A security professional in the digital age

This is ITPE’s first interview in a new series focusing on young IT professionals who are starting out their careers and wish to share their experiences. The series is meant to engage those who have just begun their professional development with our members as well as the wider network of IT professionalism.

This month, we sat down with Vili Harju, who currently works in the entry-level position of ‘Security Coordinator’ at Handelsbanken. Prior to this professional role, Vili did a business degree in security and risk management at the Laurea University of Applied Sciences, which drew his attention to the cybersecurity field.

“This degree taught me about the relation between business continuity and a business itself and the importance of risk management – of course including the cybersecurity risks.

The real interest in cybersecurity started for me, after I got familiar with cyber security books such as Sandworm, and a documentary about the ‘Stuxnet’, Zero Days. The stories there tell how important these (cyber) networks are, which can shut down whole countries when under attack.

Q: Can you describe some of the daily tasks of a Security Coordinator?

“I’m working with information security, cybersecurity and privacy, and my daily tasks include incident management, such as personal data breaches. I help support the different business functions whenever they have any security issues, but we also have to do regular assessments of our systems or processes.

We would, for example, review a new application developed in response to certain business needs to check that it is secure enough and applied under the right security controls.”

“The real interest in cybersecurity started for me, after I got familiar with cyber security books such as Sandworm, and a documentary about the Stuxnet, Zero Days

Q: Do you feel that your university background had prepared you for starting your current position?

“I felt quite prepared for being a Security Coordinator, as this is an entry-level position. My degree covered the main topics, but, of course, when I went to work in financial services there was a lot of new things for me, as well as a new business culture I had to adapt to.”

Q: How often do you think a professional working as a security professional, such as yourself, needs to update his/her competences to match the constantly evolving cybersecurity threats?

“I think that you can learn something new every day – not that you have to participate in a university course on a daily basis, of course, but that you constantly keep your mind open for new things. I think MOOC’s (Massive Open Online Courses) are a very good initiative for anyone interested in updating their knowledge of the field. Right now, I would benefit from doing a MOOC in networking or basic operating system, such as Linux, knowledge. MOOC’s are quick and easily accessible and you can do them on your own time. They’re almost always free or at least not very expensive.

With new tech there will always be some new capabilities and it’s important to stay updated.”

Q: Any advice you would give someone starting out/changing their careers towards cybersecurity?

“Don’t be surprised by its complexity. In the case of Handelsbanken, we have our core banking systems as well as supporting systems and on-premise systems plus cloud systems, and these make up a lot of different environments to be familiar with. As a professional you need to have a basic level of understanding of them before you start monitoring them for security risks – in the same way that you can’t be a doctor, if you don’t understand basic anatomy before you start studying the diseases.

It was a surprise to me that there is a lot to learn about basic functionalities and infrastructure before you can work as a security professional.

It’s also important to make sure your employer is encouraging your professional development, including training and upskilling. Some companies might think that participating in trainings is taking too much time away from office hours and that you’re not being very productive. But everything that you learn is to the benefit of your company as well.”

Q: Some employers might be afraid that their newly trained employees will leave them, and take away that benefit?

“Even if that’s the case, I think it also benefits the company’s public image to be seen as a supporter of professional development. People talk a lot about their jobs, saying ‘I’m participating in this or that’ on LinkedIn, for example. When your network sees that your employer offers such opportunities to you, it reflects positively on the company as well.”

Q: What’s the next step for you as a security professional?

I’m working to become an ‘Information Security Specialist’, which requires that I gain more knowledge about IT than needed in my current role. I will, for example, need to get familiar with the Industry standards such as ‘ISO 27001*’ that many companies use to show their customers how information security is managed in their company.

* Read more about ISO and their international standards here.

If you would like to know more about the role of Security Coordinator, or other profiles within the field of cybersecurity, please get in touch with us at info@itprofessionalism.org. Join ITPE and stay informed about our interview series as well as other upcoming events.