22 September 2021 Mie

How do you cover and validate security requirements in tenders for your suppliers?

René Matthiassen is Senior Security Consultant at Timmig Office Backup, and he is one of the speakers at the new international Industrial Security Conference in Copenhagen. At the conference, he will talk about how you cover and validate security requirements in tenders for your suppliers. Furthermore, he will talk about the Danish State Railways cover of cybersecurity in one of the largest sourcing projects in Europe.

In this article, you can read an interview with René Matthiassen.

How did you get into working with security and how did it develop throughout your career?

Coming from a Cisco networking engineer background since the mid 90’s, where the internet was just about to be launched for commercial use. I started with getting into firewall configuration and started to learn security from scratch, it just became more and more of interest and what I’d focus on. From firewalls it just evolved itself as new security technologies came about, and my curiosity just kept on following these new things (and still is by the way J). I kind of moved more into security designs later, and today I am combining security compliance with security designs. It makes a lot of sense – at least to me.

What are the biggest challenges within cybersecurity in your eyes?

Short answer is lack of security people in the world. A lot of our day routines involve security routines, both in private and at work. A lot of processes are digitalized and with that comes security as a natural part of the processes, and we need to attend, defend, and protect both ourselves and where we work. Even small companies face many of the same threats as bigger companies.

How do we get ahead of ‘the bad guys’?

I don’t think we can to be honest even despite the ‘baddies’ are expected to be much fewer than ‘goodies’. We need to re-think or re-invent some of the ways we do our work today. E.g. develop new coding standards with much more security included from the beginning, instead of adding and adding to a patchwork. Changing some of these things will be much faster and more secure. Where there is money, there is bad guys. It has always been like this since the currency was developed, and will probably stay like this, but things can be changed. E.g. there isn’t that many bank robberies today compared to twenty years ago, as many bank affiliates are cashless.

When looking forward just 5-10 years, what do you think will be different?

I think (and hope) that as we are exposing more and more on the internet, making “everything” reachable from everywhere, we’d need to be much more concerned about securing our stuff and ourselves, and security will hopefully be more and more integrated into everyday live and not just something you apply down the line, but starting off with naturally.

Besides more funds for security, what do you think would make a difference in the industry?

It is not only about funding, but also about changing the mindset in peoples head. Funds can’t help you if you don’t know how to spend it correctly, and to do that you need a mindset focusing on security.

What will your keynote be about?

Many companies are sourcing services from their suppliers, but they are unsecure of how, what and if they can require in terms of securing the deliverables from the suppliers. How do you start, how do you convert your business requirements into security requirements so they can support your business and how do you evaluate them? This can be tricky but is doable. I’ve been fortunate to work on both minor and massive complicated tenders and I will share some of my experiences and learnings with the participants to help them get better to run tenders.

What are your own expectations for the conference?

The line-up is just impressive with so many colleagues from the security industry with so much experience in different fields and areas and the biggest challenge will be to choose whom to hear. All have many thousand hours of hands-on experience and are security heavy lifters. I can’t point at specific individuals, but I can assure you that I’ll try to hear as many as possible, as it is not every day you get the opportunity to hear such much experience. It’s going to be a blast!

Do you want to hear more about security from René Matthiassen?

Join the first international Industrial Security Conference. Read more here and sign up here.