It may seem as if everyone has a hot take on cybersecurity these days. With each new compromise, industry outsiders pay more attention to the world of information security. But not all the details and nuance make it through to them. Sometimes, all they’re left with are disconnected pieces of information that don’t help them that much.
That’s why, through the DefCamp #11 interview series, we tried to fill in some of these gaps, collecting personal insights and perspectives from a diverse group of specialists. To wrap up this series, we’re turning our attention to the “firestarter” in our team: Andrei Avadanei, DefCamp Founder and CEO at BIT SENTINEL.
Infosec hot topic #1: using AI to scale impact
With hot topics in large supply, we asked Andrei to tap into his 10+ years of hands-on experience to pinpoint the topics that should receive more attention than they currently get.
His two-fold answer touch on both opportunities and pain points the industry is experiencing:
“I believe that the use of new technologies is great for cybersecurity.
I am a strong supporter of everything related to emerging tech and innovations. I think companies don’t exploit the power of AI and machine learning enough when talking about cybersecurity.
Personally, I’m a huge fan! We use it in the products we build as it brings value and it helps us scale quicker. “
Take it from an experienced infosec specialist that AI and machine learning are not just hype words when it comes to cybersecurity. They can have a huge, global impact when combined with existing expertise and collaboration!
“Leveraging machine learning and AI brings another level of complexity and should be adopted by organizations to reduce the attack risks.
Moreover, I feel that, slowly but surely, cross-nation collaboration is developing more and more to address global cyber threats.”
But adopting new tech doesn’t just happen. Someone needs to work behind the scenes to integrate it, adjust it, and train people to use it, which leads us to the next hot topic.
Infosec hot topic #2: we need more defenders
Making time to use new tech and introduce it into the systems and processes that keep organizations running, you need qualified team members. The second issue Andrei highlights as an essential concern for everyone in infosec and beyond is a crucial one:
“When talking about the infosec community, I would like to see more collaboration. I genuinely believe in the power of “a team” and also in giving back to the community.
We are actively involved in community projects meant to empower individuals to learn cybersecurity according to industry standards and needs, which is why we’ve created CyberEDU.ro. We take every opportunity to empower women to choose a career in infosec and we also encourage reskilling at a global level.
The worldwide shortage of cybersecurity experts only deepens every year and I believe is extremely important to help bridge this gap.”
In fact, this is one of the challenges Andrei and his team are actively tackling! He experiences this issue first-hand when looking to do more, faster and have a bigger impact on the overall security level of organizations that cascades to their customers, community, and society at large.
“Our biggest challenge refers to the shortage of cybersecurity specialists and I believe this is a global problem that only deepens every year. The lack of hands-on training is a real issue and we take every opportunity to transform all our challenges into opportunities.
Moreover, I believe there isn’t enough security awareness for individuals and companies to understand these new threats and vulnerabilities that appear every day.
Ransomware and phishing attacks are gaining more ground and I think companies should focus their resources on training people on how to spot these attacks to prevent them.”
3 qualities strong ethical hackers cultivate
So what do you need to know if you’re ready to answer the call for more infosec specialists?
Here’s what Andrei highlights as key qualities to cultivate throughout your career. They work together to create a virtuous cycle of improvement that lifts you across the board while also helping others.
“Always expect the unexpected! I think it is one of the first things you learn as a cybersecurity specialist.
Don’t take no for an answer! I always say that to people who want to start a cybersecurity career or play in one of our CTF’s – try harder! I believe in the power of perseverance and, for an ethical hacker, it is a crucial aspect of the cybersecurity mindset.
Always be a team player! I am not sure if this is a cultural aspect or not, but I tend to see lone wolves in the cybersecurity field and it’s not the proper attitude. For outstanding results, for learning and developing, make sure you are ready to be a team player. Get involved, always give back and exchange knowledge. It helps more than you realize and it makes you part of the community not only by name but also by heart. Hundreds of experts worldwide managed the largest cybersecurity breaches in history. Just to give a few recent examples:
a. We still learn about the ramification of the Solarwinds breach, and the updates are released by unrelated organizations around the globe who work to understand better what happened
b. A collaboration between more than a dozen law enforcement and judicial authorities world-wide helped to disrupt the EMOTET ransomware network this year.”
It’s time for clear-headed decisions you can’t postpone
Infosec specialists rarely have days where it’s business as usual. Seasoned experts know that every day comes with new challenges, so they keep learning and continue to sharpen their skills with every experience.
However, the time has come for other, non-infosec decision-makers to take a similar approach when it comes to security. The stakes are ever-increasing and clear-headed decisions are essential to keep customers and citizens safe from harm.
Andrei draws attention to the need to pause and reflect on how business owners plan to move forward with their companies when cyber threats loom at each step:
“The world is changing. We should learn a lot from each incident, including the pandemic. We should understand that nothing is bulletproof. Organizations should focus on having a minimum security level for their infrastructure, mainly because the extended perimeter – with the new full time work from home – leaves open doors for attackers.
On the other hand, I believe it’s good timing for companies to take a step back from all the development and focus on strengthening their defenses as hackers will continue to launch more and more sophisticated attacks. From our experience, we already see a shift of approach and this will only reach more victims from companies all over the world.
We are active doers and work every day as defenders, which is why I strongly advise all business owners to be realistic and ensure a minimum security level for their lifelong work. Prevention is much cheaper than responding and recovering from a security breach so always keep that in mind when thinking on postponing the budget allocation on this area.”
Eager to explore more practical perspectives on infosec in 2021 and beyond? Check out the DefCamp #11 interview series with experts in security, privacy, legislation, geopolitical implications, and educational initiatives. They’ve generously shared with us their unique experience and insights!
3 key takeaways to build on:
- you can be a defender no matter your background or expertise because the cybersecurity industry needs people will diverse skills and mindsets to scale impact and counteract cybercriminals’ tactics
- to make a meaningful contribution to your career, community, and society at large, cultivate perseverance, be a team player, and always expect the unexpected
- business owners are wise to invest in cybersecurity as a measure to ensure business continuity and avoid costly breaches and cyberattacks with long-term effects.