Zero Trust: Best Practices for Preventing Misunderstandings and Mistakes
Zero Trust can be perplexing when it devolves into just another marketing buzzword. Let’s clarify what it really means.
Tell us a bit about yourself:
My name is Sebastian and I am a trained computer scientist with 11 years of experience in the IT industry. Throughout my career, I have held various positions in IT companies, including roles in innovation management, sales, and product management. Before becoming a full-time CISO, I served as the head of technical customer support at NCP, where I was responsible for managing both the system engineering and technical server engineering teams.
The term "governance" refers to the control and regulatory systems that oversee the structural and procedural organization of a company. In the context of information security and IT, it specifically pertains to the structural and procedural organization of IT and telecommunications operations as determined by management. The ultimate goal is to meet the overall requirements of the organization.
The primary tasks of a Chief Information Security Officer (CISO) include continuously ensuring the implementation of information security within the company. This involves developing and implementing cybersecurity strategies, assessing risks, establishing security measures, monitoring the security situation, and providing cybersecurity training for employees. For instance, I conduct information security and data protection training for new employees when they join the company.
The Product Security Board comprises a team of development experts who analyze and assess emerging IT security issues related to our products, including internally and externally reported vulnerabilities.
The main challenge in my role at NCP is finding the balance between strategic and operational issues. Information security is constantly evolving with increasing requirements related to foreign policy, the EU, and within the company. We need to analyze, evaluate, and implement these requirements. We must strike a balance between the needs of software development to bring products to market quickly and securely, and the implementation of compliance requirements for the company. Both the NIS2 Directive and the European Cyber Resilience Act will directly and indirectly impact the company.
Both the scope of the requirements and the speed with which new requirements are introduced to the market have changed significantly. Where individual guidelines and requirements from customer contracts used to be in the foreground, today we are almost exclusively talking about the implementation of requirements in the context of information security, which are specified by the EU and then have to be transposed into national law. ISO 27001 certification is playing an increasingly important role, as the requirements can only be met with standardized proof in the future.
Having balance is very important to me. Switching off, getting away from everyday life – that’s easy on the handball court. After many years of being an active handball player, I moved to a role behind the scenes a few years ago. Having the opportunity to organize tasks such as making sure courts are available for participants' weekend matches and that teams can pursue their hobby is very gratifying.