Public Sector Cybersecurity Specialist

The goal of the class is to familiarize students with the cybersecurity strategies used by NATO, the EU and Poland. The students will learn about key documents, policies, strategies and mechanisms of international cooperation in the field of cybersecurity. Cyber threats, defensive measures and the role of institutions responsible for digital security will be covered. The study also includes an analysis of member state strategies, military and civilian cyber defense, and the development of incident response capabilities. In addition, the class will provide students with a general roadmap of cybersecurity standards, best practices and methodologies.

The lecture will present issues related to the development of a new form of armed conflict-cyberwarfare. The differences between a cyber incident, cyber conflict and cyber war will be covered, as well as the key elements of Advanced Persistent Threat (APT) attacks. Using the examples of Georgia, Iran, Russia and the current situation in Ukraine, the evolution of international disputes and conflicts in cyberspace will be presented.

The subject analyzes the phenomenon of disinformation, its mechanisms, tools and impact on society, politics and the economy. Students will learn about techniques of information manipulation, ways to detect false content and strategies to counter disinformation. Psychological aspects of information perception, the role of media and technology, and methods of data analysis in identifying disinformation will also be covered. Various methods of information verification will also be presented during the course.

Cybersecurity intelligence (open-source intelligence) presents the problem of intelligence in cyberspace using traditional and modern methods of intelligence, psychological, technological, special tasks. OSINT, HUMINT, TECHINT, new cyber intelligence technologies, operational techniques. Legal aspects of cyber-intelligence under international and domestic law. Cyber intelligence institutions and non-governmental groups.

Differences in security approaches in different operating system families will be presented, as well as models for providing security and ways to counter attacks. We will also discuss, methods of hardening the configuration of operating systems based on the main families of systems and ways to protect integrity. As part of the lecture, students will learn about security threats to operating systems and the targets and methods of attacks on systems. Students will also learn about data storage mechanisms in the context of system security.

The lecture covers an introduction to network security, with a focus on system interoperability occurring on the Internet. As part of the lecture, students will learn about different types of threats and attacks on IT infrastructure and methods of counteraction. Students will also learn about tools to help ensure network security, including a number of tools available under open licenses.

The classes will discuss physical security issues, taking into account the specifics of the public sector. They will cover mechanical security measures, principles of creating security zones, closed circuit television (CCTV) systems, alarm systems, access control systems (including biometrics).

The lecture will discuss the basics of cybersecurity of the OT (Operational Technology) area. Protection of industrial automation and service processes is an essential element of ensuring the continuity of public services under the responsibility of public entities, including TSU, in such critical areas as municipal services and other.

Mobile devices have recently dominated the method of accessing services, including public services. The class will provide an understanding of information security and protection issues in the context of mobile applications and devices. Security mechanisms of technologies used to develop apps, technologies used to manage mobile devices, the most popular methods of breaking through security will be presented. In addition, the course will include information on security in terms of the mobile infrastructure ecosystems, including the organization of mobile device management systems.

An introduction to the security of cloud-based solutions. The course will consist of a rundown of the basics and history of the cloud – what the cloud is, why it was created, and what IaaS, PaaS, SaaS, FaaS and HaaS are. The benefits of using the cloud will be covered, as well as the biggest threats and risks associated with it. In addition, the most important services related to the security of cloud platforms will be presented, including those related to monitoring or alerting or managing access and identity of cloud users. The theoretical part will be intertwined with practice, during which the students will be able to learn about modern methods of attacking, as well as assessing the security of cloud infrastructures.

The subject covers theoretical and practical aspects of cryptography, including symmetric and asymmetric encryption, hash algorithm, digital signatures and cryptographic protocols. Students learn about algorithms such as AES, RSA and ECC, as well as methods of their application in data protection, authentication, ensuring the integrity and non-repudiation of information. The class considers both classical cryptographic techniques and modern solutions, including an introduction to post-quantum cryptography.

The subject covers the principles of digital identity credentials, their role in authentication and identity management. Students will learn about technologies such as digital certificates, cryptographic keys, as well as security standards and regulations, i.e. EIDAS and EIDAS2.

The subject focuses on the role and functioning of Security Operations Centres (SOCs) in the public sector. Students will learn about the tasks of SOCs, such as monitoring, threat analysis, incident response and cybersecurity management. Collaboration with public institutions, legal regulations for the organisation of SOCs at national level and best practices in data protection and critical infrastructure will be covered.

The subject focuses on modern technologies revolutionising cybersecurity. Students are introduced to the risks associated with the development of quantum computers, as well as the principles of quantum cryptography (QKD) and post-quantum cryptography. The audience will learn about the security issues of AI systems. Using practical examples, we will discuss both the use of AI tools for cyber-attacks and for cybersecurity. The role of blockchain in ensuring data integrity and decentralisation will also be covered, as well as the use of AI in threat detection and incident analysis. The class also covers TOR networks and anonymisation tools in the context of online privacy and security. Students will gain practical skills related to the implementation and evaluation of these technologies and their impact on the future of cybersecurity. The curriculum combines theoretical aspects with analysis of real cases and an experimental approach to innovative solutions. The aim of the course is to prepare you to work with modern data protection systems and to consciously implement security-enhancing technologies in a dynamically changing digital environment.

During the lectures, the students will learn about the theoretical and practical aspects of building a cybersecurity program in organizations of different types, with a special focus on the specific nature of the public sector. We will discuss the topics of identifying an organization’s critical assets, creating a threat model, risk management, compliance with standards and regulations, and creating and implementing a security strategy based on best practices. Topics related to team building, working with service providers, maintaining the right relationships with key stakeholders, and presenting team performance will also be covered. Key elements of budgeting will be presented, as well as information on available solutions based on open licensing principles.

The course covers the principles of implementing and managing an Information Security Management System (ISMS) in accordance with ISO 27001 and NIST guidelines. Students are introduced to risk assessment methods, security policies, audits and continuous improvement of the ISMS. The course combines theory and practice, covering best practices in data protection, regulatory compliance and security incident management.

The lectures will outline the principles of incident management in the public sector, including requirements under the National Cybersecurity System (NCS).

The subject revolves around change management processes in organizations and IT systems. The students are introduced to methods of identifying, analyzing and minimizing the risks associated with change. The lecture combines theory and practice, considering standards, tools and best practices in this area.

The subject is focused on the processes of vulnerability management in organizations and IT systems. Students will learn how to detect and manage vulnerabilities.

The course covers methods for identifying, analyzing and managing risks in various areas, especially cybersecurity and IT projects. Students are introduced to risk assessment techniques, decision-making models and strategies for minimizing the negative effects of uncertainty. The course combines theory with practical tools used in risk management.

The aim of the course is to provide knowledge in the area of business continuity planning (BCP) and digital resilience in accordance with ISO 22301. Students will learn methods for risk analysis, creating contingency strategies and crisis management in organizations. Processes for minimizing downtime, restoring operations and adapting to digital threats will be covered. The class will present practical case studies that can be useful for preparing the implementation of effective resilience strategies.

The subject concentrates on cyber threat analysis and security intelligence (CTI). Students are introduced to techniques for collecting, processing and interpreting cyber threat data, identifying attackers and predicting potential incidents. Sources of information, analytical tools and response strategies will be covered. The course combines theory and practice to prepare for effective threat detection and neutralization.

The purpose of the course is to provide practical knowledge in the protection of classified information, including the principles of classification of classified information, the principles of organization of protection of classified information, admissions to classified information, as well as the requirements for audits of IT systems. Students will learn the role and tasks of the attorney for the protection of classified information.

The class introduces the issues of auditing in information security and protection, its role and methodologies for conducting it. Students are introduced to standards, such as ISO 27001, NIST and COBIT, and techniques for assessing risk, compliance and security effectiveness. The stages of an audit will be covered, including planning, execution, reporting and corrective action.

As part of a module on certifications in cybersecurity, students are introduced to the industry’s most respected professional certifications, including CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control) and CGEIT (Certified in the Governance of Enterprise IT) – issued by the global organization ISACA. The class includes an overview of certification standards, a discussion of career paths, exam ranges, and formal and competency requirements. Participants will also learn about the activities of the ISACA Association, which has been supporting professionals worldwide in the areas of IT auditing, information security, risk management and IT oversight for more than 50 years. The purpose of the lecture is not only to impart knowledge, but above all to inspire the students to build a career path based on internationally recognized standards and certifications that significantly increase competitiveness in the job market – both in the public and private sectors.

Description with elements of discussion on the functioning of the national cybersecurity system through the lens of experience and many years of application of the law. From key service operators to public entities of different sizes and importance. The class will provide answers on who has what responsibilities, powers and competencies and how this translates into practice. Are all the duties related to the implementation of the NIS2 Directive qualitatively new? Has the regulation on the National Interoperability Framework “caught on”? What will change for digital service providers? Why is it reasonable to differentiate approaches in key sectors, important sectors and public sector entities. There will be no shortage of references to the NIS2 directive, what comes out of it, and what are the identified national needs. All this information will help answer the question of whether the system is working and where areas for improvement can be identified.

The goal of the course is to provide practical knowledge and experience on the ethical and legal aspects of cybersecurity. The following issues will be discussed: ● International and European cybersecurity regulations (ROAD MAP), ● Legal aspects of information protection (employer secrecy, Unfair Competition Suppression Act, etc.), ● Cybersecurity contracts and procurement, in the public sector, ● Ethics in cybersecurity, including industry standards and codes, ● Practical aspects of personal data protection in IT systems, in the public sector (GDPR), ● Legal aspects of cryptography and quantum technologies, ● Legal aspects of electronic identification and trust services, cyber-terrorism.

The subject is intended as an introduction to the issue of computer forensics. The modern methods developed by digital computer forensics will be covered, as well as modern possibilities and limitations. The subject will also address issues related to digital evidence and legal aspects of the subject.

During the ethical hacking workshop, the following steps will be presented: ● Planning and reconnaissance – gathering information about a target system or network to understand its components and potential attack vectors. ● Scanning and enumeration – using various tools and techniques to identify assets and systems that are connected to the network. ● Vulnerability assessment – identifying and sorting out vulnerabilities that have been found on a system or network. ● Exploitation – attempting to use the identified vulnerabilities to gain access to sensitive information or systems. ● Reporting – presenting a sample report that describes the results of an information system security test, including recommendations for variability of identified vulnerabilities. As part of the class, participants will learn about configuring test environments based on open-source software, and learning materials will be provided to help develop knowledge in the covered subject. Potential career paths in the field related to information systems testing will be discussed.

Details coming soon.

Details coming soon.

The goal of the workshop is to put into practice the knowledge gained in the lectures, expanded by incorporating elements of computer forensics. We will learn to take appropriate action in response to an incident. We will identify incidents by analyzing monitoring events. We will try to limit losses by isolating resources. We will coordinate damage recovery and operational restoration. Finally, we will prepare an incident report with lessons learned. Based on our experience, we will consider how to prepare well for incident handling in the organization.

The workshop focuses on practical risk management and threat mitigation in organizations. Participants will gain knowledge in identifying, assessing and classifying risks, as well as developing strategies to minimize potential losses. Risk analysis techniques, methods for creating contingency plans and the use of tools for monitoring risks will be discussed. The class includes practical exercises, simulations and case studies, preparing them for effective risk management in various environments.

A panel discussion with the participation of those who head cybersecurity departments in public institutions. As part of the panel, experts will share their experiences of implementing cybersecurity in the public sector.

Eviden, Atos Group, Leader of the Global Governance Risk Compliance Practice in the Global Cybersecurity Advisory Department Lecturer at Kozminski University, Department of Law and Business Risk Management Sławomir has many years of professional experience in the areas of: Governance, Risk, Compliance and business aspects of cybersecurity, Enterprise Risk Management (ERM) in the following industries: banking and insurance, telecommunications, public administration, European Union institutions, IT, energy, automotive, food and beverage. He is currently pursuing his professional passions at the Atos Group in an international company combining consulting and managed cybersecurity services in the Cybersecurity Services business line where he is the leader of the Global Governance Risk Compliance practice and is responsible for delivering value to Atos clients on European cybersecurity and resilience regulations, among others: NIS 2 Directive, CER, DORA Regulation and others, combining aspects of compliance and risk assessment with business strategy. A Auditor, Lead Consultant, Program Director in the practice area of integrated management systems: information security, quality, risk, business continuity, environment, IT services or data centers. He verified risk assessments of continuity of high-availability IT services as part of the Technology Partnership with Orange in the 2012 UEFA European Football Championship Poland-Ukraine. Sławomir holds a Ph.D. in economics and graduated from the Poznań University of Economics in the field of capital investments and corporate financial strategies, and is a holder of such certificates as:

• • ISACA CISA – Certified Information Systems Auditor,
  • PECB ISO 31000 – organization-wide integrated risk management systems,
  • PECB ISO 27001 – lead auditor of information security management systems,
  • PECB ISO 22301 – lead consultant for resilience/business continuity management system implementations,
  • SABSA Institute Business Security Architect,
  • Personal Effectiveness Certificate from the Institute Business Europe,
  • MSP and Prince2 Foundation certificate in program and project management.

He participated in workshops conducted by experts in the field of business strategy implementation, the so-called STRATEX (Prof. Robert Kaplan, co-creator of the Balanced Scorecard), decision-making with quantitative risk management – Doug Hubbard, creator of AIE and co-creators of risk management systems, among others: AS/NSZ 4360 / ISO 31000 – Kevin W. Knight, Grant Purdy, or personal branding such as Al and Laura Ries, Life & Business Coaching Tony Robbins and many others. One of the 49 initiators of the European certification program for ERM and insurance corporate risk managers RIMAP (Risk Management Professional) as a FERMA member with the rank of RIMAP Founder. He co-created good risk management practices in Poland within the framework of the POLRISK Risk Management Association, executing with the Polish Committee for Standardization the implementation of the Polish version of the ISO 31000 risk management standard and the related ISO Guide 73 terminology guide. He is the co-author of the pioneering book “Risk Management for Sustainable Business Development” written in 2011 for the Ministry of Economy, as well as a series of training courses for representatives of state-owned companies based on the aforementioned manual.

A graduate of the Faculty of Electronics at Warsaw University of Technology, he began his professional career in the late 1980s as a designer of peripheral devices and industrial automation computer systems, as well as a programmer. In the mid-1990s, he began working for the central government, starting with the construction of local computer networks and data processing centers, followed by nationwide wide area networks and computer systems. He gained Project Manager skills managing PHARE funded projects. Internal auditor of management systems including quality management standards (ISO 9001), environmental management (ISO 14001), occupational health and safety (OHSAS 18001), value production security (CWA 14641 – Intergraf) and information security management in accordance with ISO/IEC 27001. Certified IT Systems Auditor (CISA), holder of ITIL Foundation certificate. Expert of the Polish Information Technology Association. Expert of the Polish Chamber of Information Technology and Telecommunications. ISACA member. Author of many expert reports and studies carried out for the needs of administration, business, as well as control bodies. Active consultant of draft legislation. Specializes in issues of corporate governance (IT Governance) and application of best practices in IT management, in particular management of: IT services, security (cybersecurity) and projects and ventures. He has extensive experience in government, industry and the new technology industry.

Experienced manager and auditor with more than 20 years of experience in the areas of information security, risk management and information systems in government, finance, transportation, healthcare, new technologies and critical infrastructure. She implements projects in the field of digitization and cybersecurity, supports organizations in meeting regulatory obligations of the national cybersecurity system, GDPR, DORA, MiCA and development of solutions based on blockchain technology, conducts trainings and audits of information systems of the national cybersecurity system, ISO 27001, ISO 22301. Board member of ISACA Warsaw, expert in legislative work of AI MC Working Group and technical work at PKN within AI and blockchain technical committees. She conducts scientific research on the application of blockchain technology – data management and consensus mechanisms in blockchain networks (WAT).

A graduate of the Cracow University of Economics. Associated with the IT industry for more than 15 years. Passionate about security. He is currently Senior Manager for Information Security at TUV NORD Poland, where he is responsible for the development of services related to standards: ISO 27001, ISO 20000, ISO 22301 as well as the topics of Personal Data Protection and Cybersecurity and TISAX. He holds the following certifications: ISO 27001 Lead Auditor, ISO 20000, ISO 22301 Internal Auditor, Incident Response Manager and Data Protection Supervisor. He is a PCA-accredited examiner for the CMS Lead Auditors. As a TUV NORD trainer and university lecturer, he places great emphasis on staff awareness.

Currently, he is Director of Enterprise Technology at Booksy, where he is responsible for, among other things, platform security, as well as all other aspects of security and IT in the organization. Previously, he was responsible for building a global team (Poland, Indonesia, Portugal) dedicated to the security of thousands of systems at Philip Morris International. In the past, he supported numerous international organizations in the area of security as a consultant for the consulting firm EY. Outside of work, he is passionate about cybersecurity – he has participated in numerous bug bounty programs and is number 1 in Poland in terms of the number of bugs found on the Synack platform. A speaker at many local and international conferences – including OWASP 20th Anniversary, Confidence, TechRisk, OWASP Poland, SysOps/DevOps. He received his professional education at the AGH University of Science and Technology in Krakow and the National University of Singapore. He holds the following industry certifications: CISSP, CISA, AWS SAA, AWS SEC, GCP ACE, OSWE, OSCP, GCIH.

ICT manager and expert with 25 years of experience in the financial sector. He gained his professional experience at the National Bank of Poland, where he implemented projects in network infrastructure and telecommunications systems, and co-created cybersecurity structures. He participated in building high-availability solutions for strategic systems and in the implementation of pioneering projects, including those with an international scope. He also oversaw the digital transformation process.

He currently serves as CEO of Critical Applications, a provider of systems and applications for the Ministry of Finance and the National Tax Administration.

He is a graduate of the Faculty of Law and Administration at the University of Lodz, MBA studies at the Leon Kozminski Academy in Warsaw, Postgraduate Studies in Project Management at the Warsaw School of Economics and Postgraduate Studies “CYBER SCIENCE – Tokenization and Automation of Processes in the Digital Economy” at the University of Silesia.

Bartosz Nakielski is a mathematician and has been involved in electronic signatures and cryptography for 20 years. He heads the Cryptography Department in the NBP’s cybersecurity department. He is primarily responsible for the functioning of the National Certification Center.

Description of the course: – basics of cryptography – certificates and public key infrastructure – trust services – electronic signature formats

………………………………………………………………………………………………………………………………………………………………………………………………………………………….

CISSP/CRISC, ISO 27001 Senior Lead Auditor Cybersecurity expert with over 20 years of experience working for leading international and domestic organizations. He currently holds the position of Customer Security Officer / Chief Security Advisor at Microsoft, where he supports Chief Information Security Officers (CISOs) of major organizations in Poland and the region, advising on the construction and development of cybersecurity strategies. Previously, he was with Akamai Technologies, where, as Senior Information Security Director, he led a team responsible for managing compliance requirements in the area of information security (compliance and governance). He was responsible for the implementation of global projects aimed at proving the organization’s compliance with the highest information security standards. He also served as Information Security Site Lead at the company’s Polish branch, supporting local teams in achieving security goals. His career also included a Head of Security position at Future Simple Inc./Base (now ZenDesk), a Silicon Valley-based company, where he was responsible for the security of innovative SaaS solutions. Previously, as Head of Information Security for EMEA at Herbalife, he supported the development of information security practices in internationally distributed structures. On the Polish market, he was associated with INTERIA.PL for more than 14 years, where as Chief Security Officer (CSO) he was responsible for security, compliance and privacy protection. At the same time, he served as Information Security Administrator (ABI) at RMF Group. As part of his work at INTERIA.PL, he built and led the research and development (R&D) team. Founder and co-founder of Polish chapters of leading industry organizations such as OWASP, ISACA and ISSA, in which he was also active as a member of review committees. Co-founder of the Affinity conference, promoting the topics of security and technological innovation. Active academic lecturer and speaker at conferences on information security, compliance and contemporary digital threats. Collaborates as an independent expert with many companies and organizations in Poland and abroad, offering advice on cyber security. Co-author of postgraduate courses in Cyber Security Management (Kozminski), Cyber Security Specialist (WSZiB) and more… He regularly comments on issues related to current IT threats in the media. Author of numerous articles in the trade press and guidebooks, including the “Security from A to Z” series. Co-author of books such as: – Legal Tech (Nomos) – Analiza ryzyka i bezpieczeństwa w kancelariach prawnych [eng. Risk and Security Analysis in Law Firms] (Wolters Kluwer) and co-author of a scientific publication examining the ethical, legal and social aspects of the application of artificial intelligence systems in the European Union, published in the Parliamentary Review. Passionate about technology and information security issues. In his work, he combines practical experience with a deep understanding of the strategic aspects of digital security.

Cyber intelligence and security specialist for the US, Turkey and Israel, expert on cyber security and new AI technologies for critical infrastructure protection. President of the Polish-Israeli Consortium for the Cyber Security of Poland, head of anti-terrorism studies, Israeli cyber intelligence analyst in Darknet. …………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………….

Legal counsel, legislator, advisor in legal and organizational issues of e-government and paperless processes in organizations. He specializes in the law of electronic identification and trust services (electronic signatures and seals, electronic delivery, electronic time stamps). He has advised on dozens of projects to implement paperless solutions (including in HR), e-government in the public as well as private sector. Member of the Information Society Team of the Joint Commission of the State and Local Government. Former long-time employee of the Ministry of Digitization, where he coordinated legislative projects related to, among other things, the Law on Informatization of the Activities of Entities Performing Public Tasks, the Law on Electronic Delivery, and participated in work on the implementation of regulations on electronic identification, digital accessibility and cyber security. He has experience in cloud computing use projects (including in the sector regulated by the The Polish Financial Supervision Authority announcement) and co-created the legal and organizational framework for cloud computing in the public sector, as part of the Joint State Information Infrastructure program. Co-authored legislation adapting the Polish legal system to the provisions of the General Data Protection Regulation (RODO/GDPR). He is the author or co-author of numerous scientific and popular science publications on his areas of expertise. He is a lecturer at the postgraduate program in data protection at the Institute of Legal Sciences of the Polish Academy of Sciences. Winner of the 2019. Rising Stars Competition – Lawyers Leaders of Tomorrow.

Security advisor to President Rafał Trzaskowski. Cyber security systems architect, expert in business continuity of civilian and military ICT systems. Practitioner in the construction, operation and protection of sensitive data in storage and transmission systems, including for military missions in Iraq, Afghanistan, Libya and the Syrian borderlands. He has held many important positions at home and abroad, including: – Plenipotentiary of the Minister of Digitization for cyber security; – T-Mobile board member; – chief operating officer of the NATO Communication Services Agency (NCSA); – chief of staff/deputy commander of the NATO CIS Group; – Director of the Department of Information Technology and Telecommunications of the Ministry of Defense; – Head of the Communications and Information Technology Board of the General Staff of the Polish Army; – long-time Polish representative to the Working Group of National Technical Experts on Telecommunications (WGNTE/COM) at NATO Headquarters.

Legal counsel and patent attorney. For almost 20 years he has specialized in the broadly defined law of new technologies, including IT contracts, intellectual property law, GDPR, legal aspects of artificial intelligence. Chairman of the Board of Directors of the AI LAW TECH Foundation, which is an interdisciplinary think-tank focused on technical, legal, ethical and business aspects of the development of new technologies, AI in particular. Member of the Social Team of Experts appointed by the President of the Office for Personal Data Protection. He was part of the Council for Digitization of the second term, appointed by the Minister of Digitization. As part of the work of the Digitization Council, he participated in the reform of national data protection laws. He led the work of the subgroup on legal aspects of AI in the expert team of the Ministry of Digitization. As part of the team’s work, he participated in the preparation of the “Assumptions of AI strategy for Poland.” Subsequently, he led the work of the Working Group on Ethical and Legal Aspects of Artificial Intelligence (GRAI), established at the Ministry of Digitization. He teaches subjects related to intellectual property law and the law of new technologies at Kozminski University and the Warsaw School of Economics. Supervisor of postgraduate studies in Modern Technology Law and postgraduate studies in Artificial Intelligence Law conducted at Kozminski University. Co-director of postgraduate studies Business.AI Artificial Intelligence Project Management (ALK). He has taught legal subjects related to AI as part of MBA programs (Kozminski University, AGH University of Science and Technology). Author of a number of scientific and popular science publications in the field of IT law, including personal data and legal aspects of artificial intelligence.  Co-editor of a commentary on the Artificial Intelligence Act (in the works).

Civil servant with many years of professional experience in government administration in the area of telecommunications and cyber security. He worked at the Office of Electronic Communications and the Prime Minister’s Office. Currently Deputy Director of the Cyber Security Department of the Ministry of Cyber Security, responsible for, among other things, regulations in this area – including the Act on the National Cyber Security System, the Act on Combating Abuse in Electronic Communications, the Act on Specific Principles for the Remuneration of Persons Performing Cyber Security Tasks, as well as exercising the powers of the Minister of Digitization as the competent authority for cyber security for the digital infrastructure sector. Graduate of an MBA studies for the IT industry, law, administration, political science and postgraduate studies in cyber security management and new technology law, lead auditor according to ISO 2700 standard.

Ekspert w zakresie systemów bezpieczeństwa fizycznego, zarządzania kryzysowego i ciągłości działania oraz ochrony informacji, z niemal 30 letnim stażem pracy w branży Security. Od ponad 20 lat związany z Departamentem Bezpieczeństwa NBP. Wpisany na listę kwalifikowanych pracowników zabezpieczenia technicznego prowadzoną przez Komendanta Głównego Policji.  Absolwent Wydziału Mechanicznego Politechniki Radomskiej, studiów podyplomowych  na Wydziale Elektroniki Wojskowej Akademii Technicznej w zakresie fizycznej i technicznej ochrony osób i mienia. Absolwent MBA w Akademii Leona Koźmińskiego oraz Executive Leadership Program organizowanego przez University of Pittsburgh. W obszarze bezpieczeństwa współpracuje z wieloma instytucjami w tym: ze Związkiem Banków Polskich w ramach Rady Bezpieczeństwa Banków oraz Forum Bezpieczeństwa Fizycznego, z Urzędem Komisji Nadzoru Finansowego w ramach grupy ds. bezpieczeństwa fizycznego sektora bankowego i urządzeń ATM. Jest członkiem grupy roboczej ds. bezpieczeństwa Europejskiego Systemu Banków Centralnych. Prelegent na krajowych oraz międzynarodowych warsztatach i konferencjach poświęconych bezpieczeństwu.  Prywatnie entuzjasta strzelectwa, kolarstwa górskiego i akwarystyki.

Arkadiusz Szyszkowski – prawnik, były pracownik Departamentu Administracji Publicznej MSWiA, Departamentu Prawnego UZP, Departamentu Prawnego i Zamówień Publicznych MSZ. Absolwent Podyplomowego Studium Integracji Europejskiej w KSAP oraz Zarządzania Zakupami w ALK.

Współautor i redaktor merytoryczny publikacji „Przetargi w praktyce. Poradnik zamawiającego i oferenta” (wyd. C. H. Beck), współautor komentarza do Prawa zamówień publicznych (ODDK), autor „Zamówienia podprogowe w praktyce z uwzględnieniem centralnego rejestru umów (C.H. Beck), „Tryb podstawowy w nowej ustawie – Prawo zamówień publicznych. Analiza praktyczna” (C.H. Beck). Ponadto autor licznych publikacji dotyczących zamówień publicznych w „Rzeczypospolitej”, „Monitorze Zamówień Publicznych”, „Prawie Przedsiębiorcy”, „Monitorze Prawniczym”, „Przetargach Publicznych”. Wykładowca na kilku uczelniach wyższych, na studiach licencjackich, magisterskich oraz podyplomowych. Prowadzi liczne szkolenia z zakresu zamówień publicznych, partnerstwa publiczno-prywatnego, odpowiedzialności za naruszenie dyscypliny finansów publicznych. Praktyk zamówień publicznych – wykonuje funkcję kierownika zamawiającego w dużej instytucji publicznej.

Dołączył do zespołu CIRF w 2024 roku w roli dyrektora jednostki. Posiada ponad 20 letnie doświadczenie w zarządzaniu infrastrukturą informatyczną, utrzymaniem oraz rozwojem systemów, łącząc doświadczenia wielu sektorów takich jak telekomunikacja, infrastruktura mobilna oraz zarządzanie w projektach informatycznych. Przed dołączeniem do CIRF pełnił rolę dyrektora ds. Eksploatacji i Bezpieczeństwa Systemów Teleinformatycznych w Centrum e-Zdrowia (CEZ) a wcześniej sprawował funkcje kierownicze w samorządzie terytorialnym. Ostatnie 5 lat spędził jako lider w budowie systemów cyberbezpieczeństwa, współtworzył m.in. CSIRT CEZ, CYBERKARETKA oraz projekt wsparcia budowy systemów cyberbezpieczeństwa w szpitalach. Oprócz tytułu magistra-inżyniera elektroniki PW, posiada tytuł MBA na WAT w zakresie zarządzania w cyberbezpieczeństwie, MBA w Instytucie Podstaw Informatyki PAN, dyplom ukończenia Warszawskiej Szkoły Zarządzania – Szkoły Wyższej, oraz certyfikat uzyskany Global Knowledge Richardson (TX USA) w zakresie zarządzania bazami danych w telekomunikacji.   „Najlepiej czuję się w świecie technologii, każdy nowy projekt stanowi wyzwanie a ja bardzo lubię wyzwania”