He began his studies in Agricultural Engineering at the University of Santiago de Compostela, Lugo Campus. During this period, he discovered that his true vocation was in the field of computer science, which led him to transfer his training to this area. This decision opened new perspectives in his professional career.
His first foray into the working world was at Visual MS, where he assumed responsibilities in vertical ERP projects. He also actively participated in the development of the first Galician CMS for web content management, a significant innovation at the time.
After these years of experience, he founded with other partners one of the first Galician SMEs specialized in cybersecurity and since its incorporation, he began to manage the information systems of CMPROMAR, a company that evolved to become what we know today as Profand Group.
In the early 2000s, cybersecurity was mainly a concern of large corporations and did not always receive the necessary attention. Recognizing this gap, in 2007 he decided to diversify services into a new company and founded CÚBICA.
Throughout these more than 20 years, his professional career has undergone numerous changes and evolutions. However, what has remained unchanged is his commitment to Grupo Profand.
In his free time, Alberto enjoys a variety of hobbies that allow him to balance his personal and work life. Among them, scuba diving, tennis and cooking; activities that he practices regularly and loves, but without a doubt what would stand out the most is his interest in music and music production.
Could you explain to us what is the role of the department you lead at Profand and what does information security involve in our company?
The information security department at Grupo Profand plays a critical role in the integral protection of the company's data and systems. Since its establishment, we have implemented a rigorous framework based on corporate policies and procedures, guided by security regulations and standards, especially aligned with ISO 27001:2022.
My main responsibility encompasses strategic risk management, the design and execution of business continuity plans in the IT area, and ensuring regulatory compliance in this area for the entire corporate group. This involves ensuring that all entities within the group strictly follow established procedures, implementing advanced defense measures against both external (such as malware, phishing attacks and intrusions) and internal threats.
In addition, I oversee the continuous updating of systems with the latest security patches available, ensuring that our systems are protected against the latest vulnerabilities. We constantly incorporate additional controls and security metrics at all layers of our infrastructures, with the goal of proactively identifying potential security breaches and mitigating any potential risks before they affect the operation.
This comprehensive work is aimed at strengthening the Profand Group's resilience to digital threats in an increasingly complex and changing business environment.
What are the main security challenges facing Profand today?
Today, we are facing an increasing sophistication of cyber attacks, where the combined use of social engineering and advanced technologies such as artificial intelligence requires a significant investment in our defensive capabilities. Early detection of device misconfigurations and continuous awareness of the entire workforce emerge as the main challenges in this context.
In addition, regulatory compliance plays a crucial role. Recent directives such as the European Union's NIS2 establish more rigorous standards for information security, imposing the need to adopt even stricter and more effective measures. This regulation drives us to stay at the forefront of international best practices and standards, ensuring the comprehensive protection of Profand Group's critical assets.
In response to these demands, we are continuously strengthening our technological and management capabilities, implementing advanced monitoring and incident response solutions. This proactive, multidimensional approach enables us to mitigate risks, preserve the integrity of our systems and ensure operational continuity.
"Early detection of incorrect device configurations and continuous awareness of the entire workforce emerge as the main challenges in this context."
How is Profand adapting to these challenges?
Since we began our ISO 27001 certification process in 2018, we have laid the groundwork for establishing a robust information security management system. The implementation of periodic penetration tests, also known as ethical hacking, on our infrastructures has been fundamental to proactively identify and correct vulnerabilities.
In addition, we have intensified our efforts in awareness and continuous training for all employees, which has resulted in a notable reduction in security incidents. This comprehensive approach not only strengthens our internal security posture, but also reinforces the security culture throughout the organization.
This year we have taken another step forward with the implementation of a Security Operations Center (SOC) operating 24 hours a day, 7 days a week. This SOC is responsible for actively monitoring our servers and networks for any anomalies or suspicious activity, allowing us to respond immediately to possible threats.
"This year we have gone a step further with the implementation of a Security Operations Center (SOC) operating 24 hours a day, 7 days a week."
What advice do you have for all Group users regarding information security?
My main advice to all members of our group of companies regarding information security is to adopt a proactive and conscious attitude towards this topic, not only in the professional sphere, but also in their private lives. We often underestimate the impact that our actions can have, especially when it comes to ignorance. This is why awareness plays a crucial role.
The workforce is the first line of defense in information security. It is critical that they are well informed and trained to identify potential risks and threats. This includes practicing good security habits, such as using strong passwords and regularly updating software, as well as being alert to potential phishing attacks or other social engineering techniques.
In addition, it is important to report any incident or suspicious activity immediately can make a big difference in protecting our critical assets and data.
I would like to emphasize that information security is everyone's responsibility. In this way we can strengthen Grupo Profand's security and effectively mitigate potential risks.
Without a doubt, information security is a fundamental pillar for the success of Profand Fishing Holding. Are there any specific projects on the horizon to further improve security at Profand?
As for future plans to further strengthen security, we are focused on several strategic fronts.
First and foremost, we will intensify our awareness efforts. Soon, we plan to implement monthly phishing tests to assess and improve our employees' ability to detect and report phishing attempts. We recognize that effective awareness is key to strengthening our defense against ever-evolving cyber threats.
In addition, we are in the process of implementing new advanced technologies, such as conditional access control and digital information tagging. These measures are designed to prevent unauthorized access to critical data, even once the information has left the corporate perimeter. This reinforces our ability to protect the confidentiality and integrity of Profand Group's sensitive information.
On the other hand, and no less important, one of our main projects is to unify safety criteria in all group companies. This integrated approach will enable us to establish uniform standards and best practices at all levels, further strengthening our global safety posture.
How do you manage collaboration and coordination between different teams within the information security department to ensure effective incident response?
Interdepartmental collaboration is critical in information security management to ensure effective incident response. We have clearly defined roles and responsibilities within each team and across interdepartmental teams. This ensures that each team member understands their specific role and contributes in a coordinated manner to the overall security strategy.
In addition, we establish robust communication protocols that facilitate the rapid and accurate transmission of information during an incident.
In addition, we maintain continuous and collaborative communication with other key departments, such as compliance, human resources and legal, among others. This is especially important to comply with relevant regulations and standards, as well as to properly manage legal and crisis management issues that may arise during a security incident.
We must promote a proactive and resilient safety culture in all Group companies.
What is your opinion on the integration of artificial intelligence in cybersecurity strategies?
The integration of artificial intelligence into cybersecurity strategies represents a significant advance. This technology can not only improve the early detection of threats and anomalies, but also transform the way we manage and respond to cyber incidents.
The use of artificial intelligence enables fast and accurate analysis of large volumes of data in real time, identifying patterns and behaviors that could indicate malicious activity. This is especially crucial in an environment where attacks are constantly evolving and becoming more difficult to detect with traditional methods.
Artificial intelligence-based solutions can make informed decisions quickly and efficiently, implementing immediate countermeasures to contain and mitigate the scope of an attack, but it is very important to note that it does not replace human expertise and critical judgment. Rather, it complements and enhances the capabilities of our security team, allowing them to focus on tasks of greater strategic value and deep analysis.
In the field of AI, we have already taken concrete steps in the implementation of customized artificial intelligence projects that are already up and running in Profand Group departments, marking the beginning of a series of planned initiatives.
These projects are not only limited to the security arena, but we also explore applications in other critical areas of the organization. The adoption of artificial intelligence represents an ongoing commitment to innovation and improvement of our processes, ensuring that we are at the forefront of using advanced technologies to achieve our strategic and operational objectives effectively and efficiently.
