What it means to be an Information Security Officer in Sweden

I studied IT network and IT Security, which covered many areas such as Information Security, IT laws, Data Protection, and Privacy. I studied at different schools; the last one was Newton Yrkeshögskola (Gothenburg). Newton is a higher vocational education (HVE, worked-skilled-oriented school). The curriculum is prepared in cooperation with companies and industries. All courses, therefore, have a strong emphasis on workplace training.

As HVE students, we spend six months of the year in a company. I was fortunate to join Orange Cyberdefense as a working student, and great mentors accompanied me during this period. I was also very inspired by my information security teacher, as he significantly grew my interest in information security. The course I chose fitted perfectly with the field of expertise that I wanted to develop as a career.

I grew up in an “IT family”; my father was an IT manager, and my mother worked as a Microsoft Certified Systems Engineer (MCSE). My brother is a Senior Network Architect. I have always had a keen interest in IT, which included video games and, later, cybersecurity. When I started studying, I realized that cybercriminals were continually evolving, developing new techniques and attacks such ransomware. They were becoming more and more sophisticated. To have a positive impact, we learned how to use many different ethical hacking tools and tricks. I loved learning more about this. I have worked in various companies in different industries, but nothing has made me happier than working in Information Security and Data Protection at Orange Cyberdefense.

It was fascinating and nerve-wracking simultaneously, mostly as a woman in IT, as it was a completely new world for me. I knew that there was so much to learn. And in this industry, you never stop learning. At Orange Cyberdefense, being a woman is seen as an advantage as it promotes women in IT.

When I started as an IT Consultant, I was very involved with our internal GDPR project. We were working on the data protection projects to get everything in place for May 25^th, 2018. This was my main project, and then I moved onto the ISO27001 project for Group Service Delivery (GSD), where we have certified many of our Managed Security Services. Alongside our Global CISO, we took care of the Information Security Management System (ISMS) for our CyberSOCS and SOCs worldwide. This led me to become an Information Security Officer for Sweden and GSD Information Security Officer alongside our Global CISO for the CyberSOCS and SOCS.

As an Information Security Officer, I ensure that Orange Cyberdefense achieves a sufficient compliance level with relevant information security, privacy-related, and other obligations. This involves proactively identifying and assessing the obligations and developing suitable responses. Passionate about raising awareness, I have designed training based on the current global situation for the European Cyber Security Month and emerging and existing threats that many are affected by.

I work in the Global Infosec team on topics related to Global Operations and Information Security. On a local level, I work with many different departments. Alongside my role as Information Security Officer, I am the Data Protection Officer (DPO) for the Nordics, Physical Security Manager, and Protective Security Manager

I enjoy working with my colleagues. We are a united team and work well together. In my role as an Information Security Officer on a local and global level, I also get to interact with many different teams and colleagues from all around the world. I enjoy helping them find solutions to problems that may arise in the areas that I cover in information security and data protection. I also love that I am learning all the time and growing on a personal and professional level.

I plan to work and study information security to gain the experience and knowledge that will hopefully allow me to become a CISO in our company.