COcyber Batch #3 Ambassadors in the Spotlight: Ana-Maria Matejic

With its third batch now underway, the COcyber Ambassador Programme continues to expand the network of professionals supporting stronger civilian-defence cybersecurity cooperation in Europe. Since its launch, each of the three cohorts has brought new expertise, perspectives and connections, helping to broaden the project’s outreach and reinforce dialogue within the cybersecurity community.

As Batch 3 approaches the final stage of its six-month ambassadorship, we are introducing the professionals who have helped carry this work forward. In this article we spoke with Ana-Maria Matejic, Senior Cybersecurity Advisor at WhiteLabelConsultancy, discussing her background, her perspective on European cybersecurity, and her reflections on the COcyber Ambassador experience as the journey comes to an end.

Q: Who are you, and what is your professional background?

I am a Senior Cybersecurity Advisor at WhiteLabelConsultancy, with 20 years of experience in cybersecurity, leading various global cybersecurity programs and transformation initiatives. I have coordinated cybersecurity efforts across diverse international markets and industries, and I am skilled in adapting to local cultures while effectively managing geographically dispersed teams and security programs. This extensive global experience has fed my mission to bridge the gap between technical expertise and business strategy, bringing cybersecurity to the forefront of boardroom discussions way before we had regulations doing that.

I am passionate about the intersection of technology and human behavior, championing innovation that works for the people. By advocating the "human factor" as the true technology sponsor and enabler, I work to ensure that cybersecurity programs are not just "technical plans" but also become a mindset, culturally aligned and accepted across all levels of an organisation. And ultimately making sure these programs are designed for how people actually work - their workflows, their pressures, their mental models of risk.

Q: Since when and how are you involved in the European cybersecurity sector?

I have worked with various European organisations for the past 15 years in consulting and management roles. My roles were focused on the telecom, space, and defence industries. I was also part of European projects focused on capacity building and situational awareness.

Q: From your perspective, what are the main challenges in the collaboration of the civilian and defence cybersecurity sectors in Europe?

Civilian and defence actors operate under fundamentally different mandates, legal frameworks and cultures — yet face an increasingly shared threat environment. State-sponsored attacks on critical infrastructure, hybrid warfare campaigns and the blurring of peacetime and conflict thresholds have made siloed approaches untenable.

However we have to recognize few areas where we certainly witness strong interactions and even I dare to say convergence:

Regulatory pull is increasingly forcing the relationship. NIS2 and DORA require operators of essential services to meet security standards that, in practice, align with defence-grade expectations — creating a de facto convergence at the technical level

Joint exercises such as NATO's Cyber Coalition and the EU's Cyber Europe bring both communities to the same table, testing response coordination across civilian and military chains of command

Institutional frameworks such as the EU Cyber Diplomacy Toolbox and NATO's recognition of cyberspace as an operational domain have formalised coordination at the policy level, though implementation remains uneven across member states

The defence cyber sector has been, by definition, quite isolated until recent years, with many technology developments and approaches not known to practitioners outside of the domain. The civilian sector, on the other hand, is definitely more open and more communicative to the wider audience. Probably these two opposite mindsets represent the main challenge.

Q: Again, from your perspective, what are the most crucial steps to address these challenges and strengthen Europe's joint digital safety efforts?

It is important to first identify common areas of concern in cybersecurity for both sectors, and secondly, to identify how certain weak cybersecurity areas in one sector could introduce weaknesses in the other sector or how they can be addressed with experiences from the other sector. Addressing these two points can be a great start to connect these two domains in a bi-directional way.

Q: Did your experience as a COcyber Ambassador align with what you expected at the beginning, and what are your key reflections now that the journey is ending?

I applied for the ambassadorship because I relate to the purpose of the project. We have been talking for the past 10 years about cooperation and synergies between different industries but rarely it was the case when some concrete steps were actually taken. 

And COcyber is exactly one of those very much needed steps ahead. I appreciate the fact that we are left with a lot of outcomes and deliverables as part of this project that constitute a solid foundation and further built on it. When talking about synergies I believe the project has taught us to take what’s best from a domain but also to learn its vulnerabilities that could potentially be addressed by the strengths of the other domains.