Florian Hansemann’s journey from a gamer to a renowned cybersecurity expert is nothing short of fascinating. Initially aspiring to be a submarine commander, Hansemann’s career took a turn when he joined the German army and later studied aerospace engineering. However, it was his passion for IT security that truly defined his professional path. After transitioning to a land-based job in security management, Hansemann began live hacking and gained recognition for discovering over 30 zero-day vulnerabilities.
Today, Hansemann is a prominent figure in the cybersecurity community, with 75,000 followers on platforms like X. He has been acknowledged as one of the top global red team and security sources by Techbeacon and SentinelOne. His company serves a diverse clientele, from Swiss cheese dairies to defense companies, showcasing his versatile expertise.
At a recent DACH CompTIA Community meeting in Munich, Hansemann shared his insights on the current IT security landscape in Germany. He highlighted two major issues: the lack of understanding of IT security’s importance among managing directors and the overwhelming complexity of modern security solutions. Many businesses, he noted, view IT security as a mere cost center rather than a critical investment. This mindset has led to underinvestment in essential security measures, despite significant revenue growth from automation and rationalization.
Hansemann emphasized the need for businesses to focus on fundamental security practices like patch and asset management before getting distracted by buzzwords like AI and blockchain. He likened this to building a house, where the foundation must be laid before the roof. Without a solid foundation, advanced security measures are ineffective.
He also criticized the NIS2 directive for its vague guidelines and potential for personal liability of managing directors. Hansemann called for better collaboration between politicians and cybersecurity experts to develop practical and effective legislation.
In conclusion, Hansemann’s message is clear: prioritize the basics, invest in fundamental security measures, and build a network of trusted service providers. Only then can businesses effectively navigate the complex landscape of modern cybersecurity.