NCP Talk with Sebastian - Chief Information Security Officer

Tell us a bit about yourself:

My name is Sebastian and I am a trained computer scientist with 11 years of experience in the IT industry. Throughout my career, I have held various positions in IT companies, including roles in innovation management, sales, and product management. Before becoming a full-time CISO, I served as the head of technical customer support at NCP, where I was responsible for managing both the system engineering and technical server engineering teams.

The term "governance" is becoming increasingly important in the corporate environment. Can you explain to us in a few sentences what it means?

The term "governance" refers to the control and regulatory systems that oversee the structural and procedural organization of a company. In the context of information security and IT, it specifically pertains to the structural and procedural organization of IT and telecommunications operations as determined by management. The ultimate goal is to meet the overall requirements of the organization.

You work as the Chief Information Security Officer at NCP. What are the primary responsibilities of a CISO?

The primary tasks of a Chief Information Security Officer (CISO) include continuously ensuring the implementation of information security within the company. This involves developing and implementing cybersecurity strategies, assessing risks, establishing security measures, monitoring the security situation, and providing cybersecurity training for employees. For instance, I conduct information security and data protection training for new employees when they join the company.

The Product Security Board was introduced at NCP. What is it all about?

The Product Security Board comprises a team of development experts who analyze and assess emerging IT security issues related to our products, including internally and externally reported vulnerabilities.

The position of CISO is a significant role within a company. What are the major challenges you face in your job?

The main challenge in my role at NCP is finding the balance between strategic and operational issues. Information security is constantly evolving with increasing requirements related to foreign policy, the EU, and within the company. We need to analyze, evaluate, and implement these requirements. We must strike a balance between the needs of software development to bring products to market quickly and securely, and the implementation of compliance requirements for the company. Both the NIS2 Directive and the European Cyber Resilience Act will directly and indirectly impact the company.

You have been working in IT security for many years. How has this field changed in recent years?

Both the scope of the requirements and the speed with which new requirements are introduced to the market have changed significantly. Where individual guidelines and requirements from customer contracts used to be in the foreground, today we are almost exclusively talking about the implementation of requirements in the context of information security, which are specified by the EU and then have to be transposed into national law. ISO 27001 certification is playing an increasingly important role, as the requirements can only be met with standardized proof in the future.

You are also a passionate handball fan and volunteer at a handball club. How important is it for you to have a balance to your everyday working life?

Having balance is very important to me. Switching off, getting away from everyday life – that’s easy on the handball court. After many years of being an active handball player, I moved to a role behind the scenes a few years ago. Having the opportunity to organize tasks such as making sure courts are available for participants' weekend matches and that teams can pursue their hobby is very gratifying.