Explain what you do in less than 50 words:
My work includes enterprise risk management, information security governance, compliance management, penetration testing, information security awareness and training. I am leading numerous security consulting projects focused on the implementation of enterprise information security management systems in a variety of industries. Additionally, I provide CISSP, cloud security and security management training.
What is the biggest information security threat to your industry?
Business disruption and unauthorized disclosure of sensitive information.
What technology or information security solution could you not live without?
Encryption.
If you were leaving your role, what one piece of advice would you give to your successor?
Try not to focus only on your daily challenges, keep enhancing your knowledge and study the tendencies that will become your daily challenges.
What is the information security industry’s biggest shortfall?
Over-reliance on technology and vendor-driven solutions.
What is your proudest achievement?
Implementation of the first project for electronic monitoring of offenders in Southeast Europe.
What is your biggest regret/mistake?
I don’t regret anything.
In three words, what should the information security industry expect to be facing in 2013?
Do more with less, Diminishing user security awareness, Hacktivism.
Name a project, movement, product or legislation / standard that has impressed you in this industry.
Who, in this industry, inspires you?
George Kurtz and Joanna Rutkowska.
What are we, as an industry, doing right?
Standardization, solutions development, showing how vulnerable the information society really is.
If you weren’t an information security professional, what would you be?
An artist.
What are you hoping to see/hear at Infosecurity Europe 2012?
New ideas, experts’ points of view, interesting discussions, demonstration of the best and latest security technology.
Boris Goncharov will be speaking at Infosecurity Europe 2012 at 14:30 on Tuesday, April 26, in a session titled ‘Defining ‘Risk Management’ & What It Means in the Context of Information Security’ |