One of the things we LOVE about our speakers is their passion for cybersecurity and their determination to make an impact for both the community and the people around them. They want to help others understand the importance of online safety and privacy, and how to apply basic security measures to protect themselves and their digital assets.
Jelena is one of them. She’s actually one of the few females speakers who will be on stage at DefCamp 2018, and we couldn’t be happier about this. (Hopefully, more female infosec specialists will join us in future editions!)
Jelena Milosevic is a pediatrician and a nurse, with years of experience working in different hospitals. You’re probably asking yourself: “and how is that related to cybersecurity?”
She is passionate about cybersecurity and over the past three years, she’s been actively involved in the infosec community. During this time, she has learned as much as possible about the industry, so she can apply her knowledge in the healthcare world and improve security for both the patients and the medical staff.
Unlike other speakers who have a technical background and work in different companies as infosec specialists/experts or software engineers, Jelena brings more soft skills to the table: enthusiasm, curiosity, passion for cybersecurity, eagerness to learn and teach others, and a doer attitude.
For years, cybersecurity was an industry with a clear gender imbalance in which women represent just a bit over 20% of the global workforce in 2018, according to new research.
We asked Jelena what she thinks about being one of the few women who work in cybersecurity and how we can change this.
For me, it’s important what someone give and share with all of us, and which kind of person she/he is, not a gender or something else.
We can’t ignore the fact that for women it is more difficult to be heard, to be respected and not insulted in the tech world.
We can’t ignore that there is a loud movement inside of InfoSec that insults women without any consequences, because they have some position and some professional knowledge. Also, until last decade, we couldn’t see a lot of women in any tech education sector, and for sure not in cybersecurity, which is one of the newest sectors in education.
This all made it look like women weren’t that welcome in the tech world.
But there is a change.
We do need to have better education, more possibilities, and support for girls (and boys) to can have own choice in their education. And when they enter this industry and start working, to get respect and the right place for what and how they do.
Same time, we need to stimulate women to take more actions and “move”. From my own experience, it did mean a lot, the trust and support that info security professionals did show to me. The way they explained how things work, where I can find something, stimulated me to do things by myself and talk about it.
And I did it, finding and fighting for my place in this sector, same as everyone else. I can admit, that as a woman and nurse it wasn’t that easy. Sometimes, I think, that only being stubborn and trust some people had in me, did help me not to quit.
By now, you can easily tell that Jelena advocates for strengthening education systems and supporting women to pursue their own career path.
Speaking of career and experience, we know Jelena has been working for years in hospitals as a nurse. And we also know that hospitals and the health care system have become a prime target for cybercriminals this year.
While most hospitals are focused (or they should be) on improving their medical technology and providing better services for patients, decision-makers often overlook the importance of cybersecurity and all infosec issues in addition to their priorities.
That’s why, we wanted to know from Jelena’s experience with securing data and tech in healthcare, how things have changed about decision-makers prioritizing them.
Not much and for sure not enough. Medical professionals are focused more on using technology to help patients. Privacy is something that we learn to respect, and communication between us and the patient is a privilege, so we can build trust.
Maybe naïve, we did assume that the products we use have the same purpose and that they use our principles of being safe and keeping all communication between us. Same, as we do not need to check, are sterile instruments sterile, we didn’t think we need to check if the devices and software we use are secure and safe. Sadly, the decisions makers didn’t think about that too, starting with vendors, innovators, till the boards of the hospitals. And that didn’t change a lot.
In health, they are still talking more about the money and self-image (being digital and “in”) than about what patients and medical professionals really need.
To make healthcare secure and safe, we need to change the organization that we have now and let medical and security professionals make a decision of what needs to be done, what we really need and what is secure and safe.
And firstly, make security an independent department that will be consulted for everything that is related to technical, digital and connectedness. And stop doing everything to be compliant, but work on be safe and secure.
We really admire Jelena’s transparency and her openness to talk about flaws and concerns in the medical system, and what needs to be changed for more protection for both patients and medical personnel.
Also, we are inspired by her willingness to learn about cybersecurity, having no background in the field or technical studies. That’s why we wanted to know how difficult it was to switch to this industry and what kind of educational resources and materials helped her during the learning process.
Curiosity, the need to know and to understand, being stubborn, passionate about what I believe in, loving tech from early ages?
When you are curious and passionate about something, learning isn’t that difficult. I also was lucky to find enough info security professionals that were impressed that one nurse wants to know more about security, so they did help me a lot.
They did answer my questions, explained to me how things work, showed me tools where I can do the research myself. We had discussions, we didn’t agree all the time, but we could work together. I think that they did appreciate my honesty and saw that I really want to make things right.
It took time to see what I can do because there are a lot of different topics in security. I did need to know what is suitable for me, where I can do my best and how I can help security get the place that it deserves.
So, I did observe to see where the problems are, how much I know about them, what I need to learn. I found out that we need to start from basic to set a good basis to build good security and that I can help with.
Jelena’s answer and personal experience emphasize, once again, the power of infosec community and the wonderful people gathered here, and how much it matters to share and learn one from another toward a common mission: security awareness.
All the things she just mentioned: curiosity, need to know and understand, being stubborn, passionate about what I believe in, love for tech, are 5 excellent ingredients for a successful career in cybersecurity.
That’s one of the main reason why we asked Jelena if she thought about switching from a nurse role to a cybersecurity position, considering all the challenges that this involves.
She openly shares that she did consider this:
Even though I love being a nurse and love my job, security brings me more challenges. Same time, I still protect my patients and help create a safe and secure environment at the hospital and in healthcare for them and for my colleagues.
The combination of knowing the healthcare system and seeing the importance to have good security, gives me great insight on needs, issues, and the possibilities to assist the info security department in solving the problems.
Because of that, I think that I can help build basic security. If we want to build good security, we need to do it step by step (as fast as possible). We need to make the good base in the organization and then, using the technology to build a stable and secure environment.
Speaking of building a safe and secure environment in healthcare, we had one last question for Jelena.
What types of cyber attacks would you say have been destructive for the healthcare sector and why has this industry became such a target for cybercriminals?
I can’t tell what types of cyber attacks are more or less destructive, because some of them are destructive on a long-term, some not. Some of them are visible to everyone and right away, some not, and the consequences aren’t known or published. When we talk about long-term consequences, we can have damage that we maybe can’t fix anymore, like if we lose the trust between medical professionals and patients, because all information about patients is everywhere to see.
Healthcare sector is interesting for many different reasons. Criminals have a lot of different targets, from one person till the hospital self, as an institution. You can find all kind of information about the patients or employee that are not for the public. IMHO, in healthcare everything needs to be secure and safe, protecting and devices and privacy of the patients (and medical professionals too).
It’s just a matter of time that this all can be used on a large scale if we don’t change the situation in healthcare.
Here’s a sneak peek from Jelena’s presentation:
Healthcare without (basic) security is like surgery without sterile instruments
The operation was (technically) a success, but the patient died from sepsis.
(the last slide from my presentation)
Eager to see her live and listen to the full presentation?
Don’t miss the opportunity to get your dose of inspiration from Jelena and ask her more about cybersecurity. Grab your ticket and see you at DefCamp#9 on November 8-9.
DefCamp is powered by Orange Romania and it’s organized by the Association “Research Center for Information Security in Romania” (CCSIR).
DefCamp 2018 is sponsored by Ixia, Keysight Business, SecureWorks and Intralinks as Platinum Partners and it’s supported by IPSX, Bit Sentinel, TAD GROUP, Enevo, Crowdstrike, CryptoCoin.pro, Siemens, Alef, UiPath, Atos and Kaspersky Lab.