Discover the Inspiration Behind an IT Career: ”Built on Passion and Experience”

Today, we interviewed the IT professional – Rene Raggl who has a long and diverse background in the industry. From his early days playing with computers to his current role as an IT Manager, he has seen and experienced a lot of changes in the cybersecurity field. His passion for technology and the drive to keep learning have allowed him to grow and evolve with the industry, making him a valuable asset to any company.

It appears the biggest vulnerability IT businesses have is the human factor. The world becomes more digital and it is common for people to neglect security policies, and the need for knowledge and underestimate the outside threats. We will let Rene’s answers speak…


1. We wonder where did your inspiration for IT and cybersecurity came from?

Rene: I WANTED to become an IT guy since the first time I saw the movie “Wargames” back in the late 80s or early 90s, which was around the same time I got my first computer: a Commodore C64. Aside from playing games I really tried to understand how that thing worked and that benefits me to this day. As computers back in that time were not yet common, their manuals were REALLY extensive and explained everything from schematics to the basics (pun not intended) about how to program them.

WarGames movie review & film summary (1983) | Roger Ebert


Playing computer games was just one of his inspirations, complimented by an engineering trait to gain a deeper knowledge of computers and their functionalities. Rene was ”the go-to IT guy when you have computing trouble”

 

2. How did your career path begin?

Rene:  Even though I was an Account Manager or had some other commercial function for different employers, I was also often the go-to IT guy, as many of them did not have a dedicated IT department. I got to set up EDI with Ford and VW around 2002, managed the tape backups and maintaining ATM machines for a bank branch in 2005, introduced new mail servers, and new ERP for others, and was the Key-User to introduce Salesforce CRM to the BENELUX for Saint-Gobain Glassolutions. All the while being commercially responsible for “my” Markets all over the world and selling everything from car styling parts to aluminum stepladders and dryers or architectural glass solutions. For roundabout 4 years, I have had an official IT function at a family-owned company of around 80 FTE’s. Our department currently consists of guys, none of which had followed a “classical” IT career path. The company is growing fast and very ambitious, so there are challenges aplenty. Cybersecurity is one of my main responsibilities there.

 

3.Can you provide an example of a time when you had to resolve a security breach or incident?

Rene: The most common breaches that I had to deal with came down to phishing and malicious links or attachments. You can have all the technical precautions in the world, but if people make (and keep making) crucial mistakes, eventually you will have a problem.

”The people component of Cybersecurity is so important.”

My first case was an employee clicked on a .exe or .bat attachment pretending to be from DHL and which I could isolate to a specific workstation, the others other pretty similar…  So like many people in such professions: I train for the worst-case scenarios but always hope for the best.

Rene was kind enough to point out 2 types of the most common cyber attacks.

Rene: The ones I encounter are SPAM / (Spear)Phishing together with attempts at CEO fraud, plain and simple. We receive dozens of emails daily, most of which get caught by our spam filter, but occasionally they will get through. I also note that during the last months, those attacks have become much more refined. As long as you have some form of awareness training and an up-to-date anti-virus solution as well as MFA in place, you should be fine.

 

One trend that we do notice, but that has not had any significant effects yet is brute-forcing attempts to log onto accounts of our users from countries like India, Bangladesh, or China. Again, as long as you have adequate monitoring in place as well as MFA, you should be fine. Ideally, you can also geoblock log-ins, but that might not be feasible for everyone.

4. What do you think are the biggest threats for companies at the moment, and what are common weaknesses in IT security strategies?


”The biggest threat for a company in my view is the mentality “Oh, our company is not interesting to hackers.”

Rene: There are companies that are not even taking basic measures like enabling MFA for the services they use and putting passwords up on a post-it on the monitor. I see that kind of lapses happen so often in SMB enterprises that it’s not funny anymore.

 

The biggest weakness is usually the disgruntled employee. They have legitimate access to crucial systems and information and you will have a hard time shutting that down in time to prevent them to leak that information or take it with them when they quit and start working for a competitor of yours. And if you work at a company long enough you WILL see that happen.

5. What is your experience and expertise in encryption technologies and data protection?

I first started messing with encryption in high school, using first a substitution cipher and later an OTP to communicate with a friend of mine. Just for laughs, actually. For the work that I do now this is just only starting to get relevant, mainly the latter part as we are trying to segment our information and be able to protect our “crown jewels” in a more sophisticated manner. Basically, all our devices are encrypted using BitLocker and similar technologies and we put policies in place that employees cannot write to unencrypted storage media.

”However, I know nothing… Which is a good place to start if you know what I mean. Realizing that your knowledge is never enough should prevent you from making mistakes out of arrogance.”

 

6. Do you think that companies are more willing to move their data to the cloud now? Have you seen any developments in that case in the last few years?

Rene:  Since COVID happened, many companies got more “cozy” if you will work in the public cloud. They often had no other choice if they wanted to quickly enable their employees to work remotely. However, in that extremely stressful period, I saw people make decisions that probably weren’t very wise if you look at them from a security point of view. But setting up a secure private cloud takes a lot of time, effort, and knowledge to do it right. And time was something really scarce in the first months of the pandemic.

Now that things have cooled down in that regard I see companies pausing for a moment to reevaluate what is the best approach for them.

Generally speaking, the percentage of physical company-owned servers is in decline and has been for years.

 

7. What do you think actually convinces companies to move to a cloud storage?

”Owned servers are statistically more prone to failure as many smaller companies cannot afford to have a lot of backup systems and fallback options.”

Rene: : Maintaining and monitoring your own servers is a lot of work and can be expensive. Moving to a cloud takes away a part of that existential threat, but of course, introduces other challenges as I am starting to notice… We are currently trying to move users from traditional file Servers and get them to use Cloud Services for file storage. Not an easy thing to do, managing change and getting your people to see the benefits of doing something different from how they did it for the last 20 years....

 

8. What do you see as the biggest challenges facing the cybersecurity industry in the near future?

”ChatGPT and AI being trained to become “hackers” and to write malware will most certainly lead to an explosion of malware and we will have to see if the “good guys” will be able to keep up with that.”

Rene: But one that is kind of a pet peeve of mine actually has to do with people’s lack of interest to understand even the basic principles of security, cryptography, or even why privacy is important. To me at least it seems they are looking desperately to not having to think for themselves anymore. They are simply overwhelmed. That is why technologies like ChatGPT are such a blessing and a threat at the same time. And I gladly admit that even for me as a “specialist” it can be hard to follow at times.

” In my perception, that lack of knowledge, that lack of interest of the general public is only increasing over time and THAT will be our biggest threat in the coming decades. ”

That would open the door to something very much akin to the Matrix and 1984 put together. Makes my hair stand on end…

9. What is your advice to people facing data security issues?

”Prepare, prepare, and prepare BEFORE you have to face them.”

Rene:  Being prepared is a heck of a lot cheaper and much easier on your nerves. That goes for individuals as well as for companies and institutions.

Use a password manager and choose difficult passwords. NEVER re-use them. Turn on MFA wherever you can. Only store things digitally when it makes sense and you evaluated all risks.

Make backups according to the rules and make sure that those backups work.

Show some interest. Build a layered defense. If you are a company and you can afford it: have yourself audited by an independent from time to time to see if you have any blind spots.

You may have nothing to hide and you may not be interesting, but you got an awful lot of sh*t that is nobody’s business but yours.

Once the beans are spilled and you have to deal with a breach it depends too much on the individual situation – which usually is also very rapidly developing – for me to give any helpful advice. I’d say stick to trusted sources and be prepared to empty your wallet.

 

While Interviewing Rene was bliss, we need to take into account the alarming forecast for cybersecurity trends and be prepared.  Time is always of the essence and it is now when you prevent the future, by having the right tools, processes, and knowledge in place. Cloud storage and the password manager are considered in the solutions and we are happy to be able to offer 2 truly encrypted products – pCloud and pCloud Pass.

Overall, Rene’s detailed answers provided great insights and raise awareness of the latest threats. It also shows how important it is to have a passion for technology and the drive to keep learning in order to succeed in this field.