Security Expert Interview Series: Sebastian Szczepaniak

In this interview, Sebastian Szczepaniak who is a Chief Information Security Officer talks about his professional background and areas of interest. Sebastian has over 10 years of experience in the information security field. To learn more about his thoughts around the trends he foresees happening in the information security landscape during the rest of 2021, continue reading.

interview with chief information security officer sebastian szczepaniak

1. Firstly, thank you for taking part in this campaign. Can you tell us about your professional background and areas of interest, Sebastian?

I got first exposed to IT during my school curriculum over 15 years ago, where I began dabbling in programming, networking, and server administration, and I am working now over 10 years in this field, most of which I have spent in the consulting industry. During this period, I was able to develop my skills from 1st and 2nd level support up to risk analyzes and active development planning and implementation of the security and IT landscape on (C)ISO and (C)IO level. Many shifts have taken place during my career, which has gone hand in hand with the new developments in the IT industry as well as in the consulting industry.

These pivotal points have allowed me to broaden my interests and live out new ones. This is one of the many things I like about this field, change is a permanent constant. The current highlights of my interests are penetration testing, ethical hacking, data and information security, process and security protocol planning as well as data protection.

2. As we noticed, you are a Chief Information Security Officer based in Austria. Could you please share with us what are the challenges that excite you in that position?

There are many challenges that interest me cybersecurity-wise, but the problem of human errors and their prevention is the most exciting aspect for me. The analysis, planning, and implementation of guidelines and process flow as well as setting up awareness training to get to the root of the threat to eradicate it before it even could sprout, is a captivating and fun process for me.

3. Please, describe a way that you help your company understand the value of information security.

Due to our consulting activities and the customer information processed during our workflows, a discussion about information and data security is inevitable. I try to make this clear in meetings by explicitly addressing and highlighting the process weaknesses and reflecting them in worst-case scenarios. It is extremely important not to keep this too technical, but to encourage business management economically.

Numbers often speak more than a thousand words. This helps me to establish a “prepare for the worst-case” mentality, which can flexibly adapt to the changing demands in our information-driven environment. It may sound banal here, but these clarifications and scenario simulations have established themselves as the most valuable explanatory tool for me to deliver the understanding and critical thinking needed in management.

4. What trends do you foresee happening in the information security landscape during the rest of 2021?

Due to the spikes in the number of attacks in the COVID-19 pandemic, I expect a further increase in spear-phishing, social engineering, and a surge in newfound zero-day-exploits as well as concentrated attacks of different individual groups on critical service providers, that will continue into the rest of 2021. This can mostly be absorbed through awareness training, as well as through the re-evaluation and consolidation of the IT landscape and its processes, which have changed significantly due to the pandemic circumstances.

5. What are your main go-to sources of information when you are stuck?

That depends very much on my current project, but I often achieved good results when I was stuck, by interactive information exchange with peers and colleagues on events, personal mail correspondence, or in groups on platforms like LinkedIn. There are plenty more resources, like Github, StackOverflow, Mitre Attack, etc. which also can help you if you are stuck. Like I already mentioned, for me, it all depends, on what you are dealing with in your current situation.

6. Obviously, you are a busy person but how do you manage your work-life balance?

Since problem solving is my passion, it is not always easy for me to take a step back, because I like to sink my teeth into challenges and analyze them to find a solution. In these cases, my partner often helps me by telling me that it is time to postpone the problem until tomorrow. It is important to zoom out occasionally and get a breather. Since she is often right in these situations, I tend to follow her advice and collect my thoughts through sports or meditation when my schedule allows it. Those help me best to clear my head and recharge my batteries.

7. How do you stay up to date with industry news and updates regarding data protection and privacy?

I am an advocate of face-to-face events because they simplify and strengthen social networking and the exchange of information, such as the OWASP Chapter Meetings, ScaleUp360, etc. Other sources that provide me with new ideas, support me, or keep me up to date with new information are among others, CSO Online, Mitre Attack, Exploit-DB, DarknetReading, The Hacker News, Info Security Magazine, Reuters Cybersecurity, Forbes Cybersecurity, Wired Cybersecurity, CISO MAG, PortSwigger, EC Council Blog, (ISC)2 Blog or the news of the OWASP Foundation.

Getting a broad overview of the up-to-date news often helps me in order to dynamically reevaluate the ongoing changes to the company’s internal processes.

8. Our last question: where do you go for inspiration or resources that you use in your own personal development?

I always loved to challenge myself and lately, I have been heavily into the interactive training platforms that are becoming more and more established and serious game changers in cybersecurity, such as, TryHackMe, HackTheBox and Secureflag, which provide an astonishing hands-on learning experience while being addictive trough their gamified aspects, those really inspired me to pick up some topics where I felt I should improve and refresh my skills.

I hope to see a spike in new talents joining the field, with the attention those learning platforms get, as we all know our industry can need helping hands. Last but most influential on my development is my family and my partner who provide me with support and inspiration to challenge and develop myself further every single day and play along with my constant learning frenzies.

Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.