In this episode, I’m joined by Imran Nino Eškić and Boštjan Kirm from HyperBUNKER, two leaders whose perspective has been shaped by more than 50,000 real-world data loss and ransomware cases. This is not a conversation about theoretical security models or another incremental backup feature. It’s a discussion about what actually survives when production systems, identity layers, and cloud replicas have all been compromised.
For years, infrastructure has been designed around availability, scale, and performance. Recovery was treated as a process that would work when needed. But as attackers have grown more patient and methodical, they now target recovery paths first, quietly mapping environments and neutralising backup systems long before an incident becomes visible to the business. That shift forces a new architectural question for infrastructure leaders. Where is the layer that remains reachable when everything connected has been taken down?
We explore why so many environments that claim to be air-gapped or immutable still rely on credentials, control planes, and automation, and how those dependencies create hidden single points of failure. Imran and Boštjan explain how HyperBUNKER introduces a physically isolated survivability layer into modern infrastructure, using a hardware-enforced, one-way ingestion process and a double air-gap design that removes the network from the vault entirely. No IP address, no inbound ports, and no authentication surface to attack.
This leads to a wider conversation about infrastructure governance, cyber insurance, and regulatory pressure. Insurers are increasingly focused on whether a final, untouchable copy of critical data exists, because the largest financial losses now come from failed recovery rather than the initial breach. That reality is pushing offline recovery out of the basement and into board-level architecture discussions.
We also tackle the practical challenge every organisation faces. If only a small percentage of data can be placed in a fully isolated vault, how do you decide what keeps the business alive? That decision, as we discuss, cannot sit with IT alone. It requires operational and executive alignment around what the company must have to restart after a catastrophic event.
This episode reframes resilience as an infrastructure design principle rather than a security feature. It asks where a survivability layer should sit alongside cloud platforms, backup software, and existing controls, and why the future of Infrastructure as a Service may depend as much on guaranteed recovery as it does on uptime.
If your architecture assumes that recovery will always be there when you need it, this conversation may change how you think about your entire stack.
Useful Links
Learn More about HyperBUNKER
Learn more about the IT Press Tour
[00:00:02] Today's conversation I think will hit a nerve that every enterprise leader needs to confront. Because we'd all love to have safety nets, cloud replicas, immutable storage, air gaps, all the smart defences that we hear about in solutions. But the reality is the threat landscape has changed shape. Attacks have slowed down, grown quieter and even become more strategic.
[00:00:30] And recovery systems, they are now the prize. Compromised before the production environment is even touched. But I recently came across a company called HyperBUNKER. I met the founders at the IT Press Tour in Athens. And their idea was born from 50,000 plus real recovery cases. And unlike traditional backup strategies that rely on policies, software flags and network-based assumptions,
[00:00:58] this system removes the network entirely from the vault. That's right. No IP address, no inbound ports, no credentials to steal. And data simply moves through a hardware-enforced one-way ingestion channel, protected by double air gaps. Air gaps that never open at the same time. A little bit like one of those spaceship airlocks that's protecting its most valuable cargo. We've all seen those movies.
[00:01:28] And my guests today, they've lived in the aftermath of failures in hospitals, automotive suppliers and enterprises that believe they were offline most of the time. Until, of course, they weren't. And their approach isn't theoretical. It's engineered from lessons learned in data recovery labs where the stakes are brutally simple. The data is either saved or it's gone forever. So, what makes this conversation a little different from some of the other things I've talked about on here
[00:01:57] is it's not about promising prevention. It's about guaranteeing survival. Even when everything else has collapsed, offline backups aren't just relevant now. They are becoming the new standard for true resilience. And resilience is a word that we're hearing more and more about. But enough scene setting for me. Let me introduce you to my guests right now. So, a massive warm welcome to the show.
[00:02:26] Can you tell everyone listening a little about who you are and what you do? Hello, Neil. Thank you for an invitation. It's great to be here. I am Imran Nino and here is my colleague Bostian. I am the guy who either brings the data back. We are here to talk about the companies get the critical data back when everything else is gone. I came from the data recovery and data security, not the cyber security theory world.
[00:02:52] For nearly 30 years as an Infolab founder, one of the European leading data recovery firms. My job has been brutally simple. When everything breaks, I am the guy who either brings the data back or tells you it's gone forever. I've led data recovery and incident response teams through 50,000 cases across Europe.
[00:03:18] Raid failures, server crashes, hardware disasters, you name it. From that battlefield, 10 years ago, we face first ransomware attacks. Where classic recovery failed due to encryption. That's when Hyperbunker was born. The offline vault ensuring we never sail unrecoverable again.
[00:03:42] Think of me as the person who learned what actually survives ransomware and engineered around it. That origin story is so important. Those war stories you picked up and how many of us very often will complain about things, but you've got out there and made a difference and tried to solve that problem from that experience. But of course, we both met in Athens as part of the IT press tour. And that means there's not one, but two guests joining us today. Okay.
[00:04:11] So next of all, would you mind telling me a little about who you are and what you do too? Thank you very much, Neil. I'm Bostian Kieram. I come from telecoms and cybersecurity space with 20 years experience working with enterprises organizations. What I have learned over time is that even as security improves, recovery assumptions break more often.
[00:04:36] And that shift is what led me to focus on what still works when everything else fails. And that's the reason I joined Nino on his path with Hyperbunker. I love the story behind this. And as you both said that you built this from the data recovery world. So I've got to ask going back again to the origin story and everything that you're building here.
[00:05:02] What were the moments that convinced you that backups were no longer safe enough to rely on during, let's say, a ransomware event, for example? If an attacker, a ransomware or hacker, take your company, your data have no choice. They attack all data repositories and the standard backups first. Here is the three simple real stories.
[00:05:27] A hospital where attackers sat quietly for six weeks mapped everything, then encrypt 18 months of patients records and their backup repository before touching the production. Second example. Automatic supplier whose immutable cloud backups got reset by a stolen service account.
[00:05:49] Also, another example was watching Ranssler operators develop backup hunting scripts as a service. So from these three examples, we can see that the pattern was clear. Attackers don't hit the production first anymore. They kill your recovery capability first. That's when I realized that traditional backups, even good ones, were now target number one.
[00:06:18] The only option is to make your data invisible and untouchable to the attacker. We need a solution hackers cannot reach. Guarantees restore your data, no matter what. That's exactly why we build the Hyperbunker. Physically isolated double error gap system where attackers simply cannot reach the data ever. And of course, what we're talking about here is offline backups.
[00:06:48] And I'm curious when you're talking to enterprise leaders today, do many of them still believe that they have offline backups? And where does that assumption break down in reality? Again, I suspect you've had a few stories and difficult conversations along the way there. Yeah, definitely. Yeah, definitely. Of course. Most organizations, they believe that they have offline backups. Most of them.
[00:07:10] But when we look at how this offline is implemented in practice, what they call offline is usually just another location, but not really offline. And in case of attack, this is another endpoint. So in reality, backups still depend on identities, automation or control systems.
[00:07:37] So we hear, for example, vendors declarations like we are offline almost all the time. But you know, it's not anymore an option. It's either 100% offline or not offline at all. And I do think that term offline recovery does get used a lot inside enterprises. And rather than leave anyone behind here or leave them carrying on with those assumptions, let's just clear this up once and for all.
[00:08:07] What does it actually mean, especially in hyperbunkers design? And how is that different from some of that traditional backup logic that you hear in these conversations? Most so-called offline backups is a software defined, a flag, a policy, an S3 bucket. Our solution make it brutally simple. It's a physically isolated appliance, cortex arm CPU based with no IP address, no inbound ports.
[00:08:37] Data enters through a physical and optical arrow and never leaves. The volt media is literally not network address. Unlike traditional backup logic, the assumes network isolation can be software enforced, we eliminate that network entirely. Attackers can't delay what they cannot reach, authenticate it or even see it exists.
[00:09:07] Hyperbunker is fully offline, even during the backup and restore. That makes a difference. And I am very fortunate in the fact that I got to meet you both in person and also see Hyperbunker, this black box and even take the lid off and have a look at how it all works underneath. But for people listening, can you walk me through the butlering mechanism and imagine everyone listening to this podcast now is standing in front of the device.
[00:09:34] What happens step by step from ingestion to offline volt and why that order really matters? Perfect analogy. It's a spaceship chamber with a double airlock doors. You are standing in front. So your existing server backup or network carrier storage transfer the data to the ingress transitory module. That's the only part that ever touch the network.
[00:10:02] After that first step, battery rise, network doors slam shut physically and logically. Only then does the internal butler channel be established, moving data to the cold volt, a complete separate path. Those two bridges, external and internal, never open simultaneously like a spaceship airlock.
[00:10:32] Inside the vault, multiple time separated immutable generations. No command API or credential can catch older generations. The sequence matters because it prevents live attacks. No session to hijack, nor remote delay, waiting at the other end.
[00:10:54] For this buttering technology, separate data service system, we fulfill also a complete utility pattern application in the United States, Europe and Croatia. I absolutely love the space airlock analogy there. And I think it's something we can all envision in our minds there. And again, if backups, if we go back to the problem for a moment, if backups are now the first target in attacks, what changes in attacker behavior? Are you seeing that?
[00:11:23] Are you seeing any changes that make offline recovery more relevant than ever today, especially even more important than just a few years ago? Is there a real shift towards or attention towards offline recovery now? Yeah, the biggest change is patience. Weeks of lateral movement and backups discovering. So attacks, we can say that attacks are no longer fast or noisy.
[00:11:51] Attackers spend more time understanding recovery before they apply pressure on the victim. And by the time leadership is involved, recovery is already gone. That's why pure offline recovery is now about survivability, not only performance.
[00:12:18] Especially now what we can see in recent time that more and more artificial intelligence effects are coming. And that's not the bright future. And I think many companies and indeed solutions out there say that they're immutable or air gapped in their descriptions.
[00:12:39] But from your perspective, from what you've seen, heard and the conversations that you've had with customers around the world, what is the weak link in some of the claims that you've seen out there? There's probably a few myths and misconceptions you might want to bust as well. And how did you engineer around it from the moment that you came across this? The weak link is always the control plane and credentials. Immutability flags get bypassed by stolen admin tokens. Air gapped.
[00:13:09] Cloud still uses the same SSO service accounts, automation scripts. So Hyperbunker removes the identity from the equation entirely. No user accounts, no network protocols, reach any possibility to vault media. Ingress is hardware one way. Aggress is separate path entirely. We do not improve login security. We eliminate logging.
[00:13:38] Attackers can't compromise what they doesn't exist to authenticate against. I just want to give a big thank you to my sponsor who is supporting every show, every episode across the Tech Talks network this month. And this month I'm proud to be partnering with Alcor. And anyone who's tried to scale an engineering team across borders, they will know firsthand how messy it can get.
[00:14:03] Because they deal with endless providers, then there's confusing rules to deal with in each and every region, and fees that always seem to surface at the last minute. Now, Alcor, they solve that by acting as a partner rather than just an intermediary. And they focus on tech teams that expand in Eastern Europe and Latin America. And they bring employer of record services together with recruiting.
[00:14:29] So, essentially, they help you pick the right country, source the right engineers, and assess them properly. And then get them active for you and your company within days. And one of the things that stands out for me is the financial transparency. Around 85% of what you pay goes directly to your engineers. Their fee goes down as your team grows. And if you ever wanted to bring your team in-house, you do so with no exit costs.
[00:14:57] That kind of clarity is why Silicon Valley startups, including several unicorns, have chosen Alcor. And you can find out more by simply going to alcor.com slash podcast or follow the link in the show notes below. And something I wanted to highlight today that I know is incredibly important to you is that validation from cyber insurers. So, when cyber insurers validated Hyperbunker, what did they focus on most? Was it the initial compromise?
[00:15:25] Was it the recovery failure or the long-term impact of downtime and why? Tell me more about that. Insurers are very clear. Their largest losses don't come from the breach itself, but from failed recovery. And validations are focused on whether a final copy exists and cannot be reached or disabled. So, you can find us, for example, on Coble Marketplace.
[00:15:55] They are one of the biggest cyber insurers. And what Hyperbunker addresses is that failure mode insurance care about most. When recovery is assumed, but turns out not to exist at the end. And a question I've got to ask on behalf of business leaders and IT leaders listening is how much data to protect and what to protect.
[00:16:21] So, if we've got a business leader listening and they only want to protect 10% of their data in an offline vault, you probably hear this one a lot. But how should founders and IT teams decide what actually belongs in that 10% and what happens if they get that wrong? This is a very good question and we face it almost every day, you know, many times per day sometimes. And the mistake is starting from what do we back up today?
[00:16:49] That's the first mistake because the right question is if everything is lost, what data must survive for the business to breed again? And that usually points to a very small set of truly critical data. Imagine transactional systems, intellectual property, development code, R&D, regulatory requirements.
[00:17:14] So these are the data, they are the most important, the vital data of the company. And if you get it wrong, you can either waste capacity or leave critical business unprotected. And what is important that this is not only IT decision because people usually only think about IT. It requires business and operational leadership.
[00:17:43] We also run recovery driven workshops and we never start with what do you back up today, but what cannot be missing when everything else is gone. And as we look towards the future, what excites you about the future of Hyperbunker and the role that Hyperbunker will play? And where do you go from here? We last spoke, I think it was December for the IT press tour in Athens.
[00:18:09] But as we look at 2026, what you're focusing on, where do you go from here? Tell me about that vision, that roadmap for the future. Offline recovery, moving from a tech basement to a boardroom and regulation. Hyperbunker becomes a standard infrastructure layer like firewalls or UPS today. You do not ask, do I need it? You ask, where does it sit in architecture?
[00:18:39] Today, it is hospitals, critical infrastructure, automotive banks. Tomorrow, cyber insurers prerequisites, compliance mandates, I systems that can't lose history. Our goal is to ensure peaceful sleep for any CISO, CEO or IT security profession.
[00:19:05] After an incident, make data recovery boring because it's guaranteed and predictable. Never again wondering if backup will actually restore. Well, I've absolutely loved chatting with you both today. I would urge everybody listening to check you guys out. But before we ask them to do that, I need to find out some information from you. So people listening, maybe they want to connect with you or your team or look at some videos,
[00:19:34] check out the website, keep up to speed with announcements. Where's the best place to keep up to speed with everything? Always the best place is hyperbunker.com or our social special LinkedIn. It will be our pleasure to respond to any further questions or inquiry from your listeners or to get any kind of additional information. Well, I will add links to everything there, including both of your LinkedIn profiles, because I know you're both active on there.
[00:20:03] And for people listening, I would also ask them, do you still believe you have offline backups? Do you know what 10% you would backup? How are you doing? Has today's conversation raised a few alarm bells or light bulb moments? But yeah, let me know. Tech blog rider outlook.com tech talks network.com. And also please get back to my guests and continue this conversation we started today. But more than anything, big thank you to you both for starting it. Thanks again. Thank you, Neil.
[00:20:34] And thank you for having us on the show and giving enterprise leaders the critical wake up call on ransomware and hacker protection. Your platform is exactly where these conversations need to happen. Thank you very much. Neil, thank you very much. The perfect discussion and it needs to be addressed. Definitely. So for everybody listening, if there is one idea worth carrying forward, I think it's this.
[00:21:02] Attackers have evolved. And your recovery strategy that must be evolving even faster. So if you are currently relying on credentials, shared control planes or network address backup paths, you're essentially relying on systems that can be seen, can be accessed and even disabled remotely. And when that recovery dies, the losses multiply.
[00:21:26] Outages will extend and insurers pay out more and businesses face an even harder path back. So for me, Hyperbunker's promise is refreshingly direct. A physically isolated vault powered by Cortex-armed CPUs that takes in data without ever exposing it to the outside world.
[00:21:48] Creating an additional survivability layer that cannot be executed against, cannot be authenticated into, or even attacked by anything online. Essentially, no stolen service account, no admin token, no automation script, no backup hunting malware can get to this black box. Because there is simply nothing to log into.
[00:22:12] So if you are a CISO founder or IT leader thinking about what actually survives a breach, remember, start small, think deep and define the data that must live on if everything else is lost. As I say that, do you know what that 10% of data is for you that your business cannot live without? And hopefully this discussion today raised a few questions for you,
[00:22:37] or maybe even a few uncomfortable realizations about what offline really means in your organization. And if you're curious about finding out more, reach out to the team at hyperbunker.com or connect with my guests on LinkedIn. All the links and show notes and everything you need will be in the show notes to this episode and also over at techtalksnetwork.com But before I walk off into the sunset, one final question for you all.
[00:23:05] Do you truly know what copy of your data would exist if recovery systems were wiped out before you even knew an attack was underway? That is the important part. I'll leave you listening with that thought. Let me know your thoughts as always. I'll be back again tomorrow with another guest. But thanks for listening as always. Bye.