What are the different types of cyber security assessments? Why do companies undergo such security assessments? And how exactly does it work? Nico Fechtner and Merten Nagel from usd AG answered these and other questions as part of their guest lecture "Cyber Security Assessments in Practice" at the Technical University of Munich. They explained which legal provisions and regulatory requirements are essential for a large number of companies when it comes to cyber security. Using practical examples, they presented security audits and penetration tests to the students, focusing on network security issues. In a live demonstration, the students were also given insights into the tools that penetration testers use every day for their security analyses. Under the motto "Secure or not secure, that is the question", they puzzled over real security issues from practice and proved what they had already learned.
Everything is built on passion
Our colleagues welcome every opportunity to share their day-to-day work as penetration testers, security consultants or auditors at German universities. "Of course, we hope to awaken or strengthen students' passion for cyber security," says Nico Fechtner. "Many are already very interested, but have little idea what cyber security actually looks like in practice. That's why we always bring concrete examples and scenarios from our daily work. As a guide and a little nudge in the direction of more security."
And of course, the presentation also provided answers for all those who are now pondering the question: What should I bring to the table if I want to become a cyber security auditor or penetration tester myself? "Even if it sounds a bit like a cliché: First and foremost, an interest in and passion for the subject," says Merten Nagel. "Because in our field, we constantly have to deal with new technical developments and threats and keep up to date. Technical expertise, industry certifications and a knack for dealing with people are of course also essential - but all of this can be built on a genuine interest in cyber security."