Name: Nuria Andres
Position: Cybersecurity Strategist at Proofpoint
Date of Birth: 12-22-1975 Sons: one
Hobbies: traveling and swimming
Studies: Senior Telecommunications Engineer, Bilbao School of Engineering. Master’s degree in information security from the University of Deusto. Executive MBA by ESIC
Interview with Nuria Andrés, cybersecurity strategist at Proofpoint
How did you get into the ICT world? I came to the ICT world because as a child I really liked computers. I am from Vitoria and when I was little, I would have been in the 6th or 7th year of EGB, my father told me “okay, I’ll buy you a computer, but I’ll sign you up for a programming course”. It was the typical computer store of that time that sold computers. In the back I gave programming classes and I started programming in GW-BASIC. My teacher, whose name was Paco, taught us to program while playing and that was the beginning of everything. Later, at school, when I was a little older, we continued doing programming things like LOGO, and I ended up doing Telecommunications Engineering in Bilbao, because I liked computers. What do you value most about your job? Without a doubt, I have been able to develop different roles. I started with something very technical, configuring routers and switches as a telecommunications technician. And the truth is that my work has allowed me to play different roles throughout my professional career: I have been a technician, pre-sales engineer, project manager, head of business lines and now I design strategies and manage sales for a manufacturer of cybersecurity. I have had the opportunity to go through different types of companies and different positions and, above all, I have been able to meet many really interesting people who have contributed a lot to me, both from a professional point of view and from a personal point of view. In your opinion, what is wrong so that women do not bet more on the study of STEM careers? I believe that we have to teach girls what the future is. And here, more than talking about STEM careers in general, I think that each of us professionals who work in science and technology fields have the opportunity to speak to them from our experience. In my case, tell them more about cybersecurity. And it is that many times it is projected that this is a dark world, a world of hackers, a world of people with hoods who work in a cave and, really, it is not like that. Actually, it is a world in which you can develop very different roles, from more technical areas to more commercial aspects and business development or related to marketing or product development issues, etc… The possibilities are endless and it is true that we are not projecting them towards the smaller ones, but many times only that darker side is projected. On the other hand, in this world we really like acronyms, even I usually miss some and with this we run the risk that people do not understand what we do. Therefore, I think it is part of our job to explain what this world of cybersecurity is like, but we have to do it in an understandable and fun way for girls. Do you think there is a “glass ceiling” in ICT companies? What should be the solution? Before Proofpoint, I had already worked in companies where there were women in senior positions. And I’m not just talking worldwide, in Spain, in technology companies there are women who have already broken that glass ceiling. Even so, it is true and it is a reality that the percentage of women who work in this cybersecurity sector is very small. And what are the consequences of this low presence in the sector? Well, it is much more complicated for a woman to come to play managerial roles. It is a purely statistical issue because there are many women in this country who have broken those glass ceilings. Can a quota policy solve the problem? I am not in favor of a quota policy, I am a fan of betting on talent, regardless of gender, race or age by giving you various scenarios. There are many people, regardless of whether they are men or women, who are being discriminated against because of their age. I think that really what you have to bet on is talent and there is a lot of female talent. That is what we have to promote. What difficulties did you encounter to get to the position you currently have? Well, I have to say that I am lucky because I have always been changing jobs because someone has called me because of the professional performance that I have been having. There has always been someone who, after meeting me on a project or doing something for a client, has come to offer me a new development opportunity. In fact, my own joining Proofpoint came about because I had previously met one of my colleagues. From that point of view, I have to admit that I have been and am lucky, because I have not had to send thousands of CVs to specifically get this job, but rather the company has seen in my career the talent they needed to do it. What do you value most about your company regarding the integration of women? Without a doubt, Proofpoint is a company that is committed to diversity and talent. There are good examples of this in the company. We have international female role models, such as Nikki Cosgrove and Sherrod DeGrippo, who act as spokespersons on cybersecurity strategy issues and Proofpoint projects their public image a lot not because they are women, but because they are extremely talented people. In addition, Proofpoint is strongly committed to diversity, so it is very easy to meet and work with very different people on an international level here. And, at a local level, we are also committed to it. And it has been precisely the male profiles that have supported and encouraged us to launch an initiative for women only, in which both the women of Proofpoint and the company’s clients participate, with the intention of creating a community and sharing our message. Our colleagues support us in the preparation of the event, but then only women attend. 35% of students do not manage to finish high school or the equivalent vocational training. Is education the problem of the lack of specialized profiles? I think we have to change many things from the point of view of education and here I speak as the mother of a 7-year-old boy. From my point of view, a subject like cybersecurity should be something that is taught in schools to adapt to the reality in which we live today. Life has changed, when I was little, I had no cell phone, no WhatsApp, no social networks. What’s more, I have Facebook, but my son and his classmates don’t. I think that in schools we have to make them aware of the risks of social networks, of the risks of clicking on a link… and that is something we should do now. There are schools that are beginning to do so and I think that if we teach them about the risks that exist in digital environments, perhaps we are helping them consider working and developing in a profession that helps provide solutions to these problems. With which, I believe that in the very basis of education is part of that problem. In fact, I also see that my son learns quite differently than I did. In my case, he bent his elbows, he studied by memorizing and now learning is more from reasoning. But from the point of view of content, I think we have to take a look at how the world is today and incorporate certain subjects or skills, such as the subject of security in digital environments, into schools. Have the studies he did served him to carry out his current work? I have to admit that when you work in the technological field you have to be constantly updating yourself. When I studied telecommunications, they gave me a maxim: What the degree will teach you is to think and face problems. And it’s true. Then, everything I learned throughout my professional career, since I started configuring routers, I had to learn on the job.
Solve the problem of education in Spain…
The solution is in line with what was mentioned above, taking a look at the current panorama and the possibilities that new technologies open up for us from the vital and business point of view, trying to predict what they are going to ask of our children in the future and integrate those subjects and those contents in their education from an early age. I always think that my son may develop a profession that does not exist now, in a more digital environment, driven by everything related to robotics, artificial intelligence, machine learning… Today they are common topics of conversation, but we have to incorporate these subjects from an early age and from the point of view of the game. You can teach a child to program, but playing. If you had to advise a young person what to study in order to obtain a stable job future, where would you guide them? First of all, I would be interested in why he likes to do it, why it amuses him and I would try to hook him from there. And I think that the field of cybersecurity offers many possibilities for the future. Let’s think that, in an environment of digital transformation like the one we are experiencing, regardless of whether we talk about robotics, artificial intelligence, cloud, software, etc… a key piece is that this entire environment has to be safe. This opens up a field full of great opportunities. Where do you think the ICT sector is going? In your opinion, what are the trends that are really going to transform society? AI, automation, robotics, do you really believe that the future passes through people? Cybersecurity is a key enabler of a digital transformation that is based on other pillars such as those mentioned above and that go through robotics, automation or the application of artificial intelligence, to name a few. I am working in a sector that is closely linked to this digital future, but that inevitably passes through people. In fact, at Proofpoint our security strategy is people-centric. Hackers no longer focus their efforts on attacking infrastructures, the objective of their attacks has taken a 180 degree turn compared to when I started at university. Now, they attack our vulnerabilities as people. They take advantage of the fact that I’m tired, for example, to send me an email and make me click where I don’t have to. And with that, they get my credentials and can impersonate me to access systems where I have privileges as a user. Therefore, the future always passes through people and relationships between companies will always be a matter of people, of trust, and reinforcing their security will be key in the ICT sector.