Tomasz Romanowski

Job position: Security Consultant

1. What would you say if someone asks you who you are?

That I’m a security guy. That usually makes people fearfully watch whether their badge is visible and turn around to check whether their computer has screen locked up (more than once- it wasn’t). However, once inquired, I tend to tell more about what kind of security guy I’m, and I’m happy to tell more about my duties, which are far from just scaring people about non-compliance with security policies.

2. What is your role?

I’m Cyber Security Business Analyst, currently engaged in project that revolve around increasing market value of Capgemini Managed Shared Services and creating a specialized client portal with highlighted security risks and overall threat landscape. Other than that, I was also involved in Identity and Access Management (IAM) projects and security assessments for internal purposes.

3. What does the business analyst do?

Role of Security Business Analyst is to connect goals of the project with the needs of a client. Goal is to introduce changes to the situation as-is, which would decrease possibility of materializing risks on the side of the client. Usually, needs of a client are about ease of use and making their life less complicated while increasing their insight and possibilities. In such situation, Business Analyst need to present business benefit for clients or resource owners in applying our security solution, and understand their requirements and limitations. Therefore, like an old-school diplomat, Business Analyst need to merge strict technical security know-how with sales person convincing skills, to perform their task successfully.

4. What is the most challenging at your job?

to our solution or staying away from it, while their systems can make complicated mazes of dependencies which sometimes are not even well documented. Very good interviewing and reverse engineering skills are required, when resource owners are hesitant to cooperate and systems are, sometimes, quite a mess. Thankfully, such cases are extremely rare.

5. What sort of technologies do you use at your work?

For the purpose of Managed Security Services, we’re integrating a wide range of solutions, from IBM cutting edge security products, SIEM solutions to our own home brew Machine Learning algorithms. In previous project, we were working with RSA IAM solution but currently we’re also stretching out for other products as well  NetIQ, Azure AD, Ping Identity. One have to adapt to what our customers need and so do I. Secondly, we have all kinds of different software to work with raw data  notepad++, excel, Apache directory studio. Finally, some coding utilities such as Powershell, Python, SQL Developer.

6. Do you work remotely? If yes, how often?

Among things, I value highly in Capgemini, it’s company confidence in employees who are allowed to work remotely. Approximately 40-50% of time I work from my home office, where with the cup of tea my introvert mind can spread its wings and perform with 100% capacity.