The code guardian

How Terézia Mézešová makes life difficult for hackers.

Nina Terp
Published on February 5, 2024

Terézia Mézešová loves to find and fix weaknesses in the system. To do this, she works with the very source code of medical technology products. The cybersecurity expert and her team ensure that Siemens Healthineers products are as cybersecure as possible from the very first idea. Her work helps patients and contributes to their protection and safe treatment.

Join our Cybersecurity team!

Are you as passionate about cybersecurity as our colleague Terézia Mézešo? Then join our gobal team and help keep medical technology safe.

<p>Terézia Mézešová's work always starts with a new product idea. Her team takes care of <a href="hardening">hardening</a> the very first piece of code that the programmers write for a new product or software solution. In this way, she ensures a particularly high level of cyber security right at the start of the development process.&nbsp;</p>
Code hardening is the process of improving the security of a software program by fixing vulnerabilities and implementing measures to make it more resistant to attacks.
<p>Mézešová compares her work to that of editors: "Just as they adhere to certain editorial standards in terms of quality, we identify and solve programming problems. Together with our cyber teams around the world, we create a network of multiple layers of security for our software."</p>

<p>The biggest cyber threat is that "hackers can execute any command they want. They can copy, change, or delete data. And you don't know what they're doing." The good news, says Mézešová: "We can prevent this with simple means – or at least greatly mitigate the consequences of an attack."&nbsp;</p><p>She thinks it's great that Siemens Healthineers has the necessary cyber knowledge in-house: "Other companies have to buy in the know-how. This is often very expensive, time-consuming and involves a certain amount of risk and an increased coordination effort." As an employee at Siemens Healthineers, she benefits from the internal exchange of knowledge and customers can rely on the fact that all steps of product development are cyber-secure.</p>
<p>Before Mézešová looks at any code, she gets to know the planned product. Only if she knows its function can she protect it properly. "Code that ends up on our screens will only become a real product in a few years. So I also learn a lot about innovations and trends in the healthcare industry. I find that extremely exciting."</p>
<p>This also means that "at the time of testing, we cannot yet know in which environment the software will later run. An important skill for cyber security experts is to be able to make decisions based on incomplete information. Which testing method do we use? How far do we intervene in the code to eliminate vulnerabilities?" Security measures should not restrict the functionality of the product. "Our work is therefore like a balancing act."</p>
<p>The necessary niche knowledge is taught everywhere, says Mézešová. After completing her bachelor's degree in computer science in Slovakia, she specifically chose Tallinn: "It was one of the few universities with a focus on cyber security that I could afford – unlike Oxford, for example," smiles the Slovakian-born student, who now lives back in her hometown of Košice and enjoys being close to her family. Even as a young girl, Terézia liked mathematics and everything to do with it. It was easy for her. "At university, on the other hand, it was often hard work," she admits, but "I still enjoyed it a lot."</p>
<p>Mézešová has been leading the team of code testers for around a year now. They provide information, share knowledge, and use tools for an automated vulnerability check. "Simple checklists often help us to protect the code against <a href="SQL%20injections">SQL injections</a>, for example." They discuss code changes in the team and with the programmers. "Every opinion has the same weight. This makes working with my competent and great team very pleasant."</p>
SQL stands for Structured Query Language. In an SQL injection, cyber criminals inject their own commands or malicious code into an SQL database via web input masks, for example. The attackers gain access to sensitive data.
Terezia looking at her laptop typing

"The biggest danger is that hackers can execute any command they want. We can prevent this with simple means or at least greatly mitigate the consequences – right from the design phase of our products." 

Terézia Mézešová, cybersecurity expert and manager at Siemens Healthineers, Cybersecurity Center of Excellence in Košice, Slovakia

<p>"I know this when the hackers have a very hard time doing their job. Once all the usual loopholes have been closed, the hackers need a lot of time to find any loopholes at all. They have to come up with new, more elaborate ways." And that is too time-consuming and risky for many criminals. So, at best, they don't even try. And if they do, our work limits the damage." Mézešová's work makes a real difference – for Siemens Healthineers and our customers.</p>

Cybersecurity at Siemens Healthineers

We take a holistic approach to cybersecurity: Guided by a central set of security requirements and product-specific threat and risk analyses, we develop our equipment according to internationally accepted standards and procedures.

By Nina Terp

Nina Terp is an science journalist based in Germany. She is captivated by people and technology working for the greater good.