April 23, 2024
Mohamad Mahjoub, CISO, VEOLIA Near and Middle East

Mohamad Mahjoub, CISO, VEOLIA Close to and Center East

1. What are among the main challenges and developments which were impacting the Enterprise Safety house these days?

It is my pleasure to talk to the enterprise safety journal. I’ve been the CISO of the Close to and Center East area for the previous three years. Now with the acquisition of SUEZ’s enterprise within the space, IT and OT challenges are inevitable and alternatives are abound.

My areas of experience are IT/OT governance, knowledge safety, cloud safety, danger administration, and software safety. I’ve greater than 17 years of expertise in IT with a deal with Cyber Safety. I’m the creator of the ebook “Moral Hacking with Kali Linux Made Simple” which is printed on Amazon, in addition to many on-line Cyber Safety programs a few of that are sponsored by Packt and O’Reilly, that’s on prime of being an lively YouTuber on moral hacking matters.

2. What retains you up at night time on the subject of among the main predicaments within the Enterprise Safety house?

Everyone seems to be combating in opposition to a outstanding IT and OT menace panorama; Veolia Close to and Center East area isn’t any totally different.

As you could remember, some threats recognized within the diagram under have the potential to evolve into disruptive and damaging capabilities, significantly the availability chain and ransomware assaults. On prime of that, ransomware gangs are an rising fixed menace attributable to the truth that they share strategies, infrastructure (C&C), and strategies.

Ransomware-as-a-Service (RaaS) has additionally emerged to be a typical time period the place malicious ransomware packages are made out there to different criminals, who can simply make use of them.

 I can sum it up in a single phrase “Digital transformation Journey”. The pillars of this journey are the deployment of commercial IoT options, getting ready for IT and OT convergence, along with embedding safety inside the finish person expertise by enabling them to attach securely from wherever, anytime, from any system 

Furthermore, the vast majority of the commercial surroundings is susceptible to newly identified defects (ripple 20 and amnesia), misconfigurations, and insufficient upkeep, which is in flip helping these threats to materialise. The principle problem is that we at all times should be vigilant about new menace vectors for IT and OT environments.

3. Are you able to inform us concerning the newest mission that you’ve got been engaged on and what are among the technological and course of parts that you simply leveraged to make the mission profitable?

 

I can sum it up in a single phrase “Digital transformation Journey”. The pillars of this journey are the deployment of commercial IoT options, getting ready for IT and OT convergence, along with embedding safety inside the finish person expertise by enabling them to attach securely from wherever, anytime, from any system.

 

Nonetheless we’re tackling many challenges on this spectrum. Adopting new know-how whereas urges us to stability the wants between safety and pragmatism; bringing IT and OT collectively will not be as straightforward because it appears, the reason being that we can not raise and shift enterprise safety controls to OT seamlessly.

 

We’re consistently working with our friends everywhere in the world on securing our methods to fulfill these calls for and, in consequence, enterprise wants, whereas taking into consideration the distinctiveness of native and related cyber legislations.

OT safety has at all times been a problem to us, that being mentioned, we’re benchmarking international requirements akin to NIST 800- 53, NIST 800-82, and ISO 27001:2013 to constructing our inner “Safety Framework” to assist us present a constant language for the safety neighborhood throughout Veolia, it will in flip help us to analyse and successfully convey our safety posture, away from the intricacies of frameworks and requirements.

These initiatives have aided us in:

• Keeping track of the OT surroundings and creating particular use instances to reply swiftly to questionable exercise.

• Defending the OT surroundings by detecting and mitigating Cyber Dangers to stop attackers from exploiting vulnerabilities and assault surfaces.

• Preparing for the IT/OT convergence.

4. That are among the technological developments which excite you for the way forward for the Enterprise Safety house?

Everyone knows that danger may be diminished by implementing a wellmaintained defence-in-depth strategy, which is precisely what we’re constantly engaged on.

We consider that the governance umbrella, along with worker cyber consciousness and having an outlined and examined incident response process in place, is the cornerstone of this technique.

We’re at the moment deploying OT vulnerability administration options throughout the area, which can present us with many safety advantages:

• OT Community Visibility at a Excessive Degree

• Capabilities for detecting threats

• Along with operational information

We consider that such initiatives go hand in hand with the necessity for digital transformation and company modernization.

5. How can budding and evolving firms attain you for ideas to streamline their enterprise?

Offering again to the cyber safety neighborhood at all times offers me a way of function. I’m glad to be of help to any firm or enterprise in search of any advise in that facet. I’ll be pleased to attach on LinkedIn.