Cubic’s Konrad Fellmann on Proactive Strategies for Identifying Cybersecurity Vulnerabilities

In this episode of Ahead of the Breach, Casey speaks with Konrad Fellmann, VP of IT Infrastructure and CISO at Cubic. Konrad explores critical topics in cybersecurity, including privacy implications of data collection in the automotive industry, for example car manufacturers are reportedly selling consumer data. 

Konrad also discusses the evolving role of the CISO, emphasizing the importance of pragmatism and understanding business goals. Additionally, he shares proactive strategies for identifying vulnerabilities, such as integrating security early in the development process and conducting regular penetration testing.

Topics discussed:

• The importance of building a security culture within organizations, ensuring that all employees understand their role in protecting sensitive information.  
• The evolving responsibilities of a CISO, focusing on the need for pragmatism and effective communication with various stakeholders across the business.  
• Strategies for integrating security into the development process from the outset, ensuring that security requirements are established early in projects.  
• The dual impact of AI on cybersecurity, enhancing defenses while also providing attackers with tools to craft more convincing phishing attempts.  
• Proactive measures for identifying vulnerabilities, including routine vulnerability scans and regular penetration testing to uncover potential weaknesses before exploitation.  
• The significance of understanding business goals and aligning security initiatives with organizational objectives to maintain productivity and customer satisfaction.  
• The challenges of negotiating with various stakeholders, balancing security needs with operational requirements and budget constraints within the organization.  
• The necessity of continuous learning and adaptability in the fast-paced cybersecurity landscape, especially in the context of cloud and DevOps environments.  
• The role of encryption and data anonymization in protecting sensitive information and ensuring compliance with privacy regulations in the transportation sector.