EU CyberNet is a EU-funded cyber capacity building project aimed at establishing a pan-European expert network to help solve cybersecurity challenges around the world. And cybersecurity experts are the core of EU CyberNet and instrumental to the objective of building and promoting the model of an open, free, secure and stable cyberspace. This growing EU Cyber Experts Pool consists of almost 400 experts so far, on topics such as cybersecurity, cybercrime, cyber diplomacy, cyber defense, AI, etc. that connects to a wider pan-European Stakeholder Community to assess partner countries’ needs, organise trainings and offer our experts’ cyber expertise to support various initiatives around the world.
What is less brought to the foreground in the work we do is the human factor and the work of individuals driving the progress forward across the globe.
In this mini-interviews series we will meet our Cyber Experts as industry leaders and discover the essential contributions they make in shaping the cyber world and ensuring its seamless operation!
In the March interview we’ll meet Saira Isaac Hernández, Information and Communication Technology Engineer with a Master in Cybersecurity and an Expert with the EU CyberNet.
Please introduce yourself and the work that you do. What are the reasons for your interest in the cyber world?
ENGLISH
I am a professional with more than 12 years of experience in the area of information security and systems auditing for different government, health, academic and financial sectors. I have worked on projects for the implementation of different cybersecurity frameworks and the design of controls to ensure critical business processes, definition of cybersecurity strategies, implementation of Incident Response Teams and Security Operations Center, Cybersecurity Risk Management. Currently, I am a Cybersecurity Manager at Cybersecurity Blue & Red Team (CBRT), leading advisory and consulting services. In addition, I am an Active Professor at the Pedro Henriquez Ureña University and the Instituto Tecnológico de las Américas (ITLA).
I have the certifications: ISO 31000 Risk Manager, ISO/IEC 27001 Provisional Auditor, ISO 22301 Provisional Implementer, ISO/IEC 27005 Risk Manager, ISO/IEC 27035 Lead Incident Manager, ISO/IEC 27032 Lead Cybersecurity Manager
Being able to develop in this area that I am passionate about makes me feel part of a great ecosystem with the mission of improving the use of cyberspace.
One of the main reasons I like this area is that it allows me to positively impact users, seeking always the way to secure the digital space and ensure that the processes are carried out in the most effective and safe way possible.
SPANISH
Soy una profesional con más de 12 años de experiencia en el área de seguridad de la información y auditoria de sistemas para diferentes sectores gobierno, salud, académico y financiero. He trabajado en proyectos para la implementación de diferentes framework de ciberseguridad y el diseño de controles para asegurar los procesos críticos del negocio, definición de estrategias de ciberseguridad, implementación de Equipos de Respuesta a incidentes y Centro de Operaciones de Seguridad, Gestion de Riesgo de Ciberseguridad. Actualmente Gerente de Ciberseguridad en Cybersecurity Blue & Red Team (CBRT) , liderando servicios de asesoría y consultoría.. Además, Docente Activa en la Universidad Pedro Henriquez Ureña y el Instituto Tecnológico de las Américas (ITLA).
Cuento con las certificaciones: ISO 31000 Risk Manager, ISO/IEC 27001 Auditor Provisional, ISO 22301 Provisional Implementer, ISO/IEC 27005 Risk Manager, ISO/IEC 27035 Lead Incident Manager, ISO/IEC 27032 Lead Cybersecurity Manager
Poder desarrollarme en esta área que me apasiona me hace sentir parte de un gran ecosistema con la misión de lograr mejorar le uso del ciberespacio, Una de las razones principales que me gusta esta área es que me permite impactar de manera positiva en los usuarios, buscando siempre la forma de asegurar el espacio digital y lograr que los procesos se cumplan de la manera más efectiva y segura posible.
There is an obvious gender misbalance in the field of cyber. With you being one of the few exceptions, are there any challenges in your professional life related to this?
ENGLISH
Yes, the truth is that as a woman in this world full of men and who were initially the owners of it, it has been a challenge to occupy a space and make a difference that has demanded more of me, but I have also found teachers who have allowed me to grow and share what I have learned. Achieving a space of authority within the circle [of men] has been a journey of a lot of work and extra miles.
SPANISH
Si, la verdad que como mujer en este mundo lleno de hombres y que en un inicio eran los dueños de el ha sido un desafío ocupar un espacio y marcar una diferencia que me ha exigido más pero también he encontrado maestros que me han permitido ir creciendo y compartir lo aprendido. Lograr ocupar un espacio de autoridad dentro del circulo ha sido una trayectoria de mucho trabajo y millas extras.
What do you think are the current challenges in the field of cyber that you see in your daily work?
ENGLISH
One of the main challenges is contextualization, cybersecurity comes to ensure a world that was already in operation and it is important to understand that having the context of what you want to protect and being realistic in relation to business objectives is vital for implementation of efficient and effective controls but above all that can remain over time. Another important point is to bring technical terminologies to administrative languages to achieve high-level awareness.
SPANISH
Uno de los principales desafíos es la contextualización, la ciberseguridad viene para asegurar un mundo que ya estaba en funcionamiento y es importante entender que tener el contexto de lo que se quiere proteger y ser realista con relación a los objetivos del negocio es vital para la implementación de controles eficientes y efectivos pero sobre todo que puedan permanecer en el tiempo. Otro punto importante es llevar las terminologias tecnicas a los lenguajes administrativos para lograr concientización de alto nivel.
Based on your experience, what practical measures do you recommend enhancing cybersecurity?
ENGLISH
Among the measures that I recommend improving:
- National and international legislation must be better known by all actors;
- The participation of all sectors in raising awareness and protecting data;
- Establish channels for communication and reporting of incidents;
- Work more efficiently in the implementation of operational measures to protect assets.
SPANISH
Entre las medidas que recomiendo deben mejorar:
- Las legislaciones nacionales e internacionales deben ser mas conocidas por todos los actores.
- La participacion de todos los sectores en la concientización y protección de los datos.
- Establecer canales para la comunicación y reporte de incidentes.
- Trabajar de manera mas eficiente en la implementación de medidas operativas para la protección de los activos.
Can you give us an example from your work that you believe makes a difference in advancing cybersecurity?
ENGLISH
Within my work as a professor I generate tools for my students, not only for the technical or operational part but also for the analytical part as it is an important skill in cybersecurity. And as a consultant and advisor of different projects, I always seek, together with my team, to ensure that cyber issues are not unreal issues but rather see them as close to reality with the aim of achieving permanence and efficiency in them, always oriented towards maintaining efficient operations.
SPANISH
Dentro de mi labor de docente genero herramientas para mis estudiantes no solo para la parte tecnica u operativa si no para la parte analítica pues es una habilidad importante en la ciberseguridad. Y como consultora y Asesora de los diferentes proyectos siempre busco con mi equipo que los temas de ciber no sean temas irreales si no verlos lo mas cerca de la realidad con el objetivo lograr una permanencia y eficiencia en ellos, siempre orientado a mantener las operaciones eficientes.
How do you think is EU CyberNet playing a role in building this community of experts and advancing cyber capacity building efforts around the world?
ENGLISH
According to my experience, it plays a very important role because of the coordination and making possible the different meetings and training, as well as the participation in activities to discuss cyber issues that make more people intercommunicate to achieve the objective of creating solid and related contacts.
SPANISH
Según mi experiencia juega un papel muy importante pues la coordinación y hacer posible los diferentes encuentro y entrenamientos, así como la participacion en actividades de discusión de temas de ciber hace que más personas se intercomuniquen para lograr el objetivo de crear contactos solidos y afines.