Role Model: Diana Edreva
Personal Details
- Title, Name, Surname: QSA, Diana Edreva
- LinkedIn Profile: https://www.linkedin.com/in/diana-edreva/
- Link and information to any initiatives you are involved in that relate to empowering women in ICT: https://women4cyber.bg/ Women4Cyber Bulgaria
Expertise
- Your role/job title: Qualified Security Assessor (PCI DSS)
- Company name: 7Security GmbH
- What is your field of expertise? Information Security, Cloud Security, Serverless computing, Fintech, Security of systems for processing, transmission and storage of cardholder data and sensitive authentication data.
Company details
Introduction
Please tell us a few things about yourself.
I’ve been working in IT since 2014, my career started in a web hosting company as a technical support, when I got a knack for cybersecurity due to the multitude of hacked websites I was dealing with on a daily basis, which lead in my later years to create a product for a different hosting company for cleaning hacked websites and also write a book on the topic (“The WebSec Book” on Amazon) which is something offered still today. I’ve been a team leader in two out of the three companies I’ve worked for so far, I have a bachelor degree in Information Security as well as a masters in Cybersecurity and digital forensics, I also have a CISSP (and the cute badge it comes with) and a few smaller similar certifications and am working as a Qualified Security Assessor in 7Security for a bit over 2 years and it’s been a blast. I am an assessor for the standard PCI DSS, but recently I’ve also been working with Secure Client Authentication, ISO27k and other similar standards as well, but PCI DSS is the core of my work and I love every second of it. It’s a technical standard, it covers all parts of information security for payment systems from physical security to network segmentation and secure configurations, penetration testing, vulnerability scanning, risk assessments and so on. It’s quite fun! I am also a fresh member of Women4Cyber Bulgaria which is an organization to empower women in Cyber Security all around the country.
Inspiration
What motivated you to enter the cybersecurity field, and how can we make that journey more accessible and visible to young women today?
The dynamic of it all, everything is always changing and there are new threads and new things to learn and look for. I do find it incredibly fun. I do believe that if you have a knack for cybersecurity and are curious it is an amazing field to work in, although it may be a bit stressful. I think if more roles are visible it is easier for people to find what they are looking for. Cybersecurity roles are not just pentesting and SOC, it’s not just red and blue teams out there, but there are so many more roles and GRC and compliance can be fun especially with the more technical standards like PCI DSS, where you get the privilege to help fintechs rise, to help them have secure infrastructures and oversee the technical trends live (if a specific SIEM is becoming popular - you know it and you know why and the best ways to use it, very fast, same goes for a new cloud service, or a creative way to approach CSP and SRI for example).
Career Growth
Beyond technical knowledge, which soft skills - such as teamwork, problem-solving, or ethical awareness - are most valuable in your day-to-day work?
Communication skills. The standard I work most with is quite technical and lengthy. It is incredibly important to be able to clearly and in a simple language explain complex requirements. If you cannot explain something in simple words - my opinion is that you do not understand it well enough. Clients are not expected to know the standard, neither to know the best ways to approach the security of their infrastructure, it is our job to explain why something needs to happen and suggest ways to approach it sometimes help and advice with the System Design when the fintech startup we work with has only an idea of what they want, but don’t know how to approach it (You have an iframe integration, then why use AWS EC2, when you can use Lambda and things can be so much cheaper and also easier - compliance wise..). Also some creativity is definitely required when consulting and guiding the implementation of the controls and time-management is also very important, as we work with deadlines and time frames for each step, so this is also an important skill.
Memorable Achievements
Share a project or moment that reflects the impact of your work.
We can shape the fintech industry directly, it is amazing to see that systems look the way they do, because a client listened to you. It is about real changes in real environments for real businesses, not just administrative changes. All of my clients are amazing and my work has definitely impacted them in a good way. I'd like to believe, I can’t choose the best moment.
Challenges
How do you stay ahead in a competitive field, and what obstacles have you overcome?
Learning all my life and would probably continue to do so. Staying updated, going through regular training, CTFs, Virtual labs, following on the latest trends and as my focus is in the cloud - making sure that I am always ahead when talking about new ways to approach certain issues, limitations, vulnerabilities and so on, the fintech world is definitely quite fast paced it would make me much less helpful to the clients if I am not able to be on top.
Work-Life Balance
How do you manage the demands of career and personal life?
I do think that I have a pretty good work-life balance, I am married, have a son, a second on the way, have my friends and small social circle and I separate work and personal life quite well, I believe. Although stressful at times, the job is very rewarding, so I find it all to be worth it. Of course time management is a very important skill in our job and if I wasn’t very good in that department it would be hard not to stay late finishing up things, but I can manage and it is worth it.
Personal motive
What’s your personal motto, or favourite motivational quote, that can also inspire the younger generation to follow studies and a career in an ICT / Cybersecurity field?
Follow your interests, you cannot half-heartedly do things. It is hard, and once you’ve climbed a hill - there is definitely a higher one ahead, always, until the end of time, so there is no top to reach, but you can enjoy the walk and have fun!
Future
Which emerging areas in cybersecurity, such as AI security, data protection, or social engineering, will be most relevant for the next generation of professionals entering the field? And what role can gender diversity and inclusion play?
The most relevant cybersecurity areas for new professionals include AI security, data protection, and defense against social engineering, as financial systems increasingly rely on AI, cloud platforms, and large volumes of sensitive customer data. Protecting transactions, identities, and financial data while complying with regulations will be a core priority, I think. We do see an increase in the need for PCI DSS, PIN, 3DS, etc. and I believe that’s not the only ones, as regulations tighten and requirements expand.