40 under 40 in cybersecurity. top cyber news magazine

MAGAZINE
TOP CYBER NEWS
INDIVIDUAL CYBER SECURITY PROFESSIONALS - OUTSTANDING PERFORMERS IN THE FIELD OF CYBERSECURITY AND DIGITAL
INDUSTRIES - TALENTED EXPERTS FROM ALL CONTINENTS, WORKING FOR A SAFER AND RESILIENT DIGITAL FUTURE
2022 SPECIAL EDITION
U
N
D
E
R

Own Your Future!
“It is time for us all to stand and cheer for the doer, the
achiever - the one who recognizes the challenges and
does something about it.” Vince Lombardi
ONLY talents! NO ranking here!
With the global skills shortage, it is crucial to encourage talents who
dedicate their life and career to cybersecurity.
This special edition spotlights remarkable cybersecurity and
industry 4.0 professionals. Top Cyber News Magazine is pleased to
unveil a constellation of young and devoted men and women:
amabasadors, erudites, and influencers.
All, part and inspiring force behind the global Cybersecurity
Awareness movement. These talented experts and brilliant people
coming from nineteen countries and five continents.
I invite you to discover these wonderful people. Speak about them.
See the light in others and you will be stunned how this light comes
back to you! Enjoy reading! Share! Learn!
Yours the most sincerely, Ludmila M-B
Fore
Word
TOP CYBER NEWS MAGAZINE - Special Edition - ALL RIGHTS RESERVED 2

3
It's 2022 - Every job is a technology job!

40 under 40
Move to the Front Lines!
Editorial by Steve KING
Managing Director at CyberTheory
As the gap expands between supply and demand in cybersecurity skills, we now see over 70 online
eLearning courses available that focus across a wide range of upskilling opportunities from data privacy to
compliance to risk and vulnerability assessment and audit. As we celebrate our newest class of 40 under 40,
we are optimistic that this generation of cybersecurity enthusiasts are interested in the actual battle zones
upon which our current war is being fought and not on preparation for the administrative roles which are
also necessary in battle, yet not feeling the pressure from the current skills gap.
In our work with our own eLearning platform, CyberEd.io, we have discovered that the key employment
opportunities lie along the front lines of deployment, where trained cyber-warriors are so necessary not just
to defend our critical assets but to serve as a deterrent to the flood of cyber-criminals assaulting our
fortresses. Every CISO we talk to confirms this requirement with both anecdotal and empirical evidence that
is leading to almost daily breaches across all industrial sectors with specific threats to banking, education,
healthcare, military and industrial control systems in automated factories (OT).
The cyber-warrior education career path starts with a solid grasp of network engineering fundamentals,
followed by security architecture & engineering with an emphasis on Cloud/SysOps/*nix (*Unix/Linux Linux,
FreeBSD, and Mac OS X), ICS/IoT, identity access management, security assessment & testing, current
threat profiles and malware infrastructure and architecture, vector identification, incident detection, security
operations with forensics and incident handling, pen testing, and exploitation.
Without properly trained resources in advanced cyber-warfare, we will never prevail in our constant
challenge to protect and defend, let alone being able to take the threat to the enemy. As more and more
entry candidates choose training to prepare them for certifications, we are optimistic that they will
increasingly choose skills training that matches with the current gaps.

The Time Is Now
Looking back on 2021, the field of cybersecurity is
only becoming more challenging. We have increased
presence of effective ransomware, malware, and
insanely exploitable vulnerabilities within the software
supply chain, such as with SolarWinds and Log4j.
While the field of cybersecurity is exploding with new
disciplines, tactics, and tools, we’re still missing
something. We have policies, frameworks, security
controls, and all the tools available to us to achieve a
secure infrastructure.
“So, what is holding us back? Why can’t we
get to this place of security?”
Looking on to 2022, I want to discuss what I hope to
see, but what I think may be more of a reality for
cyber trends.
I hope that as security practitioners, we consider
more partnerships with our academic partners. There
is cutting edge research being done by smaller
researchers at schools and universities across the
world. Partnering technical practitioners with
academic research can help to improve cybersecurity
practices.
Another hope for 2022, is the ability for organizations
to start to speak the same language and understand
how cybersecurity is essential at this point. Small
budgets, small teams, and lack of training leads to
ransomware attacks that cripple private and public
organizations.
A final hope is that cybersecurity professionals learn
more about the integration of psychology and human
factors engineering. These fields have major
implications on how effective a cybersecurity program
is.
An example, how do users understand cybersecurity
within their tools, even something so simple as
email? But in a realistic way, I am aware that change
can be slow and may take time.
I end this with a final thought, “consider how other
fields may be integrated into cybersecurity programs.
Look at psychology, behavioral analysis, human
factors and UX design, and how they may improve
cybersecurity across the organization. “
Cyber 2022
by Dr. Nikki ROBINSON, the USA
Dr. Nikki ROBINSON is a Security Architect as well as
an Adjunct Professor, and holds a Doctorate of
Science in Cybersecurity, as well as several industry
certifications (CISSP, CEH, MCITP, etc).
She recently received a PhD in Human Factors and
research in blending psychology and cybersecurity.
Nikki has a background in IT Operations and
Engineering and moved into Security several years
ago.
Nikki’s expertise spans vulnerability management,
security architecture and design, as well as
integrating human factors into security engineering
practices.

of The Importance of Cybersecurity
TOP CYBER NEWS MAGAZINE - Special Edition - ALL RIGHTS RESERVED
Graduated from the HSE University (Russian:
«Высшая Школа Экономики», ВШЭ), officially the
National Research University Higher School of
Economics, Moscow State Institute Of Electronics And
Mathematics; Certified Information Systems Security
Professional (CISSP), Mr. Mikhail IVANOV enjoys
near twenty years of experience in the financial
industry, continually adding professional upskilling,
re-training, mentoring colleagues as part of his career
accomplishments.
As with most human-centred challenges, there
continues to be a disturbingly large gap between the
standards of life in many parts of the world. Do we
even know how many people live in poverty or close
to the poverty line? These people are very vulnerable
to cybercrime, especially, cyber-fraud, which can have
a dramatic effect on their lives.
Cybersecurity is of concern and should be taken
seriously by all nations. Cybersecurity awareness-
raising campaigns should be encouraged and
supported for the most unprotected parts of the
population, addressing major risks (including the
newest forms of online fraud known as "phishing"
and "vishing"), new technical tools, free anti-virus
and anti-spam software and other security measures.
“In the battle against cybercrime, raise
public awareness of the importance of
cybersecurity and of various aspects of the
fight against cybercrime.”
In banking, financial transactions must be protected
against cyber fraud and cybersecurity must be the top
priority. Speaking about the banking industry, we live
in an age of the growing uncertainty caused by:
rapidly changing operating and financial models;
unplanned or unpredictable changes in technologies,
the disturbing instability of the banking industry
worldwide, legal and regulatory restrictions, import-
substitution of information technologies (in Russia),
and other volatile factors (ex: COVID-19).
The most significant challenges for cybersecurity in
the next 3-5 years lie in the fields of disruptive
technologies, increasing number of cyber-attacks, and
Gray Rhinos (The Gray Rhino is a metaphor for the
threats that we can see and acknowledge yet do
nothing about). Companies must prioritize their
investments to support the business transition to
digital technologies, operating models and a durable
improvement of the cyber resilience.
6
Raising Public Awareness
by Mikhail IVANOV, RUSSIA
Currently, Director of Information Security
Department at Rosbank and Chief Information
Security Officer at Societe Generale, Moscow, Russia,
his knowledge and expertise are recognised and in
demand on an international scale through his work
and projects in areas / fields of: Development,
implementation and enforcement of the firm-wide
framework for information security management and
strategy; managing IS Department, deliver strategic
enterprise information security management system
(ISMS), Information security governance based on
ISO methodology (controls and IS processes);
Information Security Program management… etc.

Not A Destination
7
Achieving perfect protection in terms of security is
and will always remain an aspirational undertaking but
one impossible to obtain. Now and for the
foreseeable future, agility will be the network
defender’s most prized asset. Adapting quickly to a
rapidly evolving threat is proving far more beneficial
than reliance on a rigid security apparatus.
Hostile actors continue to evolve as well, becoming
increasingly more professional by creating business
models inspired from legitimate business practices. I
expect this trend to continue for years to come, as by
professionalizing their services, these actors have
created a profitable enterprise by implementing a
best-practice approach and incorporating the
technologies used by legitimate business such as
Artificial Intelligence, Machine Learning, and even
quantum computing to break or pass a targeted
organization’s defense.
Considering these realities, while it may not be
possible to stop all attacks, a sound cyber security
strategy will focus on discouraging these attackers in
order to raise the cost to such a degree that the
consequences outweigh any potential gain.
Companies must prepare to defend themselves
against attackers by making themselves a difficult
target that will ultimately discourage attackers to
concentrate their efforts elsewhere. The objective here
is to influence attacker behavior to pursue easier
targets.
Sensitive data (intellectual property, personal
information, research and development, etc.) will
remain highly sought after by attackers because it can
be monetized in different ways and for different
purposes, whether its used by the attackers or sold to
other groups or individuals. Such data can directly
impact a company’s finances, hurt customer
confidence in the company, and ultimately negatively
impact the company brand and reputation. Properly
safeguarding sensitive data will help ensure that a
company does not become a potential victim of
hostile actor operations and create a condition where
it can be susceptible to competitive advantage.
I do believe Cybersecurity will remain a major
strategic issue for companies for the foreseeable
future. I do think there’s going to have to be quite a
few conceptual breakthroughs in IT Infrastructure
innovations, in legacy IT Infrastructure management,
and control and restrictive use. Organizations need to
adopt a new approach to cybersecurity to include
providing continuous user awareness and education
for their staffs in order to address the challenges in
2022 and beyond.
A Journey…
by Karim BOUACEM, FRANCE
The Team Leader of the Information Technology (IT)
Security Team, Karim BOUACEM initiates and leads
work flow and tactical tasks as part of the Groupe SEB
Cybersecurity transformation management processes.
Karim credits more than ten years of his rewarding
career at the international corporation with the
leadership style and global success of the
organisation.
As "Cybersecurity is much more than an IT topic”,
Karim’s resume reflects this statement the best. His
career achievement(s) today is the result of his
education (Conservatoire National des Arts et Métiers
-Computer, Network & Multimedia Systems Engineer,
MS) and professional experience that includes major
projects in roles such as: system and network
engineer & project leader (In Extenso), IT architect
(Groupe SEB), a few to mention. Karim’s recognized
expertise & immense achiever attitude communicated
with his colleagues create supportive knowledge
sharing experience as part of Groupe SEB's core task
of collective cybersecurity success story.

She has also served and continues to serve others as
a mentor in the cybersecurity space.
After a 15-year career in communications
(marketing/branding/graphic design) and
subsequently several more years working in
information technology, Denae leveraged her
communications skills and experience to land an
opportunity in 2016 as a social media marketing
manager for CyberTexas Foundation, a non-profit
organization dedicated to the advancement of
cybersecurity education in Texas (United States).
Denae went on to receive her big break into
cybersecurity in 2017 when she was hired as a cyber
threat intelligence analyst at (Ernst & Young) EY, one
of the Big Four accounting firms. In 2020, Denae
transitioned to USAA (financial services) where she
currently works in the area of enterprise cybersecurity
risk management.
Denae obtained a Master of Science degree in
Information Systems and Security from Our Lady of
the Lake University in 2018. She also holds a
Bachelor of Science degree in Communication from
The University of Houston.
Additionally, she currently holds and maintains the
following active professional certifications: Certified in
Risk and Information Systems Control (CRISC) (from
ISACA), GIAC Cyber Threat Intelligence (GCTI), GIAC
Security Essentials Certification (GSEC), Control
Objectives for Information and Related Technologies
(COBIT) (from ISACA), and CompTIA Security+. She
is a life-long learner.
Denae’s greatest accomplishment and biggest
motivator is her family, who motivated her to pursue a
career switch into cybersecurity. Denae is the proud
mother of four children, including three siblings she
and her wife of 12 years adopted from foster care.
She currently resides with her family in San Antonio,
Texas, United States.
of Cybersecurity
"Cybersecurity growth, quality, strength and
sustainment is driven by those dedicated
professionals who never give up, embrace life-long
learning, foster diversity, equity, and inclusion, and
serve the cybersecurity community through advocacy
and/or mentoring.” ~ Denae BROOKS
8
You Are In The Heart
By Denae BROOKS, the USA
Denae BROOKS is currently pursuing a PhD in
Cybersecurity Leadership from Capitol Technology
University.
Her scholarly research is focused on exploring the
value, attitudes, and strategies of cyber threat
intelligence-driven phishing awareness programs.
She is a strong advocate for cybersecurity newcomers
and is a strong proponent of Diversity, Equity, and
Inclusion (DEI). By leveraging her own professional
network, she spearheaded cybersecurity
breakthrough initiatives to help connect those
individuals wanting to break into cybersecurity or
transition to other domains with qualified professional
mentors.

Cyber Security
For example, it could include simplifying policy and
guidelines, streamlining decision-making processes,
and aligning with industry best practices. Usually,
prioritising inherited audit findings, penetration
testing outcomes and residual risks with near-term
remediation expectations could lead to mutual
benefits to several organisational functions.
At the end of the day, business success pays the bills.
Therefore, “a Business First Cyber Security Approach
and the development of trusted relationships with key
stakeholders are essential considerations to help
cyber security professionals better articulate and
achieve the relevant security objectives.” Eventually,
this will lead to sustainable competitive advantage and
business success.
Technology is a primary enabler of innovation and
competitive advantage across modern businesses.
The objective of cyber security is to protect these
capabilities in a safe, sound, and secure manner.
While making technology safer and more secure, it
does not need to be harder to operate and use.
Unfortunately, security professionals often take a very
aggressive approach to protect environments that
could cause friction or negatively impact business
and operational teams. Instead, security professionals
should build cyber security practices that deliver the
best business outcomes. A business first cyber
security approach starts with understanding how a
business operates and the primary challenges of the
ever-evolving cyber threat landscape.
Security professionals should provide enough
background in an easy to understand business and
operational language to help business owners and
executives understand the key considerations about
cyber security. The first step often includes aligning
with the existing risk management practices and
articulating the impact and likelihood of a cyber
incident. Many security professionals have trouble
promoting their security initiatives because they do
not use the appropriate means to ascertain why some
issues are more important than others and how the
budget spent on cyber would make an organisation
more secure. Focusing on impact and putting specific
metrics around financial consequences, operational
implications, and reputational damage is a good
starting point for a business representative to
understand the importance of the relevant cyber
threats. Creating mutual trust with stakeholders,
seeking to achieve similar goals and objectives would
demonstrate that cyber security does not live in
isolation and many issues could be addressed
collectively. A good starting point includes regular
engagement and alignment with Risk, HR, Legal,
Audit, Compliance, and Financial functions. Building a
trusted relationship with these areas could involve
investing time to take the lead on issues that would
benefit the whole organisation.
Business First
by Dr. Tim NEDYALKOV, AUSTRALIA
Dr. Tim NEDYALKOV brings over 18 years of multi-
industry experience in Information Technology and
Cyber Security across Europe, the USA, Australia, and
the Middle East. He is a Technology Information
Security Officer at the Commonwealth Bank of
Australia. Most recently, he established the cyber
security practice for the $24 billion Riyadh Metro
transport network. Earlier, he was an Information and
Cyber Security Manager at the Australian
Broadcasting Corporation, country’s largest public
broadcaster with over 5,000 employees across 70
locations. Dr. Nedyalkov holds a doctorate in Cyber
Security, a master's in IT Management, and a
bachelor's degree in Computer Science/Applied
Informatics. His certifications include C|CISO, CISSP,
CCSP, CEH, CISA, CISM, CRISC, CGEIT, CDPSE, ISO
27001 LA, CompTIA Security+, ITIL, and Agile PM.

Dr. Atef ABDELKEFI is an experienced professional in
the field of cybersecurity with over 12 years of
leadership, consultancy, architecture, and a PhD in
cybersecurity from the Norwegian University of
Science and Technology.
We can all agree that 2021 was one of the most
challenging and unique years in modern times. For
the CISO however, 2021 represented one of the most
impactful times. From an increase in scope, to an
increase in executive level exposure and a change of
skills and expertise required. I believe that 2022 will
see a further development in CISO role as follows
CISO organizations
More organizations are recognizing the importance of
security through the CISO role, as a business enabler
and a differentiator. We have seen a dramatic increase
in demand for CISOs in startups and small and
medium businesses and I anticipate this trend to
continue.
CISO reporting structure
The CISO position has seen a nuance in its role,
responsibility, and its place among the c-suite over
the years. In a traditional organization structure,
CISOs report to the CIOs. However, we have seen a
shifting trend over 2021 and a strengthening of the
link between the CISO and the CEO which I expect to
grow over 2022.
CISO skills and expertise
The CISO role has been traditionally adapted to the
organization’s size. In large enterprises, the CISO is
required to be rather strategic than technical, while in
SMBs, the CISO is required to be particularly hands-
on to handle security design and implementation. In
2021, we have seen signs of change in this trend.
SMBs’ CISOs are required to build a strong cyber
governance structure, manage risks, strengthen the
cyber awareness across the organization, in addition
to the deployment of the operative technology.
On the other hand, CISOs are always required to be
technology-aware and particularly Cloud-sensitive.
We have noticed an explosive demand for CISOs
which have a minimum understanding of the cloud
technology in 2021 and we expect this trend to
continue in 2022.
CISOs v2022
by Dr. Atef ABDELKEFI, FRANCE
Senior Manager at Deloitte, Dr. Abdelkefi supports his
costumers, in all industries, in their secure digital
transformation journey and coaches his cyber-junior
colleagues.
As a CISO and Lead Security Architect for IBM´s
Danish Account, Atef ensured a secure hybrid-cloud
infrastructure and a robust Managed Security Service
to IBM’s Nordic’s customers.
While at Accenture, Atef led the Norwegian Cyber
Defense chapter, and at Qatar Petroleum and Aker
Solutions worked as SCADA and ICS security
consultant. Atef contributed to hundreds of national
and international talks in cybersecurity.
Winner of the “IBM communication Ambassador”
award, Atef promotes cybersecurity and particularly
cloud security in Norway as a Board member of
Cloud Security Alliance. In his free time Atef studies
for his Executive MBA at Quantic School of Business
and Technology.

On The Table Of Cybersecurity In 2022?
Past year, we have seen several major attacks on the
supply chain; the scenario will continue to gain
popularity among cybercriminals. This profitable
bridgehead allows intruders to hit multiple targets at
once. Governments will likely develop laws, policies
to protect networks and combat such attacks and will
cooperate with private organizations or other
countries to fight them at the international level.
Ransomware attacks will continue to evolve and
become even more advanced. Threat actors will
increase the usage of penetration tools to set up
attacks in real time, as well as to get access to victim’s
networks. Based on latest trends it is very likely that
APT groups will increase their interaction with other
cybercrime associations (for example, buy data on the
shadow market to access corporate resources).
In 2022, sophisticated attacks on mobile devices will
definitely be a trend. Mobile devices are an ideal
target for attackers. Users are almost never part with
their smartphones storing personal information while
infection of these gadgets is very difficult to prevent
and detect. Given the differences of mobile OS,
Android devices will continue to be prone to malware
from the cybercriminals’ arsenal (fraud, financial crime
etc.), while iOS will likely attract the attention of
groups specializing in cyber espionage.
Disinformation campaigns will return stronger and
cybercriminals will leverage it to conduct phishing
attacks and fraud. In addition, due to improved
infrastructure and increased technical capabilities,
cyberattacks will play a role of a proxy to destabilize
activities around the world. Deepfakes will become a
real weapon that scammers will use to manipulate
opinions/stock or to conduct social engineering
attacks.
In 2022, phishing-as-a-service will remain popular;
threat actors will offer the phishing infrastructure for
rent to anyone who can’t develop their own tools.
With this trend going up, the number of phishing
attacks aimed at stealing cryptocurrency will rise as
well.
“Since cybercriminals always go where the
money is, they will continue to spread
malware for a variety of malicious and
fraudulent activities with cryptocurrencies.”
Inna VASILYEVA is a technical threat intelligence
researcher and reverse engineer HUMAN She
specializes in mobile and malware analysis, threat
intelligence, network analysis and threat hunting. Her
steady record of influential contributions already has
significant impact in the world of cybercrime. She has
served as a principal analyst and leader of a cyber
threat intelligence unit proactively hunting cyber
threats related to industry (cybercrime) & government
(cyberterrorism).
She developed & implemented novel methods for
detection of highly malicious malware (such as
Emotet, Trickbot and others), as well as research on
national security, geopolitical confrontation &
information/cyber warfare among the United States,
China and Russia.
What Will Be Served
by Inna VASILYEVA, the USA

In 2022
Comprehensive visibility of your IT systems and data
across cloud and on-premises environments remains
vital to prevent data breaches and meet regulatory
requirements in 2021. Creation and continuous
improvement of a risk-based Third-Party Risk
Management Program (TPRM) is indispensable to
prevent surging supply chain attacks, one-size-fits-all
vendor questionnaires don’t work anymore.
Intelligent automation of security monitoring, patch
and configuration management, and incident
response helps to offset shortage of cybersecurity
skills and keep your team focused on those tasks that
truly deserve human intelligence. Keep in mind,
however, that new technologies and automation, for
instance, container orchestration or your CI/CD
pipeline, also expand your attack surface, should be
hardened and adequately protected. Ongoing training
of your security team remains essential to stay ahead
or the rapidly evolving cyber threat landscape.
Countries are now actively adopting new data
protection and privacy legislation that, among other
things, has a strong impact on cybersecurity. Brazil,
China, South Africa and Switzerland to name a few.
Infringers may face severe monetary penalties and
even criminal prosecution. To comply with the
mushrooming data protection and privacy laws in
2022, every cybersecurity team will need a
professional legal advice. So, it’s good idea to team
up with your legal department or talk to an external
law firm specialized in data protection law.
Next year agendas of governments and lawmakers
have a focus to penalize organizations for poor
cybersecurity practices. While deterrence of a
deliberate misconduct is crucial, I’d rather focus on
supporting victims of cybercrime, notably SMEs,
healthcare providers and educational institutions.
Provision of free cybersecurity training may prevent
millions of security incidents. While “creation of
public-private partnerships in cybersecurity may
be a rocket fuel for national cyber resilience in
2022.”
Ilia is also a member of Europol Data Protection
Experts Network and a cybersecurity expert at the EU
CyberNet. Ilia has GIAC GCPN, GPCS, GCSA, GCTI,
GMOB and GLEG certifications and is a Certified
Information Privacy Professional (CIPP/US/E/A/C).
Being a PhD Candidate, Ilia holds a Master of Science
in Criminal Justice (Cybercrime Investigation) and a
Master degree in law.
Staying Secure
by Ilia KOLOCHENKO, SWITZERLAND
Ilia KOLOCHENKO is a Swiss cybersecurity expert and
entrepreneur with over 15 years of cybersecurity
practice.
As a CEO & Chief Architect at ImmuniWeb, he leads
data scientists, security analysts and software
engineers serving enterprise customers in over 50
countries.

Women's Society of Cyberjutsu
Cybersecurity Executive | Speaker | Published Author
Award Winning CEO, Cyberjutsu | Editor | Leader
Mari is currently a resident of Las Vegas working as a
Customer Success Architect for Palo Alto Networks.
She regularly contributes content to security blogs
and training companies across the country as well as
an Adjunct Professor for UMGC. She also lends her
time to various organizations as an award judge,
mentor, and advisor. Outside of being a geek, Mari
enjoys arts, puzzles, and legos! @marigalloway
mostlymimi.com
ABOUT WOMEN’S SOCIETY OF
CYBERJUTSU
Founded in 2012, the Women’s Society of Cyberjutsu
(WSC) is a Northern Virginia–based 501(c)3 non-
profit organization, focused on empowering women to
succeed in the cybersecurity industry. WSC’s mission
is to advance women in cybersecurity careers by
providing programs and partnerships that promote
networking, education, training, mentoring, resource-
sharing and other professional opportunities.
WSC serves thousands of women across the globe by
bringing awareness to, and advancing careers in,
cybersecurity. The WSC community includes
information security professionals, IT professionals,
programmers, computer scientists and engineers, as
well as women wanting to explore and join the field.
Recognizing the importance of encouraging girls to
embrace a future in STEM-related professions
through its Cyberjutsu Girls Academy, WSC provides
a unique hands-on curriculum focused on securing
information technology. For more information, visit
http://www.womenscyberjutsu.org
13
Women + Cybersecurity =
by Mari GALLOWAY, the USA
An Air Force brat turned Army spouse, and a 10 plus
year veteran to the tech and cyber world., Mari
GALLOWAY is the CEO and a founding board member
for the Women's Society of Cyberjutsu (WSC), one of
the fastest growing 501c3 non-profit cybersecurity
communities dedicated to bringing more women and
girls to cyber. WSC provides its members with the
resources and support required to enter and advance
as a cybersecurity professional.
Mari began her cyber career with Accenture where
she excelled as a Network Engineer. Mari is also the
inaugural ISC2 Diversity Award winner for 2019. With
over 12 years of Information Technology, 10 of which
are in cybersecurity, her experience spans network
design and security architecture, risk assessments,
vulnerability management, incident response and
policy development across government and
commercial industries. She holds a variety of
technical and management certifications (CISSP,
GIAC, CCNA, etc) as well as a Bachelor’s degree in
Computer Information Systems from Columbus State
University and a Master of Science in Information
Systems from Strayer University.

Victoria GRANOVA is Founder of CyberToronto
Conference, an annual community conference for the
GTA - GTA- Greater Toronto Area, in Canada. Victoria
is also the President of the (ISC)² Toronto Chapter
board, where she works to create professional
education opportunities and connects security groups
across the GTA to advance the industry together.
The Strongest Cybersecurity Asset
Cybersecurity has increased in visibility and
importance for organizations. High-profile supply
chain attacks in recent years have emphasized the
need for support and investment into growing
cybersecurity talent.
While I foresee that many companies will increase
investments into cybersecurity in 2022, it is important
that they don’t forget to invest into their most
important cybersecurity asset – their people.
In 2022, the most successful organizations won’t be
the companies with the highest walls or strongest
cybersecurity systems: they will be the ones with the
most resilient cybersecurity culture.
The best-in-class companies will be investing in their
people from two angles: training for all employees to
understand that security is everyone’s job, and
investment into core cybersecurity teams to support
their mental health and well-being. This investment
can come from multiple avenues, such as competitive
compensation, location flexibility, work-life balance,
and appropriate staffing levels for the amount of work.
Cybersecurity practitioners who have those basic
needs met will excel at their work and will help their
organizations react quickly to prevent and mitigate the
next wave of attacks.
Doubtlessly, there will still be companies that will view
cybersecurity as the responsibility of IT and treat
cybersecurity as just another operating expense.
The companies that “get it” will set themselves up for
a great 2022 and will attract the best talent this
industry has to offer.
14
People
by Victoria GRANOVA, CANADA (My opinions are my own. VG)
In industry, she works in cybersecurity risk at a
FAANG organization. Victoria also contributes as an
Instructor at York University in the Cybersecurity
Certificate Program.
Victoria is also pursuing a part-time PhD in
Management, channeling her passion about
strengthening the "human factor" in cybersecurity
into interdisciplinary research in cybersecurity and
psychology. Victoria holds the CISSP, CISA and CPA
designations and has an MBA from Queen's
University. She was awarded Canadian Security’s Top
10 Under 40, as well as Canada's Top 20 Women in
Cybersecurity in 2021.

Driven Security minded and business oriented
security professional James J. AZAR works, leads,
and is dedicated to the security and business
mission. In his experience, James has served as CTO,
CIO, and CISO but his true passion lays at
intersection of Security and Business where
innovation and out of box thinking are needed to
drive security growth within an organization.
aaS Journey
“2022 is going the be the year of aaS.”
Many organisations over the last two years have
moved to the cloud, created hybrid environments and
added a load of Microservices to their business and
all this in one of the many popular models of SaaS,
PaaS, IaaS or any other aaS type of service. These
services come together to create a modern workplace
and enterprise. This is introducing a whole new threat
vector that’s going to require creativity and resolve to
defend over time.
This isn’t the traditional threat landscape anymore,
log4j is the beginning of old software coming back to
haunt us in modern environments and this will
require the industry to re-evaluate its approach and
posture. This is going to take a true partnership
model to overcome the next set of threats with
adversaries far and wide planning a multiyear
campaign to weaken our defences and gain entry to
data, environments and financials they would have
otherwise.
The term it takes a village applies now more than ever
to cybersecurity. In 2022 it’s going to take a village to
defend the hybrid infrastructure that still relies on old
tech and code. We are talking about multi million if
not billion lines of code that need review and updates
with a high cost and low incentive to get it done but
rather replace it.
We are going to witness the toughest decisions as
security and business intersect and will require a new
vision for long term security success.
We now have the chance to show the true value of
security to our organizations and we can do that
effectively by using these situations to leverage our
knowledge to be the modern leaders in our aaS orgs.
James is the host of the fastest-growing cybersecurity
podcast in the country CyberHub Podcast, CISO Talk,
and a new and noteworthy privacy podcast called
Goodbye Privacy as well as the Other Side of Cyber
on ClubHouse.
James is a global public speaker having spoken at
events like CyberTech Israel, RSA, Data Connectors,
FutureCon and has been published in Fox, OANN,
AJC, ABC, NBC and James also writes for Substack.
The Security
by James J. AZAR, the USA

Prof. Sally EAVES is Senior Policy Advisor and Chair
of Cyber Trust for the Global Foundation of Cyber
Studies and Research, and CEO of Aspirational
Futures which enhances inclusion and diversity in
education and technology.
A highly experienced Chief Technology Officer,
Professor in Advanced Technology and Global
Strategic Advisor, Sally is an International Author and
Keynote Speaker on Digital Transformation (AI,
Security, IoT, 5G, Cloud, Blockchain) alongside
Culture, Skills, Sustainability and SDGs Impact.
Sally is editor of Cyber Insights, has developed
courses across the data and technology discipline
spectrum and is publishing her new book ‘Tech For
Good’ in 2022.
Collaboration, Culture, Convergence!
The time is now to come together and build a
contagion of collaborative change around
cybersecurity progress. As industries, businesses and
consumers become ever more reliant on a connected
economy, its catalyst as the foundation for digital
transformation will grow. This must be underpinned
by security embedded by design across software and
hardware, addressing rising threats across bad actor
collaboration, IoT, Cloud and API acceleration,
ransomware, phishing, Log4j, DDoS… The list goes
on! But we can and must fight back.
I believe this can be achieved in 3 ways.
Firstly, through collective industry effort. This takes
cross-sectoral thinking across business, technology,
academia and citizens, establishing a baseline of best
practice. Look out for a ‘call-to-arms’ research-to-
action piece on IoT security in early 2022 bringing
this very approach to life.
Secondly, progress necessitates convergence,
comprising technology integration and convergence
of thinking too. Cybersecurity cannot be considered
in isolation, there is a clear social impact perspective
with communities left behind in terms of connectivity,
similarly disadvantaged around security and
environmental factors. The digital divide is frequently
a sustainability and cybersecurity divide - please look
out for a related initiative in April 2022 with my non-
profit Aspirational Futures.
Thirdly, this all takes investment in education culture
and ‘changing the narrative’ on what cybersecurity
careers ‘look like’ to close talent gaps. Data literacy
needs are not confined to technology-facing roles or
the security department, everyone must be
empowered with access, enabling the actualisation of
shared responsibility culture.
The earlier we can start the better! look out for my
new non-for-profit cybersecurity book this year
focussed at children – let’s build curiosity with fun
learning and inspire the next-generation of security
leaders too!
“I believe the time is now to reduce the cost
of security and forge a more powerful
connected future – let’s do it together! “
Cybersecurity 2022
by Dr. Prof. Sally EAVES, ENGLAND

Trust Conversation
Over the past years, we saw a tremendous increase in
digital technologies - from use of smartphones,
digital collaboration, e-commerce to decentralized
infrastructure and modern forms of transportation.
Marvels of modern technology, facilitating new
applications and doing no less than altering the way
we live our lives.
Ultimately, however, if knowledge is power, that
access to data-based business models needs to be
fair, unbiased and open - it needs to be trustworthy.
“We need to be mindful that digital
transformation does not only bring large
opportunities, but all the like large
responsibility. “
Becoming trustworthy is an up-levelling of the
security conversation to include attributes such as
transparency, privacy, collaboration and even
business ethics.
These elements transform the conversation from what
"must" a company do to prevent negative outcomes
to what "should" a company do. In many ways, trust
in technology will be as important as any innovations
in technology itself. For the question of our time is no
longer if „technology can do this“ but if „technology
should do this“.
Ultimately, I see organizations move from the
commonplace "security by design" and „privacy by
design“ to "trust by design" - the leaders already
begin developing their corporate trust program build
on ethical behaviour now, before their customers
demand it.
The main benefit of building digital business on trust
is a different rate of adoption of these new digital
technologies, at an unprecedented speed while
simultaneously fulfilling the promise of simplifying
our lives and improving the state of the world.
This requires to look at both technology and how
people develop it, bring it to market and finally use it.
Only if we „re-unite“ people and technology
can we increase the rate of adoption of digital
technologies, make them inclusive and will
turn them into the positive force for change we
all want them to be - for the environment, for
society and for ourselves.
The NEW
by Kai Michael HERMSEN, GERMANY
Kai Michael HERMSEN believes all people need to
understand current digital topics and how they impact
their lives, to enable trust in technology and good
stewardship of our societies. He believes for
technology to serve its purpose, trust is a
prerequisite.
In his previous role at the Charter of Trust and in his
current role at Identity Valley, to achieve change, Kai
formulates ambitious goals, builds common ground
for collaboration, activates communities, and rolls up
his sleeves to put them into practice.
As a father of two, he is passionate about finding
balance in life as the only way to fuel our best at work
and make an impact.
17

Modern DevSecOps
struggle to find back footing and a place in this
modern and fast-paced world. Modern teams are fast-
paced with 100 releases to production per day, and
data drive decisions and automation are the only
techniques that cover such a rapidly changing
landscape. Nonetheless, many security teams operate
with a manual spreadsheet, manual reports and vague
executive directions. This work methodology is
antiquated and leaves everyone frustrated, starting
with the security team completely overwhelmed with
reports on vulnerabilities. Modern security
landscapers look like the picture below, and for
executives is becoming increasingly difficult to set
targets that make sense to the next level down. This
methodology results in targets that are non-
measurable and not applicable across an entire
organisation.
On top of this landscape of millions of reports and
vulnerabilities, cybersecurity professionals,
executives, and developers face the challenge of rapid
moving landscapes and a fast attacker with average
exploitation of 3-15 days from an attacker on new
vulnerabilities and an average resolution time of 80-
100 day.
The cybersecurity teams need to also deal with red
team exercises, pentest exercises, and external
assessments that add additional vulnerabilities. The
process of dealing with this large amount of issues is
usually left to a non-systematic approach that is very
people-centric, leaving the devsecops professional
overwhelmed and prone to burning out (average time
in the organisation of professionals is 2-3 years). The
Devsecops teams are overwhelmed and struggle to
keep up with the increasing demand for software,
leaving the security team matching 100 or 750
developers in the worst-case scenario.
The solution to those problems is a modern data-
driven approach to DevOps and dev sec ops that
offers security team with data and insights to enable
them to scale and target what is the most efficient
problem to fix and the one that will bring the biggest
reduction in risk and maximise the protection of the
attack surface. At the same time, the modern
devsecops team should be removed from daily fire
fighting of the problem and focus on a more systemic
approach that offers developers secure by default
solution and paves the way of security with
automation and central-data-driven controls.
18
Cloud-Native
by Francesco CIPOLLONE, ENGLAND
The modern organisation landscape has changed.
The new and modern organisations work with various
technologies, cloud, container (Docker, Kubernetes),
software, open-source libraries, web, API, token
authentication system etc... With Digital
Transformation and covid pushing more and more
organisations to the cloud, modern security teams
Francesco CIPOLLONE is the CEO & Founder of
Appsec Phoenix a revolutionary cloud-based
DevSecOps platform. Francesco is also a seasoned
entrepreneur having founded other 2 successful
businesses one of which was an exit.
Francesco was the AppSec and Cloud Security lead
for HSBC, Lead Cloud Security for AWS Professional
Service, and consulted with the United Nations.
Francesco is also Chair of the Cloud security alliance,
published author of 7 books on network,
cybersecurity and application security, host of the
Cyber Security & Cloud Podcast. Francesco is also a
seasoned public speaker having spoken at AppSec
Cali, Cyber Security Cloud Expo, and many more
conferences.

Dr. Alina MATYUKHINA is a cybersecurity manager at
Siemens Smart Infrastructure Global HQ.
In her role, Alina is responsible for ensuring that
products and solutions for smart buildings meet the
required cybersecurity standards while supporting the
needs of users and stakeholders. Previously, she has
worked as a cybersecurity researcher at the Canadian
Institute for Cybersecurity and Swiss Federal Institute
of Technology Lausanne.
She holds a Ph.D. in computer science for her work
in software security and data privacy, namely
protecting developers’ identity in open-source
projects. Alina is currently serving as a Chair of
"Smart Infrastructure" working group at Swiss Cyber
Forum to improve the digital safety and security of
society and economy in Switzerland and globally.
To Practice
All my life I dreamt of doing something that helps
society. Today, as a Cybersecurity Manager in
Siemens Smart Infrastructure I am helping to protect
people’s livelihoods and privacy, as well as the
cybersecurity of the essential systems in smart
buildings, where people live and work.
Do you remember the time you got asked what your
favorite lesson at school is? To me, it was and has
always been clear: mathematics. Ever since then, my
passion and skills grew and I have received many
academic prizes and awards, conducted research in
the field of number theory which led to new use
cases for cryptography and finally, I finished my PhD
in Computer Science at the age of 25.
Having accomplished many academic achievements, i
wanted to aim for the real problems and how to solve
them. All my life I was dreaming of doing something
which can help our society. Today, as a Cybersecurity
Manager at Siemens Smart Infrastructure, I am
ensuring that products and solutions for smart
buildings meet the required cybersecurity standards
while supporting the needs of users and
stakeholders.
Quality of life and cybersecurity through
smart building solutions
Our world becomes more and more connected:
Digitalization does not only concern businesses but
has direct impact on people’s daily lives. However, the
incremental integration of IoT and cloud connection
in smart buildings and the increasing trend towards
IT-OT convergence exposes building systems to
cyberattacks, if not adequately protected.
Through interconnected building systems and
products, our business provides innovative or
ingenious solutions for hospitals, offices, schools and
other places where peoples comfort and lives largely
depend on the quality of their environment.
More from / about Dr. Alina Matyukhina: at
ingenuity.siemens.com
From Theory
by Dr. Alina MATYUKHINA, SWITZERLAND

Mr Hira is experienced at developing efficient and
business-aligned cyber resilience strategies that
transform businesses, foster customer trust, and
enhance revenue security and net promoter score.
Jay has a proven track record of building high-
performance teams ground up and creating an
inclusive culture that empowers individuals and
promotes equality, well-being and fairness. The
gratitude of the people around him rewards Jay.
Successfully influencing change and delivering cyber-
resilience capabilities aligned with IT strategy and
broader business objectives, Mr Hira has a proven
track record of partnering with stakeholders across
the organisation, including the Board and CxO.
That Need Greater Focus In 2022
Jay HIRA is a Cybersecurity Strategy and
Transformation Director with over 15 years of
international experience supporting financial services
organisations to become more cyber resilient through
Zero Trust adoption to build trust and attract more
customers, enabling growth.
The three foundational pillars for the success of any
data protection and privacy program comes from:
Keeping the data available when needed; Keeping the
data safe from unauthorised access; and Protecting
the data accuracy.
One common trend that we witness is that while the
confidentiality and availability aspects of data gain the
most attention, focus on integrity is often overlooked.
This strategy essentially assumes that the threat actor
is a malicious outsider and only aims to exfiltrate data
leaving the data source as-is without compromising
integrity. This strategy fails considering the insider
threat or threat from privilege access abuse,
intentional or unintentional. The whole foundation of
the CIA triad is to balance efforts equally, and the
integrity of data needs an equal amount of effort, if
not more. Businesses should broadly focus on asking
the question of controls built into the critical
platforms they leverage to store customer or sensitive
data to ascertain that data accuracy is checked at the
time of collection and data traceability and auditibility
can be established.
The second trend that we are witnessing is the
adoption of the cybersecurity catchphrase of the year,
Zero Trust. With the adoption of cloud technology,
BYOD, work from anywhere, the attack surfaces have
expanded. Our customers, partners and the supplier
ecosystem access data and services remotely.
Cybercriminals are leveraging both the expansion of
the attack surface and the default trust, which is an
outcome of the traditional perimeter-based
approaches to cybersecurity. Zero Trust throws the
idea of a trusted network out the window in favour of
verification and validation of every user, device,
system and network at every step. These trends
coincide with significant changes in the way
consumers and employees engage online. We're
witnessing data being shared more freely and
accessed from anywhere across multiple devices. In
the forthcoming years, the challenge for businesses
of all sizes are scaling rapidly without disrupting the
user experience, securely providing access to
sensitive data, and being resilient.
20
Cybersecurity Trends
by Jay HIRA, AUSTRALIA

Kerissa VARMA leads Cybersecurity with dispersed
teams across Africa for Vodacom and Vodafone. She
is a seasoned cybersecurity and technology leader
who believes strongly that technology is a critical
economic lever that is pivotal to growth in Africa.
She has held multi-national CISO roles in multiple
sectors, demonstrating history of building and scaling
security capabilities across healthcare,
telecommunications, transport, government and
financial services and is a passionate advocate for
everything cybersecurity.
She volunteers widely to increase cybersecurity skills
across the globe with a keen focus in Africa and she
is the founder and President of Women in
Cybersecurity (WiCyS) Southern Africa and the
Cybersecurity Digital Alliance South Africa (CDSA).
Cyber Advice for 2022
Why a Rapper From 30 Years Ago Has Valid Cyber
Advice for 2022?
When i was a child, vanilla Ice (a famous American
rapper) released a song called “Ice, Ice baby” which
quickly spread through the world in flurry of
popularity. A phrase that has always stuck with me
from the song “Stop, collaborate and listen” is the
inspiration for my advice for 2022. Stop trying to
build strong fences and forgetting about the outside
world, collaborate to find solutions to global
cybersecurity problems and listen to the murmurs of
your people – increasing and retaining talent is
critical.
STop: Thinking you are an island; we are an
ecosystem. For years we have focused on building
strong boundaries from the outside world and
pretending we could insulate ourselves from external
impact. The trend of vulnerabilities in our supply
chain impacting organisations globally is becoming
increasingly common and will continue. Supply chain
risk proves that societal upliftment of cyber posture is
critical for all our protection. Additionally, our ability
to rapidly determine impact and respond to supply
chain risk will become more critical in 2022 as
frequency continues to rise
Collaborate: Collaboration will increase in 2022 –
cross sector, cross-industry, private- public
collaboration will increase out of necessity. In
realising we are a hyperconnected ecosystem
increased collaboration will become a critical tool to
curb cybercrime. Problems too big to be solved
individually will benefit greatly from this level of focus
and integration.
Listen: war on talent will continue into 2022 – The
last two years has catalysed a demand for digital
capabilities. Along with this demand, the need for
cybersecurity skills has grown exponentially and will
continue to do so in 2022. Our ability to encourage
young and mid-career individuals into the field and
provide rewarding work for those in our current teams
becomes critical in the 2022 landscape.
“It always seems impossible until it is done”
~ Nelson Mandela
Stop, Collaborate, Listen
by Kerissa VARMA, SOUTH AFRICA

The European Cyber Resilience Act
Global Fortune 500 Chief Information SEcurity Officer
with expertise on Cyber Security Strategies and
Programs, Threat Intelligence, SOCs, Cyber Crime
and Warfare, Data Privacy and Application Security
Programs. Executive level Cyber Security professional
with experience on engaging with regulating bodies
and managing international wide certifications and
cyber programs.
“We cannot talk about defence, without talking
about cyber,” Ursula von der Leyen said in her
annual State of the Union speech in Parliament,
September 2021.
Moreover, Ursula added that “If everything is
connected, everything can be hacked,” pointing
out that the growing number of connected devices
also increases vulnerability to cyber attacks, taking
our attention to the rapid spread of digital
technologies and the growing concern on critical
infrastructures such as public administration and
health systems.
“And given that resources are scarce, we have
to bundle our forces. And we should not just
be satisfied to address the cyber threat, we
should also strive to become a leader in cyber
security,” - Ursula von der Leyen
Taking a step back, and looking to the EU Cyber
Resilience Act
First of all, lets put everyone on the same page of
what cyber resilience stands for: cyber resilience
refers to the ability to protect electronic data and
systems from cyber-attacks, as well as to resume
business operations quickly in case of a successful
attack.
Its clear from the European Commission speech that
Europe should develop, own and manage cyber
defence tools, allowing us to walk towards the
implementation of an European Cyber Defence Policy,
including legislation on common standards under an
overarching paradigm - the European Cyber
Resilience Act.
More from / About Nuno Martins da Silveira
TEODORO, Cyber Security and Privacy Officer, CISO
at Huawei:
https://www.linkedin.com/pulse/walking-towards-
european-cyber-resilience-act-nuno/
Walking Towards
by Nuno Martins da Silveira TEODORO, PORTUGAL
Background on B.Sc. and M.Sc. in computer
engineering. Specialization in Cybersecurity Risk by
Harvard and Cyber Warfare and Terrorism by Charles
Sturt University, with several published papers.
Current acting Cyber Security and Privacy Officer for
Huawei and previous Global Chief Information
Security Officer (CISO) for Truphone. Served as an
Information Security Expert and Information Security
Officer in multinational Organizations like Vodafone
and Allianz. Board member of ISACA Portugal, GSMA
Fraud and Security member, member of the Executive
Cyber Exchange and ClubCISO. Invited professor in
several universities scoping lectures in Cybersecurity
Strategies and digital resilience.

To Get Tested
23
The theory of Moore's Law results in faster data
processing, higher bandwidth usage, and more
security events which means more tuning and more
complex deployment of tooling.
However, the effects of increased computational
power don't stop there. It means threat intelligence
data will be processed and ingested in much higher
volumes, putting more strain on both the systems and
the analysts using them.
But what does this mean for SOC analysts?
First, it means we must adapt; we have to work
smarter and think more critically with our
investigations. Most importantly, we promptly address
security events and incidents in light of advancements
in technology. These technological advancements can
help us and hinder us; the same is true for our
adversaries.
Far too many SOCs are untested until zero hour.
“We need to test the SOC's capabilities
regularly and proactively. We need to
purposefully put our playbooks, processes,
technology, and the team under pressure
through different types of testing.”
So what is the purpose of testing?
It goes further than confirming your team's readiness,
it will highlight weaknesses in the processes, people,
and technology before these weaknesses rear their
ugly heads during an actual incident.
Testing is ultimately the best way to get that much-
needed assurance that your team is ready to respond
to cyber attacks as they occur. Testing will help
identify training requirements, technological
restraints, playbook gaps, and process gaps.
Ultimately, it will determine if what is in
place is fit for purpose while giving you
visibility of what needs improving.
Jay Jay DAVEY is a leader and mentor in security
operations.
Stemming from an armed forces background, Jay Jay
swiftly became a leader in security operations,
helping people understand how to build, implement
and govern a SOC team to maximise operational
effectiveness. In addition, he has an endeavour to
help businesses understand how to align their SOC,
ensuring that it complements their risk management
function.
Jay Jay has selflessly committed himself to assist
others to break into the industry through mentorship
and guidance.
Time!
by Jay Jay DAVEY, ENGLAND
Jay Jay’s passion for technology starts from when he
was a child as his father was a UNIX System
Administrator who taught him how to use a computer,
after struggling with school and ultimately leaving
with nothing from school and college he decided to
join the armed forces.
Jay Jay started his security journey after leaving the
armed forces working for a helpdesk at Lockheed
Martin, feeling uncomfortable he strived to gain a
position within a SOC without certifications or a
degree and was successful.

Threat Landscape OT/IoT
24
“Get to know your networks, find out who
has access and why. Then make sure you
have control of this, you can thank me later.“
Growing
by Craig FORD, AUSTRALIA
Craig FORD is a wizard of the dark arts, a conjurer of
the cyber world, he delves into ethical hacking,
security engineering and user awareness. He is not
one of those hackers who hides in the dark, hunched
over his keyboard wearing gloves just doing his
thing. No, Craig stands tall in the light, no hoodies
here (Unless its really cold then he might just buckle
on that stance).
He is a wielder of words, with works talking about all
things cyber for CSO online, Women in Security
magazine, Cyber Australia magazine and so many
more we don’t have the space to mention. He has
written some books (A Hacker I Am Series) that will
pull you down the cyber security rabbit hole and
leave you wanting so much more. He has a new
hacker novel series dropping in 2022 (keep a watch
out for this).
Unlike many hackers, he isn’t too hard to find, look
him up, you will not need to search long. When you
do find him, you can find all the usual acronyms and
what not. He is a defender of cyber space, here to
stand with you on the war that is coming between
good (your friendly neighbourhood hacker, cyber
professionals and what not) and evil (Malicious
actors, cyber thugs, criminals). What side are you on?
We all see articles and news about the constant
bombardment of cyber-attacks. Businesses and
consumers are in a constant influx of threats, aimed
at disrupting our daily digital lives and harvesting
every drop of data about us that can be found. This
trend is only set to continue with one change that I
feel has been coming for a while now. I feel a strong
focus of threats will be aimed toward both OT and IoT
devices. IoT devices are becoming more and more
part of our lives. They are becoming smarter, more
capable devices in many cases that do not have a
strong history of security in mind.
There are certainly reasons for the reduced security
focus, these devices need to be small and have
minimal power capabilities. Meaning designers
normally focus on the functionality that they want
them to achieve and don’t want to give up precious
bandwidth for non-essential functionality. Before you
argue with me that security is essential I agree but
they usually don’t, this is just a blocker for them
achieving what they need the devices to be capable of
doing. This will need to be resolved moving forward
or it will be a major security vulnerability that will
leave a lot of organisations roasting over the hot coals
in 2022 or beyond that is sure.
What about OT environments? These networks run
trains, mining, manufacturing, critical infrastructure
but they are normally very custom environments with
very minimal protection. They are generally separate
networks to the primary IT infrastructure of the
organisations but they will have many points of
access that have been put in over the years to allow
for suppliers or support staff to maintain and help get
things back up and running when things screw up.
They likely have full admin control and no monitoring
of this access. Not a very safe or controllable situation
for either of these systems, we need to go back to
basics with these platforms and work on taking back
the control before a malicious actor does it for us. We
have already seen some activity in this space in the
second half of 2021 and it is going to be a big
problem for all of us in the next 12 months.

Jurgita has a Bachelor's degree in journalism, and a
Master’s in politics and media. Throughout her
academic years, Jurgita has explored the subjects of
humor in media and the coverage of armed conflicts,
and wrote a paper on how ideology manifests itself in
popular culture artefacts like internet memes.
Jurgita attended multiple training programs with the
US State Department, European Journalism Centre,
and Transparency International. She is also part of the
international Digital Communication Network, belongs
to the Lithuanian Business News Journalists Club,
and the US-LT Alumni Association.
- “Cybersecurity”…
Jurgita LAPIENYTE is a Senior Journalist at
CyberNews. Jurgita works as a reporter covering the
most important tech-related news, with a strong focus
on how technologies and digitalization affect our
quality of life.
It's my job to bring the most complicated
cybersecurity topics to a broader audience. By
simplifying them, providing interesting examples, and
making it less scary, I hope people will start to care at
least a little bit. It's unreasonable to think that all of a
sudden, everybody will start chatting about
ransomware and cryptography over dinner. Until you
fall victim to a cyber-attack or data breach, it's hard to
care that much.
And that is not unique to cybersecurity. It's only
natural that people care more about the crime rate
and car accidents in their neighbourhood than about
crime statistics in another city. And I wish that those
people would not fall victim to cyber-attack, be safe
from data breaches and avoid the losses they can
cause. But to keep the intruders out of your digital
world, you've got to care at least a little bit.
Imagine a world without pet names as passwords.
Maybe SolarWinds would have never happened in the
first place, as Top executives of SolarWinds believe
that the root cause of the supply chain attack was an
intern who has used a weak password for several
years. If you haven't guessed it yet, the password was
"solarwinds123.“ I hear and read people say they
don't care about being hacked, and anyways, who
would hack them? They don't have much in their bank
account. But that's how malicious hackers get into
organizations, hurting businesses and governments.
I constantly talk to cybersecurity experts, and I know
they are overtired. Not only because there's a massive
skills shortage and there aren't enough people to
stand guard. They also sound tired of repeating
simple mantras like using good passwords because
many still do not listen.
25
“What's For Dinner?”
by Jurgita LAPIENYTE, LITHUANIA
“Being a journalist, I consider it my mission
to deliver cybersecurity news to people in a
way that they would start caring, and at the
same time, wouldn't get too scared of all
the monsters that are out there. “

Of Cybersecurity Initiatives
As we continue to innovate and progress on the
digital front, cyberattacks continue to grow in
sophistication. Here are my predictions on areas
where we will see organizations taking major
initiatives in cybersecurity in 2022.
Safeguard and protection from malwares. as the race
to adopt cloud computing infrastructure and collect
more data and build alternate realities such as the
metaverse continues to grow within organizations,
attackers would continue to target such data.
Cybersecurity leaders will have to perform broad-
level scrutiny within their organizations to ensure data
collection practices are well protected. This will
include initiatives to review mesh architectures, with
increased focus on connectivity from outside the
premises of organizations to support cloud and
remote infrastructure, including remote worker
access. A major consolidation, review and
enhancement of organization security infrastructure is
expected in 2022. This will include adoption of
emerging cyber technologies for Cloud, Zero Trust
Network Access (ZTNA) and Machine Learning
(ML)/Artificial Intelligence (AI). Cyber’s shift as a
profit center. Traditionally, cybersecurity has been
seen as more of a cost center (CAPEX/OPEX) type of
expenditure within most organizations. With the build
of secure infrastructures, the shift to view cyber as a
business enabler can be realized.
When organizations are stronger at the cybersecurity
forefront, it will help them with employee, customer
and citizen trust. This would be a major mindset shift
at the boardroom ensuring organizations are
leveraging their human resource and marketing arms
to justify their profit center strategies with the help of
cybersecurity. Improved process execution and
decision-making using ML technology. As
organization’s continue to invest in cyber
technologies, ML will provide organizations with
significant competitive advantage. ML will play a
considerable role in decision making and automating
tasks such as use case detection and response.
workflows in Security Orchestration and Automation
Response (SOAR) tools within Security Operations
Centers (SOCs), Threat Vulnerability Management
(TVM), Robotic Process Automation (RPA), Software-
Defined (SD) security, Connected and Autonomous
Vehicles and DevSecOps to name a few.
The year 2022 will be interesting year for cyber as we
continue to innovate and progress on the digital front.
I am excited as we started 2022 and continue to work
within our organizations, with our clients and our
networks to execute large-scale, transformational
cyber initiatives; are you?
Massive Prioritization
by Ali KHAN, the UAE
Having been brought up in over three continents as
part of his childhood, Ali KHAN, CCISO, CISM,
CISSP, CDPSE, CISA also known as #thecyberAli, is
an executive cybersecurity professional, father, author,
thought leader, mentor, angel investor, and a
humanitarian.
Ali serves the cybersecurity industry globally with his
Ali serves the cybersecurity industry globally with his
innovative approach to executing and delivering on
cybersecurity initiatives. As a mentor and educator, Ali
continues to work closely with educational institutions
to develop the next generation of cybersecurity
professionals and also provides mentorship, guidance
and career coaching to upcoming and aspiring cyber
professionals and startups and is also the author of a
cyber career handbook, Because You Can: Your
Cybersecurity Career. Ali also volunteers his time and
efforts at not-for-profit organizations providing his
subject matter expertise.

Starts With People
Four Cybersecurity Predictions for 2022
When the coronavirus pandemic started roughly two
years ago, millions discovered how much we take for
granted. Most store shelves became empty,
employees lost their jobs, and businesses that relied
heavily on personal transactions lost both business
and staff. Today, the convenient technology that has
evolved up to this point has also increased our attack
surface.
Business reliance on fragile supply chains also
became exposed. Cybercriminals are aware of this
too. As the number of employers that let employees
access company applications from personal devices
at home has risen largely due to the current job
market conditions, so has the risk of ransomware
attacks. And as the use of Ransomware-as-a-Service
(RaaS) will continue to increase, businesses will need
to place greater focus on executing the fundamentals
of ransomware mitigation.
Supply chain issues have also plagued the modern
world, as software attacks are projected to quadruple
2020’s total by the end of the 2021. Both customers
and suppliers need to focus on mitigating potential
attacks against assets as supply chain cybercrime
shows no signs of slowing down.
As the adoption rate of Internet of Things (IoT)
devices has increased, so have the related
vulnerabilities. Since IoT devices continue to make
many of their non-internet connected counterparts
obsolete, businesses will be forced to budget for IoT
security as IoT attacks will continue to increase since
many are built and utilized without security in mind.
Staffing issues will continue to exacerbate opportunity
for cybercrime. As employers continue to set the bar
for entry ridiculously high and force entry-level
workers to work irregular and odd hours, teams will
continue to be overwhelmed and there are not
enough experienced professionals to go around.
Cybersecurity starts with the people; if you
take care of them, they will take care of you.
27
Cybersecurity
by Thomas MARR, the USA
A proud veteran of the United States Army, where he
served his country as a military intelligence analyst,
Thomas MARR grew up within the diverse and ever-
growing metroplex that is the Dallas-Fort Worth area,
Texas, USA.
Thomas, now a senior security engineer at L3Harris,
has been consulted to build security programs and
contributed to multiple open-source projects.
Thomas holds a Bachelor of Science in Information
and Computer Science from Park University and
several professional certifications, including the
industry respected CISSP.
He pays forward his career success by mentoring
industry newcomers in his free time.
“Thomas is a driven individual with strong technical
and business acumen. He has a natural ability to
analyze and identity threats to organizations and is
passionate about his career and technical growth.
Thomas does not hesitate to mentor newer
individuals in the industry and has proven to be a
valuable resource time and time again. It is without
reservation that I recommend him for leadership,
threat analyst, and threat intel roles. He's a valuable
asset to any organization.” Ken Underhill

Since 2008, he has worked for Airbus Defence &
Space (ADS) as IT Project Leader and Expert in
Network and Security dedicated for all the ADS
spacecraft launch campaigns. Working directly within
the business during all these years, he has always
maintained the same approach:
“Security has to be a business enabler and has to
work for the business”.
Changing The Strategy
Yohann BAUZIL joined Airbus OneWeb Satellites
(AOS) at 33 years old in early 2017 and currently
holds the role of Chief Information Security Officer
(CISO) for the French entity. AOS is a startup of the
New Space, created as a joint venture between Airbus
and OneWeb. Located in Toulouse, Yohann is also
Head of “Cybersecurity, Industrial Security & Data
Protection” for France.
Throughout our life and in our education, from
kindergarten to engineering school, we are taught to
strive for the best grades across all subjects. We have
the societal goal to be good at everything. When you
start working, you instinctively try to become an
expert in your field. Then, one day, you become Chief
Information Security Officer (CISO), and you realize
that you will have to change strategy...
The scope a CISO has to cover is extensive:
management, IT expertise, leadership, governance,
DRP/BCP, offensiveness, budget management,
showing pedagogy and persuasiveness with the
board of directors, IAM, risk analysis, crisis
management, and many others. We can often be
experts in two or three of these aspects. However, the
real challenge of the job is to have an opinion,
knowledge, and know-how in all the topics we have to
address.
“Considering the level of sophistication of
today's security threats and the diversity of
the missions we have to manage, the
CISO's job is becoming increasingly
complex. “
And thus, when you eventually assess the true scope
of your duties, you begin to understand that you will
have to excel at your job without being excellent at
everything. Being an expert in all areas is not a viable
approach, so you need to find a new and acceptable
personal strategy.
Looking at the new challenges ahead - such as
quantum computing, the formidable efficiency of AI,
or the dramatic rise in technology - excellence in the
modern CISO profession is about stepping back and
being humble enough to disregard the conditioning
of our education and learning to accept to be just
"average" in many aspects.
The question becomes simple: Are we sufficiently
prepared to accept being just “an average”? The
answer, not so obvious...
28
CISO
by Yohann BAUZIL, FRANCE

Your Cloud-Native Strategy
Lesly MERINE is a cybersecurity professional since
2010, he started his career within the Luxe industry,
then joined Wavestone as a cybersecurity consultant
in Paris and Hong Kong, working on strategic
engagements within Fortune 500 transformation
programs in finance and public sectors.
As per the Cloud-Native Computing Foundation
(CNCF), a cloud-native application is leveraging
modern cloud platforms capabilities to build and run
scalable applications through containers, micro-
services or immutable infrastructure.
Understand the Ecosystem
Before embedding cloud-native into a cloud security
strategy, it is key to have a clear vision about what is
the cloud strategy and ambition within the
organisation. Designing a cloud-native security
strategy when the organisation builds only monolith
applications on a private datacenter won’t seem
obvious unless there is a strong move-to-cloud
strategy with a refactoring approach.
Assess the Risks
Cybersecurity within a cloud environment is slightly
different from having its own datacenter where the
organisation is accountable for most of the chain
(from physical datacenter premises to the data
processed within the applications).
With the shared responsibility model, the Cloud
Service Provider (CSP) is responsible for the security
OF the cloud platform where the client/organisation is
responsible for the security IN the cloud. My
recommendation with assessing cloud security risk is
to leverage existing materials such as Enisa Cloud
security risk assessment, CISA cloud risk assessment
where most of the common risks are present
(misconfiguration, account takeover, service
disruption, …) but need to be refined for your
organisation.
Define the Policy
As for the risk analysis, my recommendation is to
spend time on organisation-specific topics like your
very own high-level cloud architecture, network
strategy (this is where tough perimeter security
discussions appear...), identity or zero-trust maturity
target to support cloud-native applications.
Link to full article here
What is a cloud-native application?
29
2022: Time To Define
by Lesly MERINE, FRANCE
In 2018, Lesly joined L’Oréal as Chief Information
Security Officer for L’Oréal’s Digital business to lead
the security of the Beauty Tech acceleration. As a
Digital CISO, he also led the DevSecOps program
across L’Oréal entities to increase the application
security maturity of the company towards its digital
transformation.
Lesly is a reserve military officer for the French
Ministry of Defense’s cyber command.
Recently, he started a new adventure within Google
Cloud cybersecurity team, working with strategic
customers in Europe.
For cybersecurity priorities in 2022, Lesly believes
cloud adoption will continue to grow with an
acceleration of cloud natives adoption, thus, security
teams will have to anticipate how their will include
those services into their cybersecurity strategy.

A world-renowned cybersecurity expert, Dr. Maurice
Dawson consulted by government and industry
across the globe.
He is a four-time Fulbright Scholar Recipient,
cybersecurity expert in the U.S. Speaker Program for
the U.S. Department of State. Dawson has a Ph.D. in
Cybersecurity from London Metropolitan University
and a Doctor of Computer Science from Colorado
Technical University.
Last year he was named among the 50 Most
Important African-Americans in Technology by the
Journal of Black Innovation.
Threats And Opportunities
Dr. Maurice DAWSON is Assistant Professor and
Director and Distinguished Member of the Center for
Cyber Security and Forensics Education (C2SAFE) at
the Illinois Institute of Technology.
30
Cyber Warfare:
by Dr. Maurice DAWSON, the USA
It is time for nations to securely integrate Artificial
Intelligence (AI), cybersecurity, data science, and
more into national infrastructure.
It is necessary that even developing countries
embrace the culture of cybersecurity to protect
themselves from the ever-growing global cyber
threats.
The Cybersecurity and Infrastructure Security Agency
(CISA) states there are 16 critical infrastructure
sectors whose networks, assets, and systems are
considered vital to the United States (U.S.), and their
incapacitation or destruction would have a debilitating
effect (Presidential Policy Directive, 2013).
These are the same critical infrastructure sectors that
developing countries that to protect.
Moreover, as cybersecurity has become the fifth
domain of warfare, countries must protect
themselves. These domains are not just for the
military but the civilian sector as well. Understanding
the role of cyber and how it can be used to take
advantage or secure the remaining domains will give
entities the upper hand in strategy (Dawson Jr.,
2021).
“This is the future of cybersecurity and
protecting critical infrastructure as more
devices come online and connected is vital to
a nation’s security and perhaps democracy.”
References:
Dawson Jr, M. E. (2021). Cyber warfare: threats and
opportunities.
Presidential Policy Directive. (2013). Presidential
policy directive -- critical infrastructure security and
resilience. National Archives and Records
Administration. Retrieved December 24, 2021, from
https://obamawhitehouse.archives.gov/the-press-
office/2013/02/12/presidential-policy-directive-
critical-infrastructure-security-and-resil

Vice President (Cyber) Solutions at BlackBerry, Roger
SELS leads BlackBerry Solutions. He serves as a
trusted advisor to clients’ C-Suite to maximize their
cyber program value and impact.
Having a Fighting Chance
To the casual observer the acceleration of the barrage
of breach and ransomware headlines paints a bleak
picture of our cyber future. Cyber warfare is being
waged against our organizations, institutions and
citizens with mounting losses and no end in sight –
defeat all but assured. Do these cyber folks even
know what they are doing?
Crime syndicates have diversified into cyber with
tremendous success. One could argue, driven by
similar profit motives to VCs diversifying into cyber
start-ups. The influx of well-capitalized players on
both attacking and defending sides spurs on
innovation, with both sides trading blows in a
seemingly ever-escalating cyber arms race.
Those of us who come from an offensive security
background (for defensive purposes, ie the red ream)
know all too well that cyber warfare is asymmetrical in
nature and skewed to favor the offensive team.
Adversaries are more agile in developing, adopting
and rolling out innovations. It is a matter of survival -
or failure. Contrast that to our businesses, for whom
digital and cyber can be an enabler, but is far from the
core business and often seen as a cost center still.
Failing to prevent attacks comes at a cost, but so
does preventing or detecting them. Adopting
unproven innovation comes at a risk of potential
business disruption. There are now so many peddlers
of innovation that making sense of the noise is
difficult. Meanwhile our adversaries test, research and
deploy innovation continuously.
Cyber defense has had many blind spots over the
past years. we secured data from leaving our
organizations but ignored business partnerships
which require data to be shared. We reviewed
changes made by privileged users but allowed trusted
third parties to deploy black boxes on our networks,
servers and applications. We assumed we could keep
parts of our environments disconnected from the
internet. We shall see organizations adopt
innovations such as Zero Trust and SBOMs,
continuous threat hunting, automated controls
deployment and testing to remove blind spots
faster with the same rigor as our adversaries – or
we shall keep bemoaning the inexplicable
victories of the adversaries.
31
2022:
by Roger SELS, the UAE
Roger is an accomplished CISO and CxO advisor with
20+ years of experience in developing and maturing
new cyber capabilities. Roger has led large cyber
security transformation programmes to manage
business risks in Fortune-50 organizations across
financial services, insurance, telecom, technology,
government, defence and IC organizations. He is an
international speaker, member of ENISA’s Ad Hoc
Working Group on SOC and AHWG on CyberMarket
and a member of the CyberTheory CISO Advisory
Board and Faculty Advisory Board of CyberEd.
Before joining BlackBerry Cylance, Roger was the
founding CISO at DarkMatter LLC, a cybersecurity
consulting firm serving mainly government, defense
and intelligence agencies. Roger holds a B.A.D.G.E in
Reverse Engineering from ESIEA, Paris.

Who Will Risk Going Too Far…
“Only those who will risk going too far can
possibly find out how far one can go.”
~ T. S. Eliot
Being inspired of the event “Diversity & Security”
organized by Microsoft Norway and Oda Network
(Norwegian leading network for women in tech) I
want to share some ideas about this topic.
Why diversity is so important nowadays?
“Diversity is not just about the color of our
skin, gender, religious or ethnic
background, it is also about being
surrounded by people whose varied
experiences contribute new ideas to
problem solving.” ~ Ann Johnson Corporate Vice
President, Cybersecurity Solutions Group
Studies have shown the importance of diversity and
inclusion in generating more creative solutions to
business problems and enhancing performance and
competitiveness. It’s particularly important in tech
because it serves as a catalyst for success and a
foundation for innovation in so many industries.
While many organizations working on implementation
of “diversity measures” to encourage more women
and other underrepresented groups to explore
careers in tech, it’s still remains a deficiency of
women and minorities, especially in cybersecurity.
It’s easy to calculate the gender gap in cybersecurity.
Women – who make up 11-20% of the industry –
hold few leadership roles in security. As recently
predicted that by 2022, 3.5 million plus cybersecurity
positions will go unfilled, therefore...
“… to gain the advantage in fighting
cybercrime we are dependent on diverse
talents and consciousness about this
subject!
Only Those
by Iryna REINHARDTSEN, NORWAY
Only those who will risk breaking the barriers,
crossing the borders and transforming dreams into
actions can possibly understand how a young lady
from far East can change the cybersecurity landscape
of Norway.
Iryna REINHARDTSEN is a gifted young woman in the
Cyber Security world, with Master's degree in
Computer Systems & Networks from the National
Technical University in Ukraine and more than 15
years of work experience within IT.
Working in Oslo, Norway, for basefarm, devoting her
skills and her true passion is information security
management. Her truly international experience
allows her to assist companies in improving their
security by providing guidance and raising
awareness. All in the effort to reduce the risks and
impacts of a cyberattack.
As a business security officer, iryna is being trusted
to 180 degrees change the customers’s views at
security and risk. Strategy, implementation and
processes are her strengths. A few to mention. An
Information Security Engineer with diverse
background, Iryna became pivotal player in assisting
customers with ongoing security incident response.

Devin PRICE is a passionate information security
analyst with six years of professional IT experience
straddling the worlds of both agile systems
development and cybersecurity.
His areas of interest include e application security,
secure development, and penetration testing. In his
off hours, he enjoys listening to information security
industry podcasts, working through online hands-on
labs to build his cybersecurity skillset, and
connecting with other like-minded security
professionals.
Devin was recently published within the United States
Cybersecurity Magazine's Winter 2022 edition for his
article on the future of DevSecOps
Meet Improved CyberTech
2022 will feel both similar and different from 2021.
The same cybersecurity issues that the industry dealt
with in 2021, such as ransomware and a lack of
software supply chain security, will still be major
issues that organizations will need to tackle in 2022.
The primary difference between both years
will be the scale that these issues will reach.
Ransomware attacks will continue to hit large-scale
businesses but will also begin to be targeted toward
individuals who are not as versed with the experience
as a business.
Software supply chain attacks will ramp up as
attackers move away from targeting first-parties and
go after low-hanging security vulnerabilities within
the software of their third-party vendors.
Unfortunately, there will be more targeted supply
chain incidents, similar in scale to the SolarWinds
hack.
The bright side is that these incidents will lead to
greater scrutiny of the security process of the
software supply chain as well as collaboration
between private and public sector entities to ensure
the impact of these attacks are increasingly mitigated
as time goes on.
December 2022 will be different because there will be
more Artificial Intelligence (AI) and machine learning
(ML) tools used in cybersecurity operations.
Organizations trying to keep up with the rate of
cyberattacks will use 2022 to upgrade their defenses
with AI/ML so that they can begin to better prioritize
security risk to their business operations and
customers.
AI/ML will shift cybersecurity from simply detecting
attacks in a timely fashion to beginning to proactively
bolster against anticipated risks before they are
apparent to attackers. This year, AI/ML will pave the
way for cybersecurity professionals to do more in less
time.
“With better technology to anticipate risk,
cybersecurity will be viewed as a critical
business enabler, instead of merely a cost
drain on operations.”
Familiar Problems
by Devin PRICE, the USA

To Cybersecurity
It is now indisputable, that digital technologies are
embedded into our DNA. Thus, the importance of
Cybersecurity is growing exponentially. Cybersecurity
in business is a fundamental component for the
continued success and transformation of our digital
world. Cyber criminals are using more advanced tools
to penetrate digital systems which can seriously harm
the global economy. Hackers continue to find
sophisticated ways to steal people’s identities and
information through various phishing and other
attacks. Cyber criminals most commonly hack to
access confidential information. And eCommerce
fraudsters are everywhere in cyberspace. Steps
required:
1.Obviously, in the face of these challenges, Tech
giants must invest more in AI-based security systems
to support cyber professionals and to protect
organizations’ digital infrastructures.
2. In addition, educational institutions need to design
better degree qualifications for cyber security
courses, including Quantum computing and advanced
AI.
3. Organizations should employ top cybersecurity
talent to work against the ever-increasing cyber
threats. For example, some work is already being
done to create encryption using Quantum
entanglement, called Temporal Method.
4. Personal cybersecurity must address the needs of
individual users at work and at home as well as the
individual privacy of population. Perhaps we should
consider providing children with globally recognized
digital IDs to prepare them for the Future of Internet
and Cyber-world.
5. Thinking about the smart cities and the Internet of
Things. How to ensure cybersecurity? What is needed
is a universal methodology. How to differentiate
fundamental patterns? How to protect elements of a
chain: from security of a device that creates, captures
your data.. to the data storage.. to the back-end
storage?..
The future of cybersecurity is not well-
defined today.
Professionals speak about the need of a mass shift
away from the currently encrypted data model to new
models. This is because hackers target encrypted
data, store it until the time they themselves can use a
quantum processor to break any and every
encryption. As truly global thinker and practitioner, I
believe that a serious cyber-attack can destroy not
only a single company’s financial health, but also have
systemic effects causing harm to the entire economy
and even security of nations. In essence, it is time to
act and start working jointly to secure our cyberworld.
Future Threats
by Salman QADIR, the UAE
Respected amongst his peers, a passionate tech
business professional with a wide range and depth of
knowledge in technology startups, sustainability and
business strategy, Founder & CEO SALQ iNov8 Tech,
Salman QADIR has an ambitious plan to build a
Cybersecurity and Technology Research Center in
Pakistan.
Technology and Cybersecurity influencer, Salman
manages a global Tech Community (SALQ iNov8),
where numerous top Cybersecurity experts are part
of this community. Salman’s practical knowledge and
vast research cover various industries and emerging
technologies. As a young corporate leader, Salman
eagerly supports the Digital Pakistan, Silk Road (Belt
Road), emerging technologies and start-up initiatives
in Pakistan, Middle East and internationally.

In 2022
At IBM, work is more than a job - it's a calling: To
build. To design. To code. To consult. To think along
with clients and sell. To make markets. To invent. To
collaborate. Not just to do something better, but to
attempt things you've never thought possible. To lead
in this new era of technology and solve some of the
world's most challenging problems.
IBM is a leading cloud platform and cognitive
solutions company. Restlessly reinventing since 1911,
we are the largest technology and consulting
employer in the world, with more than 350,000
employees serving clients in 170 countries.
With Watson, the AI platform for business, powered
by data, we are building industry-based solutions to
real-world problems.
For more than seven decades, IBM Research has
defined the future of information technology with
more than 3,000 researchers in 12 labs located
across six continents. For more information, visit
www.ibm.com.
Website: http://www.ibm.com
Company size: 10,001+ employees
IBM and IBMers
Managing Consultant @ IBM Security | "OutOfBand"
Podcast Co-Host | Woman in cybersecurity who
believes that she contributes with her actions to the
greater good and a safer cyberspace.
In our modern world, data has become a commodity
and often a target in cyberattacks. Jennifer
Wennekers, an IBM Managing Consultant specialised
in Threat Management, helps organisations to prepare
for potential cyberattacks and to improve themselves
in the aftermath of a cyberattack. By doing this, she
ensures that the data entrusted with them stays safely
secured.
Jennifer WENNEKERS, NETHERLANDS
Having been in the IT industry for over 10 years, and
in the Cybersecurity industry for over 6 years,
Jennifer has fulfilled roles such as SOC Analyst,
Cybersecurity Incident Manager and Cyber Defence
Consultant. She is a firm believer in an integrated
security approach, where threat intelligence is
combined with business context, vulnerability
insights, monitoring and detection capabilities, as well
as insights obtained from attack simulations.
Based in the Netherlands, she has worked for
multinational clients based in Europe, Asia, and the
US. As a fierce supporter of diversity in the infosec
world, Jennifer is the co-creator and co-host of the
“Out-of-Band” video podcast, an initiative by
European female cybersecurity professionals who
have honest conversations about working in the
infosec world.

Anonymity and Security
How to access the Dark Web and protect your Privacy,
Anonymity and Security
Do you want to Protect your privacy and security?
How about accessing the dark web? If so, then you
found the right course!
With no prior knowledge required this course will take
you from a beginner to advanced in all of these
topics; teaching you how to properly and securely
discover data and websites on both the dark web and
clear web, access hidden (onion) services,
communicate privately and anonymously using
instant messages and email, manually use end-to-end
encryption to protect your privacy and make it
impossible to read even if it gets intercepted, sign
and verify files, share files anonymously, transfer
funds anonymously using crypto currencies such as
Bitcoin and Monero and much more!
You’ll also learn how to do all of the above in a secure
manner making it very difficult for hackers or other
entities to hack you or de-anonymise you. Even if you
get hacked these entities won’t be able to easily
control your system or de-anonymise you.
More from / About Zaid SABIH AL
QURAISHI, Founder and CTO of zSecurity:
visit: https://zsecurity.org/
Protect Your Privacy
by Zaid SABIH AL QURAISHI, IRELAND
In 2013, he started teaching his first network hacking
course; this course received amazing feedback,
leading him to publish a number of online ethical
hacking courses, each focusing on a specific topic, all
of which are dominating the ethical hacking topic on
Udemy.
Now Zaid has more than 300,000 students on Udemy
and other teaching platforms, such as StackSocial,
StackSkills, and zSecurity.
zSecurity is a leading provider of ethical hacking and
cyber security training, we teach hacking and security
to help people become ethical hackers so they can
test and secure systems from black-hat hackers. Our
goal is to educate people and increase awareness by
exposing methods used by real black-hat hackers and
show how to secure systems from these hackers.
Becoming an ethical hacker is simple but not easy,
there are many resources online but lots of them are
wrong and outdated, not only that but it is hard to
stay up to date even if you already have a background
in cyber security. At zSecurity we aim to put
everything you need in one place, weather you need
full training (online courses), hacking equipment or if
you just want to stay up to date with the latest in
ethical hacking world, you have it all in here.
Zaid SABIH is an ethical hacker, a computer scientist,
and the founder and CTO of zSecurity.
He has good experience in ethical hacking; he started
working as a pentester with iSecurity.

40 under 40 in cybersecurity. top cyber news magazine

40 under 40 in cybersecurity. top cyber news magazine

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à 40 under 40 in cybersecurity. top cyber news magazine

Similaire à 40 under 40 in cybersecurity. top cyber news magazine (20)

Plus de Bradford Sims

Plus de Bradford Sims (16)

Dernier

Dernier (20)

40 under 40 in cybersecurity. top cyber news magazine