For the next interview in our series speaking to technology and IT leaders around the world, we’ve welcomed experienced CISO Victor Kritakis, of Epignosis. As the head of the company’s information security policy, he is responsible for penetration testing and vulnerability assessments, staff cybersecurity training, administration of the bug bounty program, as well as maintaining the ISO 27001 certification standards.
Victor has 14 years of experience in IT and has worked as a cybersecurity consultant for companies in various industries, including fintech, cryptocurrency and cybersecurity retail.
Tell us about the business you represent, what is their vision & goals?
Epignosis is a leading software house in learning technology, trusted by over 70,000 teams worldwide. Its portfolio includes TalentLMS, eFront, and TalentCards. The company is paving the way for the democratization of training by developing premium yet affordable eLearning tools that help teams reach their full potential.
What inspires and energises you within your work?
The driver for my work is definitely my passion for Computer Science, Technology and Cybersecurity. But what truly inspires me to go the extra mile is my mission of contributing to the creation of a safer internet.
Can you share a little bit about yourself and how you got into cybersecurity?
Since my early years in University, I remember myself being a cybersecurity enthusiast. But my first professional involvement had been my service in the Hellenic Army - I was assigned a data security role that made me fall in love with cybersecurity.
Ever since I have been working in this field in various industries, including software, fintech, cryptocurrency and cybersecurity retail.
When we were first struck by the pandemic, we saw reports of an increase in cybercriminals phishing through Covid themed scams and attachments. Are these pandemic themed cyber crimes still happening?
From my own experience, as well as from what I read from colleagues in industry forums and websites that I follow, I can say that this phenomenon is still happening. In fact, it goes on at the same rate as in 2020.
As there has been such a surge in working from home, this has created concerns for cybersecurity professionals, exposing businesses to many threats. What preventive measures would you recommend a business takes to fill those gaps?
It is very important for companies to equip every single employee with a laptop reinforced with an encrypted filesystem and antivirus software and forbid any work from a personal laptop or computer. Also, the communication between the remote employees and the workspaces (company premises, cloud) must be done only through encrypted channels.
Employees must avoid written notes and paper documents and be encouraged to use only electronic documents with encryption if needed. A password manager is an essential tool also. And last but not least, security awareness training, which is necessary to be hands-on and continuous.
What advice would you give to someone wishing to start their career in cybersecurity?
Apart from a related university degree, a cybersecurity certification is a very good start. Another fun and profitable way is to start participating in bug bounty programs. A bug bounty program is a call to security researchers to find bugs on their system and get paid for this (we also run such a program for TalentLMS).
The most important advice is a commitment because cyber threats are advancing day by day, so continuous training in multiple fields (compliance, application security, network security, monitoring and incident response) is essential.
What are some misconceptions that you believe businesses have about cybersecurity?
That they're secure. No company is 100% secure, every company needs continuous hard work and a good investment in cybersecurity products and training to keep a high-security level. 2. The "it will not happen to me" mentality. Every company, no matter the size or the sector, has to take cybersecurity very seriously. 3. Security is all about investing in cybersecurity products (antivirus, firewalls etc). Companies usually forget the human factor and the importance of training their employees.
Does your organisation use log and metrics data to improve and secure your systems? How do you find managing logs assists your day to day work?
Yes, it does. Talking about cybersecurity, logs and metrics is the most important tool to give you complete awareness of your system and instant incident response and management.
Are there any books, blogs, or other resources that you highly recommend?
One of my favourite books is Kevin Mitnick’s The Art of Deception, which impressively points out how important it is for employees to have a good level of security awareness. As for my favourite websites, I suggest Tripwire, Darkreading, The Hackernews.
Also, it is worth checking this survey that we conducted a few months ago in the US on cybersecurity training.
Would you like to share any cybersecurity forecasts or predictions of your own with our readers?
The 4th industrial revolution will bring cybersecurity to our homes and our daily lives. In a world where every single device in our houses is connected to the internet while we're cruising on an auto-pilot car, you can imagine how important cybersecurity is for each one of us.
If you enjoyed this article then why not check out our previous guide on everything you need to know about the best ways to learn Java or why not read one of our recent articles on is TeamViewer secure?