The code guardian

Terézia Mézešová's work always starts with a new product idea. Her team takes care of hardening the very first piece of code that the programmers write for a new product or software solution. In this way, she ensures a particularly high level of cyber security right at the start of the development process. 

Mézešová compares her work to that of editors: "Just as they adhere to certain editorial standards in terms of quality, we identify and solve programming problems. Together with our cyber teams around the world, we create a network of multiple layers of security for our software."

The biggest cyber threat is that "hackers can execute any command they want. They can copy, change, or delete data. And you don't know what they're doing." The good news, says Mézešová: "We can prevent this with simple means – or at least greatly mitigate the consequences of an attack." 

She thinks it's great that Siemens Healthineers has the necessary cyber knowledge in-house: "Other companies have to buy in the know-how. This is often very expensive, time-consuming and involves a certain amount of risk and an increased coordination effort." As an employee at Siemens Healthineers, she benefits from the internal exchange of knowledge and customers can rely on the fact that all steps of product development are cyber-secure.

Before Mézešová looks at any code, she gets to know the planned product. Only if she knows its function can she protect it properly. "Code that ends up on our screens will only become a real product in a few years. So I also learn a lot about innovations and trends in the healthcare industry. I find that extremely exciting."

This also means that "at the time of testing, we cannot yet know in which environment the software will later run. An important skill for cyber security experts is to be able to make decisions based on incomplete information. Which testing method do we use? How far do we intervene in the code to eliminate vulnerabilities?" Security measures should not restrict the functionality of the product. "Our work is therefore like a balancing act."

The necessary niche knowledge is taught everywhere, says Mézešová. After completing her bachelor's degree in computer science in Slovakia, she specifically chose Tallinn: "It was one of the few universities with a focus on cyber security that I could afford – unlike Oxford, for example," smiles the Slovakian-born student, who now lives back in her hometown of Košice and enjoys being close to her family. Even as a young girl, Terézia liked mathematics and everything to do with it. It was easy for her. "At university, on the other hand, it was often hard work," she admits, but "I still enjoyed it a lot."

Mézešová has been leading the team of code testers for around a year now. They provide information, share knowledge, and use tools for an automated vulnerability check. "Simple checklists often help us to protect the code against SQL injections, for example." They discuss code changes in the team and with the programmers. "Every opinion has the same weight. This makes working with my competent and great team very pleasant."

"I know this when the hackers have a very hard time doing their job. Once all the usual loopholes have been closed, the hackers need a lot of time to find any loopholes at all. They have to come up with new, more elaborate ways." And that is too time-consuming and risky for many criminals. So, at best, they don't even try. And if they do, our work limits the damage." Mézešová's work makes a real difference – for Siemens Healthineers and our customers.