5 minute read
Shelly Mills
Program Coordinator & Business Analyst The University of Queensland
I’m a business analyst and program coordinator in the data strategy and governance team at the University of Queensland. That at least is my title. In reality, my role is much wider. I do a bit of everything: project management, change management, communications and business analysis activities to develop practices and processes concerning the formal governance and management of UQ’s data assets, and maturing UQ’s information management capabilities.
This includes: privacy and consent management, data accessibility, metadata management, data ethics, data security, data literacy, and providing operational advice and support as a data governance subject matter expert as the field of data governance continues to mature.
I also run our data security and cybersecurity awareness campaign, manage a project to roll out Office 365 Sensitivity Labels, and have recently begun assisting our information architect with data modelling. We work with the Cybersecurity Operations Centre (CSOC) to complement our respective areas of work and goals. I work with the most brilliant team and a supportive manger. My boss, Sasenka Abeysooriya, has written a great article explaining how data governance is essential to cybersecurity.
I am supported and encouraged to take every opportunity I can to build new skills and grow professionally. Since taking this role: I have started presenting to staff at UQ on cybersecurity awareness along with our cybersecurity manager; managed our data and cybersecurity awareness campaign; assisted in conducting a comprehensive threat analysis on UQ’s data and information, which in turn informed UQ’s data handling procedure. All these activities have been enabled by the work I am leading in the information security classifications space.
At the time I started at UQ, Mandy Turner also joined as CSOC manager. She is a true champion of diversity, and a brilliant, talented mind. She always encourages you to think creatively, approaches scenarios from different angles, and empowers people to use their strengths in their roles. I have seen our CSOC really strengthen under her leadership, and she provides an environment where our amazing analysts are supported to make full use of their abilities.
I would describe the culture of my team as supportive, hard-working with balance, innovative, friendly. In a word: great. I would say my team is an exemplar of gender equality and my boss certainly drives and champions this.
I think diversity in every form will always bring benefits in terms of new ideas, perspectives and approaches. So, in that sense I certainly believe closing the gender gap will bring positive improvements. I’d love to see all areas embodying true gender equality and diversity.
I think we face the same cybersecurity challenges as many workplaces, primarily; culture and awareness, and budget for cybersecurity staff and tools. A key concern for me is security around IoT devices.
I took my current role after leaving my previous job in cybersecurity projects, which included a focus on cybersecurity awareness. When I started in that
earlier role, I saw it as my “dream job”. Unfortunately— and I think this is often the experience of women—as a female I faced some particular challenges with the culture.
I have a Bachelor of Science in Ecology and Conservation Biology, Honours in Aquatic Ecology, and a Grad Dip in Business (Public Relations), but no security qualifications.
It would have been beneficial to have studied IT at university. I’m not super technical, but I know I have the potential to be, and would love to have spent time developing those skills earlier rather than undertaking study in a separate field.
Studying PR has definitely helped with the communications and awareness aspect of my role, and studying in general has helped me develop my analytical and report writing skills. These are so important in security, but severely underrated, as are soft skills.
During my career in cybersecurity, I have found Twitter and LinkedIn have also contributed greatly to my career in cybersecurity. They are great places to network. I’ve met so many people in cybersecurity through these platforms.
Now, I am lucky to be in an environment where I am supported and encouraged to grow my skills. Most recently I’ve started doing data modelling, learning to use Oxygen XML and loving it. To keep up with current and emerging issues, I subscribe to a plethora of security newsletters and try and attend webinars and conferences.
At the moment I’m working to increase my leadership skills. I have undertaken courses, said “yes” to opportunities to present and speak publicly, and am now responsible for managing a staff member who has joined our team. I’ve also joined the Australian Information Security Association as a member of its Brisbane executive committee.
One of the biggest challenges of my role is legislation and balancing the collection of information with its retention and protection, and with the right to be forgotten. Organisations, and especially marketing departments, love to store information. However, the more information you store, the greater the risk of a data breach. It’s a tough balancing act.
It’s generally believed that COVID-19 created significant challenges for IT, and for IT security, but for me it has had some positive outcomes.
My role is program-funded, and we lost a significant amount of our program funding as a result of COVID. We were in the final stages of procurement for a data governance tool which was halted, and our team was reduced to two: my manager and myself.
I approached this challenge from the angle of “what can we do, with just the funding we have, that will still enable us to make a positive impact?” I put forward proposals to create a data.uq.edu.au website and rollout Office 365 Sensitivity Labels, both of which were approved, and I am now managing a small project team to implement those.
I easily build rapport and positive working relationships with colleagues, and I have found those skills to be extremely valuable. For example, being able to chat directly with a contact rather than having to submit a service ticket, when I need information or something done. As I progress in my career and my time becomes scarcer, I still try to make time to engage with colleagues and take genuine interest in how they are going, in order to maintain these relationships.
However, I do find office politics to be challenging. I tend to assume the best motives off the bat, so can be naive to underlying agendas. I need to balance being able to remain positive and trusting with being aware of business motives.
UQ has also adopted a hybrid work environment, which means our team was able to hire an amazing information architect based in Melbourne. They would not have been able to work with us otherwise, and they have brought us much value.
www.linkedin.com/in/shelly-mills/
