Roberto Popolizio
Updated on: January 11, 2025
From free VPNs to popular messaging platforms, some of the most popular tools and habits you trust might actually be putting your data at risk. In this interview series by Safety Detectives, I invite cybersecurity experts to reveal the most dangerous mistakes millions of people still make, and their top tips to avoid them.
My guest today is Trung Nguyen, Founder and CEO of CyStack, a leading cybersecurity firm providing over 600 enterprise firms with bespoke cybersecurity solutions and advanced security tools like vulnerability scanners and platforms for bug bounty programs.
Nguyen explained how most SME companies, especially in developing countries, are struggling to find cybersecurity solutions that are simple and affordable, and how CyStack has found a way to halve expenses and implementation times.
He also shared four tips everyone can apply now to increase data security in the face of threats that are just getting worse.
Is there a particular story that inspired you to get into cybersecurity?
I graduated with a degree in Software Engineering from Hanoi University of Science and Technology, the leading tech university in Vietnam. My journey into cybersecurity started in my second year of college when I joined Vietnam’s largest cybersecurity company – a giant in the field even now. So it’s by chance that I’ve become a cybersecurity researcher and ethical hacker (whitehat). It wasn’t planned, but the deeper I got into the work, the more I realized this wasn’t just a job; it was my calling.
For over a decade, I’ve been uncovering vulnerabilities, solving complex problems, and sharing insights at global and regional conferences. Along the way, I’ve been honored in the Hall of Fame by companies like Microsoft, D-Link, Deloitte, and HP… for contributing to their data security efforts.
Seven years ago, I took the leap and founded CyStack. My vision was clear: to create security solutions that empower businesses and individuals – not with overwhelming complexity, but with practical, effective tools that fit seamlessly into their operations. I wanted to bridge the gap between security and accessibility, ensuring that protection wasn’t just a privilege for the few but a possibility for everyone.
<iframe width=”560″ height=”315″ src=”https://www.youtube.com/embed/3FxQTqs8odk?si=aFymLN-93Ipa2r2F” title=”YouTube video player” frameborder=”0″ allow=”accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share” referrerpolicy=”strict-origin-when-cross-origin” allowfullscreen></iframe>
What problems in cybersecurity were so severe that you set out to create your own solution to solve them?
Many security solutions on the market are powerful but overwhelmingly complex – they are designed for experts and not for the people who actually need them. I’ve seen businesses struggling to implement these solutions effectively, leaving their employees vulnerable. This is especially true for small and medium-sized enterprises (SMEs), which make up more than 95% of the economy in developing countries like Vietnam (and believe it or not, they’re often the main targets of cyberattacks!).
Another challenge is the reactive nature of cybersecurity and data protection in particular. Too often, measures feel like a game of catch-up, addressing threats only after they caused damage.Organizations relying solely on reactive measures tend to be more vulnerable to attacks, as they often miss the early signs of potential threats.
A study by Drata confirms that, as 87% of organizations interviewed have suffered negative consequences because of their 100% reactive approach to security.
Lastly, I noticed a gap in trust. Companies and individuals alike were hesitant to invest in IT security because they didn’t fully understand the value it brought – or worse, they’d been burned by systems that didn’t deliver on their promises.
These challenges drove me to start CyStack. I wanted to build solutions that are accessible, intuitive, and genuinely effective – those that empower people to take control of their security without needing to be experts.
At its core, CyStack is about bringing clarity and confidence to cybersecurity. It’s about making protection a part of progress, not a barrier to it.
What kind of people or organizations are most affected by this issue, and what mistakes or misconceptions get them stuck with it?
Small and medium-sized enterprises (SMEs) are the primary targets of cyberattacks.
Why?
Because attackers know SMEs often lack the resources, expertise, and tools to defend themselves effectively.
Companies operating in sensitive fields like banking, fintech, logistics, and software development are also highly vulnerable. These industries handle critical data – financial transactions, customer records, operational logistics, or proprietary code – that makes them prime targets for data breaches and ransomware attacks. Despite their awareness of the risks, many of these companies still struggle with outdated systems, insufficient budgets for security, or gaps in their threat response strategies.
But this is also caused by one of the biggest misconceptions about cybersecurity: cyberattacks only happen to large corporations or tech giants. Many SMEs and even some companies in sensitive industries believe they’re “too small” or “not important enough” to be targeted.
Unfortunately, this couldn’t be further from the truth. Cybercriminals often see SMEs organizations as easy preys – low-hanging fruit in their hunt for data, money, or access to larger networks.
For individuals, the story is similar. Many think cybersecurity is something only big businesses or tech-savvy people need to worry about. They fall into traps like weak passwords, clicking on phishing emails, ignoring updates, or unknowingly downloading malicious malware – thinking these issues won’t affect them.
Then there’s the issue of cost – Many businesses assume they can’t afford comprehensive cybersecurity, so they do nothing at all. This “all or nothing” mindset is dangerous. The reality is that effective, scalable solutions do exist, but they’re often overshadowed by the noise of more expensive, enterprise-level options.
Cybersecurity may feel like a luxury rather than a necessity, a daunting, expensive, and overly technical field.
In reality, it’s about taking simple, practical steps to safeguard data and systems.
What are the solutions (DIY and competitors) they try before coming to you, and why do you think they are flawed?
The typical DIY approach includes basic measures like using free antivirus software, relying on built-in security tools, or setting up basic firewalls. While these steps are better than nothing, they’re usually insufficient for the sophisticated threats we face today and can create a false sense of security.
People assume they’re protected simply because they’ve taken some action, but in reality, these measures often leave critical vulnerabilities unaddressed. By the time they realize the gaps in their defenses, the damage is already done.
Then there are so many organizations that turn to large, established cybersecurity providers or popular off-the-shelf tools. These can be powerful, but are usually designed with large enterprises in mind, hence they’re expensive, complex, and resource-intensive. Small and medium-sized businesses often find themselves overwhelmed by features they don’t need or can’t manage effectively.
Another common issue is a lack of customization. Many competitors offer one-size-fits-all solutions whereas, for example, a fintech startup or a logistics company has very different security requirements from a retail chain. This leads to inefficiencies and blind spots in their defenses.
DIY users and even those using competitor solutions come to us when they’re tired of patchwork fixes or feeling unsupported. They want something that’s intuitive, effective, and tailored to their needs – not a generic tool or a product that feels like it’s working against them.
How exactly do you solve this problem in a better way? Can you show metrics and examples of the impact you’re making?
At CyStack, we’re tackling a problem that businesses often face: protecting data without overcomplicating or overspending. The challenges are real – limited expertise, stretched budgets, too many disconnected tools – and they can leave companies vulnerable. That’s where we step in.
Our approach is simple but effective: we blend smart security products with professional services, tailored to meet your specific needs. Whether you’re a startup securing your first system or a large enterprise handling sensitive data, our packages are designed for maximum impact and the best return on investment.
The cool thing is that everything is managed inside our CyStack Security Platform, where all services and products are interconnected, and the output is presented as actionable dashboards – not the usual boring, complex reports. This platform is absolutely free to start; you only have to pay for premium modules that you use.
For example, we offer tools like CyStack Endpoint for monitoring and safeguarding devices against unusual activities, or Data Leak Detection to track sensitive information on dark web forums and take immediate action if it’s exposed. On top of that, our managed services include data protection consulting, vulnerability assessments, penetration testing, and even a bug bounty program to tap into the expertise of thousands of ethical hackers.
But it’s not just about having the right tools – it’s about how you use them. That’s why we focus on making our solutions intuitive, cost-effective, and flexible. For instance, our Trust Center provides a central hub for transparency about your security practices, while Locker password and secrets manager makes it effortless to manage passwords and sensitive credentials across teams. Everything we offer is designed to fit seamlessly into your workflows without adding extra stress.
The results speak for themselves:
- We’ve secured over 5,000 digital assets, from websites, applications to servers.
- Prevented and mitigated more than 200,000 security risks.
- Helped businesses cut at least 50% of the time and cost while improving their overall data protection.
More than 600 companies across industries like fintech, e-commerce, and banking rely on us – not just in Vietnam, but globally. And it’s not just about the numbers. Clients consistently tell us they feel more confident and better equipped to handle security because of our straightforward, professional approach.
“CyStack combines deep expertise with a clear understanding of what businesses need. Their solutions are professional, their team is incredibly supportive, and we trust them completely with our security challenges.”
Dmitry Gerasimov, founder and CEO of Cellframe
How do you think this issue will evolve in the near future, and what should people do to get ready?
The truth is, keeping data secure isn’t getting easier – it’s getting harder. With remote work, IoT, and AI expanding the attack surface, cybercriminals are stepping up their game. They’re automating attacks, scaling operations, and finding cracks faster than ever. Add in stricter privacy regulations, and businesses are juggling more than they can handle.
So, how do we prepare?
- Think systems, not tools. Cool tech is great, but if it doesn’t fit into a bigger plan, it’s just noise. Build a strategy where everything – tools, processes, people – works together.
- Expect bad things to happen. Perfection isn’t the goal; resilience is. Focus on threat detection, vulnerability scanning, and strong data policies to minimize damage when things go wrong.
- Trust no one (really!). Zero trust isn’t just a buzzword. Verify everything, limit access, and stop assuming anything is safe just because it’s “inside.”
- Educate your team. Most breaches start with human error. Teach employees how to spot phishing attacks, recognize malware, and handle sensitive information carefully.
The future of cybersecurity can be messy, and threats will keep evolving. The goal isn’t to eliminate risk – it’s to adapt, recover, and learn fast. Resilience wins every time.
Connect with Trung Nguyen, Founder & CEO at CyStack
https://www.linkedin.com/in/trungnh
