"CST Academy enables me to bring knowledge to where it is needed."

16. August 2021

Three years ago today, the CST Academy conference space in Neu-Isenburg was officially inaugurated. This was an important milestone, because thenceforward there was a place where cyber security experts of all kinds can meet, exchange and network. Together with Mareike Gass, Head of CST Academy, we reflected on the last three years:

Mareike, for you, too, it's been 3 years in and with the CST Academy: What was your highlight?

Mareike Gass: My highlight is and remains the fact that I have met so many people who sincerely care about making the world a safer place. I'm aware that this sounds like an advertising slogan - given that I work in marketing myself. But I am honestly continually amazed by the willingness, commitment and inventiveness of the cyber security community to share their knowledge and come together. Manfred Tubach stated in the mission of the CST Academy "from the insecurity of the individual to more security in the knowledge community". That is exactly what I get to experience here. And I'm talking about colleagues from usd, as well as dedicated guest speakers from industry and academia, cooperation partners from politics and education, and especially the young experts at our student events. The CST Academy enables me to bring all these people together and to bring this knowledge to where it is needed. That's my highlight - closely followed, of course, by the CST Academy roof terrace in the summer. (laughs)

Can you compare the CST Academy from 3 years ago to the one today?

MG: Absolutely not. Each of the 3 years was more exciting than the previous one. Opening the conference space was just the beginning. We created an expanded range of events, trainings, workshops and seminars. This has resulted in a great list of seminars and trainings, both for the individual, but also for the whole company and its employees, which we expand continually. We have worked on our appearance in order to become better known and thus to reach an even greater number of people with the mission. An important decision 2 years ago was also to start targeting online formats to share knowledge and news with an international audience. We were able to establish great cooperations with universities and government agencies. Then something happened that no one could have predicted: a worldwide pandemic, which meant that events of any kind were out of the question for a while.

In the last 1.5 years, face-to-face events have come to a complete standstill. How has this affected the CST Academy?

MG: Most of the schedule for 2020 was in place: Secure Coding and ISMS seminars, Hacking Nights, PCI Best Practice Workshop, Cyber Security Forums, university lectureships, and more. All of these events were designed to bring people together face-to-face. To be honest, it was a weird moment when we realized at the end of March that this won't be happening. But at that very moment, we made the decision: Then we'll just switch to doing it remotely. Even before the pandemic, we had successfully organized our first webinars, so all types of events were checked for their online applicability, then reorganized and re-advertised. We held more free webinars in order to continue sharing our knowledge. I thank everyone who helped make this possible. I think we did a great job together. It was also a good exercise and learning for some events, as we will maintain many online formats after Corona to further align ourselves internationally and allow more people to participate in our events. We have already made this decision for the PCI Best Practice Workshop, for example.

CST Academy's commitment goes beyond the events. Can you tell us more about that?

MG: Of course, the usd and CST Academy events are very present in the promotion, but there is much more going on. Cooperation is an important part of our mission. We work very closely with universities in the Rhine-Main area and North Rhine-Westphalia and are involved in lectures, guest lectures, workshops or, for example, we have already held the so-called Hacker Contest at the TU Darmstadt several times. Last year, we made the decision to become more involved in the Federal Office for Information Security's Allianz für Cyber-Sicherheit, not only as a participant, but from now on also as a partner. Each year, we offer a couple of free spots on our technical seminars in order to enable small and medium-sized companies to receive professional training on important cyber security topics. Some of my usd colleagues are also involved in specialist groups of ISACA, which we are also happy to welcome to our CST Academy premises in Neu-Isenburg. My PCI colleagues are active in the PCI SSC Global Executive Assessor Roundtable (GEAR). My colleague Tobias Neitzel from the usd HeroLab even presented a tool at Black Hat this year. We also actively encourage the exchange of knowledge within usd, for example at our monthly usd Hero Nights.

Mareike, what do you envision the CST Academy being like in 3 years?

MG: Think big. Webinars and events with leading national and international cyber security experts. A huge community. Conferences on the scale of the Chaos Communication Congress. I can continue the list indefinitely. However, as a first step, I would be happy to see some life returning to the CST Academy premises. Even though I said that online events will remain part of our portfolio, networking and exchange naturally thrives on face-to-face interaction. A focus for the next few years is also to enter into more great strategic partnerships and cooperations. We are not the only ones with knowledge and who have built up a community; together we can achieve much more.

The current events of the CST Academy can be found here. Alternatively, you can use the rooms of the CST Academy for your own cyber security events.

Also interesting:

DORA Deep Dive: Threat-Led Penetration Testing (TLPT)

DORA Deep Dive: Threat-Led Penetration Testing (TLPT)

The Digital Operational Resilience Act (DORA) will apply as of January 17, 2025. In addition to routine operational resilience testing, DORA will also make it mandatory for certain financial companies to carry out threat-led penetration testing (TLPT) every three...

Security Advisory on Gambio

Security Advisory on Gambio

The pentest professionals at usd HeroLab examined the online shop software Gambio during their pentests. The software offers merchants various functions that support the management of inventory and orders. Our professionals discovered a vulnerability in the password...