Information security is paramount for any organisation, especially those operating in the financial and technology sectors. The role of the Chief Information Security Officer (CISO) has become increasingly crucial to safeguard sensitive data and ensure the integrity of digital infrastructure.

In this article, Daniel Cederhierta shares insights into his role as CISO at Trapets, his steps to fostering a culture of security awareness within the company, and the importance of driving innovation through strong security practices.

1. Tell us about yourself.

As the Chief Information Security Officer (CISO) at Trapets, I bring not just experience, but a deep-rooted dedication to my role. With nearly 20 years in various roles in the financial industry, I have refined my ability to handle security challenges, consistently prioritising the safety and security of our company.

I'm a big fan of structure and processes. I'm always looking for ways to make things more efficient through well-defined working methods. This approach not only boosts our operation, but also keeps our security measures efficient, strong, and adaptable to new threats.

Outside of work, I love baking, ice hockey, music, wine, video games, skiing, and...well, a lot of things. I am a firm believer in doing the very best of every day!

2. Describe your role as CISO at Trapets. What does your day look like?

As the CISO at Trapets, my workdays are dynamic and multifaceted. I constantly review the latest security alerts and news to stay updated on emerging threats.

I review and plan improvements to Trapets Information Security Management System (ISMS), focusing on optimising processes and implementing new security measures. I often spend time on project management meetings, tracking security project progress, and engaging in close dialogue with customers to address their security concerns and requirements.

I also facilitate an internal cyber security forum to analyse cyber security intel, assess cyber security risks, and discuss the current threat landscape. Throughout the day, I focus on enhancing our security systems, fostering a collaborative environment, and maintaining open communication with colleagues and customers. 

Hopefully, I don't have to react to incidents but instead invest time in risk assessment and proactively secure our IT platform!

3. What role does CISO play in driving innovation within the company?

As Trapets is a SaaS company within the RecTech industry, cybersecurity and information security are critical due to the sensitive nature of the data and the solutions we provide.

It's crucial for us to protect this data from breaches, theft, and unauthorised access. I'm focusing on innovation and strong security practices, which are essential for our long-term success and sustainability. 

Additionally, superior cybersecurity practices help differentiate our company in a competitive market with high-security demands.

As Trapets CISO, I am not only aware of the rapidly evolving threat landscape but also proactive in ensuring that we adapt to it. This proactive approach to cybersecurity is a key part of our strategy, enabling the company to stay one step ahead of emerging threats.

4. What are 3 steps you take to foster a culture of security awareness throughout the company?

Security awareness training: Implement regular, mandatory training programs for all employees, covering the latest security threats, best practices, and the most common vulnerabilities. These programs should be designed to be part of everyday work. Preferably, they consist of micro-training sessions and simulated attacks, providing information you can use to tailor improvements suited to your organisation. 

Incorporate security into business processes: Integrate security considerations into all business processes and decision-making. This involves working closely with other departments to ensure that security is a key factor in product development, procurement, and operational procedures. Embedding security into the company's DNA is a shared responsibility. 

Encourage reporting and provide support: Create an environment where employees feel comfortable reporting potential security issues without fear of retribution. Provide clear channels for reporting and ensure prompt follow-up and support. It's important to encourage a proactive attitude towards identifying and addressing security concerns, as this will greatly improve the organisation's overall security position.