Max Imbiel is a seasoned Cyber Security expert and the driving force behind “ahead Security”, specializing in comprehensive consulting, large event speaking engagements and bespoke training programs aimed at bolstering cyber resilience and compliance. His illustrious career began in IT and software development, leading to roles in software engineering, IT management, and security architecture across various industries, including aerospace, e-commerce, automotive, and banking. Max’s notable leadership roles include Head of Security Architecture at Sky Deutschland, Deputy CISO at UniCredit Bank AG and Deputy CISO at N26. Currently, as CISO at Bitpanda, he leverages his vast experience to ensure unparalleled security and regulatory compliance for the fintech’s cutting-edge blockchain and crypto-broker technology and operations.
Max Imbiel is dedicated to advancing cyber resilience and security excellence. He excels in crafting secure solutions, managing security teams, and fostering collaboration with stakeholders at all levels. His broad experience across industries enables him to spearhead successful security projects, advocate for security awareness, and champion a culture of security. His expertise also extends to engaging effectively with top-level management, providing strategic insights, and ensuring alignment with organizational security goals.
Recently, in an exclusive interview with Digital First Magazine, Max shared his insights on the evolution of the cybersecurity landscape over the last five years, his approach to creating a culture of experimentation and innovation within his teams, significant career milestones, future plans, words of wisdom, and much more The following excerpts are taken from the interview.
According to you, how has the cybersecurity landscape changed over the last five years?
Over the last five years, we have seen a substantial change in the cybersecurity landscape in terms of efficiency and effectivity of vulnerability exploitations as well as the drastic speed of new technologies and onboardings of outsourced IT solutions. So, Security teams and leaders had to change their view on just their own business and technology stack into the supply chain of all internal and external partners. So, Security had to mature and grow up into a business supporting structure in a challenging short time, to not be considered the typical blocker due to Security misalignments but an enabler for a sustainable and resilient business. This is also showcased in how much we as Security professionals are now connected across companies and industries to share and collaborate on current and future Security topics, from current vulnerabilities and IoCs to Zero-Trust initiatives and lessons-learned from successful implementations.
What do you love the most about your current role?
I love most about my role that I am interacting and collaborating with basically all areas and teams within the company. In my opinion this is also the only possible path for a successful CISO as we cannot only be considered as the stronghold for the company’s treasures but must be part of the group that is being actively reached out to and asked for feedback and insights on future innovations and developments for the business and IT strategy.
In your opinion, what should CISOs and businesses do to take advantage of recent technology evolutions?
In my opinion the most important thing to do, to take advantage of recent technology evolutions, is to embrace these evolutions and not to close yourself off from them. As my distinguished and knowledgeable colleague Jaanika Merilo once said during a keynote on the hybrid warfare in Ukraine: “You have to embrace new and emerging technologies, or they will be used against you and potentially kill you.” I strongly believe this holds true not only in the area of actual warfare but also on our day-to-day Cyber Security field. The rise of AI is increasing the speed and sophistication of attacks, so we also have to counter these by also leveraging AI in our defense and prevention measures.
Given your vast years of experience as a cyber security expert, what are the main cyber security related challenges that executives face when it comes to embracing new technologies for their business?
Still to this day I believe the main challenge executives face in terms of Security when they want to embrace new technologies for their business is that Security is either not considered in the process or way too late. The shift-left movement has helped us a lot in being part of the development and operations processes way earlier then in the typical last control check before some new tech should go live. But what is still missing a lot is having Security already in the decision-making process for new technologies or partnerships, where we can highly support in making the risks and opportunities for these moves transparent and provide the leadership with an understandable and comprehensible decision-making template.
As a leader, what approaches do you use to create a culture of experimentation and innovation within your team?
My approach to a culture of experimentation and innovation within my teams is by providing them with enough support and backup to try out new things and see if they would be of an advantage for us. And I’m also always conveying that to be innovative and to experiment you will also fail. Which is not a bad thing, because you learn what does not work and you can go further from there. This of course is only possible by showing them that if they fail and it might even have a negative impact on the business, they will not be punished.
What has been the most fulfilling part of your career?
My most fulfilling part of my career is most definitely seeing how our Security efforts provide benefit for the business of the company and how it is recognized by the business. A concrete example is the implementation of a DDoS solution which also covered bot protection and then seeing how it has enabled the business to stay alive during an enormous malicious botnet attack. Our business was still completely available, and we could still serve our customers’ service. The C-level actually recognized these efforts and thanked the Security teams in person, which I believe was a substantial boost for our talent retainment.
In your words, tell us the leadership skills that everyone should learn?
Listen, listen, listen. A good listener will most certainly be a good manager, thanks to the information they have gained while listening to their counterparties. Also, someone who is able to listen is often considered a trusted companion and trust is the cornerstone of good leadership. If you then can also use the things, you learned while listening and put them into beneficial actions for the company you will be considered a good leader and mentor.
What is that one thing which motivates you to become better and better every day?
To become better and better every day is definitely a mantra I am inheriting not only in my professional but also my private life. I want to be a good example for my family, my kids, friends and co-workers that to be a good human you have to improve yourself every day. And I also want to keep up with my peers so there is also some competitive behavior to it that drives me.
Where do you see yourself in the next 5 years?
I hope that within the next five years, I can further support the Security community and our network to grow stronger and more connected and to learn from another more. I would also love to see our Security field being way more integrated and lived in the daily lives of all people and the daily business of all companies. Where I am personally at that time, I am totally open, and I am really looking forward to what surprises and challenges are upon my path until then.
What is a piece of career advice you have been given that you would pass on to others?
Stay hungry, stay vigilant. Do not blindly accept but challenge the status quo and try to improve the lives of the people around you and yourself.