How “this dreamy kid in small-town Bavaria” became NATO’s first CIO
Emilia Chiscop-Head, PhD
NATO’s first CIO and a 2014 Duke Fuqua School of Business Alum, Dr. Manfred Boudreaux-Dehmer, MBA, was on the Duke Campus this October to deliver keynotes at the Cybersecurity at Duke Conference "In the Age of AI".
What was the journey from being a Duke MBA student to becoming NATO’s first CIO? How is this role aligned with the career dreams that you had while you were a student?
I graduated with a Global Executive MBA from Fuqua School of Business in 2014, so there was quite some time on this journey. I was already in my mid-forties when I started the MBA, but career dreams can be formed at any age!
My path to get into IT was purely accidental. I was 18 and started in the company’s IT department, where I had just completed an apprenticeship. The IT director there offered me a job, and I took it because I really liked the people in that department. I quickly realized that my interests were more on the people side than the pure technology part of IT. I would typically ask questions like “How will this system affect people?” or push for solid change management practices when rolling out new functionality. This taught me early on that being different is a competitive advantage and something to be treasured. Fortunately, my supervisors over the years thought the same.
A couple of years before starting the MBA, I had an accident that resulted in me being flat on my back in a hospital bed for a week. I had all this thinking time while staring at the ceiling and decided then that it was time to “go in big.” This meant a graduate education and forming the goal of becoming the CIO of a large company.
“What I like about cybersecurity is that it sits squarely at the intersection of technology, processes, and – most importantly – people. “
Please tell us a bit about your early beginnings. Who inspired you during your childhood and undergraduate studies? Why did you come to Duke?
I grew up in a small town in Bavaria, Germany, and thinking back, my grandparents were incredible role models. They were the epitome of being “arbeitssam,” as we say in German, meaning “work embracing.” They never stood still and loved to work – I think this rubbed off on me.
Let me tell you something that may come as a big surprise: I do not have an undergraduate degree! When I was in my teens, I was this dreamy kid in small-town Bavaria, realizing that I was gay and I was lost. I did not fit in, could not focus in school, and would instead read Shakespeare after class rather than work on my math assignments.
Fortunately, my career progressed well in spite of not having a degree. After my entry-level IT job, I landed a position at Compaq Computers in Munich, Germany, and transferred with them to Houston, Texas. Compaq later merged with HP, and over 20 years, I progressed through the IT ranks of Compaq and HP.
I visited several universities as part of my evaluation of where to do the MBA. Within an hour of stepping on campus and talking to people, I knew that my heart was with Duke.
Of course, the issue of not having an undergraduate degree came up. I will forever be thankful to Duke for accepting me based on my professional achievements. At that time, I was Vice President of IT at Sierra Wireless, a global wireless technology pioneer headquartered in Vancouver, Canada. My admittance to Duke required taking math, statistics, and calculus classes, which I completed in the year before starting the MBA. This time, I had much more fun with math than during high school!
Perhaps it was the fact that I went through much of my professional life without a college degree that created an intense hunger for academics. I soaked in the MBA program to the maximum and was proud to get into the top 10% of the class as a “Fuqua Scholar.” Then, I decided to continue academically by getting a second master’s degree in business and management research and a Doctorate in Business from Henley Business School at the University of Reading in the United Kingdom.
“Above all, what I learned in the Duke MBA program made me a different person: how I look at research, read a newspaper article, conduct data analysis, negotiate, evaluate a balance sheet, etc., is very different from how I did these things before.”
When did you discover your passion for cybersecurity?
My interest in cybersecurity started in 2010 with the news of Stuxnet, which allegedly caused Iran’s fast-spinning nuclear centrifuges to tear apart. I distinctly remember thinking that this could not be possible! Stuxnet demonstrated the power of cybersecurity, especially as it transcended from cyberspace into the physical world of centrifuges. I joined Sierra Wireless in Vancouver, Canada, in 2010 and quickly built-up cybersecurity capabilities there.
What I like about cybersecurity is that it sits squarely at the intersection of technology, processes (for risk and incident management), and – most importantly – people.
How did your experiences at Duke and the work at Compaq, HP, and Sierra Wireless prepare you for what you do today?
The Duke MBA changed me to the core. I mentioned earlier that I made it through decades of work without an undergraduate degree. The Master of Business Administration from Duke, a first-class and highly prestigious university, carried tremendous weight for me. First, it gave me a lot of confidence: Gone are the days when I encountered the field “university degree” in a form and had to put down a dash. Then, while one rarely knows what weight a hiring manager or hiring panel attributes to a specific university, I cannot help but think that “Duke” put a spotlight on my resume.
Above all, what I learned in the Duke MBA program made me a different person: how I look at research, read a newspaper article, conduct data analysis, negotiate, evaluate a balance sheet, etc., is very different from how I did these things before.
Workwise, Compaq, HP, and Sierra Wireless played important roles in my professional development. Everything that we do – all the time – prepares us for what we do next. At HP, I had an incredible boss for several years. She challenged and stretched me to the maximum – mentally but also in terms of stamina and the capacity to work for hours with unrelenting concentration. At Sierra Wireless, I had a boss for many years whom I admired very much. He taught me never to back down if I feel strongly about something. He is a master of negotiation and showed me that one could love it like a sport!
This shows us the importance of mentors. They are all around us. If you live life constantly observing people, a lot of the preparation and learning happens by itself. It is a matter of trying things out and internalizing what one has observed.
What goals did you start the CIO job with, and how have they changed?
My goals for the job tie back to a few highly important initiatives. There is digital transformation, where we enable the seamless interplay of our systems to enhance situational awareness, orchestrate operational effects, embed risk management and digital mission assurance, adopt new capabilities, aggregate data, and bolster security and the protection of personal data. My responsibility covers the implementation of digital transformation for the NATO Enterprise, which consists of over 50+ entities ranging from strategic military commands and subordinate commands to agencies, schools, training centers, and several research facilities that we operate to conduct the business of the Alliance.
Another central focus area is cybersecurity, where we consistently increase our capabilities regarding people, processes, and technologies. Cyber is a very dynamic field, so we are constantly moving forward to protect NATO and the Alliance.
Lastly, I want to make some of our processes more agile, simpler, and faster. This is not always easy since the drive for simplification needs to be balanced with our unique situation, in which 32-member states must agree to what we do.
The goals have not materially changed since I started my job three years ago, but there has been new learning. So, while the goals are the same, the ways and means evolve.
What are the biggest challenges that NATO faces in cybersecurity, and how are you addressing them?
As you can imagine, NATO’s cybersecurity ecosystem presents a unique risk picture. Every geopolitical occurrence changes the cyber threat picture. Russia’s invasion of Ukraine in February 2022, Hamas’ attack on Israel in October 2023, and many other events shift threats and, therefore, impact our risk posture.
We must be nimble, agile, and fast in addressing these risks. We do this by hiring the very best cyber talent in the marketplace. NATO’s purpose is to safeguard freedom and security for its member nations, which are home to about one billion people. We also consistently improve and test our processes when it comes to cyber defense. On the technology side, we use Artificial Intelligence and other advanced technologies in areas such as threat assessment, event correlation, and adaptive networks.
Russia’s invasion of Ukraine demonstrates the importance of NATO. How is NATO evolving to meet this challenge?
In short, we will further strengthen our collective deterrence and defense posture while supporting Ukraine in upholding its right to self-defense enshrined in the UN Charter.
On my first point, we have undertaken the biggest reinforcement of our collective defense in a generation. We are investing more in defense and innovation, ensuring we have the capabilities we need to deter and defend while also building relationships that support this—whether with partner countries around the world, other international organizations like the European Union, or increasing our engagement with the private sector. All of this makes a difference.
“We will continue to support Ukraine to ensure they can negotiate peace from a position of strength when the time is right. “
Our support for Ukraine is also key: There is a full-scale war on European soil. A sovereign state was invaded by its neighbor and has been fighting for its independence for two and a half years. And this is not just about Ukraine’s security – it is about all of us! That is why NATO Allies have provided unprecedented support to Ukraine with 99 percent of all military aid. We are also working closely with Ukraine politically and meet regularly in the NATO-Ukraine Council to talk about the challenges they face on the battlefield and the reforms they are undertaking as part of their work towards Euro-Atlantic integration. These reforms are on track to joining NATO and the EU. So, we will continue to support Ukraine to ensure they can negotiate peace from a position of strength when the time is right.
I will make one more point: how interconnected our security is. This is true across NATO members and with our partners, including Ukraine, Japan, South Korea, Jordan, Egypt, Switzerland, and Colombia. What we see in the war against Ukraine – with North Korean troops fighting alongside Russia, Iran supplying weapons, and China propping up Russia’s war economy, is not just about Ukraine. Security is global, so it makes sense that we work with countries worldwide to address our common challenges.
NATO recognized that “significant malicious cumulative cyber activities might in certain circumstances be considered an armed attack that could lead the North Atlantic Council to invoke Article 5 of the North Atlantic Treaty. How is the organization ensuring a predictive and proactive approach to minimize the need for collective defense?
The answer relates to the previous question, where I highlighted the importance of being prepared to respond to threats. But, as you rightly state, NATO will respond to attacks, including cyberattacks, using methods of its own choosing. We do not outline precisely what we will do or what will prompt a response, but that is part of deterrence. We take these threats very seriously and continuously work to ensure we are prepared for any challenges.
What role does NATO play in strengthening the US-Europe partnership in the following years?
The transatlantic bond has been at the core of NATO since its inception in 1949. NATO-EU cooperation has reached unprecedented levels, and practical cooperation has been strengthened and expanded on space, cyber, climate and defense, military mobility, countering hybrid threats, and emerging and disruptive technologies. In the context of Ukraine, NATO-EU cooperation has become even more significant.
“The deepening strategic partnership between Russia and China are a cause for profound concern.”
What role does NATO have in addressing the cybersecurity threats from China? And what is your office’s role in this context?
China’s stated ambitions and coercive policies continue to challenge our interests, security, and values. The deepening strategic partnership between Russia and China and their mutually reinforcing attempts to undercut and reshape the rules-based international order are a cause for profound concern. We are confronted by hybrid, cyber, space, and other threats and malicious activities from state and non-state actors.
NATO’s role is to protect the Alliance, and we take this very seriously. As far as my office is concerned, we evaluate, analyze, and respond to threats across the entire spectrum of cyber threat actors.
How does your office coordinate with U.S. government agencies?
We coordinate our work through the US Mission to NATO. Each one of our member states has a delegation at the NATO headquarters, which is led by an Ambassador, the Permanent Representative to NATO. We work very closely with the US Ambassador to NATO, the Armaments Director, and the US Cyber Policy specialists. The US Mission is of great help in our interactions with the Department of Defense, the State Department, the White House, the National Security Agency, and the Department of Homeland Security.
What advice do you have for students who want to work in cybersecurity and international security?
Cybersecurity is a fascinating field! For starters, every day is different. I can hardly think of an area that combines advanced and constantly changing technology with a strong people aspect. People are cyberspace’s first line of defense, so the profession asks for a unique blend of technical and people skills. If you are considering a career in cybersecurity, my advice is to try out different facets of the work. If you can, try being on “different colored teams” during exercises (blue = defender, red = attacker, white = organizers, green = infrastructure), work in the threat intelligence space, try your hand at incident handling, etc.
Specifically, for NATO, if you want to contribute to safeguarding freedom and security for one billion people on the planet, I encourage you to apply. I want to highlight two programs: We are looking for interns twice yearly and have a Young Professionals Program (YPP) – both are explained on our website.