25Minutes: Insights. Expertise. Impact.
In just 25 minutes, I deliver concise and thought-provoking conversations with top minds in technology, cybersecurity, business, culture and enterpreneurship. Whether you’re a technologist, executive, culture-enthusiast or someone passionate about growth, each episode explores trends, strategies and ideas that shape success.
For those with limited time but unlimited ambition, 25Minutes offers actionable insights and fresh perspectives where they matter most. Your time is valuable. Your 25 minutes. Your advantage.
Contact: eliel.mulumba25@gmail.com
X (Twitter): Eliel Mulumba (@ElielCyber) / X
25Minutes: Insights. Expertise. Impact.
10 - Kristina Jovanovska: Take advice, but always tailor it to yourself. How AI is reshaping cybersecurity and managed security services
In a world where digital threats are evolving as rapidly as the technologies designed to counter them, the intersection of cybersecurity and artificial intelligence (AI) has become a critical focus for modern enterprises. In this episode of 25Minutes, Kristina - a seasoned cybersecurity leader and Member of the Global Council for Responsible AI - shares her journey from software engineering to leading managed security services and driving global conversations around responsible AI.
This episode offers insights for digital transformation, regulatory pressure and the growing need for resilience. Kristina explains why cybersecurity is no longer just an IT concern but a core business responsibility that demands strategic attention. She offers a clear-eyed perspective on the double-edged nature of AI: how it enhances threat detection and automation, while also introducing new layers of risk when misused or misunderstood.
Kristina reflects on career milestones - from discovering her passion for security, to building high-performing teams, to mentoring future leaders through initiatives like Women4Cyber Austria. Her story highlights the importance of purpose-driven leadership, authenticity, and embracing complexity in order to lead with clarity and confidence.
👉 Note: I was on the road while recording, so there’s a slight echo on my side. It may sound like I’m talking over Kristina in some moments – but I promise, I wasn’t! Thanks for your understanding.
Important note: The views and opinions expressed in this episode are solely those of the individuals involved and do not necessarily reflect those of any organization, employer or affiliation.
Our Guest:
LinkedIn: https://at.linkedin.com/in/kristinajovanovska
25 Minutes Podcast
Hostey by: Eliel Mulumba
Audio editing & mastering: Michael Lauderez
Join conversation on LinkedIn: www.linkedin.com/in/eliel-mulumba-133919147
you very much for taking the time to be on our show. It's really a pleasure to have you here as our guest. I have introduced you earlier, I mean, you have quite an exciting and career journey. Initially started in software engineering, shifted then to cybersecurity. Now you're also focusing on a lot of AI topics, and we are going to address a couple of them. But I would be curious to understand, Christina, if you just take a step back. Are you today where you expected to be 10, 15 years ago?
Thank you for the opportunity to be here and for the warm welcome, uh, interesting opening. Um, where I, uh, where I'm now, where I wanted to be 10 years ago I would say I have achieved or I would say I'm further than where I expected to be. Because 10 years ago I was, uh, 21 years old and I was not strategically planning so much how my career is going to look like.
I was at that time having two main goals. One was to graduate, and second, uh, was to really find which topic is my home. And, uh, today I feel comfortable to say I have found my colleague and I'm quite happy where I am.
how did you find your home? Christina?
That's a, that's a also interesting question. Um, and I would say it was not something that, uh, came right away, but it was rather of a journey, uh, to, to get here. So I always wanted that, I wanted to do something in the direction of technical studies and I was initially very interested in telecommunication engineering.
And I remember at the time, during doing my bachelor's in, in that field that, um, it was, uh, preparation of, uh, 4G Network. And I found that very fascinating at that time. Uh, and I remember that some of our professors were connected with the telecom operators and we had the chance to see it firsthand.
And I always thought, wow, that's so amazing and I would like to do this and I would potentially like to create the 5G network. But then, you know, always after, after you study, then reality hits and then you see it a little bit different. So as part of our studies, we had to take a couple of internships.
And I use them to really get in touch with with telecom operators and how it is to work as an engineer there. And what I think that they don't often put a lot of focus on during studies, uh, during engineering studies is they never say how big say, has business in everything. So. It doesn't always matter whether you can do it the best engineering way that you can find the best solution, but it actually matters whether basically cost wise it'll ever make sense and whether it'll ever make it.
And now that's kind of like, uh, obvious topic to me right after so many years working. But at that time it was something like, oh, oh my God, I dunno whether I can deal with this because I'm such a perfectionist and I want to do it really nice. And then it's kind of like a clash with what is available because.
Telecom operators need to reuse the equipment from previous generation and so on. So there I started thinking, okay, I like networks, but maybe from a different angle. And security started getting interesting to me. So I did my master studies in computer science and there I chose two majors. So one was data science and another one was, um, IT security and it was also then a tough game, like, is it more data science? Is it more cybersecurity? And it was, it was also hard to decide, um, because I, I enjoyed both things and until today I enjoyed both things. But I, I wanted to kind of make a call and towards the end of my studies one of my professors suggested, Hey, in Belgium, they're so famous for cryptography.
Just try it out to go there one semester. And maybe you have your answers. And that's exactly what I did. And it was a hardcore, uh, semester focused on cybersecurity. And really after that semester I thought, okay, now that's it. That's where I wanna start. And in parallel to that I did some internships, as you said in software engineering.
And while I was really happy that I can program and get my results and analyze data and get to some conclusions, and I really enjoyed that. At the same time I was missing kind of having more interaction with people and I was feeling rather isolated and I thought it's a nice skill to have. So whenever, like you need to put some information together and find some conclusions that I'm able to do that, but I thought that is not for me a big passion enough to invest my life in it.
So then it was a clear, clear winner and that's how I landed in, in cybersecurity. And, and here maybe to all of your, uh, listeners who are kind of not sure about that part. I think it's important to give it a chance and experience it and really see whether in practice it is really how they imagine it.
Because it, it's not always so easy to imagine it. And, and I consider myself a lucky person that I have found what I really like to do so quickly.
Wow. That's really amazing Christina, and thank you very much for sharing it. I would actually be curious to understand how, how the shift has been from you, from software engineering entering the cybersecurity field. Are there still experiences that help you to understand both words but also to apply, um, the key concepts and learning?
I think it has always been useful for me to have this analytical mindset that you need for, for data science. Um, because you always need to think about hypothesis and then you always need to search for data that, uh, shows it's true or false. And thinking about all the possible scenarios for that particular case.
It's what we also, what we do in cybersecurity. It's also similar to taking a particular data source and thinking of all the ways that somebody could hack that, and then thinking about how could I protect or how could I monitor what is relevant for me? To know that this is not that attack that is happening.
So I guess this training of the brain to think that way is, is still until today useful for me. And some other things are useful, just more for fun, kind of if, if I have a lot of data and you know how consulting is with a lot of excels. I just program and plot some nice charts just for fun sometimes because it visually helps me to make some quick conclusions and bring some informed decisions.
Cool. Cool. Thank you. And I mean, you just went through a couple of phases in your career, right? Starting with software engineering, I. Uh, but also talking especially about your studies that you did also abroad, entering then the cybersecurity field finally. And right now you're also focusing on a lot of, a lot of AI topics that we're going to discuss also. would be curious to understand if you would summarize maybe two, three key milestones in your career that you're most proud of. one would you mention and why?
Uh, so the first one is really finding my topic. I find cyber very dynamic and that's very much fitting my personality because it's never getting boring and every day, uh, it's a different aspect of it. So I am really happy that over the years I have done many different things. From, from cyber that are quite different, and that keeps it interesting for me.
Second milestone I believe it's, it's my team. Uh, I have a really amazing team that I know from when they started when they were really junior. And I, I'm proud of what they have achieved and where they are and, and how successful we are as a team. They really make me very proud daily and it's, it's a team of very, very smart and brilliant minds that are, that are asking a lot of challenging questions and that are working a lot on themselves and that really is giving for me a special energy and kind of keeps me running every day.
Um, and the, the third one what I'm also really proud of is, uh, one of my volunteering activities is so the, uh, the foundation of Women for cyber Austria, uh, with which we have a lot of initiatives where we support, uh, women to join, uh, this field and to stay in it. So I think there we did a lot of progress and a big change that is very impactful.
I mean, from what you mentioned, things actually materialize in a very positive way for you. Right? And you also seem to be very happy with the challenges and tasks that you're having on a day-to-day basis. And I would wonder, when you're looking back, what are maybe or three things that you. do differently if Christina would be, again, at the age of 21, that you could suggest to someone who's just starting career right now?
Um, I think many things I would do the same, but uh, things I would do different, so I. One thing, I think I was very hard with myself very often and I was pushing myself really hard. And I don't think it was so much necessary. So I would say my advice would be to really enjoy the journey and to not be so impatient to get to the destinations.
Because it really matters to be in the moment and to take a second to reflect where we have been and how, how far we have gotten. I think that's, that's very, very important. And another thing is it's very important to be in sync with ourselves. I, I think I always stayed true to what was right for me.
But uh, I'm rather. Such a character that I can filter a lot. What, what enters as a suggestion? Because often from more experienced colleagues, you get a lot of advices, which are coming from a very good place, right? Like they, they see things and they try to help you because you're less experienced and they come to you and they say, oh, you should do this, you should do that.
I think it's. It's good to hear these things, but it's the most important to stay in sync with yourself, what's right for yourself, which tempo is right for you, what makes you happy, which achievements make you happy. There is no recipe for success. You're successful if you have achieved what you really wanted.
Because even if I tried to filter some things, they were constantly in my mind, you know? And some things come naturally to people. One thing was that when I started working, I, I was super interested in everything I was doing and I was fully in it, and I really, really enjoyed that. And there were people that were coming to me and being like, oh, you know, if you continue with this 16 hour per day, you're gonna burn out really quickly.
And while I understand that this is like, maybe, you know, they, they really cared for me and it comes from really positive place. I think everybody should have this sense for themselves. How far can I go? Is this good for me? Does it bring me energy? Does it give me positive feelings? And if that's yes, then it's fine.
Now I'm 31 and 10 hours per day are good enough for me, you know? But I had to come to that myself. And, and this is what I mean. Um, uh, so take the advice from others, but always tailor it for what is right for you and, and far away now here that I try to promote 16 hours per day that it's normal for people and that they should do it.
All I want to say is, we should have our own criteria and we should feel what's right for us, which tempo is right for us and what is important for us to be happy. And, and as long as we are in sync with ourselves, um, that's all what matters. I.
Excellent. Thank you very much for that. And let's talk cybersecurity. I mean, the industry has been evolving. I. In the last decade, from a hypergrowth really being a niche topic, uh, which is now more, more and more on vogue. Yeah, I mean, I remember the, the, the reports, the media coverage around Edward Snowden.
I. When people started to understand, okay, there are people that can have access to data that they're not supposed to have. then we had actually also the covid area where or where a lot of people were working from home. And we were realizing that cybersecurity should be a bit more important when you bring your device, your own device to work. And I would be curious to understand, uh, you know, based on your day-to-day activities, right now you're working in the, in the. Manage security services industry, especially also in the security operation center area. So maybe you could just describe what is your job actually about and how are you helping clients to have more secure environments and to ensure business continuity?
So at the moment I am leading our managed security services domain which means, uh, that we see clients from different industries and we are helping them to shape their strategy. To shape their end-to-end security picture. Um, so basically how their, uh, either multi-cloud or cloud environment should look like.
How their security monitoring should look like where their automations coming together. And we basically do also very big transformation and MI migration projects for big fortune 500 clients.
And I mean, we all aware about. hype, uh, around artificial intelligence, but apart from that given the fact that you're working already in the field for quite some years, are maybe differences that you see nowadays compared maybe to a couple of years ago with regards to challenges that you encounter?
Mm-hmm. Yes. So one. Thing that definitely reshaped, uh, cybersecurity a lot is definitely ai. And, uh, we see different developments from different aspects. So first thing that is massively different than what it used to be is which clients are the targets. Because in the past we always know that, okay, there was a long period that was free during Christmas where attackers had couple of weeks free and they would sit and use this couple of weeks to create something big, to hit a big client.
And it was always an attack that required a lot of efforts, a lot of engineering knowledge. And it was quite complex to build and it was one boom. And after that we had, we needed a lot of time and resources to recover. Then therefore, they were always also targeting clients that are able to pay for it, because if you invest so many hours, then you want the, those are paid and that that effort is somehow.
Making sense today thanks to ai, they create those attacks way simpler. The amount of effort that is put in is sometimes minutes, maximum to an hour, and they're also willing to attack much, much smaller clients. Um, so the variety of clients that reach out to us it's, it's a very different now just because as I said.
If you spend so little amount of time attacking them, then you're fine also that your fees are lower. And then that's how this, this completely changed. Another thing that changed is how do we approach security? I don't want to say that, uh, our approach until now for security monitoring, uh, the traditional way is irrelevant any longer.
That's not true. But it became more of, that's how, that are the basics of how to start, and that's no longer enough because the threat landscape that we are trying to defend is much, much bigger now, and we need to be ready for AI driven attacks. And this is where the complexity comes in place. So. One thing is if you want to be ready for AI driven attacks, you need to monitor way more activities.
Activities that are business as usual activities, which means a lot of noise, a lot of things that you see in the system that tell you actually nothing. And you need to put a lot more intelligence in correlating so that you come up to that conclusion. Does it deserve your attention? Yes or no? And on top of that, you then need also an AI system on your side.
Which can tell you is that on the other side, ai, is it a machine, is it a person? What am I dealing with? So it got really complex to to, to defend an environment. And there are shifts in clan's behaviors in different directions. So there are some that understand, okay, this is super crucial, I have to go for it.
Like I have to incorporate that in my uh, cyber defense strategy and I need to have. AI against AI to survive. There are others. Um, and I find this this quite interesting and, and I have this discussion really often. They come and say does it make sense from business case perspective, like where will I cut from Security Operations Center?
Like, how many less people can I have if I put AI in? And then I always say, well, that, that is, that is very wrong approach. Because the, the threat landscape that you're defending is so much larger. It's like you used to have certain amount of soldiers that are kind of there to defend Switzerland, and then they tell you, well, your new task is to de, to defend the, the continent, Europe.
And we give you vehicles in addition so that you can reach the other countries. Certainly your first question is not gonna be how many soldiers less can I have? Because even though you have vehicles, it doesn't really help to, to, to attack that crazy big territory. So I hope we can, um, trans transport this key message that to be able to be ready to defend the AI driven attacks.
We really do need AI on the defense side as well. And it's not a luxury, we don't need a business case for it. The business case comes with the fact that that's the only way to stay cyber resilient.
I really do like the statement that the business fact the business case comes with the facts, right? And when it comes to
Yeah.
uh, fully agree and support what you just have been saying. I currently do see that a lot. Lot of cybersecurity teams are still exploring how to use AI on the defensive side, although attackers are already using it on the offensive side. Uh, when we are just looking at the time to
No.
and data exfiltration, it has reduced from nine days to just day or a couple of hours with, uh, AI enhanced and text and this is actually showing the need for that. Christina, we are approaching the end of the show I would be curious if there is any personal anecdote in your professional life that you would like to share with us.
Yeah, actually, uh, there is one that I would gladly share and I have not shared it anywhere else. So I was asked to be a speaker at an event, and it was a third event in the same week where I was in three different countries. So I said, no, I really cannot do that. But they said, well, would you be then able to record a video for us?
And, uh. I thought, okay, I could do that. But the event was on Saturday, so I told them, uh, look, I can do this on Friday, very last minute. Are you okay with that? And they said, yeah, as long as you send it until Saturday, seven in the morning. We are good to go because we are going to do checks in the morning and it's all fine.
So I had a normal working day. I was done at around 7:00 PM with my work, and I thought, okay, I have the slides ready. Like I, I really didn't feel stressed. My microphone was full and my light was prepared. It was all fine. So I thought, okay, I'm gonna take a break. I'm gonna have dinner. And after that I start, so at 10:00 PM I start recording and it was a 20 minutes video.
And as soon as I got to the 19th minute, it all fre, uh, froze. And it all got deleted, so I thought, oh, okay. It's bad, but like when you do it second time, you always put better focus on the topics you want to bring up like you presented better. So I thought it's not end of the world. I do it second time.
The second time happens exactly the same. Seven times later I still don't have my video. And I thought oh my dear guys. I take a new break and then I start again. So I literally had my video ready at. 10 minutes to seven in the morning and I started recording at 10:00 PM in the evening and I just sent it without saying anything.
And after the event she called me, she said, oh, there was such a positive feedback and thank you for doing this. And I said, do you know what, that was a 20 minute video that was worth nine hours of recording. And she really couldn't believe it. So, but yeah, it all went fine. So it was, it was worth it.
Wow. Thank you very much for that, Christina. It was really a pleasure to have you on our show.
Thank you. Thank you for the invitation.
