On technology From Europe Interesting people

Paula Januskiewicz: Understanding infrastructure is not the same as knowing how to attack it

31. 7. 2024

The number of cyberattacks will not decrease. Let's face it and defend ourselves. This is how one could sum up the words of Paula Januszkiewicz, a Polish cybersecurity expert who spoke this spring at Security 2024, Aricoma's annual conference about IT security trends. Januszkiewicz, whose company CQURE has four offices around the world, spoke about why companies and institutions can't resist attacks, how to get more experts, and where the industry is headed.

Actually, it's a paradox. We all already know the importance of cyber security, and we have the tools to make it happen. Yet the number of incidents and their negative consequences continues to grow. How is this possible?

Actually, it's a paradox. We all already know the importance of cyber security, and we have the tools to make it happen. Yet the number of incidents and their negative consequences continues to grow. How is this possible?

"Imagine your day is packed with tasks, but you know you won't be able to complete them in 24 hours. So you have to accept a certain level of risk, and you don't know in advance how big that level is. Cybersecurity as a field is very broad, and it is difficult for administrators to take into account all aspects and risks at once," Januskiewicz explains her view, and just simple data from the Czech National Office for Cyber and Information Security proves her right. It recorded double the number of incidents in 2023 compared to 2022.

Businesses and institutions know this and are taking the security of their networks and technologies far more seriously than before. Even so, in the never-ending battle, they're more like a cop chasing a thief. The energy spent on solving problems and preventing them is still too little, or going in the wrong direction.

The best defenders are those who are most worried about business

"We lack experts, some detection systems are set up poorly so people then ignore alerts, organisations lack plans on how to behave in the event of an attack, and new threats associated with the advent of artificial intelligence add to this," Paula lists the most common problems as she, along with more than 60 colleagues, helps set up security and deal with the aftermath of attacks around the world.

Their clients include governments, banking institutions, companies in the oil and gas industry, as well as manufacturing companies and hospitals. And if Januskiewicz has observed anything, it's that the companies that take the best care of protecting their networks and technology are those that value their business the most. "Banks are a good example. They know that the most valuable thing they have is their trust and reputation and they don't want to lose anything at any cost," she explains.

2024-03-28_TOM2225.jpg

She and her colleagues help with acute incidents, but more often they conduct comprehensive infrastructure audits before an incident occurs. "It happens repeatedly that companies don't have enough trained staff to deal with the situation, and that's when our expertise proves crucial. It's not that cybersecurity is not appealing, it's more that in our industry you have to learn a lot of new information beyond the normal IT and, more importantly, a different point of view. Knowing the infrastructure helps, but you don't build it, you have to know how to attack it," Januskiewicz flips the optics.

For many professionals, she says, this can then lead to feelings of insecurity: "Do I know enough?" "I am well aware of most of the developments in my field, it's my passion and my profession, I follow it. But I don't know about every new tool, I haven't read all the new research. I stay informed enough to be confident in my knowledge and skills. That if a customer is targeted, I'll always know what to do. But I understand that for newcomers to the industry, this constant flow of information can be overwhelming," she admits. That's also why she advocates the approach that you can't operate as a solitaire in cybersecurity, but have to network and share all the time. Because at any given moment, someone in the world is experiencing a new attack, which can then help other people. And by the way, this is why the Security conference exists.

2024-03-28_TOM1929.jpg

Paula Januszkiewicz

CEO and founder of CQURE, cybersecurity expert, penetration tester and trainer, Microsoft MVP and Microsoft Regional Director. A world-class cybersecurity expert, she provides consultation to customers worldwide. A 2017 graduate of Harvard Business School, she speaks at the world's largest conferences, conducts penetration testing, architecture consulting, training and workshops. She is a member of the technical advisory board at the Royal Bank of Scotland/Natwest. And to top it off, she has access to Windows source code.

"In our industry you have to learn a lot of new information beyond the normal IT and especially a different point of view. Knowing the infrastructure helps, but you don't build it, you have to know how to attack it."

On something different Interesting people

Lone Rider in Scandinavia – Nordkapp and other Norwegian pitfalls

15. 7. 2025 / Pavel Dvořák, Head of IT Support in the Digital Team at Aricoma

In 2019, I dusted off my long-held dream of seeing Europe's northernmost road, the legendary Nordkapp. Unfortunately, I had very little time for vacation, so I didn't even tell anyone else, as I wouldn't dare force anyone to grind away most of the days. So I decided to treat the journey as the destination and enjoy the ride itself rather than the experiences in the surrounding area. At the same time, I was tempted to clear my head a little and rely only on myself and my machine along the way. I had never done a solo trip like this before, and you have to try everything, right?
On technology From the Czech Republic Interesting people

From 3D liver model to virtual reality. Connecting organ donors and recipients faster

11. 2. 2025

David Sibřina has something at work that I'm sure none of you have. It's a 3D print of a liver with all its protrusions and projections, and it's a bit of a symbol. The researcher, who works at IKEM as head of the augmented and virtual reality surgery planning group, actually started working on incorporating virtual reality tools into the surgical process the moment it became clear that even modern planning techniques using just 3D prints weren't enough.
On something different On technology Interesting people

Czechs want to help, but it has to be simple. So we made it possible for them

7. 1. 2025

The need to adapt, to deal with server and database capacity, to scale. When you say charity, you don't associate any of those words with it. But David Procházka, the founder of Donio, the largest and well-known donation platform in the Czech Republic, doesn't tend to think that way. On the contrary, he talks about Donio as a technological tool that facilitates help. In the interview, he explains what it entails and what has made it so popular. He and his team have managed to solve old problems much more efficiently using new tools.
Other articles
We care about your privacy

We use cookie identifiers that are necessary for the functionality of the website. By clicking on the "I understand" button, you also agree to use other types of cookies for statistical traffic measurement or to customize content and target marketing according to your interests.

The consent granted in this way can be revoked at any time or set according to your preferences. In the "Cookie Settings" option, you can find more detailed information on the whole issue.

I understand Cookies settings Only necessary cookies