Security Expert Interview Series: Nathalie Feingold
In this episode of our Security Expert Interview Series, we interviewed Nathalie Feingold. Nathalie is a data and corporate governance specialist, strategic advisor, and business angel who has extensive hands-on experience in analysing and monitoring big data in highly complex and international environments. She is also the founder of NPBA (see the company’s Linkedin page here), a Swiss company that helps businesses improve the decision-making process and foster corporate strategy definition and implementation. Nathalie discusses 3 key benefits associated with data governance and how technology in data governance is going to evolve over the next 3 to 5 years. To uncover her thoughts, continue reading the full interview below.
1. Can you give us an introduction about yourself, Nathalie? How did you venture into data and corporate governance world?
Two major experiences led me to found my company dedicated to corporate and data governance.
First of all, my 15 years spent in the Bank, going through all the levels of data analysis: from the junior job with a lot of code, research, dataviz, and obviously too much time spent cleaning data! To the position of head of retail credit risk portfolio management and participation in the retail risk committee of a systemic bank. The problems encountered here were mainly related to data governance: data quality, homogeneity of risk calculation methods throughout the world, restricted access to certain data, budgets.
This experience forged my conviction that the business of risk management and more generally corporate governance is inseparable from that of data governance. Moreover, since then, the BCBS 239 regulation precisely addresses this subject. It is a great intellectual satisfaction for me.
Then, as a business angel since 2009, I meet a lot of entrepreneurs. When I started, almost all of them said they were interested in data as a source of revenue: monetize their databases, do analytics, etc. But almost none of them presented a data strategy to achieve this. Also, many prefer to ignore that the use of free tools, apps, and other clouds, of which there are many, increases the risks and future costs.
These experiences have influenced my desire to work towards a better understanding of data issues by managers, and I, therefore, created my company NPBA in 2016. Today, my role as a director and my active participation in the Cercle Suisse des Administratrices (Swiss circle of women directors) confirm my conviction that data governance is inseparable from corporate governance.
2. You are holding the position of Data & Corporate Governance Specialist. Please tell us about the biggest challenge you are trying to overcome in that position.
Digital is still (for how long?) in its hype phase! People want to use technology and are amazed by all the comfort and efficiency it brings. An application here, the services of a start-up there. Companies, buildings, cities are being “smartified” with such ease that many decision-makers do not ask themselves the question of the big picture.
Moreover, they are not challenged by anyone: neither the governments, nor the regulator, nor the shareholders. In this context, my objective is to make decision-makers aware that behind digitalization, there is data and that it must be the subject of a proactive strategy.
3. TOP 3 business benefits associated with data governance.
Manage, protect and enhance value!
The starting point for data governance is the establishment of a KYD discipline to know your data. What data is produced, collected, and used? Is it strategic, sensitive? Who has access to it, for what purpose? Are they stored? Who manages their life cycle? These are just some of the questions that allow us to have a knowledgeable representation of the data. A balance sheet perspective and cartographic viewpoint essential to optimize business intelligence and decisions: you can’t use what you don’t know!
Governing data also allows to secure it, since at a time of increasing cyber risks, it is crucial to know where to put the priority in terms of protection and to be able to report on it to third party holders (personal data, usage data, etc.), to insurers, to regulators.
Better management and protection are obviously key to enhancing the value of data and the companies themselves. It’s a virtuous circle.
4. Is it true that the data governance is less popular with mid-sized and smaller companies? If yes, is it due to the assumed complexity or general uncertainty? How do you think?
No, in my opinion, company size has little impact. The difference is based on several factors: the company culture, the business, the regulations, the degree of digitalization, the maturity of the processes, and above all, the strategic vision.
Complexity rarely enters the discussion. On the contrary, data is often perceived in an overly simplistic way, without taking into account its complexity. For example, the ubiquity of data or the emergence of real-time decision-making requires extremely sophisticated management. In this respect, data governance can be perceived as a cost and not as an investment and is therefore not able to compete with other expenses considered as priorities.
Misgivings also come from the fact that the improvement of data circuits can be perceived as a way to increase control in the company: control of sales, risks, employees, efficiency of processes, etc. Obstruction can occur in the decision-making chains.
5. As a matter of fact, it is often difficult to convince stakeholders in the organization of the need for data governance programs and to obtain budget. What would be your recommendations in that regard?
My advice: the decision to invest and unlock budgets must come from the top! In my opinion, corporate governance needs to deal with the subject of data governance.
To date, these topics are too often relegated to the IT perimeter alone. If we take the example of data quality, it is fundamentally everyone’s business in the organization and should be part of the corporate culture, which is a key element of governance. It is a decision that needs to be driven by senior management: just like financial, risk or HR issues, data governance is inseparable from corporate governance.
6. Do you find that organizations are changing in the way that they consider data and how it can be used for strategy?
Yes, the perception of data has changed over the past 10 years. The consensus is that data is a source of revenue. But having said that… you haven’t said much. Because value doesn’t come by itself. And what’s worse, even without active management, data has a cost! It’s not enough to collect data to create value, a proactive strategy must be put in place at the highest level of the company, and this is not yet well integrated.
I also note that the regulations that have been the subject of a great deal of media hype (European GDPR, Swiss FADP, Californian CCPA…) have been beneficial for the subject to be taken into account by the companies. But as a result, many now equate “data” with “personal data of individuals”: but this is only a small area of the subject!
7. What personal development do you do to keep yourself sharp?
I have made sure to combine complementary activities that feed each other: making, learning, teaching, sharing…
Through my work, I am in contact with both makers and decision-makers: company directors, C-level executives, investors, entrepreneurs, students, developers. This allows me to look at subjects from a 360-degree perspective without losing sight of the essential: the why and the how!
I also participate in working groups as I did at the ITU, the UN agency specialized in ICT. I see several interests in this: sharing my experience to advance standards, but also progressing in my field thanks to the research that this pushes me to undertake, and of course, learning from other participants. It is always a very enriching and stimulating experience.
I regularly write articles and enjoy giving lectures, a great discipline that requires organizing one’s ideas and discussing them with an audience of experts and non-experts. And of course, I read and attend conferences, webinars. There is a lot of expertise throughout the world, the subject is vibrant!
8. How do you see technology in data governance evolving over the next 3 to 5 years?
Analysis of figures, texts, unstructured data, in real-time, assignment of rules, bias management. Today, technology can do anything! What is missing is a precise and realistic definition of the needs and problems. An efficient and useful tech will only develop if these needs and problems are identified by the leaders.
For this reason, I believe in the virtues of data literacy, consulting and, to a certain extent, standardization and even regulation. There is no doubt that once the needs have been clearly established, technology will be able to provide effective solutions. As to when that’s a difficult question!
9. Finally, if you could give your 25-year-old self just one piece of career advice, what would it be?
Be an all-rounder! In the data business, any experience is good to take. From the most tech to the least tech. From the most prestigious data-centric companies where this job is valued, to the most modest: little data, poor quality data, no tools.
Having a diversified experience allows you to acquire a technical know-how, but also an essential business knowledge, and sometimes even to develop a strategic and political sense to juggle with the different corporate cultures!
Moreover, all professions have their specificities. As a junior, I worked in public finance, Haute Couture, trade shows, large-scale distribution, and to this day, I reap the benefits in terms of data experience: the nimbleness and creativity necessary to work with tools not adapted to my needs, the pedagogy which is required when working with colleagues who are not experts in my field. In short, at 25 years of age, I think a good way to build a quality experience is to do whatever it takes!
Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.