DefCamp #11: Dan Cîmpean on infosec beyond tech and why we need stronger cooperation on every level

Behind every infosec win there’s a huge amount of effort. We know this because most of our work happens behind the scenes too, where all kinds of specialists pool their know-how and skills to make cybersecurity more approachable, more effective, and more attractive for people who can contribute. 

It was exciting to find out that our home city and country (Bucharest, Romania) will host the new European Cybersecurity Competence Centre! At the same time, we know this step forward paves the way for even harder work. But hard work seems easier and it’s definitely more enjoyable – and effective – when done with a great team.

That’s why we’re bringing 11 infosec pros into your “team”, so you can learn from them and advance your own path, whatever it may look like.

With a keen eye on the big picture and a strong connection to the reality of infosec practice, Dan Cîmpean, General Director at Romanian National Computer Security Incident Response Team (CERT-RO), is exactly the kind of expert you want to learn from.

The right people make everything easier

It seems obvious, doesn’t it?

The right combination of talent, diverse experiences, and mindsets aligned around shared principles is an ideal way to work, but that doesn’t happen by chance.

To assemble this team, you need to first cultivate it. And, as Dan emphasized, talent is not easy to find in this industry.

“Talent is the hottest topic and the biggest challenge at this moment for the community. The past months and years have shown us that we are critically dependent on talented experts, teams and colleagues.

For a community that is used to thinking in terms of “assets” that must be identified, well known and adequately protected, sometimes we tend to forget that people are, ultimately, the most valuable asset in any organization.

We tend to focus too much on the mission statements, strategy, business objectives, KPIs, regulatory requirements, etc., and tend to forget that achieving these are possible only if we employ the right profiles, with the right skills and the right mindset.

While infosec challenges evolve quite fast and exponentially increase in number and complexity, the pool of talent available to address these is rather limited. Organisations that succeed to attract and retain infosec talent will stay or become the most successful, secure and resilient.”

And when organizations have managed to hire and onboard these specialists, one of the best ways to support them is to encourage them to get involved in the community. That’s because…

Resilience is built through strong ongoing cooperation

As the General Director of the Romanian National Computer Security Incident Response Team (CERT-RO), Dan Cîmpean knows the struggles of facilitating cooperation among entities large and small.

The challenge he is actively tackling is exactly this: to get the right people and organizations to work with each other and increase the level of cyber resilience for everyone.

“It is a fact that cyber-attacks against the European Union’s Member States (some of which are state-sponsored operations) are increasing in frequency, complexity, and magnitude. This obviously undermines the stability of national infrastructures, of the economy and society.

We need adequate nation-wide and EU-wide capabilities to Identify, Protect, Detect, Respond, and Recover – from or against – cyber-attacks. We need more resources, involvement and stronger cooperation with the EU, between the national governmental bodies, with the cyber-attack impacted operators of essential services, academia, and with the private sector, in general.

Personally, I believe that at this moment, both the European Union and Romania have certain capability-expectation gaps with regards to cybersecurity. At this stage, in Romania, the biggest cybersecurity challenge I am actively tackling is filling this gap.

We need to act now and build better cybersecurity capabilities, fit for this decade. We need a better, more agile and capable national-level civilian actor that is able to sustain a high level of national and international cooperation, and to convey the proper message in this respect.

The new Romanian National Cyber Security Directorate, to be created by decision of the Government, is the key actor that will fill the existing institutional gap and which will be that international-class institution that shall firmly position Romania as a recognized leader in cybersecurity.”

What can enhance cooperation and the unique human abilities as they manifest in cybersecurity is the advancements in tech. Also spearheaded by human specialists, these constant improvements and innovations now enable a bigger impact, inching closer to the level we need it,

“In my humble opinion, the use of Artificial Intelligence (AI), in either cyber defence or for offensive purposes is a worthy advancement.

Let’s not forget that the global cost of a typical (major) incident or data breach is usually in the range of millions of euro, with regulatory fines not included. Meanwhile, organisations typically need 100+ days on average to recover from any such incident. For this reason, the use of the AI can definitely help avoid waste of time and financial loss.

AI, machine learning, and threat intelligence can recognize patterns in data, in logs, in IOCs to learn from past experience and improve, enabling traditional security systems or even AI-boosted systems security systems to be further enhanced. At the same time, AI is making it easier for cyber attackers to penetrate and compromise systems without human intervention or to learn from existing AI cybersecurity tools in order to develop more sophisticated and advanced attacks.

While adopting AI for cybersecurity, significant time and money resources and investments are definitely needed for experts, computing power, memory and data to build and maintain the required AI systems.”

Three ideas to guide your infosec career

Maybe working with AI in infosec is your thing. Maybe you’re otherwise inclined. However you choose to shape your growth path, here are three key lessons from Dan to guide your decisions.

“First, I learned that no infosec or cyber professional can stay at the top of her/his game for longer without learning hard, pretty much like during the college time before exams, and without getting “hands-on” into the very details of the matter.

Second, networking and information sharing is key if one wants to be able to decide and act upon in a highly effective and efficient manner. Here there is always a trade-off to be made between rules and confidentiality requirements of one’s own organisation and the trust and give and take approach developed in a cybersecurity ecosystem of business partners.

Third, the infosec and cyber profession is no longer a technical one only. Soft skills, communication, management, and business development skills may be the tough ones to learn, practice master for a young professional starting in this domain. Best is to find a mentor who is willing to share with you from their own mistakes and successes.”

Prioritizing when everything seems urgent

Finding the right focus and executing on it is, perhaps, one of the biggest challenges that even the most brilliant minds face. When infosec specialists have constantly put out fires everywhere, it’s difficult to agree where to dedicate the most time and resources.

This is just one of the challenges that lie ahead as we look into 2021, which Dan articulates so that you can enrich and broaden your perspective.

“Definitely, after a hectic and brutal 2020, business owners and management teams will enter 2021 with a different mindset. Overall, awareness about the existing cybersecurity risk level has increased significantly in the past months, especially due to the challenges and issues triggered by the accelerated digitalization during the pandemic.

While everyone is more aware of the involved risks, I believe there is a certain disagreement on the most important cyber threats to tackle and to focus on in 2021 (it is the same dilemma we all had as we headed into 2020), even though everyone agrees that cybersecurity is more important than ever.

Meanwhile, I also see that many organisations and decision-makers struggle to define a proper 2021 strategy and organisation-wide approach that can withstand both fast technology changes and severe disruptions.

What it is acknowledged is that the major changes we observed in 2020 in society, in the global business, and workforce will have immediate and long-lasting impacts on cybersecurity as well.”

When the world shifts, so does cybersecurity. Inextricably linked, the ripple effects of societal transformation overflow into this field aimed to keep our world safe, so that we may all move forward with a greater sense of optimism and peace.

It’s up to each and every one of us to cultivate it. I hope you’ll join defenders like Dan and our other awesome guests!

3 key takeaways to build on:

  1. tech is great, but it’s people’s skill, insight, and unique creative approach that make the difference in infosec
  2. to sustain a high level of national and international cooperation it takes a lot of work and harnessing the power of communication and community involvement
  3. soft skills (e.g. communication, management, and business development) are essential to anyone in cybersecurity as mastering technology is just part of the challenge.

    Related articles​

    Securing the cloud: insights on threats, ..

    BY Adina Harabagiu
    There is no mystery that everything nowadays has a digital component. A growing number of companies are ..

    Striking a balance between security updates, ..

    BY Adina Harabagiu
    The world of cybersecurity is fast paced, there’s no denying it. Innovation is constant and threats are ..

    Pentesting: a tool for empowering – not ..

    BY Adina Harabagiu
    You’ve likely caught wind of this rising tide – offensive security, pentesting, and #RedTeams are not ..