum, September 19-21 in Miami.
Thanks for being here, ma’am. I’m particularly excited to be speaking with you because your experience leading through the last 18 months took place under some interesting circumstances.
To refresh everyone on the narrative: Truist resulted from the merger of BB&T with SunTrust (where, in 2019, you were Group VP Cyber Security, GRC Manager). So the merger is announced February 2019, it’s completed in December 2019, presumably everyone’s geared up to tackle those resultant challenges—and then 2020 comes.
As you began to realize the scope of what would be required in addition to the anticipated challenges for that year, what strategy or value or mindset did you arm yourself with? What was crucial to navigating that period?
Deena Swatzie: Thank you, Annie. I think the biggest thing I’ve understood, from the time the merger was announced to today: you have to be able to adapt to change. You’ve heard that so many times over the years: change is good, change is inevitable, but in this particular instance, you really had to be able to adapt. Everything changed for us—this was not a simple acquisition where you’re making a couple changes to pull them into your organization—it was everything from top to bottom. Every department was impacted, and everywhere, and so I think that was the biggest challenge: trying to understand, and manage, and navigate through all the changes.
But the good part was, we weren’t the only ones in the middle of this. My team wasn’t the only one, and you as an individual weren’t the only one, we were all in it together. Working from a positive standpoint actually helped a lot during 2020.
“In this particular instance, you really had to be able to adapt.”
One might assume the dual circumstances made everything worse, that it was equivalent to steering through two storms at the same time. But were there ways in which the remote working conditions actually served as a benefit?
Deena Swatzie: As far as the merger, we had already anticipated all those challenges, so we were already going through the trenches with the merger itself. But when the pandemic hit, I think in some ways it was helpful not to have the extra stress of traveling or of going into the office. With everyone at home, you were at least not having to deal with implementing all of the social distancing guidelines, or being concerned about being in common areas with other teammates.
Of course there are other stressors that come along with being at home, but when you’re virtual you typically have a bit more time to focus on your work and you do lose some distractions. There’s always positives and negatives, but I try to always focus on the positives because the pandemic itself was just brutal for everyone, I think.
Understanding you’ll probably have to be vague here, but was there a process or a system that impressed you as having its value absolutely demonstrated—something you were relieved to have already done away with or to have in place?
Deena Swatzie: You’re right, from an organizational standpoint that’s a delicate question, but I think what you can say is that a situation like this provides an opportunity to build upon the strengths and successes of each organization. And this can be applied to any situation, right? It doesn’t matter what magnitude, how large or small companies are, or even what’s going on—I think you can always draw from the positive, which is to say, build on each other’s successes and strengths.
No one person and no one organization does it the right way, but when you look at both, now you have two versions. You get to see what works best for each one, and then you can decide what’s going to be best overall going forward. In some ways it makes it a lot easier, because you have something to build on.
What were you emphasizing to your team during this time? What did they most often hear you say?
Deena Swatzie: I think it goes back to adapting to change. One thing I really emphasized with my team was you are not alone, and we are all in this boat together. Whenever you’re sitting in meetings or engaging with other teams, realize they’re going through the same thing.
And the second thing was: ask as many questions as you want. This is a great time to ask questions, even questions that may not fully make sense. There’s no question that isn’t valuable right now, because somebody else is probably thinking the same thing.
“This is a great time to ask questions—there’s no question that isn’t valuable right now.”
I want to ask you about backlash to the ‘best of breed’ approach. We’re hearing some frustration from the community over the seemingly-endless array of products, especially where the tech doesn’t necessarily integrate well, or where an organization is only utilizing 10% of their already-implemented solutions.
How do we go about balancing customization needs with the benefits of consolidation?
Deena Swatzie: Boy, that’s a good one. A key thing I’m focused on, and what I think everyone is really focused on, is of course consolidation of tools. If you look at the research that’s one of the current trends—they call it ‘security organization evolution’—trying to plan for vendor consolidation. The goal is always to try to reduce the extreme complexity that comes from having so many different products, technology, applications, and so forth. Those costs will continue to drive up, so we need to simplify operations as much as possible.
I know it’s a struggle for the vendors, but I think the more their products—especially larger products—can plug and play with each other, I think that will help them in the long run. But it is a challenge for vendors and I wish I had the answer for them.
And I think everyone is looking at this issue. Everyone is thinking about cost, and the pandemic shed a lot of light on where people are really challenged with operational expenses. If you’re at home all the time, you look at things from a different angle now, and you have a different viewpoint: Do we need to spend as much money on all these different variations of products and services?
For us, we look at it holistically: we do need to consolidate more, but at the same time, maybe the vendor recommendation is to make sure your products can plug and play with everything that’s out there. The more a product can interact the easier it would be to utilize.
Given those concerns, how could vendor relationships evolve into something that’s more valuable to organizational leadership? Or put another way, what could the ideal vendor relationship look like in the future?
Deena Swatzie: That’s a great question, and a very difficult question to answer. To be honest, I’m not really sure what vendors could do differently. All the vendors are really trying to establish relationships with all the different companies, and well they should—that’s how you get your product out. And there’s so much competition.
Maybe it’s just truly understanding your customer and understanding their business, and being a bit more…compassionate instead of sales-oriented. Maybe that’s the key: thinking about what your client’s needs are and if [what you’re offering] is really the right thing for them.
I would also encourage vendors to be patient. Many of us are going through so much change and planning strategically for the next several years. Just because a product can do a certain thing—we have to look at the business side, what we’re doing, what we’re challenged with. We may have other requirements that they can’t meet and so we’ve got to consider everything. We’ve got to look at our infrastructure, we’ve got to look at customer impact.
It’s like buying a car. Sometimes you want to take a good look, but you’re not buying a car today. That’s the analogy: allow us the opportunity to keep those relationships and let us look at it, let us figure it out, but we need time to be able to determine the best fit.
We have to look internally at what’s going to provide real value before we can make decisions, and it takes time. It is not something we can just make a decision on tomorrow, and say, Great new product, great bells and whistles, we should go use it. There’s a lot of things to consider, especially when it comes to security around what products we want to use.
So be patient, establish those relationships, keep those relationships. And understand that we may not be able to use something, but it doesn’t mean we shouldn’t maintain the relationship.
The most critical part is just to be patient. If you maintain that relationship, then I’m always going to be thinking about going back to that Lexus dealership.
“We may not be able to use [a given product], but it doesn’t mean we shouldn’t maintain the relationship.”
Looking ahead, what’s top-of-mind for you as far as something you wish was getting more consideration, or something that is receiving a good deal of attention, but you think the conversation around it could improve?
Deena Swatzie: I don’t think we know how to deal with the unknown. We don’t know how to plan for the unknown. I don’t even know that we can, but that’s exactly what concerns me.
There’s always something new that pops up and takes our focus—for example, there’s so much attention on ransomware right now. But how do we look at things from a viewpoint of trying to identify what the new potential type of threats are going to be? There are some companies that do some threat analysis, and there’s a lot of us that work with different organizations to pull in the data points and do some analytics, but I think it’s always going to be a challenge trying to determine that next unknown, trying to determine what’s brewing.
If you look at Gartner or Forrester, they’re telling you what’s coming down the line in the next two to three years, or what’s hot right now, but we still don’t really know because things change daily. Things are changing constantly—our environment is changing, the threats are getting more advanced.
We can always address what’s going on today, but how do we get ahead and plan for, or at least plan to be more prepared for, what’s coming? That’s what I’m always thinking: How do we get ahead of it?
Apply to Attend
AL: Is Matt Ryan worth bringing back without Julio Jones?DS: I’m disappointed Julio’s gone. I don’t know what the deal was but Julio didn’t seem happy. If you’ve watched the special that they did on Michael Jordan?AL: Right, ‘The Last Dance.’DS: Yes, and there’s another one on the Detroit Pistons. It’s so funny when they look back at all of those players and ask why they made the decisions they made to move to different teams. And it was all whining—just like Oh well, you know, I didn’t feel like they really wanted me, or because this person was trying to be the head of the team, or Shaq was coming in.AL: (laughs)
DS: Michael Jordan has a big ego too, but he made the best of it at Chicago. So to me when they start jumping around like that it’s usually because they’re getting unhappy at the wrong things—you need to stick it out.AL: You know, this has been delightful.DS: It really has. Hopefully, things will get better and we will be there on-site to see you all in person.AL: Here’s hoping. Thank you so much, ma’am.
DS: Thank you.