Credit unions often promote people into executive roles based on tenure and technical skills, then find themselves puzzled when leadership doesn’t quite match the rising stakes. The industry that prides itself on developing people has sometimes overlooked that managing databases doesn’t fully prepare you to manage board dynamics, and knowing compliance doesn’t automatically teach you to read the room.
In this episode of Grow Your Credit Union, hosts Joshua Barclay and Becky Reed welcome Jason Tilley, CIO at First Advantage Federal Credit Union, to explore what separates truly effective executives from those who struggle to deliver results, why credit unions are focusing on the wrong part of the digital asset opportunity, and how cybersecurity preparation separates the survivors from the statistics.
What does it actually take to be a great executive right now?
The gap between competent and exceptional leadership has never been wider, and most credit union executives don’t realize which side they’re on. Jason Tilley identified the foundational elements: “You have to trust your staff. You have to get input from your staff. Seek out external sources of truth. You don’t know everything you don’t know.”
But here’s where most executives fail: they confuse delegation with leadership and mistake consensus-building for decision-making. The real skill is synthesizing diverse input into clear direction while maintaining team alignment. Jason emphasized the critical balance: “Ultimately, though, you still need to set the direction, and you need to make decisions once you’ve got buy-in from the rest of your team.”
Becky Reed highlighted the unique challenge facing CEOs: board management requires diplomatic skills that can’t be taught in leadership seminars. “There is a diplomacy piece to being a CEO that is something that is not as applicable or as important in the other areas of the C-suite.” The ability to manage multiple board personalities while ensuring informed decision-making separates effective CEOs from those who survive board meetings.
The hardest truth about executive excellence is that it requires political intelligence alongside technical competence. Jason captured this perfectly: “You have to be a little bit of a politician. You have to be able to read the room, identify cliques, identify little groups inside the groups.” Credit unions promote people who excel at operations into roles that require orchestrating personalities. The skills that make someone a great CFO or CIO don’t automatically translate to CEO effectiveness.
What’s changed is the speed at which executive decisions compound into institutional consequences. Bad leadership used to reveal itself over years. Now it shows up in quarters.
Credit unions are chasing custody when they should be chasing payments
The digital asset conversation reveals how credit unions consistently focus on the wrong opportunities while missing transformational possibilities. Everyone’s debating custody while ignoring the payment infrastructure revolution happening in front of them.
Jason Tilley cut through the noise with surgical precision: “I think the value in all of the developments around digital assets and crypto is around the use of that infrastructure for payments, for identity. I think those are the real values.” His recommendation? “I don’t want custody of members’ digital assets.”
The custody obsession misses the strategic point entirely. Becky Reed explained the real opportunity: “The GENIUS Act just gave anyone around the world with access to the internet and something of value to trade access to the United States financial system.” This isn’t about holding Bitcoin for members. It’s about participating in a global financial infrastructure that makes traditional payment rails look like telegraph systems.
Think about what Jason described: providing business members “an alternative merchant payment system that does not take three, four, or five percent of their transaction.” Suddenly small business profitability improves dramatically while deposits flow to the credit union. That’s not a technology play. That’s a business strategy that uses technology as the delivery mechanism.
Becky’s insight reveals the scale of transformation: “The GENIUS bill actually says a stable coin, otherwise known as a payment token.” The legislation isn’t about asset custody. It’s about payment infrastructure. Credit unions debating whether to hold crypto are like banks in 1995 debating whether to offer email while missing the internet entirely.
The institutions building payment capabilities now will own member relationships. The ones waiting for vendor solutions will rent them.
Cybersecurity preparation separates survivors from statistics
The cybersecurity conversation isn’t about technology anymore. It’s about organizational discipline and cultural preparation. Jason Tilley’s hurricane analogy captured the mindset shift required: “If you live in Hurricane Alley, do you prepare the day the hurricane arrives? You don’t. You have a plan. You have an evacuation route.”
Every credit union has incident response plans because examiners require them. But most credit unions treat cybersecurity like fire drills instead of hurricane preparation. The difference is profound. Jason emphasized regular exercises: “When you have a high-profile incident, you need to refer to your incident response plan. I think all too often, folks tend to wing it.”
The real vulnerability isn’t technical infrastructure. It’s human behavior under pressure. “A information security compromise is more than likely going to originate from a phishing incident or a social engineering incident,” Jason noted. Your firewall might be bulletproof, but your employees receive emails that appear to come from board members.
Becky Reed’s comparison to branch robbery training revealed the preparation standard required: “Every single year, we practice what happens if you get robbed. Your employees need to know what to do. They don’t need to pull out a book and start looking through to find out what do I do if I get robbed?” The same instinctive response needs to apply when employees see data encryption happening in real time.
The emerging threat landscape adds complexity that most credit unions haven’t addressed. Jason’s tabletop exercises now focus on AI-related compromises because “clearly that’s a new technology, a new development in the information security world. It didn’t exist two years ago.” Becky’s warning was stark: “You almost need AI to battle AI now. The bad guys are using AI to try to figure out how to trick us.”
Credit unions without AI policies are basically inviting data breaches through employee convenience. The institutions taking cybersecurity preparation seriously will survive. The rest will become cautionary tales.
Takeaways
- You must develop political intelligence alongside technical competence to succeed in executive roles.
- Digital asset opportunity lies in payment infrastructure, not custody services that add regulatory complexity without strategic value.
- Cybersecurity preparation requires cultural discipline and regular exercise, not just policy documentation.
- Executive greatness demands the ability to synthesize diverse input into clear direction while maintaining team alignment.
- AI-powered threats require proactive policy development and private model implementation to protect institutional data.
Full Transcript
Joshua Barclay: Today on Grow Your Credit Union, we’re exploring three big conversations shaping the movement. First up on the show, we try to answer an age-old question. What traits are required to be a great credit union executive? Next up, credit unions may have the chance to take custody of digital assets, but what opportunities and risks come with it? And finally, cyber threats are on the rise. You know that. We’ll talk through ways your credit union can better prepare for the rising wave of cyber attacks.
[Music]
Joshua Barclay: Welcome to Grow Your Credit Union, the podcast where credit union leaders gather, learn, and grow. I am your host, Joshua Barclay. Before we kick off the show, I want to remind you, if there is a topic you think we should be covering on this show, you can find me on LinkedIn, or you can send an email to info@growyourcreditunion.com. Let’s bring out my co-host, Becky Reed. Becky, what’s cracking?
Becky Reed: Howdy, y’all.
Joshua Barclay: Howdy, Becky. Becky, I wanted to do a little story time with you. So, my dad passed away a couple months ago, and I thought, you and I have never really shared any weird stories. And I kind of wanted to remember my dad today and tell you a story that happened in 1999. I’m about 13 years old, growing up in Eastern Connecticut. Light shines through my window. I think it’s a helicopter, but there’s no sound. So, it feels like there’s a spotlight shining around my bedroom, bright, lighting the whole bedroom up. You know what I think to myself, Becky? It’s a freaking UFO.
Becky Reed: [Laughter]
Joshua Barclay: Burst out of my room, wake my dad up out of sleep. It’s three or four o’clock in the morning, somewhere in that ballpark. He comes out to the porch, Becky, and our yard is 50-, 60-foot trees everywhere, heavy acreage. It’s hard to see the skyline. There’s basically trees everywhere. So, he’s looking at it for 10 minutes like, “Hmm, something is going on here. Maybe Josh is up to something.” So, I’m ready to pick up the phone, Becky, and start calling people. And this is 1999. This is house phone. If I’m calling somebody, I’m calling everybody in that house. So, I’m getting ready, and my dad says, “Hang on, hang on, hang on. Like, let’s get in the truck and drive down the street and get a better view.” Drive down the street, Becky, it’s the moon.
Becky Reed: [Laughter]
Joshua Barclay: My science teacher tells me the next morning that there was some, I don’t even know what she said to this day, but there was a phenomena with the moon where it appears to look like a spotlight. And with the trees moving around it, like reflecting the light, gave the appearance that there was a UFO. And Becky, I’ve never felt so down.
Becky Reed: [Laughter]
Joshua Barclay: I mean, I really thought this was my time to shine. I was wrong. Do you have any? I was just going to flat-out ask you, have you ever seen a UFO? But I don’t know if we lose credibility with that question early on.
Becky Reed: Well, well, you didn’t really see a UFO. You just thought you saw it.
Joshua Barclay: I thought I saw a UFO. Yeah, I think most people, right?
Becky Reed: Well, I have, I have a story. Of course, I always have a story, don’t I, Josh? So, I have a story. And my story is I grew up in California, and this was in the ’70s. And do you remember that Bigfoot sighting in the mountains of California? Yes?
Joshua Barclay: Yes.
Becky Reed: So, I was a child, and my bedroom window faced the front of the house, and I was absolutely convinced that Bigfoot was going to come down from the mountains and was going to come and get me as I was sleeping. And so, my dad, the consummate logic person, comes in my room, and he says, “Becky,” this is six-year-old Becky. “Becky, do you really think that Bigfoot is going to come down from his home in the mountains, 500 miles away, and walk all the way down our street and come to our window just to get you? I don’t think so. Go back to bed.”
Joshua Barclay: [Laughter] Your dad hitting you with realism. That was your first blow that you were dealt. You’re not that special, Becky. Bigfoot’s not coming for you. Oh, Becky, I love it. I love to kick things off with UFOs and Bigfoot. Wow, our guest has a lot to live up today.
Becky Reed: [Laughter]
Joshua Barclay: Let’s bring him out. Today, we welcome the chief information officer at First Advantage Federal Credit Union, Jason Tilley. Jason, welcome to the show.
Jason Tilley: Thank you for having me. I’m excited to be here.
[Music]
Joshua Barclay: In a recent CU Times article, Peter Myers wrote that being a great CEO is the exception, not the rule, and that greatness isn’t permanent. He goes on to say it takes more than strong financial results. It requires rare character traits that are hard to maintain. And while Peter focused on CEOs, the same question applies to other leaders. Jason, it’s not lost on me that you are not a CEO. You are a CIO. So, piggybacking off of Peter’s article, my question for you is, what does it take to be a great CIO right now? What are the key character traits, in your opinion?
Jason Tilley: Well, I would agree that the key character traits for a good CIO is really no different than being a good CEO or being a good CFO for that matter. You have to trust your staff. You have to get input from your staff. Seek out external sources of truth. You don’t know everything you don’t know. So, it’s certainly not a strike against you to go out and look for sources of truth that may either contradict your knowledge or may supplement your knowledge. Ultimately, though, you still need to set the direction, and you need to make decisions once you’ve got buy-in from the rest of your team to ensure that everyone stays aligned and everyone is moving in the right direction. It’s table stakes today to make sure that your team is a high-functioning team so that you can be adaptable and adjust on a dime.
Joshua Barclay: Becky, I want to pass this over to you. You were not a CIO. You were a CEO for many, many moons; many moons that may have been misinterpreted to be a UFO at one point. But…
Becky Reed: You think?
Joshua Barclay: So, I’m wondering personality traits, Becky. And I don’t mean historically to be a CEO. I mean, like right now, you know how fast things are moving. Maybe the personality traits haven’t changed as a result of present day to the past. But for you right now, what do you think are the essential personality traits to just being a great CEO?
Becky Reed: I actually was a CIO at some point. And so, I understand where Jason’s coming from. I’ve been a COO, a CIO, and a CEO twice, actually. I think that while I agree with Jason that it’s not that much different, I think that a CEO requires a little bit of a different skill set because you have to deal with the board. Now, that’s not saying that other C-suite executives don’t have to deal with the board because they absolutely do. And I say “deal with,” that makes it sound like a negative thing. It’s not a negative thing. But there is a diplomacy piece to being a CEO that is something that is not as applicable or as important in the other areas of the C-suite. And one of the things that you have to do is you have to manage all of the different personalities that are on the board. And you have to make sure that if you are presenting something to the board, that they have enough understanding of it, and they have enough time beforehand to make sure that if you need a decision from them in a board meeting, that they’re well-prepared and well-educated and well-informed to be able to make that decision.
The very worst thing that can happen for a CEO is to walk into a board meeting, surprise them, ask them for an approval for something, and they’re probably going to say no. If they didn’t know anything about it, if you’re surprising them, that’s not a good situation for a CEO. Because for a CEO, they’re your boss. A CIO probably reports to the CEO. And so, there’s a little bit of a layer there between them and the board. So, having that diplomacy, having kind of that outward looking, understanding some of those external resources that Jason kind of touched on, I think those are what I would say differs maybe from the rest of the C-suite and changes when you’re a CEO that maybe some people might not be prepared for.
Joshua Barclay: Diplomacy. That is one of those things that I don’t know if you can teach it either, Becky. It’s a little instinctual. I know people that they have that great ability to walk in a room and connect with everyone and everyone loves them, and then I’m thinking to myself, “This guy’s a bonehead,” right?
Becky Reed: [Laughter]
Joshua Barclay: I know. But they have the diplomacy. They have the gravitas when they walk in the room and they know how to communicate, which is in and of itself a skill. Can you teach that, Becky?
Becky Reed: I think that you learn by doing and by what works best for you. So, for example, the way I utilize diplomacy might be a completely different way than Jason utilizes his diplomatic skills. It also depends on the personalities of the board. Many people in credit union land out there have boards that are very specific to their field of membership, especially it might even have come from a previous field of membership before they went community or something. And so, for example, a post office employee credit union that has a lot of postal worker board members might have a completely different way that they interact with a diplomatic CEO than a teacher’s credit union would. So, is it something you can learn? I’m going to say yes, but can I teach that skill specifically the way I do it to someone else? Probably not.
Jason Tilley: I would agree. I think it is a different skill set, and I think you can teach someone the ropes, but I think there’s a personality there too. You have to be a little bit of a politician. You have to be able to read the room, identify cliques, identify little groups inside the groups. And I think that is a skill that would be very hard to teach. You can certainly encourage folks to pay attention to those things, but I think there’s a little bit of politician in a good CEO.
[Music]
Joshua Barclay: The conversation around digital assets just got louder. America’s Credit Unions is urging the NCOA to start rulemaking that would allow credit unions custody of digital assets for their members, citing the new GENIUS Act as a historic opportunity. Now, banks have had regulatory clarity on crypto since 2021, and credit unions, well, they risk losing members if they can’t offer similar services. Becky, I’m actually going to start this segment with you because it’s in your wheelhouse. I’m wondering, Becky, if credit unions gain the green light to custody digital assets, what do you see as the biggest opportunity and the biggest risk for the credit union movement?
Becky Reed: All right. First of all, I want to say that I don’t know that the banks had regulatory clarity in 2021 other than not to deal with crypto at all. [Laughter] That was the regulatory clarity they had, from my perspective. So, when I saw America’s Credit Unions come out with that comment, I was like, I’d really be interested in understanding what they mean by regulatory clarity in 2021 because everybody was running away [Laughter] from digital assets in 2021. Now, what I would say is that NCUA wasn’t running away in 2021. They actually introduced a distributed ledger technology guidance document in 2022, [Laughter] and the banks didn’t do that. So, from my perspective, I think the NCUA has been more clear. Now that the GENIUS Act has come out, I speak to people all the time about this, and there are still a lot of people who are confused about what credit unions can and cannot do. Custody is one of those. The GENIUS Act says that credit unions can custody on behalf of their members through a subsidiary, but they can’t keep it on their balance sheet.
Joshua Barclay: And Becky, real quick because I know a lot of people still don’t know this. When you say custody, can you just quickly clarify for listeners, what do we mean by that?
Becky Reed: Keeping it on behalf of your members. So, similar to keeping it in trust, putting in a safe deposit box, something of that nature. So, think about it in this case as a safe deposit box, okay? So, let’s say that we have a vault, we have safe deposit boxes, people can run out, they can put whatever it is they want inside that safe deposit box, right? But the credit union doesn’t own that. It’s not theirs. They’re keeping it on behalf of the member who has access to it. They’re charging the member for keeping it in safe custody, but the credit union doesn’t own that asset. So, I think that’s where ACU is talking about the clarity, and I’m not speaking of the CLARITY Act, which is a completely different [Laughter] thing. I’m talking about clear guidance and instructions, but there’s still a lot of confusion around that, actually.
Joshua Barclay: So, let’s clarify this. Custody right now, it’s murky right now, or no? Credit unions can take custody of digital assets on behalf of members right now.
Becky Reed: I think that depends on who you talk to right now.
Joshua Barclay: [Laughter]
Becky Reed: And how you interpret the act. Right now, ACU is interpreting it that way. There has not been clear and crisp understanding. My understanding is yes, they could but talk to your regulator. [Laughter] There is still some ambiguity there. Where there’s not ambiguity though, that I want to be clear, is credit unions and banks can only issue a stablecoin as it’s described in the GENIUS Act through a subsidiary or a fintech. They cannot do it themselves. So, that is where I’m very clear. However, there are people still out there that are confused by that.
Joshua Barclay: Okay. So, for the sake of our conversation, let’s say that there is a ruling passed. It’s clear cut. Credit unions can take custody of digital assets on behalf of their members. Now to you, Jason, and I got to come back to [Laughter] Becky on this one. So, okay, let’s assume this is definitely going to come. It would be wild to think that this day is never going to come. It’s obviously going to come, right? So, now credit unions, let’s say this future state, they can take custody of digital assets on behalf of members. What opportunities? Help listeners understand, why is that even a big deal to begin with, Jason?
Jason Tilley: I think it’s a big deal because it’s going to give credit unions the opportunity to participate in that space. Now, having said that, I wouldn’t recommend it. My perspective is I don’t want custody of members’ digital assets. I think the value in all of the developments around digital assets and crypto, the space in general, is around the use of that infrastructure for payments, for identity. I think those are the real values, and I think that’s where we should be spending more of our time. I think that’s where we should be spending our focus on that rather than whether or not I can hold X number of Bitcoin on core, in core, next to core, or part of the core. I think there’s a tremendous opportunity for us to reach out to our business members and give them an alternative merchant payment system that does not take three, four, or five percent of their transaction. Suddenly, their tickets are going to be way, way more profitable, especially if the deposits are held at the institution. So, it’s a win-win. We provide a mechanism for movement of money and encourage deposits in a segment of our movement that we’re trying to grow. So, I think we’re focusing on the wrong piece of the crypto pie, so to speak.
Joshua Barclay: Becky loves it. Becky, jump in here. I see you dancing.
Jason Tilley: [Laughter]
Becky Reed: All right. So, what Jason touched on is the decentralized finance movement ethos, which I write about in my book, which is Self-Custody. It is owning your own money and being able to decide what to do with it. And he is correct. There is a lot of focus on custody, and that’s because most of the public solutions, the popular solutions for digital assets today are custodial. Coinbase is custodial. They hold assets on your behalf. A lot of other exchanges are that way as well. And the bank social exchange is not. We are self-custody digital asset exchange, and when we embed that digital asset exchange in your digital banking experience, it is self-custody. The members own it. The credit union doesn’t custody it. The credit union is not holding it. It’s the members to use.
And so, I think, again, I agree with Jason that if we’re focusing just on the custody piece, look, the custody piece in the GENIUS Act is like one word in a five-page bill. So, that tells you right there that the bill itself is really not focused on that. It’s focused on all the things Jason just talked about, which is around payments. As a matter of fact, the GENIUS bill actually says a stable coin, otherwise known as a payment token. That’s what it says. And so, it’s really about using it for payments, the regulatory requirements around the issuers, which are not banks or credit unions, they’re subsidiaries or fintechs. And who regulates them, who licensed them, what are the reserve requirements? All of those things is what the GENIUS Act talks about so that consumers can use it for payments.
Joshua Barclay: It’s about the payments, folks, the self-custody piece. Not the story, but I’m glad that Becky and Jason are here to kind of add some clarity because with the GENIUS Act, you know, Becky. This is like Nixon coming out and saying, “We’re going off the gold standard,” in many ways. This is a big financial turning point and it’s really hard to interpret it because it’s happening right in front of us in real time, and it doesn’t seem like anybody has all of the pieces to this puzzle.
Becky Reed: Well, I read an article the other day that I thought was just fascinating, and it’s what I believe. And I think Jason, he’ll be doing the high five on the video when I say this, but I’ll just say it quickly. The GENIUS Act just gave anyone around the world with access to the internet and something of value to trade access to the United States financial system. So, now anyone in the world can hold a US dollar. That for many, many people is a life-changing thing. Life changing. They don’t have to immigrate here. They can live in whatever country that they live in, but they are no longer beholden to a dictator or a regime that can determine how they are able to live their lives because they hold a US dollar, and I think that that is going to be remembered in history similar to us going to the moon.
[Music]
Joshua Barclay: The NCUA’s latest Ombudsman report, it highlights a troubling trend. We’ve talked about this trend many times on the show. Basically, data breaches and cyber threats continue to rise. So, for credit union leaders, being prepared, it’s no longer optional. Like, everybody knows now we need to be ready for rising cyber threats. Jason, my question for you is, do you incorporate things like tabletop exercises or scenario planning into your cybersecurity strategy?
Jason Tilley: Absolutely. Look at it this way. If you live in Hurricane Alley, do you prepare the day the hurricane arrives? You don’t. You have a plan. You have an evacuation route. This is no different. Every credit union has an incident response plan. Every credit union is asked for this when the NCUA comes a knocking. So, it exists, and you need to make sure that you exercise that on a regular basis. When you have a high-profile incident, certainly those that are related to information security are considered high profile, but anytime there’s a high-profile incident, and it doesn’t even need to be related to information security, you need to refer to your incident response plan. I think all too often, folks tend to wing it. There were a number of high-profile incidents in 2023 and 2024, and I’m betting today that they’re looking back at that and wondering why maybe they didn’t look a little deeper into some of those chapters in their incident response plan. Those are critical to making sure that you’re getting your message out in the right way, that you’re communicating the right information, that the right individuals are communicating the right information at the right time.
And the most important thing, specifically with security, is training. The most vulnerable piece of the technology pie is not your firewall. It’s not your patch management system. It’s the soft targets. It’s the people that are receiving emails that appear to come from the CEO or a member of the board. A information security compromise is more than likely going to originate from a phishing incident or a social engineering incident, and if you don’t regularly exercise those muscles, you’re going to regret it when there is some sort of an incident that you need to respond to. And this goes for everyone within the organization. Don’t just put your information security committee around the table once a year in a check-a-box. That doesn’t work. You need to make sure that everyone from the newest teller to the most seasoned executive has got a stake in information security. If you don’t, you’re going to regret it.
Joshua Barclay: Jason, you talked about the incident response plan. I actually have not heard that on the show. Talk to me about that. Do you build that? Do you build that with the rest of the C-suite? How does the building of that plan work? And then how are you modifying it to accommodate new threats, rising threats, etc.?
Jason Tilley: So, going back to the first segment, you always want to run these things by people that are smarter than you. I’m a pretty smart guy, but I absolutely do not know everything, and I certainly don’t know everything about information security. So, our incident response plan was built, and in conjunction with third-party vendors that help, but the information security committee regularly reviews the information security plan. We do it every year. And part of our tabletop exercise is making sure that we’ve accounted for some of those new threats. I believe our tabletop exercise for this year is focusing on AI-related compromises. So, clearly that’s a new technology, a new development in the information security world. It didn’t exist two years ago. So, that’s part and parcel of just making sure you’re staying current with threats and new developments in technology and in information security. So, you absolutely need to do that.
Joshua Barclay: Got it. Becky, tabletop exercises, rising security threats. How are you thinking about it? You’re not at the helm of a credit union any longer, but I’m sure you’re still thinking about these challenges.
Becky Reed: Well, I think any company has to think about that. What Jason said about the people kind of being that weak link and, unfortunately, they get targeted. And it doesn’t really matter at the organization that you’re in. You still have to have that. Now, we’re a software company. Of course, an incident response plan is important to us. We build software that financial institutions use. And so, if something were to happen, whether it be breach, God forbid, somebody got into our systems, or just the fact that one of the cloud instances went down, what do we do? We don’t want our customers to have to suffer to not be able to use the software that they’ve purchased from us. So, what do we do in that case? So, we also have incident response plan and actually part of your SOC compliance as a software company serving financial institutions requires you to have those kinds of plans in place.
One of the things that I always equate it to is at the credit union, every single year, forever and ever and ever and ever, we practice often, even quarterly, sometimes, not even yearly, but quarterly, what happens if you get robbed? And that’s something that needs to become so ingrained in somebody because if somebody walks into a branch with a gun, your employees need to know what to do. They don’t need to pull out a book and start looking through to find out what do I do if I get robbed? I don’t know. They need to be able to immediately go, “This is what I need to do.” And so, you have to go through that over and over and over to where it’s just second nature.
Similar to a ransomware attack. All of a sudden, you see your data is being encrypted before your very eyes. And I’ve actually had this happen. You’re like, “Oh, my gosh, what is going on?” And so, you run to the IT people or in some way notify somebody, and you have to enact that plan right away. You don’t have time to go, “Is that section three of that book? What do we do?” Encrypted, encrypted, all your data’s being encrypted and you’re like, “Oh, my gosh.” So, it’s just as important to go through that. And to Jason’s point, sometimes you have to go through that exercise and somebody right there to… When you’re actually going through it and you’re not in a stressed-out situation to go, “Wait a minute, this step doesn’t make sense here. Maybe we should do that here,” or “Maybe we should do that here,” or “We’re missing a whole section,” because you’re actually kind of doing that real world. Okay, this is what happened. We did this in high school too, an emergency situation where, let’s say, it’s an active shooter, it wasn’t a thing back then. But let’s say a bunch of people are down and an ambulance has to come in, let’s say a bus accident. There’s 35 people on the bus and, I mean, what do you do? What do the EMT people do? So, it’s really important to have those real-world kind of scenarios. Tabletop exercise sounds kind of boring, but it doesn’t have to be boring. It can be real world and it’s very, very helpful.
Joshua Barclay: You reminded me, Becky, of you mentioned back when we were in school, it wasn’t the school shooter prep, but it was like a lot of fire drills. Like, “All right, the fire truck’s coming, everybody,” and we did it so many times that you never had to question where to be, when to be there. The process was just ingrained in you, to your point. So, Becky, Jason, good points.
[Music]
Joshua Barclay: This brings us to the end. Jason, I always like to ask for final thoughts from our guests. So, what do you got for me?
Jason Tilley: First, I will say I love the podcast. I love the content you guys cover. The three topics that we covered, I think, are outstanding selections. You can’t go wrong with information security. And nowadays, you certainly can’t go wrong with talking about digital assets. And those are the things of the day. So, if you’re not talking about those things at your credit union, you probably are going to find yourself behind the eight-ball before too long. In terms of CEO, CIO, the C-suite, the NCUA just recently enforced or suggested that we do a better job with our succession planning. So, that was very timely as well. We’re taking a look at our C-suite and the rest of the organization as well to find out are there areas where we need to have the next leader on deck ready to take over in the event that… I myself am celebrating my 50th birthday in a couple of days. So, I’ve got a few more years on me before I’m looking at retirement, but you need to take a look at those things because I play in traffic, I might get hit by a bus. You never know. So, great topics. I enjoy these sorts of conversations. So, thanks for the opportunity to chat about these things.
Joshua Barclay: Thank you, Jason. If anybody wants to get in touch with you, Jason, what’s the best way to do that?
Jason Tilley: LinkedIn is absolutely the best way. There’s a newsletter out there. I have a podcast that I do semi regularly. I’m trying to do it a little bit more frequently, but I’m going to take some pointers from your podcast. So, don’t be surprised if you see a couple of things that might be related to the Grow Your Credit Union podcast.
Joshua Barclay: [Laughter] I love it, I love it, I love it. Becky, final thoughts.
Becky Reed: Information security, I think, might be something we should talk about more on this podcast. I think that having Jason here, and other CIOs or CTOs, I think, would be a great guest. So, if you’re interested in being on the show, it’s not scary to be here. You’re well-prepped and you don’t have to feel like you have to carry the day. So, we would love to have you here. But my final thoughts are about AI. I think that what Jason said, in just a couple short years, it has already gotten to the point where it’s a threat to what we do, and you almost need AI to battle AI now. The bad guys are using AI to try to figure out how to trick us, and it is getting more and more sophisticated. And it’s writing nefarious code and doing things behind the scenes that might be challenging to find.
And so, we just need to be really, really careful in the financial institution about how we’re allowing our employees to use that. If you don’t have an AI policy right now, you need to have one. Similar to your access control policy, what kinds of systems your employees are using, how you’re locking things down. There are private models that you can bring in that are not expensive, that you can allow your employees to use. But making sure that your data is not in the hands of a public LLM is something that is important. So, that should be on your roadmap along with digital assets.
Joshua Barclay: And I’ll speak for you. If you want to get in touch with Becky Reed, just look for Becky Reed on LinkedIn. She’s all over but hit her up on LinkedIn. I want to give a special thanks to our guest, Jason Tilley. I want to give a special thanks to my co-host, Becky Reed. And I want to give a special thanks to you, our listeners, for continuing to support another episode of Grow Your Credit Union. If you like the show, please follow us on your podcast player of choice. And if you want to be a guest or would like to talk about sponsorship opportunities, head to growyourcreditunion.com to learn more. Thank you for listening and we will see you next time. Take care and bye-bye.
