People

Lars Holtar, Security Manager

Tell us a little bit about your background?
I went to university in England and started in Visma as a Management Trainee in 2008. I’ve worked with a few different things over the years but ended up in security after becoming too involved in Visma’s work on the GDPR. I now serve on the management group for security, legal and governance in Visma.

What does a typical workday look like for you?
No day is the same! Some days are all about budgets, some I spend in Jira, and others see a lot of meetings and presentations. My workday is about making sure the little things we do every day support Visma’s long term strategy. Form follows function, so no day is the same.

What is your favourite part of working with security in Visma?
Our results and the speed by which they are delivered. Visma’s security program has a proven track record, and we keep on developing it at a rapid pace. In order to deliver like this, we have to be agile and hungry, and frankly, it is a lot of fun behind the scenes!

Give one piece of advice to someone who’d like to work in security
Go for it: Open positions or reach out on LinkedIn.

Ioana Piroska, Security Engineer

Picture of Ioana Piroska

Could you tell us about your background?
I am a security engineer for Visma’s Security Testing Team. I’ve been working with the team for the past three years, and hopefully, many more will come.

My tech story started at the Polytechnic University în Timisoara, Romania, where I graduated with a Computer Science Engineering degree. Some of my job titles throughout the year include: web developer, application support engineer, system administrator and network security engineer. All this experience brought me here, managing the Bug Bounty Program in Visma.

Through this program, we are helping internal teams throughout their Bug Bounty journey, from start to finish. I am also part of the triage team, working on the reports as well. My aim is to successfully combine active communication skills with good technical skills to provide a service that the entire corporation can benefit from.

When working with our hackers, maintaining their engagement is always a challenge, so we try to be fast, be as transparent as possible with our decisions, consistent in our communications and develop all kinds of campaigns to engage them more and more each time; all this earned me the nickname “Mother of hackers”. 🙂

What does a typical workday look like for you?
We get reports from hackers every day, and it’s one of my duties, as mentioned, to work on them. On days when the reports don’t need my full attention, I help my colleagues by sharing knowledge and teaching the new joiners how we work in the Bug Bounty team, explaining the entire process.

My workday also includes presentation sessions with the teams about to join the program, supporting them during the onboarding process since some specific preparations need to be done before they join.

I am also constantly in touch with our partner Intigriti – the platform that provides the infrastructure for this program.

I also try to always come up with ideas to improve the service and attract more and more teams to Bug Bounty.

What is your favourite part of working with security in Visma?
My favourite part is the fact that I can immediately see the results of my work. Since we started Bug Bounty on a large scale four years ago, we’ve got an impressive amount of reports, and some of them were high or critical findings. If it weren’t for the Bug Bounty program, they would not have been ethically reported. Luckily they were, and our internal teams had the chance to fix things before being exploited in the wild.

It’s very motivating to have the management’s support in having such a program. Not many companies afford this, so it’s an honour for me to have been given this chance.

One of the main benefits is that I get the chance to be innovative and flexible, there’s always teamwork involved, and new learnings are found every day. You don’t get bored with our team, that’s clear to me!

Give one piece of advice to someone who’d like to work in security?
You need to have passion and the will to invest time in learning and improving. Security is a domain in which you need to always be up to date with everything new, that is, if you want to succeed.

I consider it a noble job because we constantly bring in ways to make the internet safer and the world better.

Alina Nicula

Tell us a little bit about your background?
My name is Alina and I’m located in Timisoara, Romania. I’ve been working in Visma for more than 10 years. I started as a software developer for an on-premise solution, then advanced to a service architect position for an Azure cloud hosted service. Recently I joined the security department and I work as a lead security architect, responsible for the security self-assessment program to which all Visma services are expected to onboard. I enjoy writing code, so I am also contributing to the development of our internal Security tools and services.

What does a typical workday look like for you?
I always start my day with a cup of coffee and a glass of water next to me. Then I look at the overview of the activities planned for that day. I’m trying to balance the time spent in meetings and the time spent on development activities.

What is your favorite part of working with security in Visma?
I am fascinated by the amount of information I learn everyday. We have a lot of highly skilled colleagues in the security department and following them and their work is allowing me to grow and expand my security knowledge.

I enjoy working with the different Visma teams at understanding their business needs and at guiding them at taking the best security decisions for their services.

Give one piece of advice to someone who’d like to work in security?
When evaluating the security posture of an application, never assume, always ask and verify.

Iuliana Minea

Tell us a little bit about your background?
Hello, my name is Iuliana and I've been a software developer for almost nine years in which I've had the opportunity to work in various domains and discover my passion for clean code. Last summer, I joined Visma which gave me the chance to work on the security domain.

What does a typical workday look like for you?
I usually start my working day with a discussion with my mentor where we make a battle plan for our tasks. After that every day looks different because things are in a continuous movement, we always have new integrations, investigations and requests that need to be tackled.You don't get a chance to get bored.

What is your favorite part of working with security in Visma?
I like very much the good collaboration that we have within the team, we have a good balance between work and fun, everyone is there to help and support you. There is a high level of freedom, you can focus on what you like but also you have support to learn and try new things.

Give one piece of advice to someone who’d like to work in security?
Try with small steps and explore it. Security is a journey, not a goal.

Mariana Dias Falhusca Varajao

Tell us a little bit about your background?
Hello! My name is Mariana, and I’m from Portugal, but I work for the Romanian office in Sibiu. Long story short, I came to Romania to be a volunteer, and then stayed for the amazing country and its people. My professional life started as an intern learning C and C++ to become a developer, but shortly after, I discovered a passion for testing, so I became a Technical Quality Assurer. Security has always been something I’ve been afraid of moving into, but I am incredibly lucky to be now a part of the Security Development team - where testing meets security!

What does a typical workday look like for you?
My days start as any other IT person’s day starts - with coffee! We have fun daily meetings, and I do my daily test executions - gotta keep an eye on those tests in case they need maintenance, as the software the team is developing is constantly changing with new features coming and improvements to existing features. When I am not checking the works my colleagues have done, I am looking for ways to improve my tests and provide more test coverage for the product.

What is your favorite part of working with security in Visma?
The community, the team, and the knowledge they share. My colleagues - either direct or indirect - are some of the best hackers, and they’re always willing to share how they got there, and how they do it - from live hacking sessions, to interesting podcasts full of information. Between the Security Conferences, and the Security Awareness programs, there is always something new to be learned.

Give one piece of advice to someone who’d like to work in security?
Don’t be afraid! Take it slow! Find which part of security you are passionate about and take it one step at a time! Security is an incredibly large domain - find a small part you enjoy and start from there. I started with OWASP (Open Web Application Security Project) - enjoyable, and it emcompasses a lot of different security vulnerabilities - great way to start!

Nicoleta Botosan

Tell us a little bit about your background?
Hello! My name is Nicoleta and I currently work in the Security Development team. I am doing Infrastructure related work, both hands-on and as well research.

My background is in Infrastructure, and I’ve been a DevOps/IE for about 8 years now. I have chosen this path because I love the adrenaline that it brings when solving different kinds of problems or even incidents. Although I’ve been working mostly with AWS during my career, now I decided to switch to Azure and to have more focus on Security. I am a firm believer that Security is super important nowadays and I feel extremely motivated knowing that my work contributes to making Visma Products secure and trustworthy.

What does a typical workday look like for you?
Well, IEs don’t have typical days, but usually, I start my morning with our daily meeting. Then I monitor a bit the services that are under “my umbrella”, and afterwards I start implementing the required changes. I am a big fan of Infrastructure as Code[IaC], and I’ve been working with many provisioning tools during my career, and now I’ve started together with my colleague Romina a research initiative that focuses on IaC scanning. We want to make sure that we catch vulnerabilities early in the process, even before resources are provisioned in the Cloud.

What is your favorite part of working with security in Visma?
Besides my love for Cloud and Security, I do love people. I really like that here at Security I have the opportunity to collaborate with so many wonderful individuals that have the same goal - make Visma Products as secure as possible. I love chatting with people on tech subjects, delivering presentations and collaborating in general.

Give one piece of advice to someone who’d like to work in security?
Start now and see what you like to do. Security is a generous field and has a lot to offer. 🙂

Romina Druta

Tell us a little bit about your background?
My name is Romina and I have been working as an Infrastructure Engineer for Visma, since 2018. After I finished my studies I have been working as a system engineer mostly on cloud infrastructures in the medical, banking and finance fields.

In my role at Visma, I am responsible for designing, administering and maintaining Cloud infrastructure and services hosted on it.

Not long ago, thanks to my colleagues Monica and Nicoleta, I have started to be more involved in security research projects and right now with their help, I am developing an astonishing curiosity for this field.

What does a typical workday look like for you?
A day of work for me is shared between a lot of multithreaded tasks. Sometimes I have to do more things in parallel and I need to manage my time as a resource and my capacity of focusing on what is critical before what is more important.

What makes my day at work is when I can help others increase their knowledge and when I am finding vulnerabilities or performance issues that need to be fixed.

What is your favorite part of working with security in Visma?
My favorite part is when we are working together and we have brainstorming sessions, or presentation sessions about what we have learned in the security field. I did not know security is so vast and so complex at the same time.

Also I like a lot the team members from the Security R&D team. They have passion for what they are doing and they are willing to help you when you need it.

Give one piece of advice to someone who’d like to work in security?
If you are curious about topics that have never crossed your mind, working in security will surprise you daily.