Wesley Bull: Protecting Joint Ventures

November 2, 2015

As a large global technology company whose products such as the Graphical Processing Unit (GPU) appear inside a wide array of other products, NVIDIA may just be “the biggest company you’ve never heard of,” says Wesley Bull, NVIDIA’s Chief Facility Security Officer (CFSO) and Head of Global Security Risk Management, Investigations and Protective Services. “While we’re well known to the gamer community, our technologies are actually involved in solving such a diverse range of technical challenges, we’re literally helping to create the future,” Bull says.

His distinction as CFSO is due to NVIDIA’s engagement in classified work for the federal government. Bull’s global responsibilities include crisis management, executive protection, intelligence, travel security, IP security, protective services worldwide, supply chain security, investigations and administering the security program for classified work with the U.S. government. “That’s where the CFSO responsibility comes in to oversee all of the government’s program requirements. That involves different security auditing and monitoring all the way through to actually helping people get their security clearances and then ensuring that they behave appropriately to keep those clearances,” says Bull.

Bull marvels at “the speed and agility of the sector and, more specifically, the company.” Besides market opportunities he sees being created at every turn by NVIDIA, “we are solving really complex problems with incredibly brilliant engineers, and that’s humbling,” he says. He feels fortunate to be able to work with people who are supporting diverse engineering challenges from cancer research to next generation visual computing to enhanced sensor technologies for automobiles.

Security at NVIDIA is quite challenging because, as a supplier of products within other products, the company has a number of joint ventures going on at any one time. This results in extremely complex security protocols. Not only might NVIDIA be dealing with pre-released and/or prototype products, but they are often working with multiple competitors at once. “We have to make sure that, for example, our lab environments are air-gapped so that we don’t have one competitor running into another competitor’s area or accidentally getting exposure to a competitor’s intellectual property,” says Bull.

The stakes increase significantly for the company when it comes to cyber threats as well because they are protecting other people’s property as well as their own. “There’s a pretty substantive insider threat or attack vector on intellectual property theft, and that’s something we have to be very, very vigilant about,” Bull says. As a result, Bull also plays a role in cybersecurity initiatives at NVIDIA and serves as the liaison for all engagements with law enforcement and U.S. intelligence community given his former work in these arenas.

Global security risk management is Bull’s team’s major focus, and he’s expanded the program scope significantly since he started. As NVIDIA began to grow rapidly and expand into many new areas in the several years before his arrival, the security program just wasn’t able to keep up. “I’m extremely happy with the excellent work by my team,” says Bull. “We’ve got some great partners across our program that have really helped us adeptly close the gaps, but there’s still a lot of work to be done.” Specifically, Bull emphasizes aligning security risk awareness in conjunction with the company focus on agility and staying scrappy. His team’s security strategy is advantageous because it’s “aligned to the business and its objectives,” he says.

The security team’s brand perception “always has room for improving” when it comes to the C-suite, peers and external stakeholders, according to Bull. “We can’t be hitting the C-suite with uncertainty, fear and doubt and coming at them with a compliance hammer. That does not comport in a technology environment where the risk appetite is much higher,” says Bull.

As for external stakeholders, “We’re working with some of the best brands in technology around the world, and, as a result of that, I think what’s been notable is that we’ve similarly developed some great relationships and strategic insights by partnering with our external stakeholders,” Bull says. This also includes law enforcement, public safety and U.S. intelligence agencies, with which the security department conducts joint trainings and briefings to advance collaboration and capabilities. “We take an all-hazards approach and align our joint training and preparedness plans to support a major incident. We are way past ‘observe & report,’” says Bull.

As is the oft-held lament among top security professionals, complacency and awareness are the most difficult parts of the job. “The fight is ensuring that despite the alignment with the business, we do have legal and fiduciary obligations with regard to security and safety,” says Bull. “We can never lose sight of the fact that we also have very specific security and protection responsibilities to the U.S. government, and it’s difficult to keep getting air time to remind people of that, despite the great work that we’re doing in terms of aligning ourselves better with the business,” he says.

Security Scorecard

Annual Revenue: $4.7 Billion
Security Budget: $6.8 Million

Critical Issues

Cybersecurity
Intellectual Property Protection
Business Expansion – New Markets

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 November

This month, Security magazine brings you the Security 500 Report, Rankings and Thought Leader Profiles. How does your enterprise compare to others? Which security programs are leading the way? Also this month, we highlight how to plan, prepare for and build resilience to protests and other unplanned events, video surveillance tools for SMBs and more.

View More Create Account

Wesley Bull: Protecting Joint Ventures

Security Scorecard

Critical Issues

Recent Articles by Sarah Ludwig

What to Look for in Travel Security and Executive Protection Services

Pro's and Cons for IP vs. Analog Video Surveillance

Drones: A Security Tool, Threat and Challenge

How to Effectively Utilize Mass Notification

Why Organizations Should Still Care About BYOD

Security Magazine

2020 November

Wesley Bull: Protecting Joint Ventures

Security Scorecard

Critical Issues

Recent Articles by Sarah Ludwig

Related Articles

Report Abusive Comment