Email Security & Protection , Fraud Management & Cybercrime , Video

Increasing Your Cyber Maturity Level on a Limited Budget

CISO Marcin Szczepanik on Culture, Tools and How to Benchmark Maturity
Marcin Szczepanik, CISO and data protection officer, Essar Oil

CISO Marcin Szczepanik recalls the day, not so long ago, when his team's budget was cut dramatically after the onset of the pandemic. His organization, U.K.-based Essar Oil, which supplies fuel to the aviation sector, lost the majority of its revenue as the airline traffic fell to a near standstill.

See Also: Report: The State of Cloud Data Security 2023

Szczepanik says he needed to modernize security systems but knew he couldn't invest in "state-of-the-art, AI-driven tools" because there was no budget available. "People became my defense. Not the tools, not the heavy investment," he says.

He prioritized the company's needs and invested much of his time in training, cybersecurity awareness and revamping the company's incident response plan to guard against rampant ransomware activity. Yet he determined that he couldn’t compromise on email security. "Email is still 90% responsible for all your attack vectors," he says. "So, we did quite significant work on upgrading our email security."

In addition to investing in software, he and his team worked with the business unit to review every security policy and identify potential areas of compromise. These initiatives helped Szczepanik improve the company's level of cyber maturity - even on a budget.

In this video interview with Information Security Media Group, Szczepanik discusses:

  • What his extensive experience in the oil industry taught him about making the most of limited resources;
  • How to prioritize technology investments on a budget;
  • Developing and measuring the maturity of cybersecurity programs.

Szczepanik leads security and data protection at Essar Oil. He draws upon OT and IT experience from a variety of industries including energy, automotive, retail, chemical, utilities, nuclear, manufacturing and recruitment. Szczepanik says his passion for technology comes from dealing with people and life's challenges. His favorite quote is, "If you think the problem can be solved by technology, then you probably don't understand the problem."


About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.