Ejona Preçi is a cybersecurity expert with over a decade of experience in the field, demonstrating a profound dedication to promoting diversity within the cybersecurity realm. She holds the position of Principal Manager for Cybersecurity Risk at FREENOW and serves as the President for WiCyS Germany. Ejona has earned recognition as a prominent figure in the industry, garnering features in online magazines and social networks for her roles as a mentor, author, podcaster, community builder, and keynote speaker. She is an avid writer, actively crafting articles, and industry news on cybersecurity topics. Ejona has been recognised as one of the Global 40-under-40 in Cybersecurity for 2024 and a finalist for Cybersecurity Woman of the Year Award 2024.
Recently, in an exclusive interview with Digital First Magazine, Ejona shared her professional trajectory, insights on the most difficult cybersecurity issues to watch out for, the best piece of advice she has ever received, future plans, words of wisdom, and much more. The following excerpts are taken from the interview.
Hi Ejona. Can you share a little bit about yourself and how you got into cybersecurity?
I’m Ejona, a cybersecurity geek during the day and a podcaster, writer, and community builder in the evenings. As a lifelong learner, I enjoy discovering new tech advancements and sharing this knowledge to contribute to the field of cybersecurity and help make it better.
Beyond my professional pursuits, I’m also an avid traveler, sports enthusiast, and mindfulness aficionado.
My tech journey began in university, and my first job as an IT Specialist was both exciting and challenging. Early on, I fell victim to a sophisticated phishing attack. It was a humbling experience that left me feeling overwhelmed and embarrassed. How could an IT specialist fall for a phishing scam? This incident was a wake-up call, exposing my vulnerabilities and sparking my interest in cybersecurity at the same time.
Determined to learn more, I transitioned to a cybersecurity role within a consulting firm. Was I fully prepared? Probably not. But sometimes, the scariest leaps lead to the most rewarding experiences. At the beginning, I wrestled with imposter syndrome and felt constantly behind, but I persevered.
Over the years, I’ve worked in various cybersecurity domains across industries like Government, NGOs, Banking, the Big 4, and Mobility. After a whirlwind of certifications and hard work, I now have over a decade of experience. Today, I lead the defenders’ lineup, educate others on staying secure online, and advocate for diversity and inclusion in the field.
What do you love the most about your current role?
What I love most about my role as Principal Manager for Cybersecurity Risk at FREENOW is the thrill and unpredictability of it all. It’s like playing detective every day, trying to outsmart the bad guys and stay one step ahead of the game.
New technologies bring new risks, and existing systems always have some hidden vulnerabilities waiting to be exploited. It’s like a never-ending chess match with hackers who never take a break, and honestly, I get a real kick out of that.
When I was at high school, I thought about studying criminology because I liked the idea of understanding the criminal mind. I ended up in cybersecurity instead, and it feels like I’ve come full circle. This field is all about tackling online crimes and using detective skills in a high-tech world.
The best part is that you never know what’s going to happen next. Every day brings a new challenge. It’s like an exciting adventure where you’re always learning, always growing.
Outside of work, I’m really passionate about helping underrepresented groups break into cybersecurity. I believe that the lack of diversity in our field is a major vulnerability. By bringing in more diverse perspectives, we can be stronger and more innovative in how we tackle threats. It’s all about building a community that’s inclusive and resilient, and I’m proud to be part of that effort.
Can you please tell us about your podcast, ‘Cyberstar Talk Podcast’? What is its mission and vision?
Recognizing the need for accessible and engaging cybersecurity content, I launched ‘Cyberstar Talk Podcast’ to serve as a valuable resource for both professionals and enthusiasts in the field.
The mission of ‘Cyberstar Talk Podcast’ is to demystify cybersecurity and make it relatable and understandable to a broader audience. I aim to provide insights on emerging threats and offer engaging interviews with influential cybersecurity figures from around the world. My goal is to create a community where cybersecurity knowledge is accessible to everyone and to encourage more people to get involved in the field.
One of the key aspects of the podcast is communication. I believe that simplifying complex topics and making them relatable is crucial. I break down technical jargon into everyday language using analogies that resonate with listeners’ personal experiences. Storytelling is also a powerful tool I use to make topics stick. By sharing real-world incidents and case studies, I engage the audience emotionally, showing the real impact of cybersecurity on their lives.
On the podcast, I invite guest experts to provide different perspectives and delve into specifics in a way that’s digestible.
I wanted this podcast to be something people can listen to on the go—whether they’re commuting to work, taking a walk, or just relaxing at home. It’s designed to fit seamlessly into their daily routines while providing valuable insights and knowledge.
In essence, ‘Cyberstar Talk Podcast’ is all about making cybersecurity approachable, engaging, and inclusive.
Based on your extensive experience, what are the most difficult upcoming cybersecurity issues to watch out for, especially in today’s AI era?
AI is reshaping almost every aspect of our lives, and with that comes a new wave of cybersecurity challenges that we need to be vigilant about. Here are some of the most pressing issues to watch out:
- Data Poisoning: AI models rely heavily on data, and poisoning attacks, where adversaries manipulate training data, will become a significant risk. This can degrade AI system performance or cause them to behave unpredictably.
- Deepfakes: AI-generated deepfakes can convincingly mimic voices and appearances, leading to sophisticated hoaxes and scams.
- Automated Code Generation for Malware: AI has lowered the barriers for creating sophisticated malware. Non-technical individuals can now generate malware, and AI can develop polymorphic malware that evades traditional security measures.
- Model Inversion and Extraction Attacks: These techniques allow attackers to infer sensitive information from AI models or extract the models themselves, posing risks to privacy and intellectual property.
- AI Governance and Accountability: The rapid deployment of AI technologies is outpacing regulatory frameworks. Ensuring accountability, transparency, and ethical use of AI will be critical to mitigating risks associated with misuse and unintended consequences.
- Privacy Violations: AI’s ability to access and analyze vast amounts of data can lead to privacy breaches, where sensitive personal information is inadvertently exposed or misused.
- Convincing Phishing Emails: Attackers are using AI tools to craft high-quality phishing emails that are almost indistinguishable from legitimate ones, making them more convincing and harder to detect.
- Bias in AI Systems: AI systems can inherit biases from their training data, leading to unfair or discriminatory outcomes. These biases can be exploited to manipulate AI decisions unethically.
What does working in cybersecurity mean on a practical level, and what kinds of skills/personality traits are an asset in the field?
Working in cybersecurity means being constantly on your toes, ready to learn and adapt to new threats. You must think like a hacker and react faster than them to protect critical business information. I do consider the following skills and personality traits essential:
- Effective Communication: It’s crucial to explain security concepts in a way that non-technical stakeholders, including senior executives and board members, can understand. Translating complex technical issues into clear, concise explanations is key.
- Strategic Planning: Developing and executing comprehensive cybersecurity strategies that align with the organization’s objectives is vital.
- Business Acumen: Understanding how the organization operates and what its goals are helps in integrating cybersecurity effectively into the business.
As AI becomes more integral to cybersecurity, I’d encourage cybersecurity professionals to upskill themselves and actively engage with AI communities, attend conferences, and participate in forums to stay updated on the latest AI developments in cybersecurity.
In essence, working in cybersecurity is demanding but incredibly rewarding. It requires a mix of technical skills, strategic thinking, and effective communication, all while staying ahead in the rapidly evolving tech landscape.
What are your thoughts on diversity and inclusion in your field? How important is it to have authentic conversations with leaders, professionals, and changemakers to create more acceptance across the globe?
Diversity and inclusion in cybersecurity are crucial, but we still have a long way to go. While we are making progress, the participation of women and other underrepresented groups remains low, with women (as the largest group) making up only 20-25% of the cybersecurity workforce globally. It’s essential to bring in professionals from various backgrounds, cultures, ethnicities, and experiences to enrich our field with diverse perspectives and innovative solutions.
Discrimination seems to be an entry barrier, sometimes. In my career, however, I’ve been fortunate not to face gender discrimination from male colleagues, who have always shown me respect.
Authentic conversations with leaders, professionals, and changemakers are vital to fostering acceptance and inclusivity in the field. We need to actively engage in discussions that highlight the importance of diversity and the value it brings.
Organizations and governments are already taking significant leaps to lower barriers for women and other underrepresented groups through education and mentoring programs. This is encouraging more women, especially young girls, to embrace cybersecurity with confidence, proving that this field is not just for men.
Cybersecurity is for everyone! It is essential though, to ensure that individuals are hired based on their skills and merit, not just their membership in a particular group. By promoting diversity and inclusion authentically, we can build a stronger, more innovative cybersecurity workforce.
In your academic or work career, were there any mentors who have helped you grow along the way? What’s the best piece of advice you have ever received?
I love this question. The best piece of advice I’ve ever received is, “Do not be afraid.” Failure is part of the journey, and nobody was born an expert. Every setback is a lesson in resilience and perseverance. It’s through trying, failing, and trying again that we grow and succeed.
I’ve been fortunate to be part of amazing communities and meet wonderful people who made my journey smoother and more enjoyable. Communities are treasure troves of knowledge and skills, where you can learn from others’ experiences and share your own. I’m grateful for all the decisions I’ve made and the experiences I’ve had—they’ve all shaped who I am today.
Mentors have been crucial in my journey. Their guidance and support have been like lighthouses, illuminating my path and helping me navigate challenges.
Cybersecurity isn’t just about black hoodies and code; there’s so much you can do without being too technical. With AI assistants now available for almost everything, you’re empowered to tackle even the things that intimidate you. If you have a true calling for this field, take the leap and jump in.
What’s a major aha! moment you had related to cybersecurity, either personally or professionally?
A crucial moment for me in cybersecurity came while I was working as a cybersecurity consultant. I was leading a highly confidential project involving forensic analysis for a massive data breach. This experience underscored the critical importance of security measures and the meticulous diligence required to protect sensitive information. It was a turning point in my career, highlighting the gravity of the field and my role within it.
My journey in cybersecurity has been a rollercoaster, filled with exhilarating moments like preventing potential breaches, crafting robust security strategies, and delivering keynotes. These highs make all the hard work worthwhile and reaffirm my passion for this field.
However, there have also been challenging times when complex topics felt overwhelming or new threats emerged faster than we could adapt. During these moments, doubt would creep in, making me question if I was doing well enough. Yet, these moments of uncertainty have never made me regret choosing cybersecurity as a profession.
I believe these moments of doubt are essential. They have propelled me to learn more, evolve, and grow. They made me realize that working in cybersecurity isn’t about having all the answers but about the relentless pursuit of solutions to protect what is most valuable.
Where would you like to be in the next 5 years?
Serving. In the next five years, I see myself continuing to serve the cybersecurity field, offering my expertise to organizations, governments, individuals, and societies. I firmly believe that learning in cybersecurity is a never-ending journey, and I plan to deepen my knowledge, particularly in AI and its applications in cybersecurity. The rapidly evolving nature of this field excites me, and I aspire to stay on the cutting edge of the latest developments, ensuring I can contribute effectively and make a meaningful impact.
Which technology are you investing in now to prepare for the future?
Well, it’s definitely AI and Quantum Computing. AI is transforming everything across all sectors, including cybersecurity. It’s revolutionizing our jobs, our efficiency, and even our purpose. This is arguably the biggest technological and social change we’ve ever faced. While AI can be a double-edged sword, empowering both cyber defenders and attackers, its potential is immense. In cybersecurity, AI can automate complex tasks and detect threats more efficiently, enabling us to act faster and smarter. It excels at analyzing vast amounts of data quickly to identify potential risks, which is a game-changer. We are seeing AI powered tools emerging, that conduct behavioral analysis and create customized training for various cybersecurity topics.
Quantum computing is another frontier poised to reshape cybersecurity. Its immense processing power could potentially break today’s encryption, so we need to develop new forms of encryption that can withstand quantum attacks.
Looking ahead, I believe these technologies will become integral to cybersecurity strategies. The industry will evolve to be more proactive rather than reactive, leveraging emerging technologies to stay ahead of threats.
What advice would you offer others looking to build their career in cybersecurity?
For building a successful career in cybersecurity, you need to blend four essential ingredients: a positive attitude, curiosity, problem-solving skills, and continuous learning.
First, attitude is everything. You might be highly skilled, but without the right communication and collaboration skills, you’re setting yourself up for failure. Be open to working with others and always listen actively.
Curiosity drives you to ask “why” and “how” when others might just accept things at face value. This trait pushes you to explore, fail, and ultimately learn more in a shorter time.
Problem-solving is at the heart of cybersecurity. Think critically and creatively to find solutions. Get involved in hands-on projects at school or work, even if it’s not your job. Practice is key.
Continuous learning is non-negotiable. Technology evolves at a crazy speed, and in cybersecurity, the learning never stops. Keep updating your skills, whether it’s learning about the latest threat or mastering a new tool.
For newbies wanting to develop these qualities, start by nurturing a curious mindset. Dive into tech blogs, podcasts, and webinars. Engage in online communities or local meetups. Cultivate your problem-solving skills by participating in hackathons, CTF competitions, or working through cybersecurity scenarios. Take advantage of free online courses, certifications, and workshops. Follow industry leaders on social media, and never be afraid to ask questions. There are no stupid questions!