What is cyber security work like and who is it for?
For many people, cyber security has become a familiar term from reading about company after company that have suffered major data leaks. The mental image of a person working with data security is often connected with the idea of a rather reclusive computer programmer.
Aalto University information security team members, meanwhile, recommend the field to anyone who does not want to become bored in their work. They also do not agree with the coder stereotype. Their working days are, of course, spent finding solutions to IT problems, but the work can also be very social because their main task is to help people.
We wanted to find out what kind of work Aalto's information security team is doing and who would be suited to a career in the field. To get some answers, we sat down to talk with some Aalto professionals. Participating in the conversation were Cyber Security Specialist Annette Forsell, Chief Cyber Security Officer Riitta Gröhn and Cyber Security Lawyer Katja Kivivainio.
What's the best part of your job?
‘Personally, I like problem-solving. If I think about my own school days in upper and lower secondary school, I was already back then enjoying mathematical subjects where we could find solutions to different problems and move forward logically. This work requires just that kind of logical reasoning which I enjoy,’ Annette Forsell explains. ‘In addition, helping people in different projects is also pleasant. We are not, after all, doing this work for ourselves, but for others. Also, this work allows you to see things behind the scenes – things which are not accessible to everyone. This is something else that interested me about the field.’
Katja Kivivainio agrees with Annette and emphasises that the best part of the work is the interesting problems encountered. These can sometimes be very challenging, but it is nevertheless very rewarding to succeed in solving them. In addition, Kivivainio also lists among the best aspects of the job the fact that you continuously develop your own knowledge and skills and you start each day knowing it will be different from the one before.
Riitta Gröhn says she has always been curious and enjoyed having many things on the go at the same time. Her career as Chief Information Security Officer has suited her well, as she can be doing different things simultaneously and developing her own competence. ‘As Katja already said, every day is different, and you never know what the next one will bring. I nevertheless hope, of course, that no major issues arise. On the other hand, it is stressful when you have to jump between many things, and it is not always possible to effectively multitask, but I still like this work very much and feel really alive when I'm doing it,’ she explains.
What kind of work are you doing at Aalto University?
‘I work as the Chief Cyber Security Officer at Aalto. Together with my team, I am responsible for information security and cyber security at the university. I am also responsible for the technical information security solutions. Our field of responsibility includes ensuring both technical information security and secure operations in keeping with the information security management system – the goal of both of these being to implement information secure operations in teaching, research and service units,’ Riitta Gröhn explains.
‘My tasks include developing and maintaining Aalto's information security management system, ensuring information security awareness among Aalto students and personnel, supporting customers in information security matters, and supporting IT projects from the information security prospective,’ says IT Specialist Annette Forsell.
Katja Kivivainio explains that she works as a lawyer for Aalto and provides legal support to the information security team. In addition, her field of responsibility includes matters related to the protection of personal data and the administrative side of information security. ‘For example, I participated in the development of Aalto University's information security management system and supported the implementation of its IT systems,’ she describes.
What kind of study background should you have in order to work in information security?
‘To put it simply, you must have training or competence in the areas that your information security work will involve. For example, one of my own tasks is to provide legal support; I have a Master of Laws degree and my competence has been acquired through this,’ Katja Kivivainio explains.
‘Nowadays in Finland, if you are passionate about information security right at the start of your studies, there are study tracks through which you can focus on cyber security. And these are indeed clear paths into information security work. I myself graduated from Laurea University of Applied Sciences, where you can study a degree programme in safety, security and risk management. When I was there, information security studies were all optional – none were yet compulsory. Today, there are more opportunities for information and cyber security studies, even though the emphasis remains on overall security and risk management. In other words, the options for studying information security have increased,’ says Annette Forsell.
To whom would you recommend a career in information security?
‘In short, I would recommend this career for all curious people who are prepared to continuously develop themselves. In this field, you must have an interest in a very wide range of topics, and it is necessary to continuously develop your own expertise in both administrative and technical matters in order to keep up-to-date. Legislation is changing, technology is changing, and the attack methods are changing. It is certainly a positive thing that it doesn’t get boring and you are able to develop all the time and learn new things,’ says Riitta Gröhn.
Katja Kivivainio adds that good problem-solving skills and analytical working methods are a plus in this line of work. Annette Forsell agrees, and also notes that there really is no need to be a black-hooded nerd working in a dark room. ‘There is no one category of people who are suitable for this work. On the contrary, it would be good for us to have a wide range of different people working in information security, people with new ideas and approaches to solving problems,’ she emphasises.
Why do we need more diversity in this field?
‘This field is suitable for so many people. If we are pursuing Finland’s goal to remain a leading country in cyber security well into the future, we need more people to work in the information and cyber security sector. We need diverse expertise, as well as experts from different fields and people who are switching professions,' Riitta Gröhn emphasises.
Annette Forsell notes that, through visiting various information security and cyber security events, she has seen clearly how there are still very few female specialists in the field. ‘At those events, you certainly don’t need to queue for the women’s loo!’ Annette Forsell says with a laugh and continues: ‘Normally, 80–90% of participants at such events are men. In the future, it would be great to see more specialists of different backgrounds, different genders, and different ages in this field,’ she concludes.
Want to hear more about cyber security?
You can also read a student and professor interview on the topic via the link below.
Why should people study cyber security?
Aalto University Professor Jarno Limnéll and student Jasu Vehtari explain what the most interesting aspects of cyber security are and why it is a useful subject to study.