Javier Dieguez is the General Manager in Cyberzaintza, Basque CyberSecurity Agency and he is also one of the Keynote speakers at the Industrial Security Conference 13-15 November. At the conference, Javier will explore the origins of the cyber business fabric in the Basque Country, the role of Cyberzaintza as a key element to shape, unite and improve the ecosystem, why it is important to be connected with the international community and which is our vision to create a promising future for the sector in our region.
Before the conference you can read an interview med Javier here.
What is your background? And how do you work with industrial security on a daily basis?
I’ve been working in cybersecurity since 2005 leading cybersecurity multi-skilled teams including but not limited to industrial environment protection, critical infrastructure protection, as well as technical and compliance auditing. I worked for the Spanish multinational company Indra during 20 years, specialized in cybersecurity mainly for electricity companies and governmental organizations. I’ve held the position of Director of the Basque Cybersecurity Centre since its creation in September 2017. In September 2023, the Centre evolves to become the Basque Cybersecurity Agency (Cyberzaintza), with more competences and I have been appointed as the General Manager. Regarding our relationship from the Basque Government with industrial security has to do primarily with – but not limited to – several initiatives:
- Encourage industrial companies to adopt cybersecurity technologies by partially funding their projects through a grants programme.
- Providing ICS alerts to the industrial companies and operators of critical infrastructures operating in the region.
- Distributing periodical information regarding the applicable cybersecurity regulations to industrial companies.
- Promote R&D&I projects for the strategic sectors of the region (energy, utilities, health…).
- Creating awareness related to the cybersecurity regulations that affect industrial companies.
- Building a strong and united community by organizing both local and international events.
- Developing a specialization Strategic Plan to create spaces of opportunity for our cyber companies.
- Etc.
When looking forward just 5-10 years, what do you think will be different within security?
In the coming future, some technological evolution and business driven requirements will challenge the industrial control systems protection. Firstly, the emergence of the AI used as a tool to develop more sophisticated and automated cyberattacks will impulse the need to implement intelligent systems – which will include automated detection and response – capable of learning from attacks. Secondly, the fact that more and more industrial companies choose to hire certain services with cloud providers will make it difficult to identify the perimeter of the infrastructure and, in this context, it will become crucial to adopt strategies that focus on more robust management of digital identity. Thirdly, in all geographies, cybersecurity regulations are being developed that affect the industry, which will be mandatory for adoption and whose compliance will be required with increasing rigor.
At the same time, these challenges will trigger opportunities for innovative supplier and vendor companies to find new market niches as well as for user companies to become more competitive in their sectors.
From your point of view, how do you think we get more diversity in the industry?
Talent issues are always relevant to any organization, especially in highly specialized businesses where there is a shortage, as is the case in this industry. The objective should not be to simply provide diversity to the workforce. Instead, that diversity must make a difference and the company needs to build loyalty in their employees in the long term.
When it comes to diversity, there are no magic recipes. The implementation of a culture of inclusion in the company can undoubtedly help, also adapting with different perspectives (gender, race, age, functional diversity, etc.) all the processes that have to do with the recruitment, development and incentives of people that make up the company.
What are your own expectations for the conference? And which keynotes are you looking forward to hearing?
In this kind of specialized forums, I expect to reconnect with the international community of experts in cybersecurity for ICS, also to learn from the experiences that other speakers will be sharing and, of course, make it visible the strengths of the Basque industrial cybersecurity ecosystem. The keynotes I will be attending will be all the ones included in the international track for Tuesday as well as Wednesday morning.
What will your keynote be about, and which learnings are you hoping the participants take with them?
The Basque Government created the Basque CyberSecurity Centre (BCSC) in September 2017. Unlike other regional initiatives in the public sector related to cybersecurity within Spain, the BCSC was oriented to economic development while the approach of all other initiatives had been to serve as internal instruments for regional governments and they had public governance as their purpose. The evolution of the BCSC has achieved remarkable success and is currently a reference model that tries to be replicated by other European regions.
In September 2023, the Centre has evolved to a new Agency called Cyberzaintza expanding its activities beyond economic development and reaching also the protection of the regional publica administration as well as impulse the citizenship awareness
The presentation will explore the origins of the cyber business fabric in the Basque Country, the role of Cyberzaintza as a key element to shape, unite and improve the ecosystem, why it is important to be connected with the international community and which is our vision to create a promising future for the sector in our region.
My expectation is that the audience will be inspired and show them that it is possible to develop innovative and successful cyber ecosystems in Europe.
Do you want to hear more about the development of a leading industrial cybersecurity ecosystem in Southern Europe?
At the Industrial Security Conference 13-15 November you can hear Javier Dieguez on the development of Cyberzaintza, a key element to shape, unite and improve the ecosystem. Read more about the conference and sign up here.