"The place to be. CERN." Meet Stefan, Head of computer security at CERN

Hi Stefan, tell us about yourself and what journey brought you to CERN?

 

Being a geek since infant times, I had a fable for computers & technical stuff. Naturally, I was good in maths, physics and chemistry in school. As my home town, Hamburg, was running accelerators at DESY, I got immersed in particle physics, read lots of science books on those subjects like “First 3 Minutes” (Weinberg), the “Short History of Time” (Hawking) and many others. Hence I studies physics in Hamburg and graduated in particle physics, guess where, at DESY. The polytechnic in Zurich (ETH Zurich) offered me the chance to do a PhD split between hardware design and B-physics which I gratefully accepted. After that I had to choose: becoming a consultant in the business world or pursuing an academic career and my only application, my application to the holy grail of particle physics at CERN, got accepted. The place to be. CERN. Which I happily joined in 2002.

 

Initially, based on my hardware design knowledge and my experience is running particle physics experiments, I was assigned to develop a safety system for the then-new experiments attached to CERN’s Large Hadron collider. As for brakes or airbags, you can mathematically calculate the reliability of such a safety system which I did. But control & safety systems come also with Windows PCs and Ethernet ports which make them “hackable” and rendered my calculation useless. So, I have been offered to investigate deeper the field of “control system cyber-security” and over the time I became expert --- and inherited later on the role of CERN’s Computer Security Officer mandated to handle all aspects of cyber-security at CERN.

 

Computer security at CERN… can you tell us more?

 

For CERN, a breach in “computer security” is an operational and reputational risk. A risk which I am mandated to control, reduce and mitigate. For me personally, “computer security” is plain fun. I have a great team of professionals with a wide range of expertise and with who I tackle my mandate again and over again. You never know what tomorrow brings. Of course there are long-term projects, but cyber-attacks to not announce them before the feat! And every day, I can delve in any aspect of CERN’s operation. I am in touch with many different corners of CERN: the accelerator sector and experiments, and all the bright minds making them run; the IT department and the nerds & geeks wielding computing power; colleagues in the administrative sector, legal advisors, site security, … And I can establish and deepen my ties with many stakeholders outside CERN: other institutes, companies, law enforcement agencies, governments --- all joint in the effort making this planet a more cyber-secure place.

 

And securing CERN is challenging. It is an open environment subject to academic freedom. Physicists, engineers & technicians are used to apply full creativity and pragmatism! Sticks usually don’t help and I am proud that my team managed to become respected and valued for what we do. I see us as “enablers & facilitators”. People contact us for computer security training, learning how to do penetration testing, ask us how to improve the security posture of their computing systems. It was a huge challenge to get us maneuverer in this position and we have to earn our merits again and over again. But that adds also to the fun of my job.

 

What does working at CERN mean for you?

 

When I was young, CERN was for me the holy grail of particle physics. Today, it is my dream coming true. I came as a physicist, worked as an engineer, and now provide advice in IT matters and run a computer security team. I am working at one of the great centres of research where advancing technology and knowledge prevails --- largely immune (but not ignorant) to messy external politics and prejudice. An organization were feats and facts count and not who you pretend to be or which nationality or gender you have (and we work hard to keep it like that!). For me, it is rewarding and an honour being a part of this particle physics endeavour: CERN!

 

Any advice you’d give to potential applicants?

 

Open your mind. Be yourself. Show us what you are interested in. While having excellent grades is a good start, I am usually looking for interesting extra-curriculum activities: you are running a web server for your football club, you manage the email system for your student association, you program LEGO MindStorms robots in the evenings, or compete in “Capture-the-flag” security events during the night? This is what I think is the “true yourself” --- and this is what will bring you motivation on a job at CERN and an excellent contribution to advancing science made by CERN.