What does an average day look like for somebody working in cybersecurity?

That isn’t an easy question to answer when you consider the vastness of the field. Somebody who works in cybersecurity needs to stay constantly abreast of industry changes – especially new attacks cooked up by cybercriminals – and help their employers create and tweak their security plans.

However, thanks to Tom Vazdar, who has developed the Open Institute of Technology’s (OPIT’s) Master’s Degree in Enterprise Cybersecurity, we can provide some insight into what your average day may look like.

Who Is Tom Vazdar?

Serving as the Program Chair of OPIT’s upcoming Master’s Degree in Cybersecurity, Tom brings a vast amount of practical experience to the table. His work has spanned the globe. Tom has been employed as the Chief Security Officer for a major Croatian bank, in addition to serving as the Chief Information Officer for a company in the United States’ manufacturing sector.

His practical experience spans other industries – including technology and finance – and he’s currently completing a doctorate while running his own practice. Tom’s specialty is the behavioral aspect of cybersecurity. His deep understanding of the “culture” that surrounds the field has been shaped by his work on development strategies, policies, and frameworks for his past employers.

The Importance of Trends

The first thing Tom highlights is that a cybersecurity professional has to follow the trends in the industry. As he points out: “We are living in an era where digital transformation is accelerating, and with it, the complexity and frequency of cyber threats are also increasing.” To demonstrate this, he points to an ISACA report published in 2023 showing that cyber attacks have increased 48% in 2023 compared to 2022. More worryingly, 62% of the organizations that experience these attacks underreport them – an indication that many simply don’t have the talent to truly understand the threat they face.

As a cybersecurity professional, your role is to provide the expertise such companies are sorely lacking.

Thankfully, many business leaders understand that they need this expertise. Tom points out that 59% of leaders say they’re understaffed in the cyber department, leading to a rising demand for people with the following technical skills:

  • Identity and access management
  • Data protection
  • Cloud computing
  • DevSecOps (development, security, and operations)

Furthermore, Tom says that artificial intelligence (AI) is completely transforming the cybersecurity industry. While AI is often beneficial to professionals in the field – it can enhance threat detection and response – it is also a danger. Malicious entities can use AI to conduct a new wave of attacks, such as data poisoning, for which you need to be prepared as a cybersecurity professional.

Tom’s discussion of these emerging trends highlights one of the most critical aspects of a day in the life of a cybersecurity professional – learning is key. There is no such thing as static knowledge because the industry (and the attacks your company may face) constantly evolve.

An Average Day Broken Down

Now that you understand how important staying on top of the ever-changing trends in cybersecurity is for those in the field, it’s possible to break things down a little further. On an average day, you may find yourself working on any, some, or even all of the following tasks.

Developing and Maintaining a Cybersecurity Strategy

Given that such a large number of business leaders are understaffed and have minimal access to appropriate talent, you’ll often be tasked with creating and maintaining a company’s cybersecurity strategy.

This strategy is not as simple as creating a collection of actions to take in the event of an attack.

Tom emphasizes not only the importance of proactivity, but also of integrating a cybersecurity strategy into the wider business strategy. “It becomes part of the mission and vision,” he says. “After all, there are two things that are important to companies – their data and customer trust. If you lose customer trust, you lose your business. If you lose your data, you lose your business.”

As a technically adept professional, you’ll be tasked with building a strategy that grows ever more complex as the threats the company faces become more advanced. New technologies – such as AI and machine learning – will be used against you, with your main task being to ensure the strategy you create can fend off such technologically-empowered attacks.

The Simpler Day-to-Day

Now, let’s move away from the complexities of developing an overarching plan and go into more detail about daily responsibilities. A cybersecurity professional is usually tasked with dealing with the day-to-day maintenance of systems.

It’s all about control.

Tom says that much of the role involves proactively identifying new protective measures. For instance, software patching is key – outdated software has vulnerabilities that a hacker can exploit. You’ll need to stay up to date on the development of patches for the software your company uses and, crucially, implement those patches as soon as they’re available.

Creating regular backups is also part of this day-to-day work. It’s an area that many businesses neglect – perhaps assuming that nothing bad can happen to them – but a backup will be a lifesaver if a hacker compromises your company’s main data stores.

Tending to Your Ecosystem

It’s not simply your own institution that you must maintain as a cybersecurity professional – everyone who interacts with that institution must also be managed. Vendors, external software developers, and any other part of your supply chain need to be as risk-aware as your business. As Tom puts it: “If they don’t care about vulnerabilities in their system, and they work for you as a company, then you’ll have an issue because their risk suddenly becomes your risk.”

As such, managing the cyber security aspect of your company’s relationships with its partners is a vital part of your duties. You may engage in planning with those partners, helping them improve their practices, or cooperate with them to create strategies encompassing your entire supply chain.

Continued Education

Tom goes on to highlight just how important continued education is to the success of a cybersecurity professional. “It’s always interesting. And if you’re really passionate about it, cybersecurity becomes your lifestyle,” he says. “You want to see what’s new. What are the new attack methods, what are your competitors doing, and what is new on the market.”

He points to a simple example – phishing emails.

These emails – which were traditionally laden with spelling errors that made them easier to spot – are becoming increasingly hard to detect thanks to the use of AI. They’re written better. Failure to understand and adapt to that fact could make it harder to educate yourself and the people in your company.

Your average day may also involve educating your colleagues about upcoming threats and new attack methods they need to understand. The phishing example Tom shares applies here. Any email that looks somewhat legitimate is a threat, so continued education of your colleagues is essential to stop that threat from having its intended effect.

An Example of a Typical Project

Given how vast the cybersecurity field is, the range of projects you may work on will vary enormously. However, Tom provides an example of when he worked in the banking industry and saw the rise of the Zeus Botnet.

In this case, his responsibilities were twofold.

First – finding a way to defend against botnet attacks. That involved researching the malware to figure out how it spread, allowing him to put protective measures in place to prevent that spread. The second task involved creating educational programs, both for employees and his bank’s clients, to make them aware of the Zeus Botnet.

Here, we see the education part of the cybersecurity professional’s “average day” coming into play, complementing the more technical aspects of dealing with malware. We even see supply chain risk coming into play – each client is part of the bank’s supply chain, meaning they need to understand how to defend themselves just as much as the bank does.

The Qualifications Needed to Work in Cybersecurity

With a multitude of cybersecurity qualifications available – many covering specific niches – it’s tough to find the appropriate one to make you attractive to an employer. That’s where Tom’s work with OPIT comes in. The master’s degree that he’s developing not only focuses on the technical skills a professional needs but places those skills in a business context.

The upcoming course will offer electives in subjects such as AI, cloud security, and IoT security, granting students flexibility to pursue a specialization within their degree. The overall program is also closely aligned to industry certifications – such as those offered by CISSP – to ensure graduates are as industry-ready as they are academically qualified.

The intention, Tom says, is to fill the skills gap that 3 million businesses say they have in cybersecurity. The program provides the right blend of knowledge between technical and managerial skills, in addition to allowing students to pursue subjects of particular interest to them.

Ultimately, it doesn’t teach absolutely everything that you could learn about the industry. No course can. But it does equip you with key foundational knowledge aligned with industry certifications that make you more employable. That, combined with your continued education and completion of relevant certifications once you’re employed, means you have an enormous opportunity to build a successful cybersecurity career with OPIT.

So, the qualifications needed for the industry start with a relevant degree. They then blossom out. Professionals focus on courses that meet the specific requirements of their roles so that they learn the cybersecurity techniques that are most effective for their needs.

 

Related posts

Agenda Digitale: Generative AI in the Enterprise – A Guide to Conscious and Strategic Use
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Mar 31, 2025 6 min read

Source:


By Zorina Alliata, Professor of Responsible Artificial Intelligence e Digital Business & Innovation at OPIT – Open Institute of Technology

Integrating generative AI into your business means innovating, but also managing risks. Here’s how to choose the right approach to get value

The adoption of generative AI in the enterprise is growing rapidly, bringing innovation to decision-making, creativity and operations. However, to fully exploit its potential, it is essential to define clear objectives and adopt strategies that balance benefits and risks.

Over the course of my career, I have been fortunate to experience firsthand some major technological revolutions – from the internet boom to the “renaissance” of artificial intelligence a decade ago with machine learning.

However, I have never seen such a rapid rate of adoption as the one we are experiencing now, thanks to generative AI. Although this type of AI is not yet perfect and presents significant risks – such as so-called “hallucinations” or the possibility of generating toxic content – ​​it fills a real need, both for people and for companies, generating a concrete impact on communication, creativity and decision-making processes.

Defining the Goals of Generative AI in the Enterprise

When we talk about AI, we must first ask ourselves what problems we really want to solve. As a teacher and consultant, I have always supported the importance of starting from the specific context of a company and its concrete objectives, without inventing solutions that are as “smart” as they are useless.

AI is a formidable tool to support different processes: from decision-making to optimizing operations or developing more accurate predictive analyses. But to have a significant impact on the business, you need to choose carefully which task to entrust it with, making sure that the solution also respects the security and privacy needs of your customers .

Understanding Generative AI to Adopt It Effectively

A widespread risk, in fact, is that of being guided by enthusiasm and deploying sophisticated technology where it is not really needed. For example, designing a system of reviews and recommendations for films requires a certain level of attention and consumer protection, but it is very different from an X-ray reading service to diagnose the presence of a tumor. In the second case, there is a huge ethical and medical risk at stake: it is necessary to adapt the design, control measures and governance of the AI ​​to the sensitivity of the context in which it will be used.

The fact that generative AI is spreading so rapidly is a sign of its potential and, at the same time, a call for caution. This technology manages to amaze anyone who tries it: it drafts documents in a few seconds, summarizes or explains complex concepts, manages the processing of extremely complex data. It turns into a trusted assistant that, on the one hand, saves hours of work and, on the other, fosters creativity with unexpected suggestions or solutions.

Yet, it should not be forgotten that these systems can generate “hallucinated” content (i.e., completely incorrect), or show bias or linguistic toxicity where the starting data is not sufficient or adequately “clean”. Furthermore, working with AI models at scale is not at all trivial: many start-ups and entrepreneurs initially try a successful idea, but struggle to implement it on an infrastructure capable of supporting real workloads, with adequate governance measures and risk management strategies. It is crucial to adopt consolidated best practices, structure competent teams, define a solid operating model and a continuous maintenance plan for the system.

The Role of Generative AI in Supporting Business Decisions

One aspect that I find particularly interesting is the support that AI offers to business decisions. Algorithms can analyze a huge amount of data, simulating multiple scenarios and identifying patterns that are elusive to the human eye. This allows to mitigate biases and distortions – typical of exclusively human decision-making processes – and to predict risks and opportunities with greater objectivity.

At the same time, I believe that human intuition must remain key: data and numerical projections offer a starting point, but context, ethics and sensitivity towards collaborators and society remain elements of human relevance. The right balance between algorithmic analysis and strategic vision is the cornerstone of a responsible adoption of AI.

Industries Where Generative AI Is Transforming Business

As a professor of Responsible Artificial Intelligence and Digital Business & Innovation, I often see how some sectors are adopting AI extremely quickly. Many industries are already transforming rapidly. The financial sector, for example, has always been a pioneer in adopting new technologies: risk analysis, fraud prevention, algorithmic trading, and complex document management are areas where generative AI is proving to be very effective.

Healthcare and life sciences are taking advantage of AI advances in drug discovery, advanced diagnostics, and the analysis of large amounts of clinical data. Sectors such as retail, logistics, and education are also adopting AI to improve their processes and offer more personalized experiences. In light of this, I would say that no industry will be completely excluded from the changes: even “humanistic” professions, such as those related to medical care or psychological counseling, will be able to benefit from it as support, without AI completely replacing the relational and care component.

Integrating Generative AI into the Enterprise: Best Practices and Risk Management

A growing trend is the creation of specialized AI services AI-as-a-Service. These are based on large language models but are tailored to specific functionalities (writing, code checking, multimedia content production, research support, etc.). I personally use various AI-as-a-Service tools every day, deriving benefits from them for both teaching and research. I find this model particularly advantageous for small and medium-sized businesses, which can thus adopt AI solutions without having to invest heavily in infrastructure and specialized talent that are difficult to find.

Of course, adopting AI technologies requires companies to adopt a well-structured risk management strategy, covering key areas such as data protection, fairness and lack of bias in algorithms, transparency towards customers, protection of workers, definition of clear responsibilities regarding automated decisions and, last but not least, attention to environmental impact. Each AI model, especially if trained on huge amounts of data, can require significant energy consumption.

Furthermore, when we talk about generative AI and conversational models , we add concerns about possible inappropriate or harmful responses (so-called “hallucinations”), which must be managed by implementing filters, quality control and continuous monitoring processes. In other words, although AI can have disruptive and positive effects, the ultimate responsibility remains with humans and the companies that use it.

Read the full article below (in Italian):

Read the article
Medium: First cohort of students set to graduate from Open Institute of Technology
OPIT - Open Institute of Technology
OPIT - Open Institute of Technology
Mar 31, 2025 4 min read

Source:

  • Medium, published on March 24th, 2025

By Alexandre Lopez

The first ever cohort will graduate from Open Institute of Technology (OPIT) on 8th March 2025, with 40 students receiving a Master of Science degree in Applied Data Science and AI.

OPIT was launched two years ago by renowned edtech entrepreneur Riccardo Ocleppo and Prof. Francesco Profumo (former minister of education in Italy), who witnessed the growing tech skills gap and wanted to combat it directly through creating a brand-new, accredited academic institution focused on innovative BSc and MSc degrees in the field of Technology.

The higher education institution has grown since its initial launch. Having started with just two degrees on offer — BSc in Modern Computer Science and an MSc in Applied Data Science and Artificial Intelligence — OPIT now offers two bachelor’s and four master’s degrees in a range of areas, such as Computer Science, Digital Business, Artificial Intelligence and Enterprise Cybersecurity.

Students at OPIT can learn from a wide range of professors who combine academic and professional expertise in software engineering, cloud computing, AI, cybersecurity, and much more. The institution operates on a fully remote system, with over 300 students tuning in from 78 countries around the world.

80% of OPIT’s students are already working professionals who are currently employed at top companies across many industries. They are in global tech firms like Accenture, Cisco, and Broadcom and financial companies such as UBS, PwC, Deloitte, and First Bank of Nigeria. Some are leading innovation at Dynatrace and Leonardo, while others focus on sustainability and social impact with Too Good To Go, Caritas, and the Pharo Foundation. From AI and software development to healthcare and international organizations like NATO and the United Nations Mine Action Service (UNMAS), OPIT alumni are making a real difference in the world.

OPIT is working on the development of the expansion of our current academic offerings, new courses, doctoral programs, applied research, and technology transfer initiatives with companies.

Once in the program, students have flexible options to complete their studies faster (by studying during the summer) or extend their studies longer than the standard duration. Every OPIT degree ends with a “capstone project”, providing them with real-life experiences in relevant businesses and industries. Some examples of capstone projects include “AI in Anti-Money Laundering: Leveraging AI to combat financial crime,” or “Predictive Modeling for Climate Disasters: Using AI to anticipate climate-related emergencies.”

The graduation on March 8th marks a pivotal moment for OPIT.

“The success of this first class of graduates marks a significant milestone for OPIT and reinforces our mission: to provide high-quality, globally accessible tech education that meets the ever-evolving demands of the job market,” said Riccardo Ocleppo, founder of OPIT.

“In just two years, we have built a dynamic and highly professional learning environment, attracting students from all over the world and connecting them with leading companies.”

Read the full article below:

Read the article