We recently had the opportunity to speak with Michael Schlüter, Cyber Security Officer and ICT Security Consultant. He is also a Guest Lecturer at the University of Applied Sciences and Arts Northwestern Switzerland. We presume that his insights may be of great value to not only cyber security enthusiasts but also to small businesses as well. Continue reading to learn more.

1. Can you give us a brief background on when and how your interest in cyber security was sparked? 

The foundation for my interest in information security technologie has been laid during my apprenticeship at a major Swiss bank. From then on I steadily developed an interest in the area of attack methods and in cyberspace. With growing media attention to successful cyber attacks and deeper knowledge of the subject during my studies, the topic of cyber security has captivated me. I then continued my education specifically in this area (CISSP, Cyber Security ETH).

2. What about your work excites you the most right now?

Security has to be considered in the overall context, which means that I have to deal with various stakeholders and all the technologies and topics involved in order to understand the interaction and make solution-oriented decisions. This holistic approach is whats exites me the most.

3. What are the 3 most critical qualities make someone a good Cyber Security Officer?

1. Technical know-how combined with management skills.
2. Constant desire to acquire new knowledge.
3. Persuasiveness and empathy

4. How much teamwork is involved in a Cyber Security Officer position?

As mentioned, a holistic approach is important, which means that the exchange between the departments and within the security team is of enormous importance. The broad spectrum of technologies and products as well as diverse stakeholders can best be mastered with a good team performance – even if, as a cyber security officer, you sometimes find yourself fighting alone.

5. Let’s talk a bit about businesses. Do small and medium-sized businesses face the same risks today as the larger companies we are seeing being hacked in the headlines?

Absolutely! Small and medium-sized businesses are just as affected by for example ransomware attacks as larger companies – if not more so. Because cyber criminals also take the path of least resistance and we often see that these small and medium-sized businesses are less aware of the threats and protect themselves accordingly less well. So there are many attacks on these companies, but only a few make it into the headlines.

6. What are some examples of how small businesses can do a better job of protecting themselves against cyber-attacks?

Basically, the understanding of cyber risks should be built up in the executive management and the board of directors. Only when the threats are known and taken seriously, the vulnerabilities can be addressed. And only then customised and cost-optimised security solutions can be offered and implemented for the companies. Be aware that even smaller companies are increasingly dependent on functioning IT systems and the availability of digital data. A major cyber attack can bring these companies to ruin.

7. Could you walk us through your forecast of the cyber security landscape for the rest of 2021?

Cloud services will increase strongly and the handling for companies is supposedly simplified by this. It remains important to maintain sovereignty over the data and also to hold the cloud providers accountable and to audit them. Furthermore, the areas of IoT and OT will have the need to increasingly protect themselves against attacks and security elements will have to be developed and implemented accordingly in these areas. Security solutions tailored to the company will be essential to increase security in line with operational circumstances.

8. Our last question: if you had to recommend one book to learn for a beginner getting into cyber security what would it be and why?

I don’t like to refer to a single book. Because often it only provides a limited view of one part, such as risk management, cryptographic backgrounds or hacking techniques. The book BLACKOUT by Marc Elsberg (2013) is not the latest, but it shows how the interconnectedness in the energy sector determines our lives to a certain extent. These critical infrastructures are more and more targets of cyber attacks and have a direct impact on our daily lives. Develop the thoughts and the joy of security and link this to everyday situations. This is my message for everyone, not only for cyber security specialists.

---

Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.