The finalists for WashingtonExec’s Chief Officer Awards were announced March 25, and we’ll be highlighting some of them until the event takes place live, in-person May 11 at the The Ritz-Carlton in McLean, Virginia.
Next is Chief Information Security Officer (Private & Public Company) finalist Derek Hardy, who’s corporate vice president and CISO at Advanced Micro Devices. Here, he talks key recent achievements, proud career moments, career advice and more.
What key achievements did you have in 2021/2022?
In late 2020, AMD announced plans to acquire Xilinx, an industry leader in adaptive computing. Teams across the company spent the next 15 months rigorously planning for a smooth integration process.
My organization focused on assessing best cybersecurity practices from both companies and developing a plan to strengthen cybersecurity across the combined entity. This required securing buy-in at all levels of the organization and working closely with the Compliance and Risk Management teams to ensure alignment with their strategies.
During February, AMD successfully closed the acquisition of Xilinx, and we continue to focus on integration activities that unify our culture, policies, systems and teams.
In early April, AMD announced plans to acquire another company. As the company continues to grow, it continues to be important to protect our proprietary data, customer and partner information, and intellectual property. We take our responsibility to embed stronger security standards seriously by implementing new processes to further improve employee security awareness and collaboration with customers and vendors.
What has made you successful in your current role?
Innovations in network infrastructure have brought new capabilities through cloud computing and the internet, but new technologies have also expanded and can introduce new vulnerabilities. As a result, today’s cybersecurity threats continue to evolve. With so much change, I would say that my ability to deal with ambiguity has helped me be successful in my role.
When I stop and think about not only the tremendous growth the company has experienced, but also the shift to remote work which broadens the risk for cyberattacks, it has forced us to think more holistically about risk and how it can impact both people and technology.
Team delegation and effective communications have been key to gain buy-in from all levels of the organization and to create alignment that allows us to better control and manage potential risks.
What was a turning point or inflection point in your career?
Joining AMD nearly four years ago was definitely an inflection point in my career. Obviously, joining a company of greater size and complexity presented more challenges. The commitment to security at AMD extends beyond my cybersecurity team — from technologies and practices that also help keep our intellectual property and the information we hold safe — but also to the product security office that supports product innovations for improved security features for our customers.
Considering that our workforce primarily consists of engineers who provide the human ingenuity behind our products and technologies, the two teams work together collectively to address product security and data privacy and security. AMD strives for security-by-design in the interest of our customers, up and down the product stack.
Our processors, for example, incorporate security features at the silicon level as part of an ecosystem of hardware and software solutions. Due to the large size of our company and working with the product security office, managing the breadth of depth of information security is more complex and has been a very fulfilling challenge that I welcome at AMD.
What are you most proud of having been a part of in your current organization?
I am most proud of our team and their ability to build upon our cyber capabilities while we experience massive internal growth, ongoing acquisitions and evolving external pressures. Despite all these challenges, the team has accelerated enhanced data loss prevention, endpoint detection and response efforts. They have heightened awareness of cybersecurity threats among employees, especially during the pandemic, which increased the complexity of improving security due to remote work.
What are your primary focus areas going forward, and why are those so important to the future of the nation?
We believe that immersive and instinctive computing will change lives. We are also inspired by how digital technology has improved our world. From helping students learn better, to helping advance medical research, to helping fight climate change — AMD is helping advance the way people live and work.
For 53 years, AMD has driven innovation solutions to the world’s most challenging problems through high-performance computing, graphics and visualization. Looking forward, artificial intelligence and adaptive computing will be focus areas for us as a company, especially as we integrate the technologies from our recent acquisition of Xilinx.
What’s one key thing you learned from a failure you had?
Today’s cybersecurity threat landscape continues to expand and evolve as I mentioned earlier. Cyber criminals devise new and better ways for exploiting security weaknesses to steal sensitive information, extort money and to damage well-established brands like AMD.
I’ve learned over time that when it comes to risk management, the key success factor is to never get too comfortable with what you know or where things are. When you get too comfortable, that is where danger lurks. This is why it’s important to stay abreast of emerging risks, try to be proactive and continue to strive for improvement in everything you do.
Which rules do you think you should break more as a government/industry leader?
Any team or organization is only as good as its people. Identifying the right talent and being flexible in the ways we attract and retain key talent is critical to success. Therefore, while I don’t support breaking any rules or policies, I would say that people can’t always be in the office and appreciate workplace flexibility. We need to be open to providing the flexibility people need to be successful at work. I believe employers can be more flexible to create win-win relationships with employees.
What’s the biggest professional risk you’ve ever taken?
Four years ago, I moved my family from Virginia to Texas when I accepted my role with AMD. At the time, we had just started our family and I had young children at home but was well aware of AMD’s desire to grow and increase the size and scale of the organization.
It was challenging and a big risk, but it’s also been the most rewarding decision I’ve ever made. I discovered how to manage work-life balance and also fell in love with the beauty of Austin, Texas.
Looking back at your career, what are you most proud of?
I’ve been able to mentor, coach and develop some highly talented individuals during my career. I am most proud of their success and take pride in knowing I helped them along their career journey.
I’m also very humbled to be an angel investor and executive adviser to OperAngels, a cybersecurity-focused angel group that endeavors to recognize and mentor high-potential cybersecurity startups.
What’s your best career advice for those who want to follow in your footsteps?
First, take time to understand how information security and business intersect. Both are important. Next, always work on improving your executive presence and communication skills. These are so important in today’s world for gaining support and aligning business teams to your goals.
Lead from the bottom, always think of your role as supporting your team and not the other way around. Finally, never give up — no matter what challenges you encounter along the way.