Cybersecurity Seminars: after training, work in local communities
Crs4 is the Centre for Research, Development and Higher Education in Sardinia, based in Pula (Cagliari), which has joined the Cybersecurity Seminars programme as a “host” organisation. Andrea Cogotti, who works there as a system administrator, chose the Crs4 centre to transfer the knowledge he gained through his new specialisation, working on the implementation of the European NIS2 directive (Network and Information Security 2).
The interdisciplinary research centre, founded in 1990 by the Autonomous Region of Sardinia, has the regional agency Sardegna Ricerche as its sole partner.
Andrea's manager, Antonio Concas, comments on Andrea's career path. The advent of NIS2, the new European directive that strengthens cybersecurity by expanding the sectors subject to security obligations and increasing the responsibility of governing bodies, has led many organisations to seek information and rely on external experts. ‘These have been unusual months for us. We needed to fully understand the scope of application of the new European legislation and the professional skills required. Together with Andrea, we assessed which strategies to implement. Thanks also to the training acquired by our colleague during the Cybersecurity seminars, we identified which paths to pursue.’
The first step was to check whether the specific roles were present within the organisation: ‘We identified the need to appoint a Chief Information Security Officer (CISO) and a cybersecurity architect, both of whom could be found among our colleagues already working in our research centre,’ concludes Concas.
Andrea Cogotti began working on NIS2 well in advance, as early as 2024, when it was transposed by Member States. "Andrea's contribution to the organisation on the subject of security was enriched by his training, which enabled him to review our position and produce a final report on the Centre's situation. Based on the findings, we will not only have to hire professionals to manage this transition to NIS2, but also create the policies to be adopted and finally provide training courses for staff on compliance and best practices, which are important for preventing cyber attacks and data loss."
Passion and digital resilience
Andrea Cogotti approached the Cybersecurity Seminars programme as a senior professional: "I was born in Sardinia and am very attached to my homeland; I never wanted to leave. I have been working in IT since the 1990s and joined Crs4, the Centre for Research, Development and Higher Studies in Pula (Cagliari), in 2017 after a public selection process. I have always worked as a system administrator, implementing complex IT systems." Andrea's workplace is a strong point of reference for the island, an interdisciplinary research centre founded in 1990 by the Autonomous Region of Sardinia, whose sole shareholder is the regional agency Sardegna Ricerche.
Then, in 2019, he made an important decision: to continue his university studies. ‘In 2024, I completed a three-year degree course in “Systems and Network Security” at the Faculty of Computer Science at the University of Milan. Thanks to a hybrid working arrangement, I was able to study remotely, using a learning platform for recorded lessons and taking exams in person.’ The choice of the Milanese university was motivated by the educational offering, in line with Andrea's interest in cybersecurity, a focus that is not available in Cagliari for the three-year course.
"Today, cybersecurity, together with artificial intelligence, are the two macro areas of study that I find most interesting. Personally, I am not oriented towards development or programming; for me, it is more challenging to implement the security posture of complex infrastructures to prevent cyber attacks.‘
However, studying remained an important part of Andrea's life even after graduation, despite the difficulties of juggling all his commitments: ’I continued with the Cybersecurity Seminars programme because it represented a further step forward in the specialisation that interests me. Of course, with a family and a job, it wasn't easy to follow the course. But my passion for these issues drove me to delve deeper and invest part of my free time, and therefore my summer holidays, in studying."
Looking back on the last few months of Cybersecurity Seminars, Andrea was impressed by both the theoretical lessons and the workshop sessions, aimed at a competent and motivated audience of participants: ‘The programme was very well structured, with in-depth content. I particularly appreciated the part focused on data protection (DPO side), which I found very interesting! I found some of the presentations enlightening, such as those by the commissioners of the National Cybersecurity Agency (ACN), because, unlike one-way learning, they provided insights and prompted questions that were never trivial.’
Another important aspect of the course was the final phase, which brought participants into contact with local community organisations, which Andrea carried out at Crs4. ‘It was very interesting to apply the principles I learned in my work environment; there are many areas of application.’ The organisation is subject to NIS, i.e. the obligations of the European Network and Information Security (NIS) Directive (Directive 2016/1148 and now the more recent NIS2), transposed in Italy, which concerns entities that are essential and critical to society or the economy.
‘I analysed the company's security posture,’ Andrea continues, ‘and then provided guidance on a compliance path, putting aside my role as system administrator for a moment. My final paper was particularly appreciated by the organisation because it goes far beyond my ordinary work and was also detailed and analytical,’ he commented. ‘I hope to put this training into practice in my daily work soon!’
The interview was conducted by Onelia Onorati, who is in charge of the press office for the Fondazione Mondo Digitale.
