CMA talked to Marek Pietrzyk on Data Classification and Protection
Date: 7 July 2017
Amar Singh, CEO and founder of Cyber Management had the pleasure of talking to Marek Pietrzyk, Director and Program Manager for Digital Data Protection at UBS on a range of topics including data classification and protection, the need for education and training, and his top three cyber security challenges for organisations today.
Marek started his career when there were little to no skilled cyber security/data protection people in the world and worked his way up the ladder. From a technical/engineering background, he moved in the finance industry, in an information technology role programming tasks and managing projects. He is now leading one of the largest data protection programs in one of the biggest financial institutions worldwide.
What started your interest in cyber security?
For Marek, his strong background in engineering led him to information technology, coupled with the relentless press reporting on cyber security threats around the world, such as encryption; these are very interesting to Marek. But he was also keen to develop his management skills in order to ensure that he can carry out the program management role he now finds himself in.
But the challenge is always keeping a balance between the engineering side of him and the management aspect. It’s important to understand all the details, which is not always possible of course, particularly if your education level is several years old; this makes it difficult to understand what is happening right now. It’s about your job and deliverables – Marek aims to deliver on time and in budget.
What advice would you give those looking to enter the world of cyber security?
Firstly, Marek describes his current programme management role. He deals with stakeholders, internally and externally, so there’s a lot of exposure to senior management, to legal companies and departments, CEOs and company boards. The other aspect is that he has to deliver the information technology requirements.
To do this, Marek believes you need the ‘hard’ skills coupled with the ‘soft’ skills. The mathematician, engineering and information technology skills, i.e. the binary skills, need to work together with presentation skills – without these skills, it will be difficult to sell your concept, your ideas, your plans to management.
“You need the binary skills as well as the presentation skills. Without presentation skills, you are just a salesman, and that’s a different job.”
Marek would recommend developing your interaction skills, i.e. the soft skills and in Marek’s case, it was with practice. He practiced in various companies before UBS, meeting lots of people, presenting and being challenged by others; but always try to be as focused and clear as possible.
What’s your ideal candidate?
For Marek, it really depends on the project. In a typical project there will be engineers, test teams, project managers, etc. Each role has different requirements, a different set of skills. However, he would always look for a good certification/degree. From there, a conversation with the candidate and Marek very much likes people that are open, who are extrovert, which is sometimes not always easy for engineers!
But this is probably the biggest challenge for engineers, to get on projects that require a lot of communication – it’s important that people are good communicators. Try Marek’s PowerPoint Karaoke – you prepare a presentation and the candidate presents it!
Why data protection?
From an organisation’s point of view, it needs to understand the requirements and this is the challenge; the measures that need to be taken and how to implement. Lawyers need to understand data protection law; you need people that understand data classification and records management, as well as compliance and discovery – these are the topics related to data protection and there is a lot of demand in this area.
Cyber and data protection is inter-related. It’s important for data protection to classify data because you need to understand which assets to protect, and this is a very challenging role. There’s a lot of room in this area for someone that can come up with a good idea of how to do that automatically, like super-intelligent scanning devices. It’s not there yet, but it will be.
How does a small-to-medium sized organisation deal with data protection?
To Marek, this is difficult but he believes that they still need to work with professionals that can help them focus on data classification first. The biggest challenge, for all organisations, is about people; how to teach your own people so that they really understand how to classify data. Training and education is really important. It costs but without it, you’ll end up with wrongly classified data.
“You must have support from the top and take it seriously. Organisations expect this and protecting data is key.”
Top Three Threats/Opportunities?e.
- Secondly it is cyber security. Easier for large organisations, but harder for smaller companies.
- Thirdly, cost pressure. It is hard to justify the spend on security and data protection because it doesn’t generate direct revenue, but pressure will continue to find the most appropriate solution.
View our full, exclusive Insights With Cyber Leaders interview with Marek Pietrzyk, UBS.