Centre stage with Marco Rottigni, Chief Technical Security Officer EMEA at Qualys
Born – I am a passionate geek born in 1970 while TCP/IP and the Internet where still evolving.
Studied / Education background – Born as an accountant, my life changed shortly after completing my diploma when I the entered the IT world - transforming me into the curious learner that I am today - interested in Information Technology, Internet, and Security. I love grounding theory into practical experience.
Current role / bio – Chief Technical Security Officer EMEA; my daily activity connects me with strategic customers across the EMEA region, to understand their security roadmap, to learn from their experience with Qualys, to validate how macro-trends apply to the various markets and verticals.
I distil and summarise this feedback to our Product Managers and Engineering. I am responsible for elevating conversations to pitch the Qualys platform which encompasses holistic, business and technical advantages to help our Customers maximise the value of Qualys along their Digital Transformation journey.
What does your day to day role entail?
Within EMEA region, I am focused on three main activities: discussions with our strategic customers about their security roadmap and about the Qualys platform, to augment and elevate the perception of the holistic business advantages that we provide; attend events to amplify the voice of Qualys across the region with speeches and panel debates; produce content to support the Qualys value proposition in specific contexts such as sales cycles, press, customer conversations, and more.
What’s been your biggest work achievement of the last 12 months?
I have created a self-feeding cycle where I can validate the customer conversations that I hear and learn from the cybersecurity ecosystem, building practical experience, that I can add to the conversation. I think that gives great value in the content I distribute.
What is the biggest challenge facing the industry?
Visibility, accuracy, and situational awareness across the whole digital landscape.
What’s the best piece of advice you have ever been given?
We can be what we give ourselves the power to be. This mantra has become a motto for me.
What are your predictions for the IT industry for 2020/21 or beyond?
I think that companies will strive to normalise the tsunamic wave of information produced by their security stack, adopting solutions to convert data into actionable information; they will build or improve workflows to increase the operational effectiveness from visibility to vulnerable/attack surface remediation, measuring significant metrics such as Time To Remediate (TTR); they will rely on orchestrated playbooks to minimise the impact on resources and they will leverage simulated attack patterns to test holistically the security controls in place.
Why do you think everybody is talking about AI being important for digital transformation but companies are still reluctant to invest?
I believe there is a lot of potential to exploit in AI, but this requires well defined use cases that are not yet clear in the cybersecurity space, as well as reducing the confusing hype built recently around these innovations. I have great confidence in machine learning and neural networks used to build predictive models to support, for example – prioritisation in remediation of anomalies or vulnerabilities. I am pretty sure that this will help defining the ideal user cases for a more massive adoption of AI-powered solutions.
What do you think is going to be the next big technology development?
There have seen historical waves such as prevention, detection, discovery, and response. These phases defined the ideal condition for the next big thing to be around recover: a level of resilience that will allow an organisation to adapt to the stress and devastation caused by security incidents with the minimal disruption to operations and business each time learning a new lesson to become stronger and more efficient.
What does digital transformation mean to you – what in your opinion is most important to a successful implementation?
What I see as most important is understanding that digital transformation is not a set of features to be implemented across the organisation, but it is a matter of mind set and capabilities that need to be developed or strengthened.
The variety of digital species across a modern digital landscape coupled with the velocity, the variance, and the volume of changes are challenges that can only be faced with perfect visibility on all environments including traditional data centres, CI/CD pipelines, cloud, containerised applications, enterprise mobility, edge computing, and more.
Only with the greatest accuracy in understanding the vulnerable surface; only with the ability to prioritise and carry on the remediation processes with the same pace of change; only by integrating and automating the controlled way that information flows across multiple platforms and technologies it is only then we can aim for operational efficiency, to risk mitigation and achieve sustainable compliance.