Governing Body Spotlight

Alexey Golov is the RISO in the EMEA region at DB Schenker. He has more than 27 years of experience in information technology and 12 years of experience in cyber security.

Learn more about the DACH CISO community here.
 

Give us a brief overview of the path that led to your current role.

I started my professional journey in 1996 as system administrator. Then for ten years, I worked in different companies as senior administrator and head of infrastructure teams. IT security was always one of my primary tasks. In 2006, I joined the Microsoft Service team as technical account manager. In this role, I worked with enterprise customers from different industries. After five years, I moved to a management role where I started building an IT Security team and developing IT Security offerings. In 2019, I took a role as Regional Information Security Office for region EMEA at DB Schenker.
 

What is one of your guiding leadership principles?

Build trust – there are two parts to this. 

The first is how we as Information Security Officers communicate with upper management. I believe understanding of the business (strategy, processes, technologies, market situation, etc.) and trust are two crucial factors of success.  

The second part is about people management, which should also start with trust. Very often, we as security staff have access to the most valuable and sensitive information. That’s why moral principles and values of IT Security team members are just as important as professional skills. I try to hire people who are passionate and dedicated to their work. I always create a work environment where people mostly genuinely enjoy what they do. These workplaces foster personal and professional growth by offering opportunities for learning, skill development, and career advancement. In such conditions, employees are not only productive but also invested in their long-term success and the success of the organization.
 

What is the greatest challenge you are facing today, and how are you addressing it?

I believe it is finding the right balance between compliance and practical security. On the one hand, we have more and more regulations and requirements from clients, on the other, the dynamic nature of modern IT environments – especially with hybrid and multi-cloud architectures – adds to the difficulty. 

As infrastructure complexity increases, maintaining visibility, enforcing consistent security policies, and ensuring data integrity become much harder. This environment requires CISOs to allocate resources between achieving compliance and tackling these advanced security risks, with each decision impacting both risk posture and operational efficiency. An effective approach often involves aligning compliance and security goals wherever possible and prioritizing risk-based security measures that fulfill compliance requirements without compromising on genuine security needs. Adopting adaptive frameworks, streamlining compliance processes, and integrating threat intelligence can also help keep this balance manageable.
 

What is the key to success for someone just starting out as a CISO?

1. Understand the Business: A CISO needs a clear grasp of the organization’s objectives, values, and critical assets. Partnering with business leaders and stakeholders will help you align security priorities with overall business goals, making your initiatives more impactful and gaining early support.
2. Risk-Based Approach: Rather than focusing only on compliance or deploying the latest security tools, adopt a risk-based mindset. Identify and prioritize the most significant risks to your organization, then tailor security efforts to address these key vulnerabilities.
3. Establish Clear Communication and Build Relationships: Effective communication and strong relationships with IT, legal, compliance, and operations. Security is a collaborative effort, so having allies and mutual trust across departments will be key to gaining support for your initiatives.
    

How do you measure success as a leader?

Measuring success as a CISO can be challenging since security is often about preventing incidents rather than achieving tangible, immediate wins, and it depends on a company, industry and region. But I propose five options for measuring success:

1. Risk Reduction and Incident Management (Mean Time to Detect and Respond, etc.)
2. Compliance and Regulatory Alignment (Audit Results, Certifications, etc.)
3. User Awareness and Engagement (Security Awareness Training, Culture and Collaboration, etc.)
4. Security Program Development and Investment Efficiency (Project Completion, Resource Utilization, etc.)
5. Stakeholder Satisfaction and Executive Support
    

Evanta Governing Body members share their insights and leadership perspectives to shape the agendas and topics that address the top priorities impacting business leaders today.