Women are still heavily underrepresented in cybersecurity. Three female IT security experts discuss their daily work and what they love about their profession.
According to a study, women represent 25 percent of the IT security workforce. This is not enough to counter the impending shortage of skilled workers and the increasingly complex security threats with the necessary diversity. But how do you become an IT security expert? Darja-Anna Yurovsky, Barbara Flaad and Katja Dörlemann work in the SWITCH Computer Emergency Response Team (SWITCH-CERT) and are experts in incident response and IT security awareness. They tell us how they came to work in IT security and what keeps them there.
Darja: Originally, I studied political science and specialised in international relations. I speak several foreign languages, so it seemed an obvious choice. However, after serving in the military, I found that working in IT appealed to me even more. When I returned to university, I became interested in data analysis, statistics and the fascinating insights that can be gained from them. After finishing my studies, I joined the police as a data analyst and progressed to the role of IT investigator. Now I’m an incident responder at SWITCH and I’m also doing a second degree in digital forensics on the side.
Katja: My journey was not really planned either. The Horst Görtz Institute at the Ruhr University in Bochum was looking for students with communications skills for a project on IT security awareness. The topic immediately excited me! IT security awareness means building bridges between two worlds – acting as translator, mediator and trainer in equal measure. Just like in literary studies, it’s all about communication, interpretation and translation. I had to learn a lot of new things, and still do, but from then on the subject never let me go and that’s how I ended up at SWITCH after a few years as a consultant.
Barbara: After studying computer science, I worked as a team leader in the IT department of a university of applied sciences. When the role of IT security officer came up in 2012, I was selected for the position. I was able to deepen my knowledge of this specialist area in a number of advanced training courses and quickly discovered the exciting and varied tasks that still fascinate me today.
Barbara: I am a project manager and awareness specialist. I mainly work with the community and with matters relating to the registry and internet security. This involves a wide variety of activities: from developing websites to organising events and supporting the implementation of technical security measures.
Katja: Although Barbara and I both work as awareness specialists, our responsibilities are actually quite different. I focus on community work with Swiss universities, our game design approach and our involvement in national initiatives to raise awareness among the Swiss public, such as iBarry. There are many different areas and approaches within IT security awareness, which in turn require a variety of different skills.
Darja: At SWITCH-CERT, I work as an incident responder and manage relationships with a variety of authorities on the subject of IT security. My tasks are varied. I am often able to use all my previous knowledge, even if it was not intended for this field, in a surprising way. In the case of a ransomware attack, the task is to resolve the incident on behalf of and in collaboration with our customers. This requires a lot of technical expertise, good coordination with all parties involved and, occasionally, crisis management. However, a large part of our work begins before the actual incident. By exchanging information with our communities, we always stay well informed and prepared so that we can react quickly to potential new forms of attack.
Katja: What excites me most is the variety in my work. I work in two worlds: the IT-driven world of IT security and the colourful world of communication. I enjoy the creative work that goes into concrete IT security awareness measures, but I also love discussing ideas with experts and exploring new findings from research. What also drives me is the fact that I am making an important contribution to society.
Darja: What makes incident response so exciting is the push and pull between technical expertise and the necessary soft skills. In addition to technology that is constantly evolving, the incident response process always involves people who react to stressful situations in their own way. This interplay between technology and people is a continuous learning process that makes my job very exciting.
Barbara: Yes, the interplay between people and machines is very interesting. I try to bring users and technology closer together. Explaining complex technical contexts in simple terms, pointing out dangers and risks without scaring people, or, in short, pointing out possibilities and ensuring that internet users are informed – that’s what makes everyday work exciting!
Darja: The human factor is playing an increasingly important role in IT security processes. IT security can no longer be thought of only in technological terms, but instead needs to be approached holistically. After all, all the technical security measures in the world are of little use if users choose passwords like ‘12345’ to protect their data.
Katja: That’s where IT security awareness comes into play. The biggest challenge in this respect is to keep up with the advance of digitalisation. Securing one’s own data is becoming increasingly complex – longer and longer passwords, multi-factor authentication, incomprehensible general terms and conditions, detecting phishing emails, etc. We need more education and information in the future.
Barbara: It is a huge challenge to reach all users, especially those who are not aware of their own sensitive data or who simply have no interest in IT. We all use the internet every day and generate data, but not all of us are aware of the risks and protective measures.
Barbara: The threats are constantly changing and, as a result, the defence mechanisms and recommendations are too. The work is never boring and requires constant learning. Our line of work rarely becomes monotonous.
Darja: I mostly work with people who have to develop solutions on the fly in difficult situations because the latest threats have only just become known. In my experience, this environment has a strong error culture, and a lot of tolerance and innovation – which allows me to grow continuously as an expert and as a person.
Katja: I completely agree with Barbara and Darja.