Anett Mádi-Nátor, a speaker at Cybertech Europe 2023, is the President of the Women4Cyber Initiative and Foundation launched by European Cyber Security Organization and the European Commission to improve gender diversity in cybersecurity in Europe. She is also vice-president, responsible for strategic business development, at Cyber Services, a niche cybersecurity service provider based in Budapest, Hungary. She has more than a decade of experience in strategic and administrative functions in information security and cyber defense both in the private and public sectors.
A specialist in cybersecurity of critical infrastructure, Mádi-Nátor previously served as Lead to NATO’s Cyber Defense Capability Team, Core Planner of NATO’s Cyber Coalition exercises and lead planner of the collaborative cyber defense exercises of the Central European Cyber Security Platform. She recently spoke to The Innovator about why establishing strong cybersecurity requires diversity.
Q: Can you tell us about Women4Cyber?
AMN: The European Cybersecurity Organization was created in 2016. A short time later, just before COVID, a few of us started pushing for diversity in the sector. Women4Cyber focuses on gender neutrality, inclusiveness, supporting diversity and democratic values that in the longer term help all kinds of people gain success in professional fields. The idea was to create a structure that would support talent regardless of where the talent comes from and increase innovation in the sector. Women4Cyber’s role is to identify and link the community, develop, and grow the community, and to shape, local, national, EU policy and actions. The organization now have 23 national chapters, covering 80% of the European Continent and the British Isles. Ireland is about to join. We are preparing a chapter in Ukraine; currently as a virtual chapter and we are preparing one overseas chapter in Latin America. The goal is to expand further in the next couple of years. We are very ambitious and are not limiting our activities to Europe.
Q: There is a huge shortage of cybersecurity talent. The International Information System Security Certification Consortium (ISC2) the world’s largest association of cyber professionals, estimates that the cyber security workforce in 2022 numbered around 4.7 million people globally, but a further 3.4 million roles remain unfulfilled. Women can help fill that gap. Is it a good idea for companies to broaden their ideas about the profiles and skill sets of the people they are recruiting for cybersecurity roles?
AMN: There is not an archetype of a perfect candidate. There is a need for technical people who work in security information centers and watch monitors all day long and work with automated software. On a tactical level the people who deal with security architectures are very much STEM people. They have a certain way of thinking and usually they are precise and are very valuable in their positions, but their communications skills are limited. They do not utter more than one or two sentences per day. They are brilliant at their jobs and are very valuable in their roles but need to be reminded to eat lunch because they are mentally so devoted, they simply forget they have human needs. Then, there are people like me who don’t deal with tech and instead deal with people and processes and there are roles that cover everything in between the two.
It is important that companies realize that to perform well in cyber intelligence, you don’t need to have technical knowledge or be a programmer. You just need to know what sort of tools to use and how to use them. Women are good at leading cyber threat intelligence teams. We bring a diverse point of view and are exceptionally good at handling parallel mental processes which is extremely valuable. Many of those jobs aren’t linked to one geographical office space, which makes them attractive to women who seek opportunities they can do from home or part-time or in any environment that they prefer.
We need to attract women to the field earlier. It is a missed opportunity if we do not try to attract the attention of the 14-18-year-old age group when the young decide what directions to take in their university studies.
In the 21st century STEM education is necessary for all students. Cybersecurity is one issue, but I think have a larger problem with IT or digitalization in general. We need to start with providing all young people with digital literacy skills at a very early age. There are some good examples of this in Europe in countries like Estonia, Finland and the Balkans that should be studied and followed. These countries have taken digitalization and cybersecurity very seriously and as a result have visible advantages.
Q: You don’t have a STEM background. You are a trained historian and linguist. How did you get involved in the field?
AMN: I did not start in cybersecurity. At the beginning of my career, I was hired to teach the English language to military and civilian candidates for NATO positions. Parallel to that, I started working in information security and business intelligence a bit less than 20 years ago at an IT company. It may seem like there is nothing in common between history, linguistics, and cybersecurity but there is as they are all about people and motivation. In 2011, my country, Hungary, was among the first NATO allies to establish a cyber security unit and I was administrative lead to that. This is how I started an international career in cybersecurity, responsible for cybersecurity information sharing. It was an interesting task. Two years later I was asked to take the lead of the cyber defense capability team at NATO. After that there were some political changes in my country, and I resigned and went back to civilian roles.
Q: Have you typically worked in an all-male environment?
AMN: Yes, especially in the NATO environment. Many times, I was the only women in the room, and I was chairing the meeting. I was lucky in the sense that I have always had male colleagues supporting me, but I understood that many very talented women do not have such support and do not have a strong network behind them. Women4Cyber was not my idea although I participated from the very early stages. I wanted to facilitate the initiative and share my strength and professional experiences to help other women shine.
Q: Why does it make sense to hire more women in cybersecurity?
AMN: There is an economic value that is created through digitalization. The countries that give women the same rights as men without any negative differentiator are more successful in digitalization and cybersecurity in general. Not including women in cyber is simply a huge economic waste. Globally over 55% of university students are women. We are overlooking this resource pool if we only have 10% to 20% of women working in cybersecurity, especially since technical skills are not the only things needed. And finally, diversity always aids innovation simply because it breaks down all those barriers that do not allow non-traditional but talented members of society to take part.
Q: Since there are not enough cybersecurity experts in the field companies are being advised to try and recruit people with the right skill sets in-house. What is the best way to go about that?
AMN: It is very important that human resources departments familiarize themselves with the European Cybersecurity Skills Framework which was published in September 2022. It provides 12 professional profiles that describes the capabilities, certificates and skills of the people needed and much more that can be useful for HR and CISOs.
In general, when you recruit someone for cybersecurity roles there are several things that can be measured with basic psychological tools. One of the these is aptitude for long term development projects. You want someone who will be like a bulldog biting on a bone and will not let go. A lot of the technical tasks are monotonous, and the people who do it burn out in two to three years. It is an issue that has not been solved. You need to be really patient in cybersecurity. It takes a lot of time and lot of work to solve something so a resistance to frustration is very useful. Communicating well with colleagues. is also an important skill and an added value. Also, the people in key decision-making roles need an ability to understand and translate between the technical and strategic layers to effectively coordinate. If they don’t have it, there needs to be someone, preferably a lower management level cybersecurity professional who does the translation and facilitates strategic decision-making processes. In short: all levels require different skill sets, relevant to the jobs they perform. We have progressed a lot in our understanding of what these skills are.
Q: What advice do you have for large companies?
AMN: One thing I hope that large companies have understood by now is that they need to leave behind their traditional expectations that senior European men are the only useful talent to hire for cybersecurity roles. There are women who are very talented, people of color who are very talented, mentally different people who are very talented, people who are too short or too tall who are very talented. These people don’t always fit into a traditional office environment but when it -comes to delivering something in a digital world it doesn’t matter at all. It is about understanding processes and delivering.
Q: So often corporations say they would hire women if they could find qualified candidates. If corporates are interested in hiring women in cybersecurity, can they tap into Women4Cyber’s databases? How can they do that?
AMN: Get in contact with Women4Cyber Job Corner. Through our national chapters and our online community, we currently reach more than 50,000 female cybersecurity professionals at all career stages.
To access more of The Innovator’s Interview Of The Week stories click here.