Secret CSO: Nils Puhlmann, Twilio

Secret CSO: Nils Puhlmann, Twilio

Name: Nils Puhlmann

Organisation: Twilio

Job title: Chief Trust and Security Officer

Date started current role: August 2018

Location: San Francisco, California, USA

Nils Puhlmann is a 20-year security veteran with significant experience in diverse business environments. He has served as an advisor to Twilio since 2014 and previously worked as the Chief Technology Officer of Endgame as well as CSO at Zynga, Qualys, and Electronic Arts. He also co-founded the Cloud Security Alliance nonprofit organisation, which promotes the use of best practices for security assurance within cloud computing.

What was your first job? Intern at American Airlines based in Frankfurt, Germany.

How did you get involved in cybersecurity? I stumbled into the world of cybersecurity over 30 years ago when I was in the military and there was a computer system that had tight security tied to it. I was so fascinated by it! Around that same time, my father bought a Compaq computer, which I became very curious about and began to teach myself a lot of things from scratch. It was that curiosity that led me into different parts of the technology industry and eventually led me to the field of cybersecurity.

What was your education? Do you hold any certifications? What are they? I did not go the college route; instead, I was fortunate to work at some great companies that were my training ground, helped me learn on the job, and also introduced me to many security veterans.

In 2009, I helped to co-found the Cloud Security Alliance, a nonprofit organisation that promotes the use of best practices for security alliance within cloud computing.

Explain your career path. Did you take any detours? If so, discuss. In the late 1990s, I moved from Europe to Silicon Valley, where I've been for over 20 years. I moved when I joined START Amadeus as strategic advisor to the CEO; in this role, I helped identify innovation and trends that would impact the technological aspect of the travel industry.

From there, I held a range of Security positions at Adobe and Nortel Networks. In recent years, I served as the CISO of Electronic Arts, CSO at Zynga, and CTO of Endgame.  

Was there anyone who has inspired or mentored you in your career? Over the years, I've been most inspired by the people who were the curious ones, the hungry ones, the sponges learning new things, the ones who keep on asking why, the creative ones who never give up on finding new and better ways to solve old problems. It is these people who shape and drive our security profession forward.  

What do you feel is the most important aspect of your job? Understanding a company's business and being the customers advocate. Additionally, I'm also focused on coaching, mentoring, and developing the talent on my team.

What metrics or KPIs do you use to measure security effectiveness? The security metrics/KPIs of the past don't scale. Instead, I'm focused on building out our own security capability maturity model (CMM) that's focused on trust as a whole versus individual metrics.

Is the security skills shortage affecting your organisation? What roles or skills are you finding the most difficult to fill? At Twilio, we're growing rapidly and are hiring across the organisation. For me, I'm focused on ensuring we have a solid team. Many people in the security field tend to be risk averse - it's in our DNA - so I'm constantly looking for how I can have my employees take on bigger roles and responsibility and further grow their career.

Cybersecurity is constantly changing - how do you keep learning? Be a sponge, read a lot, talk to a lot of peers, everything matters.

What conferences are on your must-attend list? None; instead, I've found that it's more beneficial for me to meet with my peers on a regular basis.

What is the best current trend in cybersecurity? The worst? The best trend in cybersecurity is that Security teams across companies are collaborating more. I've seen that CSOs are calling upon each other more and more, and we're developing a profession of deep peer trust.

The worst trend in cybersecurity is that vendors are following the latest buzz words year over year and often market old technology with new packaging.

What's the best career advice you ever received? Exposure beats experience in the security field. Try to get different perspectives to similar problems by working for different companies over the course of your career.

What advice would you give to aspiring security leaders? Stay focused on solving the problems of our industry.

Over the course of my career, I've found that we've certainly evolved and gotten more technologically savvy to help address problems; but we haven't solved them. It's analogous to the healthcare industry - we treat diseases but haven't cured them.

What has been your greatest career achievement? Mentoring team members who are now CSOs at established companies

Looking back with 20:20 hindsight, what would you have done differently? I wish I would have gotten into the security industry sooner.

What is your favourite quote?Albert Einstein once said, "Not everything that can be counted counts and not everything that counts can be counted."

What are you reading now? "The Culture Code," by Daniel Coyle and "Leaders Eat Last," by Simon Sinek.

In my spare time, I like to… Spend time with my daughter.

Most people don't know that I… Nice try!

Ask me to do anything but… Work at a company that doesn't take security seriously.



« Former cab driver tries to divert his 400-year-old sector


Rapid fire or slow burn? A snapshot of low-code in the modern era »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?