Career Profile: Dr. Silke Holtmanns, PwC Finland
Name: Dr. Silke Holtmanns
Affiliation: PwC Finland – 5G Security Team
Can you briefly introduce your current role in cybersecurity?
I’m a telecommunication security expert at PricewaterhouseCoopers (PwC) in Finland. 5G is very complex and my role is to provide my security expertise on eUICC, ORAN, 5G slicing, telecommunication network threats and threat sharing, core network, interconnection, regulatory compliance, private networks, 5G strategy to customers. Those customers can be governments, private companies, vendors, operators, or large cloud companies. For many of them 5G is just a huge complex technology, where they see the benefits, but do not have a good answer how to manage and control the risks. I build the bridge for them between their real needs and what this means in technical terms.
How did your career in cybersecurity get started?
After my PhD in Mathematics, I started out with telecommunication security over 20 years ago with mobile payment security at large Swedish telecommunication vendor. Mobile security was an upcoming an interesting topic at that time and then I constantly “grew” in this field. Even if I changed companies and units inside those companies, I always stayed true to telecommunication security. I designed parts of the mobile security that nowadays everybody is using. There is very little mobile security I have not digged deeply into, I think mobile OS security is the only “blank” spot I have left.
What does a typical workday look like for you?
My days are quite diverse as our customers are. Often, I discuss with customers what kind of security they require, who is responsible for which part of the security (customer, cloud provider, operator, vendor) and what are the security and regulatory demands for them. A large part of my time, I spend reading on the latest technical developments, security features, regulations, and specifications. Our customers hire us for that tasks that they either do not have the bandwidth or the right expertise, so we need to be with our knowledge on the absolute edge. We even do some research for that (stay tuned) and share our knowledge via blogs (https://www.pwc.fi/en/publications/the-practical-pitfalls-of-the-eus-enisa-5g-security-requirements.html). I also provide my expertise as a person to EU ENISA to improve the security in Europe in their Advisory Group.
What are the most challenging and the most enjoyable aspects or your role?
I like learning and understanding new things. I made last year my CISSP (Certified Information Systems Security Professional) and the CCSP (Certified Cloud Security Professional), for those I had to learn a lot about cloud, datacentres, compliance, and certifications. Not to mention fire extinguisher classes among other things. To be frank it was tough, but also at the same time refreshing and enjoyable.
What do you consider the three most important skills to succeed in your role?
It may sound like a no-brainer, but listening is probably the most important. To be able to really solve a problem of a customer, one needs to grasp the deep context, else any solution or answer will not hit what they need.
Next in line, I would put learning. It is good to have the solid 2G/3G security background (you would not believe how much of these things are still around), but technology evolves be it slicing, virtualization, decomposition of networks, new ecosystems etc. But just having that foundation is not enough, one needs to grow and learn every day, else the knowledge gets stale and is not really good enough for the customers. I even have some python pet-projects with a good friend of mine, just to stay up-to-date and have fun.
And of course, one needs to have solid and deep knowledge, too many people stay on the “high-level” and do not dare to dive into the dark depth of a topic. High-level is not good enough for security.
What advice do you have for people starting their career in cybersecurity/looking to enter this industry?
Be curious, dare, pick an area, and just start. There are many interesting areas in telecommunication security, it’s much more than just phones.
If people would like to learn more about your role in cybersecurity, where should they go?
I write regularly blogs and articles, give speeches or webinars. Those can be found via our PwC Publications Page (https://www.pwc.fi/en/publications.html). Alternatively, follow my LinkedIn Profile (https://www.linkedin.com/in/silkeholtmanns/) or mastodon @silke@ioc.exchange (in the moment I observe how twitter will evolve, so my twitter feed is in the moment “on hold”).