Igor Bozic’s daily work centers on IT security. As an IT security specialist, he not only implements customer requirements, he also develops new security concepts and always ensures that security solutions are user-friendly for the customer’s employees.
Mr. Bozic, what does your role as an IT security specialist involve?
I have specialized in two areas of activity: consulting and introducing new IT security solutions. On the one hand, I visit the customer’s locations in my role as a consultant. The customer usually has a specific request, and I support the company when it comes to solving particular IT security problems. To do this, I analyze the problem and identify the requirements. In the IT area, a requirement refers to a feature that a software product or an IT system needs to have, for instance. Or I analyze an existing system that the customer uses and establish what aspects are working well and what aspects still have room for improvement.
I also introduce new security systems for customers. These activities have a strong technical focus, and usually involve tackling a particular challenge. I select the right technologies for the task and carry out a proof of concept. That is a small-scale test where we check whether the technology is suitable for the particular problem. If the concept is successful, I will use it for the security system. For example, it might involve creating a repository for storing all of a company’s passwords or different types of security-relevant information. In some cases, this information comes from different systems with different requirements and interfaces. I look at the products available on the market for this purpose and choose the appropriate one. In theory, there is also the option of programming something entirely by ourselves. However, this means higher costs for the customer, which is why we try to avoid it.
How often do you go to customers’ premises?
That varies a lot. When it comes to analyzing security systems, I travel to the customers and meet with the department in question on-site to discuss setting goals and how best to achieve them. As soon as everything is clarified and I have obtained the documents I need, I return to my location in Norderstedt to do the rest of the work. If I need to create a security system, I usually spend the whole project period at the customer’s premises. The advantage is that I am available to the customer for the entire period, so I can respond directly to questions. At the moment, I am working on a project at the premises of a Hamburg-based customer in the aviation sector. As I live in Hamburg myself, that’s very practical and convenient for me.
My job is to create a balance between user-friendliness and IT security.Igor Bozic, IT security specialist
What challenges do you face in your day-to-day work?
As an IT security specialist, you normally have contact with lots of different participants within a project. My job is to create a balance between user-friendliness and IT security, so I ensure that the participants understand IT security issues. The best security solution is of no use if they don’t use it or if they reject it. That is a typical IT problem with all sorts of solutions that you implement. Particularly where IT security is concerned, it’s often about explaining that the solution offers added value for everyone involved and isn’t a liability.
Besides that, it always depends on the particular project, and on the group of employees the IT security solution is intended to help. For example, it could be a system that runs in the background. In that case, it’s vital that the IT administrators know what they need to bear in mind in order to use the system correctly. On the other hand, if all or most of a customer’s employees are supposed to work with the system, I sometimes have to use another software solution to ensure an appropriate level of protection. It’s about finding the right IT security solution for every company and every requirement.
IT security specialist with a focus on technical information security
IT security specialists with a focus on technical information security advise our customers about setting up, maintaining, checking and continuously optimizing technical security solutions. In the process, you will focus on one or two of our areas of specialization such as digital trust architecture, web security, cloud security, mobile security, IoT security or security monitoring.
How is work structured in your team?
I am currently working on an agile project and I'm working with the team to develop a platform for a customer. All of the employees are mutually supporting each other to find a solution to the relevant IT security problems. Within the agile project, we start each morning with a short daily meeting, where everyone briefly explains what they did the day before, where problems might arise, and what is on the agenda for the day. We are currently working in a three-week rhythm based on scrum principles for this project. During this phase, you always work on several user stories, which refers to the requirements that the software or security system has to fulfill. The first step is to prioritize the stories and estimate how much time they will take. So we establish how important and labor-intensive each of them is.
In principle, an agile team aims to deliver useful results faster and to respond dynamically to changes in requirements. Our team consists of experts from various areas who we deploy for our tasks in a targeted manner so that the knowledge we have is distributed to the various team members. This enables us to work on tasks based on the actual priorities regardless of whether or not individual employees are available. For me, that provides the opportunity to build up my skills in other areas too.
Why did you decide to become an IT security specialist?
My father is a computer scientist, so I started learning about this discipline at an early age – so my career path was predetermined, in a way. During my studies – I initially studied business informatics and then IT management and consulting – I worked in the IT department of the Max Planck Institute for Meteorology in Hamburg. That was an exciting environment where I got to know a range of different technologies and requirements and also got to really make a contribution. After that, I worked for a consultancy firm for a year. That was a good start in my consulting career, but then I wanted to work on something more technical. I had already specialized in IT security during my studies, and I also wrote my master’s thesis on this topic. At Lufthansa Industry Solutions, I finally discovered a company that offered me the range of customers and exciting projects that I wanted.
What opportunities do you have for upskilling?
In general, we have a lot of freedom and a considerable say when it comes to our professional development. That means that for each individual employee, the formats and measures that will help each of us to advance are considered. On the one hand, there are standard training measures for every area and specialism – in other words, particular minimum training and certification requirements. On the other, everyone discusses what they might want to add to this standard training with their supervisor during the annual performance review. Then they reach a decision together on what particular measures are useful. Some training is carried out internally while some is external, depending on the contents.
What advice would you give entry-level professionals who are interested in becoming IT security specialists?
The first question you always have to ask is: am I interested in consulting, or would I rather focus on a particular area of IT security? Or, if necessary, should you combine the two? Because working as an IT security specialist with consulting activities is a multifaceted area. You see a lot, but you also need to have a certain degree of flexibility. The customers are often based in other cities – that is something you have to be conscious of. And then you have to ask yourself what you want to specialize in.
In principle, I would advise every entry-level professional to pay attention in the job interview to whether your own ideas are compatible with the employer’s. You shouldn’t select a company based on their name, but rather based on the projects. There’s no right or wrong answers, it’s really about whether you feel good about what you hear in a job interview.
About Igor Bozic
Igor Bozic initially graduated with a bachelor’s degree in business informatics and then completed a master’s degree in IT management and consulting. During this time, he worked as a student assistant in the IT department of the Max Planck Institute for Meteorology in Hamburg. After a period spent working for a consulting firm, he became an IT security specialist for Lufthansa Industry Solutions in Norderstedt in October 2017.