Your podcast and YouTube blog covering the German startup scene with news, Interviews, and live events. Hello and welcome everybody. This is Joe from StartupRate.io, your startup podcast and YouTube blog from Germany. Your go-to podcast for startup tech and innovations inside. Today, we have a special guest, Jens Philipp Jung, CEO of Link11, a leader in DDoS protection and one of the top 40 under 40 by Capital.
If you ever wondered how to scale a tech business or navigate the challenges of cybersecurity in today's rapidly evolving market, this episode is for you. Let's dive into Philipp's entrepreneurial journey, leadership lessons and innovations in the cybersecurity space. Jens, welcome.
Hi, Jaron. Very nice to be here. Welcome, everybody.
Totally my pleasure. Let me spend a few words on our enabler today. This recording was made possible by HTII and the Enterprise Europe Network Hessen. These organizations have made tremendous contributions to helping startup businesses succeed and thrive, providing a range of services from helping to find grants to ongoing partnerships. By taking advantage of these resources, startup companies can network and develop innovative strategies for success on the international stage.
The dedicated support of HTNI and the Enterprise Europe Network Hessen is paramount in providing startup businesses with the tools for lasting success. Learn more on htii.de and en-hessen.de. So now that we got that out of the way, Jens, thank you for joining us today. Let's start with your journey. What sparked your interest in technology and cybersecurity in the first place? Have you been a juvenile hacker?
I wish, but unfortunately, I mainly used, when I was young, the computer for entertaining myself. So I was a passionate gamer. I mean, I was born in 83 and then get in touch with the first computers. And yeah, instead of doing something really useful with it, I spent my time in gaming with it. I would say the largest useful use of it was probably organizing LAN parties back in these days.
So this was also why I was already very much familiar with networks and connecting computers and building these events and these infrastructure for the LAN parties back in these days, long before you were able to play with a good latency online.
Yes, I remember those parties where you really had to physically bring your computer. I even remember the time when you have those red coaxial cables and need to screw them in and stuff like this. Yeah, good times. And I do know a lot of our audience is about the same age rate. What games did you play?
Oh, it was primarily Counter-Strike. I heard it's still a thing today. Luckily, I left the whole gaming behind me. But back in these days, it was like primary Counter-Strike from early in the morning to late in the evening, except on school days.
I see, I see. Well, for me, I was once at a LAN party with playing Counter-Strike, but after I died more than 40 times in 30 minutes, I thought, maybe not my game. You have built Link11 into a leader of IndeedOS Protection. How did the initial idea come about? And what was your vision when you first started the company?
Yeah, this was actually a big coincidence. Because when we have founded the company initially, we founded the company as a managed service provider for low latency applications, network applications, and server applications, which was, I would say, partially because of my passion and history in the gaming and building these LAN parties. But this was how it came that we have set up and managed server infrastructures and network infrastructures in the data centers in Frankfurt.
And while operating this business, we suddenly were faced with the so-called DDoS attacks, which have overwhelmed our network and put the whole infrastructure offline.
And this was a serious issue and we needed to solve this issue and my co-founder Carsten Dessler who is a world-class engineer while I'm just a commercial guy to say so with some technical passion he has looked around what solutions we could implement to mitigate these DDoS attacks which had serious effects on the availability of our services which we have provided back in these days and he basically can come with an idea to develop on DDoS mitigation technology by
himself leveraging his programming skills and our existing infrastructure and the solution was such good and such capable that. From words of mouth, other companies came to us and asked us if we could also provide this kind of DDoS mitigation technology to them. And as initially we only have developed it for ourselves, we find commercial agreements with them and also then developed a user interface for our technology that also other companies can use our service.
And this was how we came into cybersecurity. So we were affected by a cyber attack where we didn't find any applicable solution and then have developed our own solution to help ourselves and now millions of other assets.
I see. Most people will already know what Adidas attack is. Can you give us a short definition? And before that, we may add to our audience, because not everybody is aware of that we are heard globally around the world in more than 90 countries. Frankfurt is one of the most important centers of the Internet. We have the largest Internet node here in Frankfurt with the ECIX.
And that's one of the reasons why we do have such a lot of cloud computing all around here, which basically laid the foundation for your business. And now back to you with the DDoS.
Absolutely. So here in Frankfurt are all the data centers where the servers are running. And on the servers are obviously the applications.
And the trickiest thing with the DDoS attack is that even if you have like a world-class data center with redundancy power, cooling, and all of these multi-million dollar investments, you have a lot of servers in the data center, and your highly sophisticated applications, if a data attack hits you, it basically saturates the internet connectivity of these servers.
And if your application is depending to be reachable out of the internet, or even if it's reachable out of virtual private networks or similar things, then such data attack will interrupt the service. And it looks like your application is totally unavailable and offline. And especially nowadays where everything runs 24-7, this is a serious issue because imagine you have some high business peak days, for example, Black Friday, for example, Valentine Day in the e-commerce space.
And then on such events, suddenly the whole online shop does not work any longer. Nobody can access it. Nobody can place any order. And you make like zero revenue on this day.
What were some of the most unexpected challenges you encountered early in building your business and how did you overcome them?
Well, I would say, you know, I was lucky and grew up in a nice area with nice friends and nice family and also some kind of moral picture and first, When I was very surprised about what happened was when we have actually received these DDoS attacks, because, I mean, this was somebody actively sending cyber attack to us to damage our business, which was already quite a surprise for me back in these days, because I never thought about that such things could happen.
And I mean, we operated the business in a good manner and everything like that. And then somebody, and we don't even know who, because this is a tricky thing with cyber attacks. You usually don't know who was the initiator of the cyber attacks. Somebody has sent this attack to us, put us offline. So this was a big surprise for me and some kind of challenge. At the same time, very often out of challenges, you have opportunities. And I think we use this quite well.
Another challenge and in a similar area, but unfortunately this does not bring really like an opportunity, was when we found out that we were cheated by some former employees. So this was really something very challenging for me also from a personal level because I always thought about, okay, what have we done wrong? Why were we cheated by this employee?
And this was really like a challenging time to understand this and and to navigate through this because it totally, is um the opposite of what i understand from uh from a mobile compass and.
I'm wondering if now your uh whole office is completely covered with cameras except the bathrooms but that's a really different
Topic no actually not right and i mean this is the tricky thing um just because that thing happens to you once you should not lose trust and um and and and the good sign and the people right so actually we don't have installed any camera because of that um and and we also hope that it does not happen to us a second time um and yeah we trust our employees there and obviously since this was like a very early experience 15 years ago and we've never had a second experience Since then,
I think we were able to make better decisions when it comes to hiring and managing the people that such a thing would not happen again.
I would be interested for our audience if they can think of an unexpected challenge they have faced in their startup journey. Happy to hear your thoughts, share them with us. Looking back now, what would you say was the biggest turning point for Link11? What moment made you feel like you're on the right path? Because my understanding is you had this DDoS tool and you just used it. And then somebody popped over into your office and said, hey,
guys, your business is pretty good, but you did develop a tool there. Can I have it?
Yeah, actually, this was also like a real turning point when we have won the first clients, but as they were still pretty small, I would say the biggest turning point was actually not too far away from winning the first client because there were then like nice demand from Fortune 500 organizations. And this was really like a turning point when we were able to win our first Fortune 500 client because it really shows, okay, this is what we have developed here.
It's like a serious, it's a serious solution for a serious problem. And even the largest organization in this world are facing with the threat and are challenged or have challenges for solving these issues and these problems. So this was really like a turning point, which gave us also the confidence to have some kind of product market fit, which was an unformular term for us back in these days, obviously, speaking about 2010.
You've recently been recognized as one of the top 40 under 40 by Capital, like the German equivalent of Forbes. How does this kind of recognition impact you personally and professionally?
It has two impacts. So first impact is we are, as Link11, a kind of hidden champion, especially cybersecurity. I mean, we serve large B2B clients. We have a strong B2B focus, serving a very specific target audience, network administrator, head of network CISOs, and so on. So generally speaking, if you ask in a broader audience, who is Link 11 or what does Link 11 does, I would say the brand is not really familiar to many.
And also then if we are going into hiring, we sometimes very much need to explain what we actually do, how is our company culture and so on.
But this 40 on the 40 award helps us also to stand out a little bit and show about the capabilities of the organization and and what we have achieved so far so this really helps us in terms of hiring and standing out a little bit from these hit champion position and get some better visibility to other entrepreneurs investors and also potential employees and the second thing is when I was on my business trips in the USA and in Israel just lately,
because of the acquisition, which we have done there, I always were very, very impressed how well all of these entrepreneurs are connected. And when I came back to Germany, I recognized that here, it's quite the opposite. I mean, yes, in Berlin, where we have like a nice startup scene, there is a lot of events, a lot of connection. But if you are outside of Berlin, it's very difficult. And there was not that many events, not that many connections.
And therefore also these 40 on the 40 about helped me because actually beside of the award there's also I mean beside of receiving the award for yourself you also have many other peoples there brilliant minds smart entrepreneurs great managers who received the similar award and they really emphasize these community of 40 on the 40 members we have our whatsapp groups our slack channels There are many events organized. You have peer group meetings.
You are sharing best practices and you make new friends and connections. So this was really, really nice in terms of building a network and getting in touch with peer group and like-minded people.
And going a little bit more into you, Maybe every entrepreneur has a set of habits and routines that help them to stay productive. What's one habit you swear by that had helped you in your journey?
I think one of the most important things is to keep focus because there are so many, interesting opportunities out there so many great new ideas new technology new business models, and so on and one of the main thing is always keep on focus on what you are doing because if you, if you change too often if you lose the focus you will end up nowhere so i think one of the key routine i have for that i mean i created some kind of dashboard or a whiteboard where i have like the topics where
i want to focus on um we just recently implemented okr to really thinking like a quadrual a quarter rhythm to really keep focus on the things which actually matter and and don't lose this focus because of any other ideas opportunities are out there and last but not least um if you if you get into a certain age i would say so um the best the best routine uh you could have is uh to have a supportive wife and family um so also on this receiving
having said that uh nice greetings to my wife Jessica the love of my life oh.
So sweet um that also brings me to the next question how do you balance the demands of a growing business while maintaining a healthy work-life balance
Yeah that's a tricky one what I read and and and learned and heard and also experience is that what many successful founders have in common is that they are working as hell. So, building a startup is not a part-time job, and it's also not a full-time job. It's like an 80 to 100 hours a week job, in my opinion, right? And what I heard from others, I mean, if you ask work-life balance coaches, they will tell you the opposite, right?
But so, my experience is if you want to build a startup and if you really want to be successful, we speak about 80 to 100 hours, Which basically means like you wake up, you have a quick breakfast, and then you work on your startup until you go into bed, sleeping, and then every day the same. Repeat this. Work like hell, right? When there is crunch time, then really lean in.
And yes, then there are also things like sport, healthy food, meeting with friends, building relationships, and things like that. You know, the day only has 24 hours. And I always thought about, hey, if others work eight hours and I would work 16 hours a day, I could basically achieve twice the outcome. So this was, I mean, this is where I say like basically, okay, building a startup requires just a lot of time.
And if you speak with other successful founders and ask them about, okay, what actually in the beginning, especially how many hours have you worked a day? I think many would answer that it was way above 40 hours. So work-life balance comes for me at least right after I have brought the company to a certain stage. Currently, it's like 100% the company and nothing else.
Okay. Link11 is known for its cutting-edge technology and innovation. How do you stay ahead of the curve in such a fast-paced and competitive industry?
Yeah, indeed. Also, not only that the technology shifts very fast, also it's a kind of cat-and-mouse game because you have the hackers who develop new threads and you always need to keep pace with that. So the kind of good source for keeping pace with that is your customer base. So our customers, as already said, we are setting to very technical people, and they are all very great minds and a great source for ideas and inspiration.
You just need to listen very carefully to them. You need to find the time to speak with them. You need to find the common challenges between the different individual statements of this customer base, of these feedbacks. But speaking to your clients is very, very often the best source of inspiration and great business ideas.
Yes, customer-centric, I see. For our audience, I would be curious what innovative tools or strategies have to help you to stay ahead in your business. Share them with us. Jens, can you walk us through a specific instance when you had to pivot or adjust Link11's approach in response to market challenges or new cybersecurity threats?
I would say DDoS is some kind of evergreen topic. Good and bad on the same time because if if there are new cyber threats um in our sector, we could adopt to them and we could we could develop new solutions but ddos is like already existing since 20 30 years and probably will exist also for the next 20 to 30 years so we have the situation that there was not like a real pivot need in terms of these um data solution, what we have, right, which is type of our core business.
But while the threat of data attacks was there and is still there and also increases, now our customers also facing other threats and other cyber attacks. And therefore, the customers are demanding more like a platform solution instead of a single capability solution. And this is a kind of special situation because you know in the past it was good enough to have the best details mitigation service, Because customers tend to buy best in breed. But now customers want to have vendor consolidation.
They want to have a single vendor providing more solutions. And therefore, it's super important to have multiple products. Which was then kind of a pivot for us to get out of the dealer space and offer a more broader service range. And luckily, we have already anticipated this trend and made some strategic acquisitions. So, part of the product portfolio we are now offering was developed by ourselves.
Part of the product portfolio and what we are offering was through strategic acquisitions, which was some kind of pivotal moment for us and some kind of change in terms of strategy. And if you are still nowadays, I would say some kind of one trick pony, that would be very challenging in nowadays buying behavior who really tends to have more like a platform solution instead of an island solution.
Going a little bit into a more scaling mindset, what do you think is the most difficult task, the most difficult aspect in scaling a tech company and how would you advise other founders to approach it?
Three very difficult points. Hiring, hiring, hiring. So I would say because, I mean, now we have this huge AI boom and maybe then it changed a little bit because you need to hire less human workforce and can leverage AI.
I mean, nowadays you have companies which only have five employees and are very successful, but generally speaking, I think hiring is one of the most challenging, aspect of scaling a tech company because, Well, it's usually not the big issue to have enough applications for a certain shop. I mean, we, for example, have more than 2,000 applications just for seven open positions. So the challenge is not to get the applications and to find the talent.
The challenge is to hire the best talent out of this pool. especially if you are competing in a market with US competitors which usually have higher salaries than the European counterparts. So this really become a very tricky point. And if you hire the wrong people, you're not only using obviously money, but you're using also a lot of time and a lot of pace. And this is really, I would say, the most challenging part of scaling the company and especially scaling the company very, very fast.
Actually, my next question was about hiring, building a strong team. I would be curious, what qualities do you look for in hiring those people in order to scale?
We believe that at the end, attitude and mindset matters the most. So basically, if you have a very well-skilled applicant, but he's lazy, then this is not a good hire. So better hire somebody who really works hard, who wants to achieve something, who really leans in, because he can learn most of the things which are necessary.
And so mindset mindset is super important i would say like the single most important, And then obviously culture fit, which also belongs somehow to a kind of mindset, right? I mean, if we have a culture where people want to win, and where we want to be successful, and we really lean in, and we are very supportive to each other. We basically have the motto that when we work hard, we also work with a lot of fun. So, this culture map or this culture match obviously needs to be achieved.
Otherwise, the higher, the new person won't feel comfortable in the environment and also vice versa.
Interesting. But as we know, culture eats strategy for breakfast. first. I was curious because you apparently do have partnerships in Link 11 and what role did they play? Because I read that you do have currently in one press release, I don't know if it's up to date, 11 locations across the world. I do believe that also works with partnerships of some kind. And what are the most important ones and how did they work for you in order to help to scale?
Our partnerships were very long time focused on go-to-market partnerships. So as we have developed a great solution, we only had a small amount of workforce for selling these solutions and also only limited capabilities in terms of marketing. So we have leveraged very, very early already partnerships from a go-to-market perspective.
So meaning finding organizations, data center providers, hosting companies, managed service provider, consultancy organizations who help us with putting our technology and our product to the customer base.
And while this was already the focus since quite a long, We have now also extended this focus to look more towards OAM partnerships, integrations, tech partnerships, to not only leveraging from a go-to-market perspective, but also more from a product and strategic perspective, which is obviously a different kind of tactic and also very different from each other. But we believe if we are successful with these kind of partnerships, this would definitely make a huge difference.
And we also believe that joining forces and achieving something together does not only make more fun, but also generates greater outcome.
I see. We talked about cybersecurity here a lot, and it is definitely an evolving space. I would be curious, what kind of trends are you looking for right now in a professional term? And on a private level, I do have the tendency to always ask all my guests in cybersecurity, on what level is your paranoia for your company and you personally in terms of cybersecurity?
Well, which of both should I answer first? Well, let's start with the trends. there are currently three big trends in the cybersecurity space. And I mean, the first trend is very much in common with like in all industries. And we're speaking about the age of AI. So AI does not only make the companies and the workforce more efficient, It also makes the criminals and the attackers more efficient.
So, beside of super complex phishing attacks where you have like emulated video, voice, audio, and so on, which is super hard to detect, You also have more and more complex AI attacks on network and application layers using more sophisticated tactics, more human looking traffic and approach than ever before. Because I mean, in cybersecurity, it's always a challenge to find out, okay, what is legit versus what is like malicious.
And the more it looks like human traffic, the more difficult it is to identify it. So AI definitely changes the game and it also will create a lot of more cyber attacks because with like vibe coding and so on. And yes, currently many models block such requests, but there are also AIs out there which don't block any malicious activity where you can ask an AI to say like, hey, please develop me a virus. Please develop me an attack, Adidas attack program and application and similar
things. So this would just basically increase the amount of attacks and also increase very much the sophistication of attack. So this is trend number one, AI, which makes cyber attacks more serious and more often. And then the second trend in cybersecurity is the so-called shift-left approach.
With shift left approach basically mean that in the past, you had like classical development, and then you had like a DevOps team who operating the application, and sometimes you had a network team, and then you had somewhere at the end, the security team. So, which means like, okay, then the security guys need to live with whatever they receive from the development and application team and from the operating team, and then trying to build the walls around it and fix it and make it secure.
And the shift left approach is like to put cybersecurity more towards the development of the application and like native integrations in the applications. And this, at the end, will hopefully lead to, I mean, the idea is that this leads to more safer applications and not only like patching vulnerabilities, but also avoiding vulnerabilities and creating overall and saver environment. I hope that the AI applications, which are now generated, also has a nice security concept already integrated.
And the third big trend in cybersecurity is the so-called zero trust trend. So zero trust means in cybersecurity, basically, that you need to design your architecture, your IT architecture in a way that you could not longer trust the other devices in your network, for example. But also, you are not 100% sure if you could trust the current request and application and also the user in front of this application. So imagine a very, very simple kind of zero trust initiative.
Imagine you are in an office and you leave your computer, right? Normally, you say like, yeah, no issue. I left my computer. What should happen? All of the people here in the building are working for the same organization. All of these people here in the building are good humans, so nothing could happen. But Zero Trust means, for example, also that you think about, okay, but what actually one of this person does not only has good things in mind.
So therefore, you lock your computer when you leave the desktop in your office, even.
If in the in in the early days right you you never thought about okay somebody of your colleagues could do some vulnerable things on your computer so this is like the zero trust trend and it starts with like the user it goes over application it goes over networks so also in the past you have typically build these corporate networks by by protecting the perimeter and you have your DMZ the dematerialized zone so everything within the corporate network was
trustable everything outside of the corporate network was not trustable and the zero trust initiative basically says like hey also everything within your network don't trust them um have have certain rules firewalls and so on in place because imagine if.
One device in the copper network gets hacked for whatever reason without like having the zero trust approach and like multiple segmentations these this initially infection could spread across the whole corporate network and in the past this was the case and in the past this was also why there was huge incidents and huge ransomware attacks and large corporates get down for multiple days weeks and even months and there was also some companies get bankrupt because of
that and the zero trust approach basically wants to to mitigate all of this and saying like okay if you get infected it does not spread around so these are the three trends and you have also asked me about what is my paranoid level that we have a cyber attack I mean we have cyber attack every day on link 11 and we were able to mitigate all of them until now and I'm also very optimistic that we are able to mitigate them in the future and.
Mitigating like hundreds of cyber techs each day. And we also have like all of these certifications, ESO, PCI, SOC 2, we are currently working on BCI C5. So we really invest a lot obviously as a cybersecurity company in our cybersecurity. So my Paranite level is quite high in terms of, otherwise we would not invest that much and would not put that much effort into it. But my saying, my really concerns that we have an issue are quite low because I know that we are very well protected.
That's pretty good that you guys are well protected. And I was wondering with those cyber attacks on Link 11, if your opponents are not only training you to be better, but that's a different topic. I've seen a lot of interesting case studies.
What are you protecting here? For example, what I found pretty impressive is Fraport, one of Europe's busiest airports, as well as Deutsche Flugssicherung, which is the air navigation service provider that makes sure all flight movements, all plane movements are secure in the German airspace. So, can you share some particularly challenging cases and how you handle them to provide cybersecurity for such places?
Critical aspects of cyber attacks is always the time. So, because cyber attacks, usually the damage the cyber attacks could cause is, or close, with the time the cyber attacks exist. So therefore it's very very important to act super fast and reducing with that fast response also the potential impact of a cyber attack so a quite common case is if it. If there is a cyber attack with somebody who has not yet implemented any protection yet, it's really like an emergency case.
So you need to imagine the company is offline. They have invested millions in operating the business and then suddenly everything stands still. They lose tons of money every minute this situation continues. They don't have visibility of the business, their customers can't reach them, they are maybe facing some damage claims because of non-availability and service interruption.
So this is a serious situation and these incidents, these actual cyber attacks, this is always a particularly challenge, not only for the company, but also for us. And we have playbooks to handle the situation when customers call our emergency hotline. It's really like the, it's like the firefighters. You call 110, hey, link 11 here, what happened? And then we get the information, what actually happened. Then we say like, okay, look, this is our playbook. This is how we act.
We need to, I mean, we also need to sometimes calm down the.
How to say, to relax the people on the other side because I mean for us it's kind of daily business I mean luckily not every day we have these emergency situations from unprotected customers but we are used to it but for the other side it's like a new experience obviously and yeah this is always interesting situation and it reminds you really like the firefighters so hey this is the playbook this is how we solve the situation, and this is how we can help them.
Hey guys, thanks for sticking around. The interview with Jens is actually so extensive and running so well that we decided to split this into two parts and we'll be back with recording number two pretty soon.
Thank you very much.
Thank you for sticking around and talk to you soon.
Talk to you soon.
That's all folks find more news streams events and interviews at www.startuprad.io remember sharing is caring