​Ian Cornielje, Tergos: “the importance of cybersecurity is still terribly underestimated by organizations”

​This blog has previously appeared on Cybernews.com. Read the original interview here.

Because of the current global events, the demand for cybersecurity upgrades has been rapidly increasing in the business sector. It’s safe to assume that only critical situations force companies to take online safety seriously.

Even though the number of companies that integrate solid cybersecurity tools into their systems is continuously growing, there are still numerous cases of data breaches each day. Experts emphasize, that implementing reliable password managers, antivirus software or other consumer-grade tools is only a tiny step toward better cybersecurity in a company.

To find out, what is truly necessary to maintain comprehensive protection around devices and data, we have interviewed Ian Cornielje, the Cybersecurity Recruitment Consultant from Tergos – an IT infrastructure and security staffing company.

How did Tergos originate? What has the journey been like since your launch in 2011?

I was not working at Tergos when it was founded. But Tergos originated as a “brand” under the organization Vibe Group. Tergos was created because our founder Diane Kwakman, who is still in charge, saw a need in the market to recruit and mediate cybersecurity specialists in an in-depth way. This will be elaborated more in the next questions.

​

Can you introduce us to what you do? What are the main challenges you help solve?

I am responsible for the recruitment and mediation between interim cybersecurity specialists and client organizations, which is done according to a technical substantive, and in-depth approach. By this, I mean that in our work we consider the technical match and the personal match between the cybersecurity specialist and the client organization very important.

A concrete example is that every cybersecurity specialist we work with is always first met in person by two Tergos employees. This allows us to map out the technical knowledge and personality of the specialist. Because in addition to the fact that a specialist must have the right knowledge, we also think it is very important that a specialist has a good personal connection and fit with an organization. We also apply this way of working towards the client organization. We map out what technical knowledge a cybersecurity specialist should have. But we also want to know what character traits the cybersecurity specialist must have and in what kind of work environment the cybersecurity specialist will be working to establish a good personal fit.

The main challenge I help to solve is to provide our client organizations with the best fitting cybersecurity specialist. And also to offer cybersecurity specialists challenging projects or jobs with which they can expand their knowledge, experience, and network.

What tips would you give to those looking to break into the IT and cybersecurity industry?

A tip for client organizations is not to just look at the CV or certain certifications of the specialist. The adaptability and character of the specialist are often given too little attention.

What is actually important for cybersecurity specialists is to communicate more and listen to their colleagues. Cybersecurity is not a black and white concept where everyone just has to do their tasks. It is more successful when done together in an organization.

How did the recent global events affect your field of work? Have you noticed any new security flaws or gaps arise?

It is fascinating that events in the world directly influence our work. In particular, geopolitical events or software vulnerabilities affect our work the most. For example, due to the situation between Russia and Ukraine, the demand for cybersecurity specialists is increasing much more. Client organizations now pay more attention to cybersecurity than they did before.

Another example was the Log4j vulnerability. As a result, client organizations and cyber security specialists were working around the clock to solve this problem as quickly as possible. It was not the case that the demand for cybersecurity specialists increased because of this, but there was little regard for other issues at the time.

Although there are plenty of security solutions and providers available on the market, certain companies and individuals still fail to upgrade their cybersecurity. Why do you think that is the case?

I have a short and simple answer to that. The importance of cybersecurity is still terribly underestimated by organizations. As a result, too little is done within organizations and therefore there is insufficient knowledge and expertise available to solve problems.

Additionally, what myths and misconceptions surrounding cybersecurity are the most prevalent today?

In addition to the importance of cybersecurity being underestimated by organizations, it is a misconception that cybersecurity is "finished" at some point. A single penetration test or the one-time purchase of a cybersecurity product is not enough. It is an always ongoing process, after all, malicious parties never sit still either.

Do you think businesses of all sizes should invest in IT solutions tailored specifically for them or is this practice only relevant for large enterprises?

Smaller organizations also have to invest in IT solutions. Of course, it must be financially and organizationally possible to implement these kinds of solutions. Certainly, when IT is a critical part of your organization, which is quickly the case, you must still be able to solve problems. Everyone is at risk from malicious parties or potential vulnerabilities

What security measures do you think are essential not only for organizations but also for casual Internet users nowadays?

A simple tip that I can give to everyone, regardless of financial or organizational possibilities is: It all starts with awareness. Keep your passwords safe, be aware of what you are doing, and be alert. It is also crucial that everyone in the organization must be aware of risks and act accordingly. Anything can be an entry point for malicious parties, both physical and IT-related. A mistake is easily made and not always quickly resolved.

What does the future hold for Tergos?

Given the increasing demand for cybersecurity specialists, the future of Tergos looks bright. It is no secret that the demand for cybersecurity specialists exceeds the supply. This makes it more difficult for organizations to find the right cybersecurity specialists. The role of Tergos will only increase to help organizations with this increasing need.