How my interest in human rights sparked a career in cybersecurity

Malin Jørgensen, a Manager in the Cybersecurity team at EY Norway, recollects how a confluence of her interest in human rights and her law degree drew her to cybersecurity.

I am from Bergen—also referred to as “the capital of the fjords”—an ethereally beautiful city on the southwestern coast of Norway. I have spent my life travelling between Bergen, Stavanger, Oslo and Washington D.C. for my education as well as work. From my younger years, I’ve held a keen interest in human rights, which has played a significant role in influencing my career journey so far.

My unconventional career journey

In 2011, I embarked on my bachelor’s education in Communication (Media Science) and further to that secured a master’s degree in Law (with Copyright, Human Rights and Privacy Law as my electives). While authoring my thesis, I was resolute that I wanted it to open doors to opportunities within and beyond Norway.

With privacy as the overarching theme, I drafted my thesis on GDPR and the testing of self-driving vehicles. The thesis explored how the new GDPR rules would affect the testing and implementation of autonomous vehicles in Norway and the European Union (EU). 

After my studies, I began working for the city of Bergen with privacy and information security, which was interesting. Working with the city got me a little taste of many different sectors—healthcare, education, etc.—and different subjects ranging from parking in the city to the implementation of Chromebooks in school. I was working as a Data Protection Officer (DPO) before I decided to join EY as a senior consultant this year. 

My education might seem quite different and diverse for my current role as a manager in cybersecurity, but they played a significant role in moulding my career journey.

A glimpse at my typical workday

At EY, I am a Manager in the Norwegian Cybersecurity team, working closely with clients to identify their problems and find solutions together. Most of my time at work is spent with clients, studying their processes and helping them integrate privacy as part of their existing processes—instead of having it as an impermeable layer atop everything else. So, my days differ depending on the client. My team also conducts audits and supports our clients in implementing change and developing strategic documentation. 

That is the most fun part of the job for me—understanding the client’s processes and figuring out the best way to make privacy a part of that. As I work in the privacy vertical, I also require a good understanding of technology. As the law does not move as fast as technology sometimes, we need to be fast in introducing regulations that fit reality in a rapidly changing technological environment.