40 minute read
WHAT’S HER JOURNEY?
Marina Azar Toailoa
Client Executive at EGroup Protective Services Group Pty Ltd
Many women who have shared their career journeys on these pages have transitioned into cybersecurity from different — often very different — careers. Marina Azar Toailoa’s journey has been somewhat different. She had been working in a variety of protective security roles while, over seven years, studying for a bachelor’s degree in cybersecurity from Macquarie University, which she gained in 2022.
“I asked myself which field was growing and which I could see myself working in for a long time, and that was the cybersecurity field,” she says.
However, over those seven years she had gained considerable experience in other areas of security and decided protective security rather than cybersecurity was where she wanted to be.
“Starting my career in protective security showed me this was exactly what I want to pursue and continue growing in,” she says. “I had some exposure to cybersecurity workplaces which I felt my heart was not into and it was different from what I imagined myself doing.
“I was very fortunate to have had the opportunity to work with the NSW Police Force mental health intervention team. I then moved on to work in the Department of immigration and Corrective Services which revealed to me how passionate I felt about providing a service of the highest level to provide safety and security.
“Working in these areas made me realise I did not want to pursue cybersecurity and my heart was leaning towards a career in protective security. Working in the correctional centre environment made me realise how passionate I am about overall security and safety.”
At The Sharp End Of Security
After four years with the NSW Police Force and a brief stint in industry, Marina Toailoa took a role at the sharp end of physical security: in a maximum security correctional centre, until impending motherhood brought about an epiphany.
“When I was pregnant, I had a lot of time to reflect and think about what type of mum I wanted to be and what example I wanted to set for my son when he’s older,” she says.
“I decided it was time for me to move on and into a field that suited my work/life balance while still pursuing a career in protective security. I needed to work somewhere that supported my family commitments and also supported me to grow into a leadership role.”
A Role In Security Management
She applied for, and gained a security management role in a retail environment, which she says was “the best decision and move I made for myself and my family to pursue a path in protective security.”
It was also an unexpectedly early fulfilment of Marina Toailoa’s career goals: she did not expect to become a security manager leading a team while still in her 20s.
“I was conditioned to hearing people say to me ‘you need this many years’ experience before you can become a security manager’,” she says. “I never thought I would reach my long term career goal at this age. So, I am incredibly grateful. I was given advice by my amazing friend and mentor, Mina Zaki [Associate Director Cyber Security Alliances with KPMG Australia] that age should never be a barrier to my goals. Hearing this made me realise I was the only one slowing myself down, and to grab the opportunities as they came.”
An Inspiring Brother
Also looming large in Marina Toailoa’s career trajectory is her brother, Angelo Azar, Chief Operating Officer at Honey Insurance, who she describes as the biggest influence on her career. “The way he demonstrates leadership with a high level of integrity and respect, and his ability to maintain composure when dealing with challenges are qualities I always look up to and I try to model. When asked what type of leader I want to be, it is one like my brother.”
As a leader Marina Toailoa says the most rewarding aspect of her role is empowering others “to grow their career in the security industry by educating them and enabling them to realise their capabilities while also ensuring the client receives the best level of service we can offer.”
She adds: “I would love to one day provide security consulting services and/or training services to help grow the security industry with high calibre individuals.”
To this end she is planning to gain a Certificate IV in training and assessment. (She is at present completing a master’s in emergency management course), and she says there is much she wants to do to grow in the industry.
More Talent Needed
“I feel as though the entire security industry is experiencing a shortage. It does become challenging trying to attract and maintain top talent when the ultimate goal is to provide high quality security services consistently across sectors. Following the pandemic, bringing people back into the field of protective security was a slow process.”
And to encourage anyone contemplating a career in the industry, she says: “The great thing about the protective security industry is that the skills require a common sense approach that is inherent to many individuals. If someone has the mindset to learn and be alert, they are more than capable to transition into the job.
“The security industry is constantly growing with so many exciting opportunities and there is an abundance of knowledge to gain. Every day I am excited to go to work. The challenges that arise are worth dealing with when you are passionate about what you are doing and when you are surrounded by an incredible team.
“Some people I have managed to enter the industry came with an element of self doubt, which hindered their progression. So I needed to remind them the job can be mastered once they put their mind to it and are willing to learn new skills.” www.linkedin.com/in/marina-azar-toailoa-66259511a
Jasmine Yip
At age 16, Hong Kong native Jasmin Yip left home and her parents for New Zealand to complete her high school education at Wellington Girl’s College where she enrolled in Year 11, on the recommendations of a cousin living in Wellington.
That was the first step on a journey that will soon take her to the University of Southern California in Los Angeles to study computer science at the USC Viterbi School of Engineering, thanks to her gaining a Presidential scholarship worth $US33,320 per year — an award given to only 200 students each year — and a place in the McCarthy Honors Residential College where she will live with a vibrant, closely knit community of scholars.
“I owe a huge thank you to my parents, who, despite not being able to be with me physically during the application process, supported me unconditionally at every step,” Yip says. “I would also like to thank Maria Walker, the international director at Wellington Girls' College, who went above and beyond to help me navigate the arduous US college application process, and my teachers at my alma mater who have supported me through my studies and extracurricular activities.”
Yip will be a ‘Trojan’ at USC. She says this means she will strive for academic excellence, personal growth and social responsibility. “As a Trojan, I take pride in being associated with the university's values and long-standing traditions. In particular, as a Trojan in the USC Viterbi School of Engineering, I am part of a community dedicated to building innovative solutions aimed at tackling tomorrow's greatest challenges head on.”
Yip was admitted into the computer science course but says she plans to take advantage of the offerings in the Information Technology Program (ITP) and pursue a minor in either cybersecurity or artificial intelligence applications.
Drawn To Studying Ai
“Given the dual nature of AI and its rapid proliferation, I am eager to make tangible contributions to the development of AI technologies that improve human life, be it healthcare or education, while also addressing ethical considerations such as bias, discrimination and privacy concerns.
“Viterbi offers a wealth of resources and programs to help me achieve this goal. For instance, I hope to participate in the USC Center for AI in Society Student
Branch (CAIS++), a group that is actively promoting the use of AI to address social problems such as education inequality, health disparities and climate change through research projects.”
When she completes her undergraduate education, Yip is contemplating joining the workforce or pursuing further study. “I have been exploring USC's Progressive Degree Program (PDP), an accelerated path that would allow me to earn both a bachelor's and master's degree in five years instead of six years,” she says.
A career in IT was not top of mind for Yip in her last year of schooling in Hong Kong. While it was compulsory in the equivalent of Year 10, in the following year Yip was pursuing other interests.
“My interest in ICT waned when it came to electives selection in Form 4 because I was primarily focused on pursuing a career in nutrition, which emphasised the natural sciences such as chemistry and biology,” she says.
Lucky Lockdown
It was the constraints of lockdown in New Zealand that led her to rediscover her interest in IT. “I stumbled upon a Web development course on Udemy and decided to give it a try,” she recalls. “Engrossed in the course, I lost all track of time and completed the entire course in two days. I built my very first website — a Wiki page for the Minions.
“What really piqued my interest in coding was the swift transition from conceptualising an idea to its execution. As an inquiry-based learner, I loved how I was able to play around with different concepts through tweaking a few lines of code and witnessing immediate results. Moreover, as a creative mind, I love the freedom and flexibility in web design, as it allows me to experiment with different design elements, and find innovative ways to enhance user experiences.”
Had Yip stayed in Hong Kong she would have been in the equivalent of Year 12, but was advised to drop a year when she came to New Zealand. “While I was initially apprehensive about being a year behind, it turned out to be the perfect path for me,” she says.
“This additional year enabled me to bridge any knowledge gaps and acclimatise myself to the new language, culture and curriculum with less stress.”
She faced many challenges in her new country with a different education system and a different culture. Greatest of them was her home-away-from-home environment.
CHALLENGES & GROWTH IN HOMESTAY
Like many teenagers in Hong Kong, I was raised in a sheltered and pampering household. As a result, moving to a homestay and adjusting to the house etiquette and guidelines was challenging, occasionally leading to conflicts with my host parents. While better communication on my part might have eased the tension, I couldn’t help but wish for a more forgiving and accommodating homestay during the daunting transition period of leaving my home for the very first time.
“I remember moments of sitting on the staircase outside the house, tearfully calling my mother and begging her to apply for the guardian visa and stay with me. In hindsight, I am glad she did not. It was during tough times like these that I learned to stand up for myself and cope with adversity.”
Fortunately, Yip managed to find a supportive group of international friends at school, giving her some respite from her homestay challenges. Then, after three months, she secured a transfer to a homestay with a Malaysian family, just before the onset of lockdown. “Being welcomed into a family that shared my Cantonese cultural and linguistic background brought a sense of acceptance and resonance I had longed for,” she says.
Another homestay host family had a big impact. “They went above and beyond to make me feel included, whether it was taking me on hikes, Zumba dancing classes, or my host sisters’ hockey training,” Yip says. “In many ways, they acted as my surrogate family when my real family couldn’t be by my side.
“My six month stay under their roof was one of the few growth spurts I had during my time in New Zealand. I evolved from a spoiled Hong Kong kid to a slightly more grounded and sensible young adult. As a family of athletes, their lifestyle transitioned me from a rather unfit workaholic to an active, natureloving person. Not to mention my host sisters who introduced me to a multitude of extracurricular opportunities, like the Duke of Edinburgh Program. My host mum even once woke up early in the morning to drive me to the campsite in Upper Hutt for my holiday tramps.”
Multiple Challenges
On top of an unfitting initial homestay, Yip was grappling with the challenges of adapting to a new school environment and language while feeling uneasy due to the looming pandemic and her fear of potential discrimination.
“It took me a while to get my head around the NCEA system [New Zealand's National Certificates of Educational Achievement] and grasping intricacies of terms such as ‘internals’, ‘externals’, and ‘endorsement’,” she says. “However, thanks to the attentive guidance of our teachers, it didn’t take long for me to fully assimilate into the new school environment and education system.”
In many ways, Yip found the New Zealand education system to suit her better than that in Hong Kong. “The more laid-back school culture at WGC was beneficial to my self-esteem. In contrast, my previous school used rankings and a ‘tracking system’ that placed unneccessary pressure on students to surpass their peers and gain entry into the ‘elite classes’. Although this atmosphere fuelled academic excellence, it also fostered an unhealthy perspective regarding the purpose of education. Conversely, at WGC, the learning environment is notably more collaborative, and I was encouraged to progress myself rather than competing with others.”
Extracurricular Activities
In addition to adaption to an alien culture, overcoming accommodation challenges, adapting to a new school system and gaining a prestigious scholarship, Yip become involved in numerous facets of New Zealand life, and garnered some media attention. She has been reported as a volunteer at the Mary Potter Hospice, at Conservation Volunteers New Zealand and the Student Volunteer Army (SVA) where she won an award for clocking up more than 250 volunteer hours working to meet the UN Sustainable Development Goals.
She was also reported to have reinvigorated the International Club at her school, to have been a key player in the establishment of the Wellington
International Students’ Association, and represented her school in the National Ambassador program.
The Wellington International Students’ Association was founded only in 2020 and having left school, Yip is no longer actively involved, but still keeps close contact with the current executive team, which she describes as “a mix of domestic and international students who are eager to play a role in crafting an unforgettable studying aboard experience for international students.”
However, she has left the organisation with a set of potential intiatives.
“We hope to cultivate a stronger sense of community among international students via more consistent gatherings, be it study workshops, monthly potluck dinners, or festive holiday celebrations” Yip says. “In addition, we hope to establish an alumni network that fosters connections, provides mentorship opportunities and encourages alumni to contribute back to the association through guest speaker events, career panels, or mentorship programmes, whether they are at university or in the workforce.
“Once we have developed a sustainable and well structured framework, we hope to establish chapters in outlying suburbs and cities. It will open up exciting possibilities for international students, offering them access to exchange programmes and outdoor excursions. By venturing beyond Wellington, international students will have the opportunity to explore different parts of the country while forging new connections.”
A Bit Of A Workaholic
With all these activities, it is hardly surprising that Yip confesses to being “a bit of a workaholic” who find fulfilment in being productive. “As a morning person, I like to get work done in a café before school. I tend to undergo bursts of productivity where I power through a lot of work in a short span of time without distractions. As a result, I am able to allocate time for my whānau [community] and myself in the evenings and on weekends.”
However her ‘me time’ seems to be just as frenetic. “I do what brings me joy and relaxation. These things include working out at the gym, painting, thrifting, bouldering, cooking, binge-watching Netflix, meditating at night, and going on tramps and hikes during term breaks mother nature is the best stress reliever for me!”
She says one of her volunteer roles — in an op shop — helped with her personal development and to adjust to the New Zealand culture.
“The people I volunteered with played a huge role in boosting my confidence and self-esteem. I had the pleasure of meeting some of the loveliest co volunteers, many of whom I still keep in touch with to this day. They created a supportive environment where I felt comfortable making mistakes, learning from them, and growing my skills and confidence. One of the great benefits of volunteering is that they welcome individuals from all walks of life, regardless of their experience level. This inclusivity provided an excellent starting point for someone like me who had limited prior work experience.”
“Over the course of two years, I not only gained valuable retail skills, but also developed my social skills, found a sense of purpose, and familiarised myself with the Kiwi work culture. These are all essential qualities that have driven me to become more engaged and proactive in other commitments.” www.linkedin.com/in/jasmine-yyy
Kate Nilon Director at Eastern Star International
Kate Nilon has a security job most people probably do not even know exists, and if made aware of it, probably have a completely wrong first impression. She provides security and risk management services for sports teams at international events.
A challenging role, you might think, but she says her biggest challenge is not security per se, but “attempting to change people’s perception and understanding of what the role actually is and what specific skill sets are required to be successful in this position.”
She explains: “The main misconception is that this position is essentially a bodyguard role and therefore the best person for the job would be the biggest and strongest person in the room.
“Due to this frequent misconception, women operators are frequently overlooked, and their skills underestimated, because people believe we would not be as physically capable as a male operator and therefore we are disregarded as an option.
“In reality, physical intervention is a very infrequent occurrence, whereas utilising effective communication in order to deescalate situations and successfully identifying potential risks whilst carrying out thorough risk assessments are some of the more essential skills required on a daily basis.”
Communication Key To The Role
In reality her role is extremely varied and good people skills are essential. “Communication is a vital tool in my role: conducting briefings on potential risks or threats is extremely important,” Nilon says. “I communicate daily with local law enforcement and other Government agencies to discuss any perceived threats or issues that may increase the clients risk profile.
“When I am not working away, a normal day will include communicating with sporting bodies and other clients about upcoming assignments and discussing their specific needs so I can allocate the appropriate resources and operators to the tasks. Another priority is maintaining regular contact with our operators based domestically and internationally, to ensure communication lines are always open. This allows me to remain informed of any changing risk profiles in the locations that may impact our clients events and respond accordingly.
“When working away, my day can consist of a wide range of things including conducting venue inspections, site familiarisation exercises and completing visual risk assessments prior to the team’s or individuals arrival. I will frequently review the security overlay at stadiums and hotels, consult with stakeholders and implement changes if necessary.
“The role also demands remaining up to date with countries’ risk profiles and government advice about where our clients are travelling to. This allows me to provide security and risk assessment reports to our clients, to ensure they are fully versed and up to date with any perceived risk or concerns I have identified.”
A Specialist Security Company
Nilon is Director of Security & Risk Management for Women’s International Sport at Eastern Star International (ESI), a company that provides security services around the world for high-profile individuals, corporate groups and professional sporting teams. She has been with the company, on and off, since 2008. Back then women in similar roles were almost non existent, which created further challenges: sexism, ageism and outdated views on females in security roles.
“Early on there were definitely times where I felt I was pursuing a career in an industry that didn’t have a place for me or other women for that matter,” she says. “I even took time out of the role to pursue other avenues, including completing my Bachelor of Criminology and Criminal Justice and working for the Department of Corrections in Australia and New Zealand for a period of time.”
Despite these career detours, Nilon says she always felt security and risk management in sport was where she wanted to be, and says staying with it has strengthened her resilience and proven to be the right decision.
“I realised if I was going to be successful in the industry I was going to have to push to create my own opportunities. Fortunately, with the passage of time, my perception has changed. I consider myself extremely fortunate to have been in this role since its conception. It has given me the opportunity to see first-hand the positive changes being made to support growth in both security and professional sporting industries to become more inclusive and for women.”
FOLLOWING IN HER FAMILY’S FOOTSTEPS
It was family models that first drew Nilon to the role: male members working in sport security and risk management with professional sporting teams. “I always found their roles really interesting,” she says. “They were travelling the world to different countries, each one presenting its own unique safety risks and security challenges to be assessed, addressed or solved. I was drawn to the variety and problem-solving nature of the role from the start, and quickly wanted to find out how I could get involved.”
She adds: “The place for women within my type of role continues to evolve, the perception continues to change along with early stages of acceptance that women are well and truly capable of undertaking these roles.”
And changing that perception is a priority for Nilon. She wants to educate clients, potential clients and others in the industry, about the different perspective and skill set a female operator can contribute, and the positive impact they will have. She also wants to get more women into the role.
“I knew there were so many other women out there like myself who had transferable skills and knowledge from other career backgrounds but might not know this part of the industry exists or how to get into it,” she says. “I continue to strive to make the role more widely known and accepted, and I am passionate about trying to create opportunities to commence a career in sport security and risk management more accessible for women.”
According to Nilon, awareness rather than the skills shortage represents the biggest barrier to getting women into the role. “I find many people that come from other security related backgrounds where they have built their skills and ability to conduct risk assessments, engage in de escalation techniques, use direct communication or security training/ experience etc, usually have the solid foundations required to build on for roles similar to mine.”
A Challenge To Balance Work And Life
However, with overseas assignments that can last up to three months, she acknowledges the role can present some particular challenges for women with young children, or even when they have significant family events. “This continues to be an area I am focused on improving and finding better ways to facilitate work/life balance for female operators.”
Potential sports security women are also likely to face other challenges. “It won’t always be an easy path in the industry, there are some fantastic people involved but not everyone will want you there,” Nilon warns.
“A lot of people can’t imagine you sitting at the table and won’t offer you a spot. Despite that, never underestimate yourself and what you have to offer. Have the confidence to back yourself, to build your own chair, and create your own place at the table instead.”
For Nilon, having a good employer made all the difference. She cites ESI’s owner, Reg Dickason, as her biggest influence and supporter.
“His shared appreciation of how important it is to create opportunities and promote industry growth, and his continued support of my goal to move away from what this role traditionally looked like have been extremely helpful.
“He has embraced my passion for creating roles for more females in the industry, as evident when we were the first company ever to provide female operators for the 2020 ICC Women's T20 World Cup in Australia. It is this type of ongoing support from within the industry that will allow myself and others to continue to evolve the role, and therefore the industry, in a positive way.” www.linkedin.com/in/kate-nilon
Felicity C
Cyber response expert at Ever Nimble
When Felicity C decided to get into cybersecurity, she did not do things by halves. In 2021 she commenced a course for a bachelor’s degree in IT and cybersecurity at RMIT University and got a job with Perth based managed services provider Ever Nimble where she is now a cyber response expert.
Then she applied for, and was accepted into, the 2022 cohort for the Australian Defence Force’s Cyber Gap program, a 12-month online program designed to enhance participants’ skills and employability in cybersecurity. It was started in 2020 as part of a cyber resilience and workforce package to bolster the nation’s sovereign cyber workforce capability. To qualify participants must be enrolled in a cyber qualification at university or TAFE.
Felicity did well to be accepted: only some 250 places were available and there were 1300 applicants. “I’m not too sure why exactly I was selected,” she says. “Through the selection process I was just very honest about my knowledge, experience, goals and career aspirations in cyber. I believe honesty and passion can take you far in life. I was also quite confident in my knowledge on the current state of cyber in Australia and defence, but at the same time very inquisitive for its future state.”
Balancing Multiple Roles
So, Felicity was balancing the 12-month online Cyber Gap program, a Part time job and full time university study, but has no regrets. “The Cyber Gap program was definitely rewarding, and I am very glad I did it,” she says. “To manage, I just had to make sure I was on top of all my uni work and stay organised with times I would study. From doing this, I definitely developed strong skills in organisation.
“Apart from the cut off time, there was no due date for the study content, and it was all self-paced. This meant I could do most of it during uni breaks or when assignments died down. Throughout this program I also had a mentor who helped me with creating a study plan and balancing my commitments. I’m very grateful for him as this was a big help.”
Felicity says the biggest benefit she gained from Cyber Gap was an understanding of where she wants to take her career. “Cybersecurity is a field with endless possibilities. It can often be difficult to have a set path you want to take since the field is relatively new and intertwined with many sectors. At the end, I set several career goals for after university. I also now know what to focus on in my studies, where my strengths are and where I need to upskill.
“I recommend this course to anyone with even the slightest interest in cyber. The program was not specific to any specialisations. People involved ranged from those with several years’ experience in cyber to people making their first steps in learning about it.
“Aside from the training content, I enjoyed meeting people and interacting with my mentor group. All participants in this course were lovely, intelligent people. It was great to hear their backgrounds and aspirations, especially since everyone’s backgrounds and aspirations were so different.”
An Amazing Opportunity
In 2022 The Cyber Gap program was run in partnership with Australian cybersecurity company Cybermerc which provided the program’s online cyber skills modules and online cyber skills challenges.
The program included a week long conference in Canberra at which Cybermerc also presented, along with others from the ADF, Government and the private sector. “It was an amazing opportunity to meet my mentor group in person, as well as likeminded people who have strong interests in cyber,” Felicity says.
“From it I made connections, gained insight on the direction of cybersecurity: what is needed in the field, problems that need greater attention. Overall had a really fun time.” www.linkedin.com/in/felicity-c
Jaya De Silva
Head of Strategic Bids at Sekuro
Jaya De Silva is bid manager for Sekuro, a Sydney based cyber security and digital resiliency solutions provider. It offers services in governance, risk and compliance, technology and platforms, offensive security and managed security.
She joined the company after almost two decades in contract and bid management roles with various companies. Sekuro is her first in the cybersecurity industry. She says she was drawn to cybersecurity after seeing the impact of large scale attacks such as WannaCry and Stuxnet. “I could see this was the next phase of global threats and the new age of war. This was a threat that would affect every single person in society.”
In addition she credits her previous managers as being major influences on her career trajectory, for “in some way, shape or form, having given me advice, a learning experience or a challenge that has made me realise my strengths in what I do and how I do it.”
From Law And Marketing To Business
With a double degree in law and marketing De Silva initially planned to become a lawyer but, after working in the profession for three years at various levels, she “realised it wasn’t dynamic enough for me.” So she embarked on a career in business, which was “not something I would have envisaged when I started out.” However, it led to her current role. Lacking any technical knowledge of cybersecurity, she had some doubts about the decision, but overcame them.
“What has helped is understanding the critical role I play in the company and in serving our customers,” she says. “My role is essentially to be the nontechnical person in the room to bring it back to why we do what we do for our customers and community.”
Sekuro was created in October 2021 by the merger of four Australian companies: Solista, CXO Security, Privasec and Naviro. De Silva joined in March 2022 and says bringing the contract bidding function of the four companies together has been both insightful and challenging. “I knew I wanted to work for a company that was ever-changing and always innovating. This is what keeps it fun and keeps you learning.”
A Three Part Role
She describes her role as being a mix of marketing, governance and process. “You need to know a lot at a high level about every facet of your business and your customer’s business and vertical. It helps you to understand what your customers need and why, where they are moving to next and how you're going to help them get there. It also helps you to know who to bring in and when.”
She finds the most rewarding part of her role to be watching the bid process unfold. “I’m part of the action of shaping our capabilities and solutions and mapping these back to how that will help deliver outcomes for our customers. Then, fast forward a few phases and I get to hear the positive customer feedback on how we have successfully delivered on this.” www.linkedin.com/in/jaya-de-silva-08987b20
De Silva’s next career move is to gain some formal leadership qualifications. She is starting the Emerging Leader Program at the Australian Graduate School of Management and hopes to gain a Graduate Certificate in Leadership. Then she plans to study environmental and social issues in the context of corporate governance, saying it is now mandatory for companies to focus on these issues.
With an affordable annual fee, AWSN members will have access to discounts on programs and industry events, the membership Slack space, post or share job opportunities, and receive our monthly and any special edition newsletters
Blessing Usoro
Founder of Cyber For School Girls
Sometimes small and seemingly insignificant events can change a career. Thus, it was with Blessing Usoro, studying for a bachelor’s degree in telecommunications engineering at the Kharkiv National University of Radioelectronics in Ukraine.
“An old friend mentioned that he had just enrolled in security training and asked if I was interested,” she recalls. “I was always intrigued by the movies and how hackers could extract information in seconds. But, most importantly, I wanted to understand data transfer and its protection.
“It was during the summer, so I said, ‘why not?’ I had some money, so I paid for the summer training. It was on ethical hacking; information gathering, reconnaissance and social engineering. I had a very interesting summer, learning about security, how to gather information from a person or organisation and how to exploit them using the information acquired. This led me to building skills in ethical penetration testing and email harvesting.”
By the time Blessing had finished her bachelor’s degree (she graduated with first class honours) she knew she wanted a career in cybersecurity, so she enrolled for a Master of Engineering in Information and Network Security at the University of Limerick, in Ireland.
Today, Blessing is based in Dublin where she is Senior Information Security Manager at a private investment firm with offices across Europe and the US.
Having Second Thoughts
However, her career journey encountered a few bumps on the road. Blessing says she had no second thoughts about pursuing a cybersecurity career until her third year in the industry. “I had a difficult manager who made comments about how I may be better in a pre-sales role than an engineering role,” she says.
This was not the first time aspersions had been cast on Blessing’s engineering abilities, first class honours degree and security qualifications notwithstanding.
“During my master’s in 2016, my class was scheduled to meet with a potential employer from the US,” Blessing says. “The employer’s rep had a 15-minute schedule per student, and with each student that came out of the room, their faces looked sad and downcast. I went in had my own interview.
“I was asked when I first used a computer. When I answered, the interviewer said, ‘my mates started much younger’. He also said maybe engineering wasn’t for me, and he could be wrong, but would advise me to look for something else ‘It doesn’t have to be security’.
“This was a funny statement because at that time, I was a certified ethical and professional hacker. So, I smiled and left the room. I didn’t have second thoughts, but I was worried about the environment I was getting into, one where women are made to feel less, or not good enough, to deserve a seat at the table.”
She adds: “I think the industry isn’t kind to people who are transitioning into cyber from other roles. I have observed and experienced how difficult it is for those people. While there are various programs to support them, as well as initiatives for women, I have seen companies delay or renege on their promise to give people a chance.
“We have seen surveys and reports that say there will be millions of jobs left unfilled in the next five years. And we have a lot of people working tirelessly to gain the skills required to get into the industry, but the lack of a bachelor’s degree or master’s in cybersecurity or an IT related course poses as a hindrance to them.”
Cyber For Schoolgirls
To try and address this problem, Blessing founded Cyber for Schoolgirls an organisation in Ireland which aims to tell secondary school girls about cybersecurity as a career path.
“We are trying to do our best to close the gender gap in the industry,” she says. “I still have hopes that the industry will be more accepting of people from non technical backgrounds or non-IT/cyber backgrounds. There’s room for more diverse backgrounds.”
Blessing herself has held five different cybersecurity roles: security analyst, security engineer, security consultant, information security manager, head of security, and her current role as senior information security manager. The latter, she says is “preparing me for a chief information security officer (CISO) position in the future.”
Blessing describes her first role as “strategic positioning for my career.” While studying for her master’s degree in information and network security she wrote a thesis on one of the critical responsibilities of a security analyst: monitoring of attacks and configuring intrusion detection systems.
“When I was job hunting for security analyst roles, I would submit my thesis to show the employer I understood the role I was applying for,” she says. “This helped get me in the door.”
To further prepare herself for a future CISO role, Blessing is now studying for an executive master’s degree in cybersecurity management at the Solvay Brussels School of Economics and Management.
She says this is an important qualification for her, “because, unlike my first master’s degree which was in information and network security, this teaches me how to play the role of a senior executive within a company: how to liaise with CEOs, CFOs, CROs and board level members, and support business initiatives.”
She adds: “I believe it is important for security leaders, or the head of the department, to understand the business needs and how to grow the company. Security is not a profit centre for the company, but a mature security department within the company saves the company a lot of money. If implemented right, breaches can be prevented and, when they happen, the business can continue to operate.”
Continuous Learning
Blessing also undertakes continuous learning to stay up to date on emerging threats, technologies and best practices in information security. She has obtained relevant certifications including Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA) and says she also speaks at industry conferences and events to gain insights into the latest trends and practices.
“I regularly follow reputable security blogs, podcasts and websites such as Smashing Security, SANS Institute, KrebsOnSecurity, Dark Reading and Threatpost, among others. These sources provide timely updates, analysis and research on emerging threats, vulnerabilities and best practices.
“I actively participate in professional networks and organisations such as ISACA, CISO network, the European Cyber Security Organisation (ECSO), Ireland CISO network and the VigiTrust [a provider of SaaS governance risk compliance solutions] advisory board. I believe in the power of collaboration and information sharing. Engaging in knowledge sharing forums, online communities and social media groups allows me to learn from peers, discuss current issues and gain insights from diverse perspectives.”
In line with her own broad, and growing, education background Blessing has a long list of subjects she advices aspiring cybersecurity professionals to study: a bachelor’s degree in cybersecurity or a related subject; computing skills; information systems, security systems, cyber defence, ethics, law, policy, data communications, networking, digital forensics, penetration testing and ethical hacking.
“You do not need to be an expert in any of these topics, you just need enough information to get you through the door,” she says. “Cybersecurity professionals also need to have a range of soft skills to be successful. These include communication, problem solving, networking and being a lifelong learner. Everyone in cybersecurity is learning on the job, even people with 20 years of experience. And, in addition to formal education, you should also have a detail oriented, analytical, collaborative and improvisational mindset.”
Security professionals will have a great need to learn on the job and will need a wide range of attributes if they are deal with the growing threats Blessing sees emerging in the next couple of years.
Significant Challenges Ahead
“Cybercriminals are continually improving their techniques and tools, making cyber attacks more sophisticated,” she says. “Advanced persistent threats (APTs) are becoming more prevalent, with attackers using stealthy tactics to infiltrate networks, remain undetected for extended periods and steal valuable data.
“This trend is likely to continue, posing a significant challenge for organisations. Ransomware attacks have been on the rise in recent years. Attackers are increasingly targeting high value targets such as critical infrastructure, healthcare systems and government agencies.
“With the proliferation of emerging technologies like the Internet of Things (IoT), artificial intelligence (AI) and cloud computing, new attack vectors will emerge. IoT devices, for example, often lack adequate security measures, making them attractive targets for attackers seeking to exploit vulnerabilities. As these technologies become more prevalent in various sectors such as healthcare, transportation and smart cities, securing them against cyber threats will be critical.
“AI driven deepfake technology enables the manipulation of audio and video content to create highly realistic forgeries. Cybercriminals can use this technology to impersonate trusted individuals, such as executives or colleagues, and deceive targets into disclosing sensitive information or performing actions that can be exploited. Deepfakes can amplify the effectiveness of social engineering attacks, making it harder to detect fraudulent communications.” www.linkedin.com/in/blessingausoro
Mini Sharma
Global CISO at Secure Meters Limited
Mini Sharma is Global CISO of Indian multination Secure Meters, a company supplying metering products and services for all kinds of energy at all stages of the value chain: from production to consumer consumption. It has more than 6500 employees and facilities in nine countries.
“We are a metering company with expertise spread over the entire energy stream, from the generation of electricity, gas and heat to their final consumption, adding value at every point,” says Mini. “We provide solutions and services that help in energy saving opportunities at various points in the energy stream and address them by combining technology, innovation and a customer centric approach.
“Our focus is to help users of energy in homes and workplaces reduce energy waste revenue management, power quality and energy efficiency and enable users to save money, reduce energy consumption and facilitate comfortable living.”
Mini describes her journey into cybersecurity as being “quite unconventional.” She has been with the company for almost 20 years but prior to taking on her current role had no security experience – she came from a software engineering background and had ambitions to be a dancer, a career for which she trained for 18 years.
Doubts About Cybersecurity Role
She says she had doubts initially about her ability to fulfil the requirements of her cybersecurity role. “I was vaguely aware about the importance of application security and compliance, but the concept of cybersecurity was new to me. The more I got into it, the more fascinated I became about cybersecurity, and my curiosity developed into interest, and interest became a passion.
“What sparked my interest was reading stories about how cybersecurity professionals were working towards helping organisations combat cyber crimes. Today I feel honoured that the organisation chose and trusted me to take up such an important role, where there is a lot to contribute; from fostering a security culture to driving initiatives to integrate security with people, process, technology and business operations.”
After taking on her role Mini says she went on a three month self learning spree to read through the digital resources available across various platforms. “This included basic to advanced level self-certification courses, videos, presentations audio books. This helped me gain a conceptual understanding of the subject along with practical applications in the industry and put in place a 100-day action plan.
A Fan Of Brian Krebs
“I read a few books recommended by some expert CISOs that further enriched my understanding of the subject and broadened my perspectives on cybersecurity. Spam Nation by Brian Krebs is one of my most recommended books. It dives deep into the history and evolution of cyber crimes and unmasks the criminal masterminds of hackers and spammers.”
Mini says taking on a senior cybersecurity role in an organisation where she already worked was a mixed blessing. “It offered a lot of benefits in terms of operating in a familiar turf, and reduced the challenges. But I also realised that, having worked for more than a decade and a half in the same organisation, it was important to come across as a seasoned cybersecurity professional rather than a beginner.”
Mini was inevitably somewhat apprehensive about stepping out of her comfort zone and taking on a role that directly impacted the business and one in which she would be constantly in a line of fire.
“I had a fear of the unknown considering that this is such a new subject and much of what I had done and learnt was about to change. But as Mandy Hale [New York Times bestselling author and speaker and the creator of the social media movement The Single Woman] said, ‘change can be scary, but you know what’s scarier? Allowing fear to stop you from growing, evolving and progressing’.
“I decided to join a few CISO communities to gain knowledge from experts and understand how they operate. This was extremely helpful as it offered me a platform to collaborate, share and understand how various industries are fighting the cybersecurity threats and how to anticipate challenges.”
The Challenge Of Priority Juggling
Today Mini says her greatest challenge is juggling priorities, striking a right balance between security, cost and business, by understanding where the greatest risks lie.
“Implementing security has a cost and requires time. When you recognise a warning sign, the business sometimes has a conflicting view on the necessity of implementing the controls, considering the cost, effort and cultural change that has to be made to address systemic issues.
“These issues could be harbingers of potential security issues, pointing towards a problem that is simmering until it causes a breach or cyber security incident and puts the organisation into a crisis mode.
“It is challenging to make business leaders see the value of investing time and resources when they already have multiple competing initiatives required for solving underlying business issues.”
However, as she grew into the role and gained a deep understanding of the relationship of security to the business, there was no looking back. “Today, seeing the value that cybersecurity delivers to business there is no doubt that this was one of the best things to happen for my career.
“The fact that I am accountable for building a cyber culture is what I find the most rewarding part of the role. Building a culture-driven approach to security with the right balance between policies, values and trust is key. Being accountable to ensure that there are no weak points in the system — through education, technology and process — to build a cyber savvy, cyber smart and cyber secure ecosystem is what brings immense satisfaction to me.”
Security Is Paramount
She says security is of paramount importance, not only for the company’s operations, but for the products and services it provides.
“It is not only a national security concern but also to protect valuable personal data and a host of value added services that protect revenue and are important for day to day utility operations to provide electricity and power to the consumers.
“The evolution of disruptive cyber crimes and digitalisation along with the changing geo political situation have made the energy industry one of the most critical components of national infrastructure, needing the highest possible grade of security.”
Mini says she starts each workday with “energetic discussions on security risk assessments, governance meetings, incident analysis, policy and process formulation discussions with teams. There are often changes in priorities and interruptions triggered through compliance and regulatory requirements.”
And she expects the threat landscape to evolve significantly in the near future, with the attack surfaces and attack vectors becoming increasingly complex.
From Fortification To Resilience
“We have to accept that security will always be breached at some point or other, and there is no single security solution that offers 100 percent protection. Hence it is important to transition from a culture of building fortresses to building resilience. The next two years are expected to see a change in threat landscape with supply chain threats. These are the easiest entry point for threat actors.”
Mini says organisations face growing supply chain threats as a result of their inability to control how those operate.
“Open source components, third party components with possible malicious content are emerging as some of the most threatening scenarios. And the cascading nature of supply chain attacks makes it difficult to assess the full extent of the damage or implication caused. A recent example is the 3CX attack which was traced to an employer’s PC. The ripple effects are sometimes unknown.”
Cybersecurity firm Mandiant, which investigated that attack on VoIP company 3CX, said the supply‑chain attack had originated with another, prior supply-chain attack.
With the constantly evolving threat landscape and the continuously changing cybersecurity expectations of customers and governments, Mini says it sometimes becomes difficult to decouple and switch off from the job.
“But I have been lucky in managing to strike a right balance between my profession and self care by staying relevant and up to date, by attending conferences and knowledge sharing sessions, and through reading and researching to keep up with industry trends.”
And to decouple and switch off, Mini draws on her 18 years of dance training. “Staying physically fit is a commitment to myself which I do through my regular running challenges and dance routines.”
A GROWING ROLE FOR AI, IN DEFENCE AND OFFENCE
Mini sees artificial intelligence playing an increasingly important role in cybersecurity defence and offences.
“AI based tools offer significant benefits to the cybersecurity industry in helping with real time detection, reducing the time to respond to cyber threats and providing continuous improvement through pattern-based analysis of historical data.
“AI is also used for offensive cyber strategies. The threat actors leverage AI to build new malware and plan and execute cyberattacks that are sometimes unimaginable.
“With cyber attacks becoming more sophisticated and complex it is become increasingly difficult to implement quick resolutions through manual interventions. This is where AI plays a significant role in strengthening digital protection by helping to analyse large amounts of data in real time, and helping to quickly detect patterns and user behaviours, which it is not feasible to do manually. While AI is not a replacement for human expertise, it is emerging as one of the most powerful aids to combat cyber-crime.” www.linkedin.com/in/mini-sharma-6b273787
Persia Navidi
Partner at Hicksons Lawyers
Persia Navidi is on the legal side of the cybersecurity industry. She is lawyer with Hicksons Lawyers in Sydney working on legal matters relating to cyber, insurance and climate risk.
So, it is perhaps not surprising she sees developments in Australia’s legislation and regulation as the source of the most significant developments in cybersecurity over the next two years. She says these changes will reshape cybersecurity, privacy rights and data retention in Australia, adding: “It’s not a moment too soon because the cyber risks in our modern, digital world have outpaced our laws and regulations.”
First cab of the rank, Navidi says, is likely to be a significant change to the Privacy Act 1988 (Cth) (Privacy Act). “The Privacy Act Review Report, released in February 2023, makes 116 proposed changes to the Privacy Act, including: potential removal of the small business exemption, increased enforcement powers for breaches, amendments to the notifiable data breaches scheme, new requirements around security, retention and destruction of personal information, the introduction of a ‘fair and reasonable’ test, increased rights to the individual, including a direct right of action to individuals to apply to the courts for interference with privacy, and the introduction of a statutory tort for serious invasions of privacy.”
She says these changes would impact ordinary Australians and businesses. “Removing the small business exemption, for example, will result in millions of Australian businesses being required to comply with the Privacy Act, which they have not been required to do in the past, and the increased enforcement powers can be expected to result in more fines and penalties being issued against organisations.”
Cyber Insurance Set For A Boost
She expects these developments to boost cyber security across all organisations as they assess the need to hold data and how to appropriately de identify or destroy data once it is no longer required. She also expects them to boost the insurance industry, through an increase in claims and an increase in the demand for cyber insurance policies.
“The increased rights of the individual will lead to more third party claims against businesses and corporations — something that organisations and their insurers will no doubt be watching closely. As a result, I believe there will be a greater focus on cyber insurance. After the major breaches of 2022, many organisations have reassessed both their cybersecurity and their overall risk management frameworks. Cyber insurance is an important method of risk transfer and a key aspect of an organisation’s overall management of cyber risk.”
Navidi also expects the changes to the Privacy Act to impact the cyber insurance industry. Most claims today are made by insured business for the cost incurred in responding to a cyber incident. With the greater enforcement powers proposed for the Privacy Act, she expects to see more third-party claims: fines, penalties and compensation payable to third parties.
“It will be interesting to see how Australian businesses and the cyber insurance market responds to this.”
Navidi holds a Bachelor or Laws degree from the University of Sydney and says she came to cyber law as a result of working in insurance law, primarily financial lines (specialising in directors’ and officers’ liability insurance), an area in which she still works. She says the transition to cyber law was a natural progression “because boards, directors and their executives often face liability risks following cyber breaches.”
WANTED: MORE CYBER LAWYERS
Navidi describes cyber law as “an exciting fast developing area of law” in need of more lawyers. “We need passionate people with a genuine interest in the area who want to be part of the solution. There is no shortage of work to do in this space as we bolster our cybersecurity as a nation, so if you are thinking about transitioning into cyber – go for it.”
She adds: “Having worked in this area for a number of years and assisted clients through complex cyber issues, it’s extraordinarily rewarding and a privilege to be able to mentor the next generation of cyber lawyers as they enter the profession, and I truly value this aspect of my role.”
Navidi says the fast-paced, constantly evolving nature of cybersecurity first drew her to the industry. “Every day, there is a new development in cyber. Right now, Australia is in the eye of the storm from a cybersecurity and cyber risk perspective, with the development of laws and regulation in response to the local and global challenges.”
She was also heavily influenced as a millennial observing and being impacted by the rapid changes in technology that took place in the early years of this century.
“I witnessed first-hand the transition from children submitting handwritten school assignments and only using a computer fortnightly — usually a big colourful Apple desktop — while attending dedicated ‘computer’ classes, to a world where computers fit into the palm of your hand and are embedded in schools, homes and workplaces.
“Being part of this transition has influenced my desire to pursue a career in cyber risk, and I am grateful to be part of the solution, assisting clients in managing and mitigating the cyber risks that impact their organisations, responding to cyber incidents and guiding clients on their compliance obligations with the ever-changing legal and regulatory landscape.”
Sharing Her Knowledge
Navidi also shares her knowledge through participation in several industry bodies: the Australian Information Security Association (AISA), the Australian Professional Indemnity Group (APIG) and the Australian Women in Security Network.
“Being associated with various industry organisations has enabled me to not only meet some outstanding experts in cyber, but to also add value to the community and industry by sharing my knowledge and insights,” she says. “Collaboration is key in cyber, and I find value in being able to share stories and insights with peers and fellow cyber professionals.
“As an active member of the AISA, I am able to learn from industry experts, while simultaneously sharing my legal expertise. I’ve greatly enjoyed being a panellist at their events and presenting at their annual Cyber Conferences in Melbourne and Canberra on topics including the reforms to the Security of Critical Infrastructure Act 2018 (Cth) (and what that means for business), How Directors can Mitigate their Cyber Risk, and Cyber, Privacy and the Boardroom.” www.linkedin.com/in/persia-navidi
Navidi is an elected committee member of APIG, a role that enables her to collaborate with fellow committee and industry members to organise industry wide events on relevant cyber and insurance issues.
"When women work together, they become a force to be reckoned with. Be part of a force for good in the security industry, by joining the AWSN Explorers program today!"
S t u d y i n g o r a n E a r l y C a r e e r P r o f e s s i o n a l i n i n f o r m a t i o n s e c u r i t y ?
L e a r n m o r e a t . a w s n . o r g . a u / i n i t i a t i v e s / a w s ne x p l o r e r s /
Cyber Enthusiast, Ethical Hacker, Author of A hacker I am vol1 & vol2, Male Champion of Change, Special Recognition award winner at 2021 Australian Women in Security Awards
