Becoming a cyber leader, bit by bit
Dr. Maya Bundt, Head of Cyber and Digital Solutions at Swiss Re
To all those who fear their careers have so many twists and turns that they will never get to the top, Dr. Maya Bundt, Head of Cyber and Digital Solutions at Swiss Re may help you reconsider. As she puts it “if I look back from where I started, it looks like I picked each and every job at Swiss Re in order to get to where I am now. But while I was on that journey, it didn’t seem that way.” Whether in cyber insurance or cyber in general, Maya’s advice to those who want to step into the field is “accept non-linearity in your career.” From the outside, what may seem like a straight dash to the finish line, feels more like navigating through a giant jungle gym from the inside. However, as non-linear as it may be, Maya has seen every role change and every risk as a critical step in the journey that is her career.
“I’m a natural scientist at heart. My passion for the topic and our planet led me to pursue my education in environmental sciences. With my Master’s degree in hand, I decided to continue in this direction and obtained a PhD in soil physics. As many of my fellow doctors, I was then faced with the question of what to do next: stay in academia or move into industry? Having spent most of my life in school, I decided to make a change and got a job as a strategy consultant. Three years later, I joined Swiss Re as a senior project manager. After fourteen years with Swiss Re, I’m now the Head of Cyber and Digital Solutions.
Looking back, it’s clear that each move I made and job I took was exactly what I needed to get to my current role. But at the time of taking all of these decisions, there was no such thing as cyber insurance. So, at the start of my career, I wasn’t looking for this job because it simply didn’t exist; the entire field didn’t exist! However, with time, it became evident that what Swiss Re and other financial service providers could do in a new digitalised world would also create great vulnerabilities. I thought that was fascinating!
Now, I absolutely see myself staying here. Cyber insurance is the most exciting field you can imagine. There is so much to do and there are so many facets, which means that there’s room for people from all kinds of backgrounds.”
Maya breaks her journey down into three phases – getting started, broadening her skillset and leading her own team – and highlights the lessons she has learned along the way.
The early years
Reflecting on her experience in more junior roles, Maya remembers learning how to convince and negotiate:
“You often don’t have the formal authority to get things done”. She argues that a key skill for those starting their careers is to work with others to achieve one’s own goals and ensure those who help also benefit and get recognised. Maya highlights that, along with technical, theoretical and practical knowledge, one must never underestimate the importance of personal networks, soft skills and collaboration: “It doesn’t matter who you are or how good you are. Nobody can achieve great things by themselves.”
Stepping up your game
Maya strongly believes that everyone has room for improvement. She quotes the popular saying:
“If you’re the smartest person in the room… then you’re in the wrong room.”
Although it may be more comfortable to be the big fish in a small pond, true personal development requires constantly seeking to gain new skills. She emphasises that even those that have mastered one particular area of expertise can and must learn from their colleagues and branch out. This is especially true in cross-functional disciplines such as cyber insurance, where each member of a team should bring a certain expertise, be it underwriting, technical cyber security or law, and make the effort to become proficient in other relevant areas. Not only does this contribute to great team dynamics; it inevitably results in better solutions.
Taking on the responsibility of leadership
In her current role, Maya is not responsible for protecting Swiss Re’s infrastructure, systems or data. Instead, she is in the business of building cyber insurance solutions and developing the market. For these tasks, she needs a team with many different skills and argues that she would be very hard pressed to find all of them in the same person. However having fostered a multi-disciplinary team means that Maya is regularly presented with questions or solutions that challenge her views. Regardless, she sees this as a gift and when asked what advice she would give other leaders in cyber security, she replies “listen to what you don’t want to hear.” She believes that leaders should not only be open-minded; they must also proactively encourage and reward those that constructively disagree with them.
In summarising how she became the Head of Cyber Solutions at Swiss Re, Maya reflects:
“How I got here? Some luck, good choices and a lot of really hard work.”
Maya has taken each phase of her career, each obstacle in the jungle gym, as a stepping-stone to her next role. As the challenges in cyber are in constant flux with ever-evolving threats, the field needs the agility of people who are driven by change.
Gender equality commitment
“Gender equality is important for businesses to attract and retain the best talent. The Executive team and I have committed to increase our senior female leadership to 30% by 2020. In addition to this commitment to increase senior female leadership, Deloitte Switzerland is committed to increase the number of women in technology roles in our organisation by 5% within the next year.
To support this at Deloitte, we launched our ‘Women in Cyber’ initiative. We aim to narrow the gender gap by spreading awareness of the various opportunities that are available to women in cyber, by addressing gender biases in the field, and by initiating a dialogue that helps women navigate the profession and its opportunities.”
Simon Owen - CEO of Deloitte Switzerland
The Women Tech Boot Camp is one of our tailored learning and development programmes at Deloitte Switzerland. Hear from participants how they seize the opportunity to upskill for a job in the tech field.
From math to cyber security - a conventionally unconventional journey
Patricia Egger jump-started her career in cyber security armed with a curious mind, an affinity and passion for the subject but without a typical computer science degree. We interviewed her about her journey to cyber, what inspires her about her job at Deloitte and the cyber security profession.
"I’m a mathematician who’s passionate about people. My first exposure to security was in a cryptography course I took in high school. Later at university, I loved that crypto had its roots in some pretty complex math, but at the same time, was used by everybody, every day. That’s what keeps me going today: the relationship and dependencies between the science of security and people. What some may not realise is that security is as much of a technical and technological topic as it is a human topic; and I think that’s what makes the field so interesting.
After my first year at Deloitte Cyber Risk Services, I can say that I have never felt bored. I have been able to work on interesting and complex client projects, spanning from identity and access management to privileged access management and cyber security risk assessments, which provided valuable learning experiences.
In addition, I also have the opportunity to lead the Swiss chapter of Deloitte’s EMEA Women in Cyber initiative and as part of that the Women in Cyber Leadership interview series, that aim at reducing the gender imbalance in the field of security, a cause I care deeply about. Being part of a Women in Cyber team that contributes to changing the perception of the cyber security industry from the ‘hoody-wearing hacker in the dark room’ to a career with exciting opportunities that do not require a computer science background, is incredibly motivating. Supported by both my senior management and my peers, I have been given a platform to make an impact that matters; a privilege that I do not take for granted. "
Outside of Deloitte, Patricia also encourages girls and young women to explore the tech and security field by giving personal insights into her experiences and her work at various bootcamps and events.
Building a secure digital world is a legacy we owe future generations
Prof. Dr. Solange Ghernaouti, Director of the Swiss Cybersecurity Advisory & Research Group and Professor of Cyber Security at the University of Lausanne
The image of cyber security relying on lone hoody-wearing teenagers hacking in the dark needs to change. In reality, to improve cyber security, engineers, lawyers, economists, criminologists and policy makers need to collaborate to address cyber threats with comprehensive strategies. Prof. Dr. Solange Ghernaouti, Director of the Swiss Cybersecurity Advisory & Research Group, President and Founder of the SGH Foundation - Social Good for Humanity and Professor of Cyber Security at the University of Lausanne, has found success in building her career on such an interdisciplinary approach.
“During my PhD and the first years of my professional career, I gained experience in most areas of computer science, such as databases, operating systems, programming, electronics ands telecommunication networks. I discovered a particular interest for networks and technical network security and quickly realised that technical security would never be enough; vulnerabilities will always remain. This led me to study network management, a field that I found particularly fascinating and still do. That realisation brought me to focus on cyber risk management and I joined the University of Lausanne’s business school as professor.
As a consequence of wanting to better understand cyber criminals’ motivations, I started exploring the field of criminology. Then, understanding that politics and the economy are what make the world go round, I started becoming active in those aspects as well.
Throughout my studies and career, the trust I received meant a lot to me. For example, before starting my PhD, my advisor told me that if I wanted to graduate with him, he expected me to teach him something. The fact that this expert believed that he could learm from me powered my will to do good research and not disappoint him. I had a similar experience when writing my first book. I had never done anything like that before and didn’t know where to begin. Having the editor’s trust and support went a long way in helping me achieve that milestone in my career.”
As our society becomes increasingly digitised and connected, more security requirements and challenges naturally arise. Solange, who has been involved in the development of cyber security technology, standards and policies from their early years, believes there is still a lot of work remaining to improve the current state of cyber security and to create a safer world for future generations. Solange explains: “If we want to serve the common good, think about our youth’s future and the legacy we will leave behind, we should care much more about cyber security, including data protection, mass surveillance and the means we will use to address these issues”.
When asked why we are struggling to keep safe in the digital realm, Solange points out: “The biggest mistake we are making is thinking that technology alone can solve a human problem with socio-economic and political entanglement. Technology can help to solve certain issues, but it can also create others.” According to her, there are three critical obstacles in the way of robust and effective cyber security:
- A lack of cyber security awareness within the general population;
- Insular cybersecurity measures that fail to comprehensively address complex cyber risks; and
- Insufficient collaboration on national and international scales due to the fear of reputational damage in case of a security incident.
Let’s take a closer look at each one of these obstacles.
Lack of cyber security awareness
“How many campaigns or public service announcements related to cyber security risks have you seen in Switzerland recently? None? Exactly.”
Solange currently sees a paucity of resources and funds dedicated to cyber security on a federal or cantonal level in Switzerland. Solange believes that our authorities and the private sector need to invest in educating all of their citizens in cyber security risks.
Solange sees a power imbalance between those that control and those that use technology and strongly disagrees with claims that our children will all naturally be digitally fluent and security aware. She believes that we must adapt our education systems to the increasingly digitised world around us if we want to develop proper digital skills: “Having children use tablets in schools is not enough! Students need to be taught how to programme; not only to create new applications, but also to de-code what is happening within the devices we use every day.” She believes that awareness is the first step in understanding the long-term consequences of our word’s digital transformation.
Solange may be onto something, and not just for youngsters. How many of us can say we understand how our everyday tools work, be they SAP, Facebook or even email services? Today, most of us use these as black boxes, not knowing how they function and make use of our data.
Insular cyber security measures
“There is a certain over-confidence of technical people with regard to others with non-technical backgrounds; similar to lawyers and non-lawyers, doctors and patients.”
This can make collaboration tricky amongst experts in engineering, law, politics, social sciences, industry and research.
Instead of seeing cyber security as an issue that only engineers can solve, Solange argues that we need to recognise and value a wider variety of professional experience as well as education. For example, professionals should have the opportunity to complement their existing work experiences with courses to obtain specialised technical, managerial or legal skills.
Solange cites understanding the need for surveillance and intelligence as well as that of the fight against cybercrime as challenges where a variety of different skills are essential. Solange is very clear about this: “It’s not reasonable to assume one single profile can cover all facets of these complex issues and diverse expertise and experience ads significant value in cyber security.” This is why she believes that an integrated approach to cyber security is vital for our society and that efforts should stretch beyond traditional boundaries, whether they be geographic, political, military-civilian, left-right, black-white-purple. According to Solange, there is an urgent need to overcome conventional political divergences if we want to master cyber risks.
No company wants to grace the pages of newspapers because they fell victim to a cyber attack or because they produced or used vulnerable technologies or services. However, the reality is that major breaches occur regularly and there are many lessons to be learned from vulnerability disclosures:
“We should not let the fear of reputational damage stop us from sharing these lessons learned and hinder our progress towards true cyber security, but instead should understand the benefits in sharing knowledge, expertise and experience.”
To overcome this obstacle, there needs to be more encouragement from the top, be it from regulators or the government. In addition, processes and tools such as anonymised reporting and privacy-preserving data sharing must be developed to enable and encourage companies and people to share valuable information while protecting data subjects’ privacy.
Reflecting on Solange’s career path and her views, it is clear that greater collaboration from all relevant areas of expertise is in everyone’s best interest. We all have a stake in cyber security; it’s an issue that we as a society and individuals cannot ignore. We all need to work towards security in cyberspace and the physical world. Although the path to true cyber security may be long and at times tedious, Solange keeps a pragmatic and positive attitude: “We might as well enjoy the ride!”
Women in Cyber
Women are still underrepresented in the global cyber security workforce. What can organisations do to bridge this gap?
Cyber security has become one of the hottest and fastest-growing fields in technology across the globe today. Despite the continuous growth in cyber security spending and opportunities, women’s representation in the cyber workforce remains low - even more so than in IT. This is against a backdrop of a growing skills shortage in cyber; by 2022 there could be a global deficit of 1.8 million cyber security professionals.
How can organisations begin to bridge this gap? One way is to encourage more women into cyber security; another is to offer them equal opportunity to rise to senior leadership roles. At Deloitte Switzerland, we are committed to addressing this gender imbalance with our EMEA Women in Cyber initiative. As a global Women in Cyber team, we are collaborating to develop and execute various joint activities that promote diversity in the cyber security industry. Watch the space below for regular updates on all activities.
Stories & insights
Our Women in Cyber vision
At Deloitte Switzerland, we share a common vision with the EMEA Women in Cyber team and work hand-in-hand to promote gender parity in cyber security across all levels from analyst to Vice President. To initiate the dialogue we developed the Women in Cyber Leadership Interview Series.
We interviewed female security leaders across industries and academia to create awareness and foster a community that inspires female talent to consider a career in cyber.
They spoke with us about their journeys to cyber security, lessons learned and perspectives on their current roles. Whether it is overcoming challenges, advice on how to build a career in cyber or skills needed to succeed, these inspiring stories provide in-depth, diverse and bold insights that will help drive the dialogue in Switzerland and across regions.
Read their portraits in the stories & insights section above.
Dr Klaus Julisch is the Cyber Lead Partner at Deloitte in Switzerland. Contact Klaus if you would like to know how your organisation can benefit from participating in Deloitte’s Women in Cyber initiative.
Patricia is a Senior Consultant at Deloitte’s Cyber Risk Services practice and the Women in Cyber lead in Switzerland. Contact Patricia for more information or if you would like to get involved in Deloitte’s Women in Cyber initiative.