Tudor Damian
Microsoft Cloud & Datacenter Management MVP, Certified Ethical Hacker
Cluj-Napoca, Romania
As an IT consultant with more than 20 years of industry experience, Tudor is a Certified Ethical Hacker, a Microsoft Cloud and Datacenter Management MVP, and a regular speaker at local and regional community events.
His current areas of focus revolve around Cloud Strategy, Cybersecurity, GDPR, IT Governance & Risk Management, Data Protection, Systems & Network Administration, Business Continuity & Disaster Recovery, Business Process Optimization, and Digital Transformation.
He is also one of the founders and organizers of the ITCamp conference in Romania (itcamp.ro), designed to bring together tens of awesome speakers and hundreds of attendees every year.
Awards
Area of Expertise
Topics
Tips for finding a Virtual CISO and creating a Cybersecurity Strategy
Cybersecurity is one of the most critical challenges facing organizations today. However, not every organization has the resources or expertise to hire a full-time Chief Information Security Officer (CISO) to oversee its cybersecurity strategy and operations.
A virtual CISO (vCISO) is an alternative solution that provides access to experienced and qualified cybersecurity professionals on demand. A vCISO can help organizations assess their current cybersecurity posture, identify and prioritize risks, develop and implement policies and procedures, train staff, monitor compliance, respond to incidents, and more.
But how do you choose the right vCISO for your organization? And how do you ensure that your vCISO aligns with your business goals and objectives? In this session, you will learn about the best practices of choosing a vCISO and building a coherent cybersecurity strategy that supports your organization's mission and vision. You will also hear from real-world examples of how a vCISOs can help organizations improve their cybersecurity maturity and resilience.
Demystifying Zero Trust
"Never trust, always verify" is the core principle of the Zero Trust Model, a rising trend in the world of IT security. With more and more people working remotely, there's a growing need to adapt to the complexity of the new hybrid workplace and to protect the people, devices, and apps, wherever they're located. However, not all people and organizations are ready for the digital transformation and management complexity that "perimeterless" security might require.
Verifying everything explicitly (users, apps, devices), using a least-privilege access model, defining the proper context for policy compliance and device health, and applying an assume breach approach are all essential parts of the process. Join this session to find out everything about how Zero Trust architectures are designed to work, and how implementing (or not implementing) ZT might impact you and your organization.
Moving to the Cloud - the Good, the Bad and the Ugly
If at first the Cloud was generally looked upon with distrust, the last decade has showed a significant shift in perception, with people becoming more and more familiar with what the Cloud is and what it can do for them.
While many advantages and business benefits of the Cloud have been repeatedly proven, moving to the Cloud brings its own challenges in areas such as IT & Data Governance, Cybersecurity, Change Management, Cost Control & DevOps/ITOps. And, unfortunately, many of those challenges are discovered long after the Cloud adoption is completed, bringing along unplanned effort and costs.
The session will look at the most common obstacles one has to overcome after the decision to move to the Cloud has been made, the reasons as to why (and why NOT) move to the Cloud, the main items to look at and keep track of before and during the move, and of course what happens *after* the move to the Cloud is completed. Real-life examples included.
Governance, Security & Compliance in the Cloud
The payoff of successful Digital Transformation can be essential for companies engaged in highly-competitive markets. Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. However, when people talk about moving workloads to the Cloud, most times they just hear the technical mumbo-jumbo - IaaS, PaaS, SaaS, DevOps & automation, containers, and so on.
This session argues we should perhaps sit back for a bit and discuss the need to develop a coherent, long-term Cloud strategy, even before taking the first step towards a Cloud-centric or hybrid approach. In the end, it’s all about looking at the hows and whys of moving to the Cloud, planning a clear roadmap of your migration, and making sure that once you get there, you can sleep better at night knowing you’ve got everything under control.
Based on real-life projects and experience from recent years, this session provides a quick insight into the role that the Cloud plays within Digital Transformation initiatives, touching on challenges companies usually face when dealing with governance, security, change management & cost-control.
IT security in a post-COVID world
For a long time, IT Security has been a secondary topic for a lot of companies. More often than not, it only came to mind after an actual data breach or security incident, and was often overlooked otherwise. Over the years, things like WannaCry/Petya or GDPR compliance helped raise awareness a little bit, but those soon faded out as well.
However, the new "Low Touch Economy" emerging as a result of the COVID-19 pandemic could provide the jolt that IT Security needed for a long time. With a lot more people working remotely, the need to secure devices (laptops, phones, etc.), communication channels, as well as on-prem & Cloud infrastructure is now higher than ever before.
The global pressure on innovation and developing new business models to adapt to these changes is high. This session aims to address some of the major shifts and impacts of remote work by providing some ways to balance innovation and IT Security, while also touching on some of the ever-growing gaps in security incident detection and response.
You've just been hacked! Now what?
It's a time when assuming your systems and applications are "unhackable" is one of the biggest mistakes you could do. While most people still think that prevention and maintenance remain a top priority in protecting yourself, building a clear process around how you will respond to attacks and data breaches during and after their occurrence is something often overlooked, or simply ignored.
The past few years have brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness.
Do you know how exposed you are when you're connecting to the hotel/restaurant/airport WiFi? Are you aware how fast clicking on a link can become a nightmare? Come down for a quick overview and live demos of some of the current cyber threats, especially as they pertain to social engineering vectors.
This session intends to bring the assume breach security posture into the spotlight. We'll be discussing recent trends in cybersecurity attacks (credential reuse, password spraying, insider attacks, 2FA-bypass, etc.) and look at the best ways to build your data breach incident response policy. Demos included.
Modern IT Risk Management
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives. With the emergence of the Cloud, IT Risk has suffered yet another radical transformation.
This session focuses on specific plans on how to implement IT Risk Management on every level of your company in a Cloud-enabled world.
Personal Security in a Post-Pandemic Age
Two years of global pandemic have brought along significant changes for people everywhere - starting with more flexible Remote Work policies and the challenges those policies bring along, all the way to new or emerging attack methods, techniques, and tools. Nation-state actors are more prevalent, and with global-scale conflicts slowly moving into the cyberspace field as well, misinformation is everywhere.
The line between personal and business use of devices also gets consistently blurrier, with people connecting to business assets from the comfort of their home or local coffee shop wifi. During these new "post-pandemic normal" times, protecting your sanity, your personal data, as well as your mobile/IoT devices is more important than ever.
Come check out this session if you want to find out more about recent cybersecurity trends & known attacks, as well as methods of protecting yourself and the people around you.
Tudor Damian
Microsoft Cloud & Datacenter Management MVP, Certified Ethical Hacker
Cluj-Napoca, Romania