Payam Kavousi is a Staff Software Engineer, Machine Learning, on Veeam Data Cloud’s Intelligence team. Since joining in March 2025, he has helped turn an ambitious idea into a production-bound ransomware detection service—designing the ML-driven architecture that distinguishes real attacks from normal backup behavior, so customers can be alerted with confidence and minimal false positives. 

What was your career path so far? 

I'm a Staff Software Engineer, Machine Learning (ML) at the Veeam Data Cloud Intelligence team at Veeam. I joined in March 2025 and have been focused on threat detection capabilities for VDC ever since. 

I originally came to the US from Iran in 2012 to pursue a PhD, then moved into industry ML roles, most recently as Lead ML Engineer at Logic20/20 building large-scale AI/ML systems for enterprise clients, including wildfire prediction models. 

Veeam has been a genuinely exciting place to work. The engineering quality is high, the problems are real, and the team is aligned. One way I like to describe it: people's vectors are all pointing in the same direction, and everyone is genuinely pulling toward the same goals. 

What were you excited about working on this project? 

Working on threat detection at the scale of Veeam: the breadth of the data plane, the real-world stakes, and the chance to apply ML where it genuinely matters. The intersection of machine learning and cybersecurity felt like exactly the kind of problem I wanted to be working on. 

What were you unsure about at the start? 

The technology stack was quite different from what I knew. My background was on AWS with Terraform and AWS CDK, while Veeam's threat detection platform runs on Azure with Pulumi. The Azure ecosystem (Event Hubs, ADLS Gen2, Cosmos DB, Container Apps) was new territory, and that was the bigger adjustment alongside stepping from general anomaly detection into the cybersecurity domain. 

When did this stop being an idea and become an urgent problem to solve? 

When I realized we could detect ransomware within the data that Veeam backs up for customers. Ransomware can be patient; some strains quietly infiltrate systems and encrypt data over days or weeks before the attack becomes visible, while others strike fast. Because Veeam continuously backs up customer data over time, that progression leaves a trail in the backup history. We can analyze backup data across time windows to catch signs of compromise that other detection layers may have missed. That realization made the problem feel both urgent and uniquely valuable. 

How does it feel to work on challenges that are so new to the industry? 

Grounding. It makes the engineering feel purposeful rather than purely technical. There is a clarity that comes from knowing the work connects directly to customers facing these threats right now. 

What is one decision or piece of work you personally drove that changed the outcome in a meaningful way? 

Architecting the ransomware detection service. The challenge was designing a system that could reliably distinguish genuine ransomware activity from normal backup behavior, with high enough confidence to alert customers without flooding them with false positives. That required thinking carefully about how different signals work together and how the system learns what normal looks like before it starts flagging anomalies. Getting that balance right, and seeing it move toward production, was deeply satisfying. 

What gave you autonomy? 

Trust and clear goals. My manager and tech lead gave me real ownership of the ML architecture without micromanaging the approach. Knowing what we were optimizing for, detection accuracy and production readiness, gave me enough direction to move confidently without needing sign-off on every decision. 

How did you collaborate with your team on this project? 

Ransomware detection takes a village. The ML model is one piece, and shipping it meant collaborating broadly: working with teammates who had API expertise to build the threat posting mechanism, implementing the AI consent check to ensure only opted-in customers are processed, aligning with the infrastructure team on secure global data handling, the UI team on surfacing detections, and the backup engine team on data contracts. 

A moment that stood out: a product manager shared firsthand how much customers were asking for threat detection. That perspective, which does not come from within the technical team, changed how I thought about prioritization on the ML side. 

What did it feel like to work on such new technology? 

Challenging and rewarding. When you're working on something genuinely new, the answer isn't always in a blog post. You have to reason from first principles, experiment, and rely on the people around you. 

What did you have to learn fast? 

Azure. It replaced the cloud platform I knew well, and I had to rebuild that fluency quickly while simultaneously ramping up on the threat detection domain. Veeam provided both internal and external resources that helped me ramp up quickly. Beyond that, a mix of self-directed learning, hands-on experimentation, and close collaboration with my tech lead and teammates made a real difference. 

How did this project change you as an engineer? 

I had end-to-end experience before joining Veeam, but not at this scale. Shipping a product that runs across multiple regions worldwide is a different challenge entirely. It pushed me to think more carefully about reliability, data residency, and infrastructure in ways I had not encountered before. 

This project also rounded me out as a software engineer more broadly. I worked across the full stack, from ML modeling and cloud infrastructure to API design, streaming pipelines, and observability, and got much more comfortable operating at the intersection of all of them rather than staying in any one lane. I also grew in communicating technical work to non-technical audiences; writing the ransomware detection white paper pushed that skill significantly. And I became more comfortable moving fast with less certainty, which is something you can only develop by living it. 

The thing I will carry into every future project: thinking about the customer impact of every technical decision. 

What unique opportunities does Veeam give strong engineers? 

You will get to build systems that protect real customers at enterprise scale, not toy problems. You will work across the full stack: cloud infrastructure, streaming pipelines, APIs, and intelligent detection, owning meaningful pieces end to end. You will ship products used across multiple regions worldwide.  

What makes the work meaningful to you? 

Ransomware costs enterprises billions of dollars. The damage is real, and detecting it earlier has direct, measurable consequences. I can draw a line between the code I write and a customer being protected, and that makes the engineering feel purposeful in a way that is hard to replicate. 

Cross-team collaboration often goes unacknowledged in engineering organizations. We have a recurring monthly feedback session that extends beyond our immediate team to recognize everyone who helped us ship, facilitated through an internal recognition-dedicated platform. Having a structured space for that sends a signal that the work people do to support each other matters. 

What do you like to do in your free time?  

My daughter keeps me and my wife well occupied, and playing with her is one of the great joys of my life. Colorado has been an incredible place to live; I love hiking, fly fishing, and hunting out here. And when I get competitive, you will find me at a backgammon board. 

Ready to make a difference and work on projects that really matter? Join us and apply here - our impact starts now!