2025-10-30 –, Main Stage
In this talk, I share my personal journey from studying law and competing in top-level sports to building a career in cybersecurity. Without a technical background, I’ve carved out a successful path by leaning into my strongest assets: communication, empathy, and adaptability. I highlight how soft skills are essential in a field often dominated by tools and technology. Drawing from my experience in the GRC domain, I explain how awareness can shift security from being just a policy to becoming part of an organization’s culture. My story is about the power of soft skills and the human side of cyber — how trust, connection, and collaboration are the real drivers of lasting security.
This talk is not a technical deep dive — it’s a story about the power of soft skills in a field that often focuses on tools and technology. Communication, empathy, and adaptability are not just “nice to have” — they are essential. These skills allow me to translate complex policies into clear, human-centered actions, to coach stakeholders with patience and clarity, and to build trust across all levels of an organization. I believe women bring unique strengths to cybersecurity — creativity, flexibility, and the ability to connect. I’ll share how I’ve used those strengths to help organizations shift from compliance to culture, and why soft skills are a hard requirement in cybersecurity.
I always thought I’d become a public prosecutor ― someone who could help society by upholding justice and protecting people. With degrees in law and criminology, that path seemed clear. But I’ve always had a natural affinity for technology. Through my uncle, I was introduced to the world of cybersecurity, and I was immediately intrigued. That curiosity, combined with a willingness to learn, led me to take a leap of faith after my studies and dive into the world of cyber.
As a former top-level athlete and trained legal professional, I’ve learned how to stay focused and composed under pressure ― skills I now apply daily in my work as a Security Consultant. I help organizations strengthen their cybersecurity posture through risk management, vulnerability management, and awareness training. I entered the field through a traineeship, starting as a SOC analyst. Over time, I realized I missed the human connection ― so I moved into vulnerability management, where I could advise clients directly and translate technical findings into meaningful action. That’s where I discovered my passion for the human side of security.
About 1.5 years ago, I transitioned into the GRC domain, where I now focus on risk management, security awareness, and implementing frameworks like BIO 2.0 and NIS2. I currently work with a government inspection agency of around 140 employees, where the digital landscape is still developing and cybersecurity is not yet embedded in everyone’s daily mindset. This presents a unique challenge: how do you build a security culture in an environment where technical knowledge is limited and resistance to change is high? In my talk, I’ll share how we’ve approached awareness initiatives in such a setting ― making security relatable, understandable, and actionable for all employees. It’s about creating understanding, ownership, and behavioral change across all levels of an organization. When people feel involved and informed, security becomes part of their mindset — not just a policy.
In a world where technology is becoming increasingly complex, it’s the human factor that truly makes the difference. Awareness is not a checkbox — it’s the foundation of a secure culture. And that starts with connection, trust, and communication. When we put people at the center of our approach, cybersecurity becomes not only more effective, but also more sustainable. That’s where the true power of soft skills lies. Thank you.
My name is Ramiëlla Ramos, a Security Consultant with a background in law and criminology. After starting my career in the legal field, I transitioned into cybersecurity, where I now specialize in the GRC domain focusing on risk management, security awareness and implementing frameworks such as BIO 2.0 and NIS2 to help clients meet compliance and resilience goals. I’ve worked with both public and private sector clients, including the Ministry of Justice and Security, combining technical expertise with strong communication and advisory skills. My experience as a top-level athlete has shaped me into a resilient, goal-driven team player. I’m passionate about making the field more inclusive and accessible for women and young professionals.