Queen Bees is an interview series which will regularly share inspiring career insights from women leading in their cybersecurity hive. We managed to question these busy bees, and hope to inspire others with a career in the cybersecurity industry! Do you know an inspiring female leader with an interesting career to share? Contact us! 

Earlier this year, the team of the Cyberhive Europe had the opportunity to meet with Anett Mádi-Nátor, CEO of CyEx.hu and President of the Women4Cyber Foundation. Anett has two decades of experience in strategic and administrative layers of information security and cyber defence both as a private sector subject matter expert and as a government representative. As the CEO of CyEx.hu, she leads the knowledge-based cybersecurity service provider offering proactive cyber solutions for both domestic and international markets, primarily for large corporations and governments. Besides, she is the President of Women4Cyber Initiative and Foundation, a non-profit organisation aimed at promoting, encouraging, and supporting the participation of women in the field of cybersecurity, launched by European Cyber Security Organisation (ECSO) and the European Commission. 

Anett, could you briefly describe your career path? When and why did you decide to work in cybersecurity? 

I don't really have a typical career path in cybersecurity. I started approximately 2 decades ago, and it was completely by accident. Regarding my university education, I have nothing to do with cyber. Instead, it links me to history and linguistics, psychology and teaching in general. Because of it, I think I have a different approach to cyber in general than those colleagues who have an engineering or STEM background. And that matters in certain decision-making situations.  

I've been in cyber for approximately 20 years right now. I started working for an IT company as a communications assistant and international project assistant, but a couple of years later my team of that company was insourced by the government to formulate the Cyber Defence Management Authority within the National Security Authority of Hungary. So, my primary experience comes from two domains, industry and government. This is the kind of real-life education, or I should say environment, that provides the best insight into how cybersecurity and cyber defence works. 

In 2015 I went back into the industry, andwe created our first company together with some long-time colleagues. Fast forward, our company joined the European Cyber Security Organisations (ECSO) and a couple of years later I joined the Women4Cyber Foundation, which I currently preside. The rest is history, I never planned this kind of career path; it just came by. 

Did you have any role models? Who were they? 

For a long time, I didn't even meet a woman who was active in cybersecurity on my level. So, I didn’t really have a female icon who I could relate to. Especially as I am not solely specialised in compliance, because you may be able to choose someone as an icon if you pick a narrow area, but my activities spread much wider. For me it was quite difficult to pick someone. 

On the other hand, I think I was extremely lucky because the team with which I started working was quite right. We were around 20 people, most of them being men, and many of them were very supportive. It was kind of refreshing for them to work with women in this very special field. But my region is not like other parts of Europe, because we are a post-socialist country, so society is slightly different. We are used to having mixed teams even in engineering. 

In your opinion, what are the main challenges faced by the cybersecurity industry today? 

It's an extremely complicated question and the answer could go for like a week… But I believe three things are very significant to give at least an approximate to this question. The first one is that we have a very, very fast elevating geopolitical environment with a very strong effect on the cyber domain. I'm thinking about the armed conflict nearby. You know, to deal with the related security and defence issues. 

The second one, especially in Europe, is the legislative environment. Europe is the leading geographical area on the globe when it comes to formulating the cybersecurity environment from a legal perspective. It also makes cybersecurity much more administrative than, I may even say, than it needs to be. So, it doesn't always have the intended effect on cybersecurity. When it comes to research and innovation, as well as in operation it practically is a drawback. For example, the AI Act will most probably kill the cyber threat intelligence subdomain in Europe. The reason is that everything what we do in cyber threat intel already and increasingly utilises AI, but in many cases also involves the analysis of personal data, which is kind of inevitable. Based on the AI Act, it becomes extremely difficult for commercial companies to provide AI-based CTI related services in Europe as we either stick with the technology of the previous decade, ie. do not use AI for analysis and correlation or run with the risk of analysing data sets that may potentially contain personal data with fast and efficient AI models to meet valid customer request and so risk going against the European regulation. The most likely outcome is that CTI service providers either move out of Europe or stop providing such services. It also is very similar when it comes to investing in cybersecurity as Europe is seriously falling behind North America and Asia, so we don't even have a very supportive financial opportunity package. We could do much better. 

Lastly, what do companies not like spending on? Security issues in general. So, it's not easy. If you combine the three, it's quite difficult. I'm less optimistic than like five years ago. 

What do you identify as paths that could potentially lead to solving these issues?  

We've had several conversations with the European Cyber Security Organisation (ECSO) since its foundation. As far as I know, around 92% of the European cybersecurity market are SMEs. On the other hand, most realised businesses are done by large service providers (security and defence solution providers, OEMs, equipment manufacturers…). If we don't have the necessary, or I should say essential, financial means to support the overwhelming majority of the cybersecurity market, the SMEs, we cannot expect Europe to build a solid cybersecurity industry. 

Currently Europe does not have the financial ecosystem to support SMEs. Some venture capitalists may invest in startups, but the volume of investment and the amount of invested money is incomparably smaller than in other regions. 

Even if you think about traditional financial products that can be gained from banks, like loans and similar financial products, those are hardly available for SMEs, especially for those who focus on innovation. Because the outcome of an innovation process is in many situations a non-tangible product, like a software, and no one can get a bank loan to support expenses of innovation if the outcome of the innovation is not a hard product. 

So, there are some structural issues. When we started ECSO, one of the first discussions was about how to facilitate building the digital single market, assist the companies to step onto it, and grow organically. That's a very ideal expectation, because no matter how many conversations went through on different levels with the European administration, this is one thing that is still missing. So, there is a huge and structural lack of SME support in Europe. In cybersecurity, we feel it every day. 

Looking at your own future now, what are your goals for your career in the upcoming years? Is there anything you are working towards achieving? 

There are two areas in which I’m focused on right now. Although a primary statement is very important: when it comes to my career, probably it's surprising, but I'm not a career builder personality, so I don't build my career intentionally. I'm simply not that type. I am more interested in specific tasks or projects. I invest in people, I invest in ideas, and I invest in innovative projects but not necessarily in my next career level. 

With this background, it will not be surprising that one of the key areas where I focus is Women4Cyber. Building the initiative to something larger, because it already covers Europe, and I would like to see it going global the next five years or even 10 years. I believe in it, because it has some KPIs that make it possible, but it's a team effort. 

The other area is research and innovation in cybersecurity. I'm very lucky because my team has some really brilliant minds and I simply love working with them. I very much appreciate human creativity. I think it's extremely important and one of the most valuable things that you can find in your professional life. If you can work with smart people, you are lucky and you will always be OK.  

These are the two career goals. If I can have these, we will be able to accomplish whatever we picture in our minds, everything will come organically. 

As a closing line, what would be a message you would give to your younger self? 

You know, I've been doing this for 20 years, but the first couple of years were absolutely challenging for me. If you need information on something, you can read it now and you could read it 20 years ago as well. And you can ask people for help. If you turn to someone, 95% of the times they will not turn you down. Therefore, communicating about what you want to know is is a positive thing, it makes you move forward. 

Getting there where I am now probably took me longer than if I had a technical background, but 20 years ago you couldn't even get a proper cybersecurity degree. You could get engineering degrees, but there was no such thing as cybersecurity courses at universities. Things are moving now, so I would approach it differently, get a degree in cyber if I wanted to start my career now.