Heather was featured in the June 2025 Feats of Strength magazine. Read the PDF here.
Bringing Security to the People
When Heather Reed took over cybersecurity for Nestlé Purina in the U.S. and Canada, an organization of 13,000 employees, she didn’t just want to keep data safe, she wanted to shift an entire culture. With candor and conviction, she has built an incredibly relatable, human-centered cybersecurity program that continues to demonstrate a forward-thinking strategy.
The Cybersecurity Ambassador Model
Rather than relying solely on traditional training modules or awareness campaigns, Heather championed a grassroots solution: a cybersecurity ambassador program. “I have cybersecurity ambassadors in every department in the company and in all 27 facilities. I have two programs, one for factories and one for corporate and sales offices.”
From senior directors to recent graduates, ambassadors volunteer to carry the cybersecurity message forward. “They’re just everyday people, and they’re fascinated by cybersecurity.”
Heather embeds messaging directly into the company’s monthly “floor meetings” where department leaders share company news and updates with employees. “I’ve inserted a cybersecurity message into that. I only get 75 words, so I train my ambassadors ahead of time so that they’ll evangelize from there.”
That internal advocacy has made a measurable difference: “You won’t find a person on our campus who doesn’t know how to report phishing or how to report a stolen device. That wasn’t the case when I first took this role.”
Overvalued and Undervalued Security Tactics
Heather is not shy about calling out what she sees as misaligned priorities in the broader security industry. “I think phishing simulations are overvalued,” she says. “Mandatory training and simulations have a place. But what’s maybe undervalued is making cybersecurity relevant to people in their everyday lives.”
She links security to everything from smart home devices to wearable tech: “Cybersecurity is getting up in the morning and talking to Alexa and taking your kids to school where they’re logging into devices you don’t know about. It runs the gamut… even while you’re sleeping and your watch or ring are tracking your sleep. There’s a security aspect to everything we do all day long.”
Cutting Through the Cyber Noise
One thing Heather would love to see go? The never-ending amount of cybersecurity acronyms that continually flood the market. “I hate acronyms. The acronyms are out of control. Half the time people are sitting in a meeting and they leave not knowing what in the world was just said.”
She advocates for clarity and simplicity: “If it means we need to come up with a new word instead of four words that make an acronym, let’s do that.”
Staying in Step with the Business
While many CISOs feel outpaced by business transformation, Heather doesn’t see that friction at Purina. “If we don’t have a business, we don’t have a security department,” she says. “We are always trying to make sure that we are putting the priority of the business first while doing it securely, and I think they’re on pace with each other.”
That alignment is essential in an era of increasing complexity and mounting compliance demands. “When I took this role four years ago, we had 37 measures in our security and compliance index and today we have 112.”
Leading Secure AI Adoption
AI is one of Purina’s key priorities, and security is baked in from the start. “Nestlé as a whole is taking AI very seriously as part of our digital transformation journey,” Heather says. “We’re using our own NesGPT and approved solutions.”
She’s also monitoring how employees interact with generative AI tools. “We put a lot of effort into making sure that people know to not put company data into random tools.”
Not surprisingly, marketing is the trickiest team to tame. “Marketing is the most rogue,” she laughs. “They want to move quickly and be first to market, but as soon as they understand the ‘why’ and the risk, they take it a lot more seriously. It’s the relationships.”
Empowering Through Scarcity
Heather’s team doesn’t have endless budget or staffing, as with most security programs across almost all industries. Far from it. “In general, I think that the demands on security and compliance are far exceeding the amount of employees that we’re able to have.”
Her ambassador program, in part, was born out of necessity. “I needed help. And what a great way to leverage others within the company.”
And it’s not just effective, it’s deeply meaningful. “They get to put it in their performance plan. I have a graphic designer who doesn’t get to do graphic design anymore in her day job, so she loves to do it. We have people who like to plan events, and it gives people something interesting to do.”
A Playbook Others Can Follow
Heather’s model is a compelling example of cybersecurity leadership rooted in empathy, communication, and real-world impact. “It is, I think, the number one thing that has shifted the culture.”
And when it comes to cybersecurity’s place in the business? “We do everything we can to make it so that we’re enabling a secure business.”
Subscribe
Stay up to date with cyber security trends and more