'Everyone who works here breathes cybersecurity’

Within Air France-KLM's cybersecurity domain, they are desperately looking for enthusiastic colleagues. A good time to sit down with Baha, Gerben and Chucky. All three have been immersed in cybersecurity for years, but their learning journey is far from over. What keeps their field so captivating, and why is working in aviation such a thrill?

Champion in hacking

Baha (28) recalls the exact moment he fell in love with his profession. "It was January 2018. I was still a student, studying Computer Engineering & Cyber Security at Jordan University. I participated in a Capture the Flag competition, where you solve security-related challenges to uncover hidden 'flags'. I won the contest, and that’s when the passion truly ignited."

After spending some time working as a technical team leader at SDS - Jordan's largest security provider - Baha ended up at Air France-KLM thanks to one of his best friends.

There, he began working as a cybersecurity engineer in the Cyber Defence team. "In a nutshell, we implement and manage tools for various stakeholders, including the Security Operations Centre (SOC) and the Cyber Threat and Cyber Intelligence teams."

Sometimes we customise the tools in-house. But we also buy them from other parties, or we purchase servers from a vendor. So, I interact a lot with vendors as well as with internal stakeholders.'

From biology to IT

One of Baha's colleagues is Gerben (37). He graduated as a biologist and took a master's degree in Neuroscience and Cognition, but soon made the switch to the IT world. He's been working as an SOC analyst at Air France-KLM for four years. ‘We look for vulnerabilities in our internal systems, and set up rules to detect events faster,’ he explains. 'If there's a cybersecurity incident, we investigate whether it's malicious and how to fix it. We record all logins, alerts and incidents in our SIEM. If there's suspicious activity, we take action: we shut down computers, lock down systems or block accounts.’ At the SOC, they're continuously optimising their processes. 'We do behavioural analysis and increasingly run playbooks in case of suspicious activity. We've also partly automated our responses.’

Infinite challenges

When there is a real need, they set up a so-called CSIRT team at the SOC. ‘This task force is aimed at resolving large-scale incidents quickly,’ Baha explains. ‘All sorts of experts from across the company are flown in, including a spokesperson from our department.’ That action is exactly what Gerben and Baha love about their work.

Baha recognises this. Because platforms are constantly being added and we are constantly working with different systems, our team keeps developing. I literally learn new things here every day - from colleagues, but also through the courses I attend.' Smiling: ‘That works out nicely, because you could say I'm addicted to knowledge!’

Safety first

Chucky Tam is the manager of the SOC. She handles major incidents and projects and is part of the CSIRT team. “Air France-KLM is a large company with a rich history, which can make the organisation quite complex,” she says. “This complexity adds to the challenge of working here—whether you’re a junior or a senior.

“Moreover, aviation is a fascinating industry,” she continues. “Security is a top priority here, and cybersecurity plays a crucial role in that. The issues we tackle are often critical and urgent. As Gerben mentioned, there’s always something going on. That’s why it’s essential for our team members to handle stress effectively.”

Everyone has their talent

There are 30 people in the SOC: 15 work in Toulouse, 15 in Amsterdam. ‘They are almost all IT professionals, but with a great mix in terms of experience,’ says Chucky. ‘Some colleagues come from the network angle, others from system administration.’ Gerben adds: ‘Many of us have our own specialisation: one knows everything about Windows Forensics Analysis or the Linux operating system, another is completely at home in network forensics or incident response.’

Baha highlights the vibrant team spirit: "It's an international crew with diverse backgrounds, and I'm always impressed by how supportive everyone is. We also have regular outings—like our team-building trips to Toulouse every few months."

Chucky adds that her colleagues share a deep passion for cybersecurity: "They're all in, both at work and in their free time. They read up on the latest trends, stay on top of news, and experiment with new tools. They really dive deep into it!"

"Are you interested in becoming a Cyber Security Engineer or SOC Analyst? We currently have two vacancies available. Please visit our Tech & Data section to view our current openings."