Secure or Not Secure, That Is the Question: “Cyber Security Assessments in Practice” at TU Munich

1. February 2024

Events & Community | News | PCI News | Pentests & Security Analyses | Security Audits

What are the different types of cyber security assessments? Why do companies undergo such security assessments? And how exactly does it work? Nico Fechtner and Merten Nagel from usd AG answered these and other questions as part of their guest lecture "Cyber Security Assessments in Practice" at the Technical University of Munich. They explained which legal provisions and regulatory requirements are essential for a large number of companies when it comes to cyber security. Using practical examples, they presented security audits and penetration tests to the students, focusing on network security issues. In a live demonstration, the students were also given insights into the tools that penetration testers use every day for their security analyses. Under the motto "Secure or not secure, that is the question", they puzzled over real security issues from practice and proved what they had already learned.

*Merten Nagel gave a live demonstration of penetration testing tools*

Everything is built on passion

Our colleagues welcome every opportunity to share their day-to-day work as penetration testers, security consultants or auditors at German universities. "Of course, we hope to awaken or strengthen students' passion for cyber security," says Nico Fechtner. "Many are already very interested, but have little idea what cyber security actually looks like in practice. That's why we always bring concrete examples and scenarios from our daily work. As a guide and a little nudge in the direction of more security."

And of course, the presentation also provided answers for all those who are now pondering the question: What should I bring to the table if I want to become a cyber security auditor or penetration tester myself? "Even if it sounds a bit like a cliché: First and foremost, an interest in and passion for the subject," says Merten Nagel. "Because in our field, we constantly have to deal with new technical developments and threats and keep up to date. Technical expertise, industry certifications and a knack for dealing with people are of course also essential - but all of this can be built on a genuine interest in cyber security."

Also interesting:

What Does “Periodically” Actually Mean? PCI DSS v4.0 Specifies Timeframes

Apr 26, 2024

“Promptly”, “quarterly”, “periodically”: Many PCI DSS requirements demand that measures be implemented within a specified timeframe. While version v3.2.1 of the PCI DSS left some room for interpretation here, version v4.0 contains specific explanations for the first...

Information Security in Third-Party Risk Management: How to Set Up a TPRM Program

Apr 24, 2024

Companies often work with a large number of service providers in order to be able to concentrate on their core business or save costs. For this to succeed, companies must grant their service providers access (digital and analog) to their company assets. This opening...

Break Down Prejudices, Empower Women. We Participate in Girls'Day 2024

Apr 22, 2024

Approximately a quarter of our usd Heroes are female. Even though that is above the average for our industry, we are convinced that there is still room for improvement. That is why we are taking part in Girls'Day again this year. On this day, girls can gain an insight...

Secure or Not Secure, That Is the Question: “Cyber Security Assessments in Practice” at TU Munich

Everything is built on passion

Also interesting:

What Does “Periodically” Actually Mean? PCI DSS v4.0 Specifies Timeframes

Information Security in Third-Party Risk Management: How to Set Up a TPRM Program

Categories

Categories

usd AG

News

What Does “Periodically” Actually Mean? PCI DSS v4.0 Specifies Timeframes

Information Security in Third-Party Risk Management: How to Set Up a TPRM Program

Follow Us