This edition features The Most Impressive Leaders in Cybersecurity, Making Waves in the Industry that are at the forefront of leading us into a digital future
Read More: https://ciolook.com/most-impressive-leaders-in-cybersecurity-making-waves-in-the-industry-2023-august2023/
Most Impressive Leaders in Cybersecurity, Making Waves in the Industry 2023.pdf
1. Tech-drive
The Role of Ar ficial
Intelligence in Cybersecurity
Crucial Integra on
IOT Security and its
Fundamentals Protec ng
the Connected World
Alexandro
Fernandez
Guardian of Opera onal Technologies
Alexandro Fernandez
Industrial Cybersecurity Latin
America Regional Director
Impressive
Impressive
Impressive
Leaders in
Making Waves
in the Industry 2023
Most
Cybersecurity,
Cybersecurity,
Cybersecurity,
VOL 08 I ISSUE 06 I 2023
Tech-drive
The Role of Ar ficial
Intelligence in Cybersecurity
Crucial Integra on
IOT Security and its
Fundamentals Protec ng
the Connected World
Alexandro
Fernandez
Guardian of Opera onal Technologies
Alexandro Fernandez
Industrial Cybersecurity Latin
America Regional Director
Impressive
Impressive
Impressive
Leaders in
Making Waves
in the Industry 2023
Most
Cybersecurity,
Cybersecurity,
Cybersecurity,
VOL 08 I ISSUE 06 I 2023
2.
3. At the end of the day,
the goals are simple:
SafetyandSecurity.
5. Hire
character.
Trainskill.
AbhishekJoshi
N
avigating the ever-evolving landscape of
cybersecurity requires not only cutting-edge
technology but also exceptional leadership that
can steer organizations through the complexities of the
digital age. As threats become more sophisticated and
the digital realm expands its boundaries, the prominent
leaders in the niche stand as beacons of innovation and
resilience.
Through this edition, CIOLook delves into the stories of
exceptional individuals, exploring the pivotal moments
that led them to their current positions, the challenges
they've faced head-on, and the groundbreaking
strategies they've employed to safeguard their
organizations. From fortifying infrastructures to
developing next-gen AI-driven threat detection
systems, these leaders showcase the multi-faceted
approach required to stay one step ahead in the cat-
and-mouse game of cybersecurity.
But it's not all about technical prowess. True leaders in
cybersecurity understand the importance of a holistic
approach, addressing not only the technological
aspects but also the human element. From advocating
for robust employee training to promoting ethical
hacking practices, these leaders inspire a culture of
security from within.
As we embark on this odyssey through the pages of the
"Most Impressive Leaders in Cybersecurity, Making
Waves in the Industry 2023," CIOLook underscores the
fact that cybersecurity is not an isolated endeavor, but a
shared commitment that requires constant vigilance,
adaptation and a fearless pursuit of innovation.
It's a realm where innovation is the armor, resilience is
the foundation, and leadership is the compass that
guides us through uncharted waters. We hope the
stories of these leadership icons ignite your own
passions and aspirations within the realm of
cybersecurity, propelling us all towards a safer and
more secure digital future.
Flip through the pages and have a delightful read!
7. C
O
N
T
E
N
T
S
20
16
Tech-drive
The Role of Ar ficial
Intelligence in Cybersecurity
A R T I C L E S
Crucial Integration
IOT Security and its Fundamentals
Protec ng the Connected World
24
Yuri Diogenes
Building a Legacy in Cybersecurity
and Transforming Passion into Impact
9. Brief
Company Name
Diego Baldini
CISO
Diego is working to develop, consolidate and implement
security technologies, strategies, processes and transformation.
Claire Cockerton
Founder & CEO
Derek is currently the CISO at Advanced Micro Devices
(AMD), designing, improving and implementing security
services globally.
AMD
amd.com
Renault Group
renault.com
Alexandro Fernandez
Industrial Cybersecurity,
Latin America
Regional Director
Alexandro holds more than 2 decades of professional
experience in Information Security, IT Cybersecurity &
OT/ICS Cybersecurity, working with multicultural teams across
the world.
TXOne Networks
txone.com
Kelly Garfield
SVP/ Information Security
Senior Manager - Cyber Core
Engineering
Kelly is Information and Cyber Security leader with more than
20 years of industry experience implementing secure
technology solutions and building top performing global teams.
Wells Fargo
wellsfargo.com
Microsoft
microsoft.com
Yuri is Principal Program Manager in Microsoft CxE ASC
Team, where he primarily helps customers onboard and deploy
Azure Security Center and Azure Defender as part of their
security operations/incident response.
Yuri Diogenes
Principal PM
Manager
Featured Person
Impressive
Impressive
Impressive
Leaders in
Making Waves
in the Industry 2023
Most
Cybersecurity,
Cybersecurity,
Cybersecurity,
10. Alexandro
Fernandez
Guardian of Opera onal Technologies
Our company has a high commitment to
investing in improving our solutions; we
have a large R&D team that takes care of
enhancing our technology stack,
innovating and maturing our products.
12. T
he digital age has ushered in a new era of
industrial operations, where interconnected
systems and technologies have revolutionized
manufacturing processes. However, with this
advancement comes the heightened risk of cyber
threats that can disrupt critical infrastructures. Our
society, economy and critical infrastructures have
become largely dependent on computer networks and
information technology solutions, making them
vulnerable to cyber-attacks. The interconnections of
modern commerce and the difficulty in attributing
cyberattacks blur the lines between what is simply one
company's problem and what is a national security
crisis.
Amidst this landscape, Alexandro Fernandez, the Latin
America Regional Director at TXOne Networks, has
emerged as a leading figure in the realm of industrial
cybersecurity. With an unwavering commitment to
protecting Operational Technologies (OT) in industrial
environments, Fernandez has spearheaded initiatives
to ensure the smooth and secure functioning of key
industries across the region.
Alexandro Fernandez is leading the charge in industrial
cybersecurity. His expertise and dedication enable
partnering companies to navigate the complex realm of
industrial cybersecurity, safeguarding critical
infrastructures and operational technologies. With a
commitment to tailored solutions, continuous
innovation and industry collaboration, Fernandez and
TXOne Networks remain at the forefront of protecting
industrial environments in Latin America and beyond.
Let’s delve into the specifics of how Mr. Fernandez is
transforming cybersecurity in Latin America and stepping
into more secure industrial operations.
Industrial Cybersecurity and its Crucial Role
Industrial Cybersecurity is a set of processes, practices
and technologies designed to manage the cyber risk of
industrial cyberspace derived from the use, processing,
storage and transmission of information used in the
industrial infrastructures of organizations, considering
people, technology and the processes followed for the
use of Operating Technologies (OT).
Industrial cybersecurity must consider the need to
complement itself with its equivalent versions with
other security practices, such as environmental
security, physical security, safety and equipment,
without neglecting the value of the technological
heritage of industries, understanding as such those
tangible and intangible assets derived from intellectual
work such as an idea, an invention, an industrial secret,
a process, a program, data, formula, patent or
trademark, this heritage being the main asset to be
protected by industries.
In today's world, the importance of industrial
cybersecurity cannot be overstated, and it has become
a critical aspect for several key reasons; here are 3 of
the most important:
Ÿ Critical Infrastructure Protection: Ensuring the
protection of critical infrastructure is paramount to
maintaining essential services and national security.
He says, “It is known as all that technological
infrastructure that is necessary for an entire
country to have basic services such as water, energy,
communications, nuclear, transportation,
emergency services, public health, and
manufacturing systems among others, and national
security.” Mr. Fernandez recognizes the significance
of safeguarding these infrastructures against cyber
threats.”
Ÿ Regulations and Compliance: Numerous countries
have established national cybersecurity strategies
and regulations that encompass the protection of
critical infrastructure, as well as cybersecurity
policies and other regulations directed at specific
sectors such as those related to energy (Generation,
distribution) and transportation (Air, maritime,
railway). Mr. Fernandez understands the
importance of complying with these regulations and
ensuring industrial companies adhere to the
cybersecurity policies specific to their respective
sectors, such as energy and transportation.
Ÿ Digital transformation/Industry 4.0: With the
advent of Industry 4.0 and digital transformation
initiatives, industrial companies aim to enhance
their production processes, efficiency and
maintenance practices, minimize losses, be more
efficient in terms of equipment maintenance,
workshop floor management, etc., but to achieve all
this it is highly recommended that industrial
companies should cyber protect these industrial
environments. However, embarking on this journey
necessitates robust cybersecurity measures.
Mr.Fernandez emphasizes the need for industrial
companies to fortify their cyber defenses before
undertaking digital transformations, safeguarding
against potential cyberattacks.
13. We promote the
adaptability of
our solutions to
the constant
threat landscape
that exists today.
“
“
“
“
Continuing on this, he shares, “Before starting the journey
that leads them towards a successful digital transformation
and that does not leave "doors open" for possible future
cyber-attacks.”
Staying Ahead: Understanding Threats and
Vulnerabilities
To remain at the forefront of industrial cybersecurity,
Alexandro Fernandez diligently stays abreast of the
latest threats and vulnerabilities in industrial
environments. He emphasizes, “There are different
mechanisms to be updated and notified regarding the latest
threats and vulnerabilities in industrial environments. Some
of these mechanisms can be found, for example, in the
bulletins published by CISA or in other industrial
cybersecurity communities such as the ISA (International
Society of Automation), manufacturers of industrial
cybersecurity solutions, among others.”
He leverages various mechanisms to stay updated,
while additionally, Mr. Fernandez relies on threat
intelligence services and interactive maps, such as
TxOne's Threat Atlas, to gain real-time insights into
cybercriminal activities targeting industrial
environments.
He says, “There are also companies that provide
Operational Technologies (OT) threat intelligence services
through specific reports that are issued. We can also find
interactive maps (such as TxOne's Threat Atlas) that
illustrate valuable information on cybercriminal activity
that shows some of the cyber-attacks in industrial
environments in real-time.”
Identifying and Assessing Security Risks
Mr. Fernandez emphasizes the significance of
employing a structured methodology to identify and
assess security risks in industrial environments. While
adapting to each industrial company's unique
requirements, he recommends following the steps
outlined in the ISA/IEC 62443-3-2 standard. The steps
outlined by Fernandez include:
Ÿ “Perform a High-level cybersecurity assessment:
Identifying the SuC (System under consideration) by
reviewing system architecture diagrams, inventory,
14. importantly try to verify that those risks are below the
defined risk appetite.”
Ÿ Implementing these steps enables organizations to
gain a comprehensive understanding of their OT
cyber risks.
Tailored Solutions for Partnering Companies
One of Mr.Fernandez's key objectives is to provide
tailored solutions that meet the specific needs of
partner companies. He shares, “I focus on understanding
two main topics; The first one is related to the general
thoughtful of the operating technologies (OT) that support
industrial processes and that can affect the discontinuity of
those industrial processes.” Based on this knowledge, Mr.
Fernandez proposes high-level designs that align with
the company's business objectives, focusing on the
operation and cyber protection of their OT.
He also explains, “Once the above is done, I propose a
high-level design of how our solutions can help the
company meet its business objectives related to the
operation and cyber protection of the operational
technologies that manage the industrial processes.”
Ÿ company policies, regulations and risk tolerance related
to this SuC.
Ÿ Perform an initial cybersecurity risk assessment: Use
existing PHAZOPs (Hazard and Operability study) and
other relevant risk assessments like cyber maturity
reviews, LOPA (Layers of Protection Analysis) reviews,
Audit reports, etc., and corporate risk matrix to identify
potential risks and to use them as a starting point and to
gain an initial understanding of the worst case risk
scenario for the SuC, to present in terms of impacts to
health, safety, environmental, business interruption,
production loss, product quality, financial, legal,
regulatory, reputation among others.
Ÿ Zoning and Conduit Classification: Group the IACS
(Industrial Automatization Control Systems) and
related assets into zones and conduits critically with the
intention of classifying those assets.
Ÿ Perform a detailed cybersecurity assessment for each
zone & conduit: Identifying threats and vulnerabilities,
determining consequences and impacts, and
determining the security level (SL-1, SL-2, SL-3, SL-4
according to IEC 62443) to be achieved. Then identify
and evaluate existing controls/countermeasures, define
a risk threshold, calculate residual risk and very
15. Moreover, Mr. Fernandez ensures that the solutions are
validated through demos and proof-of-concept testing
to meet the technical requirements of clients. This
process culminates in the formalization of projects that
address the unique needs of each partnering company.
In his words, “As part of the process, the next step is to
execute a Demo and a Proof of Concept of our solutions to
validate that our solutions meet the technical requirements
of our clients.”
Protecting Protocols and Ensuring Operational
Continuity
Continuity Industrial protocols and control commands
play pivotal roles in industrial cybersecurity, as they
govern the operation of industrial processes. Mr.
Fernandez emphasizes the importance of
understanding these protocols depending on each
industry; for example, we have those related to the
health sector, such as HL7 or DICOM, to mention the
most important. There are also other protocols that are
used in factory automation, such as ModBus, CIP, S7
Comm, and OPC-UA, or we also have others widely
used in the energy sector, such as DNP3, IEC-61850,
among others, and these should be protected against
unauthorized modifications that could potentially
disrupt operations.
One of the most important points to consider in some
of these protocols are the control commands that can
be executed since an attacker can modify an instruction
and can cause damage to an industrial process. To
achieve this, TXOne Networks' EDGE IPS (Intrusion
Prevention System) enables the configuration of
specific rules that prevent unauthorized changes at the
command level, ensuring the continuity and integrity of
industrial processes.
Balancing Security and Operational Efficiency
Maintaining smooth and efficient operations while
prioritizing security is a critical challenge in industrial
cybersecurity. Mr. Fernandez recognizes the
paramount importance of operational continuity and
tailors solutions to minimize intrusion while adequately
addressing cyber risks. By considering factors such as
operational technologies, existing cybersecurity
controls, and asset criticality. Mr. Fernandez designs
solutions that strike a balance between security and
operational efficiency, ensuring uninterrupted
processes.
The most important objective for an industrial
environment is to maintain the continuity of the
processes, which implies and covers many aspects;
therefore, it is relevant to understand the operation
technology that is required to operate those industrial
processes, the industrial network, the existing
cybersecurity controls (if they exist), the criticality of
the asset and from there propose a solution that can be
the least intrusive possible, the most adequate to
minimize cyber risks and that has as priority number
one to maintain the operations up and running.
Incident Response: A Proactive Approach
Mr. Fernandez underscores the significance of having
robust incident response mechanisms in place. He says,
“It is essential that industrial companies have mechanisms
and processes when it comes to incident response, as today
you cannot afford not to have them.”
He advocates for the adoption of industrial
cybersecurity incident response policies, engaging
experienced cybersecurity companies well-versed in
16. There are different
mechanisms to be updated
and notied regarding the
latest threats and
vulnerabilities in industrial
environments. Some of these
mechanisms can be found,
for example, in the bulletins
published by CISA or in other
industrial cybersecurity
communities such as the ISA
(International Society of
Automation), manufacturers
of industrial cybersecurity
solutions, among others.
acknowledges the progress made by certain countries
in the region while highlighting the need for broader
cybersecurity strategies and initiatives across Latin
America.
Some other initiatives related with the protection of
critical infrastructures across Latin America, for
example the “PNCS: Política Nacional de Ciberseguridad”
in Chile, the “Programa Nacional de Infraestructuras
Criticas de Información y Ciberseguridad” in Argentina,
the “Política Nacional de Segurança de Infraestruturas
Críticas – PNSIC” in Brazil, the “Ley de Ciberdefensa No.
30999” in Peru and some others in countries like
Colombia.
Integrating Solutions with IT and OT Systems
TXOne Networks' solutions seamlessly integrate with
existing IT and OT systems in industrial environments.
Understanding the diverse OT protocols used in
various industries, Mr. Fernandez ensures the
protection of legacy operating systems and addresses
technical vulnerabilities through their "Virtual
Patching" mechanism. The solutions also facilitate the
export of results in formats compatible with other IT
cybersecurity solutions, enabling efficient integration
with the existing ecosystem.
How do you plan to continue innovating and
improving your solutions in the coming years, given
the constantly evolving cybersecurity landscape?
Mr. Fernandez and TXOne Networks prioritize
continuous innovation and improvement of their
solutions. With a robust research and development
team, they invest in enhancing their technology stack,
innovating products and adapting to the evolving threat
landscape. Client feedback and collaboration play an
integral role in their innovation process, ensuring their
solutions effectively address the ever-changing
cybersecurity challenges faced in industrial
environments.
industrial environments. By ensuring an understanding
of operating technologies and their relationship with
industrial processes, organizations can effectively
manage and respond to cybersecurity breaches.
Navigating the Latin American Regulatory Landscape
In Latin America, the regulatory landscape for
industrial cybersecurity is still evolving. While
countries like Chile, Colombia and Brazil have made
strides in establishing specific regulations for
protecting critical infrastructures, other nations are yet
to develop comprehensive cybersecurity strategies. In
these nations, specific regulations focused on the
protection of the national electricity sector are
mandatory and relatively mature. Mr. Fernandez
17.
18. The Role of
ArtificialIntelligence
in Cybersecurity
n an era where technology is evolving at an unprecedented
Ipace, the threat landscape in the digital realm has become
increasingly complex and sophisticated. Cyberattacks have
grown in frequency and severity, posing significant risks to
individuals, organizations, and even nations. In response to this
growing menace, Artificial Intelligence (AI) has emerged as a crucial
tool in bolstering cybersecurity defenses. AI's ability to analyze
vast amounts of data, recognize patterns, and make informed
decisions in real-time has revolutionized the way we approach
cybersecurity. This article explores the pivotal role of AI in
cybersecurity, its applications, benefits, challenges, and future
prospects.
AI and Cybersecurity: A Dynamic Duo
AI has become an indispensable asset in cybersecurity due to its
unique capabilities:
Threat Detection and Prevention: Traditional cybersecurity
methods often struggle to keep up with rapidly evolving threats.
AI-powered systems excel in identifying anomalies and patterns in
network traffic, enabling early detection of potential breaches.
Machine learning algorithms can learn from historical data to
identify emerging threats and predict attack vectors, enabling
proactive defense measures.
Behavioral Analysis: AI-driven systems can learn the normal
behavior of users, systems, and networks. This allows them to
detect abnormal activities that may signify unauthorized access or
breaches. By monitoring user behavior, AI can spot suspicious
actions that might go unnoticed by traditional rule-based systems.
Automated Response: AI can automate responses to certain types
of attacks, mitigating the impact and reducing the time required for
www.ciolook.com | August 2023 |
16
20. manual intervention. Rapid response to threats helps in
preventing their escalation and minimizing damage.
Phishing Detection: Phishing remains one of the most
common and effective attack vectors. AI can analyze
emails, URLs, and attachments to identify
characteristics of phishing attempts, reducing the
likelihood of successful attacks.
Vulnerability Management: AI can assist in identifying
potential vulnerabilities in software and systems by
analyzing code and assessing their potential
weaknesses. This aids in timely patching and reducing
the attack surface.
User Authentication: AI-powered authentication
systems can go beyond traditional methods, utilizing
biometric data, behavioral analysis, and contextual
factors to ensure secure access.
Benefits of AI in Cybersecurity
Speed and Accuracy: AI processes data at lightning
speed and can quickly identify anomalies or threats
that might go unnoticed by human analysts. This helps
in real-time threat detection and response.
Adaptability: AI systems can learn from new data and
adapt to evolving threats, reducing the need for manual
rule updates.
AI-Powered Threat Intelligence and Analysis
AI's ability to process and analyze massive volumes of
data plays a crucial role in threat intelligence.
Traditional methods of gathering threat intelligence
often involve manual collection and analysis of data
from various sources. However, AI can automate and
enhance this process by scanning the web, social media,
dark web, and other sources for indicators of potential
threats. It can then analyze this data to identify
patterns and correlations, helping cybersecurity
professionals understand the tactics, techniques, and
procedures (TTPs) of threat actors. This real-time and
comprehensive analysis enables quicker response and
adaptation to emerging threats.
Machine Learning and Intrusion Detection
Intrusion detection systems (IDS) are a cornerstone of
cybersecurity, monitoring networks for signs of
unauthorized access or malicious activities. Machine
learning algorithms can significantly enhance the
capabilities of IDS by learning normal network behavior
and identifying anomalies. These algorithms can detect
even subtle deviations from established patterns,
enabling the detection of advanced persistent threats
(APTs) and insider threats that might go unnoticed by
rule-based systems. Over time, the machine learning
models can adapt to changes in network behavior,
reducing false positives and negatives.
Cyber Threat Hunting
AI-driven cyber threat hunting involves proactively
searching for indicators of compromise (IoCs) and signs
of potential breaches within an organization's network.
This approach goes beyond automated detection
systems and relies on the expertise of human analysts
to guide AI tools in the hunt for hidden threats. AI can
assist by identifying suspicious patterns, generating
hypotheses, and prioritizing areas that require
investigation. This combination of human intelligence
and AI's data processing capabilities creates a
formidable approach to identifying and mitigating
sophisticated threats.
Security Automation and Orchestration
AI not only aids in threat detection but also facilitates
automated responses to certain types of threats.
Security orchestration platforms integrate various
security tools and technologies to create an automated
incident response workflow. When a security event is
detected, AI can assess the severity, gather additional
contextual information, and initiate a predefined
response. For instance, AI can automatically isolate
compromised systems from the network, block
malicious IP addresses, or trigger alerts to security
personnel. This automation reduces response time and
ensures consistent actions, reducing human error in
high-pressure situations.
Outlook
The symbiotic relationship between AI and
cybersecurity continues to evolve, shaping the
landscape of digital defense. AI's role in cybersecurity is
not just about creating stronger walls against threats
but also about enabling proactive strategies, rapid
responses, and smarter decision-making.
www.ciolook.com | August 2023 |
18
21.
22. Yuri
Diogenes
Diogenes
Diogenes
Building a Legacy in
Cybersecurity and Transforming
Passion into Impact
I
n a dynamic and rapidly evolving sector such as
cybersecurity, exceptional leaders play a crucial role
in driving innovation and shaping the industry. By
embracing innovation and cultivating a culture of
creativity, leaders in the cybersecurity industry can
stay ahead of the curve and drive long-term growth.
However, it is important to recognize that many
organizations lack sufficient cybersecurity talent,
knowledge and expertise, and the shortfall is growing.
Acknowledging the importance of these trends, Yuri
Diogenes stands out as a visionary leader in the
cybersecurity industry, leaving an indelible mark
through his expertise, commitment to education and
relentless pursuit of excellence. With his contributions
as an author, educator and manager, Yuri continues to
shape the industry and inspire the next generation of
cybersecurity professionals.
Yuri, Principal PM Manager at a renowned technology
company-Microsoft, has emerged as one of the most
impressive leaders in cybersecurity, making waves with
his expertise and vision. With a career that spans over a
decade, Yuri has overcome numerous challenges to
reach his current position and has been impacting the
industry through his extensive knowledge and
contributions.
Let’s delve into Yuri driving forces that shape the
cybersecurity industry and pave the way for future
advancements!
Building a Solid Foundation
Yuri embarked on his professional journey at Microsoft
in 2006, initially as a Support Engineer providing
assistance for Microsoft Exchange Server. In 2007, he
transitioned into the security domain, dedicating his
efforts to supporting ISA Server, Microsoft's
Firewall/Proxy solution at the time. His experience in
technical support laid a strong foundation, equipping
him with a deep understanding of customer needs and
product development lifecycle.
Yuri's unwavering determination and belief in the
power of networking allowed him to explore various
opportunities beyond his daily job responsibilities. He
ventured into technical writing, publishing articles
about Forefront TMG and the evolution of the ISA
Server. His visibility in the field led to his first book deal
with Microsoft Press, releasing the ‘Forefront TMG
Administrator Companion’ in 2010.
Following this, Yuri transitioned to the Windows
Security team at Microsoft in 2011 as a Writer,
focusing on articles about Windows security
capabilities and countermeasures. A reorganization in
2012 led him to the Windows Networking Team,
initially challenging his enthusiasm for cybersecurity.
Nevertheless, he maintained his professionalism and
pursued a Master's degree in Cybersecurity from
UTICA College from 2012 to 2014.
In 2014, Yuri's pivotal encounter with the Dean of EC-
Council University at Hacker Halted in Atlanta changed
the course of his career. He embraced the opportunity
to teach at their bachelor's degree program in
Cybersecurity and began a journey of education,
inspiring new cybersecurity professionals and a
published author (8 Books). Yuri's passion for teaching
and improving lives through education fueled his
dedication to EC-Council University, where he has been
recognized as Faculty of The Year for two consecutive
years (2018 and 2019).
www.ciolook.com | August 2023 |
20
23. There is
nothing like
the human
connection to
build a team
that is invested
in your success
and the
success of the
company.
“
“
www.ciolook.com | August 2023 |
21
24. From Technical Writing to Leadership
Yuri’s journey in the cybersecurity field is a testament
to his passion and determination. In 2015, he was
allocated to a project that involved writing about a new
technology aimed at enhancing cloud security. The
product, initially known as Azure Security Center, was
released in public preview at the end of that year. Yuri
quickly became a public figure for Azure Security
Center, contributing to its improvement and raising
awareness through speaking engagements at large
conferences.
Yuri's expertise and dedication led him to publish three
editions of the Azure Security Center book for
Microsoft Press. In 2021, as the product expanded
beyond Azure environments to encompass other cloud
platforms like AWS and GCP, it was renamed Defender
for Cloud. Yuri wrote a blog post to bring awareness to
this change, highlighting the product's multi-cloud
security capabilities.
Driven by his passion for education and awareness, Yuri
went on to create a Talking Show called ‘Defender for
Cloud in the Field.’ Through this show, he interviews PMs
and Developers to educate the audience about the
product and its benefits. To further deepen his impact,
Yuri released a new book about Defender for Cloud,
published by Microsoft Press, providing valuable
insights for professionals in the field.
Incentivizing the Deterrents
While leading the wave of awareness about the
importance of cloud security, Yuri recognized the need
to expand his impact and lead others to make a greater
difference. He made a pivotal transition from an
individual contributor role to a manager role at
Microsoft, where he now leads a high-performance
global team of PMs located in Ireland, India and the
United States.
Managing a global remote team presents its own
challenges, particularly due to different time zones.
However, Yuri's commitment to work-life balance and
leading by example has enabled him to establish
effective communication and support mechanisms. By
setting a schedule that allows him to connect with each
PM within their working hours, Yuri ensures that his
team members feel valued and supported.
Throughout his career, Yuri has faced and overcome
various challenges. He shares valuable lessons he has
learned along the way:
Ÿ Staying motivated despite setbacks: Yuri
emphasizes the importance of not allowing
circumstances to dictate one's mood. By adopting a
mindset that sees oneself as a personal brand and
the employer as a customer, he focuses on providing
excellent service and maintaining a positive outlook.
Ÿ Embracing total ownership: Yuri encourages taking
responsibility for one's choices and outcomes.
Rather than making excuses for failures, he
advocates for learning from them and striving for
continuous improvement.
Ÿ Cultivating self-discipline: Drawing from his
experience of working remotely since 2011, Yuri
www.ciolook.com | August 2023 |
22
25. emphasizes the significance of self-discipline in
maintaining productivity and balance. By
establishing boundaries and adhering to a well-
structured routine that encompasses personal well-
being, personal life and work, individuals can thrive
in a remote work environment.
Ÿ Capitalizing on strengths when leading others:
Yuri's management style centers around
recognizing and leveraging the strengths of team
members. By focusing on individuals' strengths
rather than weaknesses, he has observed significant
improvements in both performance and overall
happiness within his team.
Advancing Technological Innovations for Resourceful
Solutions
Recognizing the role of technology in reshaping the
cybersecurity landscape, Yuri acknowledges the
potential of Artificial Intelligence (AI) in addressing
threats and enhancing incident response. However, he
also understands the concerns surrounding AI's impact
on job security within the cybersecurity field. As a
people manager and educator, Yuri emphasizes the
need for cybersecurity professionals to evolve,
combining technical expertise with a deep
understanding of the business and interpersonal skills.
Yuri believes that alongside technical competence, soft
skills will play an increasingly significant role in the
future of cybersecurity. Building strong human
connections and fostering teamwork is essential for
creating a workforce that is invested in the company's
success and shared goals. While AI may automate
certain tasks, the unique value brought by
cybersecurity professionals lies in their ability to
connect, adapt and bring holistic solutions to complex
challenges.
Driving Change and Education
Yuri has had a profound impact on the dynamic
cybersecurity industry through his expertise and
extensive contributions. With 31 published books, most
of which focus on Information Security, Yuri actively
educates security professionals on utilizing security
technologies effectively. His book ‘Cybersecurity –
Attack and Defense Strategies: Counter modern threats and
employ state-of-the-art Tools and Techniques to protect
your organization against Cybercriminals’ achieved
remarkable success, listed for four consecutive years as
one of the top 20 best network security books of all
time by Book Authority.
Yuri's commitment to preparing professionals for the
cybersecurity field led him to publish a new book,
‘Building a Career in Cybersecurity: The Strategy and Skills
You Need to Succeed.’ This book, released in July, offers
guidance on entering and growing in the cybersecurity
industry, emphasizing technical skills and often-
overlooked soft skills. As the demand for cybersecurity
professionals continues to rise, with 3.5 million unfilled
positions projected by 2025, Yuri's contributions to
educating and equipping professionals hold immense
value.
Stepping into the Future
In the long run, Yuri aspires to continue making a
difference in the cybersecurity domain by enabling
professionals to achieve their potential. As a Principal
PM Manager, he strives to provide his team with the
necessary tools to excel in their careers while helping
customers enhance their security posture. Whether
managing a larger team or an entire organization, Yuri
envisions himself contributing to a higher scale of
impact.
As an educator and author, Yuri remains committed to
educating cybersecurity professionals, ensuring they
are well-prepared and equipped for success. He also
aims to promote the inclusion of women in
cybersecurity, fostering a more diverse and inclusive
industry. Yuri's dedication to continuous learning is
evident through his pursuit of a Ph.D. in Cybersecurity
Leadership from Capitol Technology University.
Bequeathing Wisdom
Yuri advises aspiring entrepreneurs venturing into the
dynamic cybersecurity industry to invest in human
connections. While technology, including AI, plays a
crucial role, the power of human relationships and
teamwork should not be underestimated. Building a
team that is not only technically competent but also
passionate about the company's vision and goals
creates a sense of belonging and purpose. In a world
increasingly defined by remote work, Yuri emphasizes
the importance of in-person interactions and fostering
a culture where individuals feel connected
and valued.
www.ciolook.com | August 2023 |
23
26. IoT Security and its
FundamentalsProtecting
the Connected World
he Internet of Things (IoT) has revolutionized the
Tway we interact with technology by enabling
seamless communication between devices and
the internet. From smart homes and connected vehicles
to industrial automation and healthcare systems, IoT
has found its application in virtually every sector.
However, this proliferation of interconnected devices
has also introduced a range of security challenges that
need to be addressed to ensure the privacy, integrity,
and availability of data and services. In this article, we
will delve into the fundamentals of IoT security and
explore strategies to protect the connected world.
IoT security refers to the set of measures and practices
designed to protect the confidentiality, integrity, and
availability of data and services in IoT environments.
Unlike traditional IT systems, IoT ecosystems often
involve a diverse range of devices, protocols, and
communication channels, which amplifies the
complexity of security concerns. The unique
characteristics of IoT necessitate a comprehensive
approach to security that encompasses both hardware
and software aspects.
Key Fundamentals of IoT Security
Device Authentication and Authorization: Ensuring
that only authorized devices can access the IoT
network is crucial. Secure authentication mechanisms,
such as digital certificates, biometrics, and two-factor
authentication, can help prevent unauthorized access.
Data Encryption: Given the sensitive nature of IoT
data, it's essential to encrypt both data at rest and data
in transit. Strong encryption protocols like TLS
(Transport Layer Security) safeguard data from
interception and tampering.
Network Security: IoT networks can be vulnerable to
attacks like man-in-the-middle attacks and
eavesdropping. Implementing secure communication
protocols and regular network monitoring can help
detect and prevent these threats.
Firmware and Software Updates: Regular updates are
necessary to address vulnerabilities and security flaws
in IoT devices. Manufacturers should provide
mechanisms for secure and timely firmware and
software updates.
Secure Boot and Hardware Security: Ensuring that
only authenticated and trusted software can run on IoT
devices is vital. Secure boot processes and hardware-
based security modules can protect against
unauthorized code execution.
Access Control: Implementing fine-grained access
controls limits the privileges of users and devices within
an IoT ecosystem. This minimizes the potential damage
that can be caused by a compromised device.
Security by Design: Building security into IoT devices
from the ground up is more effective than trying to
retrofit security later. Following best practices like the
www.ciolook.com | August 2023 |
24
28. principle of least privilege and applying the "defense in
depth" approach can enhance overall security.
Privacy Concerns: IoT devices often collect vast
amounts of personal and sensitive data. Privacy
protection measures, such as data anonymization and
user consent, are critical to address legal and ethical
considerations.
IoT Gateway Security: Gateways that connect IoT
devices to the internet can be points of vulnerability.
Implementing security measures at the gateway level
can help filter and control traffic between devices and
the cloud.
Security Monitoring and Incident Response:
Continuous monitoring of IoT environments allows for
the timely detection of anomalies or breaches. Having a
well-defined incident response plan helps mitigate the
impact of security incidents.
Blockchain for IoT Security: Consider mentioning the
use of blockchain technology to enhance security in IoT
ecosystems. Blockchain's decentralized and tamper-
resistant nature can provide a secure way to record and
verify transactions and interactions between IoT
devices.
Zero Trust Architecture: Explain the concept of zero
trust architecture in IoT security. This approach
assumes that no device or user should be trusted
automatically, requiring continuous verification and
validation of all devices and users trying to access the
network.
Security Standards and Frameworks: Discuss relevant
security standards and frameworks designed for IoT
security, such as ISO/IEC 27001, NIST Cybersecurity
Framework, and the Industrial Internet Consortium
(IIC) Security Framework. These provide guidelines for
implementing robust security measures.
Multi-Layer Security: Emphasize the importance of
implementing security at multiple layers of the IoT
ecosystem. This includes not only the devices
themselves but also gateways, cloud services, and user
interfaces.
IoT Security Testing: Explain the significance of
penetration testing and vulnerability assessments
specifically tailored to IoT environments. These tests
simulate real-world attacks to identify weaknesses and
provide insights into improving security measures.
Regulatory Compliance: Discuss how IoT security
aligns with regulatory compliance requirements in
various industries, such as healthcare (HIPAA),
automotive (ISO 21434), and data protection (GDPR).
Meeting these standards is crucial for avoiding legal
penalties.
Collaboration in Security: Highlight the need for
collaboration among manufacturers, developers,
policymakers, and end-users to collectively address IoT
security challenges. An ecosystem-wide approach
ensures a more robust defense against threats.
Data Lifecycle Management: Address data security
throughout its lifecycle, from collection and
transmission to storage and disposal. Proper data
management practices can mitigate risks associated
with unauthorized access or data leakage.
The Bigger Picture
As the Internet of Things continues to reshape our
world, the importance of IoT security cannot be
overstated. The interconnected nature of IoT devices
presents a dynamic landscape of challenges that
require comprehensive solutions. From device
authentication and encryption to network
segmentation and supply chain security, the
fundamentals of IoT security demand a holistic and
proactive approach. Only through diligent
implementation of these strategies can we create a
connected world that harnesses the benefits of IoT
technology while safeguarding against potential
threats.
www.ciolook.com | August 2023 |
26