Q & A Round with Boris Hajduk (Chief Executive Officer, Tokopedia)

What is the hot topic of the year in the current cyber landscape?

The global pressure to extend and improve existing regulations pushes everyone to invest in cybersecurity. All businesses are now competing for the same resources and talent pool.

What are some of the biggest threats, that are not being talked about enough?

When you look at cyber insurance premiums this year, clearly, we see that there is a sea change in 2022. The insurance cost is getting an ever growing % of the security budget, and many companies are at threat to commit too large a % of their security budget in insurance, failing to invest on proper controls.

How do you react to constantly changing threats in the market?

The only constant is change. It keeps the job interesting!

What are some of your favorite "new" technologies or tools?

CSPM Cloud Security Posture Management has been a very good investment for a multi-cloud company like Tokopedia. Regarding Application Security/DAST, we think BurpSuite Enterprise is punching way above its weight (cost!).

What are some of the key components to succeeding as a CISO in today’s business environment?

First, don't be the enemy of business, don't play the security dictator. Create a positive culture about security and make friends in the C-Suite and the board. Mentor your leadership team.

What are the three things that you as CISO look at first to assess an organization’s cybersecurity readiness?

- Look at time-to-resolution across several security controls  
- End-of-life situation across the environment  
- Access controls with a focus on privileged accounts.

If you had a time machine, what advice would you give yourself at the beginning of your career in cyber?

The best opportunities and learning experiences are often abroad, change is good: relocate early.

You are set to the stage at Black Hat MEA this November, what can our audience expect from your session, and what are you most excited about?

The audience can expect some pointers on how to build good security in developing countries, and what to expect when you merge giant companies with different security approaches and cultures.