From Small-Town Estonia to Cybersecurity Leadership: Jürgen Erm on Building NEVERHACK Estonia

Some podcast episodes teach you about a topic. Others help you understand a person. This episode of NEVERHACK Estonia Cybercast does both. 

In a candid and wide-ranging conversation, Louis Zezeran sits down with Jürgen Erm, Country Manager of NEVERHACK Estonia, to explore the journey behind the role. The result is not a typical executive interview. It is a grounded conversation about where leadership comes from, how cybersecurity becomes meaningful when connected to real life, and why calm, practical leadership matters so much in a field defined by uncertainty. 

At the start of the episode, Louis explains that this conversation is part of a leadership-focused sub-series: a chance to better understand the people behind the decisions, the motivations behind the leadership style, and the experiences that shape how an organization is run. That framing matters, because what follows is not just a professional timeline. It is a personal map of how a leader is built. 

Jürgen’s story begins in eastern Estonia, where he grew up in a small community before moving to Tallinn for university. Born in 1988, he still has one small but powerful memory from the Soviet era: holding ration coupons in his hand while his mother warned him not to lose them. It is a brief image, but it sets the tone for much of the conversation. Estonia was changing fast. Opportunity was opening up. But life still carried traces of scarcity, instability, and a world where systems were not yet fully built. 

That backdrop matters because it shaped his earliest understanding of security, fairness, and responsibility. 

One of the strongest moments in the episode comes when Jürgen recounts how his father’s first expensive Western car was stolen almost immediately after being brought home. At a time when official institutions were still developing, members of the local community mobilized themselves to try to find the thieves. They did not succeed, but the experience left a lasting impression on him. Years later, he connects that memory directly to cybersecurity: the same mentality that causes harm in the physical world exists online too. The difference is that in cyberspace, the criminal often does not see the person or organization being harmed. That invisibility makes cyber harder for people to understand — and in some ways harder to defend against. 

This is one of the reasons the episode works so well. It never treats cybersecurity as an abstract technical topic. It continually brings it back to people, trust, damage, and consequences. 

The conversation then shifts into the digital transformation of Estonia itself. Jürgen describes the transition from outdoor childhood life — lakes, woods, makeshift hideouts — into the indoor digital world that emerged as computers became more common in schools and homes. He lived through the period when Estonia’s digital development accelerated, when PCs became household machines, dial-up connections appeared, and always-on internet changed behavior completely. Like many people of his generation, he was drawn into online gaming, and he vividly remembers being socially engineered in RuneScape by another player who tricked him out of his armor and gold. It is a funny story on the surface, but it also reveals something deeper: long before formal cyber education or security roles, many of the internet’s core lessons were already being learned the hard way. 

Interestingly, Jürgen did not originally imagine a future in IT. His early interests leaned more toward economics, business, and the mechanics of how companies work. He considered business-focused studies and was attracted by the idea of building something or working in finance. IT emerged as a path largely because the people around him saw its future potential and encouraged him to take it seriously. He eventually enrolled in IT College, choosing systems administration over software development because coding felt too intimidating at the time. In retrospect, that choice seems less like caution and more like alignment with his strengths: practical systems thinking, operations, structure, and responsibility. 

Another valuable theme in the episode is the importance of practical education. Jürgen talks about how his studies were designed to push students into real industry work early, and he credits that with helping him build momentum quickly. He got his first IT role while still in college, entering Danske Bank through an IT monitoring position on the night shift. That role may have been low on the organizational ladder, but it gave him an entry point into a serious environment and let him begin learning how large systems really work. He also took on extra work in broadcasting for a period, digitizing video content at Levira, before realizing that doing school, night work, and day work all at once was unsustainable. It is one of several points in the conversation where ambition is present, but so is realism. 

Danske Bank became the foundation of his early career. He stayed there for a decade, moving from monitoring into service desk and eventually into cybersecurity as the bank built out a dedicated security capability. The way he entered that field is almost cinematic in its simplicity: he found himself in an elevator with a future boss and said, directly, that he wanted a chance to work in cybersecurity. That honesty led to a role as a junior analyst in a newly forming vulnerability management team. It is a reminder that career pivots often begin not with perfect timing, but with a willingness to say what you want. 

What he learned there became central to his leadership philosophy. Vulnerability management, he explains, is not really about scanning or reporting alone. It only works when the right people actually act. The real challenge was building a process, earning stakeholder buy-in, and learning how to adapt his approach to different personalities and teams. He emphasizes that before you have buy-in, nothing happens. That is a powerful lesson because it applies equally to cybersecurity, leadership, and business transformation. Technical correctness is not enough. Human alignment is what moves things forward. 

The episode also offers thoughtful reflections on leadership itself. Jürgen describes several leaders who influenced him, including a boss in the bank who consistently protected his team’s interests and a military officer whose calm and composed leadership left a lasting impression. These examples seem to have shaped Jürgen’s own style: controlled, steady, and focused. When Louis asks whether that calmness comes naturally, Jürgen gives one of the clearest takeaways of the entire episode. He says that while he does get angry or feel pressure, showing anxiety as a leader does not help. It spreads. It infects the team. Instead, he tries to focus on what he can control and let go of what he cannot. It is a deceptively simple philosophy, but in cybersecurity — where uncertainty, complexity, and pressure are constants — it is a profound one. 

Another deeply human part of the episode comes through in the story of his unfinished degree. After being rejected during his first thesis evaluation, he walked away, convinced he no longer needed the paper because he already had the job. Years later, encouraged bluntly by the woman who would become his wife, he returned, completed what was needed, and finished the degree. Looking back, he sees that younger version of himself more clearly: talented, but taking criticism too personally. He later even helped one of his own employees avoid making the same mistake, using his experience to help someone else persist. That is a strong example of mature leadership: taking an earlier wound and converting it into support for someone coming behind you. 

The latter part of the conversation turns toward business leadership at scale. After the closure of Danske Bank’s operations in Estonia, Jürgen eventually took on broader leadership challenges, including steering the company through a difficult transformation from a technology reseller model toward service delivery. He speaks openly about how financially difficult that kind of shift can be: hiring talent before revenue fully arrives, carrying costs, and trying to grow while the market catches up. To make matters harder, the company doubled in size and then was hit by COVID. Rather than romanticizing the challenge, he describes it as it was: hard, uncertain, and demanding. 

One of the most valuable strategic insights in the episode comes from what they learned during that phase. The company had built a very broad portfolio of services across the cyber domain, but customers — especially those earlier in their cybersecurity maturity — often struggled to know where to start. More choice did not create more clarity. So the team simplified the offering into clearer domains: advisory, technology implementation, offensive security, and core monitoring and response capabilities. This made it easier for customers to enter, assess where they were, and take the next step. It is a useful lesson for any services business: complexity may reflect expertise, but clarity is what creates traction. 

What makes this episode so worthwhile is that it speaks to multiple audiences at once. 

For cybersecurity professionals, it offers a grounded career story about starting from the bottom, earning trust, learning operations, and growing into leadership. 

For business leaders, it offers honest lessons about transformation, simplification, stakeholder buy-in, and team culture. 

For younger listeners, it offers a realistic reminder that careers are rarely linear. The right path may begin with uncertainty, rejection, or even a role that feels small. 

And for anyone interested in leadership, it offers something more timeless: a view of leadership not as charisma or control, but as steadiness, perspective, and responsibility toward other people. 

This is an episode about cyber, yes. But it is also about Estonia, generational change, humility, education, mentorship, and the quiet discipline behind strong leadership. By the end of the conversation, Jürgen Erm comes across not simply as a country manager, but as someone whose leadership has been shaped by lived experience at every level — from childhood memories of scarcity to early online mistakes, from night shifts and service roles to executive decisions under pressure. 

That is exactly why this episode matters. 

If you want to better understand what strong cybersecurity leadership looks like in practice — and what it takes to build it over time — this conversation is well worth your attention. 

Listen now on our channels, visit our website for more cybersecurity insights, and subscribe to NEVERHACK Estonia Cybercast for more conversations with the people shaping cyber resilience in Estonia and beyond.