Alexandre Horvath: Leading the Way in Information Security and Risk Management

Alexandre Horvath
Alexandre Horvath

Alexandre Horvath is an accomplished professional serving as the Chief Information Security Officer and Data Protection Officer at Cryptix. AG. With more than two decades of experience in multinational organizations worldwide, Alexandre has established himself as a trusted business partner for C- level executives. His expertise lies in successfully managing international cross-functional teams and leading major IT security and risk programs.

Alexandre possesses a strong background in IT security and risk management, showcasing over ten years of leadership experience in these domains. He approaches these areas strategically, operationally, and from a project management perspective, ensuring comprehensive coverage. Alexandre’s key strengths encompass service management, risk remediation, and the successful delivery of global projects.

In his leadership role, he skillfully manages the delicate balance between cost, quality, and speed to market, while also taking into account strategic objectives and emerging security requirements.

Here are the key highlights of the interview, showcasing Alexandre’s remarkable career progression and expertise in the information security sector:

What inspired you to pursue a career in information security and data protection, and how did you get started in this field?

In the beginning, you don’t really know where to start, and you don’t know how the IT field will actually evolve. Nevertheless, I always had the feeling that IT (and in particular, information security and data protection) was a prospering business environment. As a tech-savvy person, I wanted to know how networks were working, build my own smaller networks, and then work for bigger and larger companies to see how they set up networks.

As the internet became more and more important (and today, of course, the cloud), the whole system became more and more complex, especially to regulate this environment. Additionally, I was very keen on understanding the security aspects of those networks. So, I didn’t just want to know how things were working, I also wanted to know how things were working in a secure way. So, I think all this together has brought me to where I am today in the cybersecurity field. I can also say that I started as an IT auditor, and then I moved on to more cyber security executive leadership roles. It will always be an ongoing journey (even after my active career).

What are some of the biggest challenges that you face in your role as Chief Information Security Officer & Data Protection Officer at Cryptix AG, and how do you address them?

Definitely the technical vulnerabilities, which we know or, even worse, which we don’t know. So normally, if a company writes software code, shortly afterward it’s vulnerable. Hackers and intruders can try to find out any kinds of vulnerabilities, and from then on, you really have to have a good release management and security team behind it to actually update it on a regular basis or even to renew it from time to time, either on an operating system level or an application level. And then, on top of that, the speed, which came up in the last couple of years, also comes from the attack vector, looking at any kind of bot, dark net, or artificial intelligence you can actually use to add or create new attacks. One user or individual can actually do a lot of damage.

Let’s take on some phishing attacks. I’m sure you remember the days where you had a lot of grammatical errors, depending on which language you actually got the spam, and nowadays, using chat GPT or whatever other artificial intelligence, they will actually give you a really nice example of phishing email without any grammatical errors. Hopefully, on the other side, we will also use the same technology to actually secure ourselves or to make at least our side more secure. But yeah, these are definitely things that I have to consider and that concern me.

How do you stay up-to-date with the latest developments in the field of information security and data protection, and what resources do you rely on?

That’s not that easy to answer, I guess. But I mean, these are multiple factors; I am reading a lot, either in physical or online magazines. I also have several cybersecurity RSS feeds, newsletters, tweets, and posts from all kinds of different sources (you can also call them security gurus in some way). Additionally, I attend cybersecurity conferences and do several trainings (including certifications and diplomas). This is important to show that you are investing and learning, as the “dark side” never sleeps. In the old days, training consisted of a lot of multiple-choice questionnaires.

Nowadays, you can actually do more practical stuff; as I mentioned before, you have access to virtual environments, and you can actually behave like a hacker, and the tests are like, for example, 10 different hacker possibilities you have to be capable of, if you manage to pass seven, you get the certification. And that’s really a good thing because then you not only know how hackers are actually behaving on a theoretical level but you also know how they proceed on a practical or technical level, which I really think is essential, and so you understand even better how things are working.

What do you think are some of the most pressing issues facing the information security and data protection industry today, and what can be done to address them?

AI is one that I obviously think is a pressing issue because it is intended to help you do stuff or research way faster than in the old days (even if three or four analysts are doing the job). On the other hand, there are concerns about data sharing; we have to distinguish between what we are actually asking for and what we are actually sharing. So, if you have a lot of requests about your own, maybe even confidential, data, that data can also be extracted (from internal sources). So, you should really separate internal and external requests.

What advice would you give to someone who is just starting out in the field of information security and data protection, and what qualities do you think are essential for success in this field?

As long as you are a tech-savvy student or young talent, I would definitely recommend starting in the information security and data protection field. Even if you come from a completely different area, you have to consider a couple of things, but it’s also possible as long as you actually enjoy the technical and IT stuff. Remember that you won’t have a nine to five job where you do repetitive stuff or tasks. So, if you have those qualities, join the club.

How do you balance your demanding career with your personal life, and what strategies do you use to stay energized and motivated?

Well, I guess I got a couple of gray hairs during my career. But I don’t know if that was because of any cyber incidents or more because of my kids. Well, sometimes some major incidents keep you up all night (but that is part of the job). But otherwise, you’re also responsible for setting up some processes that are working in your [health] favor. So again, you should not be alone, systems should also work for you (by monitoring your infrastructure on a 24/7 basis and alerting you in any case of misbehavior or anomalies).

What is your long-term vision for your career and personal life, and how do you plan to achieve it?

I would definitely say I will stay in the cybersecurity field. Also, having received the “outstanding leadership award” in Dubai last year, I think that leadership suits me as well.

Unfortunately, we can’t have a look in the big crystal ball (nor can we predict the future). But as mentioned, I will definitely stay in the security field (maybe more in a digital transformation role or more in an overall IT role), but it definitely has to do, at least to some extent, with security (I was also recently nominated as a finalist at the Swiss CISO Awards for this September so getting appreciation from the cybersecurity industry and peers shows me that I am on the right track).

And then hopefully also taking on more responsibilities, so sitting maybe at a big table or maybe even sitting on several boards, that would be ideal if I could choose or foresee my career path.