Opening Keynote: Safety/Security Equilibrium with Sergiy Yakymchuk (Talsec)

The Talsec Mobile App Security Conference in Prague was a two-day, invite-only event on fraud, malware, and API abuse in modern mobile apps, held at Chateau St. Havel on November 3–4, 2025, and hosted by Talsec, freeRASP, and partners. It brought together leading experts and practitioners to strengthen the mobile AppSec community, connect engineers with attackers and defenders, and share practical techniques for high‑stakes sectors like banking, fintech, and e‑government.

In the rapidly evolving landscape of mobile technology, a striking paradox has emerged: while global investment in cybersecurity continues to grow exponentially, the financial losses attributed to cybercrime are rising even faster. This disconnect suggests a fundamental flaw in our current approach to digital protection.

During a recent industry keynote, Sergiy Yakymchuk, co-founder of Talsec, challenged the community to look beyond engineering-driven solutions and address the subjective core of the problem: the human perception of safety.

The Engineering Bias and the Mobile Shift

Historically, cybersecurity expertise has been deeply rooted in infrastructure, network, and perimeter security. However, the last decade has seen a massive migration toward mobile-first applications, often leaving these new environments vulnerable.

Compounding this shift is a persistent "engineering bias"—a tendency for developers to focus on solvable, predictive technical problems rather than the messy, unpredictable reality of human behavior. Despite sophisticated systems, statistics show that the majority of security breaches are still caused by human error.

Security vs. Safety: A Subjective Divide

One of the most critical distinctions raised is the difference between objective security and the subjective feeling of safety.

• Objective Security: The technical, often mathematical, measures taken to protect a system.

• Subjective Safety: An individual's personal perception and feeling of being secure.

Yakymchuk argues that for a security product to provide true value, it must serve as a precondition for this feeling of safety. When a system becomes too restrictive or surveillance-heavy in the name of security, it can lead to "overkill," causing users to abandon the service or find insecure workarounds, such as writing passwords on paper.

The Digital Social Contract

The balance between freedom and security is an age-old concept often defined by a "social contract". In the physical world, citizens may trade certain rights to a government in exchange for protection.

In the digital world, however, this contract is often fragmented and opaque. Users "sign" individual contracts with every service they use, frequently without reading the lengthy terms and conditions. Recent silent updates to terms regarding AI training on platforms like LinkedIn highlight the lack of transparency in how these digital contracts are managed.

Building for a "Safe" Future

For companies like Talsec, the goal is to move beyond being a mere "cost line in a budget" to becoming a "safe choice" for CTOs and developers. Achieving this requires a deeper understanding of what truly provides users with a sense of safety in a world of diverse digital "fortresses"—from the rigid ecosystem of the "iOS Kingdom" to the more varied "Android Union".

Ultimately, the cybersecurity industry must ask: are we solving the right problem? By centering the human experience and the subjective need for safety, developers and architects can begin to bridge the gap between technical resilience and user trust.