DANX Carousel: “The biggest challenge is to be seen as a helper”

13 countries in Europe. That’s how many different locations – and cultures – Head of Information Security Anders Thingholm has to navigate when rolling out DANX Carousel’s information security efforts.

At DANX Carousel, it’s not just the security work that’s on wheels. Rolling out is what the company excels at. The company is a kind of “rescue service” for the logistics industry, delivering critical spare parts at express speed.

“If an MRI scanner breaks down in northern Sweden, we make sure the needed parts arrive from the Netherlands – and we make sure it gets there fast, because a machine like that simply can’t stand still,” Anders explains in a webinar.

In 2022, Danish DANX was acquired by a private equity fund and merged with the British company Carousel. A strategy was set to acquire five companies within five years. But five quickly became eleven in just the first year and a half.

“Some of them were maybe three-person companies with their entire structure outsourced, and in the most recent case, 450 people joined at once – so yes, we’re growing a bit,” Anders says.

The growth and all the new colleagues requires balance – and a consistent, structured information security strategy. Especially now that the company is also covered by NIS2. This process is led by Anders with two colleagues on his team.

Not about dictating

‍One of Anders’ key approaches is visiting the company’s different sites across Europe. For a highly operational business like DANX Carousel, it is important to see first-hand how security procedures actually work in warehouses and distribution centres.

“We also fly, so for example, I was sitting in the cockpit on a flight from Birmingham to Dublin to get insight into their safety procedures. To see exactly what they do if something goes wrong,” says Anders.

Ultimately, it’s about showing up, asking curious questions, and being solution-oriented, he explains.

“These are people who don’t necessarily speak IT as a second language, so you have to understand their mindset. When I visit a warehouse, sometimes it even helps to grab a package and pitch in. I need to connect with them, not dictate. But that’s actually the biggest challenge – getting people on board with the security agenda and being seen as someone who helps.”

Also read: The hackers are coming: How to create an actionable disaster recovery plan

ISO 27001 as a guiding star

‍Listening and being solution-oriented is key, but there also can’t be 80 different ways of doing things, Anders explains. That’s why he uses ISO 27001 as a guiding framework.

“In this field, you could work endlessly if you don’t know where to draw the line. New issues keep coming at you from all directions. You need something that keeps the course, otherwise you’ll go down 200 rabbit holes every single day”. 

Beyond the current focus on NIS2, Anders also emphasises having solid business contingency plans and policies written in plain language that everyone can understand.

“Anyone can sit down in a basement and draft policies and procedures, but if they have no connection to reality, they won’t be followed.”

Want to see the full conversation with Anders Thingholm about DANX Carousel’s information security work?

Click here (in Danish)