30 minute read
WHAT’S HER JOURNEY?
Jane Frankland
Award-Winning Cybersecurity Leader
It would be fascinating to know exactly how Jane Frankland went from being a freelance designer in the UK—and a nominated Young British Designer who sold her designs and paintings around the world—to become the author of a bestselling book, IN Security, and, in her words “a well-known figure in cybersecurity, travelling the world, speaking, writing and being a voice for the voiceless through the IN Security Movement.”
She offers two answers: “James Bond” and divine intervention! It was James Bond, she says, first piqued her interest in cybersecurity.
“I knew I wanted my own business from being a young child, but I never thought I’d end up doing what I do. Having graduated in art and design, and with a focus on fashion, I never thought I’d end up working in technology, specifically cybersecurity.”
Her entry in the industry was through Corsaire, a business that started in her home in 1997 and grew into a global penetration testing and cybersecurity consultancy sold to Mettlesome Holdings in July 2012. Starting Corsaire, she says, was intentional. “I knew exactly what I wanted to achieve and by when. Growing and selling it though was down to divine intervention. The journey I’ve had with KnewStart has been very different though.”
KnewStart is Frankland’s London-based consultancy that provides advisory, brand elevation, and women leadership services.
DIVINE INTERVENTION?
As to other career influences, Frankland invokes the translation of an old Yiddish proverb, “Mann Tracht, Un Gott Lacht.” It translates as “man plans, and God laughs.”
Frankland explains, “As ‘man plans, and God laughs’ I’ve always found I’ve been steered by God, source, my higher self, intuition, in the direction I’m supposed to go in and my roles have developed in ways I never would have imagined.”
In addition to being the CEO and owner of KnewStart, Frankland also runs The Source Platform for women in cyber, which she founded in 2021 to make women in cybersecurity the standard not the exception. It exists to help women and businesses who value them and offers career development and talent acquisition services.
However it is none of these entrepreneurial endeavours that Frankland cites as the biggest influence on her cybersecurity career but the writing of her book, IN Security, published in 2017. From that came her IN Security movement. “It’s where I use my leadership and influencer skills to act as a voice for the voiceless, campaign for change, research and offer scholarships,” she says. There is an IN Security Tribe manifesto
“Never in my wildest dreams would I have imagined I’d become a well-known figure in cybersecurity, travelling the world, speaking, writing and being a voice for the voiceless through the IN Security Movement. I’m humbled by the effect the book and the movement have had on so many people in the world, especially at a time when so many women have felt alone in cybersecurity.
“I love the people aspect of my role and anything that enables me to impact a person positively. That could be solving a problem for them and taking away some workplace pain. It could be inspiring someone when I’m speaking at an event, mentoring, coaching and training individuals or groups so they develop skills and advance in their career.”
Multiple Roles
In addition to her roles at IN Security, The Source and KnewStart, Frankland’s LinkedIn profile lists no fewer than six roles as current. So it is hardly surprising she cites time management as a massive consideration when trying to maintain a good work/life balance.
“Making time for daily activities outside of work like walking my dog, high intensity training, journaling, meditating, reading, and then having monthly Reiki, regular catch ups with friends and family and occasional trips to the theatre, horse riding and swimming help me stay energised and motivated, as well as reducing stress.
“Planning ahead and making prioritised lists help me manage my workload more efficiently and set aside time to relax. Additionally, clear communication with my team, family and friends makes all the difference in striking the right balance between work and life.”
And working on her work/life balance has spawned yet another Frankland project. “I’ve actually developed a methodology for this,” she says. “It’s called IN Focus and anyone can get it now (from my website). It helps you focus amidst so much distraction and build the habits, rituals and behaviours you want at work and at home, so you can achieve better work-life integration, health and joy.
“I start by looking back - daily, monthly, quarterly, bi-annually and yearly, and I document as much data as I can so I can pull out the wisdom. By looking at eleven areas of my life, it gives me a truer, more accurate, whole picture of what’s gone on and what to expect going forward. Reflection is key for setting meaningful goals and managing work life balance.”
And of course, with her many cybersecurity roles, staying current is yet another demand on her time. “Reading is my main way to stay up to date on the latest cyber threats and trends, as well as best practices for security solution,” she says.
“I’ll read blogs, news sources, and books. In addition to reading, I’ll watch videos on YouTube and listen to podcasts and speakers when I attend conferences. I also get a lot from talking to people in my network. By taking advantage of different content sources I find I can gain a more holistic understanding of the landscape and stay ahead of the curve.”
However, for any aspiring cybersecurity professional learning about cyber as a priority is not what Frankland advises. Rather she would tell someone to study the social sciences at university, such as anthropology, economics, geography, history, law, linguistics, politics, archaeology, psychology, and sociology.
“By diving into the complexities of these subjects, you can gain a better understanding of the world around you and how our interactions shape our individual and collective experiences. I see it as being very relevant in cybersecurity, especially in regard to the human aspect, and governance risk and compliance (GRC).
“Studying these opens a world of fascinating insights into how humans interact with each other and their environment. With an interdisciplinary approach you can explore topics such as culture, communication, cognition, behaviour, learning and development from different perspectives.”
And, in her experience, people transitioning into cyber with different backgrounds and experiences have become valuable assets for the industry. “Just like I did, they bring with them new perspectives, skills and experience which can help fill the gaps in current cyber capabilities. By bringing diversity of thought to cybersecurity they can provide fresh ideas and solutions, helping more organisations to meet the ever-evolving cyber threats they face.” www.linkedin.com/in/janefrankland jane-frankland.com www.instagram.com/janefrankland twitter.com/janefrankland www.youtube.com/janefranklandtv
The September 11, 2001 attack on the World Trade Centre changed the world of aviation security operations, and the lives of many individuals. For a number of professionals those changes were very impactful in terms of career trajectory.. When the aircraft hit the Twin Towers Christina Rose was working as a project officer on the Sydney Air Noise Amelioration Program in the Aviation Division of the Department of Transport & Regional Services, and was immediately drafted into a role managing Australia’s response to the impact on aviation operations.
She was made acting assistant director of a fourperson War Risk Indemnity Taskforce charged with ensuring Australia’s aviation industry continued to operate when the global aviation re-insurance industry collapsed in the wake of 9/11.
Following these immediate responses to 9/11
Christina was asked to join the Aviation Security Branch in the Department of Transport & Regional Services. “I had the responsibility of leading within this portfolio, firstly on the Air Security Officer
Program, secondly the work around retrofitting every aircraft with sixty seats or more operating within Australian airspace with hardened cockpit doors, and thirdly working in consultation with industry on the development over four years, of the Certificate ll in Aviation Transport Protection.”
She adds: “Each project contributed to the paradigm shift towards the creation of a safer, layered and more robust aviation security regime which has since prevented a number of incidents here and overseas.”
Christina says 9/11 was “the catalyst for the uplift of global aviation security measures and cooperation” and “led me down the path of championing the requirements for enhanced aviation security measures through partnering with industry here and the International Civil Aviation Organization internationally.”
From Government To Qantas
Christina has been at the heart of aviation security ever since, initially with the Australian Government, then with private security company Certis (formerly SNP Security) between April 2018 and January 2022 as ACT Aviation Security Manager responsible for security outcomes at Canberra Airport and Albury Airport. Today, she is Manager, Security Operations & Advisory with the Qantas Group.
Christina says she gained a sound understanding of the global framework set by the International Civil Aviation Organization while working for the Australian Government regulator before moving into the private sector where she has been able to operationalise this knowledge to benefit the teams she has worked with.
The industry Christina serves has, arguably, conquered the tyranny of distance, but for her the opposite is true. “The most challenging aspect of my current role requires continual recognition of the needs of key stakeholders working at our international ports in that they deserve almost a higher degree of attention our people here in Australia are used to given variances in the regulatory environments in which they work.” she says.
Global travel has its benefits and Christina says the most rewarding aspect of her role today is “Meeting interesting and skilled people with the same view of excellence in this field.”
On any day she “may be overseas working with government regulators and colleagues, attending an airport security or airline safety committee somewhere in Australia or overseeing my Duty Security Controller team’s triaging of critical security incidents affecting airline staff and passengers.”
Her advice to anyone aspiring to a similar role would be to work in various roles in industry and if possible, study law, management, policing and/or education at university with the view to “Thinking about the knowledge you will gain, the people you will meet and the places it can take you.”
For further progress she says, “industry experience and relationship management and emotional intelligence coupled with a working knowledge of global and respective domestic/country-specific legislative/compliance frameworks are mandatory to ensure an effective contribution to this sector.” www.linkedin.com/in/christina-rose-b5597b31
We have told some remarkable stories in WSM of women’s personal journeys in cybersecurity, from initial roles very far removed from cybersecurity or anything close to it. There was Marie Patane, teenage make-up worker and aspiring police officer who is now CSO of Sydney Metro (WSM No5, p20), but it would be hard to beat the journey of Sandra Agobian, a Syrian refugee who abandoned her multinational antiques business, arrived in Australia in 2017 speaking no English and now holds a cybersecurity analyst internship at nbn after gaining two highly competitive digital and cybersecurity training positions.
Agobian, a native of Syria, commenced her career at the age of 18 as an antique dealer. Later on, she established her own enterprise, a Handmade Crafts & Antiques Shop. This business was highly prosperous and gained a prominent position in the design markets of Syria, Lebanon, and Kuwait. With a workforce of over 40 employees, the company was regarded as a top-performing and distinctive establishment.
When the war began in Syria, she lost everything and came to Australia on a humanitarian visa. “I learned
English from scratch, met many people, engaged in the community as much as possible, and learned to understand the Aussie slang,” she says.
Australia gave her the opportunity to fulfil her childhood dream: studying. She started in TAFE, moved on to take a foundation course at Melbourne University and earned a place at Deakin University studying for a law degree.
During her studies, she volunteered at the Red Cross as an emergency responder and worked in various jobs, not all glamourous! while continuously searching and applying for better opportunities. Finally, she was accepted into the Victorian Government’s Digital Jobs program which gave her 12 weeks of free training in an industry-backed digital course of her choosing. She chose to study cybersecurity at CyberCx.
“As I learned more about computer systems and networks, I became increasingly fascinated by how they could be safeguarded against cyber threats” she says. “To deepen my understanding of the field, I started reading articles and attending talks on cybersecurity topics. My interest grew even further as I learned about the real-world impact of cyber attacks on individuals and organisations.”
Gaining A Nbn Internship
Following this, and through another competitive process, Agobian was selected for a 12-week internship at nbn where she was able to apply her new-found knowledge and skills in a realworld setting and contribute to the organisation’s efforts to safeguard against cyber threats. “The interview process at nbn was unique and made me feel comfortable,” she recalls. “Rather than being treated like a generic employee, I was valued as a unique person with a history and life experience.”
Thanks to her exemplary performance that internship was extended for a further six months. “This extension provided me with an opportunity to further develop my skills and knowledge and cement my passion for the field of cybersecurity,” she says. “I continued to gain valuable experience in the cybersecurity field and contribute to the organisation’s efforts to ensure the safety and security of its systems and networks.”
Agobian has seen others transition into cyber from quite different roles and says, in her experience, the key to a successful transition is a willingness to learn and a passion for the field. “While technical skills and knowledge are important, it is also essential to have a strong understanding of the cybersecurity landscape and the threats facing organisations.
“Some people may choose to gain additional qualifications or certifications to help with the transition, but I have also seen others successfully transition through on-the-job training and mentorship programs.”
She finds staying up to date with the ever-evolving tactics and techniques used by cybercriminals to be the most challenging aspect of her role. “The threat landscape is constantly evolving, and it requires me to stay informed about the latest trends and vulnerabilities. Additionally, analysing and interpreting large amounts of data and logs can be a complex and time-consuming process, requiring a high level of attention to detail and analytical skills.”
It is clear Agobian is only at the start of what is likely to be a stellar career in cybersecurity, and when looking for a role, she says remuneration will well down her priority list.
Career Priorities
“First and foremost I would want to ensure the company culture and values align with my own. It’s essential to work for a company that fosters a positive work environment and shares my personal values.
“The scope of the role and opportunities for growth and development are also important considerations. I would want to ensure the role offers opportunities for me to learn new skills and take on new challenges that will help me progress in my career.”
More important than salary is location. “I would consider the commute and potential relocation because it may impact my work-life balance. It’s important to find a balance that works for me and allows me to maintain a healthy work-life balance.
“Lastly, while remuneration is important, it should not be the only factor to consider. I would also evaluate the entire remuneration package, including salary, benefits and potential bonuses to ensure it aligns with my expectations and the overall value of the role.”
Certification Plans
With initial training and cybersecurity work experience under her belt, Agobian says she is looking to gain the Certified Ethical Hacker (CEH)
“This certification covers topics related to ethical hacking and cybersecurity, including footprinting and reconnaissance, network scanning, system hacking, malware, social engineering, denial-of-service attacks, session hijacking, web application hacking, wireless network hacking, and evasion techniques. CEH training is typically hands-on and includes simulations to provide practical experience.
It is widely recognized in the industry and would demonstrate my expertise and commitment to the field.
“Additionally, I am interested in gaining specialized certifications in areas such as cloud security. These certifications would allow me to develop expertise in specific areas of cybersecurity and would be particularly useful in a role where I am focused on specific security threats or technologies.
“I believe ongoing education and certifications are essential for anyone working in the constantly evolving field of cybersecurity, and I am committed to pursuing additional qualifications to advance my knowledge and skills.”
Inspiration And Support
Agobian says she has been influenced and inspired on her cybersecurity journey by both high-profile women and colleagues, in particular Clare O’Neil, Minister for Home Affairs and Minister for Cyber Security in the Australian Government, and Parisa Tabriz, the vice president and general manager at Google, responsible for the Chrome Browser, and ‘Google Security Princess’.
“These women have not only achieved great success in their own careers, but they have also helped to pave the way for other women to follow in their footsteps.”
Closer to home, “Shannon Gibb’s passion for cybersecurity has been contagious, and Johanna Williamson’s unwavering support have been invaluable. I have also learned a lot from my internship colleagues, Kate Daie, Mousumi Mitu, Shahnaz Ali, Alison Huang, and how we work together as a team with a shared passion for cybersecurity.
“The support and guidance of my managers, Paul Mcdonogh and Toby Nel have been instrumental in my professional development. They have provided me with opportunities to learn and grow in different areas of cybersecurity, and I am grateful for their encouragement and guidance.
“Finally, the management team at nbn, particularly Ant Cohen [Head Of Security Influence And Customer Solutions] and Simon Lee-Steere - Deputy Chief Security Officer - have created a culture of respect, inclusivity and support in the workplace that has made me feel comfortable and valued. Despite his high position, Darren Kane, the Chief Security Officer, is remarkably humble, and I know that I can always turn to my managers or colleagues for support and guidance.”
A Supportive Environment For Women
In general Agobian has found the growing number of initiatives aimed at encouraging more women to pursue careers in cybersecurity, such as mentorship programs, networking events and conferences, helping to create a more supportive and welcoming environment for women in cybersecurity that has helped her on her journey.
“Overall, I believe the growing recognition of the importance of diversity and inclusivity in cybersecurity is a positive development, and I hope that more women will be encouraged to pursue careers in this exciting and rapidly evolving field.”
Agobian wishes she had taken up cybersecurity earlier. She would tell her last-year-at-school self to pursue it with passion. “Start exploring the field as soon as possible, take advantage of every opportunity to learn about cybersecurity, whether it be through attending events, reading articles, or taking online courses.”
And she has not lost her passion for antiques, listing her leisure activities as “swimming, trying new foods, tasting wine, watching football and finding good deals on collecting antiques.” www.linkedin.com/in/sandra-agobian
Simona is a strategic leader with extensive experience in how technology enables the customer experience and facilitates the growth of business value. Enabled by her 23-year career in Technology, exploring all facets of technology and security, Simona has a wealth of expertise across the Information Management and Technology sector and has a diverse background in both corporate and government settings. Over the last 23 years, Simona has provided top-notch Technology and Cyber strategies in the Banking, Insurance, Aviation, Energy and State and Local Government sectors.
She has a proven track record of driving the successful delivery of large-scale transformation programs. As the CIO, during the height of the COVID pandemic, Simona achieved a 2-year digital transformation program in six weeks.
With specialties in building and delivering Technology Strategies, Cyber Security, Portfolio Management Offices, Service Management, Portfolio Delivery, Digital Operating Models and bringing Agility to practice, Simona has led IT evolution across toptier brands within the Finance, Aviation, Energy and Government industries.
Simona is a strategic thinker with a passion for what she does, leading from the front, engaging and energising strategic partners and stakeholders as well as the wider business in supporting high impact, dynamic solutions to deliver business value.
She has a passion for continuous improvement and empowering businesses and individuals to reach their full potential, encouraging innovative thinking enabling best practice through the use of technology.
Where It All Started
Simona Dimovski graduated from the University of Technology Sydney with a Bachelor of Applied Science in Information Studies, Information Technology and Information Science in 1999.
Today she is Head of Security and Technology at Helia (until recently Genworth Mortgage Insurance Australia) an ASX-listed provider of mortgage insurance to lenders. She describes her role as the latest stage in a career journey that has taken her into ever more security-focussed roles.
“Since the start of my career, and even before that, I have always been interested in information and protecting our digital and physical assets. I have spent the last 23 years working in technology, working across almost all the technology functions. Throughout all my roles, and especially as I progressed my career, it became imperative for me to be become more immersed and extend my experience in cybersecurity,” she says.
“I have always had a passion for technology and information and have had a deep understanding of the importance of protecting our digital assets and infrastructure from cyber threats such as hacking, malware, and phishing attacks. I have found it intellectually stimulating to stay ahead of everevolving threats, or have the opportunity to work on cutting-edge technology.
“I believe technology exists to enable the business and individuals to do their best work in the most secure way and with minimal frustration. So security has always been integral to my approach, and a major consideration and design feature in anything that I have done throughout my career.”
A Natural Progression Into Cyber
Dimovski describes here move into cybersecurity as being organic. “It was facilitated by my deep understanding of the congruence between security, technology, processes and people. My interest in cyber and information was present from the beginning of my career, and it grew naturally the more involved I became in running technology departments. From there the pivot was necessary, and luckily for me cyber is something I am very passionate about.”
Dimovski says her wide experience in other areas of technology benefits her current role in cybersecurity. “I have had varied career across all sections of technology, and I can add a lot of value in this space by linking my past experience in strategy, transformation, delivery, leadership and technology management.
“Cybersecurity is a challenging field that requires creative problem-solving skills. I enjoy the opportunity to tackle new challenges and develop innovative solutions to protect the organisation, and to do this I constantly need to keep up to date with the latest information and also the best methods to use when needed, such as when managing complex risks, or when managing an incident.
“I find it rewarding to know that my work is making a difference in protecting the organisation and the individuals I serve. I have the opportunity to develop and implement security strategies that can prevent or minimise damage from cyber attacks. I lead and work with some of the most exceptional people in the business. It is energising and empowering to be surrounded by people who believe in you, value your input and make you want to be a better person and a better leader.”
Beware Of Burnout
Any cybersecurity role can make significant demands on the holder’s time and energy, leading to burnout, and Dimovski admits to having come close to this. A few years ago she was “so obsessed with the neverending to-do list, and the work that needed to be done, that I almost burned myself out.
“I am very mindful now when I see the signs. I recalibrate and take time to be still and check in with myself and what’s most important to me. Recently I have introduced non-negotiable daily time for my mental and physical wellbeing. Regardless of the day, I try to make time for some physical activity and quiet time, each day, even if it is for only 10 minutes a day.
“Being in cyber is very demanding, because of the ever-changing landscape of threats and vulnerabilities. It’s an area where you always must be on. It’s not a job that you can leave when you ‘clock off’. This can be somewhat of a juggle with other priorities.”
Nor is life likely to get any easier for people in roles like Dimovski’s. increasingly sophisticated ransomware, use of AI and machine learning by attackers, increased targeting of critical infrastructure are often-cited significant developments in the threat landscape. To this list Dimovski adds supply chain security.
“As more organisations rely on third-party vendors and suppliers for critical services, the security of the supply chain becomes increasingly important. It’s likely we will see more emphasis on supply chain security in the coming years, including greater scrutiny of vendor security practices and more widespread use of supply chain risk management frameworks.”
This of course will greatly broaden the scope of cybersecurity roles: not only will they need to ensure the security of their own systems, they will need to pay attention to their own security, but to that of all players in their supply chains.
Volunteer Roles
Adding to the demands of Dimovski’s day job are those stemming from volunteering in cybersecurity organisations. She is a member of several associations and committees, holding roles that require her to participate, organise events, chair and moderate panels, share her experiences and provide a positive role model for young people interested in a cybersecurity career.
These roles span: the Australian Information Security Association (AISA) where she is a member of the NSW Committee; the NSW Government association, Cyber NSW, where she is a Cyber Ambassador; the Australian Women in Cyber Network (AWCN) where she is a mentor; and Mindful CIO where she is an Ambassador.
“I get a lot from these associations,” Dimovski says. “I have the opportunity to connect with like-minded people, to learn from their experiences, to seek support and share ideas. It’s very rewarding all around.
“Ninety-nine per cent of the time my involvement with these associations is after office hours. This is a source of personal satisfaction and a sense of passing forward my learnings so others don’t have to learn the hard way.”
Women In Tech And Cyber
Simona is a strong advocate, ambassador and Coach for Women in Cyber and Technology. She has been spreading the message to enable more women to enter and remain in the Tech and Cyber roles. “We all have a part to play in levelling the playing field in technology and cyber. When I reflect on my career and my progression the success has come from a strong inner belief and the mentorship of managers who dedicated their time and effort to develop my strengths and provide networking opportunities to improve my connections. I am now paying it forward. Here are my three actionable insights, the small things everyone can do to start the ripple effect:
• Assume responsibility for writing a brighter future. Start by being accountable for the shifts in culture we need to make. Add the gender diversity conversation to your weekly meetings.
• Start a diversity committee in your workplace. And if there is one in place, get involved Have a conversation about what you can practically do to make positive changes.
• Mentor and role model behaviour and expectations. Identify successful women in leadership and use them as role models.
To Work With Simona
Simona is passionate about helping businesses and individuals succeed. She shares her expertise with via personalised coaching or business advisory services. If you would like to know more about or to get advice in the form of a coach or mentor, you can reach Simona via LinkedIn.
“I help organisations and individuals to achieve their goals” Simona www.linkedin.com/in/simona-dimovski-100
On 14 May 2021 the Health Service Executive (HSE) of Ireland suffered a major ransomware attack which caused all its IT systems nationwide to be shut down. According to Wikipedia, it was, at the time, the most significant cybercrime attack on an Irish state agency and the largest known attack against a health service computer system.
It was also a highly significant event in the cybersecurity career of Elaine McConnell. Hardly surprising: she was at the time, and still is, the Dublinbased Manager of Security Operations, Engineering & Administration for Insurance company Canada Life (formerly Great West Life Europe).
She says the attack “made cybersecurity relevant to all the people in Ireland making it easy to articulate issues and impact as this attack impacted the complete Irish health service for a period of time.”
Elaine came to cybersecurity after over a decade in software development roles and it was discovering the vulnerabilities in her own code that led her, eventually, to a career in cybersecurity.
From Coder To Cybersecurity Professional
“When I began developing internet facing applications my code was exposed externally and it highlighted the need to protect against external attacks,” she says. “Using static analysis on my source code highlighted security vulnerabilities that made my applications susceptible to attack. This piqued my interest and I wanted to educate others within my organisation about shifting security left in application development, saving time and money.”
She volunteered her own internet-facing financial application code for a proof-of-concept exercise to introduce static application security testing (SAST) into the software development life cycle (SDLC) for the European subsidiaries of her employer at the time. On completion of that exercise the organisation advertised for its first application security architect. Elaine applied and was accepted, becoming the first female software architect in the company’s European operations.
“After fifteen years in application development I felt it was a good time to transition my career into the cyber arena,” she says. A significant influence on this journey was her first cybersecurity manager and CISO who “made security relevant and interesting to me.”
In that initial cybersecurity role Elaine embedded processes in her organisation to enable other application developers to see the benefits of building security into application development and deployment. She worked with application teams across Europe embedding SAST scanning into the SDLC for all internet-facing applications. When that had been completed she progressed to dynamic application security testing and penetration testing and on to her current role.
A Champion Of Code Security
“I promoted secure code development in my organisation and assisted the application development teams to achieve compliance with our organisational standards. I promoted secure code training and rolled out annual suggested training to all internet application developers. Once the coding processes were embedded I moved on to other security tools to protect applications: Web application firewall, etc.
“Then an executive manager position became available to manage our central security team. This was to manage all the security tools in the organisation – not just the tools related to application security. I was successful in my application, and this is the position I currently hold.”
She describes her role as being very operational, with responsibility for teams operating the tooling that protects the organisation’s endpoints, network and identities.
“As a manager of these teams I rely on metrics to ensure the tools are operating to their best ability. Metrics for me are a key indicator of how my teams and tools are operating efficiently, Elaine says. “These metrics are a mixture of KPIs and KRIs and dashboards to monitor performance and SLAs within my team. The volume of information that is propagating in my teams is not sustainable for me to be close to the detail but with relevant metrics I can focus on the areas that require most attention to delve into.”
Multiple Certifications
Elaine never studied cybersecurity at university, but since her career transition has made a point of gaining multiple relevant certifications. She cites keeping her skills current as one of her biggest challenges, along with maintaining consistent awareness of emerging threats and the measures needed to protect her organisation from these threats.
“When I embarked on my career I decided to achieve Certified Information Systems Security Professional (CISSP) from ISC². This gave me a good baseline for my security knowledge. I then achieved my Ec-Council Certified Ethical Hacker (CEH) certification to tie together the security and application security.
“I understood the importance of bringing together the security management perspective, so I undertook my ISACA Certified Information Security Manager (CISM). And risk and security are closely coupled so I also achieved my ISACA Certified Risk and Information Security Control (CRISC) and my International Cyber Threat Task Force (ICTTF) Certified Cyber Risk Officer (CCRO). Wherever my role takes me I will try to ensure that I back up my knowledge with the relevant qualifications.”
It is hardly surprising with such a list of certifications that Elaine says she trains constantly and attends conferences and seminars. “It is mandatory to undertake continuous professional education in order to maintain my current security certifications. This gives me the motivation to complete and track keeping abreast of latest trends. I also listen to webinars, podcasts, audiobooks etc on topics of interest me: not only in cybersecurity but also in leadership and in particular women leadership.”
Like all leaders in cybersecurity, Elaine faces staffing challenges, in particular finding people with expertise in cloud computing and risk.
“Organisations are moving to the cloud and leveraging cloud solutions and finding staff with the required skillset to deploy and monitor these solutions in a secure manner is proving difficult.”
The shortage of people with skills in risk management, Elaine says, is exacerbated by regulatory and privacy legislation that has become complicated, costly and difficult to maintain compliance with. “There is an increasing need for cyber regulatory compliance and compliance to evolving regulations. Finding staff with the required skills in this area is proving difficult also.”
She says the COVID-induced increase in remote working has not helped. “The ability for a lot of roles to be conducted 100 percent remotely has opened up the employee market more than ever before. The attrition rate in my teams in 2022 was higher than ever before. Staff can take up roles in locations they never have to attend. This is a benefit a lot of organisations are offering, but does not fit with the hybrid model in my organisation.”
And she says it is also a challenge to get staff to attend training and upskill where required, which in turn creates another challenge: better trained staff become more attractive to other employers.
Her message for anyone attracted by this skills shortage is that cyber skills are not a prerequisite. “I personally feel you have to have an interest in cybersecurity. Listen to podcasts, check out webinars see if the topic interests you and if you have the basics: you enjoy a challenge, you have natural problem-solving skills, you want to constantly evolve your skillset, you are good at collaboration and critical thinking, make the transition just as I did. It will open up a world of opportunity.
“Global cybercrime has increased significantly in recent years and continues to grow annually. If you are looking to secure a position on the front line protecting an organisation, then cyber is the right position for you. The skills shortage is increasing salaries and the constantly evolving landscape gives you the opportunity to continually grow your knowledge and progress your career.”
Many Challenges
There are plenty of other challenges. Elaine identifies supply chain attacks, the Internet of Things (IoT) and artificial intelligence as the biggest.
“The reliance organisations have on their supply chain means that organisations not only need to monitor their own security they also need to ensure the security of the companies they do business with” she says. “And we are becoming more and more reliant annually on IoT devices in our personal lives and they are coming part of the majority of activities in our daily lives. The connectivity of these systems directly impacts the vulnerabilities we are exposed to.”
AI, however, presents both a threat and an opportunity. “Advancements in artificial intelligence will enable it to predict new attacks and data breaches and assist in the protection of organisations,” Elaine says. “However, it also encourages innovation in cybercrime. Attackers no longer need to be skilled individuals. There are tools now available to assist less skilled individuals to perform attacks.”
With all her challenges and responsibilities it is hardly surprising Elaine struggles to maintain a good work/ life balance.
“I have to constantly monitor my work life balance,” she says. “There are times when my position expects me to go the extra mile for the needs of the organisation. However I need to monitor my balance constantly to make sure the scales are not tipping in the wrong direction.
To achieve this she undertakes daily, weekly and annual planning and measurement against set goals, and makes sure she gets ‘me time’. “I work better when I have achieved my fitness goals and allocate time for friends, family and fun things to do. This results in a happier, healthier life.”
However, “There are always times when a curve ball is thrown in and then I need to reassess and prioritise. Plans may need to be adjusted to deal with shifting priorities.” www.linkedin.com/in/elaine-mcconnell-cissp-cism-criscceh-86712a90
Kirsten Chapman was born to be an engineer. “My parents were always telling me how, as a child, I’d come up with out-of-the-box ideas for problems we had as a family, and they’d look at me and go, ‘wow, I never thought of that’,” she recalls. Her natural curiosity made her question how the machines around her worked, what made them move and, eventually, how she could become the one making them.
Today, Chapman is the lead engineer for Gallagher Security, a global company providing integrated access control, intruder alarms management and perimeter protection. She leads a team of engineers in the production of security hardware. Her journey from curious toddler to lead engineer was paved with hands-on experience, a lofty dream and some significant figures who encouraged her along the way. The first of these were in her home.
“My dad was a fitter and turner,” she says. “As a kid, I used to follow him to work and put my fingers into things that I shouldn’t and ask, what does this do? And how do I do that?”
Her family-oriented upbringing also gave Chapman the chance to observe her uncle working in his job at a plastics manufacturing company. “On the weekends, I’d be there when my uncle would be doing work, and I’d be running around watching these machines do their thing. It probably wasn’t the safest thing, but the experience inspired me.”
Early Interest In Manufacturing
That early exposure sparked Chapman’s interest in manufacturing, but it was a Gallagher site tour that cemented her decision to pursue a career in engineering.
“Growing up in Hamilton [New Zealand], I knew their big glass building. Then, when I was 13, I signed up for an electronics course. In one of our first classes my teacher told us about an upcoming Gallagher site tour and described all the facilities and how high-tech it was, and I remember thinking, wouldn’t it be cool if I could work in a place like that one day? And that’s kind of what started my journey.”
She took her first step by enrolling in the electronic engineering program at the University of Waikato, but her most significant step came in her second year there when she unexpectedly found herself at Gallagher’s glass door again.
“When it came time to start applying for work placements, one of the university’s workplace coordinators said, ‘I’ve submitted your name to Gallagher, we’ll see how it goes.’ I was shocked, because I never shared that goal with them, so when they said working there was a real possibility, I got really excited.”
After an initial six-month summer placement in Gallagher’s engineering team, Chapman was invited back during her third year of university as a student electronic engineer and worked on a variety of projects that cemented her love of the work.
“It was so fun,” she says. “That early engineering work opened my eyes to all these options and to the potential of what I could build or enable.”
Becoming An Electronic Engineer
After graduating with a Bachelor of Electrical and Electronic Engineering in 2014, Chapman signed on with Gallagher as an electronic engineer. Four years later she was promoted to senior electronic engineer and in May 2021 to lead engineer for the research and development team.
Then the global supply chain crisis hit. The perfect storm of events that included the Covid-19 pandemic, droughts, factory fires, shipping complications and increased demand produced exponential increases in the prices of key pieces of hardware, such as microchips and electronic components, making it difficult for Gallagher to continue operations.
Chapman’s first major task in her new role was to steer her team through the massive challenge of re-engineering several security products using components that could be accessed, and juggling priorities under intense time pressure.
“We went through each product and where we couldn’t source a component, we looked at what alternatives would be possible and what we could actually source,” she says. This was a manageable task for some of the minor components, but for a few products, finding the key components became impossible.
“We couldn’t get those pieces. So we shifted away from trying to source those components and changed our focus into redesigning products as quickly as we could with the resources we had to make sure we never stopped our supply.”
She says failure to supply some products would have put lives at risk around the world. “Our products were being used in hospitals, in food production facilities, in small businesses – places where essential workers needed the health and safety protections we supply. Halting production and distribution wasn’t an option.”
Surviving The Supply Chain Crisis
Under Chapman’s leadership, Gallagher was one of the few security suppliers to continue shipping hardware products during the supply chain crisis, an achievement that reverberated throughout the security ecosystem.
“One of the biggest obstacles in engineering is trying to predict the future and how we can make products that will be valued in the market for years to come,” Chapman says, “It’s a fun challenge, to be sure –being responsive to unknown, future developments and needs. I still get excited thinking about all the potential out there.”
One major challenge Chapman predicts will become increasingly critical in coming years is sustainability. “There’s a big conversation around what sustainability actually means. There are all sorts of perceptions out there, and they can be misleading. Yes, we can make sustainable plastics and be responsible in how we manufacture and dispose of materials, but that’s only one aspect of a product’s lifetime. The industry needs to invest in making products holistically more sustainable.”
She says that means designing products with energy consumption in mind, reincorporating old components, using more recycled materials, and clearly communicating those benefits to a sceptical market.
“If we could re-educate people on what it means to be sustainable over a product’s lifetime, maybe we could build things in a smarter way in the future.”
To contribute to that future, Chapman regularly visits high schools to talk with students about the rewards of a career in engineering and, with luck, spark the next generation’s passion for electronics.
“I find great joy in showing students what’s possible. I particularly like to show others that, even though this is a heavily male-dominated field, women can succeed and excel within the industry. There are no limits on what we can achieve.” www.linkedin.com/in/kirsten-chapman-79962496
