7 minute read
Gergana Winzer
Industry Director CyberSecurity APAC for Unisys
I’m the Industry Director CyberSecurity APAC at Unisys,and I I report to the global Vice president of Security who is based out of California in the US. Unisys is a systems integrator and a technology and services company, so cyber risk has a very high priority. However, I am not responsible for the security of my organisation but for providing meaningful cybersecurity solutions to our clients.
I really enjoy my role, and I would love to have more decision making power in order to deliver the outcomes I know the business wants me to. I however realise that this is a process and I am willing to work hard in order to get there.
In my role I get to see the many issues our clients have to deal with on an ongoing basis and be able to keep up with it all in order to be cyber resilient and compliant. Based on my experience, this is how I advise them to deal with those challenges.
• Get the basics nonnegotiable: For example, if you can’t always patch find a way to implement other measures and apply them, negotiate internally and make it happen! • Think strategically: Will your strategy be relevant in the next 18 months? If not include a long-term addendum and think long-term impacts.
• Communicate, be authentic and take
responsibility: because some of the most important problems you will face will not be technology related, they will be interpersonal. The more real we get about who we are, the more we learn how to communicate with others and really understand them. Take into consideration who your team is and their commitment!
Eventually:
Every organisation needs to adopt a mindset that acknowledges the growing risk from cyber threats and factors these into its risk assessment.
Threat x Vulnerability = Risk. In my role as a cyber professional I see, more than ever, the need to proactively and precisely evaluate threats and vulnerabilities and make appropriate decisions. Being able to calculate the risks in actual dollar value will have a massive impact on the way organisations make decisions on cybersecurity budgets.
Unisys has an analytics tool that allows me to predict the impact in dollars of a data breach on my customers and I can see how this type of thinking will elevate us above cyber threats and allow for proactive defence and informed risk mitigation and data based decisions.
My role is becoming increasingly relevant. I am eager to assist my clients in co-creating solutions that enable them to constantly improve their cybersecurity posture and build further confidence in the measures they are taking.
This industry is amazing because it offers so much novelty. I am excited about the new solutions my
team and I have come up with that enable us to be relevant, and to really make a difference.
Understanding my clients’ problems and being able to provide solutions that work and make their lives easier is one of the most satisfying aspects of my job. Another is fostering a high performance supportive culture in my team.
Like every organisation, we faced challenges when COVID-19 hit. My role is client and partner facing so was impacted when I was unable to meet people face to face. However, I found it easy to transition to remote working because the technology was there to support me. Our CISO is a trained psychologist who has always put culture first. That approach enabled us to ensure our team, in region and around the world, to remain effective.
Some of our clients had major issues with scaling and securing remote working and I saw the impact on their organisations. I was able to help in some instances but found it hard in others because people at the beginning were very much afraid of the economic consequences and did not want to purchase the solutions that would have made thing easier and more cost-effective in the long run.
I think getting into cybersecurity was one of the best decisions I ever made. It shifted my whole life, allowing me to learn and become passionate about something very important but, at the time underestimated and little understood.
My first employer in cybersecurity was Australian cybersecurity consultancy Stickman. I would make calls to executives of T1 and T2 organisations, speak with them about cybersecurity and hear the surprise in their voices. I would see them becoming uncomfortable in meetings simply because it was not top of mind, but was seen as something IT had to do. It’s become much more important today and is getting much more attention, although still not sufficient in my opinion.
One of the early pieces of advice I received was in how to motivate people to pay attention to cybersecurity: become a good storyteller while telling the truth. Another important lesson I learnt was: play a team game. I will never be primarily a technologist, but I always surrounded myself with bright colleagues who have exceptional technical skills I can learn from and complement.
Cybersecurity is a team game. The teams I have worked with in every company throughout my career have been amazing. I had the privilege of working with some memorable people, and I cherish those experiences.
Other memorable experiences have been: getting my first PCI DSS training; becoming an ISACA board member; being a panel moderator to some of the most accomplished C-level executives and professionals in the region; MCing for Victor Dominello in 2015—then NSW Minister for Innovation and Better Regulation—in my role as ICT chapter chair for the Australian Indian Business Council; and of course being nominated at the awards of the Australian Women in Security Awards in 2020.
The Payment Card Industry Data Security Standard (PCI DSS) training I undertook covered the security controls and the structure behind them for the standard, which aims to enhance security for
consumers by setting guidelines for any company that accepts, stores, processes, or transmits credit card information. I thoroughly enjoyed it.
I also recently completed the Cyber Leadership Institute’s Cyber Leadership program, an executive level program for cyber leaders who want to develop
their executive skills, c-suite stakeholder and board engagement, and become a leading CISO.
It teaches you how to communicate in the language of your executive team to ensure they understand cybersecurity risk and can make appropriate decisions. Guess whose responsibility it is if your board is not giving you the money needed to protect your organisation or elevate its resilience? Yours!
Both these courses were important to help me assist my clients with their decisions and their responsibilities, and helped my career progress. Anything you learn will be useful if you know how to apply it. I made sure I applied what I learnt.
Other women who have told me their cybersecurity career journeys have spoken of being undervalued because of their gender. For me, the only thing creating that experience has been my own lack in being able to communicate and be firm and direct.
Only when I learnt (and I am still learning!) how to do that was I able to negotiate with and contribute to my team while allowing them to contribute to my agenda. I’ve also found it important to be clear about my intentions, and to speak up.
These things do not always come naturally. There can be many barriers: culture, family education, etiquette. But unless we make the effort nothing will change.
An organisation’s cybersecurity posture can depend on how women in cybersecurity communicate. If we have to be assertive to make a point or if we have to be straight to raise awareness, it is our responsibility to do so, and to be accountable for our actions.
Unless there is a clash of egos or toxic culture, but most organisations today will enable us to step up and express ourselves while fulfilling our cybersecurity roles for the good of the organisation.
I have seen more and more organisations becoming gender diverse. At Unisys we have a great support from that standpoint and I feel my previous employers also gave me more than fair chances. So, as long as we can maintain this momentum, we should be able to grow, and for that to happen, we need to exercise our power and be responsible for our own contributions. Responsibility equals power.
www.linkedin.com/in/gergana-kiryakova-winzer-0939937/
EXPRESSION OF INTEREST SPONSORSHIP
Source2Create is thrilled to announce the 2021 Australian Women in Security Awards. This hybrid event will be a glamorous Gala Awards evening based in Sydney. We will be welcoming our guests in person as well as via live stream. To be a part of this energetic initiative register your interest today for sponsorship opportunities. Deadline for sponsorships: 20th July
I’M INTERESTED!
JOIN OUR SPONSORS
