Queen Bees is an interview series which will regularly share inspiring career insights from women leading in their cybersecurity hive. We managed to question these busy bees, and hope to inspire others with a career in the cybersecurity industry! Do you know an inspiring female leader with an interesting career to share? Contact us! 

Earlier this year, the team of the Cyberhive Europe had the opportunity to meet with Annika Wägenbauer Business Development Manager at VICCON GmbH and International Stakeholder Relations Officer at the Institute for Security and Safety at the UAS Mannheim.

Could you briefly describe your career path and current position? 

What immediately comes to my mind when you ask me to describe my career is: life brings you full circle to show how far you have come. I believe this is absolutely true and I have felt this resonate with me so many times. Three unifying terms: innovation, bridge building and tech feminism. I am currently working in cybersecurity and nuclear security. But if you think I have a background in informatics or physics, you are barking up the wrong tree. Before switching to cyber, I worked in security and automotive - …and before that in law and public communication. If you had asked me in 2016 about my current career, you would have talked to a young Master’s student working at a law firm for immigration and asylum law. As a German. In the Unite Kingdom. While the referendum on Brexit was being held. Right place, right time? Yes, I do believe in that. You are probably still wondering about my educational background, right? So what have I really, REALLY, been trained to do? I hold a Bachelor of Arts in European Studies and a Master of Social Sciences in International Security and Law. I focussed in both of my theses on the philosophy of law. I have lived in 9 countries so far, speak 8 languages. Right, no-brainer that I ended up working in cybersecurity. You know why? Because all of this equipped me to be a very good cybersecurity professional when it comes to holistic cybersecurity, matching the current discourse extremely well. Cybersecurity is more than managing firewalls. It is about managing people - maybe even in th first place. The human factor is crucial on both sides, think about cyber attacker profiling, ab insider threats, but as well about the first line of defense in your organization: the colleague sitting next to you. Circling back to my initial remark on full circle moments: at some point in the beginning of this year, I found myself sipping a canned beer at PLUX on Thursday in the very heart of the EU bubble in Brussels. And I thought to myself: look at you. Dreamt of working for one of the Institutions when I was studying back in The Hague - and now: same same but different.

When and why did you decide to work in cybersecurity? Was there anything or anyone sparking your interest in cybersecurity? Were you already interested in IT security when you were young?

So, let me tell you a brief little story, okay? About two years ago, I was pretty settled in my career (yeah, as I said, not cyber), mom of two kids, my younger one still a teeny tiny baby, somewhat lost and looking for a new challenge. Sounds like a joke because what more of a challenge do you need besides the insanity of having a newborn and a toddler around?! But yeah. Already during my pregnancy, actually right from the beginning, I joined a training program offered by the Institute I am working for now. 10-month-long deep dive into what the heck cybersecurity is. 

So, that grew on me alongside my daughter - and I started loving both to death. Honestly, I might have already been interested in IT security when I was younger - under different circumstances. Under the right circumstances. My sole point of contact was programming a hamster to reach his food when I was about 11 or 12 years old in school. Well, programming sounds exaggerating - we actually had to handwrite the code in a Word document, without being able to test it properly. It wasn’t fun, it wasn’t engaging, it didn’t spark any interest whatsoever in me. Fast forward a few years, MySpace became a thing. Do you remember that? I was still super young and so into it. Customizable profiles ruled and "Top 8" friendships were serious business? So as a very young teen, I dove into the fascinating world of coding by personalizing my MySpace profile. It all started with a curious mind, a sprinkle of HTML, and - very much first foremost - the desire to make my online space uniquely mine. In the end, learning to code for my MySpace profile wasn't just about aesthetics. Experimenting with HTML, CSS, and a touch o JavaScript opened up a whole new universe of possibilities that I didn’t reflect on until now 

Because long before STEAM education became a buzzword, I (alongside so many other emos and indie girlies) was unknowingly dabbling in Science, Technology, Engineering, Arts, and Mathematics. And, who knows, maybe it’s (at least partially) thanks to the teenage coder in me that those early HTML musings laid the cornerstone of an actually career journey in tech filled wit endless possibilities!

How would you describe your experience as a woman in this field? 

Honestly, working as a woman in cybersecurity is not very different from working as a woman in the automotive sector or working as a woman in national security. I haven’t seen many and certainly not enough women. But diversity doesn’t equal gender parity. It is so much more. From ethnicity to professional and educational background to different character traits, the list goes on and on forever - I mean that In our capitalist (and also patriarchic but that’s another story) society, the loudest tends to win. Because we tend to encourage character traits such as elbowing our ways to the top, being bold, courageous, thinking outside the box,… I personally don’t have a problem with that, being a pretty loud human being myself. BUT: I know that I don’t always have the right answer (although I might think so). I start asking my less loud colleagues for their opinion - but not just to inform mine so its time for me to shine, but to have their voices being properly heard instead.

Were there any unique challenges to overcome to get to the position where you are now? Did you ever encounter any gender-related stereotyping? Feel free to mention examples.

Well, when I am speaking at conferences which I do quite frequently, either delivering keynotes or sitting on panels, how many female CEOs, CIOs, CISOs are there? Not many. Not enough. And also: how many of them are big stage speakers? Being literally the only female and the only person under the age of 40 - and also the only one not wearing a dark blue suit for that matter - in the room occurred to me more than once. And, by the way, you can very much look like a super hip 24-year-old AND be a male middle-aged guy inside. Because diversity is so much more than what meets the eye, it’s about bringing to the table and, from the other side of the table, acknowledging and appreciating truly different perspectives. Because these are the driving forces of innovation and change, right? For top management, I also see the issue of, again, having leadership traits culturally very closely tied to traditionally male and living that unconscious bias. Also: lack of inclusive leadership pipelines, the infamous boys networks and their friends, family responsibilities, organizational cultures, etc. But what’s very specific in the cybersecurity industry is that we see CISOs generally changing jobs quite often, heavily experiencing burnouts, etc. Summed up: we need this organizational and societal shift towards healthier working cultures, not having that one person working on the job 24/7, especially not blaming that one person alone in case of an incident. It will benefit both, male and female and anything in between.

Do you have any role models (in the field or outside)?

Very beautiful question, but very difficult to answer. The colleagues I have had the pleasure work with throughout my career in cyber are definitely exemplary. They work part-time, full-time from home, on their ways to school, on the most meaningful projects. Serving clients and the fir meaningfully and holistically, from creating social media marketing concepts to drafting training programs - they do it with passion. Is now the time to name drop some of my favorite ladies in cyber? This list will never be exhaustive and most of you know who you are. I believe in the importance of role models, especially for young girls. You can’t be what you can’t see. But I personally rather close my eyes and see myself instead of another real life person. But that’s just me, I guess.

What actions do you think should be taken in order to close the gender gap in cybersecurity?

I want to be very, very practical here, okay? And I don’t want to talk about closing the gender gap, but about reaching a more diverse workforce in cybersecurity. If you are not on the board yourself, understand that business case within diversity and communicate it effectively to your C-level. You need the whole organization on board ideal. Seek advice, if you can, and very tangibly: reflect your own unconscious biases daily, be open t friction and see the beauty in it. Don’t work with people that mirror you but contradict you entirely. Without causing too much disruption of course, don’t get me wrong. But a little bit of a shake-up isn’t always negative.

Do you have any suggestions for women to pursue careers in cybersecurity? They can be educational, professional, personal…

Talking about these boys clubs again - we need them as well. As a little bridge for the time being. I myself am part of Women4Cyber Germany. The benefit to any network is essentially knowing each other and supporting each other. And that doesn’t even have to be a highly organized network, it can also be a little informal group. My friend Anu Kukar, me and a few other cyber ladies set one of those up. Also: convenience is your enemy. We like people that mirror us. That say and think the same that we do. It’s the same dynamic we see in hiring processes by the way. And we need to very consciously take the decision to prefer inconvenience over convenience.

As a closing line, what would be your message for women in cybersecurity?

Know your worth. I am repeating myself, but again: diversity is a business case. Improved financial performance, better innovation and problem-solving, enhanced decision-making, access to a broader talent pool, greater employee satisfaction and engagement, better customer understanding and market access (in some cases), reputation, risk-mitigation and long-term sustainability. See the strategic advance in not being the 25th male Gen X techie in the team.