The Deputy Director of Technology, Services and Cybersecurity of the AOC, Ruben Cortes, participated in the GITEX Africa Congress, an event that is part of GITEX Global in Dubai that has 350.000 visitors annually. The current edition was held in Marrakech where nearly 45.000 people, 1450 companies and startups and 700 international experts were able to connect and analyze topics such as artificial intelligence, infrastructure and connectivity, Fintech and the global economy, cybersecurity, sustainability and health.
Rubén Cortés participated in two round tables; in the table “Cybersecurity cooperation today and tomorrow: means, gaps and ways forward", Rubén Cortés explained the role of the AOC in Catalonia as a prominent actor promoting collaboration between the different Catalan and state governments and administrations, as well as public-private collaboration. The AOC, with the creation and promotion of shared services of different types, and with the support of different organizations, has created a digital administration ecosystem that is unique worldwide and that is achieving that different levels of administration regardless of their size or the resources they have use the AOC's services.
In the field of cybersecurity, the AOC's commitment is clear: cybersecurity governance is a strategic element for administrations and companies, and state regulation with the different national frameworks help to establish order and start a path that is not easy but that must be followed. So is the public cloud as an accelerating element, transforming services and not just migrating them, and with public-private agreements that allow administrations to operate with the maximum talent that the market makes available.
At AOC we are clear that we must be an example and must be certified at the highest level in the ENS, and this year we will extend our current certifications in three services to the rest of the platform.
With cybersecurity as a strategic element, the AOC collaborates with the leadership of the Catalan Cybersecurity Agency to help those organizations in the local world that have fewer resources and that alone cannot assume the costs derived from the implementation of cybersecurity governance.
In the second round table "Zero Trust for critical infrastructure in an AI-Powered threat landscape", integrated into the awards session for people from the region recognized for their work in the fields of cybersecurity and artificial intelligence, Rubén Cortés highlighted some key aspects: how regulation can help govern cybersecurity with AI as a threat but also as an advanced protection tool that can save costs in aspects such as monitoring and screening of events in SOCs.
There are many regulations worldwide, a multinational company must face different regulations from each country, which although they have things in common always have some particular aspect that makes them costly. In this sense in Europe, a good initiative such as the NIS2 directive becomes an example of this model, where some baselines are established but then each member country must make its own law that will have its own particularities and that will have to be implemented compulsorily, whether the companies are directly affected or if they are part of the supply chain of those that are.
Faced with this complex scenario, Rubén Cortés encourages companies and public institutions to prioritize what is most critical and begin working with small steps that will gradually extend the cybersecurity culture to both workers and management levels who must change their vision and see cybersecurity not as an expense, but as an opportunity to be more competitive.
In this sense, and with the presence of artificial intelligence and Zero Trust architectures, Rubén Cortés highlighted the importance of implementing Zero Trust architectures but without losing sight of the need to be prepared for when an incident occurs. An incident that with the presence of “shadow AI” can come from vectors that were previously unknown, and that once again put the person at the center of everything. Highlighting once again the importance of raising awareness and educating people, so that beyond prohibiting, they are aware of the threats that what they do in their daily work with AI can have.
