Interview with Herbert Huß

December 19, 2015

BSidesHH Logo

Interview with Herbert Huß

Here we are, back again with Security-BSides in Hamburg! Last December’s event was an overwhelming success, and encouraged by the participants we felt we needed to offer a second conference whilst 32c3 was in town. Minimum time-frame, scarce resources, but yet again some awesome people around us made it happen!

This is why we want to introduce some of them to you. We’re currently interviewing sponsors, speakers, participants, workshop-leaders, supporters, and community members who spread the word even if they can’t make it to Hamburg. So join us in meeting our great BSides family!

This is Herbert Huss, Managing Director of the TÜV Süd SEC-IT. TÜV SÜD Sec-IT was established in 2013 to bundle TÜV SÜD’s services for IT security and data protection. TÜV SÜD Sec-IT supports companies operating in all industries to make their IT infastructure more secure and in protecting their sensitive information and personal data.

Herbert's picture

1. You are new to our BSidesHH community! First of all: welcome! And thank you very much for making BSidesHH 2015 happen! Why do you think it is a good idea to support the international IT Security Community?

We have always been about safety. It was an exploding boiler that gave life to TÜV SÜD when it was founded in 1866 as the first steam boiler inspection association. Its remit was to “protect people, the environment and property against technology-related risks”. That remit still stands but we have moved with the times. Nowadays we are less concerned about steam-age technology and increasingly concerned about risks associated with life in the digital era. Cyber risks are currently one of the most serious threats to companies but it has become more and more difficult to keep pace with cybercriminals. With the support of the international IT Security Community TÜV SÜD Sec-IT wants to encourage the “good guys” to continue their work.

2. The TÜV organization is known as a provider of certificates, for example for cars - they are checking if security standards are met and if so, car owners are allowed to drive their cars. If not - they cannot drive their cars legally here. Are you aiming for a similar kind of certificate for IT-infrastructure in Germany?

We support our customers in protecting their valued online resources and information by offering services for technical and organizational IT security. And yes, with ISO 27001 there is an international standard for Information Security. TÜV SÜD certifies Information Security Managing Systems (ISMS) according to this standard.

Internet security and data protection is a natural extension of our business so we are aiming to help national and international, cross-industry customers to reduce risk and add safety and certainty to their digital activities. Ultimately we are aiming to offer a simplified, one-stop solution for all IT security services includingpenetration testing, managed security services, data protection, consulting, compliance and surveillance checks, as well as independent certification according to international, national and industry-specific standards.

3. What is the biggest challenge you face talking to German companies?

Many companies are still not aware that IT security is now an issue that needs to be addressed by top management. It is no longer the sole responsibility of the IT department. In fact, it is widely believed by experts in this field that IT security is 20% technology and 80% awareness, strategy and organization. Even when a cyber attack has been identified, there is often a lack of defined responsibilities in order to handle those incidents. It is important to point out that companies will not be able to protect themselves against cyber threats with technology alone. To do this, they have to invest in hiring and educating IT security specialists.

4. What is the biggest challenge you face talking to Hackers?

For many hackers it is quite challenging to explain what they do to people working at management level. Most hackers love to get lost in technical details while from a business perspective other things such as risk estimation are more important. The challenge is to combine the identified vulnerabilities with the impact analysis to get a good risk estimation which is neccessary for the organisation.

5. What improvements could a BSides community provide? What would you hope for? Is there anything you would like our community to give thoughts to?

For anyone who is not able to travel to the conferences it would be great if the sessions could be recorded and shared publicly.

How to book tickets

You can book tickets to the conference, via our Eventbrite page.