Sergei Beliachkov, lead of the cybersecurity department’s team at a fintech company, prevented $2M in breaches and now reveals the gap between security theater and real protection.
The European Cybersecurity Agency regularly monitors the global cybercrime agenda, and recently published an alarming report: the number of cyber attacks on cloud infrastructures in Europe has increased by 32% in a year. In the case of the United States, the frequency of cyber attacks in large companies is increasing rapidly: SentinelOne claims that the number of such incidents has increased by almost half in a year, and more than 50% of attacks are directed at cloud infrastructures. So, in June 2025, the American insurance company Aflac was subjected to a cyber incident, which could have compromised the personal data of customers, including social security numbers and medical information of tens of millions of people. Companies worldwide are faced with the question of how to ensure reliable data protection in an environment where digital ecosystems are becoming more distributed and complex.
But in one European fintech company, engaged in IT development, the tide flows the other way. Here, Sergei Beliachkov and his team have repelled attacks. In addition, Sergei has experience working with a complex client case during his career: he expelled an entire foreign APT group that had infiltrated their systems – the cybersecurity equivalent of finding enemy spies in your headquarters and forcibly removing them.
As head of cybersecurity with certifications from ISC2 and ISACA, Beliachkov has built defenses for everything from 2,000-server cloud deployments to virtual CISO services. His track record includes preventing breaches that would have cost over $2 million and conducting more than 80 security audits at Gazprom. But perhaps most importantly, he is seen exactly how and why even “secure” systems fail – and what actually works to stop sophisticated attackers. He shares his experience and says how to fend off the most complex attacks and how to strengthen the systems.
– Sergei, the number of cyber attacks on cloud infrastructures has increased enormously over the past year. How do you assess this trend, or will the number of cyber attacks increase, in your opinion?
– The growth of attacks on cloud infrastructures is natural: businesses are massively transferring processes to the cloud, but the level of security maturity has not kept pace with this. The attack surface has increased, and hackers are taking advantage of it. I think the number of attacks will only grow. But companies are not defenseless: if they build protection from the very beginning, integrate standards, monitoring, and secure development into processes, then risks can be significantly reduced.
– Some experts believe that the weak point of the security system of large companies is people. But sometimes even the most competent specialists do not have time to repel a cyberattack. To what extent is this opinion justified?
– My experience confirms this. During my time at the company Gazprom, I conducted more than 80 audits of information security management and information security control systems in various companies and subsidiaries of Gazprom Group for compliance with the ISO 27000 series of standards, and I saw a lot. Even with technical protection, it was the human factor that became the trigger: from mistakes by administrators to employee negligence. That is why I always implement a comprehensive approach: technical measures plus training and awareness.
– Working for a multinational energy company, which is one of the world leaders in natural gas reserves, production, and transportation, you implemented this awareness training. How do they affect the safety and meaningfulness of the company’s employees, and can we confidently talk about the effectiveness of the training?
– Awareness training is an important part of comprehensive protection. The task is to ensure that employees understand exactly how their actions affect the company’s security and do not become a weak link. In my previous role at another company, I implemented such programs in combination with technical controls: DLP, BrandProtection, and anti-DDoS. This complex allowed the reduction of risks and also to really protect the business: thanks to ongoing awareness programs and control systems, it was possible to identify and prevent leaks of confidential information that could cost the company more than $2 million. The effectiveness of such an approach can be measured: when employees are involved, they notice suspicious situations faster, report them more often, and the probability of a successful attack is reduced. Therefore, I believe that awareness training is not just practical, but critically necessary for any organization.
– In addition to training, in one of your projects, you worked directly with the system itself, deploying a protection system in a cloud region for more than 2,000 servers. How was this seemingly difficult task technically solved?
– The infrastructure had already existed, but no one even thought about security, and it was necessary to design and implement an information security system from scratch for the existing large infrastructure. We started with the architecture based on the defense-in-depth and zero-trust principles: network segment separation, Next Generation Firewall, Web Application Firewall, and anti-DDoS services. At the same time, we implemented an incident monitoring and response system, which allowed us to receive events in real time and quickly localize threats. We relied on national and international standards and also applied the Security Software Development Life Cycle (SSDLC) practices. This means that security controls were already established at the application development stage. As a result, it was possible to reduce the level of risks and to ensure the implementation of the security service agreement without penalties.
– In fact, you have done a large infrastructure project where you deployed a cloud region, configured servers, and ensured stability. What is the uniqueness of this particular development in the fight against cyber attacks?
– When a company transfers more than two thousand servers to the cloud, it actually expands the attack surface tenfold. If you do not build in a protection system from the very beginning, any vulnerable application or misconfigured service becomes an entry point for intruders. Therefore, in one project, we laid down the principles of “secure by design”: segmentation, network filters, attack detection tools, and vulnerability management. For businesses, this meant not only having a cloud but also ensuring that customers and partners could trust the services. In other words, cybersecurity here was not an additional layer, but the foundation on which the entire infrastructure was based.
– One of your projects is creating a virtual CISO service, which also helps combat cyber attacks, but in a slightly different way. What exactly is its technical value for business?
– In fact, this development helps to monitor security. Not every company can afford a full-fledged information security director. A virtual CISO is a service where expert security management is outsourced. We developed the model in 3 months and entered the market, and in 6 months, we had received more than 10 contracts. This helped external IT teams to quickly increase the level of information security maturity without hiring a whole staff of specialists.
– You are not only involved in building security systems and preventing cyber attacks, but also investigating hacker assaults. How is the work structured in the process of calculating the attacker and the problematic areas of the security system?
– As part of an internal investigation, I discovered several fraudulent schemes involving goods at the company’s points of sale using the company’s information systems. There was a case when I coordinated the efforts of several security system providers, cybersecurity service providers, and related enterprises, successfully cleared the client’s infrastructure of the presence of a foreign APT group, restored the infrastructure after a hack, and reduced the cybersecurity risks of clients.
– In order to approach the issue of cybersecurity in such a diverse way and solve global problems, it is necessary to have deep knowledge. As far as it is known, you have CISSP and CCDP certifications and are preparing for CISM, as well as being a member of international associations. What role do these certificates and communities play for you?
– Certifications are not about a “diploma” for me, but about the consistency of knowledge. For example, CISSP forms a strategic vision for cybersecurity, CISM focuses on risk and process management, and CCDP helps in the architecture of networks and solutions. All this helps to make decisions not intuitively, but based on the best world practices. Membership in the associations gives access to an international community of experts. At ISC2, I participate in the development and audit of exam materials, and at ISACA, in information security management working groups. This is not only a professional exchange, but also an opportunity to influence the development of standards, which then determine the work of entire industries. For me, this is a way to stay one step ahead and bring solutions to companies that will be relevant today and in the future. In addition, it gives me invaluable experience in communicating with colleagues. So, I recently joined the jury of the Glonary® Awards for Cybersecurity 2025, where I participated in judging key nominations ranging from “Leader in Cybersecurity” to “Best Zero Trust Platform”, helping to highlight truly innovative and meaningful solutions.
– What do you think awaits the world of cybersecurity in the near future, and how can you convince the management of companies to invest more in creating a secure architecture?
– I always say that cybersecurity is not an expense, but an investment in business sustainability. One successful attack costs more than the entire protection program. In my practice, there have been cases when the introduction of additional protection and awareness programs has prevented leaks worth millions of dollars. It is easier for managers to understand when security is translated into the language of financial indicators: reducing risks, lowering costs, and maintaining customer trust. It is worth thinking about this so that hackers stop hacking into systems and stealing data so massively.
