Rayna Stamboliyska

Rayna Stamboliyska is the VP Governance and Public Affairs at YesWeHack, a global bug bounty and coordinated disclosure leader.

She focuses on EU cyber diplomacy and resilience including issues related to cybersecurity, strategic autonomy and data protection. Rayna also manages the EU-funded SPARTA research and innovation project, which is a pilot for the EU Cyber Competences Network. An award-winning author for her most recent book “La face cachée d’Internet” (“The dark side of the Internet”, Larousse 2017), Rayna is also an IoT hacker and a staunch proponent of open source, data and science. Prior to joining YesWeHack, Rayna has served in various Directorship and security-related foreign policy positions: she has consulted for international organisations, private companies, governments and non-profits, interfacing with public sector actors and guiding them through innovative policy-making processes. Energetic and passionate, Rayna has grown to become a recognised information security speaker committed to educating those outside of the industry on security threats and best practices. She writes up the cybersecurity expert column “50 shades of Internet” at ZDNet.fr and tweets under @MaliciaRogue.

Tell us a bit about yourself, background and your current role

My path into the cybersecurity world was far from orthodox but a natural one nonetheless. As a graduate with two masters (one of which is in International Relations), I understood the importance of leveraging technology to address scientific and social questions while being conscious of its uses. I also hold a PhD in evolutionary genetics and bioinformatics, which has instilled in me how crucial it is to make research data, publications, and code open and accessible to everyone.

Whichever the field of activity or the assignment, I came to realise that we – as professionals but also as a society – were failing to protect what matters: personal data, strategic assets, etc. My professional journey and this realisation have led to my current position as Vice President of Governance & Public Affairs at YesWeHack, a role that makes me incredibly excited to come to work each day.

At present, I am focused on identifying sound approaches to preventing digital risks and advising political actors on how to proactively counter threats – essentially, expanding the strategic operations between ethical hackers and policy makers to protect our most valuable assets.

My main task is to build a bridge between the YesWeHack community (consisting of 22,000 ethical hackers) and the needs of an increasingly networked, digital society. To this end, I am primarily interested in tackling issues around digital governance and diplomacy, with the handling of vulnerability disclosures being a key responsibility.

Before YesWeHack, I was the Deputy Chief Information Security Officer and Data Protection Officer at the Oodrive Group, a solution provider for secure cloud and virtual data rooms. I have also worked as an expert and consultant in risk and crisis management for international organisations such as the World Bank, the OECD and UNESCO.

In addition to the technical experience I bring to YesWeHack, I am also passionate about increasing diversity in cybersecurity and tech. That is why I have joined the Women4Cyber Foundation as a Board Member.

Did you ever sit down and plan your career?

I have indeed thought about how to build my career. It is far too easy to just get another job, which is not what matters to me. The way I envisage a career is by being involved into an activity that aligns with my core values: justice, equity, social good.

So, from cutting my teeth as a young international consultant to accepting increasingly senior positions, my ambition has been to contribute to producing something with a whole-of-society impact. It is not always easy, to put it mildly. But I like to think that it is working so far.

Have you faced any career challenges along the way and how did you overcome these?

Like most people, I have faced career challenges.

There is a prevalent culture in STEM whereby leaders have pre-determined their own criteria for inclusion to define who can be part of the community. With so much navigating to do between meritocracy-motivated team leaders and the silent doocracy-driven ones, no wonder many candidates find it a challenging environment. Testimony to how rife this is can be gathered from the coining of the term ‘doocracy’ – which has arisen for hackerspaces and open source software communities to indicate that responsibilities (and thus power) are for the individuals who ‘do’ – rather than for those who hold a diploma or social status but may contribute very little.

What is a new challenge, and one I have witnessed first-hand, is for newcomers to be dismissed as candidates who are included just because they come from a minority group. This is potentially harmful to minorities in STEM and undermines the individual. It’s for this reason that I am always careful about being singled out as a “woman in STEM”. My skills matter, not my gender. I’d rather be acknowledged for my contribution, not because I have ovaries.

We as an industry, as a community of individuals, also have a clear and decisive responsibility to avoid artificially creating a skill gap. What I mean there is that we struggle in designing meaningful career progression paths. That struggle maintains a leaky pipeline: we all know of mid-level professionals with remarkable skillsets who wish to go into a different industry. But just because they are young in the field, we tend to treat them as young, underpaying them and making it harsh for them to grow and shine as professionals with unique expertise.

What has been your biggest career achievement to date?

I am extremely proud of my latest book, “La face cachée d’Internet” (Larousse, 2017). I wrote it at a special time in my professional life, when I myself was at crossroads trying to figure out how my unique skillset could contribute in a meaningful way. It has resonated with so many people which is the best gift I could receive.

What one thing do you believe has been a major factor in you achieving success?

Perseverance will get you anywhere. It is, obviously, so much nicer to also benefit from support and well-meaning individuals you can rely on when in doubt. That, I believe, is what has helped me greatly: to be able to turn to people with a question, a request for guidance or simple discussion over lunch. Mentoring and coaching are beneficial as they help build a richer perspective of our environment and ourselves, and mobilise our resourcefulness in constructive way.

Seeing myself through the eyes of others, who appreciate me enough to not be complacent, is what has given strength to my perseverance.

What top tips would you give to an individual who is trying to excel in their career in technology?

My main tips would be to do your job with transparency, to be modest — and to hold your ground. Ideas matter, as does introducing positive and constructive change. There are still many challenges and obstacles ahead of us which we can sometimes overcome by being assertive. So, be true to yourself, strive to learn and exercise your talents to create a world where you can thrive.

Do you believe there are still barriers for success for women working in tech, if so, how can these barriers be overcome?

I do, and the barriers are multiple. Some women remain stuck below the glass ceiling because they work for a self-centred manager. For other women, it may be a case of being disengaged with the work or valuing their free time more, while for another it may be a feeling of insecurity about their expertise – all of which may or may not be influenced by management. The list goes on.

From a more global perspective, there are plenty of other obstacles: family pressure, salary negotiation issues and a persisting pay gap, harassment in the workplace. Not to mention the stereotypes associated with the field, such as it being run by the “ol’ boys club” and requiring a skill set that is tough to obtain. These are still true. The good news is that culture change is also under way.

What do you think companies can do to support to progress the careers of women working in technology?

Over the years we’ve seen different initiatives to support and progress the careers of women in tech come and go, but none have had the desired effect. We have yet to reach equality. Which means that we also need a more comprehensive approach to tackle that issue.

Overall, we need to stop tokenising people. There is a diversity problem in STEM; gender is one of the issues, but not necessarily the main one. We need to stop thinking about gender through a prism and instead need to address the critical issues at hand.

We need to do better at communicating why technology matters to society so that it inspires women to want to shape its development, not just enter, but also remain and prosper in the field. Encouraging career development with mentoring and leadership programmes would go a long way to support this. We also need to address professionals from all genders: culture change is a systemic change; it won’t work if done in a vacuum by addressing only women.

There are currently only 17 per cent of women working in tech, if you could wave a magic wand, what is the one thing you would do to accelerate the pace of change for women in the industry?

To start to readdress this imbalance we need to push for equal pay between different roles, from entry-level to the boardroom. We need less gendering to create opportunities that make a difference and don’t rely on stereotypes. Finally, we need more mentoring to provide women and minorities with the industry insight and expertise needed to put them in a position to be able to secure the roles they deserve in the fight for equality.

What resources do you recommend for women working in tech?

I’ve learned a lot from Tarah Wheeler’s “Women in Tech”, William Ury’s “The Power of a Positive NO” and from a number of podcasts such as Freakonomics. More generally, GenPol is also a great resource. For the UK more specifically, the Women in Public Affairs community is really cool and helpful.