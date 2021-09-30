Start by choosing the right company: what values they represent, how they treat employees, how gender-diverse the company is, etc. Working in a company where you are heard and your input is valued is the first step to a fulfilling career.

The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading The Cybersecurity Industry”, we had the pleasure of interviewing Aiste Araminaite-Pivore.

Aiste Araminaite-Pivore is Head of Product at NordLocker, an encryption-powered data security solution from the creators of NordVPN. Aiste is a Physics Bachelor with over 15 years of experience in the tech industry, from ensuring great customer service to leading engineer teams in building top security products.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

First of all, thank you for inviting me to this interview.

A little bit about myself. I was born and raised in Lithuania, a small country in the northern part of Europe. I enjoyed going to school and loved trying all kinds of sports, from handball to badminton and swimming, and struggled to pick only one.

I was also indecisive with choosing a university major. Since I had equal success and interest in many subjects, my enrolment application form included political sciences, law, and even geodesy. Eventually, I ended up studying physics. And, even though my current work has nothing to do with physics, I’m still happy with my choice.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

I guess very few of your readers could relate as it’s a book in Lithuanian. But, when I was younger I really enjoyed “In the Shadow of the Altars” by Vincas Mykolaitis-Putinas. The story is about a priest who is split between his calling for religion and his love for poetry and how his role as a priest affects his expression as a poet. It strongly resonates with me, because I’m never drawn to one thing in particular and it’s torture when I have to pick just one out of many.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

I had been working in the product development field for a while when my former colleague told me about the opportunity to join this fast-growing company, Nord Security. I looked into the brand and was impressed with it and the idea that such a cool product as NordVPN was being developed in Lithuania. I instantly decided I had to be a part of it. I learned loads of things about cybersecurity after joining the company and have been hooked ever since.

Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?

I can’t recall any mistakes I made, but I do have a funny story. A week after I started to work at Nord Security, I went on holiday and broke my arm. As a result, I wasn’t able to work but couldn’t afford to stay at home. So, I would come to work for two weeks just to observe my colleagues and chat with them. Everyone was very nice to me and, during lunch breaks, they would even make me sandwiches.

Are you working on any exciting new projects now? How do you think that will help people?

My team works on a super cool and exciting product called NordLocker — a powerful data encryption solution. A big part of our lives is happening online, causing us to have a lot of digital possessions like documents, photos, and other files. Those possessions can sometimes get leaked or stolen, or their contents are accessed and used by third parties for monetization or training algorithms. We believe that every user should have a voice when it comes to their data privacy, and everyone should have an option to use alternative tools where private information is truly private. To this end, we’ve been building an end-to-end encrypted cloud where users can keep all their digital possessions for their eyes and use only.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

The first thing that excites me about cybersecurity and the reason why I’m in it is the ability to improve people’s digital hygiene by educating them about online risks. Various surveys show that users’ awareness of their digital footprint is growing, and that pleases me very much.

The second exciting thing about working in the cybersecurity industry is technology. What could be more thrilling than developing security products? We’ve built NordLocker from scratch, and it was a long yet exciting journey before we could introduce the product to the market.

The third thing I enjoy about cybersecurity is the competition between products. The tougher the competition, the better the services we all try to provide. The winner of the game is the end user, who can choose a product that meets their needs and budget.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

The cybersecurity industry wouldn’t grow if security issues weren’t an ever-increasing problem, with attacks getting more frequent and sophisticated. The main concern is whether the industry can grow fast enough and attract enough talent to mitigate the situation.

Privacy and security are getting more complex in general. The emergence of IoT devices has widened the area for attacks as companies are now collecting vast amounts of data, and the security of IoT devices is still pretty patchy.

The last thing is companies’ awareness and concern about security, which are sadly often only a consequence of an incident. For companies that process sensitive data, breaches can cause a huge financial damage. The problem is that caring about security upfront is not considered sexy as this requires investment and does not directly translate into revenue.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?

The near future is already happening. Companies are faced with the challenge of solving the security of the remote workplace. Securing an office network is a fraction of what is needed when work is happening in the office itself, at home, and various remote locations. Previously, you could monitor requests from unexpected locations to your network, but now, when everybody works wherever, it’s become a very difficult task.

So, various zero-trust solutions are on the rise, along with security tools for employees to help make the data they operate and possess private.

Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

Personally, I was not involved in stopping or fixing breaches, but we do have colleagues at Nord Security who specialize in the field. They say that security is very systematic and hardly ever involves one person’s heroic attempts to save the world or a company. Those responsible for security follow security researchers’ news on what is known about new viruses, ransomware, and other attacks, how they work and spread. Then they try to see if there are any indicators of a compromise in a company. If there’s a breach, they ensure the affected devices are disconnected from the company network and data backups are in place. Further actions depend on whether any data was leaked.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

I use a password manager every day, and I do believe that they are game changers. They are incredibly easy to use and instantly reduce your chances of data leaks by thousands. Automatic unique password generation is the best thing you can do for yourself.

A VPN is another affordable tool that I use, and your readers should too. For example, it’s not advisable to connect to public Wi-Fi without a VPN on. It’s beyond easy for hackers to get access to your personal information when your internet traffic is not secured.

Last but not least, file encryption. I have my computer drive encrypted, so the data I keep on it will be scrambled to others if the device gets lost or stolen. I also keep a backup of my files in an end-to-end encrypted cloud. Encryption not only ensures complete privacy of your files but also offers additional security by keeping your files behind a master password. So, if your account password got compromised, the attacker still couldn’t access the contents of your cloud.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

There are no definite signs that could indicate some type of attack by 100%. A lot depends on the attack itself. But the general rule is to check for abnormal computer behavior: it restarts, launches apps randomly, and uses resources anomalously. And, based on the attack’s end goal, you can see very visually that something is wrong, e.g. your files are tampered with, logs are deleted, or something dodgy is happening in the background.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

For the company, the first step is to isolate affected devices immediately but keep the software running so appropriate specialists could help find the weak points of the device/network and patch security gaps.

The second step is to evaluate if any sensitive data was leaked and act accordingly. When passwords are leaked, companies should encourage users to reset their passwords or stop sessions with old passwords. When payment information is leaked, there are well-defined procedures set in motion, so I will not go into details. And, when usernames are leaked, you should simply make users aware of that.

Affected organizations shouldn’t try to sweep the incident under the carpet, because it will eventually come out. Moreover, it’s a good practice to share cases with the community to help others avoid it.

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

There’s a classic list of server misconfigurations which expose some sensitive data to the public, migration issues when transferred data is not deleted from the old location, unpatched and outdated systems, over-excessive privileges on employees’ devices or leaving employees who kept backdoors to the systems or files. And you always have to tackle viruses, lost devices, and easily guessable passwords employees use.

So, cybersecurity rules that everyone within the company has to follow are a must. And there also should be appropriate cybersecurity solutions that help prevent third-party data breaches.

Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?

I believe the status quo regarding women in STEM is getting better, and we’ve advanced a lot from what we had 20 years ago. Even though the situation is improving, the gender gap in the IT industry is still prominent, and women are still somewhat underrepresented.

I believe that female employees can drive real progress in any given STEM organization, and companies that embrace diversity and inclusion are always more desired employers. Moreover, a number of reports have found that diverse businesses are more likely to outperform the profitability of less diverse companies.

Talking about specific changes, I believe that STEM organizations should be closing the pay gap faster as pay inequity might be one of the major turn-offs that keep women from entering the sector.

What are the “myths” that you would like to dispel about working in the cybersecurity industry? Can you explain what you mean?

From my own experience, I would like to debunk two myths. The first is that cybersecurity is rocket science. To some, especially the older generation, the word “cybersecurity” might sound complicated. For example, to this day, my parents don’t quite understand the concept of data encryption I’m working on. However, I’d like to point out that, once you understand the risks associated with the internet, computers, and other smart devices, the need to protect them and the data they store becomes obvious and absolutely necessary, which is the core of cybersecurity.

Another popular myth is that cybersecurity is a masculine industry to work in. That’s completely untrue as it involves mental work rather than physical. Females have the same capabilities to generate unique ideas and then turn them into something tangible. From my 14 years of experience in IT, I can confirm that women and men see problems differently, but they complement each other very well in the working environment. What I’ve also noticed is that women can usually multiprocess better than their male counterparts, which is critical in tech.

Thank you for all of this. Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)

Start by choosing the right company: what values they represent, how they treat employees, how gender-diverse the company is, etc. Working in a company where you are heard and your input is valued is the first step to a fulfilling career. Do you. When it comes to leading, we often have people we admire and want to follow. But it’s not always compatible with your own character. So, learn from them but do you. Leadership comes in many shapes and forms. Care about the people and what you do, and it will work out eventually. Don’t be afraid to ask questions. The ability to ask questions when you are not sure about something is such an important skill. When you are just starting in a new position, asking questions will help you get on board so much faster. When you are discussing a topic, don’t just state things — ask questions as well. It’s an underrated ability to ask good and timely questions. Don’t be afraid to express yourself. Each of us has different skills, talents, and creativity, which are critical for the development of tech products and solutions. Listen. Don’t just keep silent pretending to listen to what others have to say, but actually be busy building your counterarguments in your head.

We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them 🙂

The first person who comes to mind is Marina Abramović. I’m in complete awe of her devotion to performance art, intertwined with her daring life and free soul. She manages to reach the very limits of physical and mental boundaries during her shows, and this has made a big impression on me.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!

Thank you.