Good day!

Our interviewee is Javid Shahmuradov, who currently serves as a "Cybersecurity and Privacy Expert for the Central Asia region" at Huawei’s Dubai office. With nearly 20 years of experience in the information technology sector, Javid has spent the last eight years specializing in cybersecurity. He began his professional career in IT with a role in "helpdesk," the foundational level of IT services, and subsequently held various positions including system administrator, IT group leader, and OSS engineer. Ultimately, he found his niche in the cybersecurity field. In Azerbaijan, he most recently served as the Head of the Information Security Department at Azerconnect.

1. Can you share your career path in your field and the moments that inspired you along the way?

As I delved deeper into the field and became involved in various business processes, I realized how fascinating and responsible this domain truly is. Information security is a field that demands significant responsibility on one's shoulders, and as you know, this responsibility often extends beyond mere business obligations. Factors such as the demand for diverse knowledge, the necessity to stay constantly prepared for innovations and challenges, and similar aspects are what inspire me. I consider myself fortunate that my deep immersion into information security coincided with my time working at a telecom operator. The diversification of cyber threats in an environment with a broad technical landscape is extensive, which encourages integration into various fields, exploring them, and establishing appropriate security controls. In summary, as strange as it may sound, the ups and downs of the field, the responsibility, and of course, my love for my homeland motivate me to advance further in this field and reach new heights.

2. How do you assess the current state of the global information security and cybersecurity ecosystem, and what trends do you anticipate for the future?

To assess global information security, I believe it’s crucial to engage at an international level and witness events firsthand, which provides a unique perspective. The global cybersecurity ecosystem differs significantly from local environments. Each region, country, industry, and even individual organization has its own regulations, technologies, threat vectors, and risks. Operating within any given environment often involves focusing on specific details and managing a "small world" of concerns, whereas on a global scale, the situation can be quite different.

A key observation in the global cyber ecosystem is that digital transformation has led to both vertical and horizontal diversification of cyber threats. Classic attacks (e.g., OWASP Top 10) persist, but we also see more advanced threats such as those involving artificial intelligence, telecom networks (especially 4G and 5G), and blockchain technologies. Traditional social engineering attacks like vishing and phishing remain relevant.

Personal data has become one of the most sensitive forms of information today. The enforcement of GDPR and its stringent requirements has created a ripple effect worldwide. Although data protection laws existed before, GDPR's rigor has significantly impacted the cybersecurity sphere. Now, almost every country has developed regulatory frameworks and technical standards for data protection. Developing countries are beginning to pay more attention to personal data security. Consequently, businesses and government entities must comply with these regulations, which enhances information security measures and increases protection levels, essentially mandating compliance.

Another notable point is that the preference of global corporations and government entities for cloud solutions has turned them into crucial elements of the world economy and politics. For example, U.S. government systems predominantly use Microsoft Azure ("Azure Government"). Cloud providers generally adhere to international standards and offer high levels of cybersecurity, providing flexibility to meet new requirements swiftly and securely. However, this openness to the global network can expose critical vulnerabilities. For instance, newly disclosed critical vulnerabilities, such as those in the IPv6 TCP/IP protocol or Log4j, can lead to significant concerns despite stringent contractual agreements and compliance with national and international standards.

Cyberattacks utilizing AI, such as "deepfake" attacks, are also becoming widespread. For example, a cybercriminal used deepfake technology to impersonate a CFO and fraudulently transfer $25 million from a Hong Kong company. This incident has garnered significant global attention. Additionally, cyberattacks targeting AI systems (adversarial ML) are increasingly prevalent.

In summary, as the world economy, government operations, education, social services, and other sectors digitize, the scale, volume, and depth of cyber threats and attacks continue to rise.

3. What is your view on the current state of Azerbaijan's cybersecurity ecosystem, and what recommendations do you have for strengthening it?

Azerbaijan is a leading and advanced country in the region regarding cybersecurity organization. In fact, it is ahead of many European countries. According to the latest National Cybersecurity Index (NCSI), Azerbaijan is currently ranked 18th, and according to the ITU's global cybersecurity index, it has advanced to 40th place. Recent trends show a consistent increase in these indicators, reflecting the results of the Azerbaijani government's attention and the professional efforts of our relevant institutions. As you know, President Ilham Aliyev has repeatedly emphasized the importance of cybersecurity in his speeches at both local and international events. I believe that this factor—commonly referred to as "Security Governance"—has recently begun to make a significant impact. Adequate state support, necessary funding, budget, and resources are essential for organizing cybersecurity. In recent years, our country's digitalization strategy has successfully brought cybersecurity to the forefront.

This support and overall rejuvenation in cybersecurity are evident. First and foremost, I would like to highlight the tax incentives, which in turn should serve as a catalyst for the revitalization of the IT sector in Azerbaijan. Additionally, the “2023-2027 Strategy for Information Security and Cybersecurity of the Republic of Azerbaijan,” along with the resulting legislative changes, new normative documents, government-funded international training, and local and international competitions, are significant initiatives that are encouraging for professionals in the field.

As for the proposals to strengthen the ecosystem, I believe that the responsible institutions in our country have sufficiently experienced staff who already know very well what needs to be done. Our role is to provide the necessary support in this direction.

Furthermore, implementing unified framework documents and technical standards in the country would be beneficial. For example, having network firewalls and monitoring network traffic for compliance testing are crucial. Additionally, the existence of local normative documents for configuration forms and default settings would positively impact effectiveness. Standardizing the development of mobile applications within certain parameters could help prevent unforeseen risks or minimize their severity. To achieve this, there is no need for extensive research; adapting and applying international standards to the national level would be sufficient.

4. What steps would you recommend to strengthen our cyber diaspora?

I personally admire and support ACOA's activities in this area. You have already achieved remarkable results and made the initial steps in the field. I consider the cyber diaspora a new concept for our country. I’ve recently become a member of this diaspora myself. To strengthen its effectiveness, one could start by representing our state and nation with dignity. Following this, I would recommend organizing regular meetings where actionable documents could be developed, supporting the localization of standards, conducting relevant research, and organizing discussions around the findings. These steps would significantly contribute to the growth of our cyber diaspora.

5. What advice would you give to those looking to build a successful career and specialise in cybersecurity?

A successful career is a relative concept. For some, it may be a specific position, for others, a company, or perhaps a contribution to scientific research. However, I believe what we often lack is ambition, in a positive sense. For example, creating an internationally recognised cybersecurity solution, developing it, or founding a new tech company, bringing it to an international level, and then attracting local talents to ensure its cybersecurity. I believe our younger generation is capable of this and should believe in themselves. If you ask for the secret to success in any field, I would say perseverance and discipline.