Never assume anything, expect the unexpected
Maciej’s dream of having a cyber security job in an international environment has certainly come true. As head of Security Assessment Services in ING’s Global CISO team, he leads a squad of ‘white hackers’
The team safeguards ING’s worldwide security and is responsible for vulnerability management and testing cyber security of ING’s systems and business applications. While he definitely enjoys leading this team of smart, experienced and skilled hackers, Maciej is also always aware that an important task rests on their shoulders: “Our ultimate responsibility is to keep all our customers’ assets safe at all times. In order to do so, my team are continuously ‘hacking’ the bank. By trying to break in and find potential weaknesses in the systems, processes and apps, we’re constantly testing the bank’s resilience to cyber attacks.”
Vulnerability management
As part of the team’s vulnerability management role, the team is working with all ING’s cyber security, risk and technology communities to ensure that any detected vulnerabilities are immediately followed up to keep the bank secure. “We are continously working to improve our IT protection, securing ING’s reputation as a trusted financial organisation and keeping the bank compliant with regulations.”
“Actually, security bugs occur every day – in Windows computers and software, in Macs and in bigger business apps. Our day-to-day work entails detecting them, assessing the cyber risk and patching them. Sometimes, however, a potential vulnerability is more severe. Our role is to act upon that right away and ensure it is fully remediated in all the bank’s systems. Analysing vulnerabilities and design flaws, assessing threats and performing penetration testing all sounds thrilling, and I must admit it’s a great part of our job.”
A small community
The team are all pure techies, each with their own particular knowledge and skills. “The white hackers community as a whole isn’t that big, so we pretty much all know each other. This kind of work is not for everyone. To become a decent hacker, you have to enjoy exploring and diving deep into the details, and be a problem solver who thrives on an intellectual challenge. And of course you must be very tech-savvy and keep your coding and hacking skills constantly up to date. Then it’s all about practice or, as the seniors in my team tend to say to the youngsters, ‘If it didn’t work, just try harder’.”
No scenario is impossible
Maciej can’t imagine liking any other job more. “I feel that as a team we’re doing good and important work for the bank, our customers and society as a whole. I love the multi-disciplinarity of our work. Cyber security is about technology, business, big finance and there’s also a lot of creativity involved. We think of possible attack scenarios and anticipate them, and I’ve learned that no scenario is ever impossible. Therefore, we never assume anything; we always expect the unexpected!”
About Maciej
- Graduated in computer science
- Worked as a network security expert and was also a university lecturer in network security
- Joined ING in 2010. He was Chief Information Security Officer of ING Poland before moving into his current role in October 2022.
- Reads a lot about security and tries to stay up to date with technology
- Is a husband and father
- Is also an aircraft pilot. “Aviation involves tech, security and continuous improvement, so it’s right up my alley.”