Linus Plum
CISO
Aldi Süd
Linus Plum is currently the CISO at Aldi Süd. He is an experienced CISO with a demonstrated history of working for critical infrastructure in the financial services, utilities, retail and tech industries.
He is skilled in Information and Cyber Security, Business Continuity Management and Governance Risk and Compliance and passionate about the transformation of risk and leadership culture. Linus is a frequent conference and keynote speaker and OSPA award winner 2021.
Fun fact: I just have to get every gadget on market launch and then end up not using it. There's certainly enough in the basement that maybe one day I will open up a museum.
Learn more about the DACH CISO community here.
Give us a brief overview of the path that led to your current role.
When getting into hacking in the 90s, I got in a bit of trouble (nothing too serious, don't worry!) for gaining access to systems which were not supposed to be accessed. Later, I decided that a business career might be less dangerous living, so I learned at a German Bank.
During my Study of Business Informatics, I joined one of the Big 4 consultancy firms to build a Penetration Testing practice in the early 2000s when this was something that emerged in the US but was absolutely unheard of in Germany. I quickly learned that I had a talent for not only finding and exploiting the technical deficiencies, but also putting the results in a language that the C-Suite understood.
From there, it was straight forward. I eventually joined a German utilities company where I got into my first CISO role.
What is one of your guiding leadership principles?
We are ONE team, ONE company and all have ONE goal.
Groups naturally differentiate themselves from other groups. As a leader, I always try to inspire my teams and other leaders to break the silos and think end-to-end on how to best achieve the company goals.
What is the greatest challenge your particular C-level role is facing today, and how are you addressing it?
As the CISO role is maturing, we are expected to have a certain level of understanding of what managing a company entails: taking controlled risks by leveraging resources to where they have the biggest impact. Many security professionals, on the other hand, tend to fully mitigate or avoid risks. Understanding the company’s risk appetite and key business risks and reflecting on them in our Board communication is crucial.
If we tailor our reporting and communication with regard to the impact on company risk, cost, and revenue, we’re off to a good start. Also, I try to be as clear in the message as possible: If I need a decision or Board enablement, it should be clear what options are available, and what is the cost/benefit trade-off of each option – not only for our security but the whole company (align this with the impacted business areas!) – and lastly, how we will measure success.
What is the key to success for someone just starting out as a CISO?
Required hard skills are at least some technical knowledge and a lot of business knowledge. Much more important, however, is to stay curious and updated, developing leadership skills and thinking in end-to-end business processes.
In parallel, building a network and learning from others' success and failures is key to becoming a high performing CISO.
How do you measure success as a leader?
While I appreciate the clarity and insights metric-based success measures, such as OKRs can bring, I always strive to go beyond metrics to carefully develop a diverse team. I feel most successful when the team takes responsibility and drives our cyber security culture even (and especially) when no one is looking.
And ultimately, as a CISO, I always connect with our business leaders and Boards and get their feedback regularly.
What is the value of being a member of the Evanta community?
Connecting and learning from other CISOs is invaluable. The community is very open to discuss challenges and also success stories that help others to grow and mature their Cyber Security model. In Security, if we share, everybody wins!
Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.
by CISOs, for CISOs
Join the conversation with peers in your local CISO community.