Spotlight on Urmas Aamisepp

Since 2001, I’m the Head of Information Security at Epiroc, where I try to turn complex cyber threats into clear practical decisions for the executive management. Before Epiroc, I served as CISO at DeLaval and Clas Ohlson. It's important that cybersecurity should enable the business, improve resilience and customer, trust —not get in the way of getting things done.

In my free time I like to ride motorcycles off-road, play golf or travel.

Learn more about the Nordic CISO community here.
 

Give us a brief overview of the path that led to your current role.

I started my career in tech support and consulting, mostly in the PC networking area. I co-founded a consulting company that was acquired by a company that sold security software. That's how it started. From there, I quickly went into the information security area. After a few years, I got the opportunity to get my first CISO job, and I haven't looked back since.
 

What is one of your guiding leadership principles?

I get energized by working with people, and I try to lead through trust, both with the executive management and my team. That means transparency about risk, uncertainties and also empowering people to take ownership and responsibility.
 

What is the greatest challenge CISOs face today, and how are you addressing it?

The greatest challenge is change management. To improve the security culture in an international company with over 19,000 people with business in over 150 countries isn't easy and takes time. But it's also incredibly rewarding to see even small changes in behavior.
 

What is the key to success for someone just starting out as a CISO?

Try to meet as many senior managers as possible to understand the business and the goals of those managers. If you can help them reach their goals, that will be very enabling for you and your team. Do some kind of security maturity assessment and create a security strategy based on that and the business strategy. Keep meeting with the business to catch any changes in direction.
 

How do you measure success as a leader?

For me, success is two-fold:

• First, the business sees me and my team as a partner/trusted advisor rather than a gatekeeper.
• Second, my team is a self-playing piano. They feel trusted to make decisions without seeking permission and they communicate among themselves without me having to be involved.
   

What is the value of being a member of Gartner C-level Communities?

The subject discussed during the meetings are always current and interesting. The networking opportunities are second to none. It's a very good way to stay up to date and get inspiration in how to tackle the latest threats.
 

Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.