Our Human Risks team continues to grow!
Daniel Kristensen, an information security specialist, has joined our team to help further develop our platform to better fit the needs of cyber security professionals.
Today, we talked about his project and hopes for the future.
Can you tell us a bit more about your role within Human Risks?
My primary role is to prepare and plan for adding the layer of cyber risk management to the current ecosystem. The cyber security domain is rather complex. It includes research, gathering user inputs and specifying requirements to ensure it fulfils the market demand and complies with best practices. As we progress, I will also take the position of product owner of the entire platform to align the development with the market needs and company strategy.
Do you think there is a gap between information security and physical security, or is it just a matter of perception? How significant is the overlap?
Both yes and no. Obviously, the attack vectors in cyberspace are different from the physical space because of the limitless borders. As such, you must consider your assets a little bit differently. However, the methodology when speaking of the risk management part is more or less the same. Both domains are about protecting ourselves against intentional threats. But of course, putting up a fence and setting up a firewall require different skillsets.
How has information security changed and developed over the recent years?
It’s actually rather difficult to pinpoint as this profession is in a constant state of change. Megatrends like the acceleration of remote working, complex and interdependent supply chains and the exponential increase in connectivity have spiked some serious incidents lately. But regulation is catching up and many organizations have matured a lot. However, cyber security professionals often find themselves one step behind the threat actors. Some believe that password-less technology and zero trust architecture are the way forward to minimize the span of human error. I tend to agree, although there will always be a need for a human behind the cost-benefit analysis.
Do you have any advice for organizations that struggle with information security?
Don’t panic! Start with the basics. Consider what is most important to your business operation and move on from there.
What do you predict could be the upcoming security-related concerns for the Security Risks Managers and Cyber Security Professionals to look out for?
That’s like trying to predict the numbers of next week’s lottery! ???? This domain is filled with black swans. But if I have to guess… We are still seeing a massive transition to the cloud and an increase in the use of digital services. Both as individuals and as organizations. The interdependencies between vendors and customers are getting more and more opaque, and I fear the collateral damage from a single cyber attack someday will have a massive and irreversible impact on multiple sectors or entire societies.
How do you think the Human Risks platform can help counter those challenges? What is missing from the platform that could make it a better tool to solve those problems?
The capability to establish and maintain an overview of your critical assets and having consistent metrics to ensure progress is the key. When something changes – whether it’s engaging with a new service provider, COVID, or a new zero-day vulnerability – you need the tool to be due diligent and act accordingly. I know this sounds like a lot of name-dropping adjectives. But it is exactly what the Human Risks platform supports and what we are aiming for. It guides our users and provides an always updated overview to make realistic and prioritized security decisions.
Is there something specific you look forward to working with the most?
Generally, I’m excited about being part of the whole tech environment. But I find it especially rewarding to both have a say in the strategic direction of the company as well as make sure the product is functional, awesome and kicks ass!
Thank you, Daniel! We look forward to an update.