Liisa Past, Chief Information Security Officer, IT and Development Centre, Ministry of the Interior, Estonia
By Yun Xuan Poon
Women in GovTech Special Report 2021.
How do you use technology/policy to improve citizens’ lives? Tell us about your role or organisation.
As the Chief Information Security Officer of the IT and Development Centre at the Estonian Ministry of the Interior, I lead the team that is responsible for mainstreaming information security practices across technology that saves lives in homeland security.
That means our clients – including the police, border guard, emergency responders and rescue service, as well as the ministry itself – have to be able to go about their business of providing safety and security without worrying about technology but rather, be empowered by it.
The mission of our organisation is to save lives with IT. It’s hard to imagine a more direct impact to people in Estonia or more meaningful work for the team.
What is one unexpected learning from 2021?
The global workforce learned to really work from home in 2021. In a lot of ways, 2020 meant living in a crisis and making things up as one went along. 2021 has demonstrated the reality of the pandemic-accelerated digital transformation.
On the one hand, the cyber security threats and risks have not changed drastically. The major supply chain attacks, for example, demonstrate both how reliant our lives are on digital solutions and how the attackers balance opportunism and patience.
They also show how breaches and compromises are not just about data and information systems. They’re about trust that our increasingly digital way of life is feasible and sustainable.
On the other hand, the out-of-office population has particular information security needs. The information security focus has also shifted from defending the perimeter of a network to protecting the end user and their devices regardless of where they are.
Estonia provides a government-backed secure digital identity for both authentication and digital signatures, and our digital ecosystem relies on that capability heavily. Additionally, the devices the end user has with them have to be protected, be it through virtual desktops or virtual private networks.
Most fundamentally, however, the pandemic has again highlighted global connectedness in the digital realm. The rollout – and hiccups along the way – of digital solutions for international pandemic-related information exchange and contact tracing point at obvious gaps. The digital European vaccination passport is a great example of what can be done if push comes to shove.
What’s your favourite memory from the past year?
I work with a small but incredibly diverse team that has experienced a fair amount of change in the last few years. Figuring out how we work together and have each other’s backs is the absolute professional highlight of the year. Every single team member is clever, takes responsibility and is dedicated to the bigger picture. While we have a lot of challenges ahead, this is a great foundation to build on.
What are your priorities for 2022? What’s a tool or technique you’re excited to explore in 2022?
Our focus at the IT and Development Centre at the Estonian Ministry of the Interior for 2022 is to improve cyber security situational awareness across the organisations we serve. This means starting to build a virtual security operations centre that supports decision making across the board from 24/7 event triage to top leadership.
A virtual centre allows us to bring together different information sources, explore automation and event orchestration, as well as have a better overall picture.
Who are the mentors and heroes that inspire you?
I draw inspiration from those driving change in the infosec/cyber security field and my colleagues, past and present. In this incredibly dynamic sector, we need to be able to learn from one another.
I would not be the professional I am without my past colleagues from the NATO Cooperative Cyber Defence Centre of Excellence that afforded me the luxury of asking (often not very clever) questions from some of the leading researchers in cyber security.
The Estonian Information System Authority offered a unique view into the running of a digital government ecosystem. Meanwhile, my present job as the Chief Information Security Officer of the IT and Development Centre at the Estonian Ministry of the Interior makes me responsible for putting all this into practice.
What gets you up in the morning?
Promise of good coffee ;). In all seriousness, I do find that a morning routine is incredibly helpful in getting the day started and mine involves freshly ground light roast beans and a V60 filter.
Professionally, I’m driven by the meaning of the work and have been so throughout my career. Apologies for it sounding a little cliché, but I get up to make a meaningful impact on the world in any little way.