7 minute read
Kao Hansell
KAO HANSELL
Kao Hansell grew up in the Blue Mountains region of NSW but moved to Salisbury North in South Australia when she was 11. She is now studying for a Bachelor of Information Technology: Networking and Cybersecurity at the University of South Australia. Her final semester will be the first semester of 2023.
Bachelor of Information Technology: Networking and Cybersecurity at the University of South Australia
Suppose you met an old friend from your last year at school who, knowing nothing about cybersecurity or what you do, asks you what you are doing. How do you answer them to ‘sell’ them on the idea of a career in cybersecurity?
I help people without them knowing. By engaging with companies and assisting with their cybersecurity needs I can make a difference in a stranger’s life, and they would never know. I help companies and organisations secure what is important and give those trying to protect you a fighting chance against the tide of those who would want to do harm.
How does the reality of cybersecurity as you experience it today fit with your understanding when you first thought about studying it?
I fell into the category of people who thought cybersecurity was black hoodies, too many coffees and energy drinks, big screens with data streaming across them and conducting penetration testing. I quickly learnt that is simply one important, but small, area of cybersecurity. Cybersecurity covers many technical and non-technical areas I had no idea about. I have found that, while I love the technical side of cybersecurity, pen-testing and how that works, I have also developed a great interest in risk and policy management.
What cybersecurity role would most like to be hired into when you graduate, and why?
This is a tough question. If you had asked me 12 months ago, I would have given a very different response. Previously it would have been something in forensics or insider threat analysis but after the experiences I have had this year I want to go into governance, risk and compliance, helping companies stay up to date and, in turn, protect the customers they serve.
What was the reaction from parents, peers or career advisors to your decision to get into cyber? Did you face any opposition, if so, how did you feel about this?
I did not find any opposition. I did get the usual “so you want to be a hacker” comment. Overall, I had a lot of support for my choice. I do remember one comment from a friend who said I would have to prove myself more than my male peers, which caught me off-guard.
Who, or what, would you say has had the biggest influence on your cybersecurity career journey to date, and why?
Having several female lecturers at both TAFE and university had an impact on my confidence in pursuing my IT career Overall, the biggest impact on my career journey was being introduced to Paul Dewsnap from Digital Resilience. This has led to me becoming part of his company and shadowing some of the most amazing people I have come to know. This was also how I found I enjoyed governance risk and compliance (GRC) and shifted the direction of my career journey.
What do you see has having been the most memorable and/or significant in your cybersecurity journey to date, and why?
I would say meeting many women not only in cybersecurity but STEM in general through HerTechPath. This was a major step forward to finding my feet and gaining confidence. Being able to network with such a variety of inspirational women and talk and learn was by far the most memorable and significant aspect of my journey.
In addition to your studies, what employment experience do you have in cybersecurity?
Since February I have been shadowing and working alongside members of Digital Resilience. This has mainly been across GRC, but I have also had the
pleasure of discussing penetration testing with our amazing pentester as well as gaining a greater understanding of how to approach and work with clients to meet their cybersecurity needs
The cybersecurity industry abounds with certifications from multiple organisations. Have you gained, or do you plan to gain, any of these, if so which ones, and why?
I was lucky enough to be one of the first students to graduate with a Certificate IV in Cybersecurity from TAFE SA. Other than that, I do not hold any industry certifications. I do plan to acquire the new certification from ISACA for cybersecurity fundamentals and work towards their IT Risk Fundamentals certifications. These are newer entry levels certifications they have released which I believe will be beneficial once I have completed my university study.
We hear all the time that the world of cybersecurity is changing rapidly, particularly with the rate of threat evolution. Do you feel your course is doing a good job of being current?
I believe the university and TAFE are doing their best to keep up with a landscape that seems to change daily. However, I would suggest anyone studying today to also keep learning outside of their courses.
What aspect of your studies excites you the most?
Graduating! Joking aside, learning how I can have an impact on businesses, be it in governance or technical manners, has been great.
What aspect do you find least interesting or useful?
I think it important to have an understanding of and a foundation in programming, because it can be very useful in cybersecurity. I was not terrible at it, I just was not interested.
Is there any aspect of cybersecurity you think should be given greater focus in your course, or any aspect you think should be given less focus?
My bachelors is a major in network with a minor in cybersecurity, and I feel there is a need for more focus on cybersecurity. While it is very important for someone going into a cybersecurity career to have a foundation knowledge of networking, CCNP level knowledge seems wasteful and the time could be better spent learning other skills.
Do you see the need for, or plan to undertake, additional training in non-cyber skills to better equip you for a future role, eg interpersonal communications or management?
I personally do not feel I will need to do this. I have previously worked in management and customer/ client facing roles, which has given me a good set of soft skills.
Are you involved in the wider cybersecurity community, eg AWSN if so, how and what has been your experience?
I am a member of several cybersecurity communities. These include AWSN, HerTechPath, AISA and ISACA. These communities have been amazing for learning, gathering information, growing my confidence and, most importantly, networking. All have different atmospheres and have been a great way to build confidence and find how I fit in the landscape.
What is your favourite source of general information about cybersecurity?
I find following a few people on Twitter, including Troy Hunt, useful along with my connections on LinkedIn and news sites like bleepingcomputer.com.
Have you ever felt disadvantaged or discriminated against by being a woman in cyber, if so, please provide details?
I do not believe I have experienced this, or I have not been aware of it. It is always a strange feeling attending an event and being one of only a handful of women in the room, but I have always found members of the cybersecurity community I have interacted with to be welcoming.
What measures do you have in place for your personal cybersecurity?
I try to ensure I use my password manager and keep good password hygiene. I use MFA wherever possible. I use a VPN when surfing the web, especially in public. I check emails for phishing and I do not click links or download random files. I ensure my settings stop macros running on Word, and so on.
With the benefit of hindsight, would you change your career trajectory to date, and if so now?
No, I do not think I would. I went into cybersecurity not knowing where I would land but so far I have been very happy with how I am going.
Have you already sought employment in cybersecurity, if so, what has been your experience of applications/interview?
I have applied for a few jobs during my time studying. I have made it through the general application phase and into the 3-4 stages. After the general applications I went through psychometric testing and video interviews but unfortunately was unsuccessful. I found my current position through word of mouth and meeting the owner of the company. I always say networking is an important skill for any student to learn.
www.linkedin.com/in/kao-hansell
