Staying Ahead in Cybersecurity with Patrick Pulvermueller

Patrick Pulvermueller, Chief Executive Officer at Acronis, has been leading the cybersecurity protections software company for nearly a year now. During this time, Patrick has been busy implementing better diversity and inclusion practices, which he argues is key to staying ahead in the cybersecurity game

by Natascha Zeljko | 04 Aug, 2022
Staying Ahead in Cybersecurity with Patrick Pulvermueller

The topic of cybersecurity has gained immense momentum. What are the challenges – and what are the opportunities in such a hyperactive market?

It's really a game of cat and mouse. There are three things we are constantly working on. First and foremost, of course, the team in the "Cyber Protection Operations Center," which operates around the clock worldwide. It consists of around 150 people spread around the world, in Singapore, Switzerland, and the USA, and covers all time zones. And this team does nothing but look for new attack patterns and new issues all day long. That's advantage number one, especially regarding smaller or somewhat less professional hacker groups, because they often tend to work locally and then – as banal as it sounds – eventually go to sleep.

The second point is that we use machine learning and artificial intelligence very heavily, and through the distributed systems we can tap into a vast amount of data points and intervene earlier accordingly. For example, we suddenly see something unusual at company A, we observe it, we react to it, we find countermeasures, and as soon as we have the solution, we work it into our cloud and make it available to everyone else; You have a certain crowd effect through that.

And number three is – there’s a nice term for this in English: no complacency. In other words, no snootiness. That's very important, because nothing is more dangerous than thinking you're unassailable; With this attitude, you have already lost. That's the human factor, in addition to the technical aspects, and it's very important to us.

Today's entrepreneurs are of different origins, different genders, have different attitudes. If you don't understand that, you can't really understand the customer.

In this matrix where the human factor dominates, to what extent is diversity also a key to better performance? It seems to be dawning on many companies now that this is not just a "nice to have" but is now business relevant.

I would not agree that it is only now becoming business relevant. At least globally, it has already arrived. I had an international team in my previous role with the US as the largest market. They understood long ago that you have to take diversity seriously, for the simple reason that the customer base is changing. Here's an example from a completely different industry: ten years ago, 100 percent of the people who placed an ad in the "Yellow Pages" in Europe were white and male. But today's entrepreneurs are of different origins, different genders, have different attitudes. If you don't understand that, you can't really understand the customer. And that is also relevant for us in business. This goes far beyond gender diversity; It also applies to other dimensions of diversity.

Nevertheless, we are still lagging behind, especially if you look at the proportion of women in STEM subjects or in the corresponding jobs. How can we change that?

It's interesting to take a look at where things are already going quite well. And countries like Romania and Bulgaria spontaneously come to mind. There, you see almost as many female programmers as male programmers; It's almost parity. But I also see it in regions in the US like the Bay Area, where I worked for the last four years. There was no difference at all. And I'm aware that that's not across the board for the entire US.

In terms of social change, I think it starts very early. The upbringing and what you're taught in the family is important. In our house, to give a private example, we have five kids, three boys, two girls, and my wife also works full time. That was a conscious decision that we made very early on, and we see that it has an impact on our children. For them, it's normal that we're both on business trips – even if not at the same time. Of course, you have to plan and organize yourself.

But then the employer also has to go along with that.

Absolutely. It's not enough just to make these appointments in private. The key word here is flexibility. Companies have to organize working hours in such a way that people don't have to choose between career and family. What I focus on a lot is leading by example. What values do you exemplify, and do you manage to bring people along with you? It's also about many supposedly small signs, starting with the use of language. Is my language inclusive? Is my address appropriate? It's also these things that make a difference.

What are you doing at Acronis to address these issues? What measures are in place?

For example, we just launched a high-potential program exclusively for women, which is now also being expanded in the direction of minorities. And what I'm particularly pleased about is that people are proactively approaching us and saying they want to drive this forward. And there's also critical feedback. At a video conference a few weeks ago, it happened that five white men presented. I hadn't been paying attention. Three people wrote to me afterwards and asked if I had been aware of that. I think that's good. Because I also make mistakes, I'm a human being like everyone else. And I'm pleased to see that employees are responding to this because they want to see whether I'm sincere or just paying lip service. That has made me very proud.

How can a company benefit from more diversity? What do you see as the most important arguments?

First and foremost, for me, is a much better understanding of what makes customers tick, because this diversity is also reflected in the workforce. Society is, after all, heterogeneous, not homogeneous. You also need diversity to make the right decisions. You get different perspectives, different feedback, more sensitivity. And, very importantly, it protects against groupthink. This kind of patting each other on the back is fatal. That brings us back to the beginning of our conversation. You start to get careless. And in our industry, that carries immense risk.

What are some of the most important skills to have if you want to work in cybersecurity – aside from the expected ones like coding?

Cybersecurity works like any other software business. We have our developers, of course, as well as people in marketing or our HR department. If I go into specific areas of development, I need specialized knowledge, for example in artificial intelligence. But I'm just as out of it as 99 percent of our employees. These specialists are needed in every industry. Where our business differs, however, is in its dynamics. I know of few business areas that are currently experiencing 300 percent growth in demand per year and, therefore, are in such a state of flux. That's why the willingness to change is an attitude that you absolutely have to have. In addition, vigilance and a certain tenacity, because attack mode and counter-reaction is normality, not a state of emergency. It's a constant ping-pong, you can't get tired of it.

Does this growth also have to do with the current geopolitical situation?

Our growth has its roots in the pandemic because people have become vulnerable to remote working at home. But the complete mix has changed. In the first pandemic period, it was mainly about money. You couldn't get to your data, you had to buy a key, then it took three days, five days, seven days, the data was decrypted, and you could continue working. What makes it more problematic today is that Wiper Ware is being used. It's all about destruction. There's no way back, the data is gone. That means the amount of attacks hasn't changed dramatically. But the impact is much more dramatic.

I read in Forbes the other day that, in the US alone, there's a shortage of 460,000 people in the cybersecurity field...

As of today...

... As of today, that's right. What do you do, where do you get the talent?

I think you only get talent if you offer them what they need to be happy and satisfied. And every person is different. One person needs flexibility, the next needs clear structures. One person wants to go to the office, the other wants to do home office or work from Lanzarote. That's all okay. That works with only a few exceptions, such as data center operators, who have to be physically on site. For 99.5 percent of our employees, a flexible solution is feasible. The discussion that people who work from home should give up 20 percent of their salary is absurd. Personally, I think that's the completely wrong signal. Flexibility is the currency, that's what I have to offer on the labor market – at a reasonable salary, of course – although that's secondary to attracting people. We now have 2,000 employees spread around the world, and we've hired 250 new colleagues this year alone. So, we don't have any dramatic problems finding people. We also have the luxury of being in a segment that is very attractive right now, where people want to learn.

A lot can be done in video calls. For which topics does the face-to-face meeting still make sense in your eyes?

All creative parts benefit from face-to-face meetings. Going for a walk together, sitting together over dinner, even reflecting on things over lunch. That's why we organize meetings once a quarter to bring employees together worldwide for three or four days. But even that is hybrid feasible. A second issue where there is no substitute for personal contact is difficult conversations on a personal level. You don't break up via text message either.

And there are people who like to come into the office. A physical place to work is also freedom of choice.

Absolutely. That's why we're opening our new office in Turin next week, and there are new locations in Belgrade and Istanbul, because some people want to work in-house.

There are many exciting cultures, people, and attitudes in this world, and my attitude is not the only right one.

You are running a multinational company. What can we learn best from each other?

What I learn every day is humility. That there are many exciting cultures, people, and attitudes in this world, and my attitude is not the only right one. That's the essence for me, to be reminded of that over and over again. It helps me to keep an open mind. That doesn't mean there aren't attitudes that I think are problematic. There are universal values. But I first listen with as little bias as possible. A global company offers a great benefit in this respect – you understand how diverse this world is.

What do you see as the most exciting developments for the next few years? What will be the most important drivers – for your business but also in general?

For me, diversity is the big driver. There will be few countries and regions for which this will not be relevant. I think that's great, and I support it to the best of my ability. We will see significant progress here over the next three to five years, mainly because of ESG and from the investor side, there will be pressure. That's a way to drive change. Otherwise, I see our cybersecurity business, unfortunately, a very thriving market in the next few years. I don't think that will be turned back.

You've been in the department here for a year now. What is your personal balance sheet?

The greatest thing is actually the team. The second most important thing for me is that there is still a lot to do. We're working on that. I believe that if we tackle this together, we can achieve a lot.



Want to stay informed on our latest content, upcoming events and opportunities? Subscribe to our newsletter!