We are thrilled to present the next episode of our Security Expert Interview Series where we had the opportunity to speak with Christophe Auberger. Christophe is a CTO and CISO Advisor with over 20 years of experience in network technology and security. His specialities include cyber security, cyber defence strategy, and crisis management. Continue reading the full interview below, we promise that it will be insightful.

1. Firstly, thank you for taking part in this campaign. Can you tell us about your professional background and areas of interest, Christophe?

I think I am an innovation and results-driven leader and technical specialist in cybersecurity, computer, and network technology. My diverse backgrounds allow me a transverse and global vision of technology and I think it is an advantage in terms of cybersecurity vision and approach.

While having an in-depth understanding of essential cybersecurity needs, and the cyber defence strategies to adopt, I try to maintain an innovative and disruptive approach providing confidence and protection for new uses. My past experiences in the French Navy and in sensitive environments make me very aware of maritime cybersecurity and operational technologies. I am passionate about what I do and I like to share my ideas and impressions with as many people as possible.

2. As we noticed, you are a CISO Advisor based in France. Could you please tell us what are the challenges that excite you in that position?

My role is to be in contact with the CISOs of large companies and large groups but also with smaller structures. What is very interesting is that this communication is intended to be two-way. I give information and advice to the CISO, I tell them what the main trends are, how the solutions evolve, and what benefits they can expect from them.

But I am also very interested in their needs and challenges, I discuss with them their priorities and the challenges they face today and in the near future in order to be able to influence the evolution of our solutions.

3. Please, describe a way that you help your company understand the value of information security.

I think my company understands the value of information security very well since it is one of the leaders in this field. And even if I exchange internally on this subject my role is more turned towards the outside where I can help other companies to understand this value and the imperatives which are related to it. This is done through direct discussions with the CISOs of these companies but also through different groups of cybersecurity managers and experts such as CESIN or CLUSIF to which I contribute.

4. What key trends do you foresee happening in the information security landscape in 2022?

First, on the threat side, I believe that unfortunately, ransomware attacks will continue to explode, with increasingly effective phishing techniques. Their complexity and sophistication will also certainly increase, due to ever greater professionalization. There is also a risk of other supply chain attacks. These attacks are extremely dangerous and can expose an incredibly large number of businesses.

From the point of view of security and defence strategies, we are already seeing several phenomena that will increase. The first concerns the convergence of networks and security which explains the adhesion to approaches such as SD-WAN, SD-Branch, or SASE. Then, there is an ever-growing need for simplification, integration, and automation of cybersecurity technologies, we are moving towards the end of silo approaches. Finally, security consumption models are increasingly moving towards a service model associated with SLAs. This model will become more and more common.

5. In fact, insider threats are a massive problem for organizations across many industries, particularly now with new remote-working arrangements. How these threats can be stopped and prevented?

Yes, it is indeed an important problem and one which requires a change of approach to cyber defense. More generally, digital transformation, new uses, migration to the cloud are transforming the information system of companies. The borders become blurred, and a perimeter defense is no longer sufficient. It is no longer possible to consider all or part of the information system as trusted. In this context, it is not possible to guarantee that nothing will ever be compromised, and it is for this reason that zero-trust approaches are required.

6. Obviously, you are a busy person but how do you manage your work-life balance? We would be grateful if you could share some tips for maintaining a healthy work-life balance.

This is indeed an important point, especially as the trend towards teleworking has been generalized in the period we have known with the health crisis. There are probably a lot of effective methods out there, but it is mostly common sense. The essential point for me is to create a true separation between his professional and personal life by managing his time and by arranging periods of his own in his agenda, such as for example for his family or for sports.

The important thing is not to block fixed schedules because it is necessary to be able to adapt to operational constraints but to effectively reserve a time.

7. Where do you go for inspiration or resources that you use in your own professional development?

I find inspiration in interacting with others and having open discussions with professionals who may have different visions. This can take place during discussions with CISOs or CIOs of companies during meetings or meetings but also within different working groups of independent organizations. Currently, my favourite subjects are operational cybersecurity, the zero-trust approach, and industrial cybersecurity.

8. Our last question is usually a personal one: if you could give your 25-year-old self just one piece of career advice, what would it be?

If I could give a piece of advice to the young engineer that I was, it would perhaps be to make the choice more quickly to orient myself towards communications networks. It is this path that then led me to cybersecurity.

---

Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.