CISO Interview Series: Branko Džakula

We are delighted to present an exclusive interview with Branko Džakula. As the CISO of Kaia Health, a leading digital therapeutics company that develops AI-powered and evidence-based treatments, Branko leads a team that protects the company from technology breaches across the company and also supports the company in developing and maintaining a comprehensive Information Security Management System. Branko shares his unique story and also discusses the cyber security workforce shortage. So, continue to read to know more.

CISO Interview Series #3: Branko Dzakula

1. We would like to get some background information about yourself. What’s your background?

Started my career in Telenor Montenegro, gaining deep insight into data transport and how to secure it. From 2g to 5g networks I watched the evolution of data transfer and the way security evolved with it. Years later my career took a flight to a Serbian national airline, Air Serbia, where I had an opportunity to build an information security management system (ISMS) from the ground up. Securing a large airline company does not come as an easy task, but team effort and group synergies served as the best and modern approach that I had the pleasure to be a part of. After that, I worked for a young software development company, DevTech as a move towards a progressive market and the proof of relentless efforts to stay at the top of the game by working on the latest tech and implementing modern security best practices. Next, my career took me to Germany where I was in charge of a security team in the OTA industry, protecting the data of millions of travelers. My latest move brought me in the healthcare industry and for the first time, I gain a new sense of responsibility of protecting highly sensitive PHI data across two continents and setting up ISMS from a new perspective.

2. How did you come into cybersecurity as a profession?

I started my career in InfoSec during my employment at Telenor Montenegro as an IT Helpdesk Engineer and by chance, I worked closely with an Information Security Manager at the time on a few projects. He convinced me from day one on how InfoSec is an interesting and very necessary career path that I should consider. I was blindly on-board and in a very short period of time, I changed my role to an Information Security Engineer. Since then I developed a great passion for the job and try to be a mentor to as many potential InfoSec professionals as I can manage, as my first manager was to me. Thanks, Slavisa!

3. What is anything you wish you knew when you first went into this career?

I feel like I realized how underrated security was too late in the game, I might have been able to be more active online influencing young potentials on taking up this career path as well as educating the general public and business leaders on the importance of practicing good security both privately and in a business environment.

4. Could you explain your role as CISO at Kaia Health, and what you do at this company?

At Kaia Health, I support the company in developing, maintaining, and implementing a comprehensive Information Security Management System with the most up-to-date best practices tailored to the needs and culture of the company in Incident Management, GRC, Data Privacy, Physical Security, Education&Awareness, Secure SDLC and Secure Product development.

5. It’s the fact that the role of the CISO is highly dynamic. Given that, what is (are) the most critical success factor(s) that a CISO must show to succeed?

What kept me going as a CISO is having a cold head in hot situations, never compromising on security for operational efficiency – but making it work both ways by compensating, being an enabler – not a NO man, being the voice of reason and a strong communicator, never stopped learning.

6. What are some of the biggest challenges for a CISO such as yourself at a company like Kaia Health?

In my particular case, the challenge is bringing security and privacy posture to a corporate level in a startup environment. The key success factors are adaptation, education, and communication.

7. Do you have advice for someone looking to start a career in cybersecurity?

Don’t do it if you are not ready to go all in. 

8. How do you think we can attract more young people to this field?

Seasoned security professionals should dedicate a small portion of their free time to mentor your talents, share their knowledge and experience online and communicating openly about the pros and cons of the career path for every InfoSec sub-specialty and generally increase awareness of the existence of this career path amongst the right type of crowd, usually Computer Science and Information Technology majors.

9. Do you have concerns about the state of cyber security today? If so, what are those?

Yes, and major concerns and across the globe, when one major threat passes another is already in full swing. Awareness is low and is not keeping up with the highly increasing internet user base and new security practices that need to be communicated and the general public educated on. There is a huge gap between national programs that address these topics in different countries, from leaders in the West, struggling central EU, to the almost non-existent ones in the south or oppressed ones in the East, we have a long way to go to catch up to cyber criminals on a global scale, for now, we only have a chance on a local level, that is in private practice.

10. Is the cyber security workforce shortage a reality for you? How this can be solved?

I never felt this shortage personally, maybe I was lucky enough to find great talent in a reasonable time period after publishing a vacancy, however, I am well aware of the challenge on a global scale and I have received many calls from my business connections with a request of a good recommendation for a specific InfoSec role. As mentioned in one of the previous answers, attracting talent both young and otherwise, should be one focus area of an average InfoSec professional so that the community can collectively benefit from our joint efforts. If each of the current InfoSec professionals can bring at least one person to the field – imagine the impact!