What have been the biggest challenges the IT security industry has faced over the past 12 months?
The COVID-19 crisis forced companies to adapt and either implement or radically scale up remote work. Employees needed additional equipment, schedules had to be adjusted, VPNs had to be set up, etc.
Obviously, business continuity was the first priority for organizations adjusting to the new normal. However, this meant that IT security concerns were often lost in the shuffle. For example: With many employees being furloughed or working reduced hours, the remaining staff members needed additional access rights to cover for their colleagues. Companies did not stop to think about how to assign these permissions correctly or ensure they are revoked later on.
And what have been the biggest opportunities?
Every crisis is also an opportunity, in this case by massively speeding up the digital transformation of our economy. By adopting remote work solutions, businesses are able to offer flexible hours and bring in new talent, both locally and from around the globe. Collaborating across vast distances is the future of work and will play a crucial part in solving the global challenges of the future.
What technology is going to have the biggest impact on the market this coming year?
It’s clear that traditional IT security approaches are no longer enough to protect companies from increasingly sophisticated targeted attacks, from complex social engineering campaigns to dedicated malware and ransomware attacks.
With cybercrime on the rise, zero trust architecture is becoming more important than ever. It also marks a key shift from securing the network perimeter to securing user identities. The default tools available in Microsoft are not up to the task, so more and more businesses are looking for ways to manage users and permissions in complex hybrid and cloud environments.
In 2025 we’ll all be talking about…?
Let me put it like this: If I look back five years and think about what we were working on back then, it’s clear that the present is completely different from any prediction I would have made at the time. By that logic, any prediction I could make about 2025 is going to fall short of the massive changes we are likely to see in that timeframe.
That being said, the pace of new developments in IT security has been increasing for decades and I’m certain that trend will hold for the next five years and beyond. The arms race between bad actors and cybersecurity firms will continue. Keeping companies and public institutions safe from new modes of attack will require research, monitoring and dedicated new technologies.
What’s the most surprising thing you’ve learnt about the IT security sector?
One thing that continues to shock me is the lack of awareness for IT security, even in large companies. Security by design should be the general approach, but in reality, it tends to be an afterthought or ignored completely, even as digital threats become more and more dangerous. Recent examples like the Colonial Pipeline hack show that cyberattacks affect more than just computers; they affect the physical world and can have a massive impact on society. As IT security professionals, it’s our job to not just offer solutions, but also educate the public on the importance of cybersecurity.
What’s the most exciting thing about your job?
I work in an industry that is constantly changing and adapting to new problems and threats. It’s a very exciting and dynamic environment. As recent attacks and new cybersecurity laws show, the question of how to protect IT infrastructure is becoming increasingly mainstream. Helping organizations navigate these challenges and providing them with the right tools to manage these threats is incredibly rewarding.
What’s the best piece of advice you’ve ever been given?
When I first started in the industry, I was trying to read up on a broad range of topics that touched on our field of work. I quickly realized that this strategy doesn’t work in an industry as highly specialized as tech. My mentor opened my eyes to the fact that I had to choose certain topics to focus on and leave the rest to someone else. I still follow this approach in my current role at tenfold by focusing the organization entirely on IAM for midmarket businesses.