Interview with Sergiu Mesesan

Email interview held on 11th September 2017 – as follows between Alan Radley (questioner) and Sergiu Mesesan (relator):

1. What are your thoughts on the current state of cybersecurity, both for organizations and for consumers?

1. Depending on the area of the world in which we live, cybersecurity could represent an established industry or a very young trend and an adventurous way to go for an investor that wants to succeed in this business. Just like in economy, there will always be countries that represent the leading power and there will always be third world countries that represent a disaster waiting to happen, cybersecurity wise. Overall, I think this field is still an incipient business model, highly dependant on other industries like consulting and physical security companies which seem to be the main channels to raise awareness and bring clients for the computer security industry.

2. What – in your estimation – are the reasons behind the many computer security breaches/failures that we see today?

2. No security incident is hundred percent similar with the previous one, however we seem to witness some kind of pattern every time such news are coming our way. With the main attack vector nowadays being social engineering, a detached winner over lots of other attack vectors, I would say that the human factor is one of the main reasons behind computer security breaches followed by the lack of a clear set of security policies and procedures in the enterprise environment. Not to be forgotten is also the network vendors semi-ignorance at the time of developing secure code which sometimes leaves place to zero-day discoveries and large scale attacks.The year 2017 was a clear example of that, too.

3. Where do you go to find your “science” of cybersecurity?

3. I find my science mainly online, twitter, linkedin, security blogs, the news. In the real life, I try to talk to people, know they virtual environments, the way they use their computers, I am always looking for new social engineering tactics and computer flaws that will allow me to discover a way in, report it and try to make the cyberspace a better place to live in.

4. Do you recommend a particular cybersecurity blog that our readers could follow?

4. I live in Spain, so I am reading mostly Spanish blogs lately, elladodelmal, securitybydefault are 2 of the best here. For english speakers, the motherboard and krebsonsecurity are 2 blogs that offer breaking news from the security world, great research articles and great analysis of breaches and incidents, valuable materialfor any security professional who wants to learn from the past and make the future better.

5. What keeps you up at night in the context of the cyber environment that the world finds itself in?

5. The most concerning thing in the actual cybersecurity worldwide context is the state sponsored hacking, the way it is organising, developing, hitting every time more often and with more “firepower”. I am carefully watching the world stage and try to analyse every incident caused by so called state sponsored APTs.


Thank you kindly Sergiu Mesesan for taking the time out of what must be a busy schedule to answer our questions in such a useful and purposeful way. .

Interviewee: Sergiu Mesesan,

Chief Information Security Officer,

Open Data Security.

https://opendatasecurity.io

sergiu.m@opendatasecurity.io

sergiu.mesesan@owasp.org

Sergiu Mesesan – Biography

Interested in new technology, cybersecurity, servers and networks, with more than 6 years of system administration experience, influenced by new perspectives and ideas, I am always living in the future while trying to learn from the past. I am always interested to find new professional contacts, make new friends and always replying to my mails, tweets, LinkedIn, FB messages etc. so, if you wanna get in touch with me, just send me a message, I will be happy to share my knowledge and learn from yours.

Find Sergiu on LinkedIn here.