Staying on top of cybersecurity risks presents one of the most critical challenges for businesses of all sizes. Failing to keep up with the latest cybersecurity threats can be costly: a survey from PwC released in October 2024 found that the proportion of businesses that have experienced a data breach of more than US$ 1 million has increased significantly from year over year – from 27% to 36%.
The survey of over 4,000 business and tech executives from across 77 countries identified several gaps companies must bridge before achieving cyber resilience. They include: gaps in implementation, gaps in preparedness, gaps in CISO involvement, gaps in measuring cyber risk, and gaps in confidence to comply with regulatory compliance.
The report concludes that safeguarding a business requires executives to treat cybersecurity as a standing item on the business agenda. It recommends that cybersecurity leadership needs close collaboration with the C-suite to embed cybersecurity into every strategic decision.
As a top acquirer of software companies around the world, Volaris Group believes in having strong cybersecurity leadership for our businesses. One of the leaders responsible for this at Volaris is Andrea Dever, the Portfolio Director for Information Technology and Cybersecurity serving businesses in the portfolio led by Gordon Smith.
With over 25 years in the technology sector, Andrea has carved out a remarkable career that blends technical expertise with a deep understanding of people. She brings a unique perspective to managing cybersecurity, infrastructure, and IT strategies across multiple businesses. Her journey, which began with a passion for understanding how things work, has evolved into a leadership philosophy rooted in collaboration, curiosity, and continuous learning.
In this interview for Acquired Knowledge, Andrea shares her career story, the lessons she’s learned along the way, and how she approaches the complex challenges of overseeing IT and data security across diverse businesses. From her early days as a problem-solver in customer care to her current role guiding IT initiatives at the portfolio level, Andrea’s insights reveal the critical balance between technology and human connection in driving business success.
How did you begin your career in cybersecurity?
In 2018, after spending 18 years working in IT, I decided to shift my focus to cybersecurity. While cybersecurity can often fall under the IT umbrella in smaller organizations, it’s actually a distinct discipline that requires specialized knowledge. I realized that to pursue this path seriously, I needed formal training.
So I went back to school for a bachelor’s degree in cybersecurity, followed by a master’s degree, while working full-time. I also acquired several industry-recognized certifications to build my expertise. By the time I completed my master’s, I was ready to look for opportunities beyond Metafile, the Volaris-owned business where I worked at the time.
What inspired you to pursue a career in information technology (IT), and how did your journey lead you to Gordon Smith’s portfolio?
My journey into IT began at Metafile, about 25 years ago, and was driven by curiosity. I wanted to understand how things worked—how my workstation was able to connect to the internet, and how systems communicated with each other.
Initially, I worked in customer care for one of Metafile’s products, handling end-user application issues. I was fascinated by technology’s potential and asked senior leadership if I could explore IT part-time. Thankfully, the IT manager in our business was willing to mentor me, and he was a fantastic teacher.
When Metafile was acquired by Volaris Group’s Jay Hoffman in 2021, I was ready to shift into cybersecurity, having recently earned the degrees and certifications I felt I needed. So when Volaris Group Leader Jay Hoffman recommended me for a newly created portfolio-level IT Director role with an emphasis on cybersecurity, I jumped at the opportunity.
Could you share a pivotal moment in your career that significantly shaped your approach to IT leadership?
Early on, I realized that people were often hesitant to ask for IT help, fearing their questions would be seen as unintelligent or that IT staff would be unapproachable. I made it a priority to be approachable and to encourage questions, even if people couldn’t articulate them in technical terms. I found that simply starting conversations with a smile could make all the difference. This approach has shaped my IT leadership style, and emphasizes both technical problem-solving and interpersonal connections.
My experience at Metafile (a Volaris-owned business) was crucial. There, I had the opportunity to understand all aspects of a software business and work with multiple product lines, each with their own unique technologies and customer bases. I managed customer care, accounting, and IT teams, and oversaw collocated, managed services-based, and on-premises data centers. Those experiences gave me a broad foundation for understanding and identifying the IT and cybersecurity risks of distinct Volaris businesses. But doing the actual work could be the most valuable experience of all.
What skills or experiences have been most valuable in progressing to your current role as a Portfolio Director?
The key factors for me have been having a clear vision for my career and being willing to put in the work to achieve it. Also, adapting as the industry evolves, being comfortable with both technology and people, recognizing that there’s always something new to learn, and asking myself how I can make a positive impact has been invaluable in my career and life.
Can you walk us through a typical day in your role as an IT Portfolio Director?
My day typically starts with reviewing new emails, Teams messages, and my meeting schedule. I prioritize according to what needs immediate attention, what can wait until later in the day, a couple of days, a week, or the following week. If there are no urgent issues, I rotate through a variety of tactical, operational, and strategic tasks like administering technical tools, project planning, researching security topics, conducting security assessments on Volaris businesses, working on long-term portfolio IT and data security strategy, and performing acquisition due diligence.
The most exciting part is making a positive impact on people—whether that’s expanding their knowledge of IT and data security or helping them reduce security risks within their businesses. The sector evolves so quickly, and I love the challenge of making a difference amid that evolution.
What are some key metrics or indicators you use to measure the security of Volaris businesses in your portfolio?
We conduct quarterly assessments of every Volaris business’s procedure and technical control maturity, like whether they have disaster recovery plans and how successful they are at reducing vulnerabilities, and this helps us understand the state of data security in our portfolio.
Resourcefulness, relationship building skills, humility, analytical skills, level headedness, resilience, resolve, the desire to learn new things, and high-level business acumen are the top skills that are essential.
What skills do you believe are crucial for someone in your current role?
A crucial skill is problem-solving. This role requires both the desire and the capability to tackle complex challenges, especially since the challenges can vary significantly in nature and often require quick, yet effective solutions.
My role is largely strategic. For the most part, the businesses within our portfolio handle their own tactical implementations, while my focus is on identifying cybersecurity and IT risks and developing strategies to mitigate those risks in a way that aligns with both Volaris Group’s vision and the goals and capabilities of each business.
Being able to think strategically about how to reduce risks while meeting the businesses’ goals is vital. It’s about planning not just for today but also looking ahead—how do we build a portfolio IT and data security strategy that’s scalable for the next year, the next five years, and beyond?
My team is small, so we have working sessions to collaborate on specific projects. These sessions are great for brainstorming, understanding each other’s expertise and work styles, and trying new approaches. I encourage my team to challenge my ideas, and I embrace the fact that I don’t have all the answers. It’s important to me to create a culture where everyone feels heard and everyone’s experience and expertise is valued.
How do you ensure that projects within your portfolio align with broader business goals and strategic priorities?
I try to balance the goals of the businesses, the portfolio, and Volaris. This often involves managing the trade-offs between reducing risks and managing operating expenses or budgetary expectations.
Could you highlight a recent project or initiative you are particularly proud of?
One recent project I’m proud of is the implementation of a ticketing system to streamline how the portfolio IT team receives and tracks requests. The ticketing system will be key to capturing data about Volaris businesses’ IT and data security needs, identifying knowledge and communication gaps, and discovering trends related to assistance requests. We’re also working on launching an intranet site for better collaboration, scheduled for Q1 2025.
How do you manage the balance between maintaining legacy systems and implementing innovative technologies?
At the portfolio level, my role is mostly advisory versus hands-on. However, I recommend conducting cost-benefit analyses to determine whether maintaining legacy systems or upgrading to new technologies is more beneficial to a business. Limiting factors like maintenance costs, security risks, scalability challenges, and compliance requirements should be weighed against efficiency, improved customer experience, reduced overall costs, and competitive advantages.
My approach to complex technology decisions begins with understanding how a decision impacts a business’s strategic goals. Once I have that clarity, I assess the risks associated with each option. I don’t hesitate to run decisions by colleagues to get their perspectives—sometimes a fresh set of eyes can reveal insights I hadn’t considered.
What are some of the biggest trends or changes you’re seeing in the IT and/or cybersecurity field that impact how you manage your portfolio?
Right now, in my opinion, the biggest trend is the growing maturity of generative AI. It’s transforming how we think about automation, productivity, and capabilities. It requires a shift in mindset—getting into the habit of consistently considering where AI can add value and getting over fears related to augmenting human productivity with AI.
At the same time, generative AI has the ability to dramatically improve the quality and effectiveness of cyberattacks. For example, social engineering attacks are becoming much harder to detect and protect against.
On a different front, as we see more movement from on-premises and colocation infrastructure environments to managed services and cloud computing-based environments, the way we secure our environments has to change. We need new tools and strategies for cloud security, which is an area I’m particularly interested in focusing on.
Finally, what excites you most about your current role?
What excites me most is the opportunity to make a meaningful impact across multiple businesses. Instead of focusing on a single organization, I get to influence cybersecurity and IT strategies across an entire portfolio, which is both challenging and incredibly rewarding. The privilege of doing that, while constantly learning, is exactly what I was looking for when I joined Volaris.