More about the advancement of Security Operations Centers and securing SCADA systems will be disclosed in our interview with Pavel Cvešpr, Realization Manager at Corpus Solutions. It’s one of the very few Czech cyber security companies with purely Czech capital.

What is your cyber security portfolio?

Our portfolio is quite wide. Let’s start with security technologies, where we supply design, implementation, servicing, consultation, and training to our customers. We also offer SOCs including design, training, or even turnkey operation. Our services cover offensive security, red teaming, penetration testing and education. Our expertise also includes applications security, architecture review, code review, creation and implementation of safe development politics. Furthermore, we offer consultations for security fields like ISO2700x, GDPR, the Act on Cyber Security, we create security guidelines for our customers, and we supply turnkey services of security architect.

Your company has a developer history. Is it a benefit for you, does it project into your current work?

It definitely fades into our work, it’s the most visible in the area where we supply applications security. We’ve confirmed how important it is to have a developer background for the applications security. The language of security staff and development staff is quite different. Even the tasks of both roles are different. It’s a great advantage if applications security is taken care of by someone who used to develop applications.

You were one of the first to build a SOC in the Czech Republic. What advancement do you see in this area – is today’s SOC the same as 5 years ago?

The progress is very apparent. Maturity of customers is growing and their requests as well. Services offered in this field are very quality and effectiveness oriented. Customers demand palpable results, and they motivate us as a SOC provider to constantly innovate. The extent of the integration of customer’s team and provider’s team also deepened. Both at the technological and process level.

As one of the few in the Czech Republic you handle security of SCADA systems. What makes industrial automation an interesting target for attackers? Do you see an increase in numbers of attacks at SCADA systems?

We need to realize where the SCADA systems are used. It’s critical infrastructure: water, gas and oil distribution or electricity generation. Attacker can cause enormous damage, national security breach or even endanger human lives. That’s a huge motivation. Industrial automation also presents an interesting target for hackers. Every year numbers of identified cyber-attacks rise and SCADA systems are no exception.

You offer a modern experience-oriented training, the Cyber Defense Academy. For whom is it designated?

Corpus runs its own training environment. Our courses are aimed at different groups of users. We have courses for security specialists, technical administrators, SOC team analysts, management, and application developers.

Do you cooperate with universities? Do you offer any internships or junior programs to young CS enthusiasts?

Traditionally, Corpus cooperates not only with universities but with high schools as well. We are able to engage young talents in our work. We try to balance their studying duties with practical engagement at our customers’ tasks. And we’re happy that we also have Cyber Security Challenge absolvents working at Corpus.

Thank you for the interview