We sat down with cyber security expert and friend of DACHsec Rouzbeh Barzegar to learn about him and his thoughts ahead of his talk at this year’s event.
Read on below for the full interview!
Please introduce yourself and tell us a bit about your background…
I have been on the information security journey for more than 16 years now. Before security, I worked in other industries like hospitality and had a lot of opportunities to learn about business, organisations, service and people. So, when I started my career in security and IT service management, I almost immediately took a role of a translator. I could understand the language of both worlds, i.e. the techies and the business people alike and could fill the gap between them. During all these years, I enjoyed having different roles as network security engineer, consultant, project/programme manager, auditor, instructor and security leader. More than 50 Information Security Management System (ISMS) implementations and many other projects in four continents, helped me learn a lot about different areas of IT and security.
My previous role as the Head of Cyber Culture and Training at a huge international healthcare provider was a true blessing. I learned a lot about people, organisations and culture and was able to plan and implement some very cool programmes worldwide. In my current role as the Director of Information Security Management, I have the honour of leading a team, which is in charge of building and maintaining an ISMS, with people at the core of it.
What do you think are the biggest cyber security risks affecting the DACH region’s businesses today?
I believe the biggest risks are not originated from the outside but from within the security industry. The adversaries are becoming more powerful but we as an industry are not fulfilling our role properly. We tend to mistake compliance for security and technology for solutions. With the lack of human resources, the gap between people, process and technology is becoming even wider. But we still tend to create and acquire more security tools without considering the relevant processes and people. I believe, if we stop shooting ourselves in the foot, we could decrease the number of data breach headlines and other security incidents.
What do the next 5 years hold for your industry?
The future is always full of surprises but if we just look at the trends of the past few years, cybercrime will continue growing. This is a successful business and hence the natural growth. I do hope that the security industry comes to senses and we all learn to work together and not against each other. This way, we would be able to have better solutions (not only tools) to our problems and protect people and organisations worldwide.
Can you give me a taster of the main point you are going to make onstage?
We have made promises that we have not held. The textbooks are all talking about people, process and technology but these three are seldom seen together. We tend to put them in their separate silos, which is not only counterproductive but also dangerous. With ‘the story of the three sisters’, I am going to explain why and how these can come together in a harmonious way. It is going to be fun 😉.
What is your top advice for other cyber security professionals?
We need to find the equilibrium between people, process and technology, building robust and sustainable solutions that can be used and managed by our people. There are no silver bullets out there, so let’s stop seeking!
What are you most interested in exploring and learning about this year, cyber security wise?
I am always excited about learning about new but practical ideas, tools and techniques that can be used in real organisations. Looking forward to hearing from other speakers and participants about their experiences in using those methodologies, tools and techniques. Especially, what went wrong and what they learned from it.
Catch Rouzbeh at DACHsec Summit on 16th – 17th May for his case study: ‘People-Centric ISMS: How to Bring Back the Focus to Our Most Important Asset’! Join us for his session and enjoy live Q&As throughout the summit by registering for FREE online with code: CYBER-VIP at dach.cyberseries.io/register/.
