Besnik Limaj, Founder and CEO of Logic PLUS and Team Leader of the EU Funded Transregional Project "Enhancing Cyber Security"
The following set of questions document the expertise of organisations who are actively engaged in the various forms of cybersecurity capacity building. The experiences and lessons learned from these forerunners shall help the broader cybersecurity community to gain a better understanding of cyber capacity building.
Mr. Besnik Limaj, Founder and CEO of Logic PLUS and Team Leader of the EU Funded Transregional Project "Enhancing Cyber Security" has agreed to share some specifics about his work and how these experiences have impacted operations.
Were you engaged in building the capacity of your own organisation to deal with cybersecurity, or were you involved in capacity building efforts on behalf of a third party?
I was engaged both ways, either for my own company Logic Plus or throughout the EU Funded transregional Project "Enhancing Cyber Security" for the three partner (beneficiary) Countries: FYROM, Kosovo and Moldova.
Which particular area of cybersecurity capacity were you particularly focused on improving?
I am mainly focused in improving capacities of our Project beneficiary Countries in the three following areas:
- Capacity building for development of the National Cyber Security Strategy for the three Countries
- Capacity building for the National CERTs (Computer Emergency Response Teams)
- Capacity building in CIIP (Critical Information Infrastructure Protection)
What are the particular actions your organisation took to increase its capacity to deal with this cybersecurity problem?
Actions are various, beginning from the awareness raising and ending up with various trainings related to the Cyber Security Field.
What effects did you hope to achieve in taking these particular actions? Are there any particular objectives, goals or priorities that were the intended outputs?
When it comes to the EU Funded Transregional Project "Enhancing Cyber Security" where I am a Team Leader, effects that we're hoping to achieve are development of the National Cyber Security Strategy for the three beneficiary countries, Creation of National CERTs and enhancement of their capacities, awareness raising and also establishment of the PPP for CIIP.
What particular aspects of the project enabled your success? What worked well?
The easiest part is the CERTs as we're dealing with the technical people and they are more easier to manage and organise. The hardest part is when we have to develop a national Cyber Security Strategy, in particular when we need to establish stakeholder working groups within countries. Each Ministry or Agency has the tendency to present them as the most important and as a leader for the Strategy, and there is lack of communication between them.
Where there specific barriers that inhibited progress toward achieving the desired ends?
In specific Countries, barriers are within the Civil Servants that are not willing to cooperate. They are more willing to travel abroad for various training schemes but no follow-up when in the country itself.
Having gained this experience is there anything that you would do differently in the future in similar capacity building activities?
Set up deadlines within the political level, otherwise you will face various obstructions by the civil servants in various ministries that are not willing to cooperate or move things forward.
Were there any unexpected results that emerged from your capacity building efforts?
Did attempting to increase capacity in this particular area have any unexpected consequences for other aspects of capacity or business processes?
How did you evaluate success or performance of your capacity building?
We have very tangible and measurable indicators for it. For development of the National Cyber Security Strategy we're using ENISA Guidelines, for CERT capacity building we're using ENISA guidelines and also Terena TRANSITS schemes.