9 minute read
Celebrating information security excellence in 2021
by Laura Jiew, AWSN National Social Media & Marketing Lead
Congratulations to AWSN founder and executive manager, Jacqui Loustau, on her AusCERT2021 “Information Security Excellence” award. The AusCERT team recently had a chat with her to learn more about her role as executive manager at AWSN, her vision for the network, and for the cybersecurity industry in general.
Tell us a little about your professional career
My interest in technology started when I worked on a help desk at Australia Post, and in PC support at an insolvency company while studying at university for a Bachelor of Information Systems.
I then graduated and became a Unix administrator for a few years before deciding I wanted to travel and see the world.
When I was backpacking in Europe I ran out of money (as you do) and got a job working on the helpdesk at Schlumberger, where I was given the opportunity to retrain to be a technical consultant. They put me through some intensive technical networking and security training, and at the end asked me what I wanted to do. I thought security interesting, and that was pretty much how my security career journey began.
I then worked as a security consultant on multiple large scale projects in a variety of roles, including implementing antivirus, delivering public key infrastructure solutions, performing risk assessments and technical assessments, writing policy, and basically anything that was thrown at me.
I ended up spending seven years in London and seven years in Paris as a consultant working on many interesting projects, which I loved.
When I came back to Australia, I continued to consult on different projects before moving to the in-house security team at ANZ. I started in their Identity and Access Management (IAM) team, then moved on to designing the cybercrime controls for ANZ’s
institutional banking arm, and finally moved to head the Security Education and Influence team in a job share role.
I then decided I really wanted to help small businesses, which I saw being affected by cybercrime, and I ended up spending a year in start-up land with the folks at Cynch, a cybersecurity company focussed on small businesses.
You’re the founder of AWSN. Can you tell us more about how AWSN was born and what your mission is?
The idea for AWSN came to me when I returned from my 14-year stint overseas and returned to Melbourne.
I walked into a security event and was overwhelmed by being the only female in the room. It was something I had gotten used to in Europe, but seeing and experiencing it really hit me, especially when I didn’t know anyone in the room.
I met one other female participant and she took me under her wing and introduced me to some people. We then brought together a number of female colleagues for casual breakfasts and started meeting up before security conferences.
We spoke about how much we enjoyed working in security, and some talked about the challenges they faced being the only females in their teams. After a while, I started thinking there might be other women out there feeling alone, so I started a LinkedIn group. This grew organically, and soon local state-based chapters started to pop up across Australia. These then grew into more formal bodies, and now our community consists of around 2500 people.
The AWSN is an open network of people aiming to grow the number of women in the security community. We support, inspire and act as role models. We connect women in the industry, and those looking to enter the field, with the tools, knowledge, network and platforms needed to build confidence and interest.
As a network, we know the diverse nature of online threats requires diversity of thought if those threats are to be effectively addressed, and this is where our network thrives. We operate mainly through events, hand-on workshops, training, mentoring and speaking engagements with community groups, universities and high schools.
Congratulations on winning the Information Security Excellence award! What does this award mean to you?
It was an absolute honour to receive this award. This means so very much to me, and I sometimes still pinch myself with disbelief. I believe that this is a community recognition award, as the AWSN couldn’t have got to where it is today without all the volunteers, sponsors, donors, mentors, coaches, speakers, writers and all the people supporting us over the years.
Receiving this award means the information security industry in Australia recognises that what AWSN is doing is important and meaningful work, And that we are on the right track with what we are trying to achieve.
It means all the hard work and hours I and all our volunteers put in to make AWSN what it is today are worthwhile. Thank you to everyone who has contributed to our cause, you know who you are.
What do you see as some of the main cyber threats in today’s society, and what are their accompanying risks? Are you seeing any particular threats becoming more common?
Good question!
There are many, and I could probably talk for hours on this topic. But if I were to choose two that we as a society/community need to work together on a lot more, they would be application vulnerabilities and supply chain risks.
As we continue to use technology and build systems, apps and software faster than ever, security is often something considered at the last minute, or sometimes never. We shouldn’t expect the users of our systems or apps to know what to look out for when it comes to a security breach. Hence, it is my personal belief that technology should adopt a “secure-by-design” philosophy and make it easy
for users to apply security updates when they are required.
When it comes to supply chain risk, some of the cyber threat issues stem from the fact that small businesses (which ) often cannot afford expensive security services and products, or security consultants, to help them implement secure processes and protect their company assets.
These businesses are particularly vulnerable to threats such as business email compromise (BEC), ransomware or data breaches that are becoming increasingly common. These can have downstream impacts on large corporations, critical infrastructure and government agencies, because it is very likely these smaller businesses are part of their supply chains.
It’s a cliché, but cybersecurity really IS in everyone’s interest—no matter the size of your workplace.
If you could give one piece of advice for organisations and IT/cybersecurity professionals, what would that be?
To stay humble and keep an open mind.
Remember that most in our society don’t know what we know, so no question should be considered a silly question. I don’t think there is anyone in our sector who knows absolutely everything about security, so we shouldn’t treat/blame users for not having known better in the wake of a breach or an incident.
There are many people out there (they could be your grandparents, friends, family members and colleagues) who are confused and overwhelmed by the topic of cybersecurity.
It is the belief that cybersecurity is difficult and tricky that often makes security departments feared or perceived as unapproachable. Therefore, we as a community, have a responsibility to show others we are keen to help them learn and have them join us on this journey. We cannot fight this battle with just technology and largely rely on humans to report things that are suspicious, to consult with us before they are about to go live with a system and to sign off on our budgets. Therefore we need everyone on our side and we need to show that we are open to listen and help.
As a community, I think we need to communicate better, prioritise (based on known risks) and provide easy and accessible information, solutions and advice, so as not to confuse the general public further.
What’s one common challenge you find women and female-identifying professionals facing in the cybersecurity industry, and how can organisations continue to support them?
A common challenge I’ve personally found with women and female-identifying professionals in maledominated teams is that they feel they are not heard or not given the same opportunities as their male counterparts.
They are often questioned as to why they are there, and instead of being consulted as subject matter experts, they are asked to refer a query to a male counterpart, because the questioner assumes they don’t know the answer, or don’t have anything to contribute on a particular security topic.
Everyone should be given an equal opportunity to contribute. By this I don’t mean only females, but also young/elderly males, people of different ethnicities, people of different backgrounds, all of whom need a voice.
Organisations must address this better; it needs to be a fundamental part of all teams, or we will continue to lose good talent.
And when good talent is lost, it makes it hard for upcoming new talent to see people like themselves in a career path in security, and we absolutely need this new talent in order to fight the new security and technology challenges ahead.
The following excerpt was read out at the AusCERT2021 Gala Dinner awards ceremony on the 13th of May:
Jacqui is Founder and Executive Manager of the Australian Women in Security Network (AWSN) which aims to connect, support and inspire more
people, in particular, women and female-identifying professionals to pursue a career in security. She is also co-author of the international book ‘Women in the security profession’.
Having studied Information Systems at University, Jacqui Loustau thought she would pursue a career in computing. That career saw Jacqui leave Australia in the early 2000s to pursue an exciting opportunity in London. The next 14 years would see Jacqui working across London and Paris, working on various highprofile projects within the European Commission, UK government, NHS and the financial sectors - before returning to Australia in 2014 to take on a senior role with the ANZ bank.
It was through her role at ANZ, which involved attending and speaking at numerous industry events, that Jacqui first noticed the distinct lack of women working in the cybersecurity industry.
In April 2021, Jacqui decided to take a leap of faith and is now devoting 100 per cent of her time to building the AWSN as a not-for-profit organisation. In short, AWSN has been Jacqui’s “passion project” for close to seven years. Today, AWSN is a national group of close to 2500 members across Australia with linkages to a number of prominent sponsors. It is an open network of people aiming to grow the number of women and female-identifying professionals in the cyber security community.
AWSN’s mission is to support, inspire, and connect women and female-identifying professionals in the industry and those looking to enter the field with the tools, knowledge, a connected network and platforms they’ll need in order to build their confidence and cultivate their interest.
Kudos to Jacqui for her tireless work in building the AWSN to where it is today, and with that - it is with great honour that we invite her up to the stage to receive the award for Information Security Excellence in 2021.
Jacqui will also appear on the AusCERT “Share today, save tomorrow” podcast in an episode titled “Passion led us here” in July 2021. Please look out for this via Spotify, Google and Apple podcasts.
