5 minute read
Holly Wright
Security Architect at IBM Development Labs
When Holly Wright, a security architect with IBM Development Labs on the Gold Coast, talks about her cybersecurity journey, diversity looms large in almost every aspect.
Asked what factors would be important if she were offered a new role—other than core features such as remuneration and the nature of the role itself—Wright cites its potential impact on the diversity of her life as a whole. “At the end of the day, success in my career can only happen if I am happy and thriving, and for me a big part of my happiness comes from friends, family and hobbies,” she says. “If a role meant that I had to permanently sacrifice a large chunk of that I would have to consider whether I would be able to succeed in that role in the long term.
“Some questions I might consider: are there new hobbies I could try that would work with the role? Are there other ways I can adjust my life so that I can still see friends and family? If I can still ‘keep my cup full’ and take on the new role, then bring it on!”
Similarly, her advice to anyone planning to pursue university education as a route into cybersecurity is to “get involved in university projects and clubs outside of their coursework, and ideally outside of their domain.”
THE SOURCE OF DIVERSITY
She says diversity of thought comes from exposure to completely different domains. “It’s vital you give yourself that exposure. Most universities have racing clubs, rocket clubs, robotics clubs – all of which are fantastic places to test and grow the skills you are building at university.
“These types of societies make you step outside your domain and think about the full ‘product’ you are building, working together and compromising with other parts of the system. That mindset is immensely valuable and is best when it comes from experience.”
And Wright says she brings a diverse set of personal skills to her role, to such an extent that she was once challenged whether she was suited to her engineering role.
Staff in her workplace were given the Herrmann Brain Dominance Instrument test, designed to measure and describe thinking preferences in people. It identifies four different modes of thinking: analytical, sequential, interpersonal and imaginative.
“The majority of people were showing strong analytical and practical driven styles, which makes sense in an office full of engineers,” Wright says. “But me, I was the opposite, scoring much higher in the relational and experimental scales. The facilitator even came over to me and asked me if I really enjoyed my job as an engineer.
A BIG PICTURE THINKER
“That did make me question whether I was doing the right thing at the time, but what I realised was that this difference is really what makes me a valuable part of my teams. I am energised when I’m thinking about the bigger picture and building relationships,
and that doesn’t take anything away from my technical skills. This is what we talk about when we say ‘diversity is key’. It’s the diversity in the way people think that makes it valuable.”
Wright’s career experience started with a Bachelor of Engineering at the University of Queensland, majoring in mechatronics, and quickly morphed into cybersecurity.
“I didn’t imagine myself going into cybersecurity, but an internship opportunity opened up to work with IBM Security in the Gold Coast Development Labs, and the Gold Coast being the city where I grew up I thought I would give it a go,” she recalls.
“During my degree I had done a couple of coding courses, which helped me secure the internship in my final year. I picked up a mountain of coding and cybersecurity skills during that internship, which enabled me to join IBM full time after graduation. I became part of a development team as a software engineer, building a world-class, market-leading threat detection SIEM product. From there I have grown my career, being a team leader, product owner and now, a security architect.
A PASSION-DRIVEN CAREER
“I always knew I enjoyed having more responsibility and driving projects, but I didn’t have a specific goal in mind for where I wanted to go. I think it’s very difficult to envision exactly what a role will be like until you are there. So, I’ve been very happy taking these steps one at a time. My passion for building great things and getting things done has naturally seeped through into all the roles I’ve held and has been the driving force pushing me into the next role. As a result, each step has felt like a very natural transition.”
Wright says the most rewarding aspect of her role at IBM is the continuous learning it offers. “I work directly with some of the world’s largest organisations to rapidly build prototypes to solve their cybersecurity challenges. Having exposure to some of the hardest problems in the security industry and to be working with cutting-edge technologies to overcome these challenges is highly rewarding.” She adds: “Knowing I am making a difference in the world from the things I am building here on the Gold Coast is very cool.”
For anyone contemplating a similar role, Wright says there are many pathways. “The most direct pathway would be studying software engineering and/or a security-based degree, but I am a living example of that not being the only route. Having some coding and technology skills is the most important part, and learning a bit about machine learning and cloud technologies is going to be very helpful as we move into a future where security has analytics embedded and security solutions run in more places.”
TECHNOLOGY VERSUS TALENT SHORTAGES
Advances in security technologies, Wright says, will play a key role in an industry struggling with talent shortages, too many disparate tools, too many alerts, too much to do and too much siloed information.
“I think the next big innovations in the security industry will be aimed at tackling these problems: using open platforms to break down silos; the adoption of open standards to make data ubiquitous without having to create unwieldly data lakes; and embedding analytics and workflows capabilities at the core of these platforms to enable automation and reduce the task burden on analysts. Together, these changes will enable organisations to reduce the impact of the rapidly evolving attack landscape on their business.
“We have seen the sophistication and rate of attacks continue to sky-rocket over the last few years. I think we will continue to see this in the next two years, with attackers willing to engineer targeted attacks and be patient with their exploitation. We will also see the continued adoption of modern technologies like machine learning and automation further increasing the sophistication of campaigns.”
www.linkedin.com/in/h-wright
