In-Depth Q&A with Stefan Gelderland, VP Global IT at Hail & Cotton — Insights on Modern IT Risk Management Strategies

At Enveedo, we are committed to helping businesses navigate the complexities of cybersecurity. Recently, I had the pleasure of speaking with Stefan Gelderland, VP Global IT for Hail & Cotton, a globally recognized manufacturing powerhouse. Joining us, Diego Godoy, Head of CX and obsessed with customer experience. After 18 months working with Diego and the Enveedo team, we are excited to share this story.

Stefan shared his insights on how Hail & Cotton transformed its cybersecurity strategy with the help of Enveedo. Here’s an excerpt from our conversation that highlights the journey, challenges, and successes in achieving robust cybersecurity.

Identifying and Mitigating Cybersecurity Risks 

Kiki Meyers: Hi, Stefan. Thank you for joining us today. We're very grateful to have you here. 

Stefan Gelderland: Glad I can help you guys. 

Kiki Meyers: Excellent. Let's dive right into it. Can you share how Hail & Cotton approaches identifying and mitigating the most significant cybersecurity risks that businesses face today? 

Stefan Gelderland: Sure. One of the main reasons we engaged with Enveedo early on was that we weren't addressing cybersecurity properly. Our IT division was fairly regional and siloed, and we didn't have the resources to tackle what it requires to keep us safe. About a year and a half ago, we started our journey with Enveedo.  

We picked the product because we liked the idea of keeping security in our own hands but needed guidance on how to do this. Enveedo promised to take us by the hand and lead us through the landscape. A year in, we have made massive improvements and are seeing our organization making steps towards cybersecurity maturity. 

From Reactive to Proactive 

Kiki Meyers: That’s wonderful to hear. Prior to adopting the Enveedo platform, how were you managing risk for your business? 

Stefan Gelderland: Honestly, we weren't managing risks properly. We had a few near misses and incidents that triggered senior management to realize we needed to do something. For example, we had a phishing incident, and our response was to buy a piece of software and assume it was doing its job.  

When I got on board, I noticed we weren't monitoring the proper things, and therefore, we were accumulating risk. We knew it was five minutes to midnight and needed to act. 

Consolidating Cybersecurity Efforts 

Kiki Meyers: Did you have any trepidation about putting all your cybersecurity efforts into one platform? 

Stefan Gelderland: No, because one of Enveedo’s promises was that it was very much a platform in development, partnering with other firms. We had the expectation that Enveedo would grow and provide connections to other platforms. We haven't put all our eggs in one basket; Enveedo is helping us identify what other partners we need that can connect into it. 

Incident Response Strategies 

Kiki Meyers: With a phishing attack happening mere months before you joined, and knowing Enveedo recently launched an incident response module, what strategies have you put in place for responding to cybersecurity incidents? 

Stefan Gelderland: We finished our incident response plan, which for us was a big step. We didn't have that formalized before. We're now working with Enveedo to figure out how to best leverage the incident response module. We evaluate how new modules fit into our strategy as they come out and move towards adopting them. 

Valuable Technology Investments 

Kiki Meyers: If you were speaking to peers who might not be as evolved as you are today, where do you see the most valuable spend in technology for cybersecurity in the next year? 

Stefan Gelderland: We are not as advanced as we might think, but what we've learned is that leveraging tools efficiently is difficult without knowledge. The Enveedo platform takes you step by step through all aspects of the cybersecurity journey, letting you tackle it one by one. My advice would be to start slow and ramp up as soon as you can. You can't do everything at once, and you shouldn't. 

Compliance and Standards 

Kiki Meyers: From a compliance and standards perspective, how do you ensure you are compliant, both nationally and internationally? 

Stefan Gelderland: The information and frameworks present in the Enveedo platform help us identify our weaknesses and where we've got things covered. We are a private company, so compliance is what we make it, but there are compliance requirements in the EU, for example. Enveedo helps us understand where our gaps and risks are, guiding us to formalize our direction. 

Challenges in the Manufacturing Industry 

Kiki Meyers: What is the greatest impact on the manufacturing industry regarding emerging cybersecurity threats? 

Stefan Gelderland: The manufacturing industry is very conservative and far removed from IT and cybersecurity. However, every sector is targeted, and we are susceptible to emerging attacks and trends. We must ensure we stay up to date with our systems and data, even though we don't sell directly to consumers. 

Leadership and Education 

Kiki Meyers: How have your experiences throughout your career shaped your approach to technology leadership and educating your teams about cybersecurity? 

Stefan Gelderland: My background with a big public company taught me the importance of security tools and processes. When making decisions myself, I realized the value of having a partner like Enveedo. IT is incredibly broad, and nobody can cover everything alone, so relying on outside knowledge is crucial. 

Managing IT Teams 

Kiki Meyers: What's your leadership style or philosophy on managing your IT team during challenging times? 

Stefan Gelderland: When something happens, it’s all hands on deck. Everyone needs to move, and you must take up a leadership position to ensure everyone knows what to do. We are building an internal security group, and even though we may not have official manuals ready, everyone knows to be hands-on when an alarm bell rings. 

Digital Transformation Trends 

Kiki Meyers: What are the most significant digital transformation trends affecting the manufacturing industry today? 

Stefan Gelderland: ESG, sustainability, governance, and environmental projects are significant. We recently set up an operation in Africa, and to export products to the US, we need traceability and must prove there is no child labor. Collecting and reporting on this data and keeping it secure is where the industry is transforming. 

Staying Ahead of Regulations 

Kiki Meyers: How do you stay ahead in such a highly regulated industry? 

Stefan Gelderland: Some compliance elements already exist, which helps us redo what is already there. However, European legislation is still in motion, requiring flexibility. We need to innovate and secure data as legislation becomes permanent. 

Advice for New Leaders 

Kiki Meyers: What advice would you give to other leaders coming into this space? 

Stefan Gelderland: It's a lot of work and learning on the job. Trust your partners and continuously improve. Learning from past experiences and trusting partners is key to moving forward. 

Major IT Challenges 

Kiki Meyers: Can you describe a major IT-related challenge that Hail & Cotton faced in the past year? 

Stefan Gelderland: We have many initiatives going on, like the sustainability effort and data-driven decision-making. Moving our entire infrastructure to the cloud and overhauling our ERP system are significant challenges. Each project has grown in scope due to our security initiative, making sure everything runs well while ensuring security covers all. 

Immediate Outcomes from Enveedo 

Kiki Meyers: What were some of the immediate outcomes from working with Enveedo, and how did that affect the overall performance of the business? 

Stefan Gelderland: The Enveedo platform gave us visibility and tasks crucial for securing accounts with multi-factor authentication. Conducting the Crown Jewel Assets exercise set the foundation for our program and provided vital information. We are working closely with Enveedo to optimize the incident response module. 

Visibility and Assessment 

Kiki Meyers: How did you retrieve or assess information prior to Enveedo? 

Stefan Gelderland: Without the Crown Jewel Assets exercise, I could only tell you about 50% of the assets identified. The other 50% discovered during the process were not on our radar, highlighting the platform's value in providing visibility. 

Preparing for Future Hurdles 

Kiki Meyers: How has this better prepared you for future cybersecurity hurdles? 

Stefan Gelderland: We have a better understanding of our current landscape and are working on processes to educate users. Understanding the mindset of people and possibilities helps in being vigilant and improving monitoring. 

Enveedo’s Impact on IT Infrastructure 

Kiki Meyers: How has Enveedo enhanced your IT infrastructure? 

Stefan Gelderland: We still take guidance from Enveedo and have weekly meetings to discuss status and next steps. The platform continuously improves our organization, and it’s a continuous journey with no end goal. New threats always emerge, so we must constantly keep improving. 

Fun Questions: Cyber Sense & Time Travel 

Kiki Meyers: On a lighter note, if you could equip your IT team with any superpower to enhance their effectiveness or solve an ongoing issue, what superpower would you choose and why? 

Stefan Gelderland: That's a good one. Personally, I wish I never needed sleep, so I could focus 24 hours a day. But for the team, I think vision—seeing things coming or being aware of potential issues ahead of time—would be the most important. A kind of cyber sense, if you will, would be perfect for staying ahead of threats. 

Kiki Meyers: If you could travel back or forward in time to any era with modern technology, which era would you choose and what technology would you bring to cause the most significant impact or improvement to that era? 

Stefan Gelderland: I would go back to when the internet started flourishing and data security became a major issue. Bringing today's data protection technology and regulations back then could have prevented many of the breaches and leaks we’ve become accustomed to. It would have significantly improved how we handle sensitive information.

Learn more about how Hail & Cotton are using the Enveedo Cybersecurity Platform to protect their business in our ebook. Download now!