Anne Hardy (Global MBA 2002), from Telecommunications Engineer to Chief Security Officer

Anne Hardy (Global MBA 2002) specialized in cyber security after starting her career in telecommunications as a software developer. For almost a year and a half now, she has been Chief Security Information Officer at Talend, in the San Francisco Bay Area, after building up 10 years of experience with SAP. Here, Anne describes her missions and broad range of expertise, as well as the pitfall-strewn career that women face in the tech industry.

What does your position at Talend involve?

My goal is to protect Talend, its employees and the products we sell to our customers against cyberattacks. My staff keep an eye on access to data internally as well as the applications used by employees, and they protect the computers used by staff, as well as the networks we use in our offices or when working from home. When it comes to products, we help our developers adopt best practices so there is no security vulnerability in the software they are developing. We must maintain a high level of surveillance of our products before they go on sale, but also while they are being used – on shared servers and in other contexts. These products are active while being used by customers, and so we must continue to monitor them to ensure they are not the target of any attacks. 

How is cyber security linked to data? 

A few years ago, cyber security was mostly about networks, computers and systems, i.e. physical equipment. Little by little, its scope has been extended to applications in the cloud, software applications and personal data protection, a high-growth area. My team is structured around three pillars: applications, infrastructure and data. Data travels freely and more easily, and its protection requires specific tools and technologies, not to mention the legal aspects, which play a central role. 

What profiles do your staff have depending on the different type of security they work on? 

The team working on the security of infrastructure is made up of people with experience in IT and telecommunications. For the application security team, I look for people with a high level of education in computer science and developers who have programmed web applications or embedded software. As for data, team members mostly have a solid understanding of code and anonymisation, and know how to analyse data. It’s not easy to find people with specialisations in these three areas and who have a good grasp of the security component. 

A component you have a good grasp of yourself, having graduated from Telecom ParisTech 10 years before doing the EDHEC Global MBA. Did you choose the MBA to acquire new skills?

My Global MBA was focused on IT. It was not initially my intention to turn to that area, but I liked the fact that it was applied to a specific area. It could just as easily have been any other one! Above all I was looking to understand the theoretical side of management, what it meant to manage a team. I had been working in telecom for nearly 10 years, managing small teams, learning as I went along. I wasn’t exactly looking for a springboard, but I think it was good for me to take a break from my career and think about problems I had never really been exposed to before. It opened up a wealth of perspectives on business management. And the highly international collaboration with other students, from totally different backgrounds, allowed us to learn a lot from one another, in addition to the theoretical knowledge acquired in class.

You were working in California before your Global MBA. Was that a kind of revelation for you about the international career prospects in the tech and security industries?

I started to take an interest in the security sector after the MBA, when I got my first job at SAP. I had worked for a little less than a year in risk capital in Sophia-Antipolis, and I realised that I really missed industry and working with engineers. At SAP, I was glad to return to a technical organization, with new baggage in terms of my studies. I was responsible for putting in place a security research centre. That’s how I got started in security, it was an area that I could understand and learn about. 

What place does research have in tech? How does the decision-making process unfold before the research begins? 

Nowadays, companies don’t really have research centres anymore because innovation has become such an inherent part of what they do and the long term is difficult to pin down. At SAP, we were aware that it was difficult to stay connected with product teams working 2 or 3 years in advance of the product. Communicating results is very difficult, as is quantifying the tangible contributions in the company. But companies gain new ideas through research, and it’s a good tool to secure financing and make a name for yourself. At SAP, our research was funded by the European Commission: we became part of a network of scientists, where we could discuss problems that others faced and experiment together.

You associate research with the presence of a network and sharing, and therefore with the human dimension. How can tech and data be used to benefit humans?

We’re only scratching the surface of the power of technology. We are just beginning to realise what we can achieve with the quantity of data and information we collect. But I’m not sure that the direct benefit for humans is as significant as the benefit for businesses. That’s why we have laws to keep things in check. When attracted by money, people can go too far, and I hope the new legislation on data protection will help us to rethink the use of data for the good of humanity, Earth and wildlife, although the balance between corporate interests and the interests of humanity is not always easy to find. 

Do you think the existing laws are consistent with the evolution of data? 

The GDPR is the best example of a law compelling companies to think about the way they use data. It is the foundation for all the laws that have come after it, but it’s not enough in itself: it must be adhered to. Some companies circumvent it, even though they’re aware of the huge risk that entails. And there are companies who don’t know how to apply it and some aspects that aren’t well defined. And so collaboration with your legal department is essential in order to understand what can and can’t be done. It’s a whole other language that can be complicated to translate in technological terms, but it makes us ask whether our decisions are well founded and think about the consequences. Indeed, I am completely in favour of putting the brake on the surveillance sector in particular, with its cameras and digital fingerprinting, to prevent the wrong people getting possession of this data. The European regulations are much more extensive than in the United States, where lobby groups are a major force. 

At Workrise, you collaborated with psychologists in an effort to understand psychological mechanisms using data …

The idea for Workrise emerged while I was at SAP. At one point a lot of employees were leaving the company, I saw that there was a lack of well-being among the developers I was in contact with. When I tried to understand why, I learned that psychologists were working on data analysis in an effort to understand emotional well-being. You can’t just press a button in people’s heads to know what they’re feeling, you have to ask them questions that will allow them to express it. The problem with the working method is that you have to ask the same question several times every day, so it’s quite intrusive. Psychologists need to interact with people in order to reach conclusions. And the technology isn’t sophisticated enough yet for that kind of thing. When we no longer have to force people to answer, we’ll be able to use it.

In a few years could artificial intelligence replace the HR department in companies?

I don’t think so. Although HR have to look after so many administrative aspects that the human dimension tends to be eroded, it’s essential to be able to talk about your well-being to real people, especially during this pandemic. Artificial intelligence can be useful during certain recruitment phases or to analyse performance or statistics, but there are other essential aspects that can’t be replaced by machines. When it comes to understanding employees’ needs on a daily basis, coping with exceptional situations like Covid, or designing office layouts, there has to be a human dimension. 

A few weeks ago, Moojan Asghari (MSc Corporate Finance 2015) told us about the difficulties women sometimes face in the tech industry. Based on your experience, would you say there are certain number of “hurdles” for women in tech?

I think each situation is unique. Of course there were fewer women than men when I was studying at Telecom ParisTech, and the women I did the MBA with did not have a “technical” background, but because it didn’t penalise me personally, I never really wondered what it was like for others. When I went to the US into 2007, my boss had a close acquaintance at AnitaB.org, (NDLR: an organisation that promotes the role of women in tech) who wanted SAP to join them. Because he wasn’t sure how to tackle such issues, he jumped at the opportunity of having a woman in his department and entrusted me with the project. AnitaB.org really opened my eyes to the obstacles imposed on women’s careers and the difference in the ways they’re treated. It was extraordinary for me to attend conferences with thousands of women who had technical backgrounds. At last I was in a position to talk freely. Afterwards, I remembered certain comments made to me over the course of my career. I had been asked if subjects were too “technical” for me. At the time it seemed normal because it was part of the culture I had grown up in. And as I wondered alongside other women why we had accepted those kinds of comments and the standards in place, I had a revelation. And all of a sudden I confronted a problem I had completely overlooked previously. 

You spoke of a growing awareness … Do you think women are underrepresented in tech because diversity is not tackled head-on during their studies?

I think people have certain assumptions, even women. It’s difficult to shed these assumptions, particularly when you’re recruiting someone for a technical post: no, the best candidate is not necessarily a man! Cultural changes take a really long time. The biggest firms are still managed by people of a certain age from a milieu in which women have not traditionally been engineers. And once they do land a job, women often work in marketing, human resources or legal. There are two challenges: recruiting a woman first of all, and then keeping her in the firm, because it’s not easy to work surrounded by men.