Life at Deloitte
Journeys to cyber security - what does it take?
Different perspectives, one passion
When it comes to choosing cyber security as a career path, a common misconception is that a computer science degree is a must. While having an information technology background is helpful, a successful career in the security space does not depend on it.
Some of our brightest cyber security minds jump-started their career without a computer science degree. Instead, they were armed with a curious mind, an affinity and passion for the subject and the ability to easily adapt to new situations. When asked why they chose Deloitte and what inspires them about their profession, this is what they had to say:
Cyber security careers at Deloitte
Find open positions
Ines Fichtinger, Manager, Vigilance and Resilience, Cyber Risk Services
Looking back, my fascination with technology started at an early age when I built my first computer, and we received our first internet connection at home. I soon started playing computer games and participating in LAN parties, where we had to set up and troubleshoot our local network to be able to play. Back then, the security of these networks was only an afterthought and computers were notoriously unsafe, but the main objective was to get them working.
Although I was passionate about technology, I initially pursued a degree in Economics. Fortunately, with the encouragement of my friends and a stroke of luck, I switched to Management Information Systems, where I specialized in Cyber Security for my bachelor’s and master's degrees. Currently, I focus on helping clients build their Cyber Defence capabilities to be able to detect and timely respond to cyber-attacks. It is incredibly rewarding to help protect our clients from ever-evolving threats.
I believe that Cyber is one of the most exciting and dynamic fields to work in. The field is constantly advancing, and every organization requires a customized approach to Cyber. But what I love most about Cyber is that it is not just about technology, it’s also about the human element. Bridging the gap between business and IT is a critical component of Cyber Security, and effective communication with stakeholders is essential.
To anyone considering joining the field, my advice is to stay curious, become a generalist before becoming a specialist, and not be afraid to dive in. We have a diverse set of professionals working in Cyber, and it is that diversity that makes us a successful team.
Yuliia Sumovska, Consultant, Application Security, Cyber Risk Services
When I began my cybersecurity bachelor's degree, I was unsure if the field would really interest me and if I would pursue a career as a cybersecurity specialist in the end. While still studying my friend from university recommended a web application penetration testing training, and it completely changed my outlook. I felt passionate about pen-testing.
This training program inspired me to apply for a Junior Penetration Tester position in Kyiv, Ukraine, at Deloitte. I was ecstatic to join a company with a rich history such as Deloitte, as it represents the ideal launching pad for young, enthusiastic individuals like myself.
After finishing my bachelor's degree, I had to choose a new country to pursue further studies because of the Russian invasion of Ukraine. I found that Switzerland, and specifically ETH Zurich, was the best place for me to deepen my knowledge and improve my expertise in Cyber. Along with starting my education at ETH, I joined Deloitte’s Application Security team in Zurich, Switzerland as a Consultant.
After working here for two years, I realized that the experience was like hitting the jackpot. This opportunity afforded me an extraordinary breadth of experiences, enabling me to navigate unforeseeable challenges with ease, and work with highly qualified professionals who pushed me to improve my skills every day.
Chiara Kessler, Senior Consultant, Vigilance and Resilience, Cyber Risk Services
Growing up as a 'millennial', I remember doing homework on colourful floppy disks, buying my first CD (with cash!) and having endless conversations on MSN messenger. As a teenager, I was vaguely aware of the importance of firewalls, but the concept of cybersecurity only started capturing my interest during my studies. As a student of geopolitics, I realized the significance of balance-of-power dynamics both off- and online.
Although I took a cybersecurity course, I did not consider pursuing it as a career at first because I felt that I lacked technical skills. Instead, I focused on physical security and worked in Apple's crisis management team for several years, where I helped manage major crises, including COVID-19, terrorism, violent protests, and war.
Moving to Switzerland gave me the chance to transition towards cybersecurity. I was lucky to find an open-minded and supportive team at Deloitte’s cyber risk advisory practice, where I currently focus on resilience. Cybersecurity is an incredibly dynamic field that is becoming increasingly important for personal security, business security and national security. I believe that anyone can pursue a career in cybersecurity by adopting a growth mindset and treating challenge as an opportunity. I have found an exciting field where I can grow personally and professionally and make a positive societal impact.
Gabriela Billini, Senior Consultant, Vigilance and Resilience, Cyber Risk Services
It’s no secret that the last several years have been marked by uncertainty and growing instability. I had a front row seat to those global shifts in my previous role, conducting threat monitoring and managing crisis scenarios for private sector businesses with international interests. What marked me most were the fluctuations brought on by digitalisation and the growing convergence of cybersecurity and geopolitics. During this time, I realised that reading independently was not sufficient to fulfil my curiosity in cybersecurity, which is what brought me to apply for this role with Cyber Risk Services at Deloitte Switzerland.
The summit of working with the cyber team is how dynamic and energetic it is. Interests and areas of expertise vary extensively. The nature of the job requires that we follow and learn about the ever-shifting cyber field and share these learnings among our colleagues, making it an exceptional environment to grow and participate in.
Something that would shock many is that cyber is so much more diverse than technical expertise alone – there is room for a wide range of interests and skills. All it takes is finding a team that values your expertise and gives you the space to experiment and learn along the way.
Sian Batra, Senior Manager, Strategy and Transformation, Cyber Risk Services
I love working in cyber. Over the course of my career, I have had the privilege to work with fantastic colleagues and clients from whom I have not only learnt and been inspired, but also been challenged a lot.
I never thought I would end up in the field after studying International Relations and French, but I am so glad that I somewhat accidentally ended up here. When applying for a graduate scheme in the UK, I was sent a list of the different teams available before my final interview and remember thinking “hmm cyber security…that sounds interesting”. I have not looked back since. What I have done is found myself in a career where no two projects are the same, the people I work with come from all kinds of backgrounds and the experiences I have had as a result have enriched my day to day. If you are reading this and not sure whether you are right for a career in cyber – I say go for it as you never know until you try! There is no one profile for a cyber professional. Cyber is multi-dimensional and it is only when we all bring something to the problem that we will find the right solutions.
Magdalena Fink, Senior Consultant, Strategy and Transformation, Cyber Risk Services
My journey to cyber is unconventional to say the least. Already in high school I was torn between my fascination for the fashion industry and my interest in technology. I decided to follow my passion for the industry that I already knew and studied Global Brand and Fashion Management in Munich. Over the years, I became increasingly interested in technology.
Watching my friends become victims of Computer viruses, I decided to acquire a deeper technical understanding. I attended the MSc Information Technology programme at the University of St Andrews in Scotland, focusing on information security. Immediately, my gut feeling told me that cyber was the right choice for me.
I love working in cyber: companies but also individuals are constantly facing new challenges and I can help them to stay secure, support them to understand these new topics and have the opportunity to constantly learn and educate myself.
It is amazing to see what you can achieve in the cyber team – even with a slightly unconventional background - as long as you are curious and motivated to learn. I truly believe that our team is a great example of open culture and diversity. Whenever you face a challenge, you get the support that you need to master it.
Kate Wong, Manager, Cloud and Infrastructure Security, Cyber Risk Services
I began my career in IT Consulting in Hong Kong without a specific focus but was keen on exploring different roles and domains. It wasn’t until my third year of working that I got involved in Cloud Computing. At this point in time, we were already in the trend where many industries in the city saw significant Cloud adoption but most importantly: they rapidly recognised the benefits in using that technology. As my clients’ views were aligned with that, I started working on migrations to different Cloud service providers. While performing these engagements, I often wondered how security measures would change when a company, who was used to hold all their most important data in-house, had them residing to a third-party provider.
As more similar thoughts continued to draw my interest, I went down the rabbit hole and decided to naturally allocate more and more time, developing my knowledge on Cybersecurity – specifically on Cloud Security. Being in this industry, you are naturally challenged for growth and improvement since hackers don’t take time-off when you are on holiday. Here at Deloitte, I am very proud to be in a team of passionate mindsets. We continuously inspire confidence to each other, which in-turn, enables ourselves to deliver meaningful value to clients.
May Randall, Senior Consultant, Resilience and Vigilance, Cyber Risk Services
Coming from a non-technical, non-computing and definitely non-cyber background (I completed a BSc in Geology and an MSc in Management) I never thought I would end up working in Cyber. My journey into Cyber was somewhat serendipitous, starting in 2019 in the summer between my BSc and MSc, when I applied for an internship with Deloitte UK on the recommendation of a friend. Since I applied fairly late in the application window, I was not able to choose which service line I wanted to intern in: instead, I was automatically assigned to the one that had a place remaining – the Cyber practice!
During this time, I rotated around the different capabilities within Cyber (e.g. Incident Response, Data Privacy, Strategy, Application Security etc.) and also got my first experience working on an actual project for different energy clients around the UK. When my internship came to an end, I was interviewed for the conversion to the graduate scheme and so my journey with Deloitte continued, with my place secured for after I finished university.
Fast forward a year to September 2020 and I joined Deloitte full-time on their graduate scheme and became part of the Cyber Incident Response team. My day-to-day included helping on real-life incident response projects and providing training to clients to help them be better prepared to respond to cyber attacks; after all, it’s no longer a question of “if” but rather “when” regarding companies falling victim to a cyber attack.
After nearly two years in the UK team, I was able to transfer to the Swiss Cyber practice where I now sit in the Resilience and Vigilance team. In both the UK and Switzerland, it has been the team and the people I work with that has really stood out for me. I have worked on challenging projects, but there is always help when you need it and I know that there will never be a client challenge great enough that we cannot face together.
Floriane Gilliéron, Consultant, Data Protection & Privacy, Cyber Risk Services
I studied Communication Systems at EPFL to understand which mechanisms are ensuring that whenever I send data over the internet it doesn’t get lost or read by malicious people. Along the way of solving these questions, I became more and more interested in aspects of cyber security that were not only about securing the data, but also about securing the people behind it. Having reliable encryption and communication mechanisms is not enough, it’s also important to regulate how companies are using their client’s data. This passion for privacy eventually brough me to the Data Protection & Privacy team at Deloitte, where I now have the opportunity to work on exciting and challenging projects for various clients. With a job constantly pushing me to learn, I’m guaranteed to stay up to date with the latest technologies and trends. This is especially important in a fast-moving field such as cyber security.
Another thing I particularly enjoy about my job at Deloitte is the people I’m working with. After six years in a technical university, I find it very enriching to be collaborating with colleagues from various academical backgrounds, bringing more perspectives than the engineering one, which is more than needed to solve such complex challenges. The cyber team is made of motivated and dedicated people, creating an ideal working environment. I’m always excited to start a new day, as I’m convinced to have found the right place for me!
Jasmin Rubin, Senior Consultant, Resilience and Vigilance, Cyber Risk Services
Becoming part of Deloitte’s Cyber Risk Services Team was a career path I never imagined in my wildest dreams. With a Bachelor and Master’s degree of Arts in my pocket, I started working for the Swiss Department of Defence and later the Swiss Department of Foreign Affairs (FDFA). During these five years, and especially while coordinating the politico-military dimension of the Organisation of Security and Cooperation in Europe (OSCE), the topic of Cyber became somewhat omnipresent: From hybrid warfare to so-called “Confidence building measures in Cyber” - Cyber was “where it’s at”.
At the same time, I became responsible for the COVID crisis management within the Eurasia division of the FDFA. Realising how much effort efficient crisis management requires, I started looking for jobs where I could make an impact in that field. And that is how I joined Deloitte’s Cyber team; a team full of diverse people with different backgrounds – a place where I can learn new things by simply having a coffee with someone. Working in Cyber has been nothing short of an exciting ride with almost endless opportunities on exciting and challenging projects – a journey I can recommend to anyone out there, wanting to make a difference in their working life.
Anne van Eck, Manager, Data Protection & Privacy, Cyber Risk Services
While I was studying law and business at the University of Leiden in the Netherlands, I always felt that something was missing. In my third year I therefore helped to set up a Legal Tech initiative, by combining legal and technical knowledge. And it paid off! Today, I am advising clients on legal and technological matters – and this is what I still love doing. The combination of my legal, business and tech background allows me to think broader and consider more than just one angle of a client challenge (e.g. legal concerns).
At Deloitte I love working in our multidisciplinary and diverse team. People from various backgrounds and nationalities make up our cyber team. I think diversity is key to being innovative and having different perspectives on certain challenges that clients may face. We are always open to helping our clients grow and taking on new challenges. If there is one thing I have learned working for Deloitte in the past few years, it is that anything is possible, as long as you go for it. And that is what I will continue to do in my future as a woman in cyber at Deloitte.
Laura Mati, Manager, Strategy & Transformation, Cyber Risk Services
After having studied Economics in Milan and Business Journalism in Beijing, I came across cyber security almost by accident when I joined Deloitte (although “there are no accidents” Master Oogwa, Kung Fu Panda, would wisely whisper). One of my first projects allowed me to design operating models and set up global hubs for the delivery of cyber security services for various Swiss based global organisations.
Just as much as my initial involvement was accidental, the choice to move to cyber security was unreservedly deliberate. I completed the Certificate of Advanced Studies in Cyber Security at ETH Zürich and moved from Strategy & Analytics in Consulting to the Cyber team in Risk Advisory.
What fascinates me about cyber security is the wide spectrum of fields one could pursue without ever leaving the cyber domain – cryptography and mathematics, law and privacy, national security and international relations, compliance and regulations – all tightly glued together by technology.
With a background in outsourcing and shared services large-scale transformations, I am looking forward to exploring and pushing forward the thinking around cyber delivery models, alongside our clients. As the maturity of cyber services grows, so does the importance of delivering them in the most effective and efficient way.
Stephanie Barry, Assistant Manager, Quality, Risk & Security, Deloitte Business Security
"It’s been an amazing ride! With a background in data analysis, I joined Deloitte in the UK in 2015. At the time, I was part of the Quality and Risk Operations department where I developed my skills in information security risk. One year after joining the team in the UK, I seized the opportunity to join Deloitte’s internal security team in Switzerland. I was excited to build upon my risk background and become a cyber risk analyst. My new team in Switzerland helped me define a development plan, which included technical training, such as information system, cloud and networking security courses, as well as women in leadership courses.
As I look back on the time I’ve spent in this role, I feel that I’ve achieved so much more than I ever could have imagined, in a field that I originally hadn’t considered entering: I’ve contributed to many cyber initiatives, while working with a variety of stakeholders at various levels, and with multiple Deloitte firms from around the globe.
There’s no doubt that the technical aspect of my role has at times been daunting, but the prospect of overcoming these challenges has always driven my desire to keep on learning, and my progress keeps me motivated every day. The world of cyber risk is fascinating, and having come from a risk background, I feel as though cyber security has in fact been a natural next step. In addition, I’ve gained first-hand experience in effective communication and collaboration, which is absolutely necessary in providing pragmatic security services. Now, I’m really excited to develop further professionally and help Deloitte innovate securely!"
Elisa Papa, Senior Manager, Data Protection & Privacy, Cyber Risk Services
“I am a physicist by trade who is passionate about data. After several years in the academic research and data science field it was time for a change. My increasing interest in data management and data security led me to joining Deloitte's Cyber team, where I now get to deep-dive into these topics while working on exciting client engagements. In this role, I have already had the opportunity to work on challenging privacy 'transformation' programmes for clients, which aimed at ensuring data protection, in particular around personal data, by translating multi-faceted regulatory requirements into technical and organisational measures for an appropriate use and processing of the data.
Being part of the Cyber team is a unique and rewarding experience because the learning and developing never stops. Every day, I am surrounded by a dedicated and very diverse group of cyber security specialists and data protection experts who all strive to reach one common goal: navigate the complex IT landscapes of international companies, understand the technologies in place and the risks associated with them to be able to find the best solutions for our clients.”
Fiona Koller, Assistant Manager, Strategy & Transformation, Cyber Risk Services
"During my bachelor studies at the university of St. Gallen in International Affairs, I decided to write my thesis on the topic of cyber risk and security for Small and Medium-Sized Enterprises (SMEs) in Switzerland. I chose this topic because it was an emerging issue and there was not much information about it at the time of my research. Afterwards, and despite some initial doubts due to my lack of technical skills, I applied for a traineeship in Deloitte’s Cyber Risk Services team. The goal was to gain hands-on experience and to determine whether it could be a potential career path for me in the future.
I am now part of an ambitious and passionate team working towards the greater good in providing companies with the best possible solutions in this dynamic and fast-growing field. I have had the privilege of working alongside and learning from extremely talented data privacy and cyber security specialists. I enjoyed working on a variety of diverse and complex client projects ranging from GDPR support to cyber security gap assessments. The team here promotes learning on the job and, over the past few months, I have been given increased responsibilities and client exposure.
Looking back, my initial concerns now seem unfounded, as I experienced the interplay between technical and non-technical skills and how crucial both are to complete successful projects. The interconnectivity of the human and the technical factor is integrated into our team and the work we do every day. A few months into my cyber risk journey at Deloitte, I see myself continuing on this career path with additional training and I am very excited about the opportunities and the challenges of the future."