Meet: CISO Stefan
Who are the people behind our healthcare IT solutions? We'd love to introduce them to you! This time, it's CISO Stefan's turn.
Name: Stefan van Bremen
Role: Chief Information Security Officer (CISO)
Time at CODE24: 8,5 years
Hobbies: playing bass in his band Crayons, listening to all kinds of music (“from Social Distortion to the Rolling Stones”), tinkering with motorcycles and riding them.
“Developing our organisation in terms of security is actually a bit like tinkering with motorcycles- you shouldn't just start doing stuff, you should take well-informed steps. It's not about changing things - it's about making things better.”
Hey Stefan! What is your job at CODE24 like?
“Put very dryly: compliance with procedures, shaping policies and information security practices and implementing standards. In practice, this means all kinds of things: I draft policy documents, ensure that awareness of information security is and remains high within our team, act as a sparring partner for our developers and management and handle incident reports.
That I get to do all this for a healthcare IT company is a nice bonus - I do like to contribute something to society, even indirectly.”
WHAT DOES AN AVERAGE WORK DAY LOOK LIKE FOR YOU?
“I used to be a consultant - this means you are usually reactive, while as a CISO I largely manage my own schedule. You still have a relatively large amount of freedom to set policy as you see fit. Of course, you have to deal with standards and guidelines - especially in healthcare - but there are many flavours within those. All of this also leads to the fact that no day is the same.
Of course, there are things that recur periodically, such as the audits, handling incident reports and performing checks.”
What skills are most important for your role?
“You must be a bit of a nitpicker, haha! No, but all kidding aside, a certain amount of detail orientedness certainly helps. Ultimately, it's about formulating rules to be followed. You also have to be able to bring the standards, which are often quite broadly formulated, into practice within an organisation like ours, without it becoming a paper tiger.
You also have to be able to plan, keep an overview... And think a bit long-term. What are we actually doing here? How is the policy supporting that?”
What do you like best about your job?
“I actually quite like rules. Rules give structure and clarity, frameworks within which you can improve. I think that is ultimately the core of what makes me happy: seeing that we are really improving our operations. That gives me satisfaction, making progress feels nice. I also find audit periods really super cool. Then you can see clearly what we have all improved on in a year's time - often quite a lot!
I also find information security really fascinating - technical developments are moving fast, which also brings risks. People can find incredibly inventive ways to abuse the possibilities! We need to stay on our toes about that and I find that extremely interesting.”
What would you like to achieve?
“I am a CISO with a fairly technical bent. I have a background as a software consultant and I studied Business Informatics. I do want to grow on the less technical side, I think - policy documentation, organisational sensitivity, that sort of thing.
I also really see possibilities to set up a broader Security Team - after all, the importance of security in IT is only growing.”
What should people know about CODE24, according to you?
“Everyone is equal. Management sits ‘next to us’ - literally and figuratively, haha! We are not very hierarchical as a company - everyone is approachable and people are open to receive feedback. I personally find that very pleasant.”