Diversity, a guarantee of better cyber security

The CyberWayFinder intensive cybersecurity training programme is based at BeCentral. Initially reserved for women, it is now open to all, but gender balance within the audience remains an absolute priority. Meet Rosanna Kurrer, its co-founder.  

What were the decisive moments that led you to create CyberWayFinder?

Just over 10 years ago, after a long career break, I took up coding by teaching myself online. Then I took a course at the Massachusetts Institute of Technology (MIT) to become a certified trainer for teachers myself. I then launched into such activities as part of EU CODE Week, workshops initiated by Google or Amazon Web Services, or educational days in schools. To be honest, sometimes it was just volunteering. But it all helped me to develop my network. All the way to a meeting with the Chief of Staff at SWIFT.  

What started it all?

SWIFT was looking for training in cybersecurity. The idea was to make the dedicated team more diverse, but also to offer women from the business units a career perspective in this field, which I knew nothing about. As luck would have it, at the same time I met Patrick Wheeler, a certified coach and expert in the field. We set up the programme in close collaboration with the SWIFT teams, who made a 3-year commitment and enabled me to launch CyberWayFinder. I'm still very grateful.  

However, this was not an exclusive course...

We wanted it to be open to others. We were supported by a network of cybersecurity professionals who committed themselves to giving courses alongside us, but who also convinced other companies with whom they worked. We also benefited from the support of ISC2, the global association of cybersecurity professionals.  

What skills do you need to become a cyber security expert?

Technical knowledge - software, virtual networks, etc. - is a basic requirement. But the human factor is also key, because hackers above all exploit human vulnerabilities. We also need to have good interpersonal skills, because we interact with a lot of stakeholders, who need to be educated and with whom we need to communicate in crisis situations. You also need to know the organisation's various processes, its mission and the threats to which it is exposed. This differs depending on whether it's a private or public company, or a hospital. And then there are the legal aspects, which are becoming increasingly important. In addition to the GDPR (General Data Protection Regulation), there are a number of other specific regulations. These numerous requirements are leading departments to diversify their profiles.  

In what sectors do CyberWayFinder graduates go on to work?

We teach them all the basic skills and help them get certified. Many go on to work in the financial sector, where we first developed our network. In addition to SWIFT, they now work for Euroclear, Mastercard and the major banks. But we have also worked with Proximus, Engie and the European Commission. Deloitte, EY, PwC Luxembourg, Grant Thornton, KPMG and the public authorities have also hired several of our graduates. Several women have become Chief Information Security Officers.  

What are the conditions for admission to your academy?

Our admission process consists of 4 stages. We test the ability to assimilate technical skills, but we also look at the CV. If you have experience in law or auditing, you have a great advantage. Even a background in marketing can be useful for the communication aspects. Our entrance exam is quite demanding. The aim is to gauge the motivation of the participants so as to minimise the drop-out rate. Those who already have a bachelor's or master's degree will undoubtedly find it easier to follow the course, but it remains accessible to others if they are really committed.  

Why did you open up the programme to men?

Some men had been following us for a long time and wanted to join the programme. We opened up access to them during the COVID crisis, and then maintained it. We want to maintain a maximum male ratio of 50%, but that requires a lot of effort on our part. There are fewer women with an IT background. Yet many people believe, wrongly, that an IT background is essential to work in cybersecurity. We have to convince female candidates that they can do it, even without this background.  

Why are women under-represented in IT and engineering?

For both men and women, there are still unconscious biases. In many families, an intelligent girl is still told to study languages or Latin and an intelligent boy maths or science. The composition of classes is therefore unbalanced and it can be intimidating, even demotivating, for girls to be in such a large minority. They have to work twice as hard to succeed. What's more, in an audience where less than 40% of the participants are women, the tendency is to see them only as symbolic representatives of their gender and not as individuals in their own right.  

What's the challenge?

This will inevitably reduce exchanges and narrow approaches. The absence of diversity makes IT teams less effective.