Viktor Tadijanovic: If people would listen more, they would find it easier to solve even the most complex problems

Communication is key. While we are communicating all day on our tech platforms, I find that people are not listening as closely as they could be. It is extremely valuable being able to consume information from other people in order to obtain perspective. If people would listen more, they would find it easier to solve […]

The Thrive Global Community welcomes voices from many spheres on our open platform. We publish pieces as written by outside contributors with a wide range of opinions, which don’t necessarily reflect our own. Community stories are not commissioned by our editorial team and must meet our guidelines prior to being published.

Communication is key. While we are communicating all day on our tech platforms, I find that people are not listening as closely as they could be. It is extremely valuable being able to consume information from other people in order to obtain perspective. If people would listen more, they would find it easier to solve even the most complex problems.

As a part of our series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of interviewing Viktor Tadijanovic, CTO of Drawbridge Partners, a cybersecurity software and services firm specializing in the needs of hedge fund and private equity managers, overseeing all of the firm’s technology initiatives. Viktor also provides subject matter expertise on all things cybersecurity to clients. Prior to joining Drawbridge, Viktor was the co-founder and Chief Technology Officer at Abacus Group. During his tenure at Abacus Group he served as firm’s technology leader and principal architect of the award-winning Abacus Flex technology platform. Before Abacus, Viktor was a Senior Systems Architect at the Gerson Lehrman Group (GLG). Prior to GLG, Viktor was a Technical Director at Eze Castle Integration where he was responsible for managing technology delivery to hedge fund clients in New York City and Connecticut.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

I was born and raised in Croatia, the country that was known as Yugoslavia at that time. Life was much different in the age before the Internet, social media, cell phones and all the other technological innovations invented over the past 30 years. I spent my days hanging out with friends, playing basketball in the local junior league and dreaming about the future.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

When I was 14 years old, I begged and pleaded to get a Commodore 64 computer — the technological marvel of that time! My family caved in, dished the money out of their savings account and that was when I got fascinated by the promise of technology. It was a beginning of my journey to learn as much as I could about computers and what they can do for humanity.

Can you share the most interesting story that happened to you since you began this fascinating career?

There are many stories. I am particularly proud of being a member of the founding team that built an IT service company from scratch. It was an amazing experience to start with a dream and a vision and 10 years later end up with a company that developed jobs and careers for over 100 people. It was an extraordinary opportunity to learn and grow along the way.

None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

My grandfather was one of the most influential people in my life. A WW2 veteran, who was eliminated out of the fight just months before the end of the war by a stray Nazi bullet giving him a million-dollar wound (just like Forrest Gump). He taught me that glass is always half full and never half empty, even when the only thing in the glass was just few lonely drops. He taught me the value of hard work and persistence.

Are you working on any exciting new projects now? How do you think that will help people?

I am very excited about the platform that we are developing at Drawbridge. We are looking to build a software workflow tool that will help our clients navigate through cybersecurity compliance maze. The tool is looking to pull in different areas of cybersecurity program and makes it a simpler task to implement and follow the program. One of the first modules that we developed is a vulnerability management tool that we named Connect-R. It basically helps our clients identify vulnerable systems and software in their environment.

What advice would you give to your colleagues to help them to thrive and not “burn out”?

It is important to find balance between work and life. Earlier in my career I was heavily focused on my work and not spending enough time with my family and paying attention to my health and friends. Finding the right balance is the key to stay productive over a long run. At one point, I realized that working more is not necessarily more productive and that it will not be sustainable over a long run. I decided to spend more time with my family which is very rewarding as a parent and a husband. My health improved as I took on training and participating in endurance races (long distance running, triathlon). Overall my productivity has improved and some of my most significant achievements took place after the lifestyle change.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry, as it is today, is such an exciting arena. What are the 3 things that most excite you about the Cybersecurity industry? Can you explain?

  • It’s a growing field — there’s so much opportunity to learn and a career path for many people choosing this option
  • Exciting new technologies — cybersecurity is one of the areas where we see most technological innovation
  • Being able to make an impact — cyber is still very much a wild west. In our role we can help and educate clients to protect themselves and to reduce the risks that they would otherwise be exposed to

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?

Cyber ransoms are becoming a very lucrative business. As more companies pay ransom it is attracting more criminals. There are underground marketplaces that sell tools and instructions on how to run a successful cyber ransom criminal scheme. The U.S. Department of Treasury has taken issue with that and have added many of those criminal organizations to OFAC list. Any U.S. company that ends up paying a ransom could end up having legal problems with U.S. Treasury. To protect themselves companies should really make sure that they have adequate technology and controls to protect and/or recover from ransomware.

Do you have a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

We hear from clients almost every week about a new breach, ransomware attack or successful phishing attack. The main takeaway is that waiting for a breach to start thinking about cybersecurity is usually a bit too late. Organizations should develop their cyber programs, plan and prepare. If they follow a pretty simple but predefined template, their cyber adventures could become rather boring — and that is a good thing — we want cybersecurity to be boring and uneventful!

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

  • SIEM (Security Information and Event Management) — this is a tool that aggregates logs from all different systems, correlates the logs and it is looking to alert on events and anomalies.
  • Endpoint protection — This tool runs on all endpoints and protects them from malware.
  • Next gen firewalls — Network edge protection analyzing all inbound and outbound traffic.
  • IDS\IPS (Intrusion Detection\Prevention System) — Sometimes combined and included with next gen firewall. The tool that will inspect all traffic and look for anomalies and cyber-attack signatures.
  • Vulnerability Scanner — A tool that will scan the network for all software and configuration vulnerabilities.

How does someone who doesn’t have a large team deal with this? How would you articulate when a company can suffice with “over the counter” software, and when they need to move to a contract with a cybersecurity agency, or hire their own Chief Information Security Officer?

In every profession there are tasks that can be completed using DIY approach and the others that require professional help. Same with cybersecurity. Organizations and their IT teams can do a lot especially on the tactical/operational side of the house. If an organization is too small to bring onboard a CISO position they should look to partner with a firm who can help them with strategic aspect of their cyber program.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a lay person can see or look for that might indicate that something might be “amiss”?

Aside from the obvious signs such as computer being encrypted with ransomware and big pop up saying that you must pay the ransom or else your data will be erased, there are also more subtle signs that should raise eyebrows. People should look out for a slow running computer; an unfamiliar software being installed or random strange pop ups on the screen which can indicate that there is some sort of trouble going on. Also, IT teams should have logging in place and there should be someone tasked with reviewing those logs on a regular basis. It is very rare that breach will go undetected in an organization that is well prepared.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

It is critical that each company develops Incident Response Plan (IRP), hopefully prior to the breach. The company should follow IRP plan in case of the breach. The plan will typically outline steps and procedures to follow. It should be a priority to make sure that breach is contained first, maintaining the logs and evidence for forensic investigation, legal considerations and notices to customers and to the public.

How have recent privacy measures like The California Consumer Privacy Act (CCPA), CPRA GDPR and other related laws affected your business? How do you think they might affect business in general?

Recent privacy measures such as CCPA and GDPR are here to stay and are part of a firm’s greater information security program. The protection of confidential data is dependent on both technology and human beings, and the regulations give guidelines on how to structure technology and controls within your organization in order to stay compliant. It is important for any business to understand which data they handle that falls under these regulations and ensure their business practices are compliant with the regulations set forth.

What are the most common data security and cybersecurity mistakes you have seen companies make?

I think that by far the largest mistake is that in some organization’s security is not present at the table where decisions are made. It is much harder to implement proper security controls after the fact vs when security consideration is given the thought from the very beginning.

Since the COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?

Yes there was a huge surge in cyber-attacks since Covid started. As all companies shifted to work from home environments there were many new vulnerable areas that did not exist or very insignificant before. Many companies were not prepared for extended work from home and as a result had to improvise some technical solutions. The priority was often to make users productive, but security was afterthought. Some companies allowed remote workers to use their home PCs. Those PCs were not always patched and secured as the ones in the office would have been.

Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)

Cyber program that includes:

  • Policy framework — Structure is important. At the heart of the structure of a cybersecurity program, strong policies are needed in order to ensure the infrastructure, controls, and awareness can help combat the threats that are out there.
  • Cybersecurity governance and risk management framework — As seen above, these policies are created using different frameworks such as NIST. It is important to make sure that no stone is left unturned and that cybersecurity/cyber risk management is an ongoing practice throughout the organization for all employees. Firms are only as strong as their weakest user and device.
  • Technical controls — Strong controls around infrastructure and software are very important. Limiting access for users and groups based on their role within the organization greatly reduces the attack surface when a breach occurs. Ongoing vulnerability management is also a key component to ensuring device vulnerabilities are consistently remediated to limit breach exposure.
  • User awareness and training — Many of the breaches that we see lead back to human beings. A user clicks on a link in a phishing email which has a domino effect into a large-scale breach within an organization. Strong ongoing cyber training and awareness programs are important to the success of any business today. This includes phishing examinations in order to understand who the more vulnerable users on the network are and ensure they get the ongoing cyber training they need.
  • Business buy-in — Perhaps the most important item. Cybersecurity is part of management, operations, and technology. C Level and Senior Management understanding of this will allow firms to appropriately budget for cybersecurity systems and ongoing practices in order to stay compliant with regulations and keep up with best practices to combat threats and prevent breaches. Without this buy in, the cybersecurity program will be sub-par due to lack of focus and investment.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)

Communication is key. While we are communicating all day on our tech platforms, I find that people are not listening as closely as they could be. It is extremely valuable being able to consume information from other people in order to obtain perspective. If people would listen more, they would find it easier to solve even the most complex problems.

How can our readers further follow your work online?

As a security professional and advocate of privacy I am not present on most social media platforms. While social media platforms are extremely powerful communication tools there is also a flip side of the coin and dark side to extensive online presence. Under current regulatory and legal frameworks once information is out there it can never come back. The reach of social media platforms can go beyond our ability to imagine negative implications. I am present on LinkedIn as a professional network and my work can be also followed by following Drawbridge.

This was very inspiring and informative. Thank you so much for the time you spent with this interview!

    Share your comments below. Please read our commenting guidelines before posting. If you have a concern about a comment, report it here.

    You might also like...


    “Prepare for the worst”, With Jason Remillard and Dexter Caffey

    by Jason Remillard

    “Don’t get mad at other people for taking credit of your work”, With Jason Remilard and Julie Walleshauser of Avanan

    by Jason Remillard

    Christine Gadsby of BlackBerry: “It’s not enough for men to try and treat women ‘equal’”

    by Jason Remillard
    We use cookies on our site to give you the best experience possible. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Privacy Policy.