What are your main responsibilities? What does a typical day/week look like for you?
As Chief Information Security Officer (CISO), my main responsibilities fall into three areas:
First is Security Strategy. Developing and maintaining our own long-term strategy to strengthen Aignostics’ overall security posture, while aligning it with key regulatory and compliance frameworks like ISO 27001, NIS2, the EU AI Act, GDPR, HIPAA, and others. I work with our CEO and CTO on this and update the board regularly. My ultimate goal is to provide a secure and privacy-preserving offering to our customers while we innovate and execute our business model.
Second is Security Tactics. Directing and overseeing our day-to-day efforts like providing security guidance for project teams, vulnerability management, due diligence with external partners, penetration tests, awareness training, and threat modeling. We support teams in building secure projects from the ground up, starting right at the design phase.
Third, I'm also the Data Protection coordinator, handling GDPR aspects across the company.
Our department goals follow three key pillars: security by design, compliance-centric operations, and privacy by design.
In terms of what does a typical week look like? Well, it really depends on the type of week. Audit weeks are a different beast altogether. It’s pure preparation mode. I’m deep into reviewing infrastructure, gathering evidence, coordinating with stakeholders, and combing through documentation. Regular weeks are relatively more chill with a mix of operations and longer-term security initiatives.
My mornings usually start with a bit of training to get the brain going, followed by a couple of quick online chess games (win or lose, it’s part of the ritual), then breakfast before diving into work. During the day, I spend a lot of time engaging with other teams, collaborating with my own, and sometimes working with external clients. By the evening, my guitar is usually within reach. I like to squeeze in some practice, especially ahead of weekend band sessions. It feels like a good creative reset after a technical day.
What is a recent challenge that your team overcame or a problem that you solved that you're particularly proud of?
Recently as a company, we underwent our ISO/IEC 27001:2022 recertification audit. Unlike our usual 2-day surveillance audits, this was a full 4-day audit, giving auditors 96 hours to dig through everything. To make it more challenging, we were being audited against the updated 2022 standard, which introduces several new requirements compared to the previous version.
This was truly a company-wide effort. I worked closely with team leads across the organization, running internal checks like a physical office inspection, system checks, etc. The key was having a clear game plan - knowing who would speak to the auditors, what they should emphasize, and exactly where all documentation and evidence of secure operations could be found. We began preparing about three months in advance.
The result? We passed with flying colors - zero major non-conformities and few minor non-conformities.
I’m incredibly proud of the outcome, not just because it reflects strong security practices, but because the entire company pulled together. It wasn’t just my team. It was a shared success across all departments.
What is an impactful skill that you developed since joining the team that you did not expect?
Bridging cultural gaps and translating between academia and practical solutions. What makes this company unique is that there's a good percentage of highly educated individuals - over 30% MDs and PhDs - and I really love such an environment.
In academia, the assumption is always that you have unlimited resources to solve a problem. Practically within a company, you have to work with constraints in a field that's sometimes not your expertise. I've had to learn about tumors, staining, and other topics, but quickly figure out the important aspects to apply to my work.
A memorable moment for me was connecting with one of our AI researchers, Gabriel. With my background in mathematics and cryptography, we’d often get into long, animated conversations about topics like mathematical probabilities, entropy, oblivious neural networks and the underlying mechanics of AI. We ended up diving into a side project exploring the intersection of AI, math, and cryptography. I even built my first AI model completely from scratch with no libraries to explore the underlying mathematics; just raw Python.
That’s how I learn best and bridge cultural gaps; having real conversations, building friendships, and understanding what makes my colleagues’ hearts beat faster 🙂 .
What is your favorite part about working at Aignostics?
Getting to talk to very smart individuals who are also really down to earth and have a common mission for the common good. The leadership is also very approachable. For example, I played some good chess games with our CEO, Viktor. We had a great chess battle - CISO versus CEO - which ended in a draw. He's a very strong chess player. Overall, it's a very nice and welcoming environment for me.
How would you describe your team in just three emojis?
👨💻🔒💜
I'd choose the hacker emoji 👨💻, the padlock emoji 🔒, and a purple heart 💜.
The hacker and padlock are pretty straightforward, our work is to lock down our security and prevent hackers from getting in. The purple heart is because for me, security is all about teamwork. We can't protect what we can't see. People around the company are our eyes and ears.