Ambitious, eager to learn and a real go-getter. That describes Derek Hoffschlag in a nutshell. He has been part of the team at DWG since 2017. After qualifying as a software engineer, he has now specialised in cyber security: a relatively new discipline within DWG. We wanted to share Derek’s impressive CV with you, but it is encrypted, encoded and masked. To tell you what Derek does, the subject of this blog article, we set up a ‘secure’ meeting with our colleague.
What is Derek's approach?
“As a cyber security engineer, you usually focus on one area at a time. You either have an advisory role or you are assigned the executive role”, Derek says. “After all, you want to work independently. So we often collaborate with an external cyber security company to guarantee maximum effectiveness and reliability of the control measures for our customers. Sometimes though, we are assigned both roles. In that case, we have additional testing done by an external company.”
The advisory role: cyber security management
“You occasionally encounter a customer who is starting from scratch. In that case, we jointly define the initial cyber security framework. We use a risk-based approach to advise across all of the company’s activities: i.e. cyber security management. The most important aspect of this is identifying the risks to which your assets are exposed. The ISA/IEC 62443 standard is helpful here”, Derek explains.
The executive role: technical support
“When we assume the executive role, we are the ones who tackle the design and realisation of the control measures. Our goal is to mitigate risk. In other words, we try to prevent or remedy digital threats. So we get involved in network segmentation, DMZs, firewalls, access security, system hardening, patch management…and so on, the list is almost endless.”
What differentiates DWG from other cyber security specialists in your opinion?
Derek: “We always look very carefully at the organisation for which we are addressing a cyber security issue. Together with the customer, we explore possible best solutions and choose what actually works. After all: the control measures shouldn’t only look nice on paper, they should also be practical. And fortunately – thanks to our long-standing experience – we know what works and what doesn’t. So there is never even a hint of a workaround when DWG is involved.”
“DWG is a party that acts as a true partner. You can always expect honest advice from us. Thanks to that approach, we and the customer identify and implement the optimal and most practical solutions. We also always ask ourselves whether our solutions add value to the process. To answer that question, we make sure that we understand the customer from A to Z. Moreover, our goal is to ensure that processes can continue to run as smoothly as possible.”