5 minutes with... Paul Jung

Let’s start with your background. Can you tell us about your journey and how you came to join Thales?

I’ve been working in cybersecurity for 25 years now, starting in the network world before moving into cybersecurity.

Initially, I worked for the European Commission (EC), focusing on perimeter security—tahings like firewalls, Intrusion Detection Systems (IDS) and antivirus software. But over time, after seeing the impact of security incidents, I became more interested in incident response and malware analysis.

About 10 years ago, I had the chance to start an incident response service from scratch at Excellium, a start-up that was later acquired by Thales two and a half years ago. It was an exciting challenge, and now we have a team of 14 full-time experts dedicated to incident response.

Can you tell us more about your role at Thales and how your team contributes to the organisation?

As part of Thales, my team focuses on incident response. We deal with cybersecurity incidents, helping clients investigate and resolve issues like data breaches or advanced persistent threats. We work with a variety of clients across several sectors, including Air Traffic Control (ATC), providing support when things go wrong, and often stepping in at times of crisis. Similar to firefighters (one could say we are digital firefighters) we respond quickly to mitigate the damage, analyse the attack, and restore systems. It is a unique and fast-paced job, with new challenges every day.

What do you enjoy most about your job?

The variety and the challenge. Every incident is different. It is like a police investigation—you never know exactly what you are going to find, and the fact that sometimes attackers know exactly how to cover their tracks adds to the challenge. But there is something satisfying about cracking the case, finding the traces, and supporting clients in their recovery. And it is definitely a job that requires passion, perseverance and dedication to determine the source of the problem. It is high-stakes work, and while it can be stressful, it is rewarding to know you are making a real difference, especially when we are dealing with large-scale incidents - like those affecting critical infrastructure, or for clients who are losing days of work in the aftermath of an attack.

What would you say is the added value that Thales brings to this space? How does being part of a larger company impact your work?

The biggest advantage is scale. When we were a smaller team at Excellium, we had a limited reach, but now as part of Thales, we can support global clients. Thales gives us the capacity to handle incidents at a much larger scale—whether it is remotely or on-site, we can call on experts from all over the world. We also benefit from Thales' extensive network of specialists. For some specific sectors, like the aviation sector where there are multiple moving parts and stringent safety regulations, Thales has the domain-specific expertise we need to help us address the problem more efficiently and effectively. It is something we did not have access to before, and it really enhances our ability to respond effectively.

What are some of the main challenges you encounter, especially in the world of Air Traffic Control?

The challenges in the air traffic control space can be quite distinct. For instance, there is a big difference between IT and OT (Operational Technology) security. In aviation, security is often more focused on keeping things running smoothly, but you might have staff who are not as well-trained in IT security.

Another challenge is that, unlike say the financial sector, aviation is less regulated when it comes to cybersecurity. While that is definitely changing, it still means for now that many companies in this field are less mature in their security practices, which leads to more frequent vulnerabilities. Moreover, the nature of the industry—dealing with very sensitive and high-visibility systems—makes it an attractive target for hackers, especially with geopolitical events like the war in Ukraine, where hacktivists might target the sector with DDoS [Distributed Denial of Service] attacks or worse.

Looking ahead, how do you see the field of incident response and cybersecurity evolving in the future?

As threats continue to evolve, so will the way we respond.

A major change is the increasing use of cloud technologies and the move towards more decentralised systems. This shifts the security landscape, especially because cloud environments do not always provide the same level of forensic data we have relied on in traditional setups. It makes response times trickier and demands more advanced preparation from both clients and us. Additionally, we are seeing more sophisticated attacks, often financially motivated, which means we will need to adapt with new tools and strategies.

Cybersecurity will only become more essential as every sector becomes more connected, and that includes industries like air traffic control, where security gaps could have very serious consequences.