BrightMarbles Group is making waves in the cybersecurity world, and leading the charge is Branko Džakula, the Chief Information Officer (CIO). With an impressive career spanning over a decade, Branko has played a pivotal role in enhancing security measures and fostering a culture of cybersecurity awareness. His journey includes significant contributions to various organizations, where he has led comprehensive outreach programs and managed risk assessment processes. 

In his recent interview with Forbes Serbia, Branko highlighted the critical shortage of cybersecurity experts globally and the urgent need for continuous education and training to address this gap. He emphasized the importance of collaborations between the private sector, public institutions, and academia to develop robust cybersecurity education programs. Under his leadership, BrightMarbles Group has launched initiatives like the UN1QUELY Cybersecurity Academy to bridge the skills gap and prepare the next generation of cybersecurity professionals. 

Join us as we explore the challenges, advancements, and future of cybersecurity with one of the industry’s most forward-thinking leaders. This conversation is packed with practical advice, innovative ideas, and a glimpse into what’s next for BrightMarbles Group. 

Q: As our lives become more connected through technology, cybersecurity is becoming a critical issue for everyone, with a new cyberattack occurring every 39 seconds. With digital services growing rapidly, how do you see the role of cybersecurity evolving, and what should we be focusing on to ensure a safe and secure digital future? 

Cybersecurity is everyone’s concern, from kids to seniors. In today’s digital age, our reliance on digital services is constantly expanding, making cybersecurity just as crucial as traditional security and safety. As digital and physical worlds merge with the latest AR technologies, this trend will only intensify. It won’t be long before police and security personnel focus more on enforcing laws online than on the streets. This shift highlights the need for robust cybersecurity measures to protect all users and ensure a secure digital environment for everyone. 

Q: How has BrightMarbles Group structured its services to meet the diverse needs of both private and public sectors, and what sets your approach apart from others in the industry? 

We understand the present and future of cybersecurity demands, and we’re motivated to build expertise to keep pace with the accelerated growth in this field. To be ready to meet the needs of both private and public sectors, we’ve structured our cybersecurity services into four categories: offensive security, defensive security, security advisory, and security training. 

This approach ensures our portfolio covers all aspects of information security, providing a comprehensive 360-degree solution. We offer the flexibility to deliver each service category individually, tailored to the unique needs of each customer. 

Currently, our portfolio includes startups, SMBs, enterprises, and government entities, including critical infrastructure. Our team, processes, and tools are designed to handle uncertainty, complexity, and real-world cybersecurity challenges effectively. 

Q: As cyber threats become more sophisticated, it’s essential for organizations to proactively identify and address vulnerabilities. How does BrightMarbles Group’s penetration testing service play a role in this? 

Penetration testing is our flagship service and a key part of our Offensive Security category. Our highly skilled pen-testing team, one of the best in the Balkan region, holds over 20 different certifications. We pride ourselves on being able to start a new pen-test within 48 hours of first contact. Besides identifying vulnerabilities, this service helps improve overall system security, helping organizations stay ahead of potential threats. 

Q: Can you walk us through the typical process of a penetration testing engagement at BrightMarbles Group? 

We start every penetration testing engagement with a scoping call. This call serves as an introduction to our team, testing methodologies, and a deep dive into our process. During this call, we gather all necessary details from the customer about what we are testing, such as a  website with an integrated payment solution. We ask for details like where the website is hosted, the technology used to develop it, the payment solution implemented, where the data is stored and processed, how access is managed on the backend, and what user roles are available. 

Once we have the full context, we schedule a kick-off date and set up a project communication channel. We assign a project manager and pen-testers whose specific skills match the technology being tested, ensuring the highest quality results. 

Our team executes each test with extreme care and precision, always going beyond the defined methodology to uncover even the most exotic vulnerabilities. Every finding is double-checked and verified by another senior pen-tester, ensuring high quality of service and zero margin for error or false positives 

The final output of our engagement is a comprehensive pen-test report. This report includes the scope, methodology, team member details, risk assessment, and a detailed list of findings, complete with steps to reproduce each finding and detailed remediation guidance. This allows the client to fix all vulnerabilities as soon as possible. We also offer unlimited free retests of all identified findings to verify they have been fixed. 

Q: With the growth of online payment systems, health-tech services, and AI tools, many believe that these innovations have disrupted security. How is BrightMarbles Group navigating these challenges

Glad you mentioned this in the way you did. It’s actually a misconception that security has been disrupted. In reality, it has become more accessible, and many new technologies, like public cloud platforms, are more secure right out of the box. The real challenge is that the increased availability of modern technologies can lead to more complexity for our customers. Over-adoption of new SaaS tools and rapid development of new products often introduce security risks and vulnerabilities that organizations might not be aware of or lack the internal skills to tackle. 

Q: As new technologies make security more accessible and manageable, organizations still face significant challenges. What are the specific hurdles BrightMarbles Group encounters in ensuring robust cybersecurity, and how these challenges can be addressed? 

Security is becoming more affordable and easier to manage. With the adoption of new automated compliance solutions like Secfix and supply-chain risk management platforms such as Intell Informed, companies can gain visibility and clear guidance on the most pressing security risks and how to tackle them. Some issues are easily fixable, while others might require outside help. This is where we come in with hands-on expertise, providing the necessary support to address complex security challenges effectively. 

Q: With AI rapidly transforming various industries, how is BrightMarbles Group leveraging AI technologies to enhance both Offensive and Defensive Security services, and what specific benefits does this bring to your clients? 

In cybersecurity, we expect that AI adoption will accelerate each service in a specific way. For Offensive Security, AI technologies can speed up the recon or information gathering phase of the process and leverage generative AI models for high-quality and speedy report writing. Advanced AI adoption would enable pen-testers to execute automated pen-testing tools in tandem with manual testing, ensuring higher quality output and covering more ground in less time, making the service more affordable for the customer. 

In Defensive Security, AI adoption is expected to improve the intelligent correlation of massive amounts of system logs, leading to faster detection of anomalies and intrusions, and quicker response times to security incidents. Current AI adoption in Microsoft security tools, for example, accelerates the incident investigation phase by allowing AI Copilot to retrieve specific system information or forensic evidence in natural language, resulting in faster and more accurate incident response. 

Q: How is BrightMarbles Group utilizing AI technologies in your Security Advisory and Security Training services, and what potential risks do you see with heavy reliance on AI? 

In Security Advisory, generative AI is proving to be a very handy copilot. It helps generate security management documentation, processes, policies, and procedures tailored to the specific context of each company, cutting down the time spent on tedious tasks and allowing our consultants to focus more on expert tasks for our customers. 

In Security Training, AI is expected to advance the curation of personalized learning paths for each student, tailored to their current level, most effective learning methods, pace, and individual goals. This revolution in general education is already underway, with examples like Khan Academy’s adoption of AI in education. 

However, AI can and will make mistakes. In the delicate domain of cybersecurity, there is often no room for error. Heavy reliance on AI to “do the work for us” can be dangerous if it goes unchecked and is adopted hastily without proper safeguards and quality assurance. Additionally, there are general concerns about privacy and how AI handles personal data. It is crucial to ensure that AI technologies are not trained on Personally Identifiable Information (PII) and that you have control over the sensitive data you input into the system. 

Q: Education plays a crucial role in addressing the cybersecurity skills gap. Can you tell us about the development and impact of the UN1QUELY Cybersecurity Academy, and how your collaborations with educational institutions are shaping the future of cybersecurity education in the region? 

We have spent a lot of time and effort to build an educational system in UN1QUELY aimed at bridging the skills gap in cybersecurity and creating an accessible path for anyone to start a career in this field. We launched the UN1QUELY Cybersecurity Academy with three modules that reflect our service categories: offensive, defensive, and security management. This academy has gained a lot of popularity in the region. 

Soon after its launch, we began collaborating with educational institutions and universities to reach a larger audience of students interested in cybersecurity. These collaborations are designed to prepare students for a rewarding career in this field. We also organized a hackathon for high school students in Montenegro, with support from the UNDP and the Montenegrin Ministry of Public Affairs. 

Additionally, we have established partnerships with the University of Montenegro and the University of Kragujevac, where we regularly hold lectures as part of their cybersecurity programs. These initiatives help us connect with students and provide them with the knowledge and skills they need to succeed in cybersecurity. 

Q: Your educational initiatives are impressive! What motivates BrightMarbles Group and you personally to invest so heavily in them? 

Our primary goal is to get more people into cybersecurity, for our own obvious reasons as we are hungry for amazing talent, and because we are extremely passionate about what we do. We want to share our knowledge with anyone who is ready to learn. All our educational efforts towards bridging the skills gap and getting people started in the cybersecurity field will always be free. We are committed to giving our time and effort to the community because we believe in the importance of nurturing the next generation of cybersecurity professionals. 

Q: Let’s shift gears and talk about your personal interests. How do you balance the demanding nature of your career with your passion for extreme sports like surfing and skiing? 

Pretty well. I’m currently training for a marathon and regularly race in Obstacle Course Racing (OCR) tournaments, trail racing tournaments, and half-marathons. I’m also considering getting more into water sports like water skiing and kite surfing. Hopefully, within the next couple of years, I’ll have more to share about these new adventures. 

Q: What motivates you to pursue extreme sports, and how do these activities contribute to your overall well-being and performance in both personal and professional aspects of your life? 

The reason I’m into extreme sports is that exploring the limits of my own body has been an incredible experience. It seems like the more I push, the more I discover I can achieve. Staying active in sports helps me stay healthy and in top form, which is crucial for excelling in all other areas, from parenting to people management. A healthy lifestyle gives me more energy for all the demanding tasks I face and keeps my mind clear, allowing me to think faster and make better decisions. I couldn’t recommend it more. 

Q: Looking ahead, it’s exciting to see what new developments and innovations BrightMarbles Group will bring to the cybersecurity field. What exciting developments can we expect from BrightMarbles Group in the near future? 

We are working hard on modernizing our cybersecurity service offering by combining our services into a continuous model rather than one-off projects. This will allow customers to have continuous testing and vulnerability discovery, ongoing risk and exposure management, continuous monitoring and incident response, as well as year-round program management and advisory services. We are also leveraging compliance automation platforms as our central management point. This is the next big thing in cybersecurity service offerings, and we are at the forefront of innovation in this space. 

At the end 

Talking to Branko Džakula gave us a fascinating look into the future of cybersecurity at BrightMarbles Group. From integrating cutting-edge AI to nurturing new talent through the UN1QUELY Cybersecurity Academy, Branko’s vision is clearly driving innovation. But this is just the beginning. As technology continues to evolve, so do the challenges and opportunities in cybersecurity.  

One thing that really stands out is the importance of continuous learning and adapting. Whether you’re running a business or thinking about a career in cybersecurity, staying ahead of the game is key. BrightMarbles Group’s move towards offering continuous, integrated security services shows a new way of protecting organizations more effectively. 

We’re excited to see what innovative solutions BrightMarbles Group will come up with next. Stay tuned – this adventure is just getting started, and we can’t wait to see what the future holds! 

About Branko Džakula 

Branko Džakula, the Chief Information Officer (CIO) at BrightMarbles Group and Co-founder & COO of UN1QUELY, is a leading force in the world of cybersecurity. With unparalleled expertise and a relentless commitment to excellence, Branko has revolutionized security practices while passionately educating both seasoned professionals and aspiring talents. His visionary approach and dedication to advancing cybersecurity standards have solidified his reputation as a powerhouse in the industry.