Designation: Senior Strategic Security Consultant
Q) What first prompted you to select a career in cyber security?
My first job opportunity as an Internal Information Systems’ Security Auditor, was what first fired up my interest in cyber security. I still remember the days, when unauthorized remote logging on servers, as an administrator with full access rights, was only few clicks away.
Q) When we talk cyber security, we often focus on the newest technologies and attack vectors but rarely discuss consultancy. Why do you think this aspect of security is so important to businesses?
It’s all about the financial aspects of the topic!
Yes, most clients focus on the latest technologies and they make their choice based on the latest fashion trends, regardless of whether those new technical solutions will fit the specifics of the industry, their existing IT environment, and their business needs.
Consultants’ key role therefore is to provide advisory in the design of the short and long-term strategy for cyber security, considering the latest threats, risk appetite, industrial trends, organizational business objectives and of course budget and resources. Having a strategy helps organizations to optimize their budget for protection and incident handling (or recovery from cyberattacks) and invest in new business opportunities instead.
Q) Could you list the top security certifications you believe any organization should achieve?
It depends of the industry, geographical locations and local regulations, in which the organization is operating, and the information which is managed. If the organization is operating with sensitive credit cards’ information, for example, and have the plan to enhance their business operation, it is inevitable to achieve the PCI-DSS compliance and certification. Another good certification is ISO/IEC 27001:2013. It is very applicable in any organization, together with the relevant, specific guidelines for implementation.
Q) In terms of achieving compliance, what does the ideal organization look like to you?
It looks like a unicorn! Everyone has heard about it, but so far no one has seen it.
The organizations, which have the understanding of cyber security not as an extra cost, but as an investment for business enablement, are one step ahead in achieving compliance.
Q) What are five cyber security websites you believe every security professional should read regularly?
https://www.nist.gov
https://www.sans.org
https://www.isaca.org
https://www.enisa.europa.eu
https://www.cisecurity.org