25 WOMEN IN CYBER

Dana Spataru

Partner, Deloitte Netherlands

Cyberattacks are the number one business risk in most of the world, according to a 2022 study from the World Economic Forum. Not all cyber threats are alike, and diverse problems require diverse solutions. Yet, the cyber industry is predominantly led by men. How can we solve this significant threat to the business world with only half of the population? Fortunately, the women who make up that percentage are some of the fiercest in the greater technology industry. In this series, The Female Quotient and Deloitte are putting a spotlight on 25 women at the forefront of the cyber revolution, amplifying their career advice and sharing their insights on how the industry will evolve in the future. Their stories are proof that behind every functioning society is a woman in cyber.

What does a typical day of work look like for you?

About 70% of each day is filled with things that were not on my agenda the previous day. This fluidity is also what makes the job exciting. It can be busy between running large client transformations, working on strategy for the global development of the emerging technology cyber capabilities, taking care of the team, and making sure that everyone feels part of the cyber family.

What's a common misconception about women in cyber you'd like to debunk?

A common misconception is that women don’t have what it takes for the job. I strongly believe that there are a lot of valuable skills necessary for the security domain that women might possess more than men.

What aspects of your career journey have taken you by surprise?

Earlier in my career, I struggled with what direction to follow since the technology space is so broad. I had the opportunity to change continents, teams, and focus — to basically go in a completely new direction. One of the partners I was working with gave me transformational advice that proved to also be one of my biggest career surprises. He said there is no wrong choice. Years later, I realized he was right. There are so many areas of technology in which one can be successful and almost any path can be a good one. It is one of the aspects I like most about cybersecurity and the broader technology field.

What's your superpower as a woman in cyber?

Being inventive. I’ve always liked the quote: “The best way to predict the future is to invent it.” I’ve been successful at finding new paths and investing in new capabilities for the cyber domain before others spotted the opportunity. When we were all still focusing on securing traditional IT infrastructure, it seemed very logical to me that the future would be in securing all infrastructure, including all these emerging technologies and connected devices. It was a risky path, but I believed in it. Looking back, it was totally worth the investment.

What's the most challenging component of your job today?

I currently lead what might be the most competency-diverse team in cyber emerging technologies. Our aim is to help clients solve complex cyber challenges by being one step ahead of the technology trends with our services. Whether it is cloud security, pentesting, red teaming, OT and IOT security, cryptography, 5G, or the future of quantum computing, we keep investing in building capabilities in new areas of cybersecurity where deep technical expertise as well as vision for the tech of the future is in high demand. With the emerging technology capabilities expanding rapidly, the main challenge is driving a consistent global strategy that fosters collaboration but does not hinder innovation. This will allow us to hire, grow, and inspire diverse talent necessary for this new infrastructure layer.

Tell us about the cyber project you're most proud of working on in your career.

At the top of the list are two projects: The first is one of the most complex, global, multi-year security transformations for a technology company, which is at the core of the electronics industry. The second is defining the security strategy for an organization working with refugees. Both these projects were extremely rewarding in their own way.

What's one must read, watch or listen for women wanting to work in cyber?

The documentary “Zero Days” had a great impact on me.

How has public perception of cybersecurity changed over the course of your career, and how do you predict in the future?

Cybersecurity still has that aura of a flashy domain where a hoodie-wearing hacker is the protagonist at the center of some exciting crime story. However, the public perception is changing, and it is now normalizing cybersecurity as a domain that is complex and yet increasingly demystified. I envision that the ethical hacker and the security professional of the future will be more diverse, with creative skills covering a broad range of topics.

What's one piece of advice you'd give your younger self about getting started in cyber?

I would tell myself not to think that cyber is all bits and bytes. It’s actually a very cool industry to work in. I used to think that I would probably spend long days in front of a computer working by myself, but the cyber field is so much more than that. There are technology challenges, of course, but also processes and people to deal with that make for a rich set of problem-solving skills.

Who are some women working in cyber today that you admire?

Dr. Reem Faraj AlShammari, the CISO of KOC; Caroline Wong, the Chief Strategy Officer at Cobalt; and Galina Antova, the co-founder and chief business development officer at Claroty.

Dana is a Cyber Security Partner globally responsible for Deloitte’s Emerging Technologies cybersecurity group. She has worked in the last 15 years on helping organizations to improve security in both their IT and OT environments, including IOT and IIOT, working on building strategies and developing implementation plans which help companies prepare for a future which is digital. Additionally, Dana acts as strategic advisor to the World Economic Forum on cyber risk. Over the past 7 years, she has been supporting the Forum to create a platform for collaboration around a quantification model for cyber risks.