This is a blog post with Ph D Erik Johansson, one of the organizers of the CS3sthlm summit. Below you find the interview we did with him as the planning and preparation of the conference and expo, was in full swing!
Erik Johansson - Co-founder of CS3sthlm
Behind the scenes: Erik Johansson, CS3sthlm organizer
What is your name, profession and where do you work?
My name is Erik Johansson and I work as an independent advisor helping organizations with assessments and procurements to increase industrial cyber security.
I often see myself as an Cyber Security Evangelist. Since I have found that most often the root cause behind technical weaknesses comes down to changing organizations mindset by educating and training them!
How did you get involved with this conference?
Well the ideas for this conference started like a decade ago.
Every winter Robert and I visited S4 the S4 conference in Miami. However, we were surprised about the small number of Europeans over there - despite the lack of good conferences focusing on Industrial Cyber Security in Europe. The ones that existed was too commercial and lacked the combination of technical depth and business perspective that we thought was necessary!
How did you get involved in this field?
During my research at the Royal Institute of Technology (KTH) on the security challenges, when migrating from analog to digital equipment (aka programmable electronics), I found that the security could also be related to the mindset of the people.
A root cause of technical weaknesses can often be traced back to the lack of understanding the security implications of the business decisions.
The last decades have I therefore preached about security awareness for organizations in order to change their fundamentally immature mindset regarding security.
About twenty years ago I met Robert Malmgren – a very clever IT-security person who did not only understand the bits and bytes but could also see the business perspective - and the lack of human understanding of the complexity. Since then have our roads crossed many times in security related projects.
What is your role during the conference?
As the co-founders, Robert Malmgren and I are involved in most part of the planning as well as running the event. Involved in program committee, evaluating the submitted papers, selecting partners and perform the overall discussion with industry.
Running a big event like CS3sthlm is different from your day-to-day work, or?
Definitely different. It’s a strange time consuming ”hobby” – that takes a huge amount of our limited spare timet. However, it’s also super exciting to get to know so many clever people from allround this planet… :)
Is it a marathon race, a 100 meter race, is it cat herding or something else to do this kind of job?
Tricky question. It’s really a mix. It’s a Marathon in the way that the planning and preparations starts almost direct after the last one and is ongoing for almost a year. Sometimes it’s more like a 100 meter race - like when we get 50 great submissions that needs to be evaluated. Or when the final program and all pieces is getting in place… and yes we are all exhausted after each event.
Why should I go?
Everyone that is working in critical infrastructure, as manager or operational, and would like to learn more about current threats, incidents, vulnerabilities and experiences as well as success stories should go.
Not to say the least is to participate in the networking among peers that inspire and share valuable knowledge during the event!
What are the biggest challenges that you see?
Industry have a huge challenge, not only to continuously increase their knowledge and awareness but to get a mature security culture in place.
The challenges from a conference perspective is to reach out and bridge the unfortunate gap between top-level decision-makers and technical experts as well as the gap between IT and OT departments.
What is your best memory from previous conferences?
Hard to tell - there are so many good memories.
One was when the security researcher Ruben Santamarta (IOACTIVE) did a live hacking demo on a critical SATCOM equipment turning into a slot machine in front of our eyes. Another special memory was to listen to the only Swedish Astronaut, Mr Fuglesang, as evening speaker! :)
What do you look forward to with this year’s event?
I’m really excited for this our fifth anniversary which has been extended with an EXPO on the day before the SUMMIT!
Any last words of advice to our readers and the attendees?
Arrive early! Participate and interact with the vendors at the EXPO. Moreover, take the opportunity to discuss the strategical challenges that follows by the ongoing regulations and visit and don’t forget to take a look at the ICS lab and the demonstrations of valuable security solutions.