Siska Hallemeesch: I have always worked in IT, including nearly 13 years in Managed Security Services for a major American telecom company. But then I ended up like so many people: once you are over 50, you are both too expensive and too old. For me, this was the moment to reconsider what I wanted to do next, because I certainly wasn’t ready to be written off. I completed an Executive Master’s degree in Information Security at the Solvay Brussels School, obtained the most important security certificates (CISM, CISSP, ISO 27001 lead implementor), started working as a senior security consultant, and built my new experience step by step. After two and a half years, I was ready for a new job as a CISO-as-a-service, under the wings of NVISO.
What does this award mean to you?
I hope that my journey can inspire others. Giving your professional life a new twist is hard work, but it is possible, even if you are over 50. I have a tip for companies: when hiring, look at the entire person standing in front of you. Passion, talent and dynamics tell a much more complete story than just skills and age. At NVISO, I work with many young people. The interaction between the generations is enriching. We continuously learn from each other's experience and curiosity.
What challenges lie ahead in the domain of cybersecurity?
It is very important that companies view cybercrime as a business risk. It is not simply an IT problem that you can solve with a few tools and programmes. It is an entrepreneurial risk that affects your entire company. A ransomware attack can paralyse your entire organisation, and cost you a lot of money. As a CISO, I always start by identifying the risks for the company as a whole. What is there for cybercriminals to gain here, and how are we going to arm ourselves against them? We then determine which measures are best suited within the context of this specific company.
What is your advice for SMEs?
Be prepared. When I talked about geopolitical risks in the field of cybersecurity five years ago, people raised their eyebrows. But today, the ransomware comes from Russia, China and Korea. A lot of SMEs are not prepared for this. If you wait for it to happen to you, it will cost you so much more than if you are well-prepared.
Can you give a concrete example of a cyber risk that you have encountered? And how you handled it?
We recently had a case of “Shadow IT”; this is when employees start using their own IT resources in their working environment, without the IT department being aware. It can involve both software and hardware, which fall outside the management of the IT department. In this case, there was an application that had been running for 10 years, completely unsecured. That makes you very vulnerable as a company; it is essentially an online portal that is wide open. Cybercriminals can easily enter your company through it, with all the disastrous consequences that this entails. In this case, we were able to prevent the worst. But you should definitely be alert to these types of vulnerabilities within your organisation.