Celebrating Women in Cybersecurity

Joanna Karczewska
Author: ISACA Now
Date Published: 15 April 2022

Editor’s note: Joanna Karczewska, a longtime ISACA member from Poland, is among several ISACA members who recently was featured in the book, “Hacking Gender Barriers: Europe’s Top Cyber Women.” Karczewska recently visited with ISACA Now to discuss the book and her views on progress made by women in the cybersecurity field. The following is a transcript of the interview:

ISACA Now: For those who haven’t had a chance to read it yet, tell us a bit about Hacking Gender Barriers.
Hacking Gender Barriers: Europe’s Top Cyber Women is the recent valuable publication of the Women4Cyber Foundation, a non-profit European private foundation launched in 2019 by ECSO (European Cyber Security Organisation). The book highlights over 100 women working in the field of cybersecurity in Europe. Its goal is to inspire more women to take up a career in one of today’s most requested professional fields by showcasing female role models active in cybersecurity. More information is available at http://women4cyber.eu/roadmap-of-actions/100-women-in-cybersecurity-book.

ISACA Now: What did it mean to you to be included in the book?
Being in the book has a very special meaning for me. My inclusion breaks not only the gender barrier but also the age barrier. Both Ms. Rita Forsi from Italy and I are retired yet still very active in the cybersecurity field. This proves that neither gender nor age should be considered a deterrent to being a cybersecurity professional.

ISACA Now: There are several ISACA members included in the book – what does that say to you about the ISACA network?
My fellow ISACA top cyber women (Gabriella Biro, Jenny Boneva, Sara Garcia Becares, Ana De La Higuera Lopez-Frias, Loredana Mancini, Nadine Nagel, Andrea Szeiler, Magdalena Skorupa, Katalin Szenes and Jelena Zelenovic Matone) are from Bulgaria, Hungary, Germany, Italy, Luxembourg, Poland and Spain. We are all proud of holding ISACA certifications or getting ready for them. We see it as a proof of our cyber skills, knowledge and competencies. We are also involved in ISACA activities at general and chapter levels. So, it confirms that the ISACA network is quite visible in Europe and has an important place in the European cybersecurity landscape.

ISACA Now: In your view, how much progress has been made for women in the cybersecurity and information security fields over the past decade?
Thierry Breton, the European Commissioner for Internal Market, recently said, “We need to encourage young women and facilitate entrepreneurship and digital innovation by women. We need all forces to tackle cybersecurity challenges.” There are now many initiatives like ISACA’s SheLeadsTech program or the work done by the Women4Cyber Foundation undertaken to encourage women to look at cybersecurity as an interesting career. But celebrating women in cybersecurity just on International Women’s Day is not enough. The progress is still too slow.

ISACA Now: Where do you think there remains the most work still to be done?There is an in-depth analysis (http://apo.org.au/node/105276) published in Australia in 2017 that presents the actual reasons of women’s low representation in the cybersecurity industry. If we use their findings as criteria to assess the present state, we will come to the conclusion that the barriers to attracting women into the industry still are the leaky educational pipeline, weak marketing, lack of role models and inadequate hiring practices. I am most worried about education and appreciate what the NCSC is doing by organising year after year the CyberFirst Girls Competition (http://www.ncsc.gov.uk/cyberfirst/girls-competition), launched in 2016 in response to the UK’s National Cyber Security Strategy 2016-2021 and aimed to support girls interested in a career in cybersecurity.

ISACA Now: In addition to being a cybersecurity expert, you are a data privacy officer – how much do cybersecurity and data privacy interconnect in this era?
Most of the recent major data privacy breaches are due to weaknesses in cybersecurity. From my observations and my own experience, lack of interconnection between cybersecurity and data privacy will cause problems to any organization sooner than later, especially now when due to the COVID-19 pandemic we have become so dependent on the internet and the IT systems that enable our online activities. In today’s virtual world, privacy policies and procedures are practically worthless without sound and reliable cybersecurity measures that implement and support them.