Petar Vojinovic
Published on: July 12, 2025
In today’s ever-evolving digital landscape, cybersecurity is more than just a technical concern—it’s a business imperative. Petar Vojinovic from Safety Detectives sat down with Diego González Villachica, Founder and CEO of ŠTÍT CYBERSECURITY, to explore how his company is helping businesses navigate complex cyber threats through tailored strategies, ethical leadership, and a deep commitment to education and national resilience. From launching the CyberEthics Program to supporting Costa Rica’s cybersecurity ecosystem, Diego shares insights into the mission that drives ŠTÍT and what’s next on the horizon.
What inspired the founding of ŠTÍT CYBERSECURITY, and how has your mission evolved since its creation?
Everything started with an idea in early 2018, when I was about to finish my Master Degree in Cybersecurity. At that point of my life, I was trying to learn more about the business world by exploring ideas, market needs and business opportunities. I started to see as well, many security gaps in the companies and also many opportunities to improve their cybersecurity and resilience culture. So, I challenged myself to jump into a totally new life stage, an entrepreneurship project. This was getting better months later when I finally founded ŠTÍT Cybersecurity, a consulting firm with a risk management and directive approach that, with a customer centric business model, still sets us apart in the market. For those who ask what the name “ŠTÍT” means, it is a Czech word that describes the nature of the company: “SHIELD”.
After exploring the market needs and considering our major skills, we decided to offer a tailored strategic cybersecurity plan for each client as our core service, we call it “INSPEKTOR”: an audit process where we measure a company’s security posture and maturity. We identify cyber risks and potential security breaches across the entire business, and we verify the implementation of specific controls across different domains, using systematically defined evaluation criteria. After years of continuous learning, we have become a highly trusted technology partner that provides great value to our clients, for those who either do not have specialized personnel, or simply prefer our expertise in:
- Digital Forensics Analysis
- Cyber Incident Response Assistance
- Security Configurations & Deployments
- Vulnerability Assessments
- Migration of applications and platforms to the cloud (Cloud Computing & Cloud Infrastructure)
- Disaster Recovery Plan (DRP)
Currently, one of the most valuable services, that also represents our DNA, is CISO as a Service, that provides consultancy to clarify inquiries, support deployments and configurations, and also attend important meetings with clients and their third parties, to handle different requirements, such as new developments inspection, new project designs analysis. The idea with this, is to become a great support partner for all of them, by doing what we really love and what we truly know we do excellently.
How do you tailor cybersecurity strategies to meet the unique needs of clients across different industries like healthcare and finance?
The main strategy is always to learn as much as possible of the industry and ecosystem that needs to be secured, and then knowing as much as possible your clients, because we need to translate to them the urgency of securing and deploying technical controls and make significant investments, so, that might be as abstract as tricky to explain. Of course, a solid understanding of global frameworks, standards and regulations such as NIST, ISO 27001, PCI-DSS and HIPAA, among others, is required to implement real protection in all departments within the organization. Nevertheless, the key components will always be the level of integration among the controls and action plans and the risk management approach we could achieve.
Can you share examples of your work with national institutions or social responsibility programs that had a significant impact?
Costa Rica has been aware since many years ago, about the talent shortage in cybersecurity and emergent technologies globally, making a priority goal to develop that workforce as great professionals to fill out those positions, believing on the great potential our costarican people have. Therefore, from 2020, a diverse offering in the academy vertical was deployed with more intensity, allowing hundreds of students to be trained in the cybersecurity universe, getting a good foundation and developing their technical skills. That sounds outstanding and it really has been, but it also puts into the table a serious potential social issue, that makes us think about the real need to reinforce the ethical principles and values of those students.
Based on that vision, in the mid-2022 our company ŠTÍT Cybersecurity and the Universidad Latina de Costa Rica proudly created CyberEthicsProgram, as a Corporate Social Responsibility project. The idea was to have an annual event where students of high schools with technical education could participate. This was possible thanks to the collaboration and support of the Ministry of Public Education (M.E.P.) in order to convoke those students with specialities such as: Cybersecurity, AI, Software Development and IT Support. The event provides a practical workshop about ethical principles and life values focused on daily challenges we usually face as professionals, getting deeper into many documented study cases where our convictions, ideals and values are tested and sometimes put us in jeopardy, so an early and good guidance would be crucial to avoid making a crime, break the law or unconsciously help criminals to do their job. Very happily, we can say now, after three years of running this initiative, we have impacted more than 500 students and teachers across all provinces of Costa Rica. For this 2025, we are expecting to reach 500 more people. More info at https://www.cyberethicsprogram.com/
How does ŠTÍT contribute to Costa Rica’s growing cybersecurity ecosystem through its involvement with CAMTIC and CYBERSEC?
Around 2020, the cyber awareness and culture in Costa Rica, and the Latin America region as well was as incipient as null in many cases, so we started teaching what cybersecurity is about and how the best practices could improve the businesses and organizations. This was one of the first tasks we started building together, as an ecosystem, with other companies, as part of the Cybersecurity Chapter from the Chamber of Information and Communication Technologies (CAMTIC).
Later on, in the mid-2021, with the support of the Ministry of Economy, Industry and Commerce of Costa Rica (MEIC), our company created and launched a national initiative about Cybersecurity Awareness intended for all small and medium-sized businesses (SMBs). That was compounded by three main axes: training awareness, educational digital material and a digital online tool for determining the cybersecurity posture score. That program brought light to many business owners and entrepreneurs, for being more conscious about the current status of their companies in terms of risks and cyber threats. Since then, we have been running this several times, now with the support and collaboration of the Cybersec Cluster, positively affecting hundreds of companies within the entire country. We keep the commitment to take this to many other businesses not only nationally, but in the Latin America region as well.
Definitively, the cyber attacks series faced in 2022 in Costa Rica, were an important trigger to speed up all public and private initiatives on this matter. At that point, our company was part of the cybersecurity national ecosystem, so we had the honor of leading and collaborating with other companies, organizations and the government with many national projects as campaigns for the public and private sector in the social media, podcast and TV episodes, opinion articles in the news, magazines. Also, we were part of international events, with embassies and universities from abroad, to expand the cybersecurity culture and bring light, knowledge and best practices to actors and decision makers in the country.
What are some of the most pressing cybersecurity challenges you see companies facing today, and how does your team address them?
In the last three years, our R&D department has been working closely with our development team to build a digital product that will address some of the challenges we have found our customers always face. Having said this, we are about to launch in the coming months a new SaaS platform with an integrated expert guidance service of Incident Response Management with an additional module for Cybersecurity Audits. This platform will enhance the final results and effectiveness of these cybersecurity processes, that companies strictly require more nowadays.
Now, after many experiences faced, collaborations done, alliances built, projects developed, and fortunately with a better known position as a consulting firm of reference, our company is looking to expand the business to other countries, providing a best-in-class service in Auditing, Cybersecurity Strategic Planning and C-level Consultancy, by harnessing our background, great service quality and our bold skills in idioms like Portuguese, Spanish and English.
Within a business world challenged by a digital transformation process, even faster every day, with new technology and AI tools, having a solid partner in cybersecurity with a business technology mindset means a tangible business differentiator in a very competitive market.
