In this installment of our interview series, we’re talking about something that often seems at odds with brand and experience --IT Security. But, depending on who you ask, humans are responsible for 74-88% of all data breaches. Plus, given how competitive business is these days, how do you balance the essential need for security with a differentiating, user-centered experience? When is enough security enough, and how do you prioritize? To answer those questions we’re talking to Jim Jenkins, the VP of Information Security and Information Security Officer at Vantage West.
Welcome Jim!
Craig: Your approach to security has always stood out to me, especially how you weave it into the broader customer experience. Vantage West was recently recognized by Forbes as a best-in-state credit union and Newsweek as one of America’s Best credit unions. When you start getting those kind of awards it means that you’ve not just got security figured out, but that you’ve also dedicated yourself to the experience your customers have working with you.
Jim Jenkins: Thanks, Craig. Yeah, I’d say Vantage West has embraced the idea that security is an element of our business that’s actually built into our brand. A credit union is a little bit different from a bank, we're member-owned so we’re constantly on the lookout to protect our member’s interest. Security at its core is about trust and it’s part of our brand, that we're a trusted intermediary. When we start talking about security we want to make sure that whatever our members do with their money is secure. If they’re expecting to send money via a transfer tool our members want to know we’ve validated who they are, validated the recipient and then conduct the transaction in a trusted way.
Craig: That kind of validation seems essential to the overall member experience but how do you strike a balance between meeting the technical demands of security and ensuring a smooth user experience?
Jim: Security isn’t one-size-fits-all. At Vantage West, we think of it as trust in action. We’ve moved away from the old-school ‘castle and moat’ approach—where security was all about big walls and tight defenses. Now, we see it more like armor that our members can wear wherever they go, providing protection without weighing them down.
Craig: That’s a great analogy—security as flexible, user-friendly armor. How do you communicate that to your members without causing unnecessary concern or making things feel too complicated?
Jim: That’s a big part of our strategy. We avoid the doom-and-gloom messaging that often surrounds security. Instead, we focus on building trust. For us, trust comes down to three things: can we do what we say we’re going to, will we follow through, and do we have our member’s best interests at heart? When we emphasize these values, we shift the conversation from one of fear to one of trust. It’s about reassuring our members that we’re not just protecting their money—we’re looking out for them in every way.
Craig: I understand that from a messaging perspective but how do you make sure this trust translates into real action on the members’ part?
Jim: We treat security just like any other feature set with a product owner. I like to say we take a ‘scrummish’ approach to the ideation and delivery of any new security capability which eventually turns into a feature. We use tools like focus groups, prototyping, and user acceptance testing to understand if something is a problem or causing friction and then we explore the right solution. We treat security like a first-class product within the product suite.
Plus we’re very intentional about how we communicate. We don’t just tell our members what to do—we explain why it matters. Take multi-factor authentication, for example. We offer it as an added layer of security and explain its benefits. But we also respect that not everyone will opt in. Our job is to make sure they’re informed and understand the risks. We’re big on clear, open communication—so our members know exactly what’s at stake and can make the best choices for themselves.
Craig: It sounds like you’re not just providing security but empowering your members to take an active role in it.
Jim: Absolutely. It’s about partnership. We encourage our members to be thoughtful and intentional in how they use our services. This way, they’re not just passive users—they’re actively engaged in their own security. It strengthens the relationship and builds a real sense of community within our credit union.
Craig: Thinking beyond the feature’s specific goal and asking ‘how does this improve our members lives’ is important, letting you tie it to a strategy that’s anchored in the kind of important relationship building financial institutions need to stay connected in such a competitive space. Thanks for your time Jim.
…
In addition to Jim’s responsibilities at Vantage West, you can also find him teaching cybersecurity at Seattle Pacific University or follow him on X as @cyberjenks.
Photo by LinkedIn Sales Solutions on Unsplash
Photo by Jason Goodman on Unsplash
Photo by Thought Catalog on Unsplash