Name: Sonia Compans
Affiliation: Technical Officer at ETSI
Can you briefly introduce your current role in cybersecurity?
I’m the point of contact at ETSI for security matters and supervise standardization activities carried out by technical groups on Cybersecurity (TC CYBER), Quantum-Safe Cryptography (TC CYBER WG QSC), Securing Artificial Intelligence (ISG SAI) and Electronic Signatures and Infrastructures (TC ESI). I provide expertise in standards-making to enhance the quality of ETSI standards. I also guide the groups on the ETSI procedures, on the structuring and promotion of their work and coordinate their answers to and execution of EC standardization requests. I represent ETSI in the Stakeholder Cybersecurity Certification Group, the ENISA Advisory Group, as well as the ENISA ad-hoc working group for the EU5G cybersecurity certification scheme.
How did your career in cybersecurity get started?
It started in 2000 when I joined Gemplus, now Thales, a smart card manufacturer. I was a standardization engineer and product manager for USIM cards. I then came back to cybersecurity in 2012 when I started working with the ETSI Technical Committee on Electronic Signatures and then with the ETSI Technical Committee on Cybersecurity in 2016 and several security-related groups.
What does a typical workday look like for you?
A typical day is about reading draft standards from the groups I support at ETSI, understanding what their aim is, and advising the group on how best to write such standards to be fit for purpose, precise, concise, and implementable. Another typical task is analyzing proposed regulations, policies and funding from the European Commission related to cybersecurity, assessing the impact on ETSI groups, and discussing with them what standardization work to do in support.
What are the most challenging and the most enjoyable aspects or your role?
Getting consensus is the most challenging as delegates may represent very diverse stakeholders with sometimes opposing interests. Guiding them to make compromises acceptable to all is key to achieving solutions that sufficiently meet everyone’s needs. The most enjoyable is understanding stakeholders’ needs, working towards consensus in a constructive manner, and succeeding in finally finding consensus.
What do you consider the three most important skills to succeed in your role?
The most important skills for a Technical Officer are being adaptive, organized, and service-oriented.
What advice do you have for people starting their career in cybersecurity/looking to enter this industry?
Go for it! There’s room for everyone and not only for engineers. You’ll contribute to protecting people and making our world safer whether you become an engineer, a policy maker, a communication officer, a human factor expert… you just have to name it.
If people would like to learn more about your role in cybersecurity, where should they go?