Philippe Vuilleumier is a Head of Group Security and Chief Security Officer at Swisscom in Switzerland. He has been working in the ICT industry for more than 30 years and today, he is serving as a trusted advisor and security executive in charge of protecting employees, data, and infrastructures. We are very glad to have had the opportunity to interview Philippe about his work as a chief security officer and other topics around cyber security. Enjoy the full interview below.

1. Welcome to our series “Security Expert Interviews”. Please could you introduce yourself and tell us a little bit about your background? 

I’ve worked at Swisscom for 16 years and assumed responsibility for security across the Group as Head of Group Security in September 2015. In this role, I work together with my team to ensure the security of employees, infrastructure and data. From 2008 to 2013, I was Head of Network and IT Operations at Swisscom Switzerland.

After that I was CEO of a Swisscom subsidiary for almost two years. Before I joined Swisscom, I worked in various management positions at Zurich Insurance Group, Equant and IBM. I continued my education while working, including studying for a master’s degree in Business Telecommunications at the Delft University of Technology in Holland. 

2. How has your educational background (Master of Business Telecommunication) prepared you for success in the industry? 

I think in two ways: on the one hand, I learned new things and was able to refresh my knowledge in areas such as business administration, strategy, leadership, and technology. On the other hand, the intensive exchange with fellow students from all over Europe was very enriching. They were all working in the telecom industry as well and I could learn a lot from their experience and knowledge. 

Though it seems more important to me that as a latecomer to the field of cybersecurity, I was able to bring a wide range of experience from different areas and so align my team well with the expectations of the internal partners.  

3. You hold the position of Chief Security Officer (CSO). As a CSO, what is the biggest security challenge you are trying to overcome? 

Swisscom is a large company which offers a wide variety of products on the ICT market. These products shouldn’t have any security issues and the associated infrastructure must be reliable and secure. This also includes ensuring that the data which is transported, stored and processed on our networks and IT systems are well-protected at all times.  

I see my biggest challenge in creating a security environment in which our employees are optimally supported in their work. At the same time, it is important to meet the increasing expectations of our customers to their utmost satisfaction and to comply with the requirements of the legislation.

4. What is the greatest transformation in the field of cybersecurity that you have seen in your career? 

The quantitative and qualitative increase in attacks and the risks that come with them certainly stand out for me. Our infrastructures are attacked about 45 million times every month. This is up more than 80% in two years. As well as this, there are increasingly professional and sometimes very targeted phishing attempts on a wide variety of channels. We can speak of an actual “attack industry”.  

5. How can small and medium-sized businesses implement technical infrastructure that will ensure optimal governance of their client data? 

This presents a huge challenge to SMEs in particular; it’s easy to feel lost and at the mercy of other people. This is why I recommend getting professional help from the start and beginning with a proper situation analysis. A security assessment such as the one offered by Swisscom provides information at the beginning of the process about how well a company is protected against cyber risks and which weak points need to be eliminated immediately. 

6. What’s your prediction for the cybersecurity landscape in Switzerland for the rest of 2021? 

In addition to the usual topics, such as defending against attacks of all kinds, the ongoing process of increasing awareness within the organisation, the journey to the cloud, and the further development of security maturity in the company, we will also increasingly have to deal with the “new normal” at work. Employees will be working from home more often, and buildings and infrastructures will have to be adapted to new forms of work accordingly. This starts with issues such as physical access security and extends to the implementation of new collaborative IT systems. We will be looking at this in greater depth in the future.

7. What are your two go-to sources of information when you are stuck? 

First, I look for support in my organisation. I have the massive privilege of working with some great specialists. Together we have a lot of specialist knowledge. But if I want to get advice from outside Swisscom, I turn to my small but excellent network of peers at home and abroad. There I can talk about the latest issues very candidly in a confidential setting. If necessary, I use the services of selected consultancy firms. They give me a quick overview of the market, for example, or insights into trends or cost comparisons.   

8. What is the most important piece of career advice you would like to give to people who are just getting out of university and who are interested in a career in cybersecurity? 

Cybersecurity is an incredibly exciting field to work in, where you can make an active contribution and realise your potential. We are looking for a wide range of specialists and managers at the interface between people and technology. There are a lot of opportunities to do good and grow as a person – something which is extremely exciting and motivating at the same time. 

This is why I recommend anybody who’s interested to just get involved and gain some initial experience in the field. Even if you move on after a few years, I am convinced that the security knowledge you gain from it will be extremely valuable – not only for yourself but also for future employers.  

The security industry is very varied and offers a wide range of exciting opportunities for employees from all sorts of backgrounds. That’s why my advice is explicitly aimed at more than just fresh graduates. 

---

Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.