COcyber Batch #3 Ambassadors in the Spotlight: Maja Horvat

With its third batch now underway, the COcyber Ambassador Programme continues to expand the network of professionals supporting stronger civilian-defence cybersecurity cooperation in Europe. Since its launch, each of the three cohorts has brought new expertise, perspectives and connections, helping to broaden the project’s outreach and reinforce dialogue within the cybersecurity community.

As Batch 3 approaches the final stage of its six-month ambassadorship, we are introducing the professionals who have helped carry this work forward In this article, we spoke with Maja Horvat, Senior Project Manager at Women4Cyber Slovenia, about her background, her perspective on European cybersecurity, and her reflections on the COcyber Ambassador experience as the journey comes to an end.

Q: Who are you, and what is your professional background?

I am a senior project manager, innovation ecosystem builder, and inclusion advocate working at the intersection of deep tech, entrepreneurship, and cybersecurity. I support European R&I initiatives that help early-stage companies move from ambitious ideas to market reality.

Before moving into the European innovation space, I worked in the public sector at Slovenia's National Cybersecurity Centre, SI-CERT, where I gained first-hand exposure to the operational side of cyber resilience and the real-world challenges organisations face when security meets everyday constraints. As a project manager there, I led partner activities focused on strengthening cybersecurity in critical infrastructure. This experience reinforced a core principle I bring to every role: cybersecurity fails less often because of missing technology, and more often because we forget to acknowledge the human part in this equation.

I am also a co-founding member and member of the executive committee of Women4Cyber Slovenia, and an active mentor in the Women4Cyber mentorship programme, committed to increasing the visibility, confidence, and opportunity pipeline for women in cybersecurity.

Q: Since when and how are you involved in the European cybersecurity sector?

I have been involved in the European cybersecurity sector since 2022, when I joined SI-CERT. At the end of 2024, I co-founded the Women4Cyber Slovenia chapter to help close the cybersecurity talent gap and improve the representation of women in the field. I remain actively involved as an executive committee member, with the goal of creating more talent, stronger networks, better access to opportunities, and fewer "you don't look like a cybersecurity professional" moments.

In parallel, I support Europe's cyber readiness through EU-funded projects tackling one of the most strategic security challenges right now: post-quantum cryptography. I work on projects such as PQ-REACT and PQ-NEXT, which focus on the practical transition from classical cryptography to quantum-resistant approaches, including real-world validation and ecosystem engagement. In simple terms, quantum computing raises the stakes, and these projects help ensure Europe is not waiting for the threat to become a crisis before acting. 

Q: From your perspective, what are the main challenges in the collaboration of the civilian and defence cybersecurity sectors in Europe?

From my perspective, the hardest part of civilian-defence cybersecurity collaboration in Europe is not the lack of good intentions. It is the friction created when two systems with different rules, incentives, and risk tolerances try to move at the same speed.

The first challenge is the talent shortage. Europe is operating in a structural cybersecurity workforce gap, which makes cooperation harder because everyone is competing for the same limited pool of experts. There is also a skills mismatch: defence needs highly specialised capabilities, while civilian sectors need people who can implement security at scale across supply chains. Scarcity pushes organisations into "protect your own team first" behaviour, which kills collaboration.

The second challenge is diversity and representation, which directly impacts capacity. If we keep recruiting from the same narrow talent pool, we keep reproducing the same shortage. Underrepresentation of women is a capacity problem, with only 25% of cyber talent being women.

The third is information-sharing barriers, especially around classification and trust. Civilian actors often need speed and openness to coordinate response, while defence actors need confidentiality, clearance, and strict need-to-know. 

The fourth, and what I saw most clearly at national level, is governance and coordination. In Slovenia, one recurring issue is the unclear division of responsibilities and weak coordination between stakeholders, paired with limited financial and human resources to implement measures. During my time at SI-CERT, I also saw how difficult it was to attract and retain top talent in the public sector due to non-competitive salaries.

Q: Again, from your perspective, what are the most crucial steps to address these challenges and strengthen Europe's joint digital safety efforts?

Three steps stand out as most crucial.

The first is to build diverse cyber talent as critical infrastructure. Europe's cybersecurity capacity is capped by its workforce gap. The fastest way to raise that is to treat talent like critical infrastructure: long-term investment, clear career pathways, and cross-sector mobility between civilian, defence, and public institutions.

The second is to make governance and coordination crystal clear. It requires discipline: understandable mandates, shared playbooks, defined escalation paths, and routine coordination mechanisms so that collaboration is operational, not ad hoc. This is also where EU frameworks like NIS2 help, as they promote structured responsibilities and coordinated incident handling across entities and sectors.

The third is to prioritise trusted relationships and combine information sharing with joint exercises. In my experience, this is more of a people problem. At SI-CERT, when relationships were established between teams across CERTs, when you knew the names and the humans on the other side, information flowed faster and clearer. Exercises are the best way to build that trust before a crisis hits. Europe already has strong foundations for this through large-scale exercises such as ENISA's Cyber Europe, but fails to implement them effectively. 

Q: Did your experience as a COcyber Ambassador align with what you expected at the beginning, and what are your key reflections now that the journey is ending?

The experience completely aligned with my expectations. However, I recognise there is still much to do on the topic itself as well as in the awareness raising. I feel projects like these are very relevant and needed and I wish there would be more of them. I also support such “ambassadorship” initiatives as it means we can amplify the outreach among our networks which the project alone would have harder time to do. I see it as an example of a good practice.