An open-minded leader is someone who is ready to explore new technologies, methodologies, and best practices in the company. Such a leader encourages the team to stay updated on the latest advancements and is willing to implement innovative solutions to enhance security. These security threats are evolving rapidly, emerging to those challenges requires a dynamic, agile, innovative, and adaptable mindset.
To this response Filipi Pires has risen as a Cybersecurity Researcher, helping companies build sovereignty and security over access and privileged information.
Filipi’s dedication and effort has earned a place in CIOLook’s latest edition of The 10 Most Innovative Cyber Security Leaders.
Below are the highlights of the interview:
Brief our audience about your journey as a dynamic leader until your current position at your company. What challenges have you had to overcome to reach where you are today?
My name is Filipi Pires; I’m Brazilian, married, a father of 4 children, Christian, a musician and a lover of information security, hacking and technology. I currently live in Portugal and have been working in recent years as a Security and Threat Researcher and Cybersecurity Advocate.
One of the great teachings that I received was always looking for the bases, that is, understanding the bases, operating systems bases, the bases of networks, the bases of infrastructure, understanding how cloud architecture works and so on, it is an area that we have constant learning, I always had the challenge of proving that even coming from a commercial area, I could be a technically good person, I believe that many can face this challenge in their career when they make a different transition as was my case, but you never can give up, you need to apply yourself and always seek to study to the fullest, and never seek the path that “seems” easier.
I have been working as a Cybersecurity Researcher and Advocate in several projects involving the Hacking communities and opensource projects, such as Hacking is Not a Crime and Snyk, among others, over the last few years, I have worked in some countries like Poland, Brazil and Portugal, working with Penetration Testing, RedTeam, BlueTeam and Application Security, implementing DevSecOps culture and some organizations where I worked or even when I worked as a consulting company.
I’m one of the founders of a company, operating in Brazil and Europe, called Black & White Technology, and I currently work for senhasegura, a company with worldwide technology made in Brazil, which has the mission “To help organizations build sovereignty and security over access and privileged information.” that has expanded its activities worldwide.
Finally, I leave here my final thoughts; you always need to do your best in whatever area you choose to work with, with dedication and effort you will get there!
Enlighten us on how you have been impacting the dynamic industry through your expertise in the market.
I believe that my contribution is related to where I worked/work as a Professor in college, graduated and MBA courses, teaching Malware Analysis, Cloud Security, Offensive Security, Threat Hunting and Incident Response.
Another collaboration for Industry is related to my participation in events of Information Security of new technologies, mainly in events in the European Union.
And finally, I’m an active member of some hacking communities (US, Brazil and Europe), helping with presentations, building trails at conferences and sharing Opensource content for everyone through social networks and events.
Describe in detail the values and culture that drive your organization.
Currently, I have been working as an Information Security Researcher at senhasegura; We strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through the traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.
What we believe as senhasegura is that protection, access, and confidentiality of privileged information are fundamental rights of any organization and society as a whole; our mission, is to be the best privileged access management solution in the global market.
And the Mission is “to help organizations build sovereignty and security over access and privileged information.”
Undeniably, technology is playing a significant role in almost every sector. How are you advancing towards technological innovations to make your solutions resourceful?
In recent years, there has been a lot of talk about digital transformation in many sectors of the industry; we see a growing daily development of solutions using AI (Artificial Intelligence), new technologies inside factories and much more, with the increase of new technologies, we also see a large increase and evolution of threats.
As a Security and Threat Researcher, I have been looking to understand how each attack works within Cloud environments, analysing and understanding how each attacker uses cloud permissions to escalate privileges.
What, according to you, could be the next significant change in your sector? How is your company preparing to be a part of that change?
When we look at the last 5 years (2018 to 2023), we see many types of attacks repeating themselves since the famous WannaCry attack in 2017. Attacks using ransomware as an attack vector have continued to be a very successful model in recent years, and it continues to be a very effective business model. There is already an industry that has grown a lot, with tutorials and the search for new insiders to carry out the necessary attacks, in addition to RaaS attacks – Ransowmare as a Service.
Comparing the past with the future, we were able to observe that attacks always seek an identity with a certain level of permission, for this attack to occur, that is, for the execution of Ransomware, the infected user needs to have permission to execute the even in your environment when an access key is leaked, this key needs to have a certain type of privilege in your environment, that is, everything is related to the type of privilege that this identity has.
Here is some information that according to Gartner about future attacks in the coming years:
– By the end of 2023, modern data privacy laws will cover the personal information of 75% of the world’s population.
– By 2024, organizations that adopt a cybersecurity network architecture will be able to reduce the financial costs of security incidents by an average of 90%
– By 2024, 30% of enterprises will deploy cloud-based Secure Web Gateway (SWG), Cloud Access Security Brokers (CASB), Zero Trust Network Access (ZTNA), and Firewall as a Service (FWaaS), sourced from the same vendor
– By 2025, 60% of organizations will use cybersecurity risk as the primary determinant in conducting third-party transactions and business relationships
– By 2025, 40% of boards will have a dedicated cybersecurity committee overseen by a qualified board member
– By 2025, 70% of CEOs will build a culture of corporate resilience to protect themselves from threats from cybercrime, severe weather events, social events, and political instability
– By 2025, cyber-attackers will be able to use operational technology environments as weapons successfully enough to cause human casualties.
The percentage of states that enact laws regulating ransomware payments, fines and negotiations will increase from less than 1% in 2021 to 30% by the end of 2025
A significant change could be the increased integration of artificial intelligence and machine learning in cybersecurity. AI-powered tools can help organizations detect and respond to threats more effectively by analyzing vast amounts of data and identifying patterns indicative of malicious activity. senhasegura might focus on enhancing its AI capabilities and developing solutions that leverage machine learning to offer proactive and adaptive defense mechanisms.
Where do you envision yourself to be in the long run, and what are your future goals for the organization?
I’m currently very happy doing one of my dreams as a Security Researcher and Cybersecurity Advocate, for the future what I’m looking for is to focus on being Threat Researcher, maybe creating a Threat Security Team to understand how APTs groups create their attacks, investigating their attacks and how this knowledge can help enterprise organizations to anticipate possible attacks.
senhasegura’s primary goal is to expand its reach to the international market while simultaneously championing the cause of digital sovereignty for global society. With a steadfast commitment to security and innovation, the company seeks to empower organizations worldwide with cutting-edge solutions that safeguard their critical assets and sensitive data.
What would be your advice to budding entrepreneurs who aspire to venture into the dynamic industry?
Keep your focus and determination, no matter what area you work in, you always need to do the best in whatever area you choose to work in; with dedication and effort, you’ll get there!
Remember that you are unique, and that’s why your work is unique, don’t be in a hurry to speed things up; to grow in any industry and especially in cybersecurity, you need to master the basics very well, so don’t rush, solidify your knowledge well and step by step you will evolve.