Governing Body Spotlight

Governing Body Member of the DACH CISO Community

Stefan Baldus


Hugo Boss

Stefan is the CISO of HUGO BOSS. He built the information security department from the ground up 12 years ago, implementing policies, procedures and best practices to protect the company’s data and assets. Information and cyber security are his passion and he is not only strong on the governance topics but also has a deep technical background that sometimes annoys the engineers in technical discussions.

Learn more about the DACH CISO community here.

Give us a brief overview of the path that led to your current role.

In 2005, my journey started at HUGO BOSS writing my diploma thesis about "network security at HUGO BOSS.'' In 2011, after working 5 years within the network team and getting a deeper understanding of how the company works, HUGO BOSS was looking for someone to take over the role of IT Security Officer. Luckily, I was selected, and I started with nothing but an AV and a Firewall to begin with.

During the years, the teams, tools and responsibilities grew and as well as the maturity of the overall security within HUGO BOSS. Thanks to GDPR, cybersecurity received more attention and I was promoted to CISO in 2018. 

Taking over this role helped to bring more awareness about cybersecurity to the whole organisation. After this many years, many things have been accomplished, but there is always a lot to do – which of course, is a process that never ends in cyber.

What is one of your guiding leadership principles?

Organisation and structure are king. The world of cybersecurity is so huge and being a CISO of such a diverse company with hundreds of different topics at the same time can kill you. Make a plan, build your security house and get it organised. Otherwise, you will just run from one topic to another and 6 months later, still nothing is done. Never lose focus of the big picture.

With disruption being a key theme of recent years, where do you see the CISO role going in the next 1-2 years?

I think the role will increase even more during the next few years, in terms of importance but also in terms of visibility. Looking back, many people never knew such roles existed and they thought IT could handle it by themselves. But especially talking to the business units, getting them on the table right from the start is something a CISO must be capable of doing.

What advice would you give to someone just starting out as a CISO?

Make a picture. In my opinion, that is the best thing you can do, or even better, make many pictures and diagrams of your infrastructure, environment and different areas of your business. 

Just with a picture you can talk to IT and business people, and then coming from the same position, help the whole company to make cyber security better and not just more complicated.

Tell us a few fun facts about yourself.

  1. I don't drink coffee, although my position is probably one where this would help. I am more of a coke person.
  2. I have a pretty good memory, which sometimes scares people. When I remember things from one of the thousands of emails from 8 months ago.
  3. Running gets my brain free, at least 3-4 times a week I go out for a run. So, don't book any meetings during lunch time.

What is the value of joining an Evanta community? 

In my opinion, it is all about exchange and talking to people. We all face the same problems, but work in very different environments. Within Evanta, you will find someone within the community who has "been there, and done that" to exchange and maybe help you solve your problem.


Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.

by CISOs, for CISOs

Join the conversation with peers in your local CISO community.