Blog
IN THE HOT SEAT: A CHAT WITH TALAL WAZANI
In this employee profile session, we sat down with Talal Wazani, our Manager, Strategic Security Consulting to learn about what motivated him into a career in cyber security, how he keeps his skills sharp and what drives him.
What drove you to pursue a career in cyber security?
TW: I’ve always been interested in technology; from being a script kiddie using basic social engineering techniques to convince fellow online chatters on mIRC to accept files with backdoors that enabled me to mess around with their machines to taking apart my computer to check out its internal organs. Fast forward a few years, I ended up majoring in computer science, graduating from university and landing my first job as an information security analyst.
What does a typical day at work look like for a Strategic Security expert?
TW: A typical half-day involves assisting clients understand the implications of not adhering to a standard or implementing security controls; this is realized through the identification of risks that are applicable to the organization and can cause significant reputational and financial damage. It all translates into financial impact at the end of the day.
The other half of the day is all about advising clients on prioritizing their cyber security efforts based on their risk exposure and business needs.
Policies, processes, procedures- they’re unique to every organization. But are there any common strategies that every business should follow when defining these?
TW: Organizations need to ensure that their policies are usable and applicable to the identified information security risks; they should be realistic, clearly written, straight to the point and enforceable. An information security policy should enable the business and not hinder it; this can only be achieved by understanding the business processes and establishing policies around them thus ensuring enhanced confidence to stakeholders. Last but not the least, policies need to be endorsed by the management who should lead by example.
Similarly, information security processes and procedures need to be an integral part of the business processes in order for them to achieve the intended outcome without being a bottleneck.
How do you keep your skillset up to date, especially with standards constantly being revised and new ones coming in to play?
TW: At Help AG, we put emphasis on resource development and continual enhancement to our consulting processes; the key is to ensure a balance between billable work and research and enhancement. Participation in technical and management seminars, reading the latest security news and staying up to date with the latest cyber security threats are some of the ways to stay sharp and add value to our clients.
GDPR- is this just hype or do you actually see Middle East organizations struggling to understand its implications? How do you see this playing out in the coming months?
TW: We have seen law suits being filed on the first day of GDPR being enforced and this is just the beginning. Middle east organizations need to work ahead of the tide to ensure they are doing what it takes to protect their customers’ data thus ensuring a competitive edge regardless of the applicability to GDPR on them or not.
Regionally, Data Privacy will be here sooner than you think, so why wait? Organizations should start embracing Data Privacy as a business enabler that will boost customers’ confidence which in-turn will contribute to their commercial success.
What’s the most interesting aspect of your job?
TW: Evolving technologies bring about new risks that need to be tackled which make cyber consultants up on their toes to be able to protect organizations and mitigate those risks. Not to mention being exposed to multiple industry sectors and clients with different requirements eliminates dull moments.
What is your biggest achievement to date?
TW: I would say the biggest achievement has been making the transition from the client side, to advising clients on cyber security matters as part of the Help AG consulting practice, to managing a highly skilled and talented Cyber Security Consulting T.E.A.M. (Together Everyone Achieves More).
What is your personal mantra?
TW: I believe in two sayings: “Better Safe than Sorry!” And “If it’s too good to be true, it probably is!” This applies to cyber security in many ways – so think before you click as the attacker needs to be successful only once.
What are your picks for the 5 ‘must read’ cyber security websites?
TW: https://www.csoonline.com/
https://thehackernews.com/
https://www.darkreading.com/
https://www.nist.gov
https://www.infosecurity-magazine.com/news/
What drove you to pursue a career in cyber security?
TW: I’ve always been interested in technology; from being a script kiddie using basic social engineering techniques to convince fellow online chatters on mIRC to accept files with backdoors that enabled me to mess around with their machines to taking apart my computer to check out its internal organs. Fast forward a few years, I ended up majoring in computer science, graduating from university and landing my first job as an information security analyst.
What does a typical day at work look like for a Strategic Security expert?
TW: A typical half-day involves assisting clients understand the implications of not adhering to a standard or implementing security controls; this is realized through the identification of risks that are applicable to the organization and can cause significant reputational and financial damage. It all translates into financial impact at the end of the day.
The other half of the day is all about advising clients on prioritizing their cyber security efforts based on their risk exposure and business needs.
Policies, processes, procedures- they’re unique to every organization. But are there any common strategies that every business should follow when defining these?
TW: Organizations need to ensure that their policies are usable and applicable to the identified information security risks; they should be realistic, clearly written, straight to the point and enforceable. An information security policy should enable the business and not hinder it; this can only be achieved by understanding the business processes and establishing policies around them thus ensuring enhanced confidence to stakeholders. Last but not the least, policies need to be endorsed by the management who should lead by example.
Similarly, information security processes and procedures need to be an integral part of the business processes in order for them to achieve the intended outcome without being a bottleneck.
How do you keep your skillset up to date, especially with standards constantly being revised and new ones coming in to play?
TW: At Help AG, we put emphasis on resource development and continual enhancement to our consulting processes; the key is to ensure a balance between billable work and research and enhancement. Participation in technical and management seminars, reading the latest security news and staying up to date with the latest cyber security threats are some of the ways to stay sharp and add value to our clients.
GDPR- is this just hype or do you actually see Middle East organizations struggling to understand its implications? How do you see this playing out in the coming months?
TW: We have seen law suits being filed on the first day of GDPR being enforced and this is just the beginning. Middle east organizations need to work ahead of the tide to ensure they are doing what it takes to protect their customers’ data thus ensuring a competitive edge regardless of the applicability to GDPR on them or not.
Regionally, Data Privacy will be here sooner than you think, so why wait? Organizations should start embracing Data Privacy as a business enabler that will boost customers’ confidence which in-turn will contribute to their commercial success.
What’s the most interesting aspect of your job?
TW: Evolving technologies bring about new risks that need to be tackled which make cyber consultants up on their toes to be able to protect organizations and mitigate those risks. Not to mention being exposed to multiple industry sectors and clients with different requirements eliminates dull moments.
What is your biggest achievement to date?
TW: I would say the biggest achievement has been making the transition from the client side, to advising clients on cyber security matters as part of the Help AG consulting practice, to managing a highly skilled and talented Cyber Security Consulting T.E.A.M. (Together Everyone Achieves More).
What is your personal mantra?
TW: I believe in two sayings: “Better Safe than Sorry!” And “If it’s too good to be true, it probably is!” This applies to cyber security in many ways – so think before you click as the attacker needs to be successful only once.
What are your picks for the 5 ‘must read’ cyber security websites?
TW: https://www.csoonline.com/
https://thehackernews.com/
https://www.darkreading.com/
https://www.nist.gov
https://www.infosecurity-magazine.com/news/
