Dušan Vuksanovic, who currently serves as the Vice President of Cyber Security and Innovation at Swisscom Outpost, is a seasoned information security leader, advisor and coach with over 12 years of experience in the field of information security. He boasts expertise in security management, which encompasses information security, physical security, and safety. His track record includes developing corporate security organizations and programs, cultivating a security-focused culture, and effectively managing security risks.
Dušan’s extensive experience spans across various industries, including telecommunications, information technology, blockchain technology, health, robotics, human resources, supply chain, finance, mergers and acquisitions, and working with start-ups, small and medium enterprises, and large companies and groups.
The following interview highlights his insights and expertise in the sector, as conducted by CIOLook.
Your diverse experience spans multiple sectors, from telecommunications to robotics. How has this wide array of environments influenced your approach to cybersecurity, and what unique insights have you gained from these varied experiences?
Exposure to a broad number of technologies and supporting projects in different areas over the years has given me new perspectives. I had to stay curious and open-minded to understand not only the technological differences but also the different environments and business setups and, therefore, the different risk profiles. I see it as a privilege to have the opportunity to constantly learn on the job, and now in my newest role, I feel that more than ever.
In your role as VP Cyber Security & Innovation, you are responsible for technology scouting and innovation management. Could you share a recent technological trend that has caught your attention, and how do you envision it shaping the future of cybersecurity?
For years, the cybersecurity industry focused on finding “the unknown” threat, vulnerability, or risk. While this is still relevant, I see the focus shifting to technologies that help security professionals remediate known vulnerabilities and risks. Existing tools show us a lot of “problems,” but the question is, which is the biggest problem, and what should we focus on today? Reducing noise is crucial to increasing effectiveness.
One example would be an application security space. There are new technologies that help us understand which of the thousands of vulnerabilities in code are really relevant and critical, reducing the alert noise by potentially up to 80%. This helps developers focus and reduces mental friction with security.
It is no secret that Artificial Intelligence is massively impacting our world. In the context of cybersecurity, it opens up new opportunities to improve defense and, at the same time, brings new threats and risks. Improving efficiency, for example, through automation in the Security Operation Center, is one of the use cases we already see. Another is addressing the talent gap by generating tailored security training or providing co-pilot capabilities. On the risk side, we have to look at the data and at the models (ex., large language models). The nature of large language models brings new challenges.
And of course, we have to keep the development of quantum technologies within our sight. It is still unclear when to expect an impact, but it is clear that the impact will be significant. Therefore, readiness to react is, in my opinion, the key.
Blockchain technology and Web3 are significant areas of focus for you. What potential do you see in these technologies, especially in enhancing the security landscape, and how are you incorporating them into your cybersecurity strategies?
I believe that blockchain and Web3 technologies will play a significant role when it comes to trust. Considering the rise of AI, there are challenges like integrity and authenticity that blockchain could solve. Another aspect of Web3 that we did not see as strongly as many expected so far is decentralization and the power of communities. In the previous cycle, we just got a glimpse of it since the number of onboarded users into the Web3 ecosystem was relatively small. I expect that to change in the next cycle, and that can also have an impact on our mostly centralistic way of thinking when it comes to security solutions and platforms.
Another angle is securing the blockchain and Web3 space. According to some reports, more than 3 billion USD was stolen in 2022 due to crypto hacks. We see some new companies in Web3 security space, but I expect many more in the future.
Building a security culture within an organization is crucial. Could you elaborate on the strategies you employ to instill this culture, ensuring that every member of the team values and prioritizes cybersecurity in their day-to-day activities?
“Wow, big topic,” When talking about specific measures, the maturity of the organization is important, so I will try to stay general.
Understanding the reason why is critical. Human psychology requires things to make sense, especially when we have an option to do or not to do something. So, talking about the impact and risk sides of it in a way that is relevant to them is very helpful. One of the main questions is who is responsible for security risks. Establishing responsibilities is foundational, and although simple, it is not easy.
Also, security needs to become part of what employees do, not on top of what they do. This has to do with the aforementioned responsibilities, but also organization and incentives.
As someone passionate about the game of Basketball, are there aspects of teamwork, strategy, or leadership from the sport that you find particularly applicable to your role in cybersecurity?
Definitely. I always find basketball and team analogies. My colleagues are laughing now, for sure. I get a lot of inspiration when it comes to leadership, high performance, and teamwork from basketball.
Some of the abilities I admire in sports that translate well to business are: painting a common vision with a high level of ambition; and building grit to persevere in tough times. Being a role model for constantly learning and improving. Building team spirit, lifting each other up, and performing together.
Cybersecurity is not only about technology but also about understanding human behavior and motivations. How do you approach the human element in cybersecurity, especially when it comes to educating employees and users about potential risks and best practices?
We touched on it in one of the previous questions. What we know for sure is that training and awareness are important, but it matters a lot how they are done. One size fits all does not work; static, boring content does not work. If it does not affect or concern employees, success is very limited.
There are some technologies and companies out there in the category of human risk that can help us identify users who need help the most and tailor communication and protective measures to their needs. I believe that these technologies can massively increase effectiveness in this area.
Your passion for protecting people and their data is evident. How do you balance the ever-changing landscape of cybersecurity threats with maintaining a proactive and resilient security posture?
The first step is understanding risk very well, and I mean really well in the business context. Then, communicate those risks to relevant stakeholders and establish responsibilities. Define appropriate measures and track their implementation. Sounds familiar? We, as security leaders, all know this, yet we struggle more than we realize with understanding and communicating from the business perspective. We have great technologies and experts to implement them, so I dedicate most of my time to business context and communication.
Since the speed of change is faster than ever and increasing, we regularly revisit the described cycle.
With your background in both startups and large corporations, how do you foster innovation within a well-established organization like Swisscom, ensuring that it remains agile and responsive?
This is precisely our role at the Swisscom Outpost, with my focus on cybersecurity. In Silicon Valley, we learn about new technologies, start-ups, and ways of thinking and gain insights into the world’s leading tech companies. From all the insights, we extract what is relevant and significant and adds value to Swisscom in Switzerland.
Innovation is about combining great ideas with effective execution. I am normally not the one with the idea; I see myself as an enabler for people and startups with ideas, helping them achieve their dreams. This benefits not only us as a company but the entire ecosystem. In my case, the cybersecurity ecosystem.