Epic Women in Cyber — Ana Ferreira
Ana Ferreira (PhD, CISSP, HCISPP), is an Information Security & Health Researcher at the University of Porto, Portugal. In 2021, she was selected as being one of the Top 100 most influential women in cybersecurity in Europe and she was also shortlisted for the Cybersecurity Woman of the Year Awards 2021, in the category “Barrier Breaker”.
Author of more than 100 scientific publications, with approximately 700 citations, 1 high degree distinction, 1 Portuguese Government Praise and 15 prizes (6 of which for Best Paper Awards), Ana frequently participates as a cybersecurity expert evaluator of research projects for the European Commission.
Her main research interests include socio-technical security, access control, usability, trust, legislation, risk and persuasion as well as inclusive and sustainable cybersecurity. Ana is also a Co-Founder of Women4Cyber Portugal, where she leads the team for Research and Innovation.
How did you get into the cybersecurity field?
After finishing a BSc in Computer Science, I wanted to deepen a specific subject. At that time, one of my colleagues suggested exploring the subject of information security. Since I did not know much about it or its applications in healthcare, I decided to pursue an MSc in Information Security, at Royal Holloway, University of London, UK, in 2001. I was lucky enough to have interacted with the most influential cryptographers, mathematicians, network security engineers and criminologists at the time, who opened for me a whole new world of possibilities in cybersecurity. From then onwards, the quest, search and exploration within the diversity of the cyber world has kept me busy for more than 20 years now!
What are the main challenges in this field?
The main challenge of cybersecurity is its multidisciplinary characteristics. It should not only focus on computer science, mathematics or engineering, but also in psychology, human behaviour, human computer interactions and even social sciences because, as clearly shown and exacerbated by the pandemic, every person needs to be secured online. Moreover, cybersecurity is orthogonal to any domain or activity that integrates data or processes that need protection. Applying and adapting specific cybersecurity requirements to a domain requires more than the usual “one size fits all” solutions. Only then can security solutions be effective, efficient as well as resilient.
What are the things you’ve learned being a woman in cybersecurity?
To be honest, I never thought about gender when doing my job, I suppose I was lucky enough to never have to. However, more and more I am aware of the importance of having more diverse experiences and capabilities to enrich cybersecurity solutions. Women, as half of the world’s population, is not a homogeneous group. It is a wonderful source of multi-diverse knowledge and experiences that human societies, and related cybersecurity technology, are not integrating well. It is now time to do that!
What advice would you give to women who would like to join the industry?
To explore the cybersecurity domain and all related diverse topics the best they can, get informed about required soft and technical skills for different job positions and, most importantly, to talk with other women in the area to know about real experiences in real cybersecurity ecosystems.
Who are your role models?
My role models are all the people that I meet and interact with every day, from my family, to friends, colleagues and even strangers. Everybody has a story, a problem, experiences that need to be heard, and all these give me inspiration. For me, that is where cybersecurity starts.
If you could go back in time to your first days in the industry, what would you do differently or tell yourself?
When I was pursuing my PhD in Access Control in the Healthcare environment, in 2006, there were times when I thought that cybersecurity was impossible, especially when humans were considered in the equation. I needed to push myself forward and motivate myself to keep moving, to not give up. It was a lonely area at that time, especially in Portugal. I remember having an A4 paper that I stuck on my PC tower, in front of me, for encouragement. The paper read: “Do not give up, especially when you do!”. And yes, it was written in English. I do not think that paper did anything, but the one thing I would certainly tell myself, while pointing out to that paper, would be: “Keep going! This is impossible, but important!!”
If you are a founder or a member of a community for women in security, can you introduce it?
I am a Co-Founder of the Women4Cyber Portugal, the National Chapter of Women4Cyber Foundation, launched directly by the European Cyber Security Organisation (ECSO).
The mission of our organisation is to help fill the gender gap of cybersecurity professionals. Our main objective is to encourage, support and promote the participation of women in the field of cybersecurity, by skilling, up-skilling, and re-skilling girls and women towards cybersecurity education and professions.
