Dana Gonderzik

Dana Gonderzik has spent nearly 13 years at Global Credit Union, witnessing the financial services sector evolve from traditional brick-and-mortar financial services to a complex, digitally-driven ecosystem. As Director, Information Security, she and her team have been in the centre of the transformation as technology has reshaped both the opportunities and threats facing credit unions today.

Her journey into cybersecurity was unexpected. Originally training to become a registered nurse, drawn by a desire to help people directly, a back injury during her first year of college forced Dana to reconsider her career path. She took a position at a computer company handling phone support and discovered a passion for technology that would define her professional life.

“I really enjoyed the constant learning and the pace of change in technology,” she recalls. “It was the turning point of my career.”

Today, she leads a distributed security team spanning Alaska, Arizona and remote workers across the US. Global Credit Union also maintains three locations in Italy, an uncommon footprint for a credit union that reflects both its history and its global mindset.  Her role encompasses everything from vulnerability management to risk assessment, governance, policy development, threat hunting and security management.

“Attackers use the same technologies we do—just for the opposite purpose,” she says. “To stop them, you have to be willing to think the way they do.”

That philosophy drives Global Credit Union’s emphasis on continuous education. Dana’s team actively pursues advanced certifications and ongoing training, with several members holding ethical hacking credentials. By understanding offensive techniques as well as defensive controls, the team is better equipped to anticipate threats before they impact members.

Since Dana joined in 2013, Global Credit Union has continued to grow and evolve. Its Alaskan roots date back to 1948,and its presence has expanded into four other US states, with recent entry into Idaho and Italy. During her tenure, both the company and Dana’s security team have doubled in size.

As a member-owned financial cooperative, GCU provides full-service financial solutions including checking and savings accounts, loans, insurance partnerships and investment services. What sets it apart from its competitors is its 24/7 member service centre, one of the largest among credit unions, which ensures that members can always reach a real person when needed.

“I really like the focus of the credit union being members first, and we're here for the people,” Dana explains. “I still have the desire to give back to people, make sure that they are financially safe and ready for their next adventure.”

How security architecture is evolving

The shift from traditional data centres to cloud-based infrastructure has fundamentally changed how Global Credit Union approaches cybersecurity. Dana describes this transition as moving from perimeter-based security to a layered, risk-based approach that provides multiple levels of protection.

“Multiple layers give us multiple levels of protection, and we’ve built maturity into each layer to ensure we’re protected in different ways.” she says.

The institution has embraced zero-trust principles, protecting higher-risk assets more stringently than internet-facing systems that don't contain critical data. Identity has become the foundation of this strategy, with an emphasis placed on knowing customers and employees alike.

The threats facing financial institutions today are sophisticated and constantly evolving. Account takeovers represent a major concern, alongside traditional hacking attempts and identity fraud. To combat these things, Global Credit Union employs a large fraud team that monitors member behaviour patterns to identify unusual activity and prevent unauthorised transactions.

Phishing remains a persistent threat, with attackers creating fake websites designed to trick members into entering their credentials. The security team proactively monitors for these sites, aiming to eliminate threats before members encounter them.

“We're watching the network for phishing attempts, fake websites being put up, trying to lure our members into entering data,” Dana explains. “The fraud team doesn't have to even deal with the problem, because we're going to take care of it before it happens.”

This proactive stance extends to internal security awareness. The institution sends regular phishing simulation campaigns to employees, testing their ability to recognise threats. For front-line staff like tellers who work face-to-face with members, Global Credit Union limits external email access entirely, reducing the attack surface.

AI represents both a powerful tool and a significant threat in the cybersecurity landscape. The technology that helps financial institutions detect fraud and analyse behaviour patterns is equally available to the bad actors seeking to exploit vulnerabilities.

“Everything you think we would use to protect you, they're also using it in the opposite,” Dana says. “You need to be ready to think like them if you’re going to stop them.”