A career for women in cybersecurity | Huawei European Talks

BERTA

Hello everyone!

After two very inspiring conversations with incredible women from Portugal and Spain, today I am traveling – unfortunately only digitally – to Croatia, where yet another amazing woman is waiting for us. She is Biljana Cerin, the president of the Cyber Security Association of the Croatian Chamber of Economy. Last year, Biljana was named as one of Europe’s 50 most influential women in cybersecurity.

Biljana it is very good to see you. Welcome to #HuaweiWomenPowerTalks.

BILJANA

Thank you, Berta. Good to see you as well and I’m sorry that you cannot be here in person because this time in Croatia is a really good time.

BERTA

It is indeed. It's a pity you know not to be able to swim in the Adriatic. But I would say that this year is a bit, more, well, strange, maybe of a situation.

BILJANA

I'm optimistic!

BERTA

Yeah, yeah, yeah, yeah, no. But you see, even more reasons to look to the future and to try to prepare our younger generations for the world that is coming, in that sense.

So Biljana, I wanted to talk with you, obviously, about cybersecurity. You know, when thinking about cybersecurity many people just see hackers – right – fighting a virtual war of complex code. However, the cybersecurity world is much more than that – and in reality, it looks much less like a science fiction movie.

One of the reasons, probably, why many girls and women don't even consider a degree in this field, or taking up a cybersecurity-related job is precisely because of these stereotypes that don't exactly reflect an inclusive and egalitarian environment, but rather one of permanent confrontation and – if you allow me to say – continuous shielding against malicious attacks from hackers and sketchy practices.

But Biljana, you have been in the sector for many years. How is it like to work in cybersecurity?

BILJANA

Yeah. I think it really depends on how widely you look at the cybersecurity field, and the field itself is really wide.

Just one concept of cybersecurity is actually dealing with, you know, network security, hacking, penetration, and that kind of job that we see in those typical stereotypes. It's just one of those different forms – jobs – that cybersecurity can take. However, for example, myself, in the beginning of my career, I was focusing on software security mostly and developing software secure authentication mechanisms, cryptography, similar technical aspects of cybersecurity. However, as I gained more and more experience, I thought that the most secure practices come from combining people, processes and technology . And that's when I moved a little bit more towards the organisational aspects of cybersecurity.

My favourite field and the one that I’m specialising in right now is risk assessment, management, governance and compliance. And if you want to work in this field you will see it's really different from what you described in the introduction. So, it's more working with people, less working with the technology. However, in order to be successful in this field you also have to understand and keep in touch with the technology as much as you have to understand and keep in touch with compliance requirements. You know all about the GDPR probably. There are many more compliance requirements coming up on how to deal with cybersecurity and especially, in Europe, we have the new frameworks and new certification mechanisms as well. So, I think everyone can find herself or himself in this great field because it's really wide. Depending on what you really like and what is your real passion, that's where you'll find a place for yourself and that's the job you will do. So I think working in cybersecurity can take many different forms. I really enjoy my job and as I always say it's really difficult to say someone is an expert in such a fast changing field as cybersecurity; because as soon as you learn, something new happens, and you have to learn again. You have to keep learning all the time – your entire life actually. So the more you learn, the more you know about something, the more you know how much you don't know. I mean, you know, a cybersecurity professional I think is one of the nicest job you can actually do.

BERTA

Indeed. Cybersecurity is one of the nicest jobs that you can do. And like I also always say: technology, and thus cybersecurity, is for everyone who wishes to make a difference and to contribute to a better connected world, obviously regardless of whether they are a man or a woman.

Finally, Biljana I know that you are not really a friend of the word “expert”, but I have to ask you this, though, for the sake of further clarity. Could you give some advice to our viewers who might be considering cybersecurity as their professional field? Like, what does one have to do to become a cybersecurity expert? Or, at least a professional on the cybersecurity field?

BILJANA

The first condition is, you have to feel passion for the field. If you feel passion, that's the thing that gives you the ability to learn all the time. You can enter this field anytime. Maybe you are already an accomplished professional in something else and then you see, you know, this is interesting. Maybe you work with people's family in cybersecurity or maybe you are just someone young who wants to start a career in cybersecurity. And the question is always: How to start? This is the question I get the most often. How do I get into the field?

I think it's a good thing to finish a university degree that will open these opportunities to you. Keep an eye on open opportunities. Right now, cybersecurity professionals and experts are really high in demand. However, in order to get to those positions and jobs and values, companies you always find have some entrance requirements, like processing and cybersecurity certification. When you look at those certifications, such as CISSP, SSCP, CISM, all of them, also besides passing the examination, require you to have some experience. So the question is actually how to gain this experience?

I would say the best way is get involved in as many projects as you can during your study or within your company and find yourself a mentor. If you want to be more on the technology side: keep in touch with the technology, follow up different technological developments, companies and solutions, and tools that you will be using. If you want to be more on the people and process side: make sure you understand risk assessment and management compliance requirements, how it's developing, what it means for companies. But connect with people. The most important thing in the field, I think in every field, not just the cybersecurity field, is actually to network with people. Network whenever possible and find yourself a mentor. I think if you ask someone that you think should be a right mentor for you, he will or she will almost always say, ‘yes, sure, I’m happy to mentor you.’ Besides just mentoring, I think really having a client guided mentorship, a goal, something that you have to work on, a specific topic that you want to achieve, is the best way to have a structured mentorship.

So if you want, if you really feel passion for the field, if you want to enter the field, if you want to network with those people, find yourself a mentor and make sure you keep in touch with even technology or the processes, whatever you want to focus your career on, but also make sure it's your passion, because only if you are passionate about something then you can really become successful in what you do.

BERTA

Very interesting Biljana. Thanks a lot for your insights!

I think, to sum up very well, keep in mind that the first thing you need is a passion. And then if you have a passion for cybersecurity, find yourself a good mentor and make sure to start gaining experience as soon as possible.

Well, this is all for today. And to our audience: stay tuned for more #HuaweiWomenPowerTalks episodes, and let's all continue striving for a fairer and more equal world!