Job Title: Information Assurance Specialist
Location: Canberra, Australia
Tell us an interesting or fun fact about you
In primary school the art and computer teacher were the same women. Through year 5 she and I connected over mutual interests of art and computers, allowing me to help out and do extra projects. When I was in year six she allowed me to run a digital art class for year 1 and 2 for the year (anything to get out of Math)!
What drew you towards a career in cyber security?
After completing the in the Cyber 9/12 Challenge and being introduced to the Policy, Governance Risk & Compliance (GRC) side of Cyber Security, I knew this was the career for me.
What do you enjoy most about what you do in the industry?
Being supported and encouraged by my work dads. I also enjoy talking risk and mitigations to a variety of stakeholders.
What things are the most challenging in your role?
The lack of people in my team. Being one of three means we are always busy achieving a lot, but we don’t get the same amount of downtime others compared to larger teams.
Have you come up against any challenges or roadblocks and if so, what were they and how did you overcome them?
Being taken seriously. It is not uncommon to be in a room with people who have children older than myself. When I was a graduate, there was an instance where someone noted I was young enough to be their grandchild. I responded by noting how successful their grandchild could be if I am sitting next to them in this meeting. It’s also worth noting this instance occurred in person. Most of the time I have my camera off as I want my reputation and professionalism to come through more than my youthful features.
What have been your career defining moments?
Being asked if I would like to represent security at one of the most high profile briefings for our largest customer – initially intimidating, I have since settled into the task.
What changes have you seen in the cyber security industry in the time that you have been in it?
The only change I have witnessed is what type of roles recruiters think I would be right for. It began with junior pen tester or SOC analysts, and in the last 4-6 months progressed to SOC manager and GRC specific roles.
Has the coronavirus pandemic impacted on your career, and if so in what ways?
During the pandemic, I was one of the few in my friendship group who was not impacted. The security and privacy considerations associated with masses of people quickly moving to work from home made us busy.
What soft skills do you think are important for women in cyber security to have?
– problem solving
Why do you think more women should consider a career in cyber security?
It’s such a board industry, you are bound to find one or a few areas which tickle your fancy intelligentially. Its also one industry where you can be internal, only speaking to a few teams within your organisation through operations specific cyber security roles, or external/customer facing e.g. consulting or awareness training roles.
How does someone from another industry make the move into cyber security?
Identify the current skills sets you have based on your experience and look at complimentary cyber security roles. E.g. accounting compliments audit, law compliments policy and compliance, engineering can complement architecture etc. Note – these are not hard and fast rules.
What advice would you give to a women looking to make the move into cyber security?
Talk to people in cyber security; tell them a bit about your background and interests. You will get passed from person to person, learning lots. The more information, the better informed your decision can be. I also recommend looking through some free training courses to get your head around it and determine if it is something you are interested in.
Do you think it is important to close the gender gap in cyber security and if so, how do you think this could be done?
Closing the gender gaps needs a multi-tier, multi-generational approach. In terms of the now, a combination of mentors, inviting environments, and easy non lineal paths can facilitate more women to join the industry. Regardless of experience, mentors are a fantastic support and second perspective when navigating through one’s career. The inviting environment speaks to a combination of good company culture, and a personal favourite saying of mine – while men dominate this industry, they are also a significant part of the solution. When an organisation or company culture is not inviting, women simply will avoid that workplace, and depending on the prevalence of these instances, women may choose to avoid the industry all together. I know I have been told about more places to avoid than apply. Finally, facilitating a simpler non liner path allows women who have cyber security adjacent skills to shift, setting a precedent and encouraging more women to do the same. Over the next 10-20 years, seeing how women can be successful cyber security professionals and mothers will inspire the next generation. Flexible working arrangements (working from home, job sharing) and changing the ‘we expect women to work as if they don’t have children and expect them to raise children as if they don’t work’ mentality. It can also have a knock-on effect through exposure; the next generation seeing successful women either in their home or being discussed in school. This exposure leads into the next one to two generations, of exposing cyber security as a career path early and not constrained it to a ‘boys subject’ – both genders need to see this. During my volunteering, I have noticed 9-11 year olds are yet to perceive gender specific roles in cyber security (until the school holds a girls in STEM, which prompts questions), and from a skill set perspective, gender has zero impact on the results.
While the situation in the cyber security industry has marginally improved in recent years, it is still a very male dominated world. What are your thoughts on this, and have you seen an improvement yourself?
While I was attending university, there was a lot of talk about quotas, and why they were proving unsuccessful. This is where organisations have a target; to hire X percent of women in cyber security roles within a timeframe. The fundamental issue with this approach is, it’s tricky for women to know if they are being selected for the role on their merits or to meet the company’s quota target. It also generated the perspective it is easier for women to obtain a role than a male in circumstances. Both water down the determination, effort, skillset and even passion which goes into making and growing great women in cyber security. On a less cynical note, there are several women drive organisations including Australian Women in Security Network (AWSN), which facilities opportunity for security professionals, recruiters and even educators to connect during events. These environments provide a window to some inspirational women and opportunity to connect with like minded people and even recruiters for someone who is looking int join cyber security. While they do not have the same tangible metrics quotas have, this environmental change I believe will have a larger impact over time.
“The Rise of the Cyber Women: Volume 2” is available now via the links below: