Your title is Trust Accelerator Lead. What does that role entail?
Within Schuberg Philis, next to the customer teams, we have one big internal team that has five sub-teams, which we refer to as Lab271. I’m responsible for the Trust Accelerator team. Our goal is to monitor what’s happening in the security, audit, and compliance markets. We ask: what are our customers’ worries? What do research firms like Gartner and Forrester see heading our way? We are also closely aligned with all kinds of institutes, like the Netherlands’ National Cyber Security Centre (NCSC). We decide if we should act upon trust issues, whether in a small way – such as by just sending out a notice to the customer – or in a bigger way. For example, we decided to write a research paper and invest in the topic of ransomware because it is such a big, complex theme. So we are now building technical ransomware services which we can deliver to our customers to help them better be prepared. The Trust Accelerator works closely with many other teams, such as the internal security team, the audit team, the customer teams. That’s why I, personally, like my role. It gives me energy and enthusiasm to do this because we’re highly involved with all internal teams as well as the customers and even non-customers regarding important and relevant topics.
What’s a typical day like?
There’s quite some variety in the days, but at a high level, there is some consistency. One part is customer interaction, so I could be at Jumbo or at Rabobank organizing a workshop or sitting with their CISO, for example. Other typical things I do during the day are internal meetings. After this conversation, I am in a meeting with the SBP Council, where I will brief them on the current status of the ransomware proposition and which decisions we need to make. After that, I’ll join a meeting where all the Schuberg Philis sales directors come together, to align them on getting customer conversations around ransomware going. Before this conversation, I was meeting with a security service provider. So during the workday, it’s mostly customer and vendor meetings, workshops, pitches, sales, comms. And then there’s what I call deep-thinking sessions where I need to wrap my mind around a theme. But that I do mostly out of the office. For example, for our recent ransomware value proposition, we created our own framework and our own kill chain. Rather than trying to fit that work in between meetings, I needed to sit peacefully, pick up my pen, and write the research paper. That I do mostly at home, in the evening or whenever there’s nobody around. Then I can make sense of everything.
Does it matter that you sometimes work during less typical hours?
Schuberg Philis is a company that respects people’s way of life, personal choices, personal interests. You do you work in the way you like. You have complete freedom to decide how you plan your day. If it’s too busy in the morning to come to the office because of traffic, I stay at home. If I have a yoga session tomorrow afternoon, I do not need to discuss it with anyone. I just do it. And then afterwards, I jump into work again. Actually, I don’t believe in the separation of work and normal life. Often, we call this the work-life balance, and I don’t like that term because when you are at work, it’s not a different life. It’s the same you, right? In my opinion, work and life is the same thing. If you’re unhappy at work, you're unhappy in life. If you’re stressed at work, you’re stressed in your life.
So what have your 10 years with Schuberg Philis shown you about the potential of work?
Work should also be a fun place where you can feel peaceful, happy, energetic, and inspired the same as you do privately. That’s also why I don’t mind working in the evening or a weekend sometimes. The moment that I really want to restrict work to be between 9:00 and 5:00 would mean it's something that I don't like. I'm not saying you should work 80 hours a week – I have a family and all kinds of other things to devote attention to – but I believe it should be less rigid and more fluid. Another big plus is that somehow we have gathered a group of colleagues here who also have a very wide range of interests. We’re very broad-minded people. Each of them has their own experiences and focus points, which makes it a good, interesting community to be with. It’s nice to have people around whom you feel are interested to learn more, not focused on maintaining an I-know-this-and-this-is-the-only-truth approach. It’s nice to have people around who can inspire you.
How do you go about wrapping your mind around a theme?
The way I live my life is based on yoga principles. Yoga has many tools in its portfolio that you can use, such as physical exercises and meditation, but the overarching goal is to gain control of your mind. For most of us, our mind runs on autopilot, and we have thousands of thoughts constantly popping up, which we don’t consciously choose. We have what I call a remote control, which you give to other people; that means the control is out of your hands normally and that people can basically influence you. Yoga is a philosophy to gain control of your direction and your thoughts, have insight into your emotions. I practice it constantly; it’s not something that I just do for half an hour in the morning on a mat, but it has become a lifestyle. This has also helped me have more control in choosing my mindset and in mastering stress. Because the moment you are feeling stressed, you have lost control and it becomes difficult to focus. Having that control helps me wrap my head around themes I need to focus on as well.
How did your practice of yoga develop?
My mother was my first yoga teacher. When I was a child and she was going to her yoga training program, often she would take me along. So I unconsciously joined her in her training, following those lessons, and from around age seven, I was already doing my own morning routine. Then I started reading some of her books. After I came to the Netherlands at age 18, I continued with those practices. I found a teacher and trained one-on-one with him quite intensively. As it goes in the traditional philosophy, if the teacher sees that you have transformed or have succeeded at a certain yoga part, then you are allowed to teach that part. Because then you have experienced that journey, and what you master you can teach to others, which I do as well. So alongside my Schuberg Philip work, I also train others one-on-one in traditional yoga practice.
For NOREA, the association of IT auditors in the Netherlands, you’ve co-authored papers called “DevOps in control” and the more recent “Ransomware in control.” Does the kind of mind control that yoga has taught you translate into control in auditing?
Sure. The intent of my work is to help people and companies become safer, to really help them make their journey easier. If they are worried about ransomware, I hope to provide services that make their life easier and also reduce their personal stress. When meeting with a CIO or a CISO, of course I don’t say this in the pitch and we’re talking technically, but the underlying intent is: how can we help you as a person, in your role, in your career? Because if we can provide you a service that reduces a key worry you have in your work life, it will help you. So indeed, how can we help customers and persons individually grasp the issues, whether about DevOps or ransomware or new regulations, like DORA, and make that work and their life easier. Part of the practice of yoga is to control the state of your mind so one can easily switch from one area of focus to the other. The moment that your baseline is in a peaceful state, then you can shift from A to B or C because there are fewer thoughts that you need to redirect.
Curious to know more about how more colleagues spend their days? See the whole series here.