Galink Logo

Solution

Partners

Resources

About

Log in

Try for free

Galink the TPRM solution No. 1

Try

‹ Return to blog

DARE #3 - Eric Kawka - Head of cyber GRC @Eramet

Sep 2, 2025

Sometimes, we meet people who inspire us. Who make us believe that another approach is possible. Who imbue us with their energy. 

“DARE.” is the series for optimists. For those who have the courage and creativity to constantly reinvent our businesses and daily lives.

Dive into the universe, strategy, and methods of those who are changing the game.

Strong personalities for concrete interviews.

In a hurry? Here are the 3 concrete insights from this article:

  • The CISO of tomorrow is a strategist, not a hyper-technical expert: their strength lies in the big picture and the ability to unite expertise.

  • A successful cyber program is driven by the team and pragmatism: adapting transformation to the context and knowing how to handle resistance.

  • AI and automation free up brain time: after solidifying the foundations, focus on simple tools that eliminate repetitive tasks.


The Discussion

Has a decisive moment guided you towards a career in cyber?

Yes and no! (Laughs)

Let me explain. I'm not the type to plan my career for 5 or 10 years. At no point did I think, “Hey, I'm going to work in cyber” or “I'm going to make a career out of it.”

However, there is one principle I have remained faithful to: never stop learning. That's the thread running through my journey.

So I'm always on the lookout for opportunities to explore new topics, confront other professions. And cybersecurity, well... it just happened to come my way.

Interesting! And how did it materialize? 

I am a technician in industrial computing by training. And I started... in the installation of office software! I even led software installation projects for accounting programs in municipalities, to give you an idea. Nothing to do with cybersecurity or my initial training, but it was extremely educational in learning how to manage projects and develop a real sense of interpersonal skills.

After this first experience, I joined the Michelin group to do development and systems administration. You have to put it in context: it was 1997. Back then, we didn't even talk about “cyber” but about “IT security.”

And this “IT security” at Michelin was... a cupboard. The hideout of the old guards, the veterans nearing retirement. A small team of ultra-experienced experts, but closed off like a fortress.

Fortunately, my position in a sensitive subsidiary allowed me to start interacting with them. And I felt a strong desire to join them. HR tried to dissuade me (laughs). “At your age, with your background… we can find you something better.” But my subconscious had already made the decision. It was clear in my mind.

In retrospect, would you have been better off listening to them?

I’ve never made a better decision. (Laughs)

I was coming out of 10 years of pure technical work, and I wanted to shift to something more strategic. A role that would allow me to keep a foot in technology while gaining exposure to governance.

And I fell into a team of incredible experts, who passed on all their knowledge, accumulated over their long careers. They taught me everything about cryptography, among other things.

In hindsight, I believe it was a form of evidence for me. I have always relied on instinct, and this transition seemed inevitable.

At the same time, I saw that things were evolving. Michelin has a true culture of information protection, and I found myself at a crossroads of many strategic topics. Instead of joining an infra or dev service among an army of developers, I took a risk. And I have never regretted it.

When did “IT security” come out of the cupboard to become a hype topic?

It took time... and required a lot of reorganizations!

The environment changed significantly between 2008 and 2012. We moved from closed “on-premise” systems to increasingly open, heterogeneous architectures... thus exposed to new threats.

And then, we started to see incidents in the news. The consequences became concrete, tangible. The most striking example is surely Stuxnet.

We realized that for a company to function, it had to protect its information system. Security was no longer just a matter for tech people in a room. It required going to the field, working hand in hand with the trades, understanding their stakes to secure the entire chain. And that’s what made the job both cross-functional, technical, strategic... and exciting.

Another key moment, in my eyes: the rise of incident response teams. Because we eventually admitted that no governance, no matter how solid, would ever be 100% sufficient. Thus, it was necessary to be capable of reacting.

Today, these teams are considered critical for operations and business. The shift was so profound... that we even invented a new term: Cybersecurity.

Very clear! We can see the evolution. By the way, how do you see the role of CISO transforming in the coming years? 

I believe we have exciting years ahead. Cybersecurity remains a rapidly growing sector. Systems are becoming increasingly present in our lives, technology is evolving at a fast pace, and the geopolitical context adds an additional strategic layer.

All this will inevitably impact the role and skills of the CISO.

Will we need “Swiss Army knives” who are comfortable with all cyber topics? Or managers who primarily rely on a security policy? I don’t have a certainty, but I have an opinion...

The CISO of tomorrow is not a hyper-technical expert. Technologies evolve too quickly. No person, even brilliant, can be an expert in all the fields that need to be covered.

Staying updated, diving into topics: of course, that’s essential. But wanting to master everything risks missing out on the essentials.

Understood! So we would be looking more at CISOs with a macro vision who can effectively manage projects. On that note, what factors do you think determine the success or failure of a cyber program?

More than a “macro” vision, I would say: a comprehensive vision. It is this that allows for building a solid strategy.

The first success factor, in my opinion, is the team. Knowing how to surround yourself with the right people. Those who have the craft, the technical skills, or simply the right mindset.

Next, practicality is crucial. Every company has its DNA, rhythm, and constraints. And this context evolves constantly. Therefore, common sense is essential.

For example, if you launch a program and the majority of stakeholders oppose it, there is a problem. Of course, there will always be a minority of dissenters. That is normal, even healthy. But if resistance is widespread, then it’s time to reflect:

  • What did I miss?

  • What signals did I not see?

  • Is this the right time to launch this transformation?

  • Is my organization ready?

It’s frustrating because you sometimes know exactly where you want to go. But you need to adapt. It’s like on a hike: you know the peak and the splendid view that awaits you at sunrise. But sometimes, the only possible path for your group is the pass between two peaks. And that’s already very good.

Beautiful image! And one last question before moving on to the more “human” topics: if you were to invest 1 million euros tomorrow in a solution or technology, which would it be? 

I would start by solidifying the foundations. Zero Trust, XDR, SOC, vulnerability management... As long as you don’t have a robust base, you will spend your time putting out fires.

Then, on the innovation side, I believe a lot in tools that free up brain time. Automation and AI clearly have their place, especially for repetitive tasks that are no longer meaningful today. We shouldn’t have to sift through SOC II reports using “Ctrl + F” to find keywords, for example...

In this logic, I think you are heading in the right direction with Galink, by accelerating supplier audits through language models. I would also mention Mokn and their “phishback” system that identifies compromised and actively exploited credentials. The concept is disarmingly simple... and thus brilliant.

I have a real weakness for ideas that seem obvious. They are often the most adopted and the ones that quickly capture market share.

100% aligned. Let’s move on to the human side. What character traits have served you the most in your career? 

I believe I have a good ability to bounce back. Like everyone, I go through periods of doubt. I also have those nights when I go to bed with my mind in a whirl, convinced that there is no solution.

But I am fortunate to have a mental capacity that rebounds quickly. I can get stuck on a topic, but I never give up. I always find an angle of attack, a way out. That is perhaps what helps me the most on a daily basis.

And then, I believe that I have a contagious enthusiasm. I love what I do, and I think that shows. It helps me convey my ideas, to persuade. I have a real confidence in my convictions, which often allows me to engage others in my dynamic.

This unifying aspect can turn against you if you’re wrong... but so far, it has mostly served me well.

How do you handle setbacks when they arise? 

Our friends from Gabon have a philosophy that I really like: “An elephant is eaten with a small spoon.” 

In other words: we break the problem down into pieces. That’s exactly what I try to do with my big subjects.

When you transform a mountain into a series of small pebbles, it becomes simpler to mobilize people around you. You progress step by step. And, in general, you end up recruiting other small spoons to help you eat the elephant.

I imagine that is crucial for getting people on board with your topics. By the way, how would you describe your leadership style? 

I aim to provide two essential things: transparency and meaning.

Transparency, because I take the time to explain the topics, the contexts, the constraints... sometimes even my own struggles. Not to complain, of course, but to offer another perspective to my teams, to make them think, to help them grow.

And meaning, because it is the foundation of engagement. I remain very attentive to the human aspect. I’m not particularly keen on mixing professional and personal lives, but I recognize that certain situations create a mental burden that is impossible to ignore. In these cases, simply talking about it often alleviates the pressure, so I try to be present, to open a space for listening.

Do you have mentors or role models? 

As I mentioned at the start of the interview, I place immense value on the team, on what I will learn with them. It’s a principle deeply ingrained in me.

But no, I don’t have a “mentor” in the traditional sense.

I prefer to draw inspiration from every professional I meet, from every situation I experience.

Eric, we are approaching the end of the interview. I have my two last traditional questions for you. The first: what is your greatest professional pride to date? Or conversely, the failure that taught you the most?

It is the same project that answers both questions.

At the time I was with Michelin, the group had launched an intrapreneurship program. All employees could propose an idea, pitch it before a jury, and if selected, bring it to fruition.

I had a fairly developed idea around an eco-driving project, based on an ecosystem of connected objects to reduce drivers' carbon emissions. I passed the first selection phase, but my project was rejected afterward.

That being said, I had spoken with the proponents of another project, MyGoodTrip, and the chemistry was great. They invited me to join them. We fully committed ourselves: evenings, weekends, everything was involved. And ultimately, the project was selected.

It was concrete: the group pulled us out of our respective positions to launch the business.

Everything was ready. The team was united, motivated. But at the very last minute, just before the launch, the Executive Committee halted the initiative. Without explanation. Most likely because our offer was competing with another project in development in another entity.

This remains a tremendous source of pride because we had gone very far. And a very formative failure, because it taught me to bounce back, to accept that certain decisions are beyond your control, even when you do everything right.

I can imagine the frustration. And to conclude: a piece of advice you would give to your “You” from 10 years ago? 

It may seem contradictory, but I would say two things:

  • Learn to temper your enthusiasm and listen better.

  • Listen to yourself more. Trust your instincts.

It’s this balance between eagerness and clarity that takes you far.

DARE #2 - Mayeul Berger - Head of IT & Security @CybelAngel>