Records and Information Management (RIM) Month - Celebrating Tera Ladner
Records and Information Management (RIM) month is observed in the month of April every year to highlight the purpose and importance of RIM across organizations. First observed by the Association of Records Managers and Administrators (ARMA) in the year 1995, the event brings together IG and IM professionals to spread awareness within the global RIM community.
To commemorate this year’s RIM month, Meru Data would like to showcase a few renowned IG professionals, especially women in IG, and share their professional journey.
This week, we are highlighting Tera Ladner, Global Practice Lead and Vice President of Information Risk Management and Governance at Aflac. Tera possesses expertise in a wide range of subjects like security governance policy/standards, technology risk assessment and management, and data classification and protection among many. She has a proven track record in third-party risk assessments, application and infrastructure assessments, security awareness and training, e-discovery, etc.
What do you love the most about your profession?
I think what I love most about what I do is that every day is a new challenge. Information is what drives every process, organization, and business decision. Information is dynamic in nature, it changes every day. The way we gather information changes, the formats of information changes, the way we use it changes. So, it's one of those career paths where you can hone your skills, but it's not a skill that you can just hone and then stand on or sit on for the next 20 years. It is something you have to constantly work at. It is not for the faint of heart and it is not for someone who wants to come in and ask the famous “paper or plastic” question and then go home. It just is not that kind of a career. But, for me, if I had to come in and do the same thing every day, I certainly wouldn't last very long in that job.
How has your career evolved in the last two to three years? And how has IG helped shape your career?
I am responsible for information governance, but I'm also responsible for a lot of the classical security governance functions that exist within the information security program. Functions like third-party risk management, security awareness, compliance, and all of the formal governance processes that encircle information security. All of these are part of my role now along with information governance. My career has definitely evolved from just information governance to a much broader information management space that has expanded my reach and has been a really positive experience for me.
Why do you think information governance, third-party security, and privacy are essential for an organization? How have your skills helped you be successful in your role?
We talked about the fact that information is the heart and soul of an organization. As you grow up in the records space and start getting into information governance, you begin to understand that all information is not created equal. You need to balance the value of using the information, vs the cost and risk of having that information.
For instance in our organization Microsoft One Drive is available at no additional cost, so the teams think we can just migrate content there with no need to clean it up. But they aren’t considering the value vs. the risks and cost of keeping too much data.
The skillset that I learned as a records manager at the beginning of my career taught me the ability to look at situations like new software or business opportunities, as a balance of cost and risk vs. reward. It taught me my risk assessment skillset that I can carry over into the information security space because now I know how to look at things from more than one perspective.
For example, let’s consider the data that we use for analytics. There may be a request to use the data in a way that hasn’t before been considered by the organization. But how do we balance their requests for using that information against security, CCPA, and all of the other privacy regulations?
And considering our efforts around ESG, how should we balance it against what we should be doing with that information. There are so many existing and emerging perspectives that drive how we use information. And it is not that one need necessarily outweighs the other, but it is the balance between rewards, costs, and risks that drives the overall vision for information management.
From your experience, what skills are essential in what you do?
First and foremost, I think you have to be good at building relationships. In many organizations, the governance function is seen as a blocker to the progress of the business. But once you start building those relationships and understanding the goals of your clients and they start to understand why it's so important for you to do the things that you do, then you can come to a negotiation. Because if you begin working with each other without mutual understanding, then you both are going into it with a mentality that the other party should just do what they’ve been asked to do.
We call one of the committees that I am on “Air Traffic Control” because we realized we are all working with good intentions and we are all trying to land our planes. But the reality is sometimes we are all going to the same place and we don't even know we are going to the same place, or sometimes we all want to land at the same time and that doesn't work. Or, I might be going over to Barbados and somebody is like, “Hey, can I catch a ride to Barbados”? So, it's all of those pieces that require relationships and partnerships to understand and manage.
Unless we're building those relationships and taking the time to understand what other people are trying to deliver, you just lose the opportunity for synergy. I can't stress enough the importance of relationships. If I had to pinpoint what has made me successful in my career, it is my ability to grow and maintain relationships.
If you have to go back to the beginning of your career, what advice would you give to your younger self?
I would give myself the same advice that somebody gave me back in the day, which is you can be a rock star, but if you only play the drums in the backroom by yourself, are you really a rock star? So, taking chances and getting yourself out in front of people and getting involved in projects and initiatives across the organization, not being afraid to have conversations is essential.
At the end of the day, if you do this for a living, you're always the person in the room with the most knowledge. Even if you don't have as much knowledge as the next person, you still have more knowledge about information governance than 99% of the people in the room. So, don't be afraid of that knowledge, start to have those conversations, apply that knowledge and start being a part of initiatives.
The second piece would be in terms of initiatives, if you hear of something that is even close to some of the work that you're trying to do, you’ve got to jump on board. At the end of the day, that's usually how we get funded and to get things done is to hop on board of initiatives that are bigger and show the value in getting some of the smaller pieces into those projects. So again, a lot of that comes from relationship building - talking to people about what they have going on. Everyone should read The 360 Degree Leader very early in their career and understand the value of managing up, managing down, and managing across.
Do you have any closing thoughts or words of wisdom for our readers?
I try to tell my team that you can't just say, “Here’s what I've learned, here's where I am, and I am going to ride this one out”. If you want to continue to grow in your career, you have to be willing to push yourself, to think differently, and you need to listen to the criticism and advice of others. You always have to be willing to question. I think that it is really important to continue to be successful and not get so stuck in your ways that you can't see past them.