Alexandre Horvath is a Chief Information Security Officer (CISO) and Data Protection Officer (DPO) at Cryptix AG. In this role, he is responsible for the development of protection goals for mission critical assets/devices, their cyber threats, and their cyber risks. Additionally, he carries out risk assessments and business impact analyses as well as simulated crisis scenarios (including the participation of the top management). On top, he ensures compliance with data protection/privacy regulations/laws. He has also been a recipient of numerous international awards and recognitions; shortlisted for the Bridging Privacy and Security Award (November 2023), finalist for the Swiss CISO Award for Digitization (September 2023), top 25 Exceptional Leaders in IT Award (September 2023), and Outstanding Leadership Award (December 2022).
Recently, in an exclusive interview with Digital First Magazine, Alexandre shared his professional journey, current roles and responsibilities at Cryptix AG, insights on how cybersecurity may evolve in 2024, significant career milestones, personal sources of inspiration, pearls of wisdom, and much more. The following excerpts are taken from the interview.
Alexandre, can you share a little bit about yourself and how you got into cybersecurity?
In the beginning, you don’t really know where to start and you don’t know how the IT field will actually evolve. Nevertheless, I always had the feeling that IT (and in particular information security and data protection) was a prospering business environment. As a tech savvy person, I wanted to know how networks were working and to build my own smaller networks, and then working for bigger/larger companies to see how they set up networks. As the internet became more and more important (and today of course the cloud), the whole systems are getting more and more complex, especially to regulate this environment. Additionally, I was very keen on understanding the security aspect of those networks. So, I didn’t just want to know how things were working, I also wanted to know how things were working in a secure way. So, I think all this together, combined, brought me where I am today in the cybersecurity field. I can also say that I started as an IT auditor and then I moved on towards more cyber security executive leadership roles. It will always be an ongoing journey, as we now entered the field of AI security…
Tell us about your current roles and responsibilities as Chief Information Security Officer & Data Protection Officer at Cryptix AG.
As the Chief Information Security Officer (CISO) and Data Protection Officer (DPO) at Cryptix AG, my role encompasses a wide range of responsibilities aimed at safeguarding Cryptix’s information assets and ensuring compliance with data protection regulations.
In summary, my role as the CISO and DPO at Cryptix AG involves overseeing all aspects of information security and data protection within Cryptix AG, with the primary goal of safeguarding data, mitigating risks, and ensuring compliance with relevant regulations. This requires a combination of strategic planning, technical expertise, and collaboration with various teams across Cryptix.
You are the Chairman of the Supervisory Board at eCredits. Brief us about this company and its vision.
eCredits is a forward-thinking fintech company that has been making significant strides in the world of digital currency and blockchain technology. As the Chairman of the Supervisory Board, I’m pleased to provide you with an overview of the company and its vision.
eCredits is a visionary fintech company that is dedicated to reshaping the future of finance and commerce through the adoption of digital currencies and blockchain technology. The company’s vision is to create a more inclusive, secure, and efficient financial ecosystem that benefits individuals, businesses, and society as a whole. As the Chairman of the Supervisory Board, I am excited to be part of this journey and support eCredits in achieving its ambitious vision.
What are some misconceptions that you believe businesses have about cybersecurity?
Misconceptions about cybersecurity are common in the business world, and they can lead to inadequate protection against cyber threats. Here are some prevalent misconceptions that I believe businesses may have about cybersecurity:
- It won’t happen to us: Many businesses, particularly smaller ones, believe they are too small or insignificant to be targeted by cyberattacks. In reality, cybercriminals often target smaller organizations precisely because they may have weaker defenses.
- Firewalls and Antivirus are enough: Relying solely on traditional security measures like firewalls and antivirus software is insufficient. Cyber threats have evolved, and businesses need a multi-layered security approach that includes intrusion detection, employee training, and more.
- Cybersecurity is IT’s responsibility only: Cybersecurity is not just an IT issue. It’s a business-wide concern that requires involvement from leadership, employees, and various. Everyone has a role to play in protecting the organization.
- We have nothing worth stealing: Every business possesses valuable data, whether it’s customer information, financial records, or intellectual property. Cybercriminals can monetize or exploit even seemingly insignificant data.
- We’re fully protected with compliance: Meeting compliance standards, while essential, doesn’t guarantee complete security. Compliance sets minimum requirements, but it may not cover all the vulnerabilities and risks specific to your organization.
- Cyber Insurance is a substitute for security: Cyber insurance can be a valuable resource, but it’s not a replacement for strong cybersecurity measures. It should complement your security strategy, not serve as a sole safety net.
- Phishing won’t fool our employees: Employees are often the weakest link in cybersecurity, and well-crafted phishing attacks can deceive even the most vigilant individuals. Regular training and awareness programs are crucial.
- We can handle security internally: While some organizations have capable in-house security teams, many lack the expertise and resources to combat increasingly sophisticated threats. Outsourcing to specialized security firms can be a wise choice.
- Security is a one-time investment: Cybersecurity is an ongoing process. Threats evolve, and security measures must adapt accordingly. Regular updates, monitoring, and testing are essential.
- We don’t need an incident response plan: Many businesses underestimate the importance of having a well-defined incident response plan. Without one, the impact of a security breach can be more severe, and recovery can be more challenging.
- Cybersecurity is too expensive: While cybersecurity investments can be significant, the cost of a data breach or cyberattack can be far more damaging financially and reputationally. Businesses should view cybersecurity as a necessary investment rather than an expense.
- We’re safe because we use cloud services: Cloud providers offer robust security, but the responsibility for securing data in the cloud is often shared between the provider and the customer. Businesses must understand and fulfill their role in securing their cloud-based assets.
Recognizing and dispelling these misconceptions is crucial for businesses to develop a more realistic and effective cybersecurity strategy. Cyber threats are ever-present, and a proactive and informed approach to security is essential for safeguarding sensitive data and maintaining business continuity.
Would you like to share any cybersecurity forecasts or predictions for 2024 of your own with our readers?
I can provide some general trends and predictions, please note that these are not guaranteed forecasts but rather potential directions in which cybersecurity might evolve by 2024:
- Ransomware Evolution: Ransomware attacks were on the rise, and it was expected that they would become even more sophisticated and targeted by 2024. Cybercriminals might employ tactics like double extortion and threaten to release stolen data if the ransom isn’t paid.
- AI and Machine Learning in Cybersecurity: The use of artificial intelligence and machine learning for both cyberattacks and cybersecurity defenses was growing. In 2024, we could expect more advanced AI-driven attacks and more effective AI-enhanced security measures.
- IoT Security Challenges: As the Internet of Things (IoT) continued to expand, the attack surface for cybercriminals would increase. Ensuring the security of IoT devices and networks would remain a significant challenge.
- Regulatory Changes: Data privacy regulations, like GDPR and CCPA, were already in place in 2021. By 2024, more countries and regions might adopt similar regulations, increasing the compliance burden on businesses worldwide.
- Zero Trust Architecture: The adoption of zero trust security principles, which assume that threats exist both inside and outside the network, was expected to continue. By 2024, more organizations might fully embrace and implement zero trust frameworks.
- Supply Chain Attacks: Supply chain attacks, as seen with the SolarWinds breach, were becoming more prevalent. By 2024, these attacks could become even more sophisticated, impacting a wider range of organizations.
- Quantum Computing Threats: While quantum computing has the potential to revolutionize encryption, it could also pose a threat to current encryption methods. Preparing for quantum-resistant encryption standards was a growing concern.
- Cybersecurity Workforce Shortage: The shortage of skilled cybersecurity professionals was expected to persist or worsen. Organizations might need to invest more in training and education to fill this gap.
- Nation-State Cyber Warfare: Nation-state-sponsored cyberattacks were a significant concern. By 2024, geopolitical tensions might escalate cyber warfare, potentially leading to more destructive and politically motivated cyberattacks.
- Consumer Awareness and Cyber Hygiene: Improved consumer awareness and cybersecurity education might lead to more cautious online behavior and better protection against common threats.
It’s important to note that the cybersecurity landscape is highly dynamic, and new threats and trends can emerge rapidly. Organizations must remain vigilant, adapt to evolving risks, and stay informed about the latest cybersecurity developments to protect their digital assets effectively.
What are your favourite things about working in your field?
Working in the cybersecurity field is not just a job; it’s a passion and a mission to protect digital assets and information from an ever-evolving landscape of threats.
The job is a calling that combines technical prowess with a sense of duty to protect individuals, organizations, and society at large from the ever-present threat of cyberattacks. It’s a field where challenges are met with innovation, where collaboration is key, and where the pursuit of security is not just a profession but a commitment to a safer digital future.
Can you tell us about one accomplishment that shaped your career?
Certainly, one accomplishment that significantly shaped my career in cybersecurity was my involvement in a successful incident response and remediation effort following a major cyberattack on a prominent organization.
In my role as a cybersecurity analyst at the time, I was part of the team responsible for monitoring the organization’s network and systems for signs of suspicious activity. One day, we detected unusual network traffic patterns and identified indicators of a potential breach. It soon became clear that the organization was facing a sophisticated cyberattack.
This incident response experience not only allowed me to contribute to securing the organization but also served as a defining moment in my career. It reinforced the importance of preparedness, collaboration, and adaptability in the face of evolving cyber threats. It also deepened my commitment to the field of cybersecurity, highlighting the real-world impact that effective cybersecurity practices can have on organizations and individuals.
In retrospect, this accomplishment not only shaped my career but also instilled in me a sense of purpose and responsibility to help organizations defend against cyber threats and protect the digital assets that have become so integral to our modern world.
What are your passions outside of work?
Outside of work, I have a diverse set of passions and interests (like e.g. reading, outdoor activities, travelling, family and sports) that enrich my life and provide balance. Here are some of my key passions:
These passions outside of work not only bring joy and fulfillment to my life but also contribute to personal growth, a well-rounded perspective, and a deeper connection with the world around me. They (including my family) remind me that life is a multifaceted journey, and there is always something new to discover and experience.
Where or whom do you seek motivation and inspiration from? How?
I find motivation and inspiration from a variety of sources and individuals, and these influences help me navigate both personal and professional challenges.
In summary, motivation and inspiration are abundant in the world around us, and I believe in being open to various sources and experiences. By actively seeking inspiration from diverse areas and individuals, I remain motivated, adaptable, and driven to achieve my goals and contribute positively to both my personal growth and the greater community.
Can you please give us your favorite “Life Lesson Quote”? Can you share how that was relevant to you in your life?
“Cybersecurity is a race without a finish line. Stay vigilant, stay secure.”
In essence, this statement serves as a reminder that cybersecurity is an ongoing journey, not a destination. It emphasizes the need for a proactive and continuous commitment to security measures, education, and awareness to effectively protect against cyber threats in our increasingly connected digital world.
Is there a person in the world with whom you would like to have a private breakfast or lunch, and why?
Having breakfast/lunch with Roger Federer, one of the greatest tennis players of all time, would undoubtedly be an incredible experience.
Overall, a breakfast/lunch with Roger Federer would likely be a memorable and enlightening experience, offering a chance to connect with a sports icon and gain insights into his remarkable journey and the values that have guided him to success both on and off the tennis court.
What advice would you give to someone wishing to start their career in cybersecurity?
As long as you are a tech savvy student or young talent, I would definitely recommend to start in the cybersecurity and data protection field. Even if you come from a completely different area, you have to consider a couple of things, but it’s also possible as long as you actually enjoy the technical and IT stuff. Remember that you won’t have a nine to five job where you do repetitive stuff/tasks. So, if you have those qualities, please join the club.