Carey Cordes-McPherson

Director and Chief Information Security Officer, Volkswagen Region Americas

Carey Cordes-McPherson leads the Americas region for the Volkswagen Group as CISO and Director of Information Security. This region includes several beloved automotive brands like Volkswagen, Audi, Bentley and Lamborghini and spans more than ten unique companies operating in six different countries.

In her 25 years of experience in information technology and cybersecurity, Carey has vast experience ranging from deploying firewalls in her beginning years to building the regional SOC to now operating at an executive level, informing the board on critical cybersecurity initiatives. She has taken each challenge and chapter in stride and has continued to break through every ceiling with unmatched passion and determination. Over two decades of experience in the automotive sector have now brought her to the forefront of securing connected vehicles as she leads several large initiatives to protect Volkswagen’s customers.

She is also an acting board member of the Automotive ISAC, which brings OEMs together to combat sector-specific cybersecurity threats. Show more

What does a typical day of work look like for you?

Every day is different. The cybersecurity landscape is always changing, and there is always a new challenge to overcome. My day could start with global security leadership meetings, move into driving strategy sessions and then transition into a working session with our regional security operations center. Cybersecurity runs 24X7, and my day flexes as needed to meet ever-changing needs as they arise.

What aspects of your career journey have taken you by surprise?

Working in cybersecurity for as long as I have, not much takes me by surprise anymore. When I first started in IT over 25 years ago, I always thought I would stay in a hands-on technical role. As my career progressed, I was asked to take on a leadership role, which I really struggled to accept. Surprisingly, I found leading people to be very rewarding and it is now the highlight of my career. Fortunately, I have a very talented technical team that helps to keep my technical skills on point.

Tell us about the cyber project you're most proud of working on in your career.

At this point, I would say standing up a regional security operations center that supports multiple countries and brands. It has helped us significantly to improve our company’s security posture, along with streamlining security efforts across multiple locations and cyber teams. If you asked this same question a couple of years from now, the answer would likely change as we continue to drive some very large and important cybersecurity initiatives. Overall, it is a challenging but exciting time to be in cybersecurity.

How has public perception of cybersecurity changed over the course of your career, and how do you predict in the future?

When my career first started, cybersecurity was not even discussed in mainstream conversations. Data breaches were rare and most people did not even know what cybersecurity was or how it affected them. Today, because technology is now ingrained in our everyday lives and there is a treasure trove of valuable data, data breaches have become much more common. Now cybersecurity is top of mind for people in nearly every aspect of their lives. With this, I believe that there will be increased demand from the public to hold companies accountable through additional regulations that help ensure the protection of our data, critical systems and personal safety.

Tell us about your first job (can be anything!) and one lesson you might have learned from it.

My first job was at a small general store in a remote town in Northern Michigan. I did a myriad of things there, like stocking shelves, sorting bottle returns and scooping ice cream cones. One lesson I learned here is that every role plays a part in overall success. I was pretty much the lowest person on the totem pole, but the small things I did added value. I share that with people that are just starting out, that most of us start at the bottom (I was no exception), and we all play an important role no matter where we sit in the organization. This is especially true for security.

What’s one piece of advice you’d give your younger self about getting started in cyber?

The one piece of advice I would give to my younger self is the importance of maintaining and building relationships. Everyone, no matter what level, has a part to play in security. The better relationships you have the more you can influence how security is received within your company.

Tell us about a role model or mentor who has helped shape your career.

My biggest role models are my parents. They both worked harder than any two people I know, trying to make a better life for our family. They taught me to do my best no matter how big or small the job was. That work ethic has translated into everything I do. It is a major part of what drives me every day to be the best version of myself both personally and professionally. It has opened many doors for me in my career and helped me obtain the leadership position I currently hold today.

A meeting gets canceled and you have a surprise 30 minute window of free time — how do you spend it?

If I had a surprise 30-minute window I would likely spend it catching up with my team. On very rare occasions, if the weather is nice, I like to walk outside to clear my mind. It is a great way to reset and return to work with a clean slate.

What are the ways you stay grounded and take care of yourself?

This can be really difficult as cybersecurity is a 24×7 job. Bad actors do not have standard business hours, so it is not uncommon to be on calls late into the evening and on weekends. However, when things are calm, I make time to do the things I love like spending time with my family, reading a fantasy/fiction novel and entertaining my furry babies (cats). This downtime helps me reset and refocus so I am mentally prepared for the next security incident.

When you think about your personal legacy as a leader, what do you hope people will remember?

I hope they will remember me as a leader that lifted them up and together we built something great. Leadership has many ups and downs, but the best part is seeing your team members grow and realize their full potential. I get to lead a wonderful group of people, and it has been my honor to be a part of their journey.