Q1. Tell us about yourself?
I’ve been in the industry for almost 15 years, currently serving Intel as a Business Unit Security Lead, responsible for Software Product Security. Intel today is much more than just a chipmaker – we create world-changing technology that improves the life of every person on the planet – from the personal usage through advancing network to empowering datacenters and ubiquitous clouds. My mission is making sure Intel delivers the best and robust technologies in the world, that are used for good, not for bad. My responsibilities include all the aspects of product lifecycle: architecture, threat modelling, secure developments, validation, vulnerability management, incident response as well as trainings and business engagements, when it comes to security questions. I’m a seasoned trainer at universities and educational centers, mentor and consultant for startups. I’m also fond of hiking, camping, and running that I regularly perform with my family.
Q2. Product security is a critical component of brand protection. What do you see as the most pressing challenges and emerging trends in product security within the European context?
Giving the variety of products, especially in digital space, and competitiveness level, trust becomes the key aspect for brands. It’s as simple as that: if you don’t have reliable software, robust apps and anti-counterfeit digital practices that power your product, nobody is going to use it anymore. Substitution or infection of the product, leaving a weakness in the code or implementation, poor inventory and vulnerability management – just a few examples of threats that may have impact on reputation and can lead to direct financial losses. As one of the most pressing challenges I’d highlight lack of general awareness and of engagement between business, engineers and risk/security departments. Companies’ Security-First pledge should be routinely executed, assuming following best practices and using modern (not necessarily expensive) tools.
Q3. The regulatory landscape for product security can be complex. How should businesses navigate compliance requirements and standards in Europe while also protecting their brand reputation?
Obviously, local regulation in EU is challenging to navigate, especially for international brands that must conform to all legislations across the globe. Companies haven't had time to completely sort out GDPR implementation yet, but herein EU there are even more challenges to come like CRA (Cyber Resilience Act) that somebody calls “open-source killer”. With CRA and debates around AI Act (includes Generative AI questions which becomes ubiquitous), the product or service liability requirement are the new default responsibility for companies. No matter of what disclaimers you state in customer agreements, brands will be responsible for delivering the top quality, robust and secure products to their customers. My recommendations for companies operating in EU is don’t wait – act now, pay more attention to cyber. For example, ENISA (European Agency for Cybersecurity) constantly issues implementation guidelines and training materials for all range of firms from SMBs to Enterprises.