Name: Paul-Arnaud Wernert
Title: Senior Manager, Cyber Risk & Security
Location: Paris, France
Years in IT: 13
Years in cybersecurity: 13
Cybersecurity certifications: CISSP
How did you decide upon a career in cybersecurity?
I started to be interested in cybersecurity during my engineering studies. I led a team of students to perform an organizational and technical security audit of the network of a French public company. This was the first experience for me to understand one context, identify its threats and assess associated risks, then explain to the management these risks and the way to mitigate them. After this project, I decided to keep working on cybersecurity topics, up to now!
Why did you get your CISSP®?
First I wanted to refresh and extend my knowledge in cybersecurity topics that I do not have the opportunity to use in my work. Then I wanted to facilitate opportunities which can be offered by CISSP to work with security experts all around the world.
What is a typical day like for you?
"Typical" is a word I do not know in my work! This is "typical" from consultant… I have the chance to work for many different customers at the same time, and managing consultants in my customer’s environments. Usually we frame methodology adapted to their context, define the security target to achieve, help customers to obtain validation from sponsors, and then deploy the methodology which helps improve their security maturity level. This is a constant intellectual exercise to understand the risk specificities within my customers’ context and propose them challenging security solutions.
Can you tell us about a personal career highlight?
I had the opportunity to work on one of the most significant oil and gas projects which aimed to extract and process gas offshore, then transform it into liquid gas onshore. With our team, we have been able to identify the main security risks on each platform (offshoring, onshoring). The main IT challenge was to define security policy to cover identified risks, and check its implementation on all IT systems, which were built worldwide by average 100 package vendors, then assembled in Asia. The 2nd challenge was to drive these security aspects from Paris. We worked with 100 different vendors worldwide with their own specificities and culture and we had to adapt to them every day! It gave us a great opportunity to travel and visit them all around the world.
How has the CISSP certification helped you in your career?
I have been certified for only a few months, but I can already observe that people who are looking for security professional are trying to get contact with my profile even more than before, and from all over the world!
What is the most useful advice you have for other cybersecurity professionals?
Security matters concern everyone, in every business. But each business has its specifications which need to be addressed differently. In my view, the most important is to understand the business we need to secure. This is the only way to properly assess associated risks and address them correctly. Thus it is possible to think about and deploy adapted security solutions which will secure and also optimize the business in the good way!
Aspiring to be a CISSP? Download the Ultimate Guide to the CISSP.