Interview: Baya Lonqueux- Are We Prepared For Cybersecurity Risks?
February 1, 2024, 9 min read
The GCS Network team recently had the opportunity to talk with Baya Lonqueux, CEO – Founder of Reciproc-IT, to learn more about her remarkable career and talk about the rise in modern cybersecurity risks.
Who is Baya Lonqueux?
Baya Lonqueux is the CEO and Founder of Reciproc-IT, a cybersecurity consulting company. She is a passionate advocate for cybersecurity awareness and believes in making cybersecurity accessible to all, beyond just technical experts..
What Baya Lonqueux Stands For?
Baya Lonqueux stands for democratizing cybersecurity and making it accessible to everyone, not just technical experts. She discusses cybersecurity openly and advocates for organizational and individual responsibility in maintaining online security.
Interview Theme: Are We Prepared For The Rise in Modern Cybersecurity Risks?
Baya’s journey into cybersecurity began over a decade ago when she took on the responsibility of leading a business unit focused on information systems security audits. This experience ignited her passion for cybersecurity, prompting her to launch RECIPROC-IT to democratize cybersecurity knowledge and make it accessible to everyone. Through her startup, Baya endeavors to evangelize the importance of cybersecurity awareness among business leaders and individuals alike.
In our interview, Baya provided valuable insights into various aspects of cybersecurity, from staying updated on emerging threats to effectively mitigating risks. She emphasized the need for proactive risk management strategies and highlighted the role of technology, such as AI and machine learning, in enhancing cybersecurity measures.
1- Could you share a bit about your journey in the cybersecurity field? How did you get started, and what motivated you to pursue a career in helping organizations stay secure online?
I’ve been working in IT for a while as a project and customer account manager. And just over ten years ago, a professional opportunity gave me the chance to take responsibility for a new business unit in charge of information systems security audits. I discovered a new field, an IT field that is not only technical but also organizational and human, as it involves questions of behavior, awareness, and process management. It’s exciting to be working on all these things at the same time.
Few years ago, I wanted to go further, to tackle this subject in an ambitious way, following my own path. I launched my own start-up, RECIPROC-IT, entirely dedicated to cybersecurity. I wanted to evangelize, to talk about cybersecurity like any other subject, to make business leaders understand what their responsibilities are, to take cybersecurity beyond technical boundaries: the subject isn’t just a domain for experts, it’s a subject for everyone in our new era, so let’s talk about it!
2-How do you stay updated on the rapidly evolving landscape of the cybersecurity ecosystem?
First, we are inundated with information. It’s impossible to escape the news; a simple click brings us a continuous flow of information. And as a regular subscriber to the trade press, I read 2 or 3 articles every morning and listen to recorded webinars.
And of course, I’m naturally part of the ecosystem: in my company, in my network, we’re in a process of constant updating, which is good for me.
3-What suggestions would you provide to tech professionals interested in pursuing a cybersecurity career?
They have the profile to progress very quickly because they have those predispositions that can help them understand the requirements and know where to apply them. There is a wide range of skills for each of them. For those ready to explore the organizational aspects in greater depth, governance may be a good choice, there’s also the cybersecurity compliance subsection which may be of interest. And for those who wish to remain in the technical field, there is a whole field of activities open to them (technical auditing, analysis, incident response consulting, monitoring, etc.) More and more training courses and certifications are being offered to those who wish to reorient themselves.
4- Balancing work and personal life is often a concern. How do you manage this balance in a demanding field like cybersecurity, and do you have any tips for maintaining a healthy work-life balance?
It’s a question of organization. For my part, I have always known how to enjoy my private life, my free time, separating my professional life from my private life has helped me to stay motivated and enjoy what I do.
On the other hand, I would like to answer this question from another angle, because I find it interesting in the sense that it concerns two aspects; organization and responsibility: 2 important keywords in the field of cybersecurity:
- Responsibility, accountability of all company players for better collaboration, delegation around tasks, decisions to balance the batch of tasks generated by cybersecurity. So that these tasks and the associated responsibility are better shared.
- Organization, what to do and when to do it, and who is responsible for what,. This involves meeting the requirements of the position by preparing and planning the tasks and resources to be made available.
So yes, personal balance external or internal to the company is obtained when responsibility is well understood, and the organization is well set up.
5- How would you describe the modern cybersecurity risks businesses and individuals face?
It’s a constant threat that we need to consider in both our professional and private lives. This threat has the same impact for both, taking the form of theft or loss of data, unavailability of a system, application or process, or alteration of our information. Cyber threats are a real scourge in our new society, putting our lives at risk.
- For a company, it’s the survival of its economic activity that’s at stake: a cybersecurity attack jeopardizes the normal continuation of the company’s activity, with all the impact this can have on all the company’s resources.
- For individuals, it means an impact on our privacy, an inability to communicate, to make transactions, it can have an impact on our freedom of move, our physical safety could be affected by these threats, for example: a cybersecurity attack affecting a hospital can have frightening consequences, and we can list more other threats…
6-From your perspective, what are some common mistakes that organizations often make in their approach to cyber risk management?
The most common mistakes are failing to understand and manage priorities.
Organizations must define exactly where the risks are, what critical assets you need to focus on. Organizations focus mainly on operational tasks, which is a good thing, but from my point of view, you can’t manage the day-to-day operational work if you’re not organized to be more efficient.
7-How does using AI and machine learning affect how you manage cybersecurity risks?
Machine learning and AI are the exciting new tools that can help process data better, have a relevant response, automate the security process, improve threat response. But there’s still a long way to go because we don’t have enough access to real data to help AI be more pertinent, and this applies to both preventive and predictive measures. From my point of view, we’re still at the data-gathering stage, and it’s still too early to comment on AI’s contributions to cybersecurity.
8- How should organizations strategically focus on mitigating risks, and what specific measures are taken to ensure effective risk management?
To mitigate cybersecurity risks, the winning strategy is to be proactive and identify them upstream, based on the security needs expressed by the company’s asset managers. This means:
- Understanding where the risks reside, and which critical and exposed assets need to be protected.
- Analyze the impact of a threat on the asset, considering the measures already in place, which will enable us to work on the residual impact.
- Simulate the threat to confirm its probability.
- Finally, organize the treatment strategy based on the results of the risk analysis.
This approach will enable decision-makers and managers to take the appropriate measures and monitor their application to ensure their effectiveness.
9- Reciproc-IT has a unique way of helping companies with cybersecurity. Can you share a bit more about how Reciproc-IT helps companies achieve these goals and why it is crucial for businesses?
Reciproc-IT is a consulting company. Since 2014, we have been building our know-how based on field experience. Auditing and investigating the different practices of our clients allows us to be more relevant in terms of advice and support.
We first had to understand each specificity, each security policy. We have discovered good and bad practices, then we naturally provide tailor-made advice, helping everyone accordingly. The audit helps identify threats, ineffective policies, lack of measures and awareness, etc.
Our customer experience has also shown us the disparities in companies’ approaches to cybersecurity. Some companies have a high level of security maturity but suffer from a lack of standardization in their practices. And, we come across companies that have a very poor understanding of security issues, who don’t understand or don’t know where to start and still think that security is the sole responsibility of IT.
Naturally, this inspired us to go further and find a way to meet both needs:
- Standardization of good practices for continuous improvement of the security of information systems.
- Provide an adequate response for a better understanding of cybersecurity, understand the risks linked to information security systems, manage the security of the information system with its own means to limit the number of external service providers, popularize a poorly understood subject.
- Cyber-attack is a risk and must be addressed like any other risk in a company.
Offering our customers a tool to help them better understand and manage their cybersecurity is an obvious answer. The creation of OLIGO.RISK MANAGER is a necessary and logical progression in our business as a cybersecurity specialist. OLIGO.RISK MANAGER is a risk analysis and management software package, suitable for all business sizes and all sectors of activity.
10- What are the practical benefits of using Oligo Risk Manager for someone new to this, and how does it make a company stronger against cyber threats?
OLIGO.RISK MANAGER allows novices to know how to start managing their cybersecurity.
A functional or technical novice user will be able to use OLIGO.RISK MANAGER and be guided from the start to the end of a risk analysis:
- He will learn to frame his security needs, classify his information assets to be able to protect them according to their criticality,
- OLIGO.RISK MANAGER will automatically present feared events that the user will simulate to know their impacts.
- By considering feared events, analyze the gaps between the security measures in place and the state of the art
- Identify threats emanating from stakeholders interacting with the analyzed perimeter,
Simulate potential cyberattacks based on the expressed feared events, the state of application of measures, the possible involvement of stakeholders due to their identified vulnerabilities
- The likelihoods of the cyberattacks are calculated with relevance
- An operational risk treatment strategy will be proposed in an automated manner.
The advantages of using OLIGO.RISK MANAGER are numerous regardless of the user’s level of knowledge and skill. The interface is user-friendly, the automation of all the functionalities in a progressive and logical workflow allows a quick handling, and cybersecurity management is ensured!
11- How does Reciproc-IT actively participate in the cybersecurity community to exchange insights, promote best practices, and stay abreast of emerging threats? Are you planning to attend any upcoming technology events this quarter?
RECIPROC-IT is part of a cybersecurity cluster in the Paris region, Systematic Paris-Region Deep Tech Ecosystem, an ecosystem of members specialized in cybersecurity. We also have partnerships with universities, with the aim of promoting, contributing, and sharing our knowledge and experience.
We regularly participate in FIC, the International Cybersecurity Forum, and will be there this year. We’ll keep an eye out for upcoming tech-related events we might attend this year as our calendars begin to come together.
*Let’s contact Reciproc -IT now!
In today’s connected world, cybersecurity has become a paramount concern for businesses and individuals. To shed light on this critical topic, we had the privilege of interviewing Baya Lonqueux, the CEO and Founder of RECIPROC-IT, a pioneering cybersecurity consulting company. In our conversation, Baya shared her insights, experiences, and valuable advice on navigating the ever-evolving cybersecurity landscape.
One key takeaway from our conversation was Baya’s emphasis on the importance of organizational responsibility and collaboration in maintaining a healthy work-life balance, especially in a demanding field like cybersecurity.
We want to thank Baya Lonqueux for sharing her valuable insights and expertise. Her dedication to promoting cybersecurity awareness and her commitment to driving positive change in the industry are truly inspiring. We look forward to continuing to learn from her and following RECIPROC-IT’s journey as they continue to make strides in cybersecurity.