Introducing: Ena Kurtovic
Please describe your background. How long have you been with Secura, a Bureau Veritas company?
I am a Medior certification security specialist. I have over five years of experience in the security field, the last two of which have been with Secura. I have an undergraduate degree in Electrical Engineering and a Master’s degree in Cybersecurity. I started to get interested in security standards while studying for my Master’s degree. I gained knowledge in all primary information security regulatory bodies and their standards, such as PCI-DSS, SANS, PTES and NIST. And I particularly focused on the most common information security standard: the ISO/IEC 27k series. At the end of my studies, I passed the PECB ISO 27001 Lead Auditor exam.
What is your role within Secura?
I first joined Secura as an offensive security professional, where I would attempt to hack into systems to test their security. After penetration testing and solidifying my technical expertise, I redirected my interests back to a more holistic approach to security as part of the certification team. Upon joining the certification team, I obtained the ISO/IEC 15408 Common Criteria Evaluator certificate, which is a globally recognized standard for evaluating products or systems on defined sets of security requirements.
I worked as an evaluator on Secura’s Common Criteria projects, and as a technical evaluator in several Baseline Security Product Assessment (BSPA) projects. Currently, I’m expanding my knowledge in Internet of Things (IoT) security standards such as IEC 62443 and ETSI EN 303 645. In the future, I will be involved in automotive and maritime security standards and information security management.
Could you please share your thoughts on working at Bureau Veritas?
As a penetration tester, or ethical hacker, I find the work is versatile and high-paced, exposing my teammates and me to a multitude of different challenges. There’s a very steep learning curve, and for two years I have enjoyed a deep dive into a variety of technologies. Now, working as a security certification specialist, I commit to projects that enable me to go about my work at a very deep level. In this position, my attention isn’t focused on any one technology; instead, it includes insights into documentation and processes, as well as more project management responsibilities and client communication. It’s versatile and challenging, and there is still a lot to learn in the future.
But what I most like about this company is the working environment. I work on a team of knowledgeable, supportive and young colleagues, and every day at work is enjoyable. I am proud to say that I have found many friends at work, and not all company cultures provide such an opportunity. The working vibe—feeling at home with people—boosts productivity, and knowing that I have support makes me feel secure. This is something I personally value a lot. In addition, there is recognition of people’s responsibilities and challenges inside and outside of work, which helps achieve work/life balance.
And let's not forget a drink with colleagues on Friday nights after work!
How have you been able to develop professionally at Bureau Veritas?
There are opportunities for different career paths and a large variety of projects we can work on here. This allows for continuous learning opportunities, which I believe is important for anybody in this field. Management supports education and certification.
What is your greatest professional achievement?
I don’t know if I could pinpoint one professional achievement as a particular shining moment. I’ve earned titles and certificates, attended workshops and performed some great hacks, but I would rather see these accomplishments all together, as they’ve enabled me to grow while working within this organization. I would say that my greatest achievement is the sum of each day’s responsibilities to make one small part of the world a bit more secure.
What would you say to a candidate considering a career with Bureau Veritas?
BV is a company that will give you the opportunity to learn and improve professionally, with a healthy work-life balance. If you have a solution- or innovation-based mindset, your ideas for change and progress will be heard. Cybersecurity is a priority for companies and governments.
What do you think makes Bureau Veritas a reliable cybersecurity service provider, able to help its clients control their digital security?
We have over 20 years of experience in cybersecurity and provide clients with an independent assessment of their digital security. By using metrics and internationally recognized systems and standards, we make security tangible for the client, so that appropriate security measures can be taken. Security is not just about technology; it is equally about people and processes. We therefore use a holistic approach to tackle security from those three angles.