One of the best lessons of his career

Lars Ottersen still laughs about the call that ended with a managing director hanging up on him.

He was Visma's Legal Director at the time, brought in to convince a managing director of a newly acquired Visma company to adopt Visma's way of doing things. He hadn't prepared. He didn't think he needed to. The managing director walked him through their entire security setup. It was methodical, thoughtful, genuinely impressive. Lars sat there with nothing to offer.

Lars recalls the managing director saying: "Okay, so that's what we have. You have nothing that provides value on top of this. So why are we even having this call?'" Then the line went dead.

It was, he'll admit now, one of the best lessons of his career.

‍Grow your ears faster than your mouth‍

Lars joined Visma in 2016 as a legal counsel, moved to Legal Director, and eventually became Chief Risk Officer – a role that today spans security, legal, compliance, sustainability, IT and procurement.

It's a broad mandate that puts him at the centre of some of Visma's most consequential decisions: which companies to acquire, how to onboard them, and how to maintain the kind of trust that customers and investors increasingly treat as a deciding factor.

"You have to grow your ears faster than your mouth," he says. "The first time you meet a company, your job is to ask how you can help them. Not to merely hand them a to-do list."

‍A hundred incidents and proud of it‍

One of the more counterintuitive things Lars has learned in nearly a decade of this work: a company that logs a hundred security incidents a year is most likely doing considerably better than one that logged zero.

"The ones that say zero simply haven't been looking," he says. "The transparency is the point and if you believe you have had zero incidents you are likely either lacking the capabilities or the desperation to find and close them before they materialise.”

This shapes how Visma approaches due diligence when acquiring companies. The concern is the unwillingness to be honest about it. 

"We're experts at onboarding companies and getting them up to speed," Lars says. "What we stay clear of is companies that resist giving us the starting point to work from."

‍Celebrate the mistake, not just the win‍

The same logic applies inside Visma. Lars has deliberately built a culture where teams feel safe raising problems early, long before they become critical. 

"It's easy to end up in a situation where people only come to you when things are really going wrong, because they don't want the blame," he says. "So we celebrate the victories and the mistakes equally. We are genuinely grateful when someone reaches out early."

‍The roadies behind the rock stars‍

There's a commercial dimension to all of this that Lars is direct about. Trust, he argues, has become a purchase decision – particularly in enterprise software, where customers are handing over sensitive data and critical processes.

"I want customers to use Visma partly because they trust us," he says. "That why we've made the effort to ensure our products are compliant and secure. And if something goes wrong despite that, we are on it. And we stay transparent until it's fixed."

For companies joining Visma, that infrastructure is part of the attraction. He describes his team's role with characteristic directness: 

"The companies in Visma are the rock stars. They're the ones bringing in the business, making the whole thing work. We're the roadies. We set up the stage, and then the Rolling Stones go on and play."

‍Speaking the right language‍

As AI reshapes the threat landscape almost weekly, Lars is clear about what it takes to stay effective.

"Understanding your audience,” he says, “is the whole job. If you're too far removed from what's actually happening, you're going to do a bad job."

His answer is to stay close to the detail, and to keep translating risk into a language that lands with whoever he's talking to.

"If you're talking to a commercial person, a long list of everything that could go wrong doesn't work. Tell them what it costs. Then you're speaking their language."

‍