Paul Konikowski

Security Engineer, Technology Consultant

About Paul Konikowski

► WHAT I DO:
Results-driven professional with 30+ years of extensive experience in Audio Visual (AV), Information Technology (IT), and Cybersecurity. Proficient in leading cross-functional teams, implementing robust security measures, and optimizing technology infrastructure. Adept at leveraging advanced certifications, including a Master’s Degree from Georgia Tech and completion of cybersecurity courses at Harvard University, to drive organizational success. Committed to staying at the forefront of industry trends and technologies.

► MY LEADERSHIP STYLE:
• Manages issues and solutions with poise and confidence.
• Leads and demonstrates the ability to gain support at all levels of the organization.
• Maintains a strong sense of urgency to get things done thoroughly, not quickly, and delegates responsibility to others in a personable way.
• Plans for the big picture while adapting to shifting gears to achieve goals, using strong foresight and organizational skills.

►WHAT SETS ME APART FROM THE REST:
• Over 30 years of paid experience
• Cybersecurity engineer / architect with broad and in-depth technical, analytical, and conceptual skills
• Proven track record of effectively communicating with business leadership and other vendors
• Strong interpersonal and collaborative skills to drive security messages to teams
• Extensive knowledge of subcontracting, construction projects, labor estimates, privacy, control system protocols, and integrated audiovisual systems

▶ RELEVANT EXPERIENCE:
🔹 Cybersecurity:
• Developed and executed cybersecurity strategies to safeguard critical systems and mitigate potential threats.
• Conducted vulnerability assessments and advanced hunting techniques to identify and address security vulnerabilities.
• Collaborated with cross-functional teams to ensure compliance with industry regulations and best practices.
🔹 AV and IT:
• Successfully managed and supported AV and IT operations, overseeing the implementation and maintenance of technology solutions in military facilities, and audio visual integrators nationwide.
• Led the design and deployment of integrated AV systems, enhancing collaboration and communication across the organization.
• Implemented cybersecurity protocols to protect sensitive data and mitigate security risks.

#GeorgiaTech #RiskManagement #SecOps #SecurityOperationsCenter #CloudSecurity #SecurityAuditing #Cybersecurity #Confidentiality #Integrity #Availability #IncidentResponse #InfoSec #NetworkSecurity #DataPrivacy #ThreatIntelligence #PenTesting #PenetrationTesting #Harvard #HarvardU #HarvardUniversity

Company Type

AV/IT Integration

Department

IT

Language

English

Influencer Of

Recent Comments

Feb 22, 2024

good point about NIST 2.0 coming

Nov 26, 2023

Thank you for cross-posting this @Iulia Popescu look for a follow-up article soon 

Sep 12, 2023

Whenever possible, use two-factor or multi-factor authentication.  If this is not possible in the video conference software, it can be implemented on the devices or network logins. 

Nov 11, 2022
Replying to Aaron Weiler

This brought up a super interesting point that I had never thought of before which is this: 

  • Join conferencing sessions, including video conferencing, discreetly and anonymously

Now, the concept here is pretty easy to grasp but I think it can be overlooked. What I mean is; most of the time IT security focused individuals are focused on preventing  bad actors from entering the network and gathering traditional data. From my experience there has been a focus on what you could call a "live listen" or "live view" almost like looking through a peephole to gather real-time data. What I find even MORE interesting is what you could gain from doing this. As in, often times folks are what I would call "disarmed" in those situations. For instance, you are more likely to share and say things that you wouldn't normally do if you knew those communications were being recorded and stored (which I would assume they are normally not always). So, the information you could gather and record on your own as a bad actor would pay off BIG TIME. I'm curious if anyone has ever had a breach of this nature because that would be a super interesting case study. 

Great discussion, @Jamie Horner and @Aaron Weiler. I am little late to the party, but I brought refreshments.

We all know that network security is only one part of cybersecurity. The other parts include the hardware that lives on the network, the firmware/software that runs on the hardware, the dependent packages that make up the software, not to mention mobile devices like cell phones, and your vehicle or headset if you are tethering your phone via Bluetooth. Plus all the humans involved! AV always starts and ends with humans.  If you forget to mute your microphone before you say something confidential, is that the network admin's fault? No, but it may be a breach of security, privacy and/or compliance.

Security, privacy, and compliance need to be part of everyone's job.  The biggest problem in AV Land is everyone is focused on getting things working so they can sell and install them faster.  A product or protocol that gives little headache is considered favorable. Ever heard the terms, "plug and play" or "plug and pray"?  News flash: God is not going to configure your device to be secure on the network!

I never forget the first time an AV sales rep showed me how easy it was to pull up the unprotected webpage of the DSP device he was pitching; how I could listen to any stream locally on my computer, with no password needed. That was a "feature" he was touting, but in my eyes, it was a clear vulnerability.  Add in the fact that there was no record or log of who was using the product's website or when they were listening...

So, in this case, is it this the rep's fault for showcasing this feature/vuln?  Is it the product manufacturer's responsibility to NOT include those features?  Is it the AV consultant or integrator's job to only choose safe and secure products?  Is it up to the client to verify?  Or do we keep doing what most AV integrators keep doing and put it all on the network security folks? 

The answer is all of the above.  Cybersecurity is everyone's responsibility, end to end. 

Nov 03, 2022

I really appreciate this article, especially the reminder about SQL injection attacks in web forms. If readers are creating custom webpages that require logins for intranet or dealer access, often known as "dealer portals" in the AV industry, be sure to check your inputs!  Don't assume your user is going to type only their username and password, they may be typing a malicious SQL command along with it! 

Oct 27, 2022

Really glad to see security in schools being discussed, let's keep it going!

Oct 25, 2022

I have been recently posing this question to industry contacts: how can we take all the AV knowledge we have acquired in the real world, and then sell those same professional services in the metaverse? For instance, if you are a home theater expert, you could apply that knowledge to virtual home theaters. If you are a stage manager, you can manage live events online. Some of this is already happening, with folks like Joey at DNA hiring virtual engineers, or live folks mixing zoom rooms just like they used to mix camera feeds. So how do we approach higher level topics like sound masking, acoustics, and event lighting in the virtual world like we have been doing for years in the real world? 

Oct 11, 2022

One of the most recent attack techniques involves MFA fatigue, which is when a bad actor gains access to your email and login and then pushes MFA to your phone until you click "Approve".