What makes a strong cybersecurity team?

“The most important thing is to have a good team – where people not only complement each other but where their knowledge also overlaps. You then have the opportunity to listen to opinions on topics you are not an expert in.”

We asked BHMEA23 speaker Wojtek Swiatek (VP and CISO at Dassault Systèmes) how he got into cybersecurity. With a background in academia, he brings a scientific perspective to his work. But although studying physics has helped shape his career, he doesn’t think every aspiring CISO needs to be an academic first.

Instead, Swiatek emphasises the importance of diverse experiences within one team.

Could you tell us about your career journey so far?

“I had an unusual career path, starting with Academia (studies and PhD in Physics), then discovered the world of IT and managed several operations across EMEA, and finally fell in love with cybersecurity when it was still a rather obscure part of technology.

“It was a wild ride from there on, witnessing the rise of large-scale threats, the cloud and the uberisation of cyber criminality.”

What's one thing most people don't know about cybersecurity that you wish they did?

“That there is truly a 80/20 rule (or even a 95/5 one) and that by seriously assessing your risks and addressing the main threat vectors you can really get a head start.

“That this is not going to be comfortable because these needs will impact all technical teams and their processes.

“That there are really good and really bad vendors, and that none will have the ‘all-in-one’ solution they often advertise. That ROI in cybersecurity is a joke.

“Cybersecurity is often seen as either a role where you annoy everyone, or technical wizardry. It is however primarily a communication job where you aim to bridge real-life risks with the objectives of your organization.”

What are you working on right now - and what are the biggest challenges you're facing?

“Bringing security as close to the data as possible and integrating Zero Trust wherever possible (and avoiding the buzzword malediction).

“The main challenge is that computers and networks, generally speaking, were never designed with security in mind. This means that there have been innumerable additions and layers put on top to try to bring in security to places where it was not expected. This itself created a chain of vulnerabilities and we have the world as we know it.

“It is time to completely rethink how we consume information and acknowledge that hyper-connection means that everything we were brought with (firewalls, DMZs, ...) is not tailored anymore for the age of communication.”

You have a Masters and a PhD in Computational/Applied Physics. How did academia influence your early career?

“It was a happy collateral discovery. During my stay at CERN I discovered the world of Unix and quickly started to manage the Unix cluster at my University. This scaled up with my activities at IBM and finally led me to large international companies such as Motorola, and now Dassault Systèmes.

“Physics (and science in general) is wonderful to instill a sense of rationality and tenacity in what you do. It also helps to understand data and make correct decisions based on them. I would say it is a great base to learn on.”

If you were advising someone just starting out who wanted to become a top CISO, how strongly would you encourage high level education vs. learning on the job?

“Either can work, it depends a lot on the companies. Some of them expect a traditional career path and others will look at different factors.

“Since the work of a CISO varies considerably between companies and industries you may be better off with a specific set of qualifications (formal or informal) but I strongly believe that a CISO must have a strong technical understanding of the threats in order to set priorities. And among these priorities, the truly important ones.

“The most important thing is to have a good team – where people not only complement each other but where their knowledge also overlaps. You then have the opportunity to listen to opinions on topics you are not an expert in.”

Finally, what are you most looking forward to at Black Hat MEA 2023?

“Besides the traditional technical advances in cybersecurity, I look very much forward to informally meeting my peers to openly share ideas and experiences. The cybersecurity world is a specific one, where we are all in the same boat and working together is beneficial for everyone. I cannot wait to meet you all there in November!”
Thanks to Wojtek Swiatek at Dassault Systèmes. Learn more at Black Hat MEA 2023.