Every month we ask one individual in our network a few questions about their way into tech, their motivation and their lessons learned.
Let’s start from the beginning. Tell us about where you’re from!
I grew up in Germany, in a region called “Ruhrgebiet”. The region used to be famous for coal mining, steel and football – while football still plays a very important role in society today, the main economic sectors have changed a lot. Today, it is the universities and non-productive industries that drive the region’s economy.
But change takes time. So the region is still torn between the spirit of the working class and the new technology and science driven influences.
What valuable advice did you get from your parents?
My parents never really understood what I did – neither while I was studying comparative literature nor when I started working in IT. However, they always supported me. My father used to say, “Just make sure it makes you happy.” That may sound trivial, but for me it was and still is good advice.
How did you become interested in tech?
Technology, physics and mathematics have always fascinated me because they are so clear and in order and when you put the pieces together, everything just makes perfect sense. On the other hand, I love delving into the interwoven structures of great literature, where every piece you try to understand opens up another entire world of meaning. So, I started studying comparative literature and (computer) linguistics.
Security Awareness unifies both aspects: the tech driven world of IT security and the colorful world of communications. My work basically consists of supporting IT users understand IT security speak. So, I am acting as translator, mediator and trainer in equal measure.
“The biggest risk to cyber security is the user”. Is that really true or is it more complicated than that?
Yes, it is definetly more complicated than that. Cyberattacks target the user more and more – most of the time a phishing mail or weak password is the entry point for the criminals. That’s obviously a problem. But the security community failed and is still failing at addressing this issue sufficiently.
The user is a very important part of security processes, but is neither included nor really taken care of. First and foremost: Security procedures are still very inconvenient and hardly never designed with usability in mind. Secondly: Security Awareness, the field of work that is supposed to deal with the human factor, is still enormously understaffed. Studies say, that most professionals who are responsible for security awareness are able to dedicate 10-20% of their time to the topic. That is not nearly enough.
So awareness seems to be a big problem. What kind of skills do you need to work in the Cyber Awareness field?
In order to raise awareness for cybersecurity you need basic knowledge of security technology, processes and procedures. That’s one part. But even more important are communication skills. Raising awareness means making a topic interesting, getting people to care and that aspect makes skills in campaigning, marketing, writing, psychology, behavioral science, etc. quite useful.
What aspects of your work are you proudest of?
There is a growing knowledge between technology and end users. In the light of the current developments around digitization, it is most crucial that the end users’ needs do not get lost in the process.
Obviously, having our data and personal information digitalized has a lot of advantages. But most of us already can barely comprehend what’s happening with all our data and personal information spread across different platforms online and offline. I’m trying to make people aware of the risks and show them how to handle their information in a self-determined and secure way. In my point of view, this is how I contribute to a more secure digital world.
What drives you at work?
The digitization with all its facets is still developing fast. It touches almost every aspect of our society while changing how we interact, meet, work, pay, shop, etc. Being (even just a small) part of this process motivates me every day.
What has been your toughest challenge you faced while working in tech?
I would have to say justifying my job. Although the human factor is widely considered to be one of the most important factors to enhance security, it is still very hard to get the necessary resources to educate people and reduce its risk. It is a complex problem, as security itself already has a resource problem, so Security Awareness as a subtopic is even more affected by it.
On the one hand, this has to do with the well known shortage of skilled labour, but it is also a problem of missing management awareness. For security, it can be hard to convince the management to provide more resources if they lack the necessary security expertise. And it can be hard to convince security responsibles who usually neither have time nor communication expertise that changing people’s behavior takes time and a lot of (non-technical) work.
Do you have a favorite book or podcast?
Of course I do! There is a book that has impressed and excited the literary scholar and the security awareness specialist in me in equal measure: GRM. Brainfuck by Sybille Berg. I hope the English translation will be out soon. The author paints a frightening and at the same time exciting picture of the near future of our digitalized world, using a narrative technique that at first takes some getting used to, but after a while perfectly depicts the complex process of digitalization in our society. Everything can be one thing or another, can change with the last word, is interwoven with everything. I can only recommend it!
What advice would you give other women in tech?
First, especially if you are just moving into the technical field, you need to adapt to the new environment. Keep an open mind, observe and collaborate. Sometimes you may have to change how you approach a project or task and compromise – you need to be flexible. Second, this field of work is constantly changing. Follow the latest developments and stay up to date – keep your curiousity throughout. Third, in cybersecurity, the environment changes even faster, while resources are often scarce. Achieving sustainable results requires enduring engagement – stay persistent.
And last but not least: Just make sure it makes you happy.