Cybersecurity is Everyone’s Concern
– I really appreciate the variety and scope of my assignments. We work with companies in many different industries, each with their unique challenges and needs. For me, the greatest value in the field of security is the interaction between technology and people. It’s not just about technical solutions but also about how organizations collaborate to create secure systems and processes, says Johan.
The large IT attacks in Sweden over the past years have underscored the importance of effective cybersecurity measures. Systems and data worth millions were lost as recently as autumn 2023, and the threat landscape against Sweden and Swedish companies has not diminished since.
In Johan Persson’s role at Consid, he operates on two levels simultaneously: both a strategic and a technical level.
– My work covers both technical and strategic aspects of security, with a particular focus on penetration testing, secure architecture, and developing sustainable technical solutions that protect against today’s threats.
Another crucial aspect, he emphasizes, is how companies educate their employees about security.
– I play an active role in conducting both training and lectures, both internally at Consid and externally for clients and educational institutions.
Map the Risks and Weakness in your system
The training sessions serve an important purpose in raising awareness within organizations and companies about how an attack can occur. Over the years, Johan has seen companies make a simple but unfortunately common mistake.
– A common mistake many make is focusing too much on technical solutions without simultaneously building a security culture within the organization. Awareness is key. Security issues must have a central place in a company’s strategy and be taken seriously at all levels—from the management team to individual employees.
What are your tips for companies that are behind in their security efforts?
– My main advice for companies looking to strengthen their security is to start by mapping their vulnerabilities and risks. It’s important to understand the regulatory requirements they face, but also to consider the expectations of customers and partners. Only when you have a clear picture of your weaknesses can you start prioritizing the right measures to improve security.
What Does a Cybersecurity Expert Do?
As a cybersecurity expert, part of Johan’s role is to continuously test the limits of existing security systems. These tests often focus on identifying the weakest link in the security chain, and Johan shares an example.
– One challenging project I worked on was a Black-Box penetration test for a company where we had no prior information. It was an extensive process, where we started by gathering as much information as we could about the company’s digital footprint to map out potential attack surfaces. The challenge with Black-Box testing is that you have no insight into the systems or the organization from the beginning, which means you have to be a bit creative to find vulnerabilities.
He continues:
– During this project, we managed to identify several critical security gaps that gave us deep access to the company’s internal network. It required a combination of technical expertise and creative thinking to bypass their security measures. The experience provided me with valuable insights into how different technical areas can be vulnerable and how to exploit those weaknesses in an innovative way.
