At some point, you simply need to trust
Information Security Administrator at the Registry, Zala Primožič
Already during my studies at the Faculty of Security Sciences, where we focused mainly on police work, criminology, criminology and criminal law, I also became interested in information technology. So, I started thinking about upgrading my security skills with information security and computing skills, and maybe merging those areas someday.
An important inspiration for me was CCNA Bootcamp, where I gained insight into the structure of computer networks and computer communications. I also focused on information security – I graduated from phishing attacks. I even tried my hand at designing websites, but I didn’t see myself professionally in that direction.
A field, where you never stop learning
The opportunity at the Registry made me very happy, as information security is a very interesting area of security. Namely, with the increasing digitalization of the world, it is becoming more and more important. In addition, it is also constantly changing, and if you work in the information security industry, continuous learning is a constant. This is not a field where one could learn things and say – now I know, I don’t need to learn anything new. Not even close. The fact is that people with bad intentions never rest – they keep inventing new ways to break the protections of different systems. Thus, these systems are adapting and changing and people in this field must learn all the time. I am glad that this is well taken care of at the Registry. Employees are regularly educated, each in their own field and we also exchange our knowledge and experience with other European registries within the CENTR. We can also always turn to experts in the field of cyber security from SI-CERT for advice and help, as we share workspace with them. Getting started, as usual, was not easy. Although I already knew a lot, there were even more things completely new to me, because as an information security administrator you must know all the areas. Really, all of them. You need to know all the processes in the organization. At this point, I really need to commend the co-workers and their willingness to help and mentor. I spent many hours with our engineer Benjamin Zwittnig, who is one of the greatest experts in the field of domain name system (DNS) in our country, as well as with Andrej Bagon and Nikola Mitev, who are both experts in their fields.
I’m glad that co-workers think about safety daily
In addition to the wonderful coworkers, the beginning was also made easier for me by the already very well-developed security culture at the Registry, which is generally a problem for many companies and institutions. Security culture was certainly enhanced by the information security management system introduced in the Register according to the ISO 27001 standard, and by my predecessor, Gašper Bertoncelj, who laid an excellent foundation here. I am glad that the employees are already thinking about the security aspect in their work – about threats, vulnerabilities and risks, so it is very pleasant to work with them. In general, I can say that this cooperation is crucial. It is very important that we find good, safe solutions and procedures together and then stick to these procedures. Cooperation is key. In general, it is also important for an information security administrator to be cautious and a little suspicious. However, trust is also needed. This trust applies to both the technology and the protocols implemented by the collaborators. At some point, you simply need to trust. Where you set this limit is, of course, decided after careful analysis and careful consideration. Diligence is good, but paranoia can lead to pointless actions.