Ahead of the Benelux Cyber Security Summit, we met with Victoria Van Roosmalen, CISO & DPO at Coosto, for a quick discussion on the state of cyber security in Benelux today.
Read on below for the full interview!
Please introduce yourself and tell us a little about your background….
My name is Victoria van Roosmalen. I drive the information security and privacy governance at Coosto as their CISO & DPO (Coosto is the leading B2B SaaS solution for content & social media marketing in the Netherlands) and sit on multiple global advisory boards where I share my expertise in IT, security, and privacy affairs.
I’m formally educated in electrical engineering, yet my professional background lies in software engineering and IT operations; I’ve been programming and ethical hacking for as long as I can remember — I still do — and couldn’t resist taking this forward into my profession. A decade later, I somehow found myself entirely dedicated to the security and privacy realm. Although I didn’t originally intend to go down this rabbit hole, it works out beautifully; I’m always hungry to learn new things and leverage my passion and experience to help others stay ahead.
What do you think are the biggest cyber security risks affecting Benelux businesses today?
In my humble opinion, I find that the most significant cyber security risks actually lie in their mismanagement. This already starts by underrating these risks because businesses either (1) don’t understand them or understand how these risks relate to their business, (2) get overwhelmed by them, or (3) don’t want to believe such ‘inconveniences’ may happen to them (e.g., ransomware attacks).
However, the truth is that we’re all vulnerable in one way or another. It’s a fact that we have to deal with instead of burying our heads in the sand. It’s never about eliminating risks but about (1) bringing them down to a manageable level and (2) building and keeping this up as we naturally continue to evolve. Transparency and progression through little steps are always the better alternatives than being – truly inconveniently – completely blown away and overwhelmed by a crisis under time pressure.
What do the next 5 years hold for your industry?
Without a doubt, exciting times! I believe that the technological capabilities will continue to evolve, and the amount of data and number of IoT devices will exponentially grow. On the downside, I think an increase in threat actors, sophisticated attacks, and dark patterns practices will go hand in hand with this growth, whilst the current challenges, such as limited resources to address cyber security and privacy concerns, will fundamentally remain unchanged.
As such, my biggest wish is to see at least see businesses acknowledge the need for privacy by design and data protection being fundamental to good business. In my opinion, companies completely miss the mark if they continue to put their own needs and appetite for privacy risks above those to whom these risks truly belong; those who help put and keep them in business in the first place.
Can you give me a taster of the main point you are going to make onstage?
Although you can’t go without it, technology won’t solve everything. Technology is merely a tool, never a means to an end.
What is your top advice for other cyber security professionals?
Keep learning from each other and work alongside instead of against each other. New initiatives and changes in your organisation will likely also continue without you. The better you are in relaying the message that you genuinely wish to help others forward by addressing the relevant risks to their benefit, the easier it becomes for you to do your job and for others to let you in (win-win!). In short, remain humble and cultivate relationships over transactions.
What are you most interested in exploring and learning about this year, cyber security wise?
I am most interested in the current developments around homomorphic encryption, particularly making encrypted search possible without having to decrypt all the data first. It would be interesting to combine this technology with cloud computing and for businesses to, dare I say it idyllically, share data with third parties in a safe and privacy-preserving way.
Catch Victoria at the Benelux Cyber Summit on 11th – 12th October as she participates in the group discussion: ‘Adopting a Prevention-First Approach to Security‘! Join us for her session and enjoy live Q&As throughout the summit by registering for FREE online with code: CYBER-VIP at benelux.cyberseries.io/register/.
