Creating awareness is inextricably linked to making cyber threats tangible and personal. “Most people still don’t realise its their business as well”, explains Johanna Kinnari, the Finnish Information Security Manager at OP Financial Group. “If you cannot relate to the danger yourself, it will always remain too abstract”, adds Hungarian Sophie Kemenes, Security Education and Awareness Coordinator at Norsk Hydro.
Unexpected career changes
The personal stories of these two female security awareness professionals reflect how the concept of cyber security can be shifted from something far-fetched to a defining part of life. Before she landed as an information security content specialist for Norsk Hydro, Sophie Kemenes first started her career as a freelance content creator and marketeer in the advertising sector. “Norsk Hydro was looking for someone with writing and sales skills. So, even though I didn’t know a thing about cyber security, I was hired.”
“Then, during my third week at the company, a ransomware attack hit Norsk Hydro. Suddenly, I found myself in the middle of an IT hub during an intense battle on all fronts, with an enemy we had yet to identify. With a communication profile, I felt like a war reporter at the battlefield. I was the one telling everyone what was happening”, Kemenes continues. “At this point, I realised what expertise I was missing. So, later on, I explored the field more deeply and got the necessary certificates and knowledge.”
Johanna Kinnari also initially envisioned a very different career path: “My original education was in barbering and hairdressing. However, I quickly felt this was too basic for me and decided to change to IT. As I knew that I didn’t want to spend my career in coding, focussing on information security and corporate security management was a logical step.”
Soft skills and subtility
These stories show that awareness creation never solely is a matter of education and imposing rules. It should rather be considered as a step towards cultural change. Therefor the Awareness Focus Group organised a third edition of the Certified Cyber Security Awarenes & Culture Manager course, a peer-to-peer training. A new ‘Culture’ module was recently added to the programme. To support the Women4Cyber foundation they were invited to designate two participants. Sophie and Johanna were thus able to take part in this course.
“Awareness is about getting people to change their behaviour. Thus, soft skills and subtility are crucial”, clarifies Kinnari. “Explaining vulnerabilities can only be successful if it’s focused on a practical level. Therefore, former experiences of any kind can be a huge asset”, adds Kemenes.
By sharing this insight, both hope to make cyber security more attractive to women. This also explains their Women4Cyber membership, a European non-profit organization with the objective to promote, encourage, and support female participation in the field of cyber security. Johanna Kinnari: “As a top-down approach will never be sufficient, women in this sector should take up their role as ambassadors.”
In addition, the current pandemic clearly offers opportunities for speeding up this process. "On the one hand, people are more exposed to cyber risks because we are all working remotely most of the time. On the other hand, a lot of people have started questioning their jobs, making this a good time to shift careers. We now have to make sure that they know about the exciting opportunities in cyber security”, concludes Sophie Kemenes.