This article was translated using the help of AI
Mostafa (Mosti) Hassanin plays a key role in shaping the group-wide security strategy of SMG Swiss Marketplace Group. Since SMG’s founding in 2021, as Group CISO/CSO, he has been responsible for security, trust, and resilience, thereby driving the advancement of online marketplaces in the area of cybersecurity. Previously, he held leadership positions at TX Markets and Ricardo, bringing experience from the banking and financial sector. In addition to his role at SMG, he is involved as an ICT expert in the Canton of Zug, a lecturer at the Swiss Cyber Institute and the University of St. Gallen, a member of the Cybersecurity Committee of digitalswitzerland, and a board member of AGORA. In 2024, he was honored with the Cybersecurity Excellence Award at the Swiss CISO Awards.
Mosti, what is your personal motivation in the field of cybersecurity?
Early on, I was fascinated by how digital systems work and also how they can be protected. This interest has never left me. Today, I get to professionally dedicate myself to exactly that and thus make a concrete contribution: better protecting people and digital processes. That is meaningful to me and motivates me every day.
SMG has a highly specialized, diverse Group Security, Trust, and Safety Team that also regularly attends international conferences. What sets you apart?
The team combines broad experience from various industries, coupled with different specializations and profound qualifications. This mix helps to solve complex security issues strategically and holistically.
However, our culture is also crucial, as diversity in gender, age, origin, and perspectives broadens our view. At the same time, no one has to know everything. Openness, willingness to learn, and continuous joint development are our core strengths, driven by curiosity and respectful exchange.
Who sets standards in cybersecurity and how does SMG position itself in this regard?
Tech companies like Amazon, Google, or Meta naturally have far more resources and the necessary reach to shape standards. However, influence is not only created by size but also by the clear purpose behind it. Our focus is on making online marketplaces safe and trustworthy for everyone. That’s why we are also involved beyond day-to-day business, for example, as a member of the FIDO Alliance or by sharing knowledge at conferences. Innovation and public engagement increasingly attract attention – and thus, of course, have an impact.
What distinguishes SMG’s security approach from that of other international platform operators?
Our ambition is to become an international benchmark for security in the marketplace environment. The goal is not just to keep up, but to actively shape it: through innovation, new standards, and a consistently secure user experience. Security is not just a « cost factor » but a strategic advantage and an integral part of our mission. Therefore, targeted investments are made in new solutions – combined with collaborations that strengthen the digital ecosystem as a whole and thus society.
From your perspective, what has changed most significantly in the last one to two years – both in the threat landscape and in your security approach?
The rapid development of artificial intelligence was both an accelerator and a challenge. AI improves early detection and responsiveness, but it also lowers the barriers for attackers and makes scalable attacks cheaper and faster.
The response to this was early and consistent: AI-powered security mechanisms are an integral part of the approach – even before AI was widely discussed in the market. A central milestone is the progress in « Trust, Safety, and Resilience, » where a solid foundation has been laid and significantly expanded over the past two years. Today, AI is used, for example, for cross-platform detection of fraud patterns and to protect central processes such as buying, bidding, or communicating in real-time – for instance, in the tutti.ch messenger. At the corporate level, AI supports the structured analysis of security-relevant system events (so-called security events) and accelerates responses. Additionally, clear guidelines exist for responsible AI use and AI-based protection mechanisms against malicious bots and automated threats.
Why is strong internal security awareness crucial for external protection – and how can this be sustainably embedded in the organization?
In my view, a lack of awareness remains one of the biggest challenges in cybersecurity. Even strong technical protection mechanisms fall short if understanding and attention are lacking, especially among individuals who develop or operate systems.
That’s why security awareness is firmly anchored in our internal culture. The focus is on practical, interactive formats such as training and simulations, theme days, AI-powered phishing exercises, and the annual Cybersecurity Month. The goal is for security to become a matter of course in everyday life.
What is the security team currently working on most intensively to withstand future threats?
The current focus is on the further development and scaling of AI-powered protection mechanisms across additional platforms and application scenarios. In parallel, awareness is being further expanded: internally and externally, often in collaboration with partners.
Looking ahead, passwordless, phishing-resistant logins and the consistent introduction of multi-factor authentication are central levers. At the same time, user-friendliness remains crucial: high security standards should go hand in hand with a smooth user experience.
The threat landscape is constantly changing. Long-term resilience therefore requires proactive action, adaptability, and a willingness to understand security as a shared task.
Mostafa (Mosti) Hassanin
Group CISO/CSO
SMG Swiss Marketplace Group