We must look for talent in unexpected places

Monday, December 11, 2017

Anouk Vos has more than a decade of experience as a strategic cyber security advisor for international and national governments, multinationals and NGOs. She co-founded the high-tech consultancy Revnext and the non-profit organisation Cyberwerkplaats, which reimagines IT education. She also co-founded the Women in Cyber Security Foundation to foster connections amongst underrepresented women in the field.

How are you helping to reshape how we think about cyber security through your initiatives Revnext and Cyberwerkplaats?

Revnext is a high-tech strategic consultancy. We combine cyber security with other technologies that are shaping tomorrow’s world, including forensics, transport and logistics, clean tech and e-health. However, when we launched Revnext, we didn’t want to launch just any cyber security company. We wanted to reinvest our profits in social areas that don’t receive much funding – topics we think we will boom in the next few years, topics that fascinate us.

One of the projects we’re co-financing and launching is Cyberwerkplaats. Because companies tend to seek highly skilled academic staff to manage their cyber security needs, a lot of funding goes into traineeships and programmes for individuals with advanced degrees.

However, patching and updating systems and looking for vulnerabilities isn’t always rocket science, and the best security experts I know don’t have a single diploma. Most hackers do it because they have this inner drive to uncover vulnerabilities, and you’re more likely to find them on the couch playing video games than in universities.

Cyberwerkplaats is an experiment in activating untapped talent. We launched the programme in the industrial city of Rotterdam, where many companies are looking for ICT talent and where there’s a high degree of youth dropouts and a large gaming community.

The idea is to invite volunteers to our workshop, teach them basic hacking and ICT security skills and then connect them with companies looking for new talent. None of our students pay tuition; our sponsoring companies cover the costs and draw their interns from the group. This is the next revolution in IT education.

What drove you to pursue a career in cyber security?

I trained to be a diplomat. I had no intentions at all of pursuing a career in IT or security. Then, while I was completing my first internship at the Dutch Ministry of Foreign Affairs in 2007, we saw one of the largest-ever international cyber-attacks occur in Estonia. Many people don’t know that Estonia is one of the most connected countries in the world. Banking, voting – you name it, they do it online.

After the attack, it was as if Estonia were physically bombed. Nobody could access their money, the entire communications system fell and hospitals couldn’t function. This was a new frontier in diplomacy, something that was not covered in international law. I was fascinated.

Nobody knew what to do, so my boss at the time said to me, ‘Anouk, you’re the youngest one here and you have the newest phone. You wanted to learn more about international diplomacy? Well here’s your chance. Go find out as much as you can.’ I was so intrigued by everything I learned while researching the case in Estonia, but I was also intrigued because it was a Cyber Wild West.

When there are no rules, everything goes. I knew then that this was what I wanted to do. It was so much more interesting than traditional diplomacy. That was the beginning of my cyber security career.

What’s the story behind the Women in Cyber Security Foundation?

When I started to teach myself about cyber security 10 years ago, I was often the youngest attendee and almost always the only woman. I’d arrive at a venue and people would ask me to hang their coat or make them coffee. People didn’t take me seriously because it never crossed their minds that I belonged there.

In 2013, I met two other women who shared my experience, and we thought it would be cool to have a network of women to attend events with. We set a goal to find 20 women, and we didn’t think we would. But after we started recruiting, we hit a snowball effect, eventually reaching more than 800 women worldwide. After that, we had to figure out what to do with this network.

We coach women to get on stage as keynote speakers and panel contributors to increase our representation at cyber security events. We also encourage women to share their stories publicly, and we organise teaching sessions at primary and high schools to provide role models and change the perception that only men work in cyber security.

We entered the first-ever all-female hacking team at an event in Amsterdam. The organisation was so happy to have an all-female team that they literally rolled out a red carpet and set the women on a stage. They hated me for this because they were very self-conscious, but they were brave and sat there anyway.

As they started hacking, I watched as women of all ages entered the venue and their eyes were immediately drawn to these women on the stage. I experienced first-hand the effect of having simply women on the stage, showing what they do and providing representation.

 What advice do you have for young women interested in cyber security?

Not too long ago, I met a woman at a conference who whispered, ‘I’m a bit of a geek, but not really because I don’t know a lot.’ She was picking a lock to entertain herself and had the newest game in her black Prada bag.

I said, ‘Who are you calling a non-geek? I don’t know anyone who carries these things around!’ Women tend to be modest, and they are often feel that they have to self-study for weeks or watch every YouTube tutorial and read every book before whispering that they’re interested in a tech career.

If you’re interested, put yourself out there! I’ve found that almost without exception, people have been very willing to open up their world to me. Some say that hackers have this hippie mentality, and I think they’re right. Most people don’t realise there are large communities of people who are protecting our data, monitoring our power plants and police systems and working together to make our digital world safe.