@DefCampCluj we had the opportunity to meet Hasain Alshakarti – industry-leading cyber security expert with more than 25 years of experience. He is member of the TRUESEC Security and Infrastructure Teams, Microsoft Extended Expert Team (MEET) and a recipient of the Microsoft Most Valuable Professional (MVP) Award in Enterprise Security. For his many achievements over the years, Hasain has been awarded recognition as “Sweden’s leading IT security expert” and Microsoft MVP in Enterprise Security and Cloud & Datacenter. We invite you to go through the interview that Hasain gave to Daniel Pitiș regarding cybersecurity trends.
1. What is the role and importance of threat detection and response within an organization’s overall cybersecurity strategy, and how do you help clients develop and implement capabilities in these areas?
We know that we can not protect against all threats, and that the threat actors only need to figure out one way to successfully breach and environment. What we need to make sure is that we can see detect them when they operate within an environment by having proper monitoring and detection capabilities. The goal is to tune the detection capability for an as early as possible detection to improve time to detection. Once the detection capability is established, it is important to be able to respond effectively to minimize the impact of a breach.
A threat driven approach is preferably used to focus the efforts during peacetime and perform training and simulations and realistic exercises to test, develop and improve the capabilities.
2. How has your over 25 years of experience in cybersecurity influenced your expertise and approach to solving security challenges for clients?
“Do not let prefect gets in the way of good” is one of most important learnings I got. Security challenges need to be simplified, we need to understand the moving parts and where and what can be done to achieve a win. Clients tends to focus on the big wins and end up in situations where it’s nearly impossible to achieve that big win.
Breaking the challenge into smaller parts help create easier challenges, and by solving these you will get peace of mind to focus om the hard ones.
3. How do you stay updated on knowledge and skills amidst the rapid and continuous changes in the cybersecurity field?
Having a good network of peers is key. I know who to call to get that missing piece of information and it’s a constant sharing of knowledge between us. Knowledge is much more powerful when shared!
4. What are the key aspects you highlight as a popular instructor in cybersecurity, and how do you adapt your teaching style to meet the needs and knowledge levels of your audience?
I need to put myself in their shoes, I need to understand their needs and know what they are trying to achieve. Depending on the type of training, getting the audience to be part of a discussion is one of the most effective ways of sharing knowledge. I can project my ideas and might or not get you convinced, but to agree on a solution we need to discuss those ideas.
Using real-life examples in training is a very effective methos to highlight the importance of certain practices and how the process looked like to deal with the situation at hand.
5. What does it mean to you to be recognized as “Sweden’s leading IT security expert” and a Microsoft MVP in Enterprise Security and Cloud & Datacenter, and how do these achievements motivate you in your ongoing work?
It’s always nice to get recognized by external parties such as the community or professional organizations and vendors. Theses recognitions give a very nice and sometimes needed push forward in the work you do. You simply know that the work you do makes a difference! Personally, my biggest motivation is if someone tells med that they used an advice, and it did make a difference in their daily work.
6. Do you think AI technology could become a real cyberthreat?
AI will help enhance many areas of data processing and analysis. We know that threat actors perform various scans of the environment they attack ending up with fairly large data sets to analyze. Regardless off the mail goal of the attack, they will need to perform analysis of the data and the systems to be able to perform the next step in the attack.
AI itself can also be targeted by attacks to introduce new training data or changes in the algorithms to affect the results in specific directions. There will if not already be AI models purposely build to spread altered information yet in a very convincing way.
7. In 2024, what is the most basic advice a cybersecurity specialist could offer to the typical user?
The good old quote “If it is too good to be true, it probably isn’t” still applies especially in the age of AI where we will see more an more things that looks extremely good and we need to develop the skill to distinguish between fake and real.