A passion for law can take you unexpectedly far. Nowadays it can even get you a ticket to the world of IT and cybersecurity, as the resume of Croatian-born, Belgium-based Ivana Butorac shows. Although in her case there was nothing really unexpected about her move to IT. In fact, when Ivana got hired by Sopra Steria Benelux at the start of this year, she had already been actively working towards that desired career goal for quite some time.
You are currently working as an Information Security Consultant. How would you describe your job to an outsider?
“Let me give you some quick background information first. As a consultant, I specialise in EU government projects. So my clients over the years and also here at Sopra Steria have been exclusively EU agencies and institutions.
As a member of the cybersecurity team at Sopra Steria Benelux, basically, my job is to ensure that personal data remains protected against unauthorised access and to prevent any unauthorised use, modification or disclosure of that information. I mainly deal with GDPR and other privacy-related compliance issues, supporting colleagues who cover the more technical and architectural security aspects of our projects. As requested by today’s data protection and privacy laws, we offer privacy and security by design to our customers. This means that privacy and security requirements are being designed into our technical solutions right from the start.
Currently, my specific role on a mission is that of a Data Protection Implementer. As such I am responsible, among other tasks, for conducting Data Protection Impact Assessments. Such an assessment is required whenever processing is likely to result in a high risk to the rights and freedoms of individuals, for instance when sensitive data are being processed on a large scale.”
You have two master’s degrees in law, but you don’t hold a formal degree in IT. Yet every day you need to collaborate with actual certified IT professionals. How does that work?
“That works quite well, thank you! (Laughs) It is true that I have a legal background. And even though I specialised in IT law, I cannot rightly and reasonably claim to have a technical IT profile. So far, I’ve gained most of my technical knowledge through my hands-on experience in working on various projects with different types of profiles in cross-functional teams.
To be honest, I too consider my cybersecurity career path a pretty non-traditional, atypical one. At the same time, that is exactly what makes it so interesting to me: the challenge of mastering all these different skills and knowledge and combining my legal expertise with that of more technically oriented experts. It also allows me to bring a completely different, fresh perspective on cybersecurity and ICT in general to our projects. And in the end, I feel that usually plays out wonderfully well. Which actually makes me very proud to have chosen this particular career path.
On the other hand, before turning my attention to IT law, I used to specialise in criminal law, where you deal with violations or abuses in the analogue world. But when you move to cybersecurity, you are dealing with exactly the same violations or abuses, only in the digital world. So when it comes down to it, my perspective and mindset as a criminal law legal professional are just as applicable to an online environment.
My knowledge of criminal law also allows me to better understand certain needs of my clients. For when you’re working in IT, you’re not just working on IT systems. You’re working with people for people - for society as a whole even. So you need to be able to look at the bigger picture, not just at the technology. Especially when you’re working on EU government projects where in the background other factors such as politics and policies also come into play and there are a great many stakeholders with their different interests to consider.”
Want to find out exactly what draws a lawyer to apply for a job at Sopra Steria? Our interview with Ivana Butorac continues here.
Interested in a career at Sopra Steria? Have a look at the Careers section on our website. Or better yet: check our current vacancies and apply immediately for the job that suits you!