Tudor Damian
Cloud & Cybersecurity Advisor @ D3 Cyber
Cluj-Napoca, Romania
An IT consultant with more than 20 years of industry experience, Tudor is a Certified Ethical Hacker, and a Microsoft Cloud and Datacenter Management MVP. His commitment to staying at the forefront of technology trends enables him to provide valuable guidance and support to organizations seeking to navigate the ever-changing IT landscape. His passion for sharing knowledge and engaging with the community has made him a regular speaker at local and regional community events, where he aims to provide valuable insights and guidance to professionals and enthusiasts in the IT industry.
In terms of expertise, Cybersecurity Strategy and Cloud Governance both rank highly among Tudor’s core interests, helping organizations develop effective strategies to leverage the power of Cloud computing and secure their operations. He also focuses on IT Governance & Risk Management, Data Protection, Business Process Optimization, and Digital Transformation.
Awards
Area of Expertise
Topics
Crafting your Cybersecurity Strategy: Tips, Tricks, and Tales from the Trenches
Cybersecurity stands as one of today's top concerns for many organizations. While a lucky few may have the required expertise in-house, many still rely on external specialists to guide their cybersecurity endeavors, a thing which, in turn, tends to provide its own challenges.
Crafting an effective cybersecurity strategy involves assessing the organization's current posture, identifying potential risks, formulating comprehensive policies, ensuring staff are well-trained, responding to incidents, and maintaining adherence to compliance standards, among other tasks.
In this session, participants will delve into the foundational components of a robust cybersecurity strategy aligned with the organization's mission and vision. Through real-world examples, attendees will grasp how such strategies elevate an organization's cybersecurity maturity, improve its security posture, and fortify its resilience against potential threats.
Demystifying Zero Trust
"Never trust, always verify" is the core principle of the Zero Trust Model, a rising trend in the world of IT security. With more and more people working remotely, there's a growing need to adapt to the complexity of the new hybrid workplace and to protect the people, devices, and apps, wherever they're located. However, not all people and organizations are ready for the digital transformation and management complexity that "perimeterless" security might require.
Verifying everything explicitly (users, apps, devices), using a least-privilege access model, defining the proper context for policy compliance and device health, and applying an assume breach approach are all essential parts of the process. Join this session to find out everything about how Zero Trust architectures are designed to work, and how implementing (or not implementing) ZT might impact you and your organization.
Moving to the Cloud - the Good, the Bad and the Ugly
If at first the Cloud was generally looked upon with distrust, the last decade has showed a significant shift in perception, with people becoming more and more familiar with what the Cloud is and what it can do for them.
While many advantages and business benefits of the Cloud have been repeatedly proven, moving to the Cloud brings its own challenges in areas such as IT & Data Governance, Cybersecurity, Change Management, Cost Control & DevOps/ITOps. And, unfortunately, many of those challenges are discovered long after the Cloud adoption is completed, bringing along unplanned effort and costs.
The session will look at the most common obstacles one has to overcome after the decision to move to the Cloud has been made, the reasons as to why (and why NOT) move to the Cloud, the main items to look at and keep track of before and during the move, and of course what happens *after* the move to the Cloud is completed. Real-life examples included.
Governance, Security & Compliance in the Cloud
The payoff of successful Digital Transformation can be essential for companies engaged in highly-competitive markets. Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. However, when people talk about moving workloads to the Cloud, most times they just hear the technical mumbo-jumbo - IaaS, PaaS, SaaS, DevOps & automation, containers, and so on.
This session argues we should perhaps sit back for a bit and discuss the need to develop a coherent, long-term Cloud strategy, even before taking the first step towards a Cloud-centric or hybrid approach. In the end, it’s all about looking at the hows and whys of moving to the Cloud, planning a clear roadmap of your migration, and making sure that once you get there, you can sleep better at night knowing you’ve got everything under control.
Based on real-life projects and experience from recent years, this session provides a quick insight into the role that the Cloud plays within Digital Transformation initiatives, touching on challenges companies usually face when dealing with governance, security, change management & cost-control.
IT security in a post-COVID world
For a long time, IT Security has been a secondary topic for a lot of companies. More often than not, it only came to mind after an actual data breach or security incident, and was often overlooked otherwise. Over the years, things like WannaCry/Petya or GDPR compliance helped raise awareness a little bit, but those soon faded out as well.
However, the new "Low Touch Economy" emerging as a result of the COVID-19 pandemic could provide the jolt that IT Security needed for a long time. With a lot more people working remotely, the need to secure devices (laptops, phones, etc.), communication channels, as well as on-prem & Cloud infrastructure is now higher than ever before.
The global pressure on innovation and developing new business models to adapt to these changes is high. This session aims to address some of the major shifts and impacts of remote work by providing some ways to balance innovation and IT Security, while also touching on some of the ever-growing gaps in security incident detection and response.
You've just been hacked! Now what?
It's a time when assuming your systems and applications are "unhackable" is one of the biggest mistakes you could do. While most people still think that prevention and maintenance remain a top priority in protecting yourself, building a clear process around how you will respond to attacks and data breaches during and after their occurrence is something often overlooked, or simply ignored.
The past few years have brought along new vulnerabilities, exploits, and attack methods, as well as new data privacy requirements such as the GDPR. While all of these things require significant changes to any existing processes and tools, they mostly require a different approach when catering to people's IT security awareness.
Do you know how exposed you are when you're connecting to the hotel/restaurant/airport WiFi? Are you aware how fast clicking on a link can become a nightmare? Come down for a quick overview and live demos of some of the current cyber threats, especially as they pertain to social engineering vectors.
This session intends to bring the assume breach security posture into the spotlight. We'll be discussing recent trends in cybersecurity attacks (credential reuse, password spraying, insider attacks, 2FA-bypass, etc.) and look at the best ways to build your data breach incident response policy. Demos included.
Modern IT Risk Management
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives. With the emergence of the Cloud, IT Risk has suffered yet another radical transformation.
This session focuses on specific plans on how to implement IT Risk Management on every level of your company in a Cloud-enabled world.
Personal Security in a Post-Pandemic Age
Two years of global pandemic have brought along significant changes for people everywhere - starting with more flexible Remote Work policies and the challenges those policies bring along, all the way to new or emerging attack methods, techniques, and tools. Nation-state actors are more prevalent, and with global-scale conflicts slowly moving into the cyberspace field as well, misinformation is everywhere.
The line between personal and business use of devices also gets consistently blurrier, with people connecting to business assets from the comfort of their home or local coffee shop wifi. During these new "post-pandemic normal" times, protecting your sanity, your personal data, as well as your mobile/IoT devices is more important than ever.
Come check out this session if you want to find out more about recent cybersecurity trends & known attacks, as well as methods of protecting yourself and the people around you.
The NIS2 Directive: Europe's Response to Cyber Shenanigans
In a world where cyber threats constantly evolve, staying ahead is not just an option - it's a necessity. The EU's answer to this ever-changing digital landscape is a revamped cybersecurity directive, the NIS2, which might just be the most interesting thing to hit Europe since sliced baguettes. But what does this mean for you?
Join in as we demystify this directive, and see how it's changing the game, what it means for businesses, individuals, and yes, even the humble smart devices in our homes. Walk away with insights that'll make you the star of your next virtual hangout, and have your smart toaster nodding in approval (well, metaphorically).
Tudor Damian
Cloud & Cybersecurity Advisor @ D3 Cyber
Cluj-Napoca, Romania