Meet Charl van der Walt, Head of our Security Research Center, based out of Cape Town

How did you discover cybersecurity?

I was studying computer science when my father introduced me to Roelof Temmingh, a cybersecurity expert, who soon became a close friend. He talked to me about his job and Nanoteq, the company he was working for. It got me interested. It was the 1990s, the Internet was a thing a few people talked about, but at the time, it was quite clear, to me, that it could become something significant. I was also impressed by the amount of data that it would require to secure.

Can you tell us more about your first job in cybersecurity?

I joined Nanoteq as a lab technician. I was in charge of assembling and testing hardware units. I thought if I did a good job, I could become a database programmer soon after.

Is this what happened?

The company got an exciting opportunity in Malaysia and needed someone to create and present a demo to a potential new client. I was asked to do it. After that, I had the opportunity to do the same demo in Germany. I moved from hardware to a new position that combined hardware, software, and merely explaining complex use-cases.

Soon after that, you became a system architect. What was it like?

At the time, Apartheid ended in South Africa. Due to the sanctions, South African companies were not permitted to buy certain products and technologies, like certain data security products. We had to develop our own. For example, we could not purchase robust encryption systems. It was limited to 64B-bit keys, which is very weak. Digital banking was only just starting to grow in the country. Banks needed more. Also, Nanoteq had strong partnerships with government research organizations. I worked closely with highly skilled people. I learned a lot from them.

Then, you decided to start your own business. Can you tell us more about it?

In 1999, Nanoteq was acquired by a big group that made very disruptive changes. These were uncertain times. We were not sure whether we would be allowed to keep our jobs. It seemed like a good time to try something new. It was the “.com boom.” Businesses were launched all over the place. With Roelof, we created SensePost, a penetration testing company.

What was it like to become entrepreneurs?

We were very new at it, and penetration tests were quite innovative. The customers did not know what it was. We grew the business slowly, and, in 2003, we managed to win a contract with Black Hat USA, to train their attendees. It gave us more visibility and a good reputation. We were learning a lot, having a lot of fun, everyone was a hacker, we were talking about technology all the time. It was a wonderful time.

Then, SecureData acquired SensePost. What was it like?

At first, it was complicated. We got acquired by SecureData SA, but we worked mainly with their UK firm. This firm became independent, and SensePost joined them. This was confusing for everybody, but in the end, it made a positive impact because we managed to develop our penetration testing activity in the UK. My job changed. I was no longer the CEO of SensePost and became a Strategic Director for SecureData. I had been in the penetration testing field for almost 15 years; I was glad to have the opportunity to evolve.

What did your role involve?

Amongst other things, I worked a lot with the SOC and managed detection and response strategy. We also worked to expand the SOC, not only focusing on detection but also vulnerability scanning and security research. We built a new team focused on cybersecurity research. The team members worked from the UK and South Africa. It was a new way of doing things, and it gave us new perspectives.

And now, you work for Orange Cyberdefense.

Orange Cyberdefense already does a lot of research but without a coordinated, global approach. We’re trying to develop this. We keep a close watch on the security landscape to make sure we understand what is changing. We need to have constant visibility about threats, technology, regulation, geopolitics, and any elements that could affect our customers. As we explain these changes to them and how they should respond, we also make sure that we act on these changes ourselves.

What does your daily professional life look like?

A big part of my job is to coordinate all the research conducted inside Orange Cyberdefense and the Orange Group. I interact with my team daily; we discuss new developments, check the progress on our reports. I also spend a lot of time doing research as well, reading papers, attending conferences. Before the lockdown, I also gave speeches and interviews and even just meet up with clients. More and more, I feel that it’s one of the most important aspects of my job: making people understand cybersecurity in a relaxing and straightforward way.

What do you like the most about your job?

I like the fact that, after all these years, it still all feels very new. Our field is at the cross between technology, crime, geopolitics, economics, law. It’s very dynamic. I also love working with smart and passionate people. Any project can be inspiring. And I get to do something I’m good at taking something complicated and simplifying it. It’s rewarding.