“Today, AI is being integrated into critical systems without much evaluation, and this has implications we cannot ignore. I saw in this program an opportunity to develop a critical, yet useful, perspective, with applicable tools, not just theoretical ones,” says Her CyberTracks participant Natalia Riveros, a Paraguayan participant of the program, in her interview with LAC4 ahead of the Her CyberTracks Programme training in October in Santo Domingo. With experience in both engineering and law, Natalia brings a critical perspective to the evolving challenges of digital risks in Latin America, especially as AI and interconnectivity reshape the region’s critical infrastructures.

You applied to the programme a while ago – what caught your attention and what drove you to sending your application? 

What drove me was something quite concrete: as an energy engineer and lawyer, I see every day how the concept of “risk” has changed. It’s no longer just about technical or legal stability, but about how both worlds intersect in a digital environment that changes faster than it can be regulated. 

Her CyberTracks interested me because it doesn’t limit itself to the technical aspects, and that’s rare. Almost all cybersecurity programmes are highly specialized in technology, but they ignore the institutional context, legal language, or real human capabilities. In my case, since I work in a sector like energy — where a digital error can leave an entire city without power —I needed a space where these topics could be discussed together. 

I was also interested in going beyond the optimistic discourse about artificial intelligence. Today, AI is being integrated into critical systems without much evaluation, and this has implications we cannot ignore. I saw in this program an opportunity to develop a critical, yet useful, perspective, with applicable tools, not just theoretical ones. 

Her CyberTracks programme is more than half way through since its start in April, and we are going to meet soon in Santo Domingo for in-person training. How has it been so far? 

So far, the programme has helped me sort through many of the loose pieces. I knew incident response was important, but I hadn’t thought much about who decides what, how a crisis is communicated internally, or how to prioritize what to protect first. I learned that from the governance modules. 

It also made me think more deeply about how organizations should prepare: not just with technology, but with clear structures, defined roles, and a common language between the technical, legal, and management sectors. In the energy sector, where everything is interconnected, this is essential. 

I value it above all because it doesn’t fall into the cliché of cybersecurity as something purely technical. It forces you to see cybersecurity as a matter of decisions, communication, and shared responsibility. That’s what I’ve gained most. 

Given your background, what do you think are the greatest challenges in cybersecurity right now? What do you see in your daily work? 

Cybersecurity isn’t keeping pace with technological change. Today, there’s a lot of talk about AI, the cloud, and automated systems, but very little about who oversees them, how they’re audited, or what happens when they fail. There’s no clear governance over technologies that are already making decisions for us in critical sectors. 

In critical infrastructure, such as energy, healthcare, and transportation, I continue to see unpatched systems, without segmentation, and without basic security protocols. But even more serious: there’s no clarity about who’s responsible if something goes wrong. 

I also see a consistent problem everywhere: technical teams don’t speak the same language as policymakers. And without strategic translation between these two worlds, prevention fails. It’s not that there’s a lack of tools, it’s that there’s a lack of conditions for them to work. 

From my experience in Latin America, the fact that resources are not distributed equitably adds to the problem. Some countries have comprehensive strategies, while others are still debating whether cybersecurity is a priority. This makes even good practices difficult to implement if they are not adapted to the context. 

Drawing from your experience, how international organisations like the EU and ITU or initiatives like LAC4 Centre could help to address these challenges? 

These organizations could make a difference if they shifted their focus from offering recommendations to supporting actual implementation. 

The EU, for example, has experience consolidating regulatory frameworks. But what would be most valuable now is for it to support the creation of technical and strategic training laboratories in the region. Not just to simulate attacks, but to practice decision-making in crises. We need spaces to rehearse difficult tasks, not just to repeat what we already know. 

The ITU and the LAC4 Center can contribute significantly by leading the debate on artificial intelligence in critical environments. It’s no longer just an emerging technology; it’s an operational reality that makes decisions every day. But no one audits these processes. We need methodologies to monitor AI, set limits, and prevent scenarios that we can’t even accurately imagine today. 

It would also be a great step for these organizations to strengthen local actors. Many universities, technical groups, and NGOs do incredible work with limited resources. If they are integrated into formal cooperation processes, not as beneficiaries, but as allies, cybersecurity can be built on roots, not just on paper. The technical aspects matter, but the capacity for collective implementation is everything. That’s the challenge and also the opportunity. 

About Natalia Riveros

I am an energy engineer and lawyer, and in recent years I have focused my work on the intersection of technology, regulation, and critical infrastructure protection. I have collaborated on projects related to energy efficiency, digital law, and cybersecurity, especially in sectors such as energy and electric mobility. 

 

I’m currently developing my career in consulting and training, participating as a speaker at international events, and supporting initiatives that seek to make technological risks and possible responses more accessible. However, I know that cybersecurity is a constantly evolving field, and I still have a lot to learn, especially on the technical and operational fronts. 

 

That’s why I’m deeply interested in this bootcamp. I want to strengthen my skills, learn from other experiences in the region, and continue building bridges between the legal, technical, and human aspects, with a perspective that’s truly connected to the challenges of the Latin American context. 

Her CyberTracks is funded by the Federal Foreign Office of Germany  and the European Union and co-implemented by the Deutsche Gesellschaft für internationale Zusammenarbeit (GIZ) and the International Telecommunication Union (ITU), in partnership with the Global Programme on Cybercrime of the United Nations Office on Drugs and Crime (UNODC) for the Criminal Justice CyberTrack and the Latin America and Caribbean Cyber Competence Centre (LAC4) for the LAC region. Read more about the program.