Women In Security Magazine Issue 17 by source2create

NOVEMBER • DECEMBER 2023

EMPOWERING WOMEN IN CYBERSECURITY: STRENGTH IN THE INDUSTRY IS GREATER THAN THE NUMBERS P10

THE PEOPLE YOU DESERVE, AND THE PEOPLE YOU NEED P62

DO WE NEED TO MODERNISE OUR APPROACH TO DIVERSE LEADERSHIP? P54

THE AUSTRALIAN WOMEN IN SECURITY AWARDS 2023 COVERAGE P99

W W W. W O M E N I N S E C U R I T Y M A G A Z I N E . C O M

FROM THE PUBLISHER Strength in numbers: empowering women in the security industry

very year I repeatedly hear the claim that

A WIDE SPECTRUM OF EXPERTISE

there are no women in security. Every year

The security landscape is multifaceted. It requires

my response remains unchanged: that

professionals with a wide range of expertise,

this claim is simply not true! Through my

from technical skills to policy development to risk

annual awards I witness hundreds nearly

assessment. Women, like men, possess diverse

thousands of remarkable individuals being nominated.

skillsets that can be harnessed to create a more well-

I observe the WiCyS and Cyber Women of the Year

rounded and versatile workforce. By embracing this

awards where numerous women actively participate

diversity, the security industry can tap into a broader

and receive nominations. The AWSN, WiCyS,

pool of talents, enabling the creation of teams that

WISECRA, ASIS International and ASIAL networks are

can effectively address a variety of challenges

teeming with women, raising several questions.

and scenarios.

Is the real issue the lack of women in the industry,

FULFILLING AND IMPACTFUL CAREERS

or our failure to showcase them? Are we allowing

The demand for skilled security professionals is

their contributions to go unnoticed, and if so, why?

higher than ever before as the world becomes

Are we not working together sufficiently to deliver a

increasingly reliant on digital technology. Both

united front?

women and men have the potential to enjoy fulfilling and impactful careers in this dynamic

The importance of a diverse workforce should

field. Encouraging more women to join the industry

not be underestimated. The security industry in

not only helps address the gender gap but also

particular stands to benefit immensely from the

enriches the industry with a diversity of backgrounds,

presence of more women within its ranks. Beyond

experiences and perspectives that ultimately lead to

simply achieving equality, increasing the number of

better outcomes.

women in the security workforce is undeniably good for business. It fosters innovation, leadership and,

EMPOWERING WOMEN IN LEADERSHIP

ultimately, the industry's ability to safeguard against

While progress has been made, there is still a pressing

evolving threats.

need to elevate women to leadership positions in the security industry. It is not enough to focus solely on

DIVERSITY AS A CATALYST FOR SUCCESS

attracting women to junior roles; the goal should be

Diversity fuels innovation by bringing together unique

to create pathways for women to reach senior ranks,

perspectives, experiences and ideas. In the realm of

enabling them to shape the industry's direction and

cybersecurity, where threats are constantly evolving

policies. They need to have the seniority to foster

and becoming more sophisticated, diverse viewpoints

environments that support work-life balance and

are essential for developing comprehensive strategies

career advancement, and that offer opportunities for

that can anticipate and respond to these challenges

women to return and continue careers after taking

effectively. Having more women in the workplace

time off for family‑related reasons.

introduces a wealth of fresh insights and approaches that can greatly enhance the industry's ability to stay ahead of threats.

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

Abigail Swabey

AMPLIFYING VOICES AND SHOWCASING SUCCESS Elevating women's voices within the security industry is crucial for driving change. It is essential to highlight the achievements and successes of women in security, to showcase the incredible impact they have on protecting critical networks, data and individuals. By doing so we not only inspire the next generation of female security professionals but also attract a broader range of talents to the field.

A COLLECTIVE EFFORT FOR A STRONGER FUTURE Increasing the representation of women in the security industry is not just a matter of gender equality; it's a strategic imperative. We have a collective responsibility to ensure the industry benefits from the full spectrum of talent available. By fostering an inclusive culture, providing mentorship, offering training and development opportunities and advocating for policies that support work-life balance we can create an environment in which both women and men thrive.

"When we learn how to work together versus against each other things might start getting better".

Abigail Swabey PUBLISHER, and CEO of Source2Create www.linkedin.com/in/abigail-swabey-95145312

aby@source2create.com.au

I S S U E 17

WOMEN IN SECURITY MAGAZINE

CONTENTS

INDUSTRY PERSPECTIVES

FROM THE PUBLISHER

EMPOWERING WOMEN IN CYBERSECURITY: STRENGTH IN THE INDUSTRY IS GREATER THAN THE NUMBERS

COLUMN Victim blaming

Why you will fail if you stand alone

Strength is greater in numbers 44

Planning for healthy screen time limits

WHAT’S HER JOURNEY?

Mariska Scriba

Susan Ajay

Christina Dell

Alex Penna

Hannah Rapetti

Florence Araniego

Ailie Houlihan

THE 86 LEARNING HUB

A simple way to solve cybersecurity skills shortage

Life and career can thrive together Practical steps to support women’s return to the workforce

Do we need to modernise our approach to diverse leadership?

All things mentors — advantages, what to look for and why

Why companies should make it easier for women to return to the cyber workforce after a career break 58 Need for simplification of data breach reporting requirements

The people you deserve, and the people you need

We’re all in this together: how female colleagues can keep new mothers connected to their cyber careers

NOVEMBER • DECEMBER 2023

FOUNDER & EDITOR Abigail Swabey

ADVERTISING Abigail Swabey Charlie-Mae Baker

99 2023

#2023WISAWARDS

THE AUSTRALIAN WOMEN IN SECURITY AWARDS 2023 COVERAGE

TURN IT UP 90

JOURNALISTS David Braue Stuart Corner

SUB-EDITOR Stuart Corner

DESIGNER Rachel Lee

Source2Create Pty Ltd is the publisher of this magazine and its website (www.womeninsecuritymagazine.com). AWSN is the official partner of Women in Security Magazine

STUDENT IN SECURITY SPOTLIGHT Katie Perry

Mance Hung

Jennifer (Osato) Egbuliese

Nashra Fayyaz

SURFING THE NET 96

ASSOCIATIONS & GROUPS SUPPORTING THE WOMEN IN SECURITY MAGAZINE

MARCH • APRIL

IN 2022, YOU CAN NO LONGER TAKE SECURITY WORKERS FOR GRANTED P10-13 AS THE SECURITY THREAT MORPHS, DEFENSIVE TEAMS MUST CHANGE TOO

MAY • JUNE

WHO RUNS

P76-79

20 22

IF YOU CAN’T SPEND YOUR WAY TO GOOD SECURITY THIS YEAR, TRY FOCUSING ON YOUR PEOPLE P94-97

YEAR OF THE SECURITY WORKER

W W W. W O M E N I N S E C U R IT Y M A G A Z I N E . C O M

the

WORLD W W W. W O M E N I N S E C U R IT Y M A G A Z I N E . C O M

OFFICIAL PARTNER

SUPPORTING ASSOCIATIONS

Big Picture Easy Reliable No job is too big or too small. We look after your marketing & content needs so you can get on with what you do best. GET CONNECTED AND TAKE CONTROL OF YOUR BUSINESS SUCCESS TODAY!

charlie@source2create.com.au

aby@source2create.com.au

Connecting - Supporting - Inspiring

AS A FORMAL NETWORK MEMBER, YOUR CONTRIBUTION ENABLES US TO BUILD A STRONGER FUTURE

With an affordable annual fee, AWSN members will have access to discounts on programs and industry events, the membership Slack space, post or share job opportunities, and receive our monthly and any special edition newsletters.

Memberships are now a 12-month cycle Corporate packages available Learn more at www.awsn.org.au/members/join/

LISA VENTURA

EMPOWERING WOMEN IN CYBERSECURITY: STRENGTH IN THE INDUSTRY IS GREATER THAN THE NUMBERS by Lisa Ventura MBE, Founder, Cyber Security Unity Limited

n the ever-evolving landscape of cybersecurity the

for roughly 24 percent of the global cybersecurity

role of women has gained significant attention

workforce. However, the study found more women

in recent years. Despite the progress there is

than men holding higher levels of education—master’s

still a gender gap in the industry with women

degrees and above—and gaining leadership positions

underrepresented in many cybersecurity roles.

in increasing numbers.

However, women’s contributions to the field is far

Furthermore, a higher percentage of women than men

greater than the numbers suggest. The unique

working in cybersecurity are reaching senior positions

qualities women bring to the table strengthen the

such as chief technology officer (seven percent of

cybersecurity industry, ultimately shaping a more

women versus two percent of men), vice president of

diverse, innovative and effective industry.

IT (nine percent versus five percent), IT director (18 percent versus 14 percent) and C-level/ executive (28

THE STATS DO NOT LIE: MORE WOMEN ARE NEEDED IN CYBERSECURITY

percent versus 19 percent). The figures show women

According to the Cybersecurity Workforce Study,

generally more educated and younger than their

a report commissioned by (ISC)², women account

male counterparts.

W O M E N I N S E C U R I T Y M A G A Z I N E

forging paths to management, and those doing so

N O V E M B E R • D E C E M B E R 2023

F E A T U R E

Forty four percent of men in cybersecurity hold a post-graduate degree compared to 52 percent of women. Nearly half the women cybersecurity professionals surveyed were millennials, 45 percent compared to 33 percent of men. In contrast, Generation X men make up a bigger percentage of the workforce (44 percent) than women (25 percent). In addition, according to the report, women working in cybersecurity account for 24 percent of the overall workforce globally. It is clear more needs to be done to attract women into the cybersecurity industry.

OVERCOMING THE CHALLENGES FACED BY WOMEN IN THE INDUSTRY

training staff and conducting regular security audits

All cybersecurity workers face challenges in their day-

can suffer. Cybersecurity professionals—often already

to-day work, whatever their gender. Some companies

in high demand—may find themselves overstretched

mitigate these challenges through a serious

when attempting to safeguard digital assets without

commitment by top management to the creation

adequate funding. Consequently, organisations

of a strong cybersecurity culture. However, many

become more susceptible to breaches that can have

organisations still view cybersecurity as more of a

far-reaching impacts. Belatedly they can underscore

chore, or do not realise that cybersecurity is critical.

the urgent need for a strategic shift towards recognising cybersecurity as a critical investment

In another recent report the World Economic Forum

rather than a business cost.

ranked cybersecurity attacks as the fifth highest risk to doing business around the world, and number one

The recruitment of skilled cybersecurity professionals

in North America. It identified some of the challenges

The recruitment of skilled cybersecurity professionals

faced by cybersecurity teams as:

has emerged as a pivotal challenge in today’s digital landscape. With the exponential growth of cyber

Inadequate funding

threats and the increasing sophistication of attacks,

Organisations often grapple with poor cybersecurity

organisations are in constant pursuit of experts

budgets. As the digital landscape grows increasingly

who can safeguard their digital assets effectively.

complex and cyber threats become more

However, the demand for these professionals often

sophisticated, under-resourcing cybersecurity

outstrips supply, resulting in a cybersecurity skills

initiatives can have dire consequences. Inadequate

gap that creates significant risks to industries across

budgets hinder the implementation of robust security

the board. Organisations face intense competition

measures, leaving organisations vulnerable to cyber

to attract and retain the specialists who play pivotal

attacks that can lead to data breaches, financial loss

roles in fortifying defences, detecting vulnerabilities

and reputational damage.

and responding to breaches.

Underfunded cybersecurity has impacts across

To address the shortage of skilled cybersecurity

multiple facets of an organisation. With limited

professionals, organisations must adopt a

financial resources, crucial components such as

multifaceted approach. Attracting top talent

investing in cutting edge security technologies,

necessitates not only competitive compensation

I S S U E 17

WOMEN IN SECURITY MAGAZINE

packages but also an emphasis on professional

only a technical endeavour but also a collaborative

development and a supportive work environment.

effort that requires the commitment of an

Creating a culture of continuous learning and

organisation’s entire workforce.

innovation can entice cybersecurity experts and help organisations cultivate their own internal talent pool.

Women polled in the (ISC)² Cybersecurity Workforce Study cited their top challenges as:

Collaboration with educational institutions, industry associations and cybersecurity certification programs can provide pathways for aspiring professionals to gain the requisite skills and knowledge. By acknowledging the critical role of these professionals

• low security awareness among end users (19 percent), • insufficient availability of cybersecurity professionals (17 percent),

and strategically investing in their recruitment and

• inadequate funding (16 percent),

growth, organisations can better fortify their defences

• lack of management support or awareness

and navigate the ever-evolving threat landscape.

(14 percent).

Keeping up with evolving cyber threats

If not addressed, any one of these challenges can

Keeping up with evolving cyber threats is an

weaken an organisation’s defences, making it more

ongoing imperative for organisations of all sizes

difficult to protect data and users.

and in all industries. The digital landscape is marked by continuous advancements in technology

DIVERSE PERSPECTIVES BREED INNOVATION

which inadvertently create new vulnerabilities for

Cybersecurity challenges are becoming more

cybercriminals to exploit.

complex and multifaceted by the day. To effectively address them it is crucial to have a diverse range of

Staying ahead of these threats demands a proactive

perspectives and approaches. Women often bring

approach that includes constant vigilance, adaptive

different viewpoints and experiences to the table,

strategies and a commitment to staying informed

which can lead to innovative solutions that might not

about emerging attack vectors and techniques.

be considered in a homogenous environment.

Organisations must prioritise threat intelligence and invest in advanced monitoring tools that can

Women possess unique problem-solving abilities that

detect and respond to threats in real time, mitigating

can complement the analytical and technical aspects

potential damage and minimising downtime.

of cybersecurity. Their capacity for empathy and collaboration can aid in understanding user behaviour,

A key component of an effective strategy to counter

essential for designing more secure systems. By

evolving cyber threats is a culture of cybersecurity

embracing and exploiting these diverse perspectives,

awareness and education. Such a culture must

the industry can better respond to dynamic threats

extend beyond the IT department to encompass all

and stay one step ahead of cyber criminals.

employees within an organisation. Giving employees practices enables them to serve as a first line of

EFFECTIVE COMMUNICATION AND SOCIAL ENGINEERING DEFENCE

defence against social engineering attacks and other

One of the most critical aspects of cybersecurity

forms of cyber manipulation.

is effective communication, both within teams and

a foundational understanding of cybersecurity best

with end-users. Women have been shown to excel

Regular training sessions along with simulated

in communication skills, which are essential to

phishing exercises and the dissemination of security

convey complex technical concepts to non-technical

updates can empower employees to recognise and

stakeholders. This skill is especially valuable to ensure

report suspicious activities promptly. Ultimately,

cybersecurity measures are properly understood and

effectively combating evolving cyber threats is not

implemented throughout an organisation.

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

F E A T U R E

Furthermore, social engineering attacks rely

Cybersecurity jobs are highly stressful. The

heavily on manipulating human psychology to

ever-changing technology and competitive work

gain unauthorised access. Women’s intuition and

environment may trigger imposter syndrome.

understanding of social dynamics can be a powerful

Imposter syndrome was discovered more than four

asset in identifying and countering such tactics.

decades ago and is still prevalent. There is even an

By prioritising the strength of these interpersonal

annual on 13 April. It can affect people at any level,

skills the industry can better safeguard sensitive

at any stage of their career, be they an entry-level

information and prevent breaches that try to exploit

cybersecurity professional or the CEO of a security

human vulnerabilities.

company. If you suffer from imposter syndrome, be kind to yourself and channel your inner strength to

RESILIENCE AND ADAPTABILITY

overcome it.

The world of cybersecurity is fast-paced and constantly changing. Rapid technological

FINAL THOUGHTS

advancements and evolving threat landscapes

Increasing the number of women in cybersecurity

require professionals who are resilient and adaptable.

is not simply about striving for gender balance.

Women have repeatedly demonstrated their ability

Women bring a unique set of skills, perspectives and

to thrive in dynamic environments by demonstrating

qualities that can significantly enhance the industry’s

strong resilience and flexibility in their careers.

effectiveness and resilience. By embracing and celebrating these strengths, the cybersecurity sector

These qualities are essential for responding to

can build a more inclusive, innovative and secure

emerging threats and staying ahead of cyber

digital landscape for everyone.

adversaries. The ever-changing nature of the field demands professionals who can quickly pivot and learn new skills, making women a vital asset in the

ABOUT LISA VENTURA MBE

industry’s ongoing battle against cyber threats.

Lisa Ventura MBE is an award-winning cybersecurity specialist, content writer and

MENTORSHIP AND ROLE MODELS

speaker. She is the founder of Cyber Security

Another powerful aspect of women’s influence in

Unity, a global community organisation dedicated

cybersecurity is the inspiration they offer future

to bringing together individuals and companies

generations. Women who have already made strides

who actively work in cybersecurity to help

in the industry serve as role models and mentors for

combat the growing cyber threats. Lisa is also a

those beginning their journeys. As more women enter

cybersecurity mindset and mental health coach

the field and ascend to leadership positions they can

and offers help and support to those affected by

empower others to follow in their footsteps, ultimately

stress, burnout, bullying/abuse and mental health

bridging the gender gap. We need more female role

issues in cybersecurity and Infosec.

models in the cybersecurity industry.

REMEMBER YOU ARE NOT AN IMPOSTER Imposter syndrome can be a huge problem and

www.linkedin.com/in/lisasventura

deter many women from considering a career in cybersecurity. Many women in the industry feel

twitter.com/cybergeekgirl

underqualified for a cybersecurity role, or think of themselves as frauds who are successful just

www.csu.org.uk

because of luck. Many also believe they do not have the same level of skills as the people around them.

www.lisaventura.co.uk

No matter what type of cybersecurity job you have, imposter syndrome is very common.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

AMANDA-JANE TURNER Cybercrime is big business, thanks to technical advancement and interconnectivity creating more opportunities. This regular column will explore various aspects of cybercrime in an easy-to-understand manner to help everyone become more cyber safe.

C O L U M N

Victim blaming A recent article in an Australian news outlet reported an executive calling for employees who repeatedly fall victim to phishing and other scam emails to be sacked. This bothers me. The victims of cybercrime are not to blame: the criminals are. Cassandra Cross, an associate professor in the School of Justice at Queensland University of Technology, wrote a powerful research paper on the subject in 2015, No laughing matter: Blaming the victim of online fraud, in which she discussed the need to counter the victim blaming narrative. It still resonates today when we read about companies sacking employees for being victims of cybercrime, or executives saying sacking is a legitimate response when an employee is repeatedly scammed. It is not. The employer has a duty of care to ensure

become the eyes and ears of the cybersecurity team,

the employee is appropriately trained, educated

they become part of the solution.

and aware of cybercrime. Keeping employees and businesses cybersecurity aware takes more than

One way to create a cybercrime aware culture in

mandatory annual cybersecurity awareness training

a business is to set up a cybersecurity champions

and occasional friendly phishing initiatives. It needs

network to help key cybersecurity messaging reach all

the creation of a culture in which being cautious

areas of the business.

about cybercrime and thinking about cybersecurity is second nature.

Sacking employees repeatedly scammed is not the answer. Continuous efforts to uplift and maintain the

Sacking employees repeatedly caught by cybercrime

cybersecurity awareness culture, avoid victim blaming

is also not helpful to a business’ ongoing cyber

and directly support impacted employees are the

resilience, because employees will stop reporting

required approaches.

suspicious cyber incidents for fear of repercussions. A cybersecurity team needs employees to be vigilant and to report suspicious cyber activity, near misses and successful cybercrime attempts. A cybersecurity team cannot be everywhere. When employees

W O M E N I N S E C U R I T Y M A G A Z I N E

www.linkedin.com/in/amandajane1

www.demystifycyber.com.au

N O V E M B E R • D E C E M B E R 2023

WHAT’S HER JOURNEY?

Mariska Scriba Head of Enterprise Security Services at MTN Business

y journey into the captivating

However, it soon became evident that I needed

world of cybersecurity was far

greater challenges, and a teacher suggested to

from predetermined. Raised in the

my mother that I be placed in a more stimulating

serene, close-knit town of Aberdeen,

environment. Thus, I embarked on a journey from

nestled in the heart of South Africa’s

my small town to stay with my grandparents in

Eastern Cape, my early years bore little resemblance

a city more than three hours from my parents.

to the fast-paced tech-driven career I would

This transition marked a pivotal moment in my

eventually pursue.

life, requiring me to adapt to a new way of living and learning, far from the familiarity of my small

Picture a place with just two tarred roads, gravel

town upbringing.

streets that outnumbered the paved ones, one clothing shop and one petrol station: the only ones

As my parents grappled with their own challenges,

for miles around. Growing up in this idyllic small town

including a strained marriage, my mother became

gifted me an upbringing where bicycles, tadpoles and

my anchor, working tirelessly to ensure I received

outdoor adventures took precedence over technology:

a quality education. We would see each other only

an upbringing where simplicity was the order of

on alternate weekends, and the separation tugged

the day. I cherished those days of playing outside,

at my heartstrings. My unwavering determination

catching tadpoles in the heart of town and savouring

to ease her burden drove me to study relentlessly. I

the delights of childhood with friends.

aimed to secure a bursary that would alleviate her financial worries. My hard work paid off when I earned

My family’s modest means meant we navigated life

academic honours and was awarded a bursary from

with financial constraints, but my parents, particularly

South African energy and chemical company Sasol,

my mother, worked tirelessly to provide for my sister

propelling me towards a career in geology. Yet,

and I. Despite the hardships, I excelled academically,

destiny had other plans for me, and I later chose a

earning high marks in both primary and secondary

different path.

school. I was even appointed the head girl of my primary school.

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

W H A T ’ S

H E R

J O U R N E Y ?

FROM GEOLOGY TO IT TO CYBERSECURITY

commitment. This marked my transition from the

The uncertainty of my academic journey led me

comforts of my small-town upbringing to the bustling

to a gap year, a year of introspection and self-

metropolis of Gauteng, a city that felt foreign and

discovery. During this time I found my true calling,

intimidating. I found myself in the technical product

information technology. I pursued a National

development department, involved in crafting voice

Diploma in Information Technology at the Nelson

products. After two years at Telkom, my journey took

Mandela University in Port Elizabet, specialising

an unexpected turn when I joined a small international

in communication networks. My educational

mining company, 3D Laser Mapping. This role saw me

journey continued with study for a bachelor of

donning safety boots and helmets, working in open

technology degree in IT and communication

pit mines and traveling extensively. We specialised

networks, culminating in my graduation with

in selling 3D laser scanners and offering support to

honours and recognition as the best BTech student.

mines, helping them construct 3D models to predict

During my fourth year of study, I ventured into the

slope failures and enhance safety.

realm of information security, and my passion for cybersecurity was ignited.

Deloitte beckoned, offering an opportunity to contribute to the building of their cyber intelligence

I delved into cybersecurity with enthusiasm,

centre and to join their cyber threat intelligence

spending two more years completing my master’s

team. In just six months I found myself leading and

degree in information security. This period was

establishing the cyber threat intelligence offering. My

transformational. I conducted research, presented

tenure at Deloitte was marked by active involvement

findings at conferences and even embarked on

in various initiatives, from corporate netball teams

my first overseas visit, to a UK university. My

to organising social events and annual Secret Santa

grandmother, who had been a pillar of support and a

celebrations. My journey continued as I transitioned

motherly figure to me, passed away suddenly during

to Openserve, a division of Telkom, where I

this time, casting a shadow of grief over my journey.

assumed the role of senior manager, leading the risk

She had always encouraged me to complete my

intelligence team.

’book’, my dissertation, even though the complexities of academic life were foreign to her.

JOINING PWC PwC then entered the picture, inviting me to join

Financially, my journey was sustained by a bursary

their cybersecurity strategy team. Once again, I

from South African telco, Telkom, that funded my

embraced the opportunity, contributing my skills and

education and enabled me to purchase my first car,

expertise to this dynamic field. I remained engaged

symbolising my transition into a new phase of life.

in various initiatives, organising Secret Santa events

Scholarships, including those from the National

and spearheading the Women in Cyber initiative.

Research Foundation, Vodacom and the Nelson

Recently, mobile network operator MTN South Africa

Mandela Metropolitan University, further eased my

extended an invitation for me to serve as the head

financial burdens, for which I am profoundly grateful.

of department for their security products. In this, my

These scholarships, along with my unwavering

current role which I have held for about a month and

dedication, carried me through six years of intense

a half, I am building a dedicated team to oversee the

study, providing me with the opportunities and means

implementation of the company’s business product

to succeed.

security strategy, aligning our product roadmap with business goals and revenue commitments.

FROM ACADEMIA TO MINING Leaving academia behind, I was confronted with

Amidst these career milestones, I also embarked on a

the daunting prospect of having to spend two

personal journey. I met my husband, a man with two

years working for Telkom to honour my bursary

sons from a previous marriage who live with us. We

I S S U E 17

WOMEN IN SECURITY MAGAZINE

welcomed a beautiful daughter into our family during

BECOMING ENTREPRENEURIAL

the challenging times of the COVID-19 pandemic. The

My involvement in the cybersecurity community

pandemic brought with it an unexpected blessing: the

extends beyond my paid employment. I actively

ability to work from home, affording me the precious

participate in industry associations, reaping the

opportunity to witness the formative years of my

benefits of networking and knowledge sharing. I

daughter’s life.

also embrace my role as a mentor, guiding aspiring cybersecurity professionals and advocating for

Balancing the demands of corporate life with my roles

inclusivity and equality in the field.

as a wife, mother, daughter, friend and sister is no small feat. It necessitates a robust support system,

In the midst of my corporate journey, a new venture

especially when raising children. Thankfully, my

emerged: Bumboo Kids, an online business my friend

mother, who had relocated from Aberdeen to Gauteng,

and I founded. Bumboo Kids specialises in offering

has played a pivotal role in this support network. Her

unique baby and children’s products with a focus

presence has been invaluable, and we were even

on being family-oriented and providing exceptional

able to build a flat for her, creating a harmonious

customer service. Balancing this entrepreneurial

living arrangement.

endeavour with my career has been a rewarding challenge, and has added a new dimension to

As I reflect on my journey, I am grateful not to have

my journey.

encountered sexism in my career. Perhaps growing up amongst farm boys and pursuing a male-dominated

Looking ahead, I am eager to complete my PhD in

degree prepared me for the male-dominated

cybersecurity, a goal I had to postpone because of

environments I encountered later. Nevertheless, I am

my many other commitments. I am passionate about

heartened by the increasing presence of women in

contributing to the industry’s growth, addressing

the field of IT and cybersecurity, paving the way for

emerging challenges and advocating for the

more diversity and inclusion.

increasing presence of women in cybersecurity.

www.linkedin.com/in/mariskadelange/

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

Susan Ajay Cybersecurity Analyst at Datacom

JOINING DATACOM The decision to pursue a diploma course at the Unitec

Institute of Technology, with the added bonus of an internship, was a turning point. And the opportunity y journey from electronics and

to gain hands-on experience at Datacom proved

communication engineering to a

invaluable, paving the way for a permanent role within

thriving career in cybersecurity

that organisation.

is one I believe will resonate with other women pursuing careers in

Balancing full-time work and studies was undoubtedly

cybersecurity. It speaks to the power of adaptation,

challenging, often demanding sleepless nights and

the strength found in balancing personal and

an unyielding commitment to learning. However,

professional commitments, and the boundless

the support and camaraderie of my colleagues

opportunities that come with a passion for learning.

and seniors at Datacom played a pivotal role in my success, reinforcing the importance of mutual

Having completed my bachelor’s degree in electronics

assistance within a team.

and communication engineering and while pursuing a master’s in signal processing, I found myself drawn

What I find most captivating about cybersecurity is its

to the dynamic field of cybersecurity. The decision

ever-changing landscape. Each day I am presented

to relocate to New Zealand added a new dimension

with new challenges and learning opportunities

to my journey, presenting both challenges and

and surrounded by a community of like-minded

opportunities that ultimately shaped my path.

individuals. While my commitment to family prevents me from contributing extensively to the security

A pivotal moment came during a seven-year career

community, I remain dedicated to continuous

break dedicated to raising my three children. This

learning, using every available resource to stay

pause, far from being a setback, provided the

updated on the latest developments in the field.

necessary time to plan my return to the workforce, armed with renewed determination and a clear sense

I believe my story is a testament to the potential that

of purpose.

lies within every individual, just waiting to be unlocked through determination and a thirst for knowledge. It is

The transition into cybersecurity was sparked by a

my hope that sharing this narrative will inspire others

chance encounter with a friend who had recently

to embrace their own journeys in the knowledge that

shifted careers from development. His experiences

no challenge is insurmountable.

and insights ignited a curiosity that led me down a path of rigorous self-driven research, encompassing

www.linkedin.com/in/susan-ajay-674a39239

everything from articles to online courses.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

Christina Dell Director Governance, Risk & Compliance

Christina Dell started her career with a bachelor’s

“I held various roles within the organisation, allowing

degree in forensic computing from Middlesex

me to explore multiple avenues and discern my true

University in the UK. She says a fascination with crime

passion. I transitioned from a software tester, where I

scene investigation, fuelled by shows like CSI during

candidly admit I struggled due to the repetitive nature

her formative years, initially inspired her to pursue this

of the work, to the quality team.”

field, albeit with some misconceptions. Her role with the quality team involved engaging with However, as she progressed through her academic

numerous other teams across the business, gaining

journey, Dell found herself drawn more towards

insights into their operations and ensuring the delivery

auditing and framework compliance. After graduating

of high-quality, low-risk solutions. “I found this role

she took a position with a prominent organisation

incredibly fulfilling as it allowed me to make a tangible

in London that offered a 12-week graduate program

impact across the organisation,” she says.

encompassing software testing, development and business operations.

And it led to Dell to make a serendipitous transition into information security. “I mentioned my educational

She was assigned to the software testing branch and

background and my genuine enthusiasm for security,

within the first four weeks of starting the program

and I was promptly offered a role to enhance the

had obtained an International Software Testing

security operations within our business.”

Qualifications Board (STQB) certification. She left

the company and secured a contractor role at a

A MOST CHERISHED EXPERIENCE

transportation technology company, initially as a

She adds: “This role, which I hold in the highest

software tester. She says her time there represented a

regard, remains one of the most cherished

significant chapter in her career.

experiences in my career. If it weren’t for a relocation,

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

W H A T ’ S

H E R

J O U R N E Y ?

I would likely still be with that organisation. I forged

Those qualifications include: the ISO 27001 Lead

lasting friendships with exceptional colleagues. One in

Auditor certification along with certifications in ISO

particular has become a lifelong friend.”

9001, ISO 22301, ISO 20000-1, ISO 14001 and the Payment Card Industry Data Security Standard (PCI-

After relocating Dell took a role in a financial

DSS). She has also obtained additional qualifications,

services company as risk and compliance manager

including CISM, Practitioner in Cloud Security, Splunk

but within a year had transitioned to become the

certification, and Azure Fundamentals.

information security manager, which brought unexpected challenges.

MENTORING GIVEN AND RECEIVED Mentoring looms large in Dell’s career. She says one

She was only two weeks into this role when the

mentor played a pivotal role during a particularly

newly appointed CISO departed, leaving her to lead

challenging phase of her professional journey. “I was

a newly formed team in the midst of the COVID

endeavouring to establish a new business unit within

pandemic. “This period stands out as one of the

an organisation that initially showed little interest

most challenging in my career, as I assumed the

in the idea. I engaged in a daily battle to help them

responsibilities of CISO, information security manager

recognise the value of this initiative and my mentor

and cybersecurity manager,” she says.

played a crucial role in providing support during board discussions, offering invaluable market insights,

After the pandemic Dell felt in need of a change and

assisting with managing operational expenditure and,

took up her current role as director of governance

above all else, providing unwavering friendship.”

risk and compliance at a leading cybersecurity consultancy firm.

Dell now serves as a mentor to aspiring cybersecurity professionals, and says the role gives her immense

She says the role involves, internally and for

satisfaction. “I am deeply committed to mentoring

customers, analysing data to identify potential

because I am driven by the goal of guiding

compliance gaps or emerging risks that need to be

newcomers in the field to ensure they start on the

addressed along with developing and implementing

right path. My strong desire to encourage women to

policies and procedures to enhance governance

pursue careers in cybersecurity has led me to believe

and compliance.

that mentoring is one of the most effective ways for me to make a meaningful impact in this regard.”

Dell also needs to keep up to date with the latest regulatory changes and update internal and external

Dell also wants to make a wider impact on the

methodologies as required. She says one of the

business world, saying she is “driven by the

biggest challenges in her role is staying compliant

ambition to engage with diverse businesses and

with the ever evolving laws and regulations of the

boards as a non-executive director with the aim of

UK’s complex regulatory environment.

contributing to the formulation of their strategic direction and ensuring alignment with best practices

“In my current role, having a comprehensive

in cybersecurity.”

understanding of auditing methodologies and best practices across multiple frameworks has proven instrumental in assisting our clients,” she says. “It

www.linkedin.com/in/christina-dell-51037143

enables me to provide consultancy with a solid foundation in established principles, rather than mere personal opinions.”

I S S U E 17

WOMEN IN SECURITY MAGAZINE

Alex Penna Software Developer at Atlassian

cybersecurity: she’s a software developer

A CHARITABLE INTRODUCTION TO CYBERSECURITY

at Atlassian. She has another, voluntary,

It was her GPN role that got Penna interested and

role to which she devotes much time

involved in cybersecurity, in 2022 when GPN decided

and energy, as head of expansion

to add a security-focused project to its program

lex Penna’s day job is not in

and Sydney coordinator of the Girls’ Programming

line up.

Network (GPN), a program run by Tech Inclusion, a charity she cofounded with Renee Noble and

“One of the aspects of my role is helping develop

Nicky Ringland. GPN is dedicated to increasing the

concepts for new projects and ensuring tour content

representation of women and underrepresented

aligns with our pedagogy and GPN value,” Penna

groups in technology roles.

explains. “In 2022 we decided to add a securityfocused project to our line-up. I started working with

In her role at GPN Penna helps manage nodes in

the GPN Perth team to refine ideas and create a

Sydney, Melbourne, Perth, Canberra and Tasmania. “I

project that would allow our students to learn about

make sure they have the resources and support they

exploring the security behind passwords.

need to succeed and grow, and I help get new nodes set up,” she says, “I also run the Sydney node at the

“I wanted to create a project that gave the students a

University of Technology, which involves working with

better understanding of how password leaks happen,

the UTS team to organise the logistics of the events,

let them try out ‘hacking’ some encrypted passwords,

getting content ready, recruiting and managing our

and help them reach their own conclusions of what

volunteers, and being the primary point of contact

makes a strong password. So, I designed a project

throughout the event.”

that taught our students about password hashing and how, even with a strong hash, hackers can

It is no small task. Balancing her role at Atlassian

use rainbow tables and common passwords to

with her volunteer role at GPN is, Penna says, her

crack into accounts if they can get their hands on a

biggest challenge. “It is like having two full-time

leaked database.

jobs sometimes, and it can be pretty overwhelming.

I’m incredibly fortunate to have a lot of support at

“We created a dummy meme exchange website

Atlassian for what I do.”

with lots of accounts (each with a unique meme to

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

W H A T ’ S

H E R

J O U R N E Y ?

keep the students excited about cracking into each

GPN was Penna’s first encounter with cybersecurity.

account), a database of account names and hashed

She joined Atlassian as an intern after graduating

passwords, and taught the students how to create a

and has been a software developer there for the past

program that would use a list of common passwords

five years.

to compare to the hashed passwords and give them a list of usernames and plain text passwords they could

“I’ve loved working at Atlassian and have got to work

use to log in to our website.”

on our data centre products, helping make admins’ lives easier for our biggest enterprise customers,”

TEACHING ONLINE SAFETY

she says. “More recently I have been working on

Penna also created an activity that got the students

growing one of our newest cloud products, Jira Work

working in groups, moving around and away from a

Management. Working with such amazing people on

screen. “For this project, I wanted to create an activity

various projects, products and problems is what I love

that complimented the security theme and taught the

most about working at Atlassian.”

students more ways to be safe online while keeping them in their hacker mindset,” she says.

Penna went to an all-girl high school, Kambala in Sydney, where she was the only girl in her year

“I developed some social engineering activities for

interested in programming. “Luckily, I had a fantastic

the students to work through to guess a specific

information processes and technology teacher and

user’s password. The students used fake social

inclusion teacher, Ms Borgert, who encouraged me

media posts, a phishing email attack and the victim’s

to pursue my interests in software development and

‘forgot password’ hint and security question to

found opportunities to further my interest through

gain information about the victim and crack into

the National Computer Science School Challenge and

their account.

Summer School at the University of Sydney,” Penna says. “Through these experiences, I found the Girls’

“We’ve run it in Melbourne, Perth and Sydney, and

Programming Network.”

the students have always loved it. I believe giving them a chance to see how easy it can be to get

In 2015 she attended a GPN event as a student

private and protected information and how that

and returned a year later as a volunteer when she

information can be used against them gives them

started university. “I loved the community of strong,

a much better understanding of how to be safe in a

supportive women. I loved feeling so strongly that

digital environment than just telling them about these

I belonged there, and I loved being able to make an

attacks. They get an intrinsic understanding of unsafe

impact on the students at our event,” she says.

common passwords because they have the skills to crack these accounts themselves.

COMMITMENT TO GPN And Penna became heavily involved in the

“I’ve seen the impact of this content on the kids

organisation. “I got completely hooked and found

firsthand; they have written plenty of feedback telling

more and more ways to get involved, starting as a

us how much more aware they are of digital security

tutor, then giving lectures, leading a room of tutors,

after the program. This has inspired me to want to

and leading areas of the event,” she recalls.

write more security-focused content for our events. I think it’s a fascinating area of computer science and

“Eventually, I was asked by the head of GPN Sydney,

one that’s very relevant to our students.”

Renee Noble, if I would like to help her double the GPN Sydney program by co-running the node with her.

ATLASSIAN SOFTWARE DEVELOPER

I was very honoured and excited by the opportunity.

Apart from a security unit in her bachelor of computer

Soon, Renee and I were running double the number of

science degree course at the University of Sydney,

events in Sydney.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

“Once the pandemic started and we had to stop

want to teach into attainable coding projects, using

events, we had the chance to take stock of where

different technical concepts for beginner, intermediate

GPN was and what we wanted to do to continue

and advanced students. Figuring out how to write the

to grow the program. We decided to cofound a

same program using only beginner-level concepts and

not-for-profit to take on running the program along

another version challenging to advanced students

with Nicky Ringland. During this time, we started

is an interesting intersection of technical and

the Melbourne node and I took on the challenge

educational challenges.”

of starting a new node in a large major city along with the GPN leadership team and the University of

She adds: “I’m working to develop more skills

Melbourne team.

around running the organisational side of the notfor-profit, writing policies and procedures with the

“I flew down to Melbourne a few times to help run the

other board members, understanding compliance

first couple of events and get the community started.

and requirements and solidifying our practices so

I soon found the same few volunteers coming to

they are stable and sustainable for years to come.

every event, growing in their passion and confidence,

I’m also always on the lookout for new concepts to

and I could see the community spirit I loved about

expose our students to, whether it’s a new technology,

GPN growing in this new node. I found a replacement

an area of computer science like security, or a hot

node coordinator and continued to support the

topic like AI.”

node remotely as it grew. They are now running very successfully and independently, and I’ve transitioned

Despite the huge amount of voluntary work Penna

to rerunning the Sydney node and growing it back to

does at GPN, it is not a one-way street: she says

where we were pre-COVID.”

she gains much in return. “Most people struggle with self-doubt, especially when you’re a minority in

NON-TECHNICAL SKILLS IMPORTANT

the industry. Certainly, in my career as a software

Penna might have got heavily involved in the technical

engineer, I’ve had plenty of times where I’ve doubted

aspects of cybersecurity teaching girls through

myself and my abilities. The thing that always helps

GPN, but says her most important skills in the role

me stay grounded and push past those feelings is my

are a combination of leadership, mentoring and

work with GPN. The community at every event is so

communication skills.

supportive and encouraging that it’s hard to hold on to those feelings of doubt.

“My current role has a lot of elements where I’m getting teams of volunteers on board and moving

OVERCOMING IMPOSTER SYNDROME

in the same direction, even when I’m not present at

“I think many of those imposter feelings can come

an event. Or I might be breaking down a concept we

from comparing yourself to those around you, and when you work at an amazing company like Atlassian, the people around you are also amazing, so the comparison is pretty rough. When I go to a GPN event, I’m surrounded by people at all different points in their journey, and it makes the comparison feel so silly, which it is. “I can see the high school students just learning to code, and it reminds me of myself when I was that age. The comparison reminds me of how far I’ve come. I see the university students learning

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

W H A T ’ S

H E R

to find their confidence and hone their skills, and I remember myself at that age. I also see engineers who are further in their careers than I am, but rather than compare myself to them and feel lesser, they inspire me.” Also a major source of inspiration for Penna has been Renee Noble, the national director of GPN and CEO of Tech Inclusion, who she describes as “one of the most influential people in my growth at GPN,” and as a person. “She’s been an inspiration, a mentor and a friend for the last eight years. When I first joined the GPN community, she was running GPN Sydney and working on expanding GPN to the rest of the country. She has always encouraged the volunteers of GPN to try new things and take on new challenges, and I was no different.

J O U R N E Y ?

"Luckily, I had a fantastic information processes and technology teacher and inclusion teacher, Ms Borgert, who encouraged me to pursue my interests in software development and found opportunities to further my interest through the National Computer Science School Challenge and Summer School at the University of Sydney,” Penna says. “Through these experiences, I found the Girls’ Programming Network.”

“She pushed me to do more lecturing and leadership and continue getting more involved. Eventually, she and I were running GPN Sydney together, and I started getting more involved in the other parts of the

to these changes to be prepared to take them on and

program outside of just the events.

face the challenges that will come their way.

“Seeing the amount of work that Renee puts into GPN

“As more things in the industry change and evolve, the

inspired me and showed me what is possible when

content we are teaching the kids will also continue

someone with passion, skill and the right community

to change to stay relevant and give them the skills

behind them puts in the work to make something

they will need. The challenge is to make sure we are

spectacular happen. I don’t know where I would be

balancing keeping up with the times with teaching the

today without the guidance and support from Renee,

fundamentals so they have a solid foundation to build

and I can’t give her enough credit for the dedication

on when technology changes around them.

and energy she has poured into this program.” “Since kids are so plugged into technology and a

FUTURE PLANS

vulnerable part of our society, we need to ensure we

Penna sees much still to be done at GPN to keep

are giving them all the tools and information they need

up with rapidly evolving technologies. She wants

to be safe. Turning those security ideas into engaging,

to explore other programs GPN could introduce

hands-on experiences that become unforgettable

to support even more girls or minorities in the

lessons is something I’m passionate about and excited

tech space.

to explore further in the future.”

“Everything in tech is constantly evolving, whether it’s security, programming practices or emerging

www.linkedin.com/in/alex-penna-60048111b/

technologies like AI. Our students need to be exposed

I S S U E 17

WOMEN IN SECURITY MAGAZINE

A PROGRAM THAT CONNECTS, SUPPORTS AND INSPIRES FEMALE TERTIARY STUDENTS AND EARLY CAREER PROFESSIONALS EXPLORE A CAREER IN SECURITY. EXPLORERS WILL BE ABLE TO ACCESS MONTHLY WORKSHOPS, MENTORING OPPORTUNITIES AND INDUSTRY CONNECTIONS

"When women work together, they become a force to be reckoned with. Be part of a force for good in the security industry, by joining the AWSN Explorers program today!" - Liz B, Co-Founder

Studying or an Early Career Professional in information security? Learn more at .awsn.org.au/initiatives/awsnexplorers/

Contact us today to find out how you can become an industry contributor, no matter the level of experience. reach out now www.womeninsecuritymagazine.com

Hannah Rapetti Cyber Security Analyst – Takedown Team at Proofpoint

OVID-19 disrupted the lives of millions,

FROM TEACHER TO LIBRARIAN

forcing many to re-evaluate their careers

It was Rapetti’s second major career shift. She initially

and explore options they might never

pursued a career in education, earning a bachelor’s

have otherwise contemplated. Thus it

degree in social sciences and art and taking a job

was for Hannah Rapetti.

teaching in middle and high school, but says: “While

With a passion for literature she had gained a Master

I enjoyed certain parts of being an educator, I soon realised it wasn’t my true calling.”

of Library and Information Sciences degree from the University of Southern Mississippi, graduated at

At Proofpoint, where she works today as lead

the top of her class and scored a job as supervisory

cybersecurity analyst on the Proofpoint Takedown

librarian of one of the largest libraries in the US Navy

Team, Rapetti appears to have found that calling. “I

Library Program. Then, at the peak of the COVID-19

truly enjoy my job and the highs and lows it comes

pandemic, she had to relocate when her husband

with,” she says. “To me my work is not just a job, it’s

gained a new role outside the military.

a source of fun and fulfillment. I often find myself so enthralled by the project or analysis I am focused on

“The pandemic left me with limited career

I lose track of time. The old saying ‘Do what you love,

opportunities, particularly within the library system,”

and you’ll never work a day in your life’ really applies

she recalls. “Realising the need to pivot to something

to how I feel about my job.

that would allow me to work from home, and encouraged by my husband, I decided to explore the

“I help protect companies by removing malicious

field of cybersecurity.

domains that can target their employees, partners and customers. This can occur through phishing

“To get my foot in the door, I pursued industry

emails that facilitate various types of cyber

certifications. The first major certification I went for

attacks, including malware. Our team operates as a

was CompTIA CySA+. With this under my belt, I had

managed service, working closely with our clients

the confidence I needed to start applying for positions

to identify and neutralise these threats as quickly

in the field—including for an open role at Proofpoint,

as possible.”

which I eventually secured.”

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

W H A T ’ S

H E R

J O U R N E Y ?

Rapetti says she spends most of her day monitoring

you must be able to think creatively about what kind

the takedown queue, checking it for new tickets,

of evidence would best fit the situation to get the

following up on existing ones and ensuring customers

best result.”

are well-informed about the process and status of their takedown requests.

COMMUNICATION SKILLS NEEDED Her role can also be stressful when working with

“Getting the bad domains taken down is the best

customers during an ongoing attack. “Effective and

part of the job. Knowing that my work contributes

professional communication skills are vital in this

to protecting organisations and their customers is

kind of role,” she says. “We need to communicate

incredibly rewarding.

on a technical level with providers while simplifying our interactions with customers who may not be as

“When a new takedown ticket arrives, I investigate to

technical, providing support and updates throughout

verify whether the domain is malicious and actively

the process.”

targeting the customer. Throughout this process, I gather evidence from both internal and external

Rapettihas been in her role at Proofpoint for little

threat intelligence resources to support the takedown

more than a year and says she is pushing herself

request. This will then be sent to the domain service

to focus more on networking within the DNS

providers, such as the registrar, hosting provider and

abuse community “to continuously learn about

TLD provider.

the nuances that come with the type of service we offer.”

DOMAIN TAKEDOWN ROLE “Collaborating with various domain service providers

Down the track she would like to move into a people

is a critical, yet challenging part of my role because

management role through which she can help shape

different providers have distinct policies for handling

the services Proofpoint offers, but says: “It’s important

various types of domain activity. That is why

to me that I always have a technical role of some sort

maintaining a positive working relationship and

to better stay on top of the changes within this field,

meticulously following all abuse reporting guidelines

because I think knowing some of those technical

is crucial.

aspects can make a big difference in your supervisory style and how your team succeeds.

“When I am not directly involved in a takedown submission, I work closely with customers to monitor

“I am also very focused on networking right now,

ongoing domain or brand abuse threats. This involves

especially within the DNS abuse community, so I can

a bit of threat hunting, a substantial amount of

take everything I learn back to my team and further

investigative work and meticulously crafting reports

develop our overall skills. I am currently working

on my findings, which I then present to the customer.

towards gaining CISSP in my spare time.”

I enjoy these meetings with my customers because they allow me to learn about their company on a more

COMMUNITY INTEGRATION

personal level, enabling me to tailor the domain threat

She is also integrating herself into the wider

analysis work to their specific needs. Ultimately, this

cybersecurity community and pursuing additional

provides a strategic service that adapts as they do.”

qualifications. A friend told her about the Women in Cybersecurity Organization (WiCyS). She applied and

Rapetti says the role requires strong investigative

was accepted for its Security Training Scholarship,

and analytical skill to identify malicious domains

a multi-stage program that partners with the

and gather the right evidence to support takedown

SANS Institute to develop cybersecurity skills

requests, as well as creative problem solving skills,

through capture the flag events and SANS/GIAC

“because it can be difficult to prove the activity and

certification courses.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

“Through this program I completed three SANS

In turn, Rapetti acknowledges many who have helped

courses and tested for the corresponding certification

her on her cyber journey. They include Angie Denisiuk,

exams: GFACT, GSEC, GCIH,” Rapettii says. “Being a

the advanced cyber tactics and techniques lead at

part of this program also allowed me to travel to the

Corteva Agriscience. “Someone I look up to and go to

yearly WiCyS conference and compete in the capture

for career advice. She’s a strong-willed woman who

the flag competition there, coming first in my division.

isn’t afraid to stand her ground and get work done, and I admire that so much.”

“WiCyS and the security training scholarship program have helped me battle imposter syndrome, giving me

Also, her Proofpoint colleagues: Jen Nicastro, senior

more confidence in myself and my decision to switch

manager, threat intelligence, Kelsey Merriman, senior

careers. I’ve really enjoyed helping the latest round of

threat researcher, and Genina Po, threat researcher.

candidates for this program and following everyone’s

“These women have been wonderful about sharing

journey on LinkedIn.”

information, brainstorming ideas and making me comfortable in my role since I joined the Proofpoint team,” Rapetti says. www.linkedin.com/in/herapetti

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

Source2Create Spotlight

Content Content allows you to establish, share, and strengthen your brand. It helps build relationships which is why we are shining the light on our content service. Content strategies don’t just define the goals your content is intended to achieve, but also the procedure, processes and governance required to get there. We can show you how to manage your content effectively. We can then use that content to attract, acquire and engage your customer and new prospects, deepening your relationships. What are you waiting for?

REACH OUT TODAY

charlie@source2create.com.au

aby@source2create.com.au

Florence Araniego Associate Consultant | Phriendly Phishing - Transformation and Growth at CyberCX

“Everything I learnt was new, even using Windows. I hadn’t used a PC for years because creative jobs generally opted for Macs. I did not have a single bit of cybersecurity knowledge in my being and yet there I was, sitting in the Academy amongst incredibly talented people. I could feel that huge confidence in myself decreasing.

“But I held my head high, and was open minded to learning new systems, new ways of thinking and new hen Australian cybersecurity

people. I have met plenty of great people in my life,

company CyberCX opened

but in the Academy, I feel I’ve met lifelong friends.

applications for its CyberCX

Even the youngest members I have become the best

Academy, set up to “train the

of friends with! In this industry I have only met the

next generation of cybersecurity

most supportive people. Age becomes just a number:

experts” it received more than 1500 applications

your whole self is what they appreciate.”

for the 10, salaried, positions available in its Sydney cohort.

FROM TRAINING TO FULLTIME CYBER ROLE After completing her Academy training Araniego was

One of the 10, making a leap into cybersecurity after

given a job in another CyberCX company, Phriendly

a lifetime in artistic pursuits, was Florence Araniego,

Phishing, as an associate consultant. “As the root

who describes herself as “a mature aged woman with

of threats start at a human level, we strive to create

absolutely no skill in tech or cybersecurity.”

important behavioural and cultural changes, not just for businesses, but for the individual in the digital

She was, she says, “super lucky” to have been

aspects of their lives,” she explains.

selected. “The Academy is a fantastic initiative for people like me who have no previous tech

“I’ve been assigned to work in business operations,

or cybersecurity skills. It involves an intensive

working closely with transformation and growth.

cybersecurity fundamentals module. Afterwards, you

In my team of two we assess projects and gather

are placed in a practice that best suits your skills.”

insights in the many ways our company can grow positively and sell effectively as a SaaS business.

It is hardly surprising, though, that she experienced

imposter syndrome, despite having strong self

“Setting goals and objectives is part of the

confidence in her previous roles. “Having been

transformation process. We create roadmaps for

accepted into the Academy, I was up against younger

our company to achieve as well as focusing on skill

peers who had come from computer science

development. We ensure our approach stays ahead

backgrounds, had learnt to code, or had some

of emerging threats to give our sales reps and leads

background in the IT industry. I didn’t. I spent my days

up-to-date information, because the threat landscape

staring out the window thinking, ‘why am I here?’

changes so often.”

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

W H A T ’ S

H E R

J O U R N E Y ?

Araniego says a typical day at Phriendly Phishing

The influence of friends on Araniego’s language skills

includes collaborating with colleagues and staff

continued in high school. She learnt simple Japanese

from CyberCX. “I feel my role is what keeps the two

from a Japanese friend who lent her Japanese manga

companies connected. I gather insights from digital

comic books. “I didn’t understand what was going

forensics/incident response, cyber intelligence and

on, but the Japanese characters intrigued me,” she

industry leads through meetings, writing reports,

recalls. And in her twenties she went on to learn

presenting my information and researching. As

the language.

an associate new to these processes, it can be daunting at first, driving projects that involve high

Prior to joining CyberCX Araniego spent most of her

profile people, but at the end of the day a lot of those

working life in the creative industries. She says she

I collaborate with end up being very supportive of

was drawn to the arts after experiencing difficulties

my ideas.

with English that persisted into high school.

“I get to actively work on projects that involve different

DISCOVERING ARTISTIC TALENTS

departments all at the same time. One task involved

“I took an interest in making art because

working on phishing templates with our LEAD team

communicating through other means proved

and learning about social engineering, which I found

difficult. I also learnt to play the drums and guitar.

super fascinating. Phishing is such a common

Music, I guess, is a form of abstract language

occurrence. It affects literally everyone you know: your

through notes, and since it was an expressive way

family, friends, colleagues. There are different types

of communicating, I found it very familiar. Art and

of it: whale phishing, spear phishing, vishing (voice-

music became my whole life in high school, and they

phishing), smishing (SMS-phishing) and something

influenced me to take a path in the creative arts after

I’ve learnt recently, qshing (QR code-phishing). AI, as

coming in the top five percent in NSW for visual arts

much as it can help us in a myriad of ways, people will

during the HSC.”

always find a way to corrupt it.” After high school, Araniego took odd jobs in retail,

A CHILD MIGRANT

selling musical instruments and as a barista. She

Araniego was born in the Philippines, and arrived in

saved enough money to study film and landed a job

Australia at age six. “We lived amongst the villages

assisting in a small indie sci-fi film about aliens.

and lakes. I was the daughter of an incredible father who worked hard to give me and my siblings the best

“I soon learnt that working in creative jobs meant I

lives we could possibly have, and Australia was the

needed several day jobs to make ends meet, and boy

answer,” she says.

was it tough,” she says. “I lived on packet noodles to afford transport to my film jobs, which were either far

Started her education at Liverpool Public Primary

away or hard to get to by public transport. This wasn’t

School speaking no English, but learnt Auslan. “My

sustainable, and I left the film industry after three

first ever friend, Nicole, approached me after seeing

short years.”

my Sailor Moon pencil case,” Araniego explains. “She was deaf, and I learnt a lot of Auslan from her. It was

Wanting to learn more about the creative industries,

a great happenstance to meet her as she didn’t know

Araniego enrolled for a bachelor’s degree in painting

I couldn’t speak a word of English. I never saw Nicole

and drawing at UNSW and again found herself

after primary, and I wish I could tell her she meant

struggling financially. “Like film school, the people

a lot to me.” Many years later Araniego revived her

there seemed to have endless cash and live minutes

Auslan skills: in 2017 she gained a Cert IV in Auslan,

away from the university. I took solace in the few

focusing on the Sydney dialect.

friends I had who lived similarly to me, modestly and

I S S U E 17

WOMEN IN SECURITY MAGAZINE

we all worked a few jobs to afford art school. I met

“Murals don’t just happen overnight,” she says. “It

my partner there, and art school seemed so fulfilling,

takes months of planning, meetings over Zoom,

sharing the experience with someone like minded.”

getting artists to design and create over Zoom, staff digitising the designs and visualising this mural while

SUPPORTING PEOPLE WITH DISABILITIES

working from home, and everything else admin wise

Araniego attributes her interest in cybersecurity

that goes to fulfilling commissions for a world-class

to her final artistic role after 15 years in creative

gallery. This is all before the mural gets painted!

industries when she worked as an artist at Studio A, a Sydney-based art studio for adult artists living with

“Then it was two weeks during lockdown to paint in

disabilities. It was “the root of my curiosity for all

the gallery. We were on scissor lifts and everything.

things tech,” she says.

When it was finally over, for me, it truly was the most incredible part of my creative career, and a full-stop in

“This job taught me a lot about the world: how to

my life as a creative arts worker. After working almost

understand diverse people and their colourful worlds.

15 years in the creative industries I felt the need to

Communication was a huge part of this job, on top

learn something new.”

of art making, and I learnt how to work with different methods I was unfamiliar with.”

INTRODUCED TO CYBERSECURITY And along came her introduction to cybersecurity

As the pandemic hit, the studio was forced into using

and CyberCX in the form of her friend of many years,

digital technologies to keep functioning. “We all had

Mandara. “During the pandemic her and her sister,

to problem solve quickly, jump through many hurdles

Manasa, both took the time to learn something new:

to teach not only the artists, but their careers at home

they studied cybersecurity,” Araniego says. “Mandara

and the staff how to be a little more tech savvy to stay

then applied to work in strategy and consulting at

connected and to keep working,” Araniego says.

CyberCX and was successful. After knowing I wanted a change in my career. She recommended I apply for

“We had many commissions to fulfill, and I was

CyberCX’s Academy, and the rest is history.”

extremely grateful, given the art industry took a real negative turn with galleries closing. I felt this act of

Araniego describes the culture at Phriendly Phishing

problem solving is where my love for tech was really

and CyberCX as being extremely welcoming,

ignited, and I started creating art digitally with the

supportive and positive. “I haven’t once felt

artists.” This culminated in Studio A painting a 300

discriminated against. I can come to work with my

square metre mural at the Art Gallery of New South

pink hair and tattoos, and people just accept me for

Wales in 2020.

who I am without a fuss! “I am also surrounded by many hardworking women who continue to inspire me daily. It is an extremely inclusive workspace, and the company holds events weekly that celebrate diversity. I know it hasn’t been easy for women to enter this industry, and I thank them for paving the way. I have been incredibly lucky to land a position amongst these incredible people and wonderful culture. I am proud to say that I am now one of them.” Araniego’s diverse background may not seem an ideal preparation for a career in cybersecurity, but

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

W H A T ’ S

H E R

J O U R N E Y ?

she argues otherwise. “The creative arts are all

A FORMATIVE FATHER FIGURE

about conveying your ideas, even complex emotions

And Araniego says, unlike so many women, she has

and stories in a myriad of ways. Language is the

been supported throughout her life by sensitive and

foundation of communication, and learning Auslan,

creative men. “My dad will always be the source of

which is an incredibly visual way of communicating,

inspiration for my whole being. He taught me at an

has broadened my ability to connect with diverse

early age that the world can be a cruel place outside

groups of people.

of our safe home, and as such I learnt martial arts from him, and he taught me how to speak my mind no

“Gaining these credentials has taught me to structure,

matter what the situation.

engage and effectively communicate my thoughts and, importantly, to practice empathy. This ability

“If I even felt the slightest discomfort in a new job,

to convey messages powerfully has made me a

a new person I meet, I immediately try to disengage

versatile communicator.

as soon as possible. This gave me an almost kneejerk reaction, an intuition, to save myself from

THE POWER OF A DIVERSE BACKGROUND

uncomfortable situations. I saw the world from a very

“Even in my youth, when I was paid terribly being

different perspective, and for that I am grateful for his

a barista, I learnt so much about how to deal with

guidance. My father broke the social norms of rigid,

different people, which has given me the skills today

traditional masculinity. This in turn taught me how

to deal with a diversity of people.

deal with this world we live in, as all too often women deal with sexism, misogyny, and the unspoken

“Being able to problem-solve on the spot is something

societal pressures we experience daily.

I picked up from working in film. Working in film is extremely stressful and you need to figure out

“My partner is another incredible source of inspiration

problems quickly as they arise, and be always

to me. He, a creative himself, never once doubted

110 percent.

my shift into the tech world. In fact he encouraged it. I think, as a creative person, you get a sense of

“These traits might not seem to describe someone

the world around you in a curious, divergent way

who works in cybersecurity, but the very root of the

compared to non-creatives. Others in my position

threat landscape is a human problem, and as such I

would have people tell them it’s a risk, and they have

believe I was chosen by the CyberCX Academy purely

no experience, clouding their judgement.”

and simply for these skills of engaging with people and communicating information well. My role as

One of the first steps Araniego took after joining

an associate is all about collaborating with people

the CyberCX Academy was to join the Australian

and visualising information in a succinct way that

Women in Security Network (AWSN), a step she says

everyone can understand.

has given direction to her nascent cybersecurity career: “a sense of purpose, empowerment and

“The reason the Academy were choosing people from

inspiration to continue to become a strong woman in

diverse backgrounds—from nurses to OT workers,

cyber security.”

retail workers and yes, artists and creatives like myself—was to diversify the security workforce. They

She is now setting her sights on digital forensics,

need people with life experiences who see the world

security assurance testing and AI. “This world is so

from different perspectives, not necessarily with the

new to me that I am ready to take on anything and

ability to code or to build VMs. CyberCX wanted a

everything,” she says.

cultural and behavioural shift from this, and I was wide-eyed and ready to learn.” www.linkedin.com/in/florence-araniego-6aa09a31

I S S U E 17

WOMEN IN SECURITY MAGAZINE

AILIE HOULIHAN

WHAT'S HER JOURNEY: AILIE HOULIHAN Ailie Houlihan, a consultant with the Strategy and

As a trained nurse with bachelor’s degrees in nursing

Consulting Practice at CyberCX, is in a role very

and health management, Houlihan says it felt natural

different from the ones she spent years training for:

to pursue formal study to support her goal of making

nursing and healthcare management.

a career shift into cybersecurity. So she embarked on study for a master’s degree in cybersecurity and

The fact that she has a husband in cybersecurity

started researching roles in the industry. Then she

was a big factor in her making the leap. “We were

discovered CyberCX.

all at home [during COVID], two young children and day in, day out my partner would join us from his

“I remember being stopped in my tracks when I read

office beaming about the exciting things he was

the advertisement for the CyberCX Academy. ‘All

experiencing in his world as a cyber intelligence

training provided, no-experience needed, looking

analyst,” she recalls. “I remember being in the throes

for people with lived experience and soft skills to

of newborn/toddler life and thinking, ‘Look at this

complement.’ It felt like that advertisement had been

guy. He loves what he does, gets to enact change,

written for me,” she says.

and positively impact people’s lives, yet still be present with his family. I want that.’”

HER FIRST CAREER IN NURSING Houlihan grew up in a small country town and says

Houlihan started to wonder what the cybersecurity

nursing was a natural career choice. “Nobody else,

industry could look like for her and where she

including myself, considered an alternative career

might be able to use the skills she had honed as a

path. It was easy to get into, a guaranteed job at

registered nurse. “I realised that many of the skills

the other end and, by all accounts, would be a

I already possessed could be applied in this field - I

fulfilling career.”

had business management experience from my

previous studies and then all my soft skills built

She enrolled in a nursing degree course at Flinders

through nursing. This could really work!” she says.

University with her sights set on a nursing career,

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

but fate intervened. At the beginning of her final

Houlihan joined CyberCX as a member of

year she was diagnosed with a rare blood cancer.

its first Academy cohort and has been with the

The treatment left her immunocompromised and

company for a little over a year since graduating,

significantly unwell and unable to complete the

which she describes as one of her greatest

compulsory placement component of the course.

professional achievements.

“With fear of an unknown future and not wanting to

“I left a well-established career in nursing to pursue

lose the time I had already invested in study, I used

cybersecurity. There is nothing scarier than taking

what I had completed already to pivot into a Bachelor

a leap of faith of that magnitude. But I believed in

of Health Science, majoring in management,” she

myself and, given what I knew of CyberCX, I was

says. “This was my first taste of business thinking.

confident I was leaping into safe hands. Now with

I didn’t realise at the time, but this would be

a growing body of experience and learning behind

integral when I made my future decision to move

me, and a recent promotion, I know that this has

toward cyber.

been well worth any struggles.” As soon as she had completed the Academy and practice-specific

“I did well and enjoyed the business and

training, Houlihan went straight into client work.

management topics, but still felt a pull toward nursing, as it was what I had always envisioned.

“I don’t think I really felt I was working in security

Eventually, I was well enough to recommence and

until the end of my first project,” she says. “We

finish my Bachelor of Nursing, graduating with dual

received great feedback from the client and could

degrees. I then received a first-round offer at my

see the substantial impact our work would have for

hospital of choice for their graduate nurse program.”

them. This was such a rewarding experience.”

Houlihan successfully completed her graduate nursing year and found her way into the world of

APPLYING NURSING SKILLS IN CYBERSECURITY

anaesthetic nursing where she “trained and perfected

Houlihan also discovered that her years of

the craft of being an intermediary between patients

experience in nursing were valuable in her new role.

and the intimidating world of surgery.” She spent

“The key skills I have been able to leverage are my

most of her time in emergency operating theatres,

attention to detail, being able to prioritise and take

“working in the ultimate, fast paced, think on your

ownership of tasks, and my communication skills,”

feet environment.”

she says. “Nursing is highly technical and time critical, and requires the ability to concentrate, track

LOOKING FOR A CAREER CHANGE

evolving situations and make split-second decisions.

She then took a break from nursing with the birth of

Bringing those skills and applying them to a new

her first child, and developed a different outlook. “I

technical realm has been a core strength of mine.”

was already starting to think what else may be out there for me, but eventually returned to nursing. This

She says also that her people skills have proved

time, with the additional juggle of having a little one

valuable in her new role: “There is such an

and my priorities being elsewhere, I could feel my

unacknowledged ‘people’ aspect to cyber. Those

heart wasn’t in it anymore.

who secure our communities, protect data, systems, livelihoods and people ultimately need to care for

“I wanted to explore something else. I hoped to find

people. While cybersecurity may seem exclusively

something that provided a better work-life balance,

technical, its basis is human.”

where I could still feel that sense of fulfillment and that gave me the opportunity to help people and

At CyberCX, Houlihan works with team members

my community.”

from across the organisation to understand clients’

I S S U E 17

WOMEN IN SECURITY MAGAZINE

cybersecurity risks, define their current and target

FUTURE PLANS

state maturity and identify uplift opportunities. “We

“I’d like to work toward gaining experience with

consider strategic approaches to threat landscapes,

incident response and use my breadth of experience

maturity frameworks, best practice, and risk to

from a strategic point of view. There are no limits

provide contextual, targeted and prioritised outcomes

to the ways in which threat actors are targeting

for our clients.”

organisations, and that landscape is ever changing. I think being ahead of trends and understanding the

Outside of CyberCX, Houlihan is a member of

response mechanisms is vital for all fields of cyber.

multiple industry associations including the

Ultimately there is always more that can be done to

Australian Women in Security Network (AWSN), the

secure systems and protect people, which is what I

Australian Information Security Association (AISA),

will be striving to do.

and the Information Systems and Audit and Control Association (ISACA). “I engage most with the AWSN

“I can honestly say I have no regrets about the

which has been an amazing resource both as a

decision to pursue cybersecurity. There are of course

student and an early career member,” she says.

moments of high pressure, and crunch times when

“Being able to connect with others in the industry

you wonder if there will be enough hours in the day

while learning and being supported by likeminded

to get a project delivered. But nothing outweighs the

individuals has been a powerful tool.”

genuine interest, positive outcomes and fulfilment I have for the work I’m doing. Every day I still wake up

Now well established in the world of cybersecurity

grateful for the opportunities applying for this role

Houlihan says she plans to continue to grow and

and pursuing cyber security, has brought me.”

develop her technical knowledge and work to leverage her experience in managing critical, high www.linkedin.com/in/ailie-houlihan-97655a56

intensity situations.

2023

W O M E N I N S E C U R I T Y M A G A Z I N E

Thank you to our judges N O V E M B E R • D E C E M B E R 2023

Our Services Nurture Programs

Event Management

Magazines

Speaker Acquisition

Digital Marketing

Website Creation

Data Admin Services

Lead Generation

Programmatic

Podcasts

No job is too big or too small. Get connected and take control of your business success today!

REACH OUT TODAY

charlie@source2create.com.au

aby@source2create.com.au

NEW ZEALAND WOMEN IN SECURITY AWARDS 2023

Who will win

WOMENINSECURITYAWARDS.CO.NZ/2023

SPONSORS

CyberCX

WISAWARDS | #2023WISAWARDS | #2023WISAWARDS | #2023WISAWARDS | #2023WISA

3-FINALISTS

PARTNER

CRAIG FORD Cyber Enthusiast, Ethical Hacker, Author of A hacker I am vol1 & vol2, Male Champion of Change, Special Recognition award winner at 2021 Australian Women in Security Awards

C O L U M N

Why you will fail if you stand alone Cybersecurity is an interesting and challenging

We want to be lone wolves, protecting our

industry. It is one that many of us love being part of

businesses. We don’t need anyone’s help. We don’t

for many reasons, including its vibrant and engaging

share anything with anyone and certainly don’t need

community. We really do have some amazing minds

anyone telling us we are not doing something the

in this industry.

right way.

I have been part of the ICT and cyber worlds for more

Siloed cybersecurity needs to be a thing of the

than 20 years which, I guess you could say, makes

past. We can no longer sit behind a firewall with

me one of the old guard. Twenty years teaches you a

the old castle and moat setup. My network and my

few things: it gets you to sit back and watch what is

users probably cross over into your network and

happening around you.

your systems. Everything is becoming increasingly connected. We do not control the edges of our

It helps you learn from your mistakes and missteps. It

network. There are no edges.

teaches you not to take everything personally and to see things as a lesson. Okay, it also teaches you not

With the continuous blurring of the barriers between

to put up with people’s crap, to sometimes get straight

our digital lives and the real world, we cannot do

to the point and be dammed with the consequences.

security the way we used to. It just does not work, not

However, getting older does not mean everything we

only because there is no boundary, but because, as

do, we do better.

individuals and as businesses, we can no longer fight the constant battle for control and protection.

Many of you who know me would know I am a thinker. I sit back, watch, listen and absorb my

We need to come together and stand as one. We

surroundings. I am generally a quiet guy. Over the

need to be an army working together to help keep

years I have pushed myself to go beyond my comfort

all of us safe. I know this is easier said than done,

zone, and when I try, I am really great at talking or

but consider the alternative. If we keep doing what

communicating with the outside world. We all need

we have always done, we will keep seeing ever more

to push ourselves to do more and be better than we

breaches. More of our data will be spread across the

were yesterday, otherwise, we will become stagnant

dark web, and we will lose any sense of control.

and fade into the background. If, and I mean if, we can come together, we can

I have gone a little off track, but I will get to my

share the things that work. We can share resources

point in a minute. During the time I have been in the

and help push back the malicious hordes seeking

industry, I have noticed something, a common thread

to encrypt and exfiltrate our confidential data and

that many of you will have also noticed. Even though

ransom us all. Just think of us, collectively, as a

we have a vibrant community, an industry with so

Roman legion (I read an article from Simon Carabetta

many amazing minds to debate and challenge, many

in an earlier edition—In cybersecurity, it’s bellum

of us still want to go it alone.

romanum, or nothing issue No 12. Go back and find

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

dotm.com.au/ Join Today for FREE

it. It’s a good read). As individuals we may be good

To NETWORK with other like-minded people

fighters, we may be the best, but if we all lock shields with those next to us, we are stronger. If 1000 of us do that we create a wall that is almost impenetrable. This is what we need to think of as an industry: one in which we do not stand alone, we stand together as one. Together we are so much stronger. Together we can hold our ground and win the fight to protect our loved ones from the malicious hordes. So, what should you take away from this piece? It’s simple, don’t fight alone. Cybersecurity is a team sport. www.linkedin.com/in/craig-ford-cybersecurity

www.amazon.com/Craig-Ford/e/B07XNMMV8R

www.facebook.com/AHackerIam

To MEET prospective candidates for graduate programs To MEET prospective employers of graduate programs The club is for security professionals (present, future and past)

twitter.com/CraigFord_Cyber

I S S U E 17

WOMEN IN SECURITY MAGAZINE

KAREN STEPHENS Karen Stephens is the co-founder and CEO of BCyber. After more than 25 years in financial services, Karen moved into SME cybersecurity risk management. She works with SMEs to protect and grow their businesses by demystifying the technical aspects of cybersecurity and helping them to identify and address cybersecurity and governance risk gaps. She was recently named inaugural Female Cyber Leader of the Year at the 2023 CyberSecurity Connect Awards in Canberra.

C O L U M N

Strength is greater in numbers ONWARD AND UPWARD They say there is safety in numbers. In more than 25 years in financial services, I never had that luxury. I can count the number of my female corporate leader clients on one hand. The occasions on which I was the only female in the room were far too numerous to count. But “The Times They Are a-Changin.” Last week I was a member of a cybersecurity panel at the AIMA 2023 Australia Annual Forum. In itself, this might not be

bookstore would have any client data of interest.

newsworthy. What was newsworthy was that it was

“Hello Dymocks! Good to see you!”

AIMA’s first ever all-female panel on any topic. The focus of our panel session was cybersecurity. It was

I’m too old. If you want to change industries and jump

one of the most supportive and productive panels

into cybersecurity, you need to just give it a go. Will

I have had the honour of working on or with. The

it be hard? Yes. Will it be rewarding and challenging?

session included a discussion around myth busting

Also yes. As I have said many times to anyone who

in the cyber sphere, and I would like to continue

would listen: your real world experience combined

exploring this theme. I want to bust the myths

with proactive learning (including micro courses)

stopping females from joining what they perceive to

supported by networking will go a long way to help

be a ‘non-female’ cybersecurity industry.

you get a toehold in the industry.

Cyber only needs technical people. No! Just NO!

Lend a (proactive) hand. We cannot leave all the

What cybersecurity desperately needs are those who

heavy lifting to those wanting or trying to enter the

can translate the technical into practical applications

cybersecurity industry. Those of us who are already

in a way that SMEs can understand and afford.

there need to reach out to the newbies. If you see someone at a conference, tabletop or meeting you

Cybersecurity is a ‘boys club’. Nope! Personally,

have not previously met, reach out with a friendly

I have found this NOT to be the case. I have

smile. It might just help someone take their first small

encountered females at all levels, and all have been

step to helping us achieve the change we want.

very helpful when asked. Cybersecurity does not affect me. Sorry, I have some bad news for you. If the recent spate of cyber breaches has taught us anything it is that no one is immune and cyber is everyone’s responsibility. After all, who would have thought customers of a

W O M E N I N S E C U R I T Y M A G A Z I N E

www.linkedin.com/in/karen-stephens-bcyber

www.bcyber.com.au

twitter.com/bcyber2

karen@bcyber.com.au

youtube.bcyber.com.au/2mux

N O V E M B E R • D E C E M B E R 2023

INDUSTRY PERSPECTIVES

JALPA B

A SIMPLE WAY TO SOLVE CYBERSECURITY SKILLS SHORTAGE by Jalpa B, Cybersecurity Professional

STATE OF GLOBAL CYBERSECURITY SKILLSSHORTAGE

I want to take you back to 2014, when I was working

In its 2022 Cybersecurity Workforce Study (ISC)2

in network engineering. One day an email was sent

found 3.4 million more skilled cybersecurity

telling everyone to attend the office the following

professionals needed globally. This skills gap has

day. I was quite naïve and had no idea what was to

more than doubled since 2019.

come: all the roles in my immediate team of 22 were

MY STORY

made redundant. According to ISACA’s State of Cybersecurity 2022 report, it takes on average three to six months to fill

The helper in me wanted to support everyone around

a cybersecurity role. This has implications for the

me at this terrible time. I did just that. I sat with my

cyber industry. I’ve gathered statistics around the

team members listening to how they were feeling,

cybersecurity skills shortage and created the image

listening to their worries about an uncertain future,

below to provide some context to the seriousness of

having to feed family, etc. I consoled as many as I

this issue.

could, acknowledged it was a tough time, said we would get through it and that something better was

I’m passionate about the cybersecurity skills shortage

waiting for us all. Our workplace supported us by

because I experienced changing my career path. I

offering outplacement services, counselling and

transitioned to cybersecurity at a time when I had

resumé writing advice, and opportunities to apply for

no access to guidance such as from a coach or

open roles in other teams, etc.

mentor. I was not even aware of such roles. I’ve

moved into cyber and senior technical security roles

It was a long day, and when I reached home my

that required my transferrable skills and a change of

emotions took a U turn: I discovered I was going to

mindset. I believe this mindset change to be the key

be a mother. I was pregnant! My joy knew no bounds:

to addressing the skills shortage.

I had been waiting for this day for at least two years.

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

I N D U S T R Y

P E R S P E C T I V E S

The next day, as I was getting ready for work, reality

etc. Sometimes we are not aware of these skills.

hit hard. I took my career seriously and was planning

At other times we discount our skills and fail to value

my life around it. I planned to be in a stable role

them at their worth. I encourage everyone to look

before having children so I could take a few months

beyond the words we place on our CVs to describe

maternity leave. Now, having lost my full-time role, I

our skills. Look beneath the surface and ask what

wanted to stay in the same company but there were

differentiates you, what you learnt from your last

no roles in network engineering on offer. My only

experience, and how some of those learnings and

option was to go for something different, or take a

skills can be put to use in a cybersecurity role.

short-term contract.

ROLE OF A MENTOR That was when I completed CCNA certification. In

Speaking to many of my mentees, I have learnt it can

doing so I also learnt about the fundamentals of

be quite challenging for cybersecurity aspirants to get

firewalls and the high-level network architecture

a foot in the door. They say finding a new role takes

needed to secure an organisation. There was an entry

a long time. Many experience their previous careers

level role in security engineering at my workplace.

being viewed negatively.

During the hiring process I was able to demonstrate my understanding of basic security fundamentals

Last year, I clearly remember three people reaching

and my transferable skills such as problem solving,

out to me to seek guidance on landing a role in

teamwork, communication and empathy. I got the

cybersecurity. I spent some time talking to each

role. So, from being told I would be made redundant,

them to understand where they were in their journeys

within two months I started work in a new role as a

and how could I assist. They had done Cert 4 in

level one security engineer. It has been a rewarding

cybersecurity, were coming from an unrelated work

career and I have not thought of changing.

background and were passionate about making a difference.

I believe all of us have some inherent skills and pick up other soft skills while going through life, for

When I asked them questions about their previous

example, when studying, working part time while

roles, I could see some of their skills were transferable

studying, being a vacationer or intern, on secondment,

and could add value to an organisation. When I

I S S U E 17

WOMEN IN SECURITY MAGAZINE

asked if they talked about their previous careers in

I suggest reflecting on the skills gained from previous

their interviews, all said they did not feel confident

roles and seeing what value they might add to a

doing so.

cybersecurity role. If unsure, ask someone who works in cybersecurity. Instead of saying you have

I saw a clear gap. Their previous careers represented

no experience in cybersecurity, you can focus on

an elephant in the room: no one wanted to

the transferable skills and tasks/duties you have

acknowledge their existence. Also, the hiring

performed which align with the soft skills required

managers placed much emphasis on certifications

for the role. Shine through the interview process.

and experiences related to cybersecurity. When

Talk about what makes you unique: what makes you,

candidates spoke about their previous roles, these

You! There is no need to invent or pretend. Prepare in

were seen as negatives because they did not reflect

advance and present the best version of yourself.

the cyber skills required for the job. Cybersecurity skills have always been in demand, Skills can be taught, attitudes not so much. My role as

and there are never sufficient skilled people available

a mentor became clear: to point out how my mentees’

to fill the required roles. As a result, it takes a long

soft skills could be used in various cybersecurity

time to fill these roles. According to the State of

roles to make a difference. They reported this advice

Cybersecurity 2022 report from ISACA, three to six

giving them more confidence in their skills because it

months on average.

enabled them to see how these skills could be useful in cybersecurity.

The skills shortage poses a risk to economies and people. To minimise this risk and fill more

When we start talking about our transferable soft

cybersecurity roles those of us who are already

skills the elephant in the room disappears. We

working in cybersecurity and in positions where

start seeing ourselves as unicorns, superheroes or

we are able to help others can help reduce the

anything we want to be.

cybersecurity skills shortage.

Here are some tips for those looking to upskill for the

Cybersecurity professionals can act as mentors to

IT security roles that will be most in demand in 2024.

help those seeking to break into cybersecurity. Often, I have heard from mentees that they are unaware of

• Networking. Network with people in various cyber

the depth and breadth of roles in cyber. This is where

roles to find out what their day at work looks like,

mentors can help with information on possible roles

which certifications or degrees were useful for

and what value particular transferable skills can add.

them to get their role, and to identify the soft skills which help them in their job. • Upskilling. This can be done in several ways depending on each individual’s preferred learning

There are several ways companies can work towards filling these vacancies on time and with expert professionals. Here are three tips.

method and time and/or budget available. It can include the online microlearning modules available

Again, these are simple steps but sometimes we

on various platforms, short course at TAFE, a

just need a reminder or a little nudge so we do not

full-fledged cybersecurity degree at a university,

overlook the basics.

and more. • Volunteering. This is an effective and fulfilling way

• Prioritise skill requirements when writing job

to meet professionals in the industry, connect with

descriptions. Organisations should take a long

them and add value to the cyber community. It

hard look at the skills required for a job to identify

requires time and a willingness to help.

skills that can be acquired through in-house

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

I N D U S T R Y

P E R S P E C T I V E S

LEVERAGE TRANSFERABLE SKILLS TO ADVANCE CAREERS IN CYBERSECURITY. Current cybersecurity professionals wanting to advance their careers can use transferable skills to their advantage. I worked in security operations for seven years from 2014 to 2021. During the COVID pandemic I had some free time and I ended up identifying my long term career goals. I saw myself working in senior roles. So I wanted to get more varied experience in the different domains of cybersecurity. I realised I had transferrable skills that could help me gain such roles. I completed a couple of short courses in governance risk and compliance (GRC) and cybersecurity leadership. I applied for a job in security GRC, gained a role within a year and leveraged knowledge gained in previous roles and short-term courses in my new role.

DRAW ATTENTION BACK TO THE PROBLEM STATEMENT. We cannot ignore the cyber skills shortage. It is getting worse. I want to urge you all to approach it training, skills used in existing roles, and to write

with an open mind, with an intent to help change

better targeted job descriptions.

the status quo and create a more secure future for

• Look for candidates beyond IT. Employers should

everybody. Look beneath the surface of an applicant.

question if the role requires an IT degree. In some

It is like digging for gold. When a gold nugget is found

cases, it might be possible to hire a high potential

it looks rough, more like a rock. The dust must be

candidate with a solid academic track record

brushed off to reveal the shining gold beneath.

(even if in a different field), and then teach them on the job. Pay attention to the whole person not

I have moved into cybersecurity and into senior roles

just to certificates and skills listed in resumés.

by relying on my transferrable skills. I believe my

• Make it easier for workers to enter the

transition represents a key change in mindset needed

cybersecurity talent pipeline. Organisations can

to address the skills shortage. People looking to break

partner with government agencies and academia

into cyber and those looking to hire people need to

to remove unnecessary barriers that workers face

be more aware of transferrable skills in the hiring

when entering cybersecurity.

process and in career progression.

As individuals, cybersecurity professionals

www.linkedin.com/in/bhavsarjalpa

are enthusiastic about what they do, and their organisations need to recognise this and support them with the tools they need to succeed and to

‘Passport to a cybersecurity career’ Podcast

chart a path forward for the entire profession. Corporate culture can have a significant impact on an employee’s experience and happiness, which in turn affects the efficacy of their work.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

JO STEWART-RATTRAY

LIFE AND CAREER CAN THRIVE TOGETHER PRACTICAL STEPS TO SUPPORT WOMEN’S RETURN TO THE WORKFORCE by Jo Stewart-Rattray, Oceania Ambassador, ISACA

The field of cybersecurity in Australia is increasingly

And according to ISACA’s SheLeadsTech program:

receiving the attention it warrants. Most recently, the Federal Government’s announcement that it will frame a revised cybersecurity strategy around six ‘cyber shields’ to create a multi-layered defence against attacks was a positive step towards building a more

• Diversity efforts could net the global IT industry an additional $400 billion in revenue each year. • Only 22 percent of IT leadership roles are occupied by women.

protected nation.

• Only 13 percent of tech chief executive roles are

As development of our industry sector escalates, it

• When at least 30 percent of an organisation’s

filled by women.

provides fertile ground for continuing to address a key

executives are women, it can achieve a 15 percent

area that requires attention: gender diversity.

gain in profitability.

At the recent United Nations’ 67th session of the

There is no doubt the cybersecurity industry sector

Commission on the Status of Women, Secretary

has made progress to increase gender diversity. We

General Antonio Guterres said our granddaughters’

are having essential conversations about gender

granddaughters’ granddaughters, granddaughters

diversity and many organisations have prioritised

would be the recipients of the work we are doing now

DE&I policies to support women, in all their diversity,

to improve representation and involvement of women

during their cybersecurity careers. These activities

in the technology fields. That’s approximately 200-300

must continue, but I want to focus on some

years before true gender parity will be a given.

immediate and practical steps we, as an industry

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

I N D U S T R Y

P E R S P E C T I V E S

sector, can take to ensure we attract skilled women

leave. For example, SheLeadsTech provides

back to the cyber workforce, post maternity leave.

comprehensive resources, services, online events and learning to help accelerate careers and provide

1. STAYING CONNECTED

development pathways for women.

The cybersecurity sector is growing rapidly, with new regulations and technical capabilities emerging

A major feature of the program is mentorship, a

frequently. A major challenge for many skilled

potentially valuable engagement during a career

women during maternity leave is staying abreast of

hiatus. Mentoring keeps women connected with

information integral to their continued growth and

other experienced professionals who can provide

professional development.

encouragement, advice and guidance.

I have met many female security professionals who

By actively supporting the individual needs of women

would appreciate the option of a maternity leave

on maternity leave, professional associations can play

program that allowed them to stay connected. This

an important role in contributing to women’s growth

could take the form of quarterly catch-ups, virtually or

and their retention by the sector.

in the office, enabling them to remain associated with peers, along with quarterly online or in-person training providing technical and industry updates.

3. PROMOTE WOMEN BEFORE MATERNITY LEAVE Not every woman in security aspires to lead teams

Not only would these initiatives enable women to stay

or seeks to become an elite professional. Many want

connected and help them make a smooth transition

to focus on developing existing skills and may even

back into their cybersecurity careers, they would also

consider sideways moves. Whatever their aspiration,

demonstrate a company’s commitment to women’s

if there is a promotion opportunity or a new role

growth and boost women’s motivation and loyalty.

available, making this happen before she begins maternity leave has significant advantages.

2. LEAN ON PROFESSIONAL ASSOCIATIONS Technology professionals’ associations can play a

This approach increases a woman’s sense of job

pivotal role in supporting women during maternity

security and may reduce anxiety during maternity

I S S U E 17

WOMEN IN SECURITY MAGAZINE

leave. It ensures women are recognised and rewarded

Each time a woman in cybersecurity is successfully

for their contributions, which boosts job satisfaction

fulfilling her career and life goals, whether they

and confidence. And it helps reduce turnover: a

want to gain technical expertise or achieve work-life

woman returning from maternity leave into a higher

balance, it inspires other women to do the same. The

position or a role she has aspired to is more likely to

power of role models to motivate and support cannot

stay with a company long-term.

be underestimated.

4. CHILD-FRIENDLY FACILITIES

Standing alongside and aligning with women through

Women who have opted to take maternity leave

a momentous phase of their lives ensures they

should feel welcome and included at industry

are supported, and fosters their loyalty. The long-

conferences and events during this period, should

term benefits for the cybersecurity industry are

they choose to attend. Enabling a creche facility or

immense and may positively impact the industry’s

feeding room at these events promotes inclusivity

overall performance.

and supports gender equality. I recently attended a conference where a nursing mother had to express milk in the toilet. Facilities such as a dedicated

ABOUT THE AUTHOR

nursing space not only promote inclusivity but

Jo Stewart-Rattray has over 25 years’ experience

enable women to attend important events and foster

in security. She consults in risk and technology

professional development.

issues with a particular emphasis on governance and IT security in businesses as a director of

Ultimately, support for women’s career goals

BRM Advisory. She regularly provides strategic

hinges on understanding each individual’s career

advice and consulting to the banking and finance,

trajectory and helping them advance it even during

utilities, healthcare, manufacturing, tertiary

maternity leave.

education, retail and government sectors.

www.linkedin.com/in/jo-stewart-rattray-4991a12

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

YOU E R A

INTEREST

E D?

Global Contributors

WANTED OUR NEXT ISSUE'S THEME:

Issue 18: The future of Women in Security

WAYS YOU CAN CONTRIBUTE: Contribute to one of our

editorial sections

What's Her Journey Career Perspectives Industry Perspectives Technology Perspectives Student in Security Spotlight

Run a listing for

any of the following

Submission Have a book? Deadline: Have a podcast? Nov 14th Have a blog? Have free training and learning opportunities available?

REACH OUT TO JANE@SOURCE2CREATE.COM.AU TODAY

www.womeninsecuritymagazine.com

FATEMAH BEYDOUN

DO WE NEED TO MODERNISE OUR APPROACH TO DIVERSE LEADERSHIP? by Fatemah Beydoun, CCO and Cofounder, Secure Code Warrior

The tech industry has endured more than a few

career pathways are perhaps viewed as out of reach

challenges over the past couple of years, with

due to unconscious bias or lack of support and

everything from post-pandemic economic headwinds

opportunities for growth. This outlook is changing,

to remote working and cultural shifts that are rapidly

and it is refreshing to see high-profile women like

changing the landscape. Despite this period of

Jen Easterly. Director of the US Cybersecurity and

constant re-evaluation, many companies continue to

Infrastructure Security Agency (CISA) in top positions

pay heed to somewhat dated ideas around diversity in

of influence in the global cybersecurity community.

the workplace. However, in the average enterprise it can still be The desire to attract more women into technical

difficult for women to achieve cut-through among

and leadership positions in the cybersecurity

their more visible male peers. The 2021 Census

industry has been a hot-button issue since I began

found the global situation is not much better, with

my career. While there have been many positive

approximately 24 percent of cybersecurity roles filled

developments, I remain curious about how we can

by women.

modernise our approach to creating a fairer and more equitable industry.

There are several factors keeping female representation low. These include interest in STEM-

MAKE SURE CAREER PATHWAYS ARE NOT ROADS TO NOWHERE

related roles likely not being as strong for women as

I am a firm believer in the notion that you “cannot

women and girls to participate in cybersecurity? If

be what you cannot see.” For many women in

environments are hostile, lack inclusivity and role

cybersecurity there has been a distinct lack of women

models, or fail to assign women to meaningful roles, it

visible in leadership roles, and some aspirational

is little wonder they remain a minority.

W O M E N I N S E C U R I T Y M A G A Z I N E

for men. That aside, what is being done to encourage

N O V E M B E R • D E C E M B E R 2023

I N D U S T R Y

P E R S P E C T I V E S

Every person should have viable options for growth,

My feelings on this are two-pronged. First, we should

and the diversity of thought, skills and perspectives

not be overlooking soft skills or their development

an inclusive leadership team brings to the table

in-house; they should be honed, promoted and

cannot be overstated.

valued across the board, and are key attributes of anyone looking to grow their leadership prowess.

QUOTAS (CAN BE) A RELIC OF THE LESS INCLUSIVE PAST

Secondly, such tasks should not be assigned to a

The kneejerk response to low diversity in leadership

job description.

woman by default, especially if they are not in her

or technical roles in this industry is typically to set a quota. While quotas have been instrumental in

In addition to technical roles for women, we must

creating positive change and correcting deeply

promote the value of less technical roles, which tend

ingrained gender imbalances, especially in tech, they

to be the entry point into the cybersecurity workforce

can be somewhat divisive if not used in the spirit of

for many women: their contributions are vital to

which they were once intended.

creating and executing optimal security programs.

Nobody likes to feel tokenised, or that they were

WE CAN ONLY MOVE FORWARD TOGETHER

elevated to a position for reasons not based solely

Like most things in life, mutual respect and

on merit. I can honestly say I have never worked in

empathetic collaboration can move mountains. To

an organisation where a formal quota was needed;

that end the support of men, especially those already

there have always been ideal female candidates who

in positions of influence and power, is vital to elevate

merited elevation to available higher level roles.

the role of women. Such men can coach, stand up in the face of gender-based inequality or injustice, and

Studies continue to prove a positive link between

advocate for those who struggle to be heard.

diversity and financial performance with one McKinsey report stating: “Diverse companies are

There are many changes on the horizon. To weather

33 percent more likely to have greater financial

them successfully, an inclusive approach to

returns than their less-diverse industry peers.” In

cybersecurity leadership initiatives is essential.

my experience, organisations that consistently elevate their diverse and female talent and create opportunities for star players who may not be typical

www.linkedin.com/in/fatemah-beydoun-b6555bb1

candidates for higher level roles achieve leadership diversity goals independent of any formal quota.

STOP TREATING SOFT SKILLS AS SECOND‑CLASS CITIZENS I am sure most women in the tech industry have a story to share of being nominated for ‘soft skill work’, almost by default. I have been the only woman working with a team of pentesters and, inevitably, whenever it came time to write up documentation, communicate with stakeholders or give a presentation, those tasks would end up on my desk.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

ASMITA GOVIND

ALL THINGS MENTORS — ADVANTAGES, WHAT TO LOOK FOR AND WHY by Asmita Govind, Consultant at Will You Hack IT The other day a colleague and I were chatting after

Beyond their evident skills, it’s their journey and the

work. There may or may not have been some drinks.

lessons they have learnt along the way that stand out.

We ended up talking about mentors. It got me

They have been through the mill, acquired invaluable

thinking, and I figured I would share my thoughts

insights and know the ropes of their domain. What is

on mentoring.

crucial is that a mentor is someone with whom you can openly discuss things like:

Mentors are like secret weapons when you’re trying to build your career. A mentor can be your manager,

• The stuff you need help with

a leader at your workplace, or even someone from

• Your big dreams

your family. But what they bring to your career

• Things you enjoy (and things you don’t)

development can be invaluable.

• The hurdles you’re facing

I’ve had a bunch of mentors over time. Some were

Most importantly, they keep you focused on the big

official ones from school or work programs. Others

picture while you tackle your daily grind.

were unofficial, such as super-smart colleagues who gave me killer advice whenever I needed it.

Your manager may not be your best mentor. It’s essential to be able to discuss these topics openly,

I once met someone who was a potential mentor

and not everyone is able to do so with their manager.

candidate, and I asked him to be my mentor for a time. That turned out to be one of the best decisions

Imagine having a CEO for your career journey. They

I ever made. (You know who you are, and I miss

help you plan, keep you on track, give you a push

our chats!)

when you need it and make sure you learn the right stuff to get where you want to be. (Mine have also

To me, a mentor acts as a trusted career navigator.

W O M E N I N S E C U R I T Y M A G A Z I N E

called me out when I have been lazy!)

N O V E M B E R • D E C E M B E R 2023

I N D U S T R Y

P E R S P E C T I V E S

HERE ARE FIVE THINGS I’VE LEARNED TO LOOK FOR: 1. Matches with your goals Peeking at a mentor’s resumé and job title can give you some good info. If you’re gunning to be a head surgeon at a top-notch hospital having a mentor who’s been there and done that is like striking gold. They’ve got the inside scoop on how to win. Just a heads-up, though: it’s best to steer clear of mentors who are competing directly with you. Open chats might take a backseat when rivalry is in the picture. 2. The right connections A fantastic mentor is not only a knowledge bank,

In a world where folks juggle a bunch of careers, the

they’re also a networking champion. Their contacts

idea is to get a different perspective to help you grow.

can be a treasure trove when they do not have all the

Their perspective, their style and how they do their

answers. Super mentors can even introduce you to

thing all count. A mentor is a quiet tutor who helps

folks who can accelerate your career journey.

you shape your path.

3. Skills that go everywhere

HOW TO ASK SOMEONE TO BE YOUR MENTOR

It is said the average person has at least five main

If there is someone you admire or would like to have

careers, and with careers needing to change and

as a potential mentor, all I can say is: just ask them.

adapt these days, acquiring skills that can be

Most people would be flattered, and genuinely open

deployed in multiple jobs is the name of the game.

to it if they were in a position to help. If they are not,

Look for mentors whose values, style, work ethic and

they will let you know, and possibly recommend

problem-solving mojo match yours. This way, you’ll be

someone else.

set to twist and turn with the ever-changing job scene. And, if they are rude about it, they are not the right fit 4. Problem-solving skills

for you anyway. The worst thing someone will say is

Acing problem-solving is a must. Learn how mentors

‘no’ which is really not that bad. So take a leap and

crack problems, handle hair-pulling situations and

just go for it.

shine like stars in their fields. These skills are the secret weapon you need to own your future.

Whether you’re chatting over coffee, going digital with a hangout, or in any spot where ideas are flowing,

5. Genuine passion

remember, mentors are like the behind-the-scenes

Last but not least, why a mentor has chosen to take

wizards of your career. They’re the ones who can give

you under their wing matters. Some people just love

you the power to get to your goals faster. The more

dishing out what they know and helping others shine.

you meet and share, the more you will both gain from

It’s their way of giving back. But just be mindful:

the process.

in some fields you have to keep an eye out for ulterior motives. Make sure their ‘why’ lines up with your goals.

I S S U E 17

www.linkedin.com/in/asmitagovind

WOMEN IN SECURITY MAGAZINE

SANDI LARSEN

WHY COMPANIES SHOULD MAKE IT EASIER FOR WOMEN TO RETURN TO THE CYBER WORKFORCE AFTER A CAREER BREAK by Sandi Larsen, Vice President, Global Security Solutions at Dynatrace

The sector badly needs more bodies, and supporting

devoting a larger proportion of their high-tech budgets

women to return after taking time off will help boost

to technologies and services that can strengthen their

numbers and diversity. If there is an industry likely

defences.

to experience stronger sustained demand than cybersecurity over the next few years, I would like to

DESPERATELY SEEKING SECURITY STAFF

know what it is.

Consequently, experienced security resources remain scarce. By 2026 the number of unfilled positions in

Since the onset of the COVID crisis there has been a

Australia is expected to reach 30,000, according to

sea change in the way businesses and organisations

research from CyberCX.* Attracting, developing and

think about the practices, processes and programs

retaining more skilled people has become an urgent

that protect their systems, data and intellectual

imperative: for vendors, service providers and end

property from hackers and cyber-criminals.

user organisations alike.

Cybersecurity is now viewed as a critical business

Universities and training colleges are working hard

investment. Organisations are spending accordingly,

to meet demand by funnelling more young people

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

I N D U S T R Y

P E R S P E C T I V E S

into the sector, but, as demand continues to rise, it’s

system which pairs returning staff with longstanding

a perpetual game of catch-up. And it’s a game that

employees who can help them get up to speed on

businesses and the country cannot afford to lose,

what they have missed.

given the existential threat cyber-crime now poses to operations, productivity and profitability.

Having a ‘go-to person’ to lean on helped alleviate some of my anxiety about how overwhelmed I would

WELCOMING WOMEN BACK IN

be when I started back after taking a year’s personal

One straightforward way we can collectively grow

leave from my previous company. But I believe there

the talent pool, and boost diversity at the middle and

is still much more we can do as an industry to help

upper levels of management in the process, is by

highly skilled cyber women return to the game.

making it easier for women to return to the workforce after a career break.

I would love to see companies invest in formalised, proactive programs that deliver tailored support to

Taking extended time out for family and caring

those returning from an extended break, and for these

responsibilities is part of the work-life journey for

to become the norm across the cyber sector.

tens of thousands of Australian women each year. Getting re-established in the workplace and their

For women working at the pointy end, that support

careers is a challenge for many, and the cybersecurity

could be immersive training to familiarise them with

sector can be more challenging than most. Tools

the latest technological developments. Others may

and technologies continue to evolve ever more

need to be updated on developments within their

rapidly. A year or two away from the office can see an

company, including any restructuring or business

individual’s skills and knowledge become out of date.

expansion initiatives that may impact their role.

NOT WAVING, DROWNING

A SMART SOLUTION

In the past, women were very often left to ‘sink or

I see enormous potential benefits for employers,

swim’ upon their return to work. This was my own

employees and the cyber sector as a whole in

experience when re-entering the ICT workforce in the

adopting such initiatives. Companies would get

early noughties following the birth of my children.

the chance to reconnect with proven contributors:

Back then, companies gave little consideration to

employees who understand their culture and goals

easing the passage for women returning to the

and know how to navigate the system. Women would

workforce. Rather, it was tacitly assumed returning

gain a smoother, better defined pathway back to the

females would have sufficient motivation, hustle and

workforce. And the industry as a whole would benefit

stamina to handle whatever was thrown their way.

from simultaneous reductions in the skills shortage and the gender imbalance.

We certainly did our best. I well remember sitting down at my desk that first day back to start catching

That is my idea of a win-win-win, and something

up on what I had missed, but it was far from easy.

those of us who are serious about creating a stronger,

Little surprise that many women find it too daunting

more diverse cyber sector should continue to

and opt to pursue alternative pathways.

advocate for at every opportunity.

MAKING THINGS BETTER

* Cyber CX - Upskilling and Expanding the Australian

I am gratified to observe that things have improved

Cyber Security Workforce

somewhat since then. At Dynatrace, for example, we ensure women are not penalised financially by their decision to take time out, and we have a buddy

I S S U E 17

www.linkedin.com/in/sandi-larsen-06563b1

WOMEN IN SECURITY MAGAZINE

JAY HIRA

BABY NAGAYO

KAVIKA SINGHAL

NEED FOR SIMPLIFICATION OF DATA BREACH REPORTING REQUIREMENTS by Jay Hira, Founder and Executive Director at MakeCyberSimple Baby Nagayo, Assistant Director at EY Kavika Singhal, Cyber Security Consultant at EY

Startling figures from ISACA’s 2023 State of

cybersecurity frontline dealing with retention

Cybersecurity report reveal a concerning trend

challenges and skills gaps.

in Oceania with 78 percent of organisations under-reporting cyberattacks, surpassing the

THE REGULATORY MAZE

global average of 62 percent. Moreover, the latest

Underpinning the under-reporting problem is the

Notifiable Data Breaches report from the Office of

intricate web of data breach reporting requirements.

the Australian Information Commissioner (OAIC)

The primary framework, the Notifiable Data Breaches

indicates a worrisome 16 percent reduction in breach

(NDB) scheme, enforced by the Privacy Act 1988

notifications, with only 409 incidents reported in the

since 22 February 2018, mandates that “all Australian

first half of 2023.

Government agencies and organisations with an annual turnover of more than $3 million” notify

The OAIC found 65 percent of cybersecurity teams

affected victims and the OAIC of potential harm

to be operating with insufficient staff. Meanwhile,

resulting from a data breach.

93 percent of organisations report facing the same

or increased number of cyberattacks compared

In addition to the NDB scheme, organisations must

to the previous year. This increase in attacks

navigate other regulatory requirements imposed by

places immense pressure on an already stretched

various industry regulators. Businesses operating

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

I N D U S T R Y

P E R S P E C T I V E S

within the eleven identified critical infrastructure sectors face additional reporting obligations with varying timelines, deadlines and multiple communication channels.

WHY REPORT? Despite the awareness of reporting obligations, many organisations feel overwhelmed by the intricate process, unsure of whom to inform, when to report and what details to provide. Understanding the ‘why’ behind reporting is crucial for instigating change.

THE PATH FORWARD: SIMPLIFICATION FOSTERING TRUST

Simplicity is paramount to resolving the current

In addition to being mandatory, reporting a data

reporting quagmire. The multitude of data breach

breach in Australia demonstrates an organisation’s

reporting regulations in Australia, while commendable

commitment to transparency and accountability, and

in their commitment to safeguarding personal

fosters trust among customers and stakeholders.

information, unintentionally contribute to under-

Effective management and reporting of incidents can

reporting. Streamlining breach reporting under a

mitigate reputational impacts, maintain customer

unified act that supersedes existing requirements

loyalty and protect the reputation of the business

would promote clarity, reduce duplication and free

long-term.

up understaffed cybersecurity teams to focus on response and recovery.

NATIONAL SECURITY Cyber incident reporting is essential for national

In conclusion, as cybersecurity experts strive to

security and contributes to the development of a

innovate and fortify digital defences, the reporting

comprehensive threat picture for the Australian

mechanisms should facilitate quick and accurate

Government, informing proactive and reactive

notifications while minimising unnecessary

cyber response options. Failure to report cyber

duplication and complexity. Such a streamlined

breaches impacts national learning and ongoing

approach would contribute to a more resilient and

prevention efforts.

secure digital landscape for Australia.

INDUSTRY COLLABORATION

REFERENCES

Breach reporting and threat intelligence sharing

• https://www.isaca.org/resources/reports/state-of-

strengthen industry collaboration. They enhance the capacity of organisations to implement breach protection strategies.

cybersecurity-2023 • https://www.oaic.gov.au/privacy/notifiable-databreaches/notifiable-data-breaches-publications/ notifiable-data-breaches-report-january-to-

MINIMISING IMPACT

june-2023

Efficient and fast reporting also reduces the potential severity of a breach on customers and affected stakeholders. Identify theft, leaking of confidential information, financial impact and emotional stress can result from a breach. If a customer receives timely, up to date reporting, the better they are able to manage the impact.

I S S U E 17

www.linkedin.com/in/jayhira

www.linkedin.com/in/baby-nagayo-09821210b

www.linkedin.com/in/kavika-singhal

WOMEN IN SECURITY MAGAZINE

SIMON CARABETTA

THE PEOPLE YOU DESERVE, AND THE PEOPLE YOU NEED by Simon Carabetta, Business Development Manager - Cyber at Digital Resources Australia Pty Ltd

The reactions I get from people when I tell them

NEGATIVE PERCEPTIONS

the career I’ve moved into are as inevitable as the

I knew I was headed in the right direction, despite the

daily rise of the sun. I’m a recruiter, a cybersecurity

fact that every day leading up to our first interview, I

recruiter, and I’m proud of that. You should be, too.

had to hear many former colleagues and people in the

Here’s a short article explaining why.

security industry talking negatively about recruiters and agencies. Even my former boss, who likened

It was just over a year ago when I started entertaining

them to real estate agents and car salespeople, failed

the thought of going into recruitment. I knew if I

to deter me from going ahead.

were going to make the move I would be recruiting specifically for cybersecurity roles. That much was

While I have had negative experiences with recruiters,

for sure. In all honesty, my previous job in project

I have used those experiences to help me be a better

management was simply not for me. As much as I

recruiter and to try and turn around the common

tried, a mix of a toxic work culture and lack of strategy

negative perceptions of recruiters. Thought leaders

from the leadership completely ruined my motivation

and role models need to rewrite the narrative in which

and any inspirations I had.

recruiters are seen as disreputable head hunters so they become heroes holding out their hands to help

When I finally approached a friend of mine who also

people get the best out of their careers and change

happened to be a recruiter, I had no idea she was

their lives for the better.

already thinking about asking me to join her team. I

will forever be grateful to her, because the move has

Since joining Digital Resources in September of this

changed my life in many positive ways, and has pulled

year, I’ve reignited my own career and been able to

my career back from the brink.

return to being my best self, thanks to the culture

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

I N D U S T R Y

P E R S P E C T I V E S

and people of the company and the support I have

had experiences with terrible real estate agents or car

received. I now want to give back and make it my

salespeople which spurred him to cast aspersions on

mission to positively change as many people’s

the profession. However, I can honestly say, I am yet

lives as I can before I retire: the lives of hiring

to meet a terrible colleague or a terrible recruiter from

managers, future colleagues of my candidates, or the

another business in this new phase in my career.

candidates themselves. Built into the core of the best recruiters is the desire

THE EDUCATION PIECE

to change people’s lives. Cybersecurity is an extremely

I’ve been in cybersecurity just over four years. In that

broad industry with diverse roles, requiring various

time I’ve continued to evolve, adapt and keep learning.

types of knowledge and skills. Transferable skills

I’ll continue to learn until I retire. What I love most

from other professions are very much welcomed,

about my new role as a recruiter is the opportunity I

and sought by many hiring managers. We are seeing

get to educate both my clients and my candidates.

a mass migration from areas such as law and law

Clients, for example, may know they need a specific

enforcement, aviation, health and the arts into

role with specific skills in cybersecurity, but are not

cybersecurity roles.

sure what exactly to look for in candidates. And candidates may have just graduated and be unsure

It is also the best time to be a recruiter in

where to go next or how to get their foot in the door,

cybersecurity because never before has there been

how to write a CV or even how to get their name out.

such a need for roles across so many verticals and in so many types of organisations, both in the public and

The education piece for me is the reason why I spend

private sectors.

an average of 30 minutes on each phone call with my candidates, and ask so many questions. Seventy

Cybersecurity is not going away anytime soon and

five percent of a call is listening to them speak, 20

the nature of cybersecurity jobs will continue to

percent is getting to know them, and the remaining

evolve with new ones being created at a rapid rate.

five percent is the trusted advice I provide.

How many organisations in Australia had full time, permanent cybersecurity awareness trainers 10

It’s the same when I speak with clients, whether they

years ago?

be existing or prospective clients. The education piece is the differentiator, and here’s the kick: it’s never

The next time you have a conversation with someone

purely transactional. My view is that we can only build

about recruiters, even if it’s about a bad experience,

business by first building relationships. It’s as simple

just know that there are many of us out here working

as that.

hard to make a difference. We love what we do, and we do it because we love helping people and

THE RECRUITER WITH A THOUSAND FACES

changing lives.

Have you ever read any Joseph Campbell? I’ve been a big fan ever since I read his seminal work The Hero With A Thousand Faces in my first year of university.

www.linkedin.com/in/simoncarabetta

The book analyses humankind and cultures from all over the world from a mythological perspective to support its premise that all humans have similar core concepts written into them. Most recruiters are the same. We all want what’s best for our stakeholders. Yes, there are some who bring ruin to our image, just as my former boss possibly

I S S U E 17

WOMEN IN SECURITY MAGAZINE

LAURA EDWARDS-LASSNER

WE’RE ALL IN THIS TOGETHER: HOW FEMALE COLLEAGUES CAN KEEP NEW MOTHERS CONNECTED TO THEIR CYBER CAREERS by Laura Edwards-Lassner, VP of Talent Management at BeyondTrust

It’s up to all of us to support our fellow cyber women

But does it really have to be so difficult? The answer

during and after maternity leave.

to that question is a hard ‘no’. There is a lot we can do to make it easier for our female colleagues to feel

Becoming a mother can be isolating, exhausting and,

connected, included and supported. And if we value

at times, overwhelming. So can the thought of having

the diversity of thought and the skills they bring to the

to return to work a few weeks, months or years hence.

table, there’s never been a better time to start doing it.

If you work in the cybersecurity industry, the anxiety may be particularly acute, given ours is an industry

IT’S GOOD TO TALK

that continues to evolve at warp speed.

At BeyondTrust, I’m beyond proud of the role I’ve played in establishing a semi-official support network

Take an extended period of time out from your job

for the new parents in our ranks. About five years

and there’s a fair chance you’ll find yourself behind

ago one of our employees was preparing to go on

the eight ball when you return, and with less energy

maternity leave and it struck me that we had few

than previously to devote to getting yourself back up

plans in place to support her during her absence. I

to speed.

volunteered to act as a resource: a point of contact with the company, a sounding board and a conduit

Throw the complexity of childcare and separation

for any questions or concerns she wanted to raise.

anxiety—mum from baby and vice versa—into the mix

I mustered a small cohort of trusted women across

and it is little wonder many newly minted parents feel

the organisation who were willing to do the same for

tempted to call time on their cyber careers.

other expectant mothers as the need arose.

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

I N D U S T R Y

P E R S P E C T I V E S

Should new mothers wish to remain connected with

I was humbled and moved recently when, shortly

the BeyondTrust workplace whilst on leave—there

before one of our staff members headed off on

is no requirement, or pressure, for them to do so—

maternity leave for the second time, she made

we keep them updated on things happening in the

a point of telling me how much she was looking

company via email, phone call and in-person chat.

forward to chatting to me while she was gone, and what a comfort it would be to remain connected with

We make plans together for their return to the office.

someone who she worked for and with.

We let them know about the support they can access, both internally and externally, and we invite them

Our retention rates for female employees attest to the

to come in and visit us with their babies prior to

benefits the company has enjoyed as a result of our

their return.

collective efforts. We currently have 18 ‘boomerangs’ on the BeyondTrust payroll: women who have left and

MAKING THE JOURNEY TOGETHER

returned, some several times.

This support does not cease once our new mothers return to their desks. We are committed to helping

As an organisation we’re the better and stronger

them reintegrate into the office environment and

for having them, and having them back. They bring

master the work/family juggling act.

diversity and fresh perspectives to our workplace, along with a sense of positivity because they feel

We provide them with a buddy: someone who has

recognised, supported and included as human beings

been through the experience and can offer valuable

with personal as well as professional responsibilities

perspectives on how to handle everything from

to fulfil.

expressing in the office to the inevitable anxiety the ‘first business trip after baby’ brings.

STRONGER TOGETHER “Be the change you wish to see” is an oft quoted

We help them organise any training they may need

mantra for a reason. As women working in the

to get themselves back up to speed. And, most

male dominated cybersecurity industry we share a

importantly, we let them know how much we value

collective responsibility to do what we can to even up

the contribution they’ve made, and will make, to the

the scales by making it easier for women to get in and

company’s success and growth.

stay in. Supporting our colleagues on the parenthood path is a practical and rewarding place to start.

THE BOOMERANG EFFECT And our grassroots support program has made a difference to the wellbeing, workplace performance

www.linkedin.com/in/lauredw

and return rates of our female employees.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

NICOLLE EMBRA Cyber Safety Expert, The Cyber Safety Tech Mum

C O L U M N

Planning for healthy screen time limits

Screen time has become a part of our lives, including

ASSESS CURRENT DAILY ROUTINES

our children’s. While it can be a fun and educational

The first step to limiting screen time is to assess your

way to learn and play, too much screen time can have

child’s current daily routines. How much time do they

negative consequences such as sleep problems,

spend on screens each day? What types of activities

emotional issues, obesity and attention difficulties.

do they engage in while on screens? Once you have a good understanding of their current screen time

Planning can be used as a tool to help keep our

usage, you can start to think about how you would

children’s screen time within acceptable limits. By

like it to look.

taking the time to assess their current screen time

usage, create activity lists, loosely plan your days,

CREATE ACTIVITY LISTS

consider the type of content they consume, set screen

Work with your child to create a list of alternative

time limits and lead by example, you can help them

activities they enjoy. These can include playing

develop healthy screen habits that will benefit them

outdoors, reading books, doing arts and crafts,

throughout their daily lives today and into the future.

playing board games or engaging in sports. Mix up

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

the list with other activities: those that can involve a

LEAD BY EXAMPLE

sibling, need an adult or are for the whole family.

As parents we play an important role in modelling healthy screen habits for our children. Be mindful

LOOSELY PLAN YOUR DAYS

of your own usage, especially when you are around

Once you have a list of alternative activities you can

them. Try to avoid using screens at mealtimes or in

start to loosely plan your days. This does not mean

bed. Instead, focus on spending time together and

you have to schedule every minute of the day, but

engaging in other activities.

having an approximate idea of what you want to do can make it easier to transition between different

Achieving acceptable screen time limits is a journey,

activities and reduce screen time.

and it is okay to have some days which go better than others. The key is to be consistent in your efforts

For example, you might start the day with breakfast

and keep the lines of communication open with

and some screen-free time such as reading or playing

your children. By planning and creating a supportive

together. Then, your child might go outside to play

environment we can help our children develop healthy

or do some homework. After lunch they might have

screen habits that will benefit them throughout

some more screen time, followed by another round

their lives.

of outdoor play or indoor activities. In the evening movie night or some screen-free time. Having a

SOME OTHER TIPS TO HELP REDUCE SCREEN TIME:

loose structure for the day can assist in decreasing

• Establish screen-free zones in your home, such as

you might have dinner together followed by a family

the number of times your child asks for screen time, because they know what other activities they will be undertaking.

the bedroom, the dining room and bathroom. • Encourage your child to take breaks from screens at least every 20-30 minutes. • Use screen time as a reward for good behaviour

CONSIDER THE TYPE OF CONTENT THEY ARE CONSUMING It is also important to consider the type of content your child is consuming when they are on screens. Make sure there is a balance between educational and entertaining content. There is a big difference

or completing chores (consider your child’s personality first before using this method). • Talk to your child about what they are watching or playing on screens. • Make screen time a family activity. Watch movies or play video games together.

between an hour spent mindlessly watching YouTube videos compared to an hour using a school approved maths educational app. You may also want to limit their exposure to certain types of content such as

www.linkedin.com/in/nicolle-embra-804259122

violent video games or inappropriate websites.

www.linkedin.com/company/the-cyber-safety-tech-mum

SET SCREEN TIME LIMITS

www.thetechmum.com

Discuss and set reasonable screen time limits together with your child. Having their input can make them feel more involved and responsible for their screen time choices. Consider using parental control

www.facebook.com/TheTechMum

www.pinterest.com.au/thetechmum

apps or features to enforce your agreed screen time limits.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

Need Event Speaker Services

Tell us more about what YOU need.... Need an MC or host? Looking for a keynote speaker? Want to get matched with industry expert speakers? Need speaker inspiration/ideas? Looking for presenters or analysts? Need your events speaker lineup managed end-to-end?

REACH OUT TODAY FOR AN INSTANT QUOTE. The team at Source2Create has all the necessary skills to get the job done for you, so your time can be reserved to focus on other things.

With:

aby@source2create.com.au charlie@source2create.com.au source2create.com.au

STUDENT IN SECURITY SPOTLIGHT

Katie Perry was born in Australia and worked as at an internet service provider in Adelaide for several years before moving into cybersecurity. KATIE PERRY Purple Team Australia Student

Tell us what you are doing today.

fosters collaboration between blue and red teams to

Today, I am enrolled in the Purple Team Australia

safeguard all aspects of cybersecurity. The inclusion

initiative, the first national program to address

of both blue and red team modules is particularly

the widespread shortage of cyber skills and

advantageous because it allows for exposure to and

simultaneously promote gender diversity in the

experience with both teams, which sets it apart from

workplace. The aim of this program is to prepare us

other platforms.

for entry-level positions in cybersecurity and ensure a seamless transition into our new careers.

The Purple Team Australia program provides a dynamic learning experience that incorporates

This program is carefully designed with the goal

theoretical knowledge and practical exercises. With

of empowering and improving the skill set of 320

online instructor-led sessions, monthly industry

women from diverse backgrounds across Australia,

experts as guest speakers, and fortnightly mentoring,

including First Nation Australians. It equips them

I am being prepared to enter the workforce as a

with the necessary skills to begin a fulfilling career

skilled cybersecurity professional.

in cybersecurity. This program is structured into five units, with one Purple Team Australia has two intakes (June 2023)

unit covered per month. Most of the program is

and (June 2024) with 160 students participating in

delivered online through a user-friendly learning

each intake, across all eight states with 40 mentors.

management system, but we also have engaging

The program is sponsored by Cybermerc Pty Ltd,

in-person sessions conducted by instructors in

AustCyber, Baidam Solutions Pty Ltd, Anomali,

each state.

Australia Women in Security Network (AWSN), Uplifting People and The University of Tasmania.

What distinguishes the Purple Team Australia

Without their support The program would not exist.

Program from other learning platforms is its handson approach. Rather than focusing on theoretical

Are you in full or part-time study? Where? What exactly is the course you are undertaking? How long have you been doing it? When do you expect to complete it? And how did you get there?

knowledge it focuses on practical experience. This

I completed my studies at With You With Me on 31

critical thinking, providing us with valuable first-

March 2023, and promptly applied for the Purple

hand experience.

means students can put what they learn into action in real-world scenarios faced in today’s climate. The program guides us through a series of step-bystep practical activities and challenges that require

Team Australia program. My ambition was to go from being a business owner and financial controller

We use Slack as our communication centre to

into cybersecurity by using my experience of financial

facilitate contact between staff, mentors and

audits and analysing transactions for abnormalities.

students, boost cooperation, enable support, and facilitate assistance. It has a diverse set of channels

In the past, cybersecurity professionals were typically

in which students may actively participate and is

divided into blue team roles for defence and red team

an excellent platform for sharing program-related

roles for offence. However, Purple Team Australia

thoughts and experiences. Furthermore, Slack’s

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

S T U D E N T

I N

S E C U R I T Y

S P O T L I G H T

tablets, desktops and mobile phones—ensures

reaction did you get from family and friends when you decided to pursue cybersecurity?

ongoing accessibility, making it easy for members

I am naturally curious, particularly when it comes to

to participate in the program while juggling work and

examining the broader aspects of human behaviour. I

family duties.

frequently delve into inquiries involving the how, why,

integration across several platforms—laptops,

what, who and when aspects. The standout feature of the program is its unwavering focus on hands-on experience. At each

My career journey began as a personal assistant

juncture we are presented with chances to put our

at an internet service provider. I was interested

knowledge into action in real-world scenarios.

how all areas of the business —sales, finance and cybersecurity—came together and my interest led me

The program is organised into three units: IT

to gradually transition into finance.

Essentials, Blue Team and Red Team. Additionally, an exciting in-person Purple Team graduation event is

In late 2022 I observed that several Australian

scheduled for November 2023 in Canberra at which

businesses had encountered data breaches and,

sponsors, program partners, staff, mentors and

like many Australians, I had my own personal data

students come together and demonstrate the skills

breached and exploited. I felt uneasy about my

we have practiced throughout the program.

information being exposed. I was curious and wanted to know how and why this was happening.

Since starting the program on 26 June 2023, I have been fully engaged in its content. With a commitment

My mind went into overdrive. I wanted to learn about

of a minimum 10 hours per week I have delved

cybersecurity. I was naturally curious to find out how

into fascinating topics and acquired practical skills

these types of incidents occurred and how we could

that are in high demand. I have found areas of the

prevent them. I researched cybersecurity courses

program that excite me, and curiosity led me to

and read through the requirements of the industry. I

learn further about specific subcategories within

am not a technical person, but I noticed that finance

cybersecurity. Securing a place in this program was a

and cybersecurity encompass similar qualities.

notable milestone for me. Towards the end of December 2022 I began my Following my application earlier this year I went

first cybersecurity course. My family and friends

through a series of assessments and interviews.

expressed their enthusiasm upon hearing this,

Being chosen from a pool of highly skilled candidates

and collectively acknowledged that we inhabit a

was a superb privilege, and I attribute my dedication,

technology-driven society. We rely on technology

passion, determination, inquisitiveness, eagerness

for everyday activities such as using the internet,

to learn and career transition as pivotal factors in

streaming services, email, online banking and more.

helping me secure my spot.

Given the pervasive role of cybersecurity in all these activities, there is a pressing need for education,

Were you inspired by cybersecurity in high school, if so, how? Or was it a later employment role that led you there? What

I S S U E 17

not only for ourselves but also for the broader community: families, businesses and the elderly.

WOMEN IN SECURITY MAGAZINE

KATIE PERRY

It was my experience of having my information

Upon concluding the audit, I participated in a

exploited that set me on my cyber journey, and I am

meeting with management where I recommended

grateful to have been chosen to participate in the

enhancements to the accounts payable process to

Purple Team program as our values were in sync. My

mitigate the risk of unauthorised transactions.

goal is to contribute to making the online community a safer place and bring about a positive impact.

Following this internal audit, I was engaged by a nationwide credit management company to

Please give us a brief rundown of your career to date. The jobs you have had, where and when, in cybersecurity and other fields. And please, mention anyone who has been particularly influential in your journey.

specialise in skip tracing for their client base. Skip tracing entails using publicly available information to conduct searches on individuals who have either failed to settle their debts or have relocated without notifying the debt agency.

My first role was a personal assistant for an Internet Service provider in Adelaide. After several years I

My responsibilities included analysing financial

moved to finance. I served as a credit controller at

records, conducting credit checks to obtain location

one of Australia’s largest pharmaceutical wholesalers

information, delving deeper into fine locations

where I had the privilege of managing a weekly

and employing techniques such as reverse image

seven-figure ledger.

searches and social media investigations. After verifying the authenticity of the data, I would proceed

During my first year I was entrusted with the

to carry out the debt collection process using my

primary responsibility for a significant portion of the

negotiation skills.

financial ledger within the department, which carried substantial accountability. This role allowed me to

In 2014 I was given the opportunity to run and

cultivate strong internal and external relationships

operate a struggling business. I led a team of 17

founded on mutual respect and effective

staff, processed weekly payroll submissions, ran

communication. My duties included locating debt,

weekly supplier payments, prepared the weekly

meticulous account reconciliations and performing

rostering schedule, provided daily business

thorough financial risk assessments. Unfortunately,

operations, reduced business operation costs, set

due to change of business ownership, my position

accurate and strategic pricing structures, marketed

was made redundant.

the business on social media platforms and analysed the market for social trends. I was responsible for

Following my redundancy, a recruiter reached out

training 17 staff and delivering a positive customer

to me regarding a contract role assisting with an

service experience. I managed to retain a 4.8 star

internal audit. I collaborated with external auditors

customer satisfaction rating until November 2020

from a law firm, analysing two years’ worth of

when the business changed hands.

transactions across all bank accounts accessible by a particular individual. I generated multiple reports to identify abnormalities in the general ledger and cost centres, initiating additional inquiries and findings.

W O M E N I N S E C U R I T Y M A G A Z I N E

When you complete your course and gain your qualification, what next? Do you have a clear vision of a role it will help you attain, or, if you

N O V E M B E R • D E C E M B E R 2023

S T U D E N T

I N

S E C U R I T Y

S P O T L I G H T

are already in work, is it something you feel will help you do your job better and, hopefully, gain a promotion?

I adapted by reducing our large menu to a

A great feature of Purple Team Australia is its

outbreak. I limited the amount of stock on hand

employer matching process. At the end of the course

to minimise the risk of food wastage and the

in November 2023, our talent manager will contact us

associated financial risk.

manageable size that I could handle if staff became sick or if we had to shut down as the result of an

individually to discuss our ambitions for employment and endeavour to match us with a suitable employer.

I managed to use food delivery platforms to provide our products to families in our community. I

It takes much more than cybersecurity expertise to be a good cybersecurity professional. In most roles people skills are essential. There is also the ability to be creative, to ‘think outside the box’. Do you plan to undertake, or are you already undertaking, training in disciplines other than cybersecurity to support your career plans?

introduced ‘go to family meals’ for families who could

Definitely. Cybersecurity requires more than technical

the opportunity.

not leave their homes. I am aware of the importance of staying up to date with cybersecurity practices and learnings and I am constantly pursuing learnings to expand my knowledge in the sub-fields of cybersecurity. I am willing to undertake additional training given

skills. It requires clear communication skills and people skills to provide information to a client in a way that makes it understood. I believe I possess people skills and the ability to adapt and think on my feet. I have been in situations where I had to think of an outcome or a strategy with little notice.

What about specific cybersecurity qualifications such as those offered by (ISC)², CompTIA and ISACA, Have you gained, or do you plan to gain any of these, if so which ones and why? My goal is to gain employment in cybersecurity

I believe my ability to solve problems and adapt

and then pursue these certifications to open more

swiftly will help my chances for future employment.

employment opportunities in the future. Once I am

I also have the desire to learn and undertake any

employed I will have the necessary experience to

additional training necessary to perform my job

gain some of these certifications.

with precision and accuracy. I have developed the

outside of the box. I was in the hospitality industry

And of course we’d like to hear about the specifics of your current course. Please give us a few details of what you are studying. What do you enjoy? What do you find challenging? What would you like to see done differently?

where ever-changing rules were in place that

The Purple Team program covers five core areas

limited our occupancy numbers without providing

of cybersecurity: cyber awareness, IT essentials

sufficient notice.

(Linux), blue team (defence), red team (offence) and

skill to communicate effectively, professionally and courteously while also maintaining a harmonious and cooperative working atmosphere. During the COVID 19 pandemic I had to think

I S S U E 17

WOMEN IN SECURITY MAGAZINE

KATIE PERRY

purple team (a combination of blue and red team).

incidents, techniques and alerts by following blogs,

Subcategories include: Linux, networking, protocols,

tuning into cybersecurity podcasts, subscribing to

malware analysis, SIEM operations, governance and

forums, and subscribing to email alerts.

compliance, vulnerability management, exfiltration and CTF (capture the flag events) to name a few.

In 2023, a cybersecurity topic taking the spotlight is the use of artificial intelligence. It would be highly

Because I do not possess a technical background

beneficial to consider incorporating a subsection

I found learning Linux a little challenging. However,

related to this in the course in the near future.

this did not deter me from completing the module as

labs and training sessions. I especially enjoyed the

Please tell us about your experience of being a woman studying cybersecurity. Chances are you are in a minority. Do you feel disadvantaged? Have you encountered sexism or misogyny? Do you feel your institution does sufficient to address such issues?

blue team module of the course because it is an

In my time of attending cyber events I have observed

area I am interested in and could relate to: protecting

the gender gap in the cyber community. However,

systems, data and information. This module covered

I am not discouraged from pursuing employment

vulnerability assessments, the MITRE ATT&CK

opportunities. I have never felt disadvantaged or

framework, malware analysis, SIEM operations,

encountered sexism in the cybersecurity industry.

threat hunting, incident response, governance risk

Everyone I have met, in person or online, has

and compliance and disaster recovery.

welcomed me and treated me equally and with

it was still a good learning experience to understand how command lines work and the actions they perform. I particularly enjoyed the practical aspects of the

respect. I have felt respected because we share the I find the content provided by Purple Team Australia

same work ethics, beliefs and values.

to be highly engaging, detailed, comprehensive and informative. The course is designed in a way that is

I am grateful for my acceptance by Purple Team

easy to follow and it incorporates a blend of theory

Australia, where the primary objective is to change

and practical testing across its five modules, making

the landscape of cybersecurity and create a gender

it an interactive learning experience.

diverse industry. I was fortunate to be matched to a female mentor (Sandy Assaf) who has guided and

Almost every aspect of cybersecurity is evolving rapidly. Do you feel your course is doing enough to keep up? Are there topics you would like to see covered, or topics you think should be omitted?

supported me through my cybersecurity journey.

I believe this course comprehensively addresses a

Having a female mentor like Sandy signifies the

broad spectrum of topics and provides insights into

importance of representation. It is a testament to the

the latest techniques employed in the ever-evolving

fact that women can thrive and lead in traditionally

field of cybersecurity. Additionally, it emphasises

male-dominated fields. Sandy’s journey saw her

the importance of staying up to date with current

overcome obstacles and break barriers, which can

W O M E N I N S E C U R I T Y M A G A Z I N E

Sandy’s support has helped me to recognise my unique skills and how I can contribute to the industry in my own way.

N O V E M B E R • D E C E M B E R 2023

S T U D E N T

I N

S E C U R I T Y

S P O T L I G H T

be incredibly inspiring for someone starting in the

glimpse into the industry and the opportunity to

field. Sandy serves as a role model, showing that

interact with like-minded individuals was invaluable.

women can excel and inspire others in this industry. This support is crucial for fostering confidence and

I have gained a deeper understanding of the industry,

resilience, particularly for women in a field where

expanded my network and forged meaningful

they might be in a minority.

connections. Meeting these connections face-to-face has proven to be valuable. Networking plays a pivotal

Educational institutions, especially universities—the ‘ivory towers’—are often seen as being out of touch with the real world. If you are not already immersed in the broader world of cybersecurity what will you be doing to prepare yourself for that transition, for example by joining industry bodies like the Australian Women in Security Network (AWSN)?

role in cybersecurity.

And finally, having come this far, do you have any regrets. If you had your time again, would you take a different path? I can affirm that switching to cybersecurity has been the most rewarding choice I have made. I have no doubts or regrets, and the opportunity I have been granted with Purple Team Australia has

Before enrolling in the Purple Team Australia

been exceptional. This opportunity has laid the

program I took the initiative to become a member of

groundwork for me to commence a new chapter in

AWSN. This organisation is dedicated to empowering

my professional journey. Thank you.

women in cybersecurity providing not only valuable support but also hosting events, offering training and facilitating mentorship opportunities.

www.linkedin.com/in/katie-perry-259047260

Being an AWSN member has allowed me to partake in networking events and access additional programs that would otherwise be unavailable to me. Furthermore, I have actively participated in AWSN’s in-person events, enabling me to forge new connections in my local community. I am also a member of the Australian Information Security Association (AISA), which offers networking events, education and training, newsletters, member and industry events. I had the opportunity to attend AdelaideSEC in August 2023 and I have also participated in several online webinars facilitated by AISA. Through the AISA network I have established valuable connections. AdelaideSEC offered a valuable

I S S U E 17

WOMEN IN SECURITY MAGAZINE

Mance Hung was born and grew up in Taiwan. She recently completed full‑time studies at the University of South Australia for a bachelor’s degree in networking and cybersecurity. Bachelor of Networking and Cybersecurity Graduate at University of South Australia MANCE HUNG my technical know-how, my background in sales

What exactly is the course you are undertaking? How long have you been doing it? When do you expect to complete it? And how did you get there?

and banking has honed my people skills. I believe in

I undertook a Bachelor of Networking and completed in July 2023. My journey began with an

What about specific cybersecurity qualifications such as those offered by (ISC)², CompTIA and ISACA?

interest in technology and how it influences modern

I have pursued Cisco CCNP ENCOR through LinkedIn

businesses, leading me to delve deeper into the realm

Learning and plan to explore certifications from

of cybersecurity.

(ISC)² and CompTIA to further solidify my skills and

Cybersecurity, which I started in February 2020 and

continuous learning and am open to pursuing courses that enhance soft skills and creativity.

industry recognition.

Were you inspired by cybersecurity in high school, if so, how? Or was it a later employment role that led you there? What reaction did you get from family and friends when you decided to pursue cybersecurity?

Please tell us about the specifics of your current course. My course covered a range of topics including network troubleshooting, security analysis and user

Cybersecurity caught my attention during my time

support. I particularly enjoyed the hands-on approach

working in international sales. I was intrigued by

in the security management project. Some aspects

the challenges businesses faced in safeguarding

were challenging, especially keeping pace with rapidly

their digital assets. My family and friends were

changing threat landscapes.

supportive. They recognised the growing importance of cybersecurity in today’s digital age.

Please give us a brief rundown of your career to date.

Almost every aspect of cybersecurity is evolving rapidly. Do you feel your course did enough to keep up? While my course was comprehensive, the dynamic

I initially pursued a career in business administration

nature of cybersecurity means continuous learning is

and worked as a bank teller at E.SUN Commercial

essential. There were areas I wish had been explored

Bank in Taiwan. Later, I transitioned to a role as

more deeply, particularly emerging threats.

an international sales representative at Everlight where I live today and where I made the decision

Please tell us about your experience of being a woman studying cybersecurity.

to transition into cybersecurity. Since I made that

While there were times I was in the minority, I never

decision, my mentors at the University of South

felt disadvantaged. My institution was proactive

Australia have been particularly influential.

in ensuring an inclusive environment and I was

Electronics. My journey brought me to Adelaide

always treated with respect. Educational institutions,

When you complete your course and gain your qualification, what next?

especially universities, are often seen as being out

Having recently completed my degree, I’m now eager

in bridging this gap by undertaking internships,

to apply my knowledge and skills in a practical setting,

volunteering, and joining industry bodies like the

ideally in IT support roles where I can bring value with

Australian Women in Security Network (AWSN) to stay

my customer service and technical skills.

connected with professionals and industry trends.

of touch with the real world. I’ve been proactive

It takes much more than cybersecurity expertise to be a good cybersecurity professional. Apart from

W O M E N I N S E C U R I T Y M A G A Z I N E

www.linkedin.com/in/mance-hung-bbbb341a9

N O V E M B E R • D E C E M B E R 2023

Egbuliese Jennifer Osato is a sophomore law student in the Faculty of Law at the University of Benin. JENNIFER (OSATO) EGBULIESE Bachelor of Laws Student at University of Benin

I am a young undergraduate law student who has an interest in cybersecurity. In addition, I aspire to one day become a penetration tester. In a bid to expand my horizons in cybersecurity I am undertaking programs from Cisco and Coursera, among others. I got to know about some of the programs by searching for them online. While some are paid and some are free, I do take advantage of the free programs, because they too are educative. I wasn't inspired about cybersecurity. If you had asked me a year ago what cybersecurity was, I would have replied that I did not know such a thing existed. I was introduced to cybersecurity by a friend of mine, and that sparked my interest. I have taken it upon myself to build a career and one day get a job in cybersecurity. The courses I am following from Cisco, Coursera and others are introductory. However, I am planning on becoming a junior cybersecurity analyst and to study for CompTIA certifications and others. I find it quite challenging to make time to learn cybersecurity while studying law. But what keeps me going is my dream of building a career in cybersecurity. It is an emerging and rapidly growing profession. Acquiring and building a skill in cybersecurity is something that anyone in the world should thrive for. Although I have not progressed far in cybersecurity, I have no regrets. Studying cybersecurity teaches you to be more secure as well as giving you skills that can earn you money. Cybersecurity teaches you how to protect yourself from threats. Because I am learning how to make myself more secure, I have no regrets about devoting time to learning about cybersecurity.

www.linkedin.com/in/jennifer-egbuliese-0bb263274

I S S U E 17

WOMEN IN SECURITY MAGAZINE

Master of Science in Computer Science and Cybersecurity Student at University of Sunderland NASHRA FAYYAZ

Greetings to all readers! I’m thrilled to introduce myself as Nashra

Enrolling in a cybersecurity

Fayyaz, a 23-year-old born in

program resonated with

Oman, brimming with excitement

me deeply. It was as if the

and ready to take on new

universe had been preparing

challenges. Currently, I’m pursuing

me for this career all along.

a MSc in computer science and

As I progressed through my master’s program I found

cybersecurity. I’m a dedicated full-time student embarking on a year-long journey

myself growing more mature and proficient in

through this program, all while participating remotely.

cybersecurity. I possess a deeper understanding of cyber threats and the ability to address them swiftly

It’s a remarkable story: how I stumbled upon my

and effectively thanks to the knowledge I’ve gained

innate cybersecurity talents. The realisation came to

from my course.

me during my high school year when my friends and I would assist our teachers in creating student grade

SOC analyst goal

reports. I was the go-to person for troubleshooting

My heart is set on becoming a security operations

technical issues such as fixing a malfunctioning

centre (SOC) analyst and I’m diligently working to

printer, refining report designs and content, or

gain hands-on experience through various platforms

eliminating pesky computer viruses. My friends

and home labs. I’ve already completed an internship.

affectionately dubbed me the ‘Computer Guru’ for my

My next goal is to obtain the CompTIA Security+

proficiency in all things tech.

certification to solidify my entry into the world of SOC analysis.

Unfulfilled aspirations My path to cybersecurity was not a premeditated one.

As a woman in cybersecurity I’ve been fortunate

My parents had envisioned a career in medicine for

to experience overwhelming encouragement and

me, but due to financial constraints, I could not pursue

support, both from my friends, family and the LinkedIn

that dream after high school. It was a challenging and

community. I can confidently say I have absolutely

depressing time for me, watching my friends enter

no regrets about choosing this path. I am genuinely

their dream colleges while I remained idle. My nights

happy to be here, and I’m bursting with excitement

were filled with tears and my days consumed by the

about the endless possibilities and challenges that lie

search for an affordable medical college. During this

ahead in the dynamic world of cybersecurity.

tumultuous period, a friend of mine visited me and sensed the emotional turmoil I was enduring.

To all young ladies out there, I wholeheartedly encourage you to explore the field of cybersecurity

She spoke with my parents, advocating for my talents

and join us in showcasing the power of women in

and potential. She highlighted my natural aptitude

this domain!

for computers and introduced them to the world of cybersecurity, emphasising its growing importance in

“There is no limit to what we, as women, can

today’s tech-driven world. She even shared stories of

accomplish.” —Michelle Obama.

my computer guru days. Suddenly, it all made sense to me. This was my calling. www.linkedin.com/in/nashraiscrazyaboutcybersecurity

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

HAVE YOU EVER DREAMED OF BEING A

"This technological thriller is the hacker world having such global impact to the unsuspecting world that it makes you very aware the power within the web…” - Trevor, indiebook reviewer

ORDER NOW

AUSTRALIA’S

BEST SELLING S AN AUD I

OK BO

SO AL

A LE

AVAIL AB

CYBER SECURITY BOOK

Bought it for my daughter and we are both very impressed! Great artwork as well as the book itself. She is a 9 year old avid internet user, and I do worry about what she gets up to and the choices she makes. We limit her access and have cyber security overlays on her devices - but we are not too clued up on cyber security so it was always a worry. This book has been great to get conversation flowing that I didnt really know how to start up, and it has definitely taught her some worthwhile lessons on things to look out for and "shadowy corners" of the internet to be cautious of! I recommend this book.

BUY THE EBOOK

BUY THE AUDIOBOOK

BUY THE PAPERBACK

LISA ROTHFIELD-KIRSCHNER Author of How We Got Cyber Smart | Amazon Bestseller

Your digital footprint and how it can impact your life Twins Olivia and Jack had been taking turns playing chess online against their cousin Charlie. Charlie loved gaming and had many more accounts than Olivia and Jack, on different websites and apps where they posted pictures, videos, comments and messages. Charlie thought sharing opinions and activities with friends and strangers was fun and harmless. But Charlie did not know everything done online left a trace behind. This trace is called a digital footprint, and it can be seen by anyone who has access to the internet. A digital footprint can reveal a lot of information about a person, such as their name, age, location, interests, hobbies, preferences, beliefs and behaviours. One day, Olivia, Jack and Charlie asked their respective parents if they could all go

I S S U E 17

to a chess camp for the upcoming school holidays, play against other kids in person and compete for the trophy awarded on the last day. Each of them filled out the application form online and awaited the reply. A few days later they received an email from Felix the chess camp director. It said: “Dear Olivia and Jack, we look forward to welcoming you to chess camp this school holidays, please look out for details about what to bring and where the camp will be held.” Their cousin Charlie received this letter, “Dear Charlie, We’re sorry to inform you that your application for the chess camp has been rejected. We have reviewed your digital footprint and found it does not match the values we expect of our campers. We are looking for chess campers who are respectful, responsible and positive.

WOMEN IN SECURITY MAGAZINE

Unfortunately, your online activities do not meet our values. We hope you will learn from this experience and be more careful about your online behaviour. Remember that your digital footprint is permanent and public. Sincerely, Felix, Chess Camp Director.” Charlie’s Dad was surprised to receive this email and called Felix to discuss what Felix had seen online that breached the chess camp’s values. Felix said: “We have seen that Charlie has posted rude and offensive comments on other people’s posts, such as calling them names, making fun of their appearance, or mocking their opinions. We have also seen that Charlie has shared inappropriate pictures and videos of themselves and others without their consent. “We have also seen Charlie has lied about their age and identity on some websites and apps, which are for those over 14. We, the chess camp leaders, encourage you to chat to Charlie about how they engage in the online world as their conduct can either help them or hurt them and they need to have a good think before they click.” Felix then said, “These actions are not only disrespectful to Charlie and others, but also dangerous. I’m very sorry but Charlie cannot attend our chess camp.” Charlie’s parents spoke to Charlie about this, they felt guilty they had not spent enough time having conversations about how to behave online. They had been complacent and thought they could leave such conversations to the school, but this was not the case: the teachers had only limited time in the classroom to spend on online safety and behaviour. Charlie’s mother then asked Olivia and Jack’s mother to come over and help her

W O M E N I N S E C U R I T Y M A G A Z I N E

speak to Charlie. Olivia and Jack’s mother told Charlie: “You never know who might see your digital footprint and use it against you. For instance, someone might bully you, harass you, hack your accounts, steal your identity, or harm you in real life. Your digital footprint can also affect your future opportunities, such as getting into your preferred school, finding a job or making friends.” Olivia and Jack were sad that Charlie would be unable to come to chess camp with them, but they understood Charlie had made a big mistake by being careless online. Charlie told Olivia and Jack they had decided to change their online habits and had put together a list of what they would do: be more respectful, responsible and positive. Charlie would delete accounts on the websites and apps they did not need or trust, and would apologise to the people who had been hurt or offended online. They would ask friends and family to remove any pictures or videos of them that they did not want to share. They would learn how to protect privacy and security online by using strong passwords, updating settings and avoiding suspicious links or messages. Charlie hoped that by doing these things they could improve their digital footprints and create a better impression of themselves online. Olivia, Jack and Charlie all hoped Charlie could get another chance to apply for the summer camp next year. Everyone had learnt a valuable lesson: Your digital footprint matters. www.linkedin.com/company/how-we-got-cyber-smart

facebook.com/howwegotcybersmart

twitter.com/howwegotcybers1

N O V E M B E R • D E C E M B E R 2023

Recom mend ed by F amily zone

How We Got Cyber Smart addresses cyber safety, cyber bullying and online safety for elementary school-aged children.

READ NOW

WOMEN IN SECURITY MAGAZINE CONTRIBUTORS 01

1. LISA VENTURA

Founder, Cyber Security Unity

2. AMANDA-JANE TURNER

Author of the Demystifying Cybercrime series and Women in Tech books. Conference Speaker and Cybercrime specialist

3. MARISKA SCRIBA

Head of Enterprise Security Services at MTN Business

4. SUSAN AJAY

Cybersecurity Analyst at Datacom

5. CHRISTINA DELL

Director - Governance, Risk & Compliance

6. ALEX PENNA

Software Developer at Atlassian

7. HANNAH RAPETTI

Cyber Security Analyst – Takedown Team at Proofpoint

8. FLORENCE ARANIEGO

Associate Consultant | Phriendly Phishing - Transformation and Growth at CyberCX

9. AILIE HOULIHAN

Consultant with the Strategy and Consulting Practice at CyberCX

10. CRAIG FORD

Cyber Enthusiast, Ethical Hacker, Author of A Hacker I Am vol1 & vol2, Male Champion of Change Special Recognition award winner at 2021 Australian Women in Security Awards

11. KAREN STEPHENS

CEO and co-founder of BCyber

12. JALPA B

Cybersecurity Professional

13. JO STEWART-RATTRAY

Oceania Ambassador, ISACA

14. FATEMAH BEYDOUN

CCO and Cofounder, Secure Code Warrior

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

15. ASMITA GOVIND

Consultant at Will You Hack IT

16. SANDI LARSEN

Vice President, Global Security Solutions at Dynatrace

17. JAY HIRA

Founder and Executive Director at MakeCyberSimple

18. BABY NAGAYO

Assistant Director at EY

19. KAVIKA SINGHAL

Cyber Security Consultant at EY

20. SIMON CARABETTA

Business Development Manager - Cyber at Digital Resources Australia Pty Ltd

21. LAURA EDWARDS-LASSNER

VP of Talent Management at BeyondTrust

22. NICOLLE EMBRA

Cyber Safety Expert, The Cyber Safety Tech Mum

23. KATIE PERRY

Purple Team Australia Student

24. MANCE HUNG

Bachelor of Networking and Cybersecurity Graduate at University of South Australia

25. JENNIFER (OSATO) EGBULIESE

Bachelor of Laws Student at University of Benin

26. NASHRA FAYYAZ

Master of Science in Computer Science and Cybersecurity Student at University of Sunderland

27. LISA ROTHFIELD-KIRSCHNER

Author of How We Got Cyber Smart | Amazon Bestseller

I S S U E 17

WOMEN IN SECURITY MAGAZINE

THE LEARNING HUB

GRADUATE CERTIFICATE IN CYBER SECURITY

This course will allow you to develop cyber tradecraft skills and competencies, including an introduction to cryptocurrencies, encryption, device and network security, vulnerability testing, and strategies to locate offenders. You will learn to apply and use a range of basic software and hardware in cyber investigations, identify points of attack on devices and networks and how to secure them and you will sharpen your critical thinking, investigative and ethical skills.

Designed for students with an academic or professional background in computer sciences and programming, this course offers the expert guidance, realworld experience and practical skills required for a new career meeting Australia’s growing demand for cyber security professionals. In this course, you’ll study core concepts of cyber security, including information risk management, business data management, and political policy-making. You’ll learn using industry tools, including Kali Linux, and have the opportunity to solve real problems using online hacking challenges and real-world case studies.

VISIT HERE

MASTER OF CYBER SECURITY Did you know that Australians report a cyber security incident every 10 minutes? This has led to a rise in demand for professionals to develop systems that offer safety and security for businesses and everyday Australians who are reliant on digital platforms. This course will offer you the know-how to create programs that will help you provide safe and secure online experiences. You’ll have the option to select from either the Management and Leadership specialisation or Security Engineering specialisation within this program to further develop your expertise and diversify your career options.

VISIT HERE

GRADUATE CERTIFICATE OF CYBER SECURITY GOVERNANCE AND RISK MANAGEMENT This graduate certificate is comprised of four courses – 3 core and 1 elective. Outlined in the Subject section of this course summary of enquire about a course brochure for more info. With a focus on realworld learning, this qualification ensures you graduate with the skills and practical experience employers are looking for. You may choose to take on the challenge of leading your workplace’s cyber security management strategy, or seek new work in the cyber security sector. Whichever path you take, this graduate certificate prepares you to meet the challenges of a rapidly changing and exciting digital business world.

VISIT HERE

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

FEATURING FREE SECURITY TRAINING RESOURCES THAT ARE AIMED AT INCREASING SECURITY AWARENESS AND HELPING PEOPLE BUILD AND UPSKILL THEIR SECURITY SKILLS.

MASTER OF CYBERSECURITY Work on the frontlines of hacking, cybercrime and defence strategies. Launch your career and join a fast-growing industry with La Trobe’s 100% online, ACS-accredited Master of Cybersecurity, whether you have an IT background or not. You’ll study cyber law and risk management, ethical hacking and defence, artificial intelligence and machine learning, secure programming, project and database management and more.

SECURITY ANALYST This course is designed for anyone who wants to understand the analysis of data security. More than ever, information security analysts are needed to rescue companies when they have been hacked or breached, as well as to put in place controls and counter-measures to avert cyber attacks

You can study anywhere, anytime, completely online.

Gain the skills required to detect and mitigate information and cyber security threats and vulnerabilities. The security analyst role is an entry point to many other security specialties and is highly in-demand in today’s evolving threat environment.

VISIT HERE

GRADUATE CERTIFICATE IN DATA ANALYTICS AND CYBER SECURITY Combine two of today's most crucial ICT skills, data analytics and cyber security, into a single qualification in this graduate certificate. You'll learn how to analyse vast quantities of data in order to extract intelligence for commercial planning and how to secure that data from privacy and security breaches. Knowledge in these areas is highly soughtafter in today's digitally disrupted economy.

VISIT HERE

CERTIFICATE III IN INFORMATION TECHNOLOGY (ELECTIVE FOCUS BASIC CYBER SECURITY) You’ll learn how toInstall and optimise operating system software; Identify and report online security threats; Promote workplace cyber security awareness and best practices. Lumify Learn will recognise any relevant skills and experience you’ve developed to date, and provide clear pathways for further education and career development. By enrolling in the course, you’ll be eligible to take part in the Lumify Learn Industry Partner Program, in which they connect you with those recruiting for current roles in the job market.

VISIT HERE

I S S U E 17

WOMEN IN SECURITY MAGAZINE

THE LEARNING HUB OFFENSIVE CYBER SECURITY AND PENETRATION TESTING This subject introduces you to the practical approaches taken in Red Teaming – simulating aggressors in a cyber security penetration testing environment. The subject will be practical task focused and allow you to explore the penetration testing process from inception to completion with a focus on three key areas: Legal and Ethical considerations; conducting penetration testing; and reporting findings.This subject builds on concepts of learning through practice in Year 1 of study by introducing you to more complex learning experiences.

VISIT HERE

MASTER OF CYBERSECURITY Swinburne is a world leader in online education by using interactive and innovative technologies to deliver our courses and degrees. From vocational education and undergraduate to postgraduate study, Swinburne has online study options at all levels.

VISIT HERE

Reach out to Aby today to find out how your company can help support the Women in Security Magazine. ABY@SOURCE2CREATE.COM.AU

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

Need Data Admin Services

Tell us more about your data Need Data appending services? Need database admin cleaning Data enrichment services

Data Entry Admin services Data Verification services

LET US HELP YOU OVERCOME YOUR BUSINESS DATA CHALLENGES PARTNER WITH A QUALITATIVE FAST-WORKING TEAM Our team understand the importance of time and efficiency when it comes to data projects.

With:

aby@source2create.com.au charlie@source2create.com.au source2create.com.au

TURN IT UP

POWERHOUSE WOMEN

SHE DID IT HER WAY

FOLLOW THE LEADER

With Lindsey Schwartz

With Amanda Boleyn

With Chanel Christoff Davis

How do I figure out what my purpose is? How do I connect with likeminded women? How do I overcome imposter syndrome? How do I grow my money mindset? Welcome to Powerhouse Women, the podcast! Host Lindsey Schwartz will bring you everything you need to turn your ideas into your dream business with tactical tips, business strategy and all of the mindset shifts you need to take on your business, side hustle or passion project with confidence!

She Did It Her Way is a podcast where we dive into all of your most important questions about starting a business and when to take the leap of going full-time as an entrepreneur. Every week, host, Amanda Boleyn delivers fresh content on productivity hacks, different business strategies, how to confidently transition out of your 9-5 and become a fulltime business owner. Along with sharing her business savvy tips, she interviews women who have also gone out and done it.

Follow the Leader features dynamic women entrepreneurs and their journeys to becoming a success in business. It's an inspirational space for entrepreneurs, future entrepreneurs, and thought leaders as they share their keys to success. Chanel Christoff Davis is the CEO and founding partner of the largest woman and minority owned sales tax advisory practice in the country, Davis Davis & Harmon LLC.

CLICK TO LISTEN

CLASSY CAREER GIRL With Anna Runyan The platform focuses on teaching women the different transitions in their careers. This platform was named by Forbes as one of the 35 most influential career sites. What should you expect to find in Anna’s podcasts?Career success stories Tax tips for entrepreneurs and small business owners Networking ,Brand awareness, Marketing , Anna’s journey Interview with businesswomen.

CLICK TO LISTEN 90

W O M E N I N S E C U R I T Y M A G A Z I N E

CLICK TO LISTEN

WOMEN IN TECHNOLOGY SPOTLIGHT With Ronke Babajide A space where I talk to women working in IT across the spectrum of different roles. We will discuss our career journey, visions, obstacles, roles, our views on the industry, what we love and why we are here to stay.

CLICK TO LISTEN

WOMEN AT WORK PODCAST With Sarah Green Carmichael This podcast is hosted by Sarah Green Carmichael, Nicole Torres, and Amy Bernstein, who are also editors at Harvard Business Review. It focuses on exploring the place and the plight of women in the corporate world.

CLICK TO LISTEN N O V E M B E R • D E C E M B E R 2023

WINGS OF INSPIRED BUSINESS

AMA PRIORITIZING EQUITY

With Melinda Wittstock

With Aletha Maybank

Women entrepreneurs are changing the game of business, stepping into our authentic feminine power and growing consciousness to start and scale great companies. Listen to Wings podcast, you'll learn how to manifest the mindset, mojo, and money to create, grow and scale a business aligned with what makes your heart sing. Host Melinda Wittstock masterminds daily with other successful women entrepreneurs who share their secrets, success tips, & 'fail forward' epiphanies in this motivating podcast.

Prioritizing Equity illuminates how determinants of health uniquely impact marginalized communities, public health and health equity, with an eye on both short-term and long-term implications.Prioritizing Equity is produced by The AMA Center for Health Equity and hosted by AMA Chief Health Equity Officer & Senior Vice President, Aletha Maybank, MD, MPH. Listeners can earn CME while gaining valuable lessons in racial justice and health equity from leading voices in medicine and health care.

CLICK TO LISTEN

I S S U E 17

CLICK TO LISTEN

INSPIRING WOMEN With Raimonda Jankunaite Inspiring Women Stories Podcast by Women in Business Club, with your host, serial entrepreneur, mentor, and speaker Raimonda Jankunaite. In these series, we interview our Community Members, Women from all around the world who run own businesses. Through these podcast interviews, you will get to hear about personal stories of entrepreneurs, their journeys, lessons, & obstacles. Every episode will have valuable lessons and entrepreneurial advice to start own business and/or transition in your career, personal growth, & business.

CLICK TO LISTEN

WOMEN IN SECURITY MAGAZINE

OFF THE SHELF

DROP THE BALL: ACHIEVING MORE BY DOING LESS Author // Tiffany Dufu Drop the Ball is a masterclass in work-life balance. Many women struggle to juggle families, work, and outside obligations while aiming to “have it all.” Tiffany Dufu gives women permission to stop striving to excel in every area, cease trying to please everyone, and focus on a narrower set of goals. As the title suggests, the author implies that by doing less, women can be more productive, effective, and successful. The book encourages readers to embrace imperfection and prioritize the most important objectives rather than trying to do everything and be the best at everything. Drop the Ball is a recipe for living a less hectic, more fulfilled life.

BUY THE BOOK

HOW TO CHANGE Author // Katy Milkman How to Change is one of the best new employee development books. Wharton professor Katy Milkman examines the science behind behavior shift and outlines the optimal conditions for making lasting transformations. The book draws on research and case studies to show how timing and temptation can affect the results of efforts to change. Chapters cover topics such as procrastination, confidence, and impulsivity, and help readers better understand the psychology behind forming new habits and making a permanent switch. True to its name, How to Change is an actionable guide for self-growth and evolution.

BUY THE BOOK

DO IT LIKE A WOMAN: ... AND CHANGE THE WORLD Author // Caroline Criado-Perez Doing anything 'like a woman' used to be an insult. Now, as the women in this book show, it means being brave, speaking out, and taking risks, changing the world one step at a time.

BUY THE BOOK

RADICAL CANDOR (BE A KICK-ASS BOSS WITHOUT LOSING YOUR HUMANITY) Author // Kim Scott Radical Candor is a rulebook for leading with a blend of honesty and empathy. The book lays out management tips for being tough and forthright and having high standards, yet still honoring and respecting employees. This work provides a blueprint for giving effective feedback while maintaining positive relationships with staff. Radical Candor explains how to be assertive, honest, and more effective at work and beyond, and gives tips for being a good boss.

BUY THE BOOK

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

THAT’S WHAT SHE SAID: WISE WORDS FROM INFLUENTIAL WOMEN Author // Kimothy Joy “A stunning book that celebrates a diverse group of inspirational women, from Maya Angelou to Malala Yousafzai. The book features illustrations and quotes with illuminating biographies to inspire women of all ages and backgrounds.” – Hello Sunshine

BUY THE BOOK

THE MOMENT OF LIFT Author // Melinda Gates "The Moment of Lift is an urgent call to courage. It changed how I think about myself, my family, my work, and what’s possible in the world. Melinda weaves together vulnerable, brave storytelling and compelling data to make this one of those rare books that you carry in your heart and mind long after the last page." - Brené Brown, Ph.D., author of the New York Times #1 bestseller Dare to Lead

BUY THE BOOK

LIFE IN CODE: A PERSONAL HISTORY OF TECHNOLOGY Author // Ellen Ullman Part memoir, part collection of essays, veteran programmer Ellen Ullman’s most recent book paints a vivid picture of what it was like to be a woman engineer during the early days of the dotcom boom. Life in Code is packed with fascinating anecdotes (like the time the Google co-founders offered Ellen a job at a party and she turned it down) and meaningful reflections about the power of programming. BTW, if you haven’t read her hit 1997 book Close to the Machine, you should definitely add that one to your list, too!

BUY THE BOOK

THE MEMO: WHAT WOMEN OF COLOR NEED TO KNOW TO SECURE A SEAT AT THE TABLE Author // Minda Harts The Memo is one of the best business books for women of color. Consultant and speaker Minda Harts addresses the unique challenges women of color face in the corporate world and offers practical, customized career advice for members of these underrepresented groups. The book illuminates the barriers that often prevent nonwhite women from rising to leadership position or high-ranking roles. The author shares strategies and tips for overcoming these obstacles and gaining influence and power in resistant environments. The Memo acts as a playbook for ambitious women of color, as well as a guide for allies looking to better support colleagues and build fairer work environments.

BUY THE BOOK

I S S U E 17

WOMEN IN SECURITY MAGAZINE

OFF THE SHELF

INNOVATING WOMEN: THE CHANGING FACE OF TECHNOLOGY Author // Vivek Wadhwa and Farai Chideya Though it was published nearly a decade ago, this powerful book of essays and firstperson anecdotes written by women in STEM is still relevant today. Each chapter is a separate crowd-sourced essay by a woman whose work involves innovation and entrepreneurship, including some big names in tech, like Megan Smith, former Google VP and Chief Technology Officer of the United States, Kim Polese, who was the founding product manager for Java, and Silicon Valley venture capitalist Heidi Roizer. Innovating Women sheds important light on the meaningful contributions women have made in the tech industry, while also acknowledging the realities of gender bias.

BUY THE BOOK

THE WOMAN WHO SMASHED CODES Author // Jason Fagone This is a fascinating true story about Elizebeth Smith, a woman who went from studying languages and Shakespeare to becoming America’s first female cryptanalyst. Elizabeth was highly skilled in “code-breaking,” which is a process of decrypting code or cipher messages to uncover hidden information. She worked as a cryptanalyst during both World Wars, and went on to work for the U.S. Navy, Treasury, Coast Guard, and Army.

BUY THE BOOK

FEMALE INNOVATORS AT WORK Author // Danielle Newnham This book describes the experiences and successes of female innovators and entrepreneurs in the still largely male-dominated tech-world in twenty candid interviews. It highlights the varied life and career stories that lead these women to the top positions in the technology industry that they are in now.

BUY THE BOOK

LEAN IN: WOMEN, WORK, AND THE WILL TO LEAD Author // Sheryl Sandberg In 2010, [Sandberg] gave an electrifying TED talk in which she described how women unintentionally hold themselves back in their careers. Her talk, which has been viewed more than six million times, encouraged women to “sit at the table,” seek challenges, take risks, and pursue their goals with gusto.

BUY THE BOOK

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

Want to sponsor an event but have no one to execute it? Need stand out booth designs? Merchandise & Prize giveaways Booth social media presence Booth set up and pack down Booth staffing Booth marketing

LET US HELP YOU OVERCOME YOUR EVENT MANAGEMENT CHALLENGES

We can execute anywhere in Australia, REACH OUT TODAY FOR AN INSTANT QUOTE. The team at Source2Create has all the necessary skills to get the job done for you, so your time can be reserved to focus on other things.

With:

aby@source2create.com.au charlie@source2create.com.au source2create.com.au

SURFING THE NET

BLACK WOMEN IN TECH By Black Women In Tech Get the latest news and updates from our community, members' stories, new opportunities and more! Global Tech Advocates Black Women In Tech, formerly known as TLA Black Women In Tech, is a not-for-profit global organisation, based in London, dedicated to building bridges of opportunities in tech by enabling black female talents to excel and companies to have access to black women of talent. We are a community of black women tech advocates of all levels and allies who support and empower diversity and inclusion.

SEE GIRL WORK By See Girl Work Girl Work is a curation of work & lifestyle content for creative, entrepreneurial-minded women doing it for themselves. We publish content on topics related to freelance living, entrepreneurship, and career strategies. We feature profiles and interviews with women who are creating their own lifestyles on their own terms.

EVERY WOMAN IN TECHNOLOGY By Amy Gritzinger This blog will journal my pursuit of STEM education and careers for women and girls of all ages. Science, Technology, Engineering, and Math. I'm Amy Gritzinger, Technical Support Engineer, ViceChair Membership Committee at The Coordinate Metrology Society, FIRST Lego League Coach, STEM Advocat an panel speaker.

READ BLOG

TAKE THE LEAD

BUILT BY GIRLS

By Amy Zerba

By Rhonisha Ridgeway

Take The Lead prepares (with learning programs), develops (with mentoring), inspires (with role models) and propels (with thought leadership and movement building for systems change) women to take their fair and equal share of leadership positions across all sectors by 2025.

Challenging young women to be builders, creators, and innovators the protagonists in their own lives. Built By Girls is building the next wave of tech leaders - who just happen to be girls. We give young women the exposure, skills and network they need to get their first job in tech. We're her secret women.

READ BLOG

READ BLOG 96

W O M E N I N S E C U R I T Y M A G A Z I N E

READ BLOG N O V E M B E R • D E C E M B E R 2023

FINGENT | IDEAS TO MOTIVATE BUSINESS GROWTH By Fingent Sign up to get the latest updates and insights on IT solutions like custom software and application development that will help your business to solve complex challenges.

READ BLOG

DFIR DIVA By Ryan Chapman Digital forensics and incident response blog geared toward beginners. Hello! My name is Elan and I've been working as an Incident Response Analyst since May of 2019. My purpose for creating this site is to share the resources I use as I learn and grow in this field to help others who are interested in Digital Forensics & Incident Response (DFIR).

THE WOMEN IN TECH SUMMIT By WITS Get the latest conference news and announcements from WiTS. The Women in Tech Summit is a series of events that inspire, educate and connect women in all types and at all levels of technology careers.

READ BLOG

ALI'S BLOG By Ali Brown

THE GLASS HAMMER

SHE OWNS IT BLOG

By Sylvana Q.

By She Owns It

The Glass Hammer is an awardwinning blog and online community created for women executives in finance, law, technology and big business. Our goal is to Inform, Empower and Inspire professional women with our content and our network.

Features guest posts on the latest Entrepreneurial practices, tips, and advice on management, along with buzzing trends and lifestyle profiles. She Owns It is a media marketing company blog that focuses on female individuals in corporate to help grow their careers.

READ BLOG I S S U E 17

READ BLOG

If you are a go-getter who enjoys driving *results* through creative, targeted marketing strategies.. and would love working with an entrepreneurial organization that powers up women business leaders, this could be the perfect position for you. The Trust, the new, premier network for high-level female entrepreneurs led by awardwinning business mentor Ali Brown, is seeking a Growth Marketing Director to take our membership to the next level and beyond. We are a small team with big dreams.

READ BLOG WOMEN IN SECURITY MAGAZINE

Championing the women who keep us all safe

At NAB, a career in security is everything you make it. For Emma, Jalpa and Heidi, they’re empowering and inspiring more women and non-binary people to join the field. As a proud sponsor and supporter of the Australian Women in Security Network awards, we couldn’t be more excited to celebrate them as our three nominees.

Emma Neville

Jalpa Bhavsar

Heidi Winter

NOMINEE FOR

FINALIST FOR

NOMINEE FOR

Australia’s Most Outstanding in IT Security

Best Security Mentor NOMINEE FOR

Cybersecurity Champion

Best Volunteer

It’s finding your superpowers It’s more than a career at NAB. More opportunity. More moments to make a difference. More focus on you. Find your future career at nab.com.au/careers ©2023 National Australia Bank Limited ABN 12 004 044 937 AFSL and Australian Credit Licence 230686. A174588-0923

2023

#2023WISAWARDS

CELEBRATING EXCELLENCE: UNVEILING THE 2023 AUSTRALIAN WOMEN IN SECURITY AWARDS WINNERS by Abigail Swabey

The 2023 Australian Women in Security Awards

The event would not have been possible without

ceremony was more than just an event, it was

the support of sponsors like KPMG, the Australian

a celebration of authenticity, diversity and the

Signals Directorate, CyberCX, AusCERT, TAL Australia,

unmasking of our true selves. In a world where we

Everbridge, Sekuro, TrendMicro, NAB, Equifax,

often wear masks to project strength and courage,

Monash University and ISACA’s One-In-Tech. These

these awards encourage us to break free from those

sponsors share the vision of diversity, inclusion and

shields and embrace who we truly are. The power of

progress in the security industry.

authenticity, multiplied across countless individuals, has the potential to transform industries and

Under the theme Unmasking the Future of the Security

dismantle barriers of judgement and prejudice. It's a

Industry, the 2023 awards recognised and celebrated

rebellion that shatters the mould, fostering diversity,

winners, highly commended honourees and those

inclusivity and belonging.

deserving of special recognition. These individuals, initiatives and organisations have made incredible

This year's awards ceremony brought together a

contributions to the security community, propelling

record-breaking audience of 450 attendees, both in

us toward new heights.

person and via live streams from across the nation.

100

What began with just 200 attendees in 2018 has

The 2023 Australian Women in Security Awards

evolved into a vibrant celebration of excellence in

were a testament to the power of authenticity and

security, thanks to the dedication of individuals

diversity. They showcased the strength of individuals

like Charlie-Mae Baker and George Innis who

and organisations committed to shaping the security

meticulously crafted every detail.

industry's future. As the awards ceremony unfolded

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

it became a night of recognition and celebration, and

BEST SECURITY MENTOR

a reminder that, when we unmask our true selves, we

Winner: Asou Aminnezhad

pave the way for a brighter, more inclusive future.

Highly Commended: Jalpa Bhavsar Special Recognition: Sandy Assaf

Here are the deserving winners in each category.

BEST SECURITY STUDENT BEST VOLUNTEER

Winner: Eleni Lykopandis

Winner: Bronwyn Mercer

Highly Commended: Bethany Balazs

BEST PROGRAM FOR YOUNG INDIVIDUALS IN SECURITY

Winner: Rachell DeLuca

PROTECTIVE SECURITY CHAMPION

Winner: Purple Team Australia Highly Commended: ASD CyberEXP

THE ONE TO WATCH IN PROTECTIVE SECURITY

AUSTRALIA’S MOST OUTSTANDING IN PROTECTIVE SECURITY

Winner: Nadia Hammoud Special Recognition: Michelle Lee

Winner: Christina Rose Highly Commended: Amy Hewson

UNSUNG HERO Winner: Mina Zaki

BEST INDUSTRY INITIATIVE THAT SUPPORTS DIVERSITY, INCLUSION AND EQUALITY

Highly Commended: Gabriela Guiu-Sorsa

Winner: Purple Team Australia

BEST PLACE TO WORK IN SECURITY

Highly Commended: nbn’s Security Group Diverse

Winner: MF & Associates

Talent Program

Highly Commended: Equifax

I S S U E 17

WOMEN IN SECURITY MAGAZINE

101

CHAMPION OF CHANGE

WHAT SOME ATTENDEES SAID:

Winner: Matt Tett

"Attending this event was an incredible experience.

Highly Commended: Masseh Haidary

I had no idea what to anticipate, but it completely exceeded my expectations. Phenomenal!"

CYBERSECURITY CHAMPION Winner: Eva Chen

"I'm very grateful to have had the opportunity to

Highly Commended: Jess Dodson

attend the Women in Security Awards event. The

Special Recognition: Anubha Sinha

evening was nothing short of spectacular, filled with the brilliance of the cybersecurity industry's shining

AUSTRALIA’S MOST OUTSTANDING IN IT SECURITY

stars. Your thoughtful invitation and the meticulous

Winner: Lisa Currie

Can't wait for the event next year and hope to attend

organisation made it an unforgettable experience. it with the family. I do want to take a moment to

BEST INNOVATIVE BUSINESS RESHAPING THE FUTURE OF THE SECURITY INDUSTRY

express my deepest gratitude for including me in

Winner: AustCyber

successfully celebrated achievements but fostered a

Highly Commended: SecureCode Warrior

sense of unity and inspiration in all the attendees."

BEST SECURE CODER

"Lots of fun to be at the #2023WISAwards last night.

Winner: Medha Mishra

Thanks, Abigail Swabey. It was a fantastic celebration

such a meaningful occasion. The event not only

of women in #cyber. So many entries and so many

MOST INNOVATIVE EDUCATOR IN CYBERSECURITY

worthy winners."

Winner: Tech Inclusion, for the Girls’ Programming

The 2023 Australian Women in Security Awards

Network

celebrated the excellence, dedication and innovation of individuals and organisations in the security

102

CONVERGED SECURITY RESILIENCE CHAMPION

industry. The theme for 2024 promises to reflect on

Winner: Jacinta Thomson

future as we continue to shape the security industry

Winner: Chelsea Capizzi-Walsh

into a more diverse and inclusive space.

W O M E N I N S E C U R I T Y M A G A Z I N E

the progress made and ignite imaginations for the

N O V E M B E R • D E C E M B E R 2023

Cyber security is not what you do, it’s who you are. KPMG Cyber Security

Martijn Verbree

Luke Eason

Danny Flint

Matt O’Keefe

Mitra Minai

Gergana Winzer

Head of Cyber Security

Head of Technology Risk

Identity and Access Management

Cyber Security ASPAC Lead

Global Healthcare Lead & National Cyber Partner Health and Victoria Government

Mid-Market

Natasha Passley

Gregory Miller

Stuart Mort

Kelly Henney

Anna Poole

Veronica Scott

Financial Services

Government Cyber and Critical Infrastructure Security

Technology and New South Wales Government

Privacy and Data Protection

Energy Mining and Property

Law

Ross Widdows

Philippe Baker

Paul Black

Matt Dri

Angela Pak

Simon Martin

Corporates

Cyber Security Defense Lead

Incident Response and Intelligence

Investigations

Operational Technology

Technology Risk Financial Services

Cybersecurity Champion SPONSORED BY

WINNER Eva's dedication to mentoring aspiring cybersecurity professionals through the AWSN program, thereby shaping the future of the industry, is truly commendable. Her influence extends beyond the program, reaching current security practices, where she has instilled a security culture in agile software development processes. Eva has offered valuable guidance on privacy, the Information Security Manual, and risk assessments, leaving a lasting impact on the industry.

Eva Chen GRC Consultant

Her multifaceted approach aims to strengthen security practices across diverse organizations while nurturing cybersecurity talent. Eva's mentoring initiatives and work programs illustrate her active championing of cybersecurity, both within and outside her organization, all while providing essential support for women in the field.

HIGHLY COMMENDED

Jess is celebrated for her dedicated advocacy for women in the tech industry, harnessing her social media presence to inspire and educate, consistently sharing invaluable insights on digital security. Her impact reaches far beyond the digital realm, evident through her conference presentations and podcast appearances.

Jessica Dodson Senior Cloud Solution Architect, Microsoft

104

W O M E N I N S E C U R I T Y M A G A Z I N E

Jess's unwavering commitment to championing women in the fields of security and IT is truly commendable. She plays a vital role in increasing female representation in the industry and serves as a visible source of inspiration for women, providing them with the opportunity to see someone who mirrors their own potential.

N O V E M B E R • D E C E M B E R 2023

SPECIAL RECOGNITION

Anubha's journey of triumph over adversity is nothing short of inspirational. She generously shares this inspiration through her active involvement in the "Women of Identity" initiative at KPMG, and her potential to make a significant impact beyond her company is genuinely remarkable. Anubha's impressive achievements and unwavering resilience distinguish her as an exceptional leader in the security industry who uplifts others. Anticipation surrounds her future endeavors, and we expect even greater accomplishments from her in the years to come.

Anubha Sinha Director Digital Trust and Identity, KPMG

You’re a fearless innovator. Proud sponsor of the 2023 Australian Women in Security Awards. Explore where a career in Technology at KPMG could take you. Life at KPMG – KPMG Australia.

KPMG.com/au

I S S U E 17

WOMEN IN SECURITY MAGAZINE

105

Cybersecurity Champion SPONSORED BY

FINALISTS

NOMINEES

Jessica Dodson

Adara Campbell

Jessica Dodson

Senior Cloud Solution Architect Microsoft

Alex Nixon

Jessica Warburton

Alex Reale

Laiba Samar

Chief Growth Officer Secolve

Alisha Hummel

Lauren Veenstra

Anubha Sinha

Madhumita Iyer

Holly Wright

Asou Aminnezhad

Mahwash Mansoor

Belinda Burton

Martena Lawson

Eva Chen

Belinda Noel

Melanie Timbrell

GRC Consultant

Cara Wilkins

Melissa Misuraca

Elysha Padasian

Monica Zhu

Emily Ogilvie

Nikki Saunders

Emma Seaman

Olivia Preece

Eva Chen

Pooja Sharma

Farhana Dawood

Prachi Purohit

Gabriela Guiu-Sorsa

Ruby Prinu

Heidi Winter

Saba Bagheri

Holly Wright

Stephanie Gray

Jana Dekanovska

Tanu Bains

Jazmin Vergan

Thiri Ma Thiri Htay

Jen Waugh

Tori Elphick

Belinda Noel

Security Architect IBM

Emma Seaman Incident Response Analyst Fortinet

Anubha Sinha Director Digital Trust and Identity KPMG

Jenny Green

106

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

IN THE SPOTLIGHT WITH EVA CHEN: WINNER OF THE CYBERSECURITY CHAMPION AWARD In a recent interview, we had the privilege of speaking with Eva Chen, recognised as Cybersecurity Champion in the 2023 Australian Women in Security awards. She has shared insights into her journey and experiences, shedding light on her notable contributions to the field and her dedication to mentoring the next generation of cybersecurity talent. Eva joined the cybersecurity industry just one and a half years ago, bringing a wealth of expertise in application development, project management and organisational change management from the public service sector. Her journey in cybersecurity has been marked by a commitment to delivering security outcomes, fostering a security culture, addressing cybersecurity concerns and enhancing cybersecurity capabilities for clients. Beyond her work with clients she has also been instrumental in sustaining the cybersecurity industry by imparting her knowledge and experience to aspiring cybersecurity professionals. This commitment led Eva to participate in the Australian Women in Security Network (AWSN) mentoring program where she mentored individuals seeking to enter cybersecurity, and those new to it. Her goal was to make a lasting difference by not only helping

I S S U E 17

WOMEN IN SECURITY MAGAZINE

107

organisations enhance their security but also by

COMMITMENT TO DIVERSITY

nurturing cybersecurity talent for the future.

In addition to her mentoring efforts, Eva's journey has been marked by a commitment to diversity and

UNWAVERING MOTIVATION

inclusivity in the cybersecurity industry. She has

Despite being relatively new to cybersecurity Eva has

actively promoted these values by sharing her own

displayed unwavering motivation and dedication.

experiences as a female with a culturally diverse

She has actively pursued self-improvement by

background. Her advice to newcomers emphasises

participating in the AWSN Incident Response

building a support network, setting realistic goals,

competition, studying for the Certified Risk in

being open to exploration and pivoting within the

Information Security Controls (CRISC) certification

industry.

and attending industry events and workshops. Her dedication to continuous learning and growth

Looking to the future, Eva views her recognition

led to her being selected for the AWSN Emerging

as a cybersecurity champion as an honour and a

Leadership program sponsored by the Australian

testament to her commitment to the industry. Her

Signals Directorate (ASD).

aspirations include continuing to mentor and sustain the next generation of cybersecurity professionals,

One of the notable aspects of Eva’s career is her role

regardless of age, gender or background. She aims

as a mentor in the AWSN mentoring program through

to empower others to make a meaningful difference

which she has had mentees in different regions

in the ever-evolving landscape of cybersecurity.

of Australia. She has helped individuals enter the cybersecurity industry, provided guidance on various

Eva's journey exemplifies her dedication, mentorship

cybersecurity domains and on the differences

and commitment to diversity and inclusivity in

between government and the private sector.

the cybersecurity industry. Her story serves as an inspiration to aspiring cybersecurity professionals

Eva’s achievements and contributions have been

and underscores the importance of fostering the

widely recognised by her mentees and colleagues

growth and sustainability of talent in this critical

who acknowledge the positive impact she has made

industry.

on their careers. These testimonials reflect how Eva has empowered others to succeed in cybersecurity.

108

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

2024

CALL FOR EXPRESSION OF INTEREST

BECOME A SPONSOR TODAY EVENT DATE: THURSDAY | 10 OCTOBER 2024

If you're part of an organisation dedicated to promoting diversity and inclusion, we'd love to discuss our 2024 Awards packages with you. These packages are designed to further our shared mission of recruiting, retaining, and advancing women in the cybersecurity workforce.

CONTACT Aby@source2create.com.au or Charlie@source2create.com.au

By becoming a sponsor and supporting our event, you'll visibly demonstrate your commitment to celebrating diversity and recognising accomplishments within the security industry.

BUILDING BUSINESS RESILIENCY BY HELPING CIOS AND CISOS TAKE A STRATEGIC APPROACH TO CYBER SECURITY RISK MITIGATION AND DIGITAL TRANSFORMATION GOVERNANCE, RISK, & COMPLIANCE OFFENSIVE SECURITY TECHNOLOGIES & PLATFORMS MANAGED SECURITY SERVICES ROLE BASED CONSULTING

sekuro.io

Best Volunteer WINNER

Bronwyn Mercer Cybersecurity Architect, Microsoft

FINALISTS

Alexandra (Alex) Penna Chief Operating Officer Tech Inclusion/Girls' Programming Network

Bronwyn Mercer

Bronwyn's exceptional contributions, fueled by her technical prowess and a deep-seated passion for making a positive difference, truly distinguish her. Her steadfast dedication to cybersecurity and safety, coupled with her advocacy for underrepresented groups, positions her as an outstanding leader.

NOMINEES

Akansha Pandey Alexandra (Alex) Penna Baby Lyn Nagayo Bronwyn Mercer

Cybersecurity Architect Microsoft

Cherie Barringhaus

Akansha Pandey

Chloe Choy

Information Security Specialist Telstra

Emily Wingard Fiona Byrnes Jalpa Bhavsar Karen Hobson Meidi van der Lee Michelle Gatsi Shelly Mills

I S S U E 17

WOMEN IN SECURITY MAGAZINE

111

Best Secure Coder SPONSORED BY

WINNER

Medha's excellence in the security industry is evident through her innovative projects, such as security dashboards and gamification, which illuminate her commitment to advancing the field. Her leadership in introducing Application Security not only reduces vulnerabilities but also nurtures a security-first mindset among her peers and colleagues.

Medha Mishra Application Security Engineer, PaperCut Software

Medha's versatility, effective communication, and unwavering commitment to mentoring serve as an inspiration to the next generation of cybersecurity professionals. Her proactive vision for secure code reviews and incident recovery further solidify her well-deserved recognition, leaving a lasting and significant impact on the cybersecurity landscape.

FINALISTS

NOMINEES

Anisa Taj

Application Security Engineer The NRMA

Fadzayi Chiwandire

Fadzayi Chiwandire Security Consultant (Application Security) CyberCX

Medha Mishra Nancy Patel

Medha Mishra Application Security Engineer PaperCut Software

Nancy Patel Analyst Deloitte

112

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

You’ll be at the forefront of cyber security and part of a diverse team at ASD.

Play OPERATION CYBER and see if you have what it takes to protect Australia from cyber threats.

www.asd.gov.au

Play Now

IN THE SPOTLIGHT WITH MEDHA MISHRA: WINNER OF THE BEST FEMALE SECURE CODER AWARD In the ever-evolving realm of cybersecurity the

required, beyond technical skills, include a relentless

importance of secure coding cannot be overstated.

desire to learn and adapt. Early in her career Medha

As winner of the Best Secure Coder award, Medha

was fortunate to have exceptional mentors who

Mishra's journey into the world of secure coding has

invested time in nurturing her skills, making a

been nothing short of inspirational. Let's dive into her

significant difference in her development.

story and explore the insights she has to offer. As an expert in the application security space she

FROM CURIOSITY TO COMMITMENT

emphasises the importance of understanding

Medha's fascination with cybersecurity began at a

and addressing the shortcomings of DevSecOps

young age, just 14. Her journey into this complex

practices, such as developers' reluctance to engage

field was sparked by a rather amusing incident at

with application security testing results. Identifying

her high school. A fellow student had made an ill-

such pain points can lead to innovative solutions.

advised attempt to use their father's credit card on

For example, the introduction of a security sprint can

a dubious website, creating a chain of events that

help tackle backlog issues, or the creation of a unified

ultimately led to the entire school being addressed by

view from multiple security tools can streamline

a cybersecurity specialist. The talk delivered by this

application security testing.

expert left a lasting impression on Medha, igniting her passion for the world of security.

SECURE CODING IN ACTION In the cybersecurity landscape, challenges are a

In those early days her focus was primarily on

constant. One such challenge emerged during the

encryption. However, as she delved deeper into the

Log4j vulnerability incident. Medha had to swiftly

world of programming, her path took a different

assess the impact surface because the existing tools

course.

did not effectively detect and update already scanned projects. She devised workarounds to identify

SKILLS AND QUALITIES OF A SECURE CODER

vulnerable dependencies and initiate an appropriate

In Medha's view, secure coding is not a discipline

response.

radically different from coding. The key qualities

114

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

ADVICE FOR ASPIRING WOMEN IN CYBERSECURITY Medha's advice to aspiring women in cybersecurity is straightforward: tech is a fantastic field with fascinating work and substantial rewards. The potential isolation caused by the gender gap should not deter anyone from joining the industry. Women may be a minority in cybersecurity, but pioneers like Medha and her manager, Rebecca Tillman, have achieved remarkable feats. Joining the industry is the first step, and it holds the promise of fulfilling work and enduring friendships.

PROMOTING CYBERSECURITY AWARENESS As winner of the Best Secure Coder award, Medha hopes to reshape the perception that innovation and security are competing priorities. Her aim is for DevSecOps practices to be seen as the new norm, seamlessly integrated into the development process. Rather than innovation and security being competing priorities they should be partners in safeguarding the digital world.

INNOVATIVE APPROACHES AND STRATEGIES

published by the Open Web Application Security

Medha's innovative approach includes gamified

Project (OWASP) and security vendors. Engaging

dashboards that engage developers with scanning

with developer communities keeps her current with

tool results. This unique method makes it easier

emerging technologies. She also keeps an eye on

for developers to interact with security findings.

cybersecurity news outlets, ensuring she remains

She is also exploring the inclusion of a countdown

aware of the latest CVEs and threats.

timer into service level agreements covering these dashboards to enhance urgency.

COLLABORATION IN CYBERSECURITY Successful projects in cybersecurity often have

OVERCOMING GENDER CHALLENGES

top management buy-in. When C-suite executives

The challenges faced by women in cybersecurity are

understand and support cybersecurity initiatives,

multifaceted, and there is no one-size-fits-all solution.

projects tend to progress more smoothly.

One persistent issue, particularly concerning working mothers, is the perception that women are less

A VISION FOR THE FUTURE

available for work. Medha believes the widespread

Winning the Best Secure Coder award holds deep

adoption of remote work, post COVID, should render

personal significance for Medha. It connects her to

this misconception obsolete. Parenthood should not

a network of remarkable women in cybersecurity,

be a barrier to career advancement.

including her first female boss, Hannah McKelvie, who received the same award in 2019. Medha hopes

STAYING UPDATED IN CYBERSECURITY

to inspire more women to join the tech industry,

The ever-evolving nature of cybersecurity demands

enriching it with diverse perspectives and talent.

constant learning. To stay informed, Medha regularly

The world of tech is extraordinary, and with more

immerses herself in the vast volumes of content

women participating, it can only become better.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

115

Unsung Hero SPONSORED BY

WINNER Mina is recognised for her tireless efforts in championing women, culturally diverse individuals, and those exploring careers in cybersecurity, thus broadening the industry's horizons. Her multifaceted impact extends from aiding tech job seekers to mentoring newcomers in the industry, guiding startups, and actively contributing to the community.

Mina Zaki Cyber Alliances Lead, KPMG

Mina brings a compassionate and human touch to cybersecurity, transcending the industry to create a tangible difference in the lives of women and children in Afghanistan. Her role in establishing and nurturing an Indigenous Cyber Company further exemplifies her unwavering commitment to diversity and inclusion. Mina's dedication to helping others succeed serves as a testament to her character and her belief that we all rise together.

HIGHLY COMMENDED

Gabriela Guiu-Sorsa Cyber Security Adviser

116

W O M E N I N S E C U R I T Y M A G A Z I N E

Gabriela's unwavering dedication to cybersecurity and inclusivity shines through her roles as a mentor, ambassador, and AWSN Strategic Adviser. Her initiative, "Cyber Security Champions of Tomorrow," designed to empower women and minority groups, has played a pivotal role in securing new opportunities in the cybersecurity field. Gabriela's personal journey and resilience serve to amplify her advocacy, and her steadfast efforts have undeniably contributed to enhancing diversity and inclusivity within the industry.

N O V E M B E R • D E C E M B E R 2023

FINALISTS

NOMINEES

Mina Zaki

Alethea Fu

Lisa Lay

Cyber Alliances Lead KPMG

Amanda Lee

Mahima Kopparam

Amanda Sabbouh

Gabriela Guiu-Sorsa

Amanda Soo

Cyber Security Adviser

Anjali Varghese

Melanie Ninovic Principal Consultant - Digital Forensics & Incident Response (DFIR) Paraflare

Evangeline Endacott Cyber Defence Analytics Researcher Commonwealth Bank of Australia

Christie Wilson Cyber Resilience Manager UniSuper

Nelda Johannesen Senior Security Advisor • Security Operations nbn

Jessica Britz Senior Cyber Analyst, Third Party Governance and Risk TAL Services Limited

Caroline Cui Christie Wilson Cindy Kennedy Deanna Gibbs

Mary Tokic Maryam Shoraka Melanie Ninovic Melissa Cavallo Mina Zaki Montana Oliver

Enid Zeng

Nelda Johannesen

Evangeline Endacott

Rachel Mansson

Ffrances Lawes

Ritu Dahiya

Gabriela GuiuSorsa

Sam Moody

Nichole Franks

Hannah McKelvie Helen Flaherty Jessica Britz

Shivani Prajapati Shyvone Forster Skye Wu

Joannie Lee-Lang

Sriya Jayawardana

Jordan Roberts

Tayla Jones

Kristy Michael

Zoe Hassett

Kylie Johnson

2023

I S S U E 17

Thank you to our sponsors WOMEN IN SECURITY MAGAZINE

117

Best Program for Young Individuals in Security WINNER

Purple Team Australia This collaborative initiative actively involves women and First Nations Australians, offering a comprehensive pathway for holistic cybersecurity education and talent management. It stands as an exceptional contribution towards closing the cybersecurity gap. By steadfastly emphasising diversity and education, it is driving substantial changes and redefining the cybersecurity landscape.

HIGHLY COMMENDED

ASD CyberEXP - LifeJourney in partnership with ASD This innovative program immerses Australian students in the dynamic realm of cybersecurity through engaging online experiences and activities. Its profound impact is indisputable, reflected in the unwavering dedication of LifeJourney and ASD to cultivate the next generation of cybersecurity professionals and spark authentic curiosity about this critical field.

FINALISTS

NOMINEES

ASD CyberEXP

Code Like a Girl Purple Team Australia

Australian Defence Force Cyber Gap program

Microsoft Traineeship program (MEGT)

Purple Team Australia

Code Like a Girl CommBank X Telstra Girls in Tech Event CyberFit Nation Cybermarvel - online safety education program

118

W O M E N I N S E C U R I T Y M A G A Z I N E

Microsoft Traineeship program (MEGT) HerTechPath Macquarie Group’s Tech Select Program Sekuro Hackcelerator Mentorship Program Trend Micro Certification Program in IT Security

N O V E M B E R • D E C E M B E R 2023

IN THE SPOTLIGHT WITH PURPLE TEAM AUSTRALIA: WINNER OF THE AWARD FOR BEST PROGRAM FOR YOUNG INDIVIDUALS IN SECURITY In the ever-evolving landscapes of security and cybersecurity, the recognition of outstanding programs geared towards nurturing young talent is of paramount importance. Today, we have the privilege of delving into the remarkable journey of Purple Team Australia, winner of the Best Program for Young Individuals in Security award.

A PROGRAM WITH A PURPOSE The Purple Team Australia program is a purposedriven initiative aimed at empowering young individuals, particularly women and First Nations Australians, to take the helm in the cybersecurity workforce. At its core the program's mission is to bridge the skills gap and remedy the personnel shortage facing the cybersecurity industry. The unique approach taken by Purple Team Australia involves providing a holistic support system for its students, known as Purple Teamers. Through multiple touch points participants are guided, encouraged and prepared for the challenges of the cybersecurity world. These touch points

I S S U E 17

WOMEN IN SECURITY MAGAZINE

119

include webinars hosted by program staff and

ensuring they are placed into roles that suit

featuring presentations from industry experts and

them best.

instructors. Additionally, Purple Teamers benefit from access to dedicated volunteer mentors offering

The program provides a well-rounded education

invaluable guidance.

encompassing theoretical concepts and practical applications of cybersecurity. It covers topics such

A talent manager plays a pivotal role in helping Purple

as IT Essentials, Blue Team, Red Team, and Purple

Teamers find job roles that align with their aptitudes

Team. The practical aspects provide Purple Teamers

and interests. At the culmination of their journey

with hands-on experience, ensuring they are well-

participants receive micro-credentials and various

prepared for the challenges of the industry.

subscriptions, reinforcing their skills and knowledge. Mentorship plays a crucial role in the program's

THE INSPIRATION BEHIND THE PROGRAM

success. Passionate mentors have devoted their

The genesis of Purple Team Australia can be traced

time to guide students, providing them with unique

back to a pressing need for diversity in cybersecurity.

opportunities to learn from industry professionals

The program's founders recognised that the

across various disciplines in cybersecurity.

cybersecurity industry faced a critical skills shortage and nurture talent from various backgrounds,

CRITICAL SKILLS AND KNOWLEDGE FOR SUCCESS

including women and First Nations Australians.

In the cybersecurity and security industries attitudinal

and were inspired to create a platform to welcome

attributes like a strong problem-solving mindset and They believe diversity to be the key to introducing

critical thinking skills are highly regarded. While the

a fresh perspective and balancing the industry's

program equips students with knowledge about kill

workforce. By embracing a diverse range

chains and threat hunting, it also places significant

of talents the program aims to leverage the

emphasis on cultivating the right attitude.

unique perspectives and skills offered by these underrepresented groups.

Effective communication is another essential skill. Purple Teamers are encouraged to use a

STORIES OF SUCCESS

collaboration platform to foster collaboration, discuss

The impact of the Purple Team Australia program

challenges, support one another and build a spirit of

can be best described through the success stories

community and collaboration.

and testimonials of the young individuals it has their experiences and achievements via LinkedIn

FOSTERING COLLABORATION AND MENTORSHIP

articles, highlighting how the program has positively

Collaboration and mentorship are central

influenced their careers in the security sector.

components of the Purple Team Australia program.

nurtured. These Purple Teamers have shared

The initiative promotes collaboration by hosting

INNOVATIVE APPROACHES FOR ENGAGING YOUNG TALENTS

regular expert-in-residence sessions. These sessions

Creating a successful program for young individuals

professionals across the cybersecurity spectrum.

enable students to interact with and learn from

in security requires innovation and dedication. Purple

120

Team Australia has crafted a unique recruitment

The mentoring aspect of the program is equally

process that evaluates candidates' cyber-specific

vital. Dedicated mentors conduct regular mentoring

aptitudes through a test and an interview with the

sessions, addressing topics selected by the students.

talent manager. This process helps identify students'

These interactions create a sense of community and

skill levels and their passion for cybersecurity,

collaboration crucial in the cybersecurity realm.

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

OVERCOMING CHALLENGES FOR CONTINUED SUCCESS

champion the cause of women and First Nations

As with any program, the Purple Team Australia

the program, ensure it caters to their unique

initiative has faced its fair share of challenges,

requirements and delivers benefits to them.

Australians has enabled these groups to access

especially in its pilot phase. Constructive feedback from students and mentors has proven invaluable,

A BRIGHT FUTURE

enabling the program to adapt and evolve. This

Winning the award for Best Program for Young

continuous feedback ensures the ongoing success

Individuals in Security is a remarkable achievement

and improvement of the program in subsequent

for Purple Team Australia. The program's founders,

iterations.

partners, sponsors, mentors and students all share in this honour.

MEASURING IMPACT AND SUCCESS The true measure of success for Purple Team

As it looks to the future, Purple Team Australia

Australia lies in the feedback provided by students.

hopes this award will shed light on the significance

They report that the program has boosted their

of equality and inclusivity in cybersecurity. By

confidence and skills, which reinforces its sense of

demystifying the industry and instilling confidence in

purpose and confirms its contribution to nurturing

individuals from all walks of life the program aspires

the next generation of security professionals.

to inspire a diverse range of talents to join the cybersecurity realm. After all, in cybersecurity, there

DIVERSITY AND INCLUSIVITY

is a role for everyone. Everyone needs to discover

Diversity and inclusivity are at the heart of Purple

where their skills and passion can make a difference.

Team Australia. Collaboration with experts who

I S S U E 17

WOMEN IN SECURITY MAGAZINE

121

Best Industry Initiative that Supports Diversity, Inclusion and Equality WINNER

Purple Team Australia Cybermerc The Purple Team Australia Program’s outstanding commitment to coownership, real-world skills, inclusivity, partnerships, and feedback-driven improvement has revolutionised workforce development. Its unwavering dedication to tackling cybersecurity challenges and promoting diversity, inclusion, and excellence sets it apart.

HIGHLY COMMENDED

nbn Security Group Diverse Talent Program by nbnCo This program breaks norms, reaching beyond typical internships for innovation, inclusivity, and industry impact. It underscores nbn’s commitment to a diverse and thriving environment. With opportunities spanning the entire Security Group, it drives meaningful projects for Australia’s digital future.

FINALISTS

nbn Security Group Diverse Talent Program

ANZ Spectrum Program

by nbn Co

Aya Leadership Programs

Women in Security Mentoring Network by AWSN, ASD & OK RDY

Purple Team Australia Cybermerc

Aya Leadership: Women in Security Leadership Development by Dr. Susan McGinty

CyberCX Academy: All-Women Cohort CyberCX

122

NOMINEES

W O M E N I N S E C U R I T Y M A G A Z I N E

nbn Security Group Diverse Talent Program Purple Team Australia

Cyber Insights Series: Women in Cyber

Security's Got Talent Initiative, Accenture

CyberCX Academy: All-Women Cohort Cynapse

Telstras Cloud Security Secondment Program

Deloitte Cyber Academy

Women in Security Mentoring Network by AWSN, ASD & OK RDY

ISACA OneInTech

N O V E M B E R • D E C E M B E R 2023

MONASH UNIVERSITY Monash University, a sponsor and supporter of the 2023 Australian Women in Security Awards, was also nominated for the Best Place to Work in Security Award. This of course came as no surprise to the people who work there. Monash’s nomination for the award outlined the programs they have to support their inclusivity goals, and we explore these with the stories of three of their team. Monash University, a sponsor and supporter of the

was a strong fit for her role as manager of cyber

2023 Australian Women in Security Awards, was also

awareness and outreach.

nominated for the Best Place to Work in Security Award. This of course came as no surprise to the

The team’s responsibilities extend well beyond

people who work there. Monash’s nomination for the

the role of keeping Monash University information

award outlined the programs they have to support

and assets safe. It has research engagement

their inclusivity goals, and we explore these with the

as well as membership in the Defence Industry

stories of three of their team.

Security Program, a certified ISO27001 environment and FIRST (Forum of Incident Response and

The Monash cyber team, on which its nomination

Security Teams).

will be assessed, comprises 48 staff and while it has not yet achieved gender parity, with 18 women (37.5

In its nomination the university says it takes

percent) it has double the national average. In the

‘a strategic multifaceted approach supporting

2021 census only 17 percent of people giving their

women and non-binary staff to thrive’ with targeted

profession as cyber security were women.

initiatives, tailored development opportunities and by eliminating systemic barriers to hiring and career

Senior security systems engineer, Thiri Htay, joined

advancement through policy changes. These include:

the team as a qualified security analyst in 2018 and was only the second woman in a team of nine.

THE WITH YOU WITH ME RECRUITMENT PROGRAM

Nathira Rajagopal, is a cyber threat intelligence and

Monash wanted to fill digital skills gaps with diverse

vulnerability management analyst in the cyber team

candidates from underrepresented communities.

but started her career at Monash IT service desk. It saw this as an opportunity to strengthen both Fiona Collie joined the cyber team this year with no

its team and the broader IT workforce with a

cyber skills, but her behaviour change background

more cohesive culture of unique skills, ideas and

I S S U E 17

WOMEN IN SECURITY MAGAZINE

123

From left to right: Nathira Rajagopal, Fiona Collie and Thiri Htay

viewpoints, while also offering opportunities to

community of students, staff and alumni who are

those who had been hindered by traditional barriers

deeply engaged with the wider community and

to employment.

supporting the dissemination of university knowledge and practice.”

SENIOR WOMEN’S SHADOWING PROGRAM This program supports the career progression of

Htay says her experience reflects this, “I was

women into senior executive by enabling them to

concerned about any culture and technology

shadow senior executives for six months.

gap,” she says. “However, the people, culture and Monash cyber team not only recognised my skills,

PRIDE IN ACTION LEADERSHIP PROGRAM

knowledge and experiences but also provided me

Monash became a gold sponsor of the Victorian

with opportunities to grow my career by supporting

Pride Centre’s ‘Pride in Action’ leadership program

me with engaging projects, training and opportunities

which also allows four of its LGBTIQA+ staff to

to achieve certifications.”

participate. Rajagopal agrees “Being an international student,

124

The university defines its inclusivity goals in its

it wasn’t easy to land my first job,” she says. “My

strategic plan. Monash commits to “seeking talented

interest in the area of cyber led me to look for

students and staff, irrespective of gender, sexuality,

opportunities. The Monash Cyber team provided

race, ethnicity, disability, cultural, social or economic

those to me. They gave me an opportunity to learn

circumstances and any other protected personal

and grow while contributing to cyberoperations on a

characteristic, and building a diverse and connected

daily basis.”

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

Monash has a gender equality plan “to address

encouraged to recognise the whole person to gain a

gender inequities for all staff, eliminate the systemic

comprehensive picture of an application’s potential

barriers to professional development, career

in the role, the full breadth of their experience, their

advancement, and to achieve gender and salary

professional track record and their full range of skills

parity in senior roles, as well as towards a deep and

and abilities.

broad inclusiveness all across the University.” Collie is one staff member thankful for this approach. Since 2017 Monash has had a ‘Respect at Monash’

She says Monash took a chance hiring her. “Although

committee, charged with overseeing its commitment

I had a strong communications and behaviour

to the prevention of sexual harassment, sexual

change background, I had low cyber knowledge

assault and gender-based violence. The committee

and zero cyber experience. They have invested in

has a reporting line to the vice chancellor through the

upskilling my cyber knowledge both with a SANS

university’s equity, diversity and inclusion committee

course and through knowledge transfer, when I ask

and the vice-chancellor’s executive group.

a gazillion questions of my colleagues. I was new in the role a month, when my manager enrolled me in

To further its commitment to gender equality, in

the SANS course. I’ve never had an employer invest

2015 Monash signed up to the Athena Swan Charter,

that much in my professional development before.”

a worldwide framework to support and transform gender equality within higher education and research.

WORKING CULTURE Collie’s favourite thing about working at Monash

FOCUS ON CONTINUAL LEARNING

is the collaboration - internally and externally. “I

The Monash cyber team has a focus on learning

haven’t experienced it at this scale in any other

to keep up with current trends and for employee

organisation. Maybe it is a university thing? For

development.

example, I share observations, challenges and work with cyber awareness colleagues in other Australian

Since starting at Monash Htay has gained two SANS

universities. It is like being 20 percent more efficient

certifications (GCED and GPCS) and an AWS Certified

than working in isolation.”

Security Speciality certification. “Monash has given me opportunities to take care of cyber capabilities in

Rajagopal loves the work culture. “We have a diverse

cloud, applications and network security as a senior

team with open communication and they are very

security systems engineer,” she says. “All cyber team

supportive. I felt very welcomed when I first joined

members are registered or affiliated with cyber

the team, and it is still the same. Above all, we have a

related organisations such as AISA, AusCERT and the

great leadership team who are transparent with their

ACSC. These partnerships allow the team to engage

staff and make sure employees are well treated. They

with people from different sectors, sharing and

also make sure to recognise individual performances

learning what challenges our sector has.”

as well as to guide them through difficult phases.”

DEDICATION TO UNBIASED RECRUITMENT

Htay agrees, “The Monash cyber team treat each

Hiring managers are supported by a resource

other as a family. The culture is based on kindness,

that demonstrates how to conduct unbiased

knowledge sharing and encouragement - and we

selection and inclusive interviewing. They are also

have the best leadership team.”

I S S U E 17

WOMEN IN SECURITY MAGAZINE

125

Champion of Change WINNER

Matt Tett Managing Director, Enex Testlab Matt's dedication to championing change, fueled by a profound belief in equality and the value of diverse perspectives in cybersecurity, is readily apparent. His proactive efforts to address gender underrepresentation and drive systemic change are truly commendable. Matt's personal encounters with gender bias and discrimination have only intensified his commitment to inclusivity. His unwavering passion for empowering women in his role as a Champion of Change serves as a truly inspiring example in the industry.

Masseh Haidary HIGHLY COMMENDED

CEO, Global Payments Masseh is recognised for their remarkable contributions to gender equality in cybersecurity, exemplified by initiatives such as women in leadership programs and collaborations with universities for STEMfocused graduate programs. Their unwavering dedication to providing high school work experiences has not only inspired but also created opportunities for young females, fostering a culture of respect and female leadership. Masseh's transformative mentorship has guided numerous women into senior leadership roles, standing as a testament to their commitment and impact in the field.

FINALISTS

John O'Driscoll Justice Sector CISO, Victoria State Government Department of Justice and Community Safety

Dan Goldberg CEO, Cybza

Matt Tett

Amandeep Bambhra

Ed Messina

Matt Tett

Amreet Prasad

Greg Janky Greg Sawyer

Nishan Rajapaksa

Anthony Moore Brad McGrath

Ian Yip

Chris McDonald

James Nunn‑Price

Managing Director, Enex Testlab

Craig Ford

Jay Hira

Dan Goldberg

John O'Driscoll

Jay Hira

Darcy Nicolle

Layne Hesse

Founder and Executive Director MakeCyberSimple

David Owen

Masseh Haidary

Dr. Venkat Balakrishnan

Mat Franklin

Masseh Haidary CEO, Global Payments

126

NOMINEES

W O M E N I N S E C U R I T Y M A G A Z I N E

Noel Allnutt Piya Shedden Prashant Haldankar Sean Hugo Simon Gribble Tony Garner Troy Vanderplas

N O V E M B E R • D E C E M B E R 2023

IN THE SPOTLIGHT WITH MATT TETT: WINNER OF THE CHAMPION OF CHANGE AWARD PAVING THE WAY FOR GENDER EQUALITY IN CYBERSECURITY The world of cybersecurity is ever-evolving, with ground-breaking advancements and challenges emerging at a breathtaking pace. However, one aspect that requires equal acceleration is gender equality. As a champion of change and the managing director of Enex TestLab, Matt Tett has been actively engaged in promoting and nurturing gender equality in the cybersecurity industry. In this article we explore his motivations, experiences and the transformational journey he has embarked on.

THE DRIVE TO BECOME A CHAMPION OF CHANGE Matt Tett's decision to become a champion of change was catalysed by the stories and experiences of his peers in cybersecurity. These narratives unveiled a disheartening reality of gender bias and discrimination, especially in professional settings and industry events. Many talented individuals, particularly women, were made to feel unwelcome and marginalised. Matt recognised the dire need for the industry to unite and create a safe, welcoming and inclusive environment for all its members.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

127

ILLUMINATING REALITIES THROUGH PERSONAL EXPERIENCES

Male leaders in cybersecurity can be the driving

THE ROLE OF MALE LEADERS

The importance of addressing gender-based

force behind change. They can serve as exemplars

discrimination and bias in the workplace became

of recognition and reward based on merit. Creating

apparent to Matt through a multitude of others

an inclusive culture is paramount in the industry.

relating their personal experiences. While he refrains

Organisations that actively foster inclusivity quickly

from singling out specific instances he acknowledges

gain positive reputations, and their commitment to

that such experiences are, regrettably, recurring. This

an equitable culture becomes widely acknowledged.

repetition serves as a stark reminder that much work remains to be done, and that the journey towards

FAIR HIRING AND PROMOTION PRACTICES

genuine equity within the industry continues.

Matt reiterates that his organisation follows a merit-based approach as mentioned earlier. It looks

GENDER DIVERSITY: ENRICHING THE CYBERSECURITY LANDSCAPE

beyond gender to consider a candidate's merits, skills, background and experience.

Gender diversity offers a wealth of advantages to any industry, and particularly to cybersecurity. The

MENTORSHIP AND SPONSORSHIP

benefits span various aspects, from the diversity of

In Matt’s small to medium-sized organisation,

life and career experiences to a broader spectrum

specific mentorship programs may not be present,

of thought and perspective. Given that gender

but cybersecurity training is accessible to all staff

balance is inherent in the population, industries with

members, regardless of gender. This enables

disproportionate gender representation stand to gain

interested individuals to pursue their interests

from a more balanced opinion and the elimination of

further, and the company sometimes financially

ingrained biases.

supports employees' participation in cybersecurity courses.

CONCRETE ACTIONS TO PROMOTE GENDER EQUALITY

SUPPORTING FEMALE EMPLOYEES

In Matt's organisation the principles of gender

Ensuring the voices of female employees are heard

equality and diversity are firmly ingrained. The

and their perspectives valued requires gender

company follows a merit-based policy during hiring

balance in the management team. An organisational

and promotion processes. Emphasis is placed

culture built on support is fundamental. Regular

on skills, education, background and experience

meetings with all staff members provide an

rather than gender. Management is committed to

opportunity for feedback and input, ultimately

maintaining gender balance, right from the top.

influencing decision-making.

Continuous education and training are central to this approach, and work-life flexibility is prioritised,

ADVICE TO MALE LEADERS

because it is often of more importance to employees

For male leaders seeking to champion gender

than financial rewards.

equality and diversity, Matt's advice is simple: fear not, step out of your comfort zones, educate

OVERCOMING CHALLENGES

yourselves and become allies. Everyone makes

Being a business owner allows Matt to circumvent

mistakes, but learning from these mistakes is

many of the challenges that may be encountered in

crucial. The rewards far outweigh any reservations.

promoting gender equality. The primary challenge is

Providing support to those who need it the most is a

the lack of gender diversity in applicants responding

profoundly rewarding endeavour.

to job openings. In such cases, Matt proactively seeks to increase diversity where possible.

128

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

MEASURING IMPACT

RESOURCES AND BEST PRACTICES

The metrics for measuring the impact of efforts to

Matt believes the most valuable resource to be

increase gender diversity and reduce discrimination

the individuals who have generously shared their

are complex, making the outcomes of such efforts

experiences and insights with him. Learning from

difficult to quantify. Matt's approach is to support

those who have faced adversity within the industry is

those in need and focus on the collective effort.

invaluable. His advice to future champions of change

Achieving equity will eventually result in a balanced

is to seek out mentors and peers and learn from

industry where discrimination has no place.

their journeys.

POSITIVE OUTCOMES

LONG-TERM GOALS

Matt's dedication to gender equality has contributed

In the long run, Matt envisions a future where his role

to an encouraging trend in the industry. Many

as a champion of change is no longer necessary,

organisations across different sectors are

because true equity will have become the industry

implementing diversity, equity and inclusion policies,

standard. This transformation requires collective

signifying a collective move in the right direction.

effort, and Matt encourages others to join this ongoing journey.

HANDLING RESISTANCE When faced with scepticism or resistance, Matt takes a proactive approach. He identifies the underlying causes, which are often rooted in perceived threats or peer pressure. He aims to address these concerns by showcasing the impact of bias on individuals, organisations and the industry. Encouraging individuals to empathise with others' perspectives and fostering understanding can be transformative.

I S S U E 17

"Change may be gradual, but it is undeniably attainable. The ultimate goal is balance and a discrimination-free industry, and there is no time like the present to embark on this mission".

WOMEN IN SECURITY MAGAZINE

129

Converged Security Resilience Champion SPONSORED BY Chelsea Capizzi-Walsh Executive Manager Crisis Management, Commonwealth Bank of Australia

WINNER

Chelsea is recognised for her leadership in the Commonwealth Bank's UTAS partnership, where she has played a pivotal role in enhancing crisis capability through innovative scenario planning. Her work is not only impactful but also inspiring to future security leaders. Chelsea's dedication to empowering young women in technology is particularly commendable, as she actively encourages and supports them in their career journeys. Furthermore, her active engagement in various industry groups and networks has been instrumental in advancing the integration of cyber and physical security measures, as well as the development of industry-level exercises. Chelsea's valuable insights and best practices contribute significantly to the continued growth and improvement of the security industry.

Jacinta Thomson Director (SES1) Police Enquiry and Data Sharing department, Victoria Police

WINNER

Jacinta's leadership is the driving force behind real transformative change, strengthening cyber governance and security. Her visionary approach leaves a lasting impact on information security and community safety, making her a true pioneer in the field. Jacinta's exceptional interpersonal skills are instrumental in fostering collaboration, trust, and secure information sharing partnerships. Her extensive protective security experience instills confidence among stakeholders, rendering her an exemplary figure in the realm of cybersecurity and governance.

FINALISTS

NOMINEES

Jacinta Thomson

Roseline Christopher

Chelsea Capizzi-Walsh

Director (SES1) Police Enquiry and Data Sharing department Victoria Police

Consultant Sekuro

Frances Bouzo

Chelsea Capizzi-Walsh Executive Manager Crisis Management Commonwealth Bank of Australia

I S S U E 17

Sammie Yuan Security & Risk Associate SecRisk

Jacinta Thomson Meg Tapia Roseline Christopher Sammie Yuan Supun Lokuliyana

WOMEN IN SECURITY MAGAZINE

131

IN THE SPOTLIGHT WITH JACINTA THOMSON: WINNER OF THE CONVERGED SECURITY RESILIENCE CHAMPION AWARD The Converged Security Resilience Champion award

fortunate to take on successive leadership roles with

goes to the individual judged to have best mastered

a protection of community focus and an evolving and

the art of balancing the convergence of digital and

increasing aspect around converged security and

physical security, to have proven their ability to

building resilience,” she says.

identify and address the challenges that arise when dealing with both cyber and physical security and

Jacinta has a demonstrated track record in leading

to have united the management of physical and

complex, high-risk, high-profile programs from

cybersecurity within their organisation, and the

design to implementation. With a background in

teams responsible for each aspect.

law enforcement, protective security and industry relations she has built and led high performing teams

The 2023 Converged Security Resilience Champion is

to deliver and promote convergence between cyber

Jacinta Thomson, Director of the Police Enquiry and

and physical security outcomes at a state, national

Data Sharing Department (PEDSD) of Victoria Police

and international level.

where she leads a team of 150 staff operating 24/7.

132

Her department securely shares law enforcement

Her inspiration to join the police force came from

information and data in real time to enable police

a life-threatening experience: as an 18 year-old she

officers, protective services officers and state and

was abducted by a taxi driver. “The injuries suffered

national governments to operationalise legislation,

saving my life saw a long recovery and fired a desire

inform decision making processes and manage risk

for a Victoria Police career motivated by the example

to protect life and property, deliver community safety

of caring detectives who helped in my hour of need,”

and help those in need of assistance.

she says.

Her current role is the latest in an almost 30 year

PROVIDING SERVICES TO VICTORIA

career in converged security. “Since graduating

Key services her department provides include

from Victoria Police Academy in 1994 I have been

recording and monitoring crime, offender records

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

and non-crime information, bail, warrants, court

A CONSENSUS BUILDER

results management and continuous data quality

This involved management of all protective

checking services.

security domains and security/cyber incident response. To establish this framework Jacinta

Jacinta’s current role is her fourth stint with

had to build consensus on the operational details

Victoria Police. In a previous role as acting

and implementation of the strategy across the

executive director of investment management and

department and many statutory agencies within

reporting, she led the development of a multiyear

the justice portfolio. This meant moving away

investment framework and strategy to reposition the

from the entrenched and traditional IT led security

organisation’s planning of investment management.

arrangements and thinking to deliver a culture that

The strategy has strengthened leadership

embraced security as ‘everyone’s business’.

governance, risk management and decision-making processes regarding prioritisation of IT infrastructure,

Alongside this work she also led the DJCS Emergency

security/cyber and data capabilities and investment.

Management Framework to uplift internal crisis management, notifiable incidents management,

At a federal level, as a director in the Department of

business continuity and emergency management

Defence, Jacinta led a national program and team to

preparedness, response and recovery activities.

deliver the Defence Industry Security Program (DISP), focused on minimising security risks and raising

Both frameworks repositioned justice strategic and

levels of security protection across the security

operational capability and increased trust between

categories of governance, personnel security,

agencies, and the Office of the Victorian Information

physical security, information and cybersecurity.

Commissioner. They resulted in Jacinta being nominated for and receiving the 2019 IPAA(Vic)

In another role as director of security management

Top 50 Public Sector Women Award – Established

and assurance in the Victorian Department of Justice

Leader category.

and Community Safety (DJCS), Jacinta worked closely with the Department of Premier and Cabinet’s

She also led the strategic transformation of DJCS

cybersecurity unit to build a justice incident response

from a siloed model of more than 50 entities largely

capability, and led the delivery of a DJCS security

focused on traditional IT approaches to a modern

management framework and strategy to implement

security management framework that empowers

the Privacy and Data Protection Act 2014 and the

and enables people to meet responsibilities through

Victoria Protective Data Security Standards.

trusted, innovative and risk-based solutions.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

133

The One to Watch in Protective Security WINNER

Nadia Hammoud Manager, Security & Emergency Response Centre (SERC), nbn Nadia's 19-year journey in critical security roles is a testament to her excellence and resilience. Her remarkable capacity for innovation, even in the face of bias and discrimination, highlights her untapped potential. Nadia's ability to draw lessons from Brazilian Jujitsu to navigate challenges and foster personal growth is truly commendable. Her inspirational story leaves us eagerly anticipating the next chapter of her journey.

SPECIAL RECOGNITION

Michelle Lee Identity and Access Analyst, TAL Services Limited Michelle's dedication and unwavering drive have paved the way for remarkable achievements, notably in her role at TAL. Her contributions transcend her immediate work environment, as evidenced by her active involvement in the CySec Leaders Summit and her prominent role in Privileged Access Management, where she has earned recognition as a subject matter expert. Michelle's exceptional leadership qualities are evident, and her commitment to peer support and social learning is palpable through her role as a co-founder of UTS BITCOM.

FINALISTS

Danielle Mitchell Training Manager APAC/IMEA Gallagher Security

Nadia Hammoud Manager, Security & Emergency Response Centre (SERC) nbn

Aimee Rick Assistant Agency Security Advisor Attorney General's Department

134

Vanessa Kong

NOMINEES

Lara Baillie

Senior Security Engineer Mantel Group

Alyssia Balic

Lara Baillie

Caitlin Galpin

Security Governance Officer Sydney Metro

Caitlin Sauza

Michelle Lee Identity and Access Analyst TAL Services Limited

W O M E N I N S E C U R I T Y M A G A Z I N E

Aimee Rick

Caroline Ng Claudia Chevelle Squire Danielle Mitchell Emma Uddin Fadzayi Chiwandire

Lucy Stevenson

Nievedha Karthikeyan

Madeleine Stewart-Teh

Nikita Gossain

Marina Azar Toailoa

Parneet Mehar

Marnie McLeod

Rebecca Kitt

Melanie Hanson

Niran Garcha Rati Mehrotra Rimple Kapil

Michelle Lee

Sandhya Gawali

Mina Zaki

Vanessa Kong

Nadia Hammoud

Joanne Denaro

N O V E M B E R • D E C E M B E R 2023

Source2Create Spotlight

Podcasts

We can GENERATE LEADS from your PODCAST

We can SCRIPT & CREATE your PODCAST

We can ADVERTISE & SOCIALISE your PODCAST

5 SERIE S PODCA ST AUD$10 ,000 Ex GST

REACH OUT TODAY

charlie@source2create.com.au

aby@source2create.com.au

Our Services Incident Support Phishing Take-Down Security Bulletins

Australia’s Pioneer Cyber Emergency Response Team

Security Incident Notiﬁcations Sensitive Information Alert

Proudly providing cyber security services & expertise for 30 years strong.

Early Warning SMS

AusCERT provides member organisations with proactive and reactive advice and solutions to current threats and vulnerabilities. We help members prevent, detect, respond and mitigate cyber-based attacks.

Malicious URL Feed

As a not-for-proﬁt security group based at The University of Queensland Australia, AusCERT delivers 24/7 service to members alongside a range of comprehensive tools to strengthen your cyber security strategy.

+61 7 3365 4417 membership@auscert.org.au

www.auscert.org.au 24/7 support against cyber security threats Safe & secure all information shared is secure & encrypted

eNHANCE YOUR KNOWLEDGE WITH OUR EXCEPTIONAL Training Courses Regular events meetups, workshops & more

Access to all Threat Intel Services and a nationally trusted team

Conference discounts and free tickets to the Annual Cyber Security Conference Not-for-profit

Our training courses are designed and delivered by highly experienced existing for the greater good of our members AusCERT staff or industry trainers. We only use practitioners with relevant industry experience to ensure an authentic, real-world experience for training participants, delivered in an engaging and interactive way.

Explore our Diverse Range of Training Courses

Introduction to Cyber Security for IT Professionals

Intermediate Cyber Security for IT Professionals

Data Governance principles & Practices

Cyber Security risk management

Cyber Security Fundamentals

Cyber Security for Risk Practitioners

Incident RESPONSE Planning

auscert.org.au/services/auscert-education/

Best Security Student SPONSORED BY Eleni Lykopandis

WINNER

Information Security Officer, Australian Bureau of Statistics Eleni stands out for her exceptional capacity to inspire others and her steadfast dedication to the Australian ICT industry. She has showcased remarkable leadership potential by proactively pursuing opportunities for skill enhancement and networking in both the public and private sectors. Eleni's unwavering commitment to ongoing learning, coupled with her role as a Student Advisor for cybersecurity degrees at La Trobe University, where she enhances cybersecurity-related programs, makes her a distinguished recipient.

HIGHLY COMMENDED

Bethany Balazs Technology Graduate, Commonwealth Bank Bethany's first graduate rotation was marked by her leadership in a crucial Jira migration project. She has played a pivotal role on the Graduate Committee, actively contributing to the establishment of a national graduate community. Bethany's dedication to cybersecurity education is evident in her engaging workshops and outreach efforts. As a member of the Cyber Champions program, she serves as an inspiration to her peers through her mentoring and unwavering commitment to the field.

FINALISTS

Ailie Houlihan Associate Consultant - Cyber Strategy & Consulting CyberCX

Bethany Balazs Technology Graduate Commonwealth Bank

Eleni Lykopandis Information Security Officer Australian Bureau of Statistics

I S S U E 17

Elizabeth Aidi Kamau Students Ambassador Edith Cowan University

Giuliana De Bellis Security Engineer Atlassian

Felicity Le Locations Officer Risk & Security Management

NOMINEES Ailie Houlihan Bethany Balazs Dion Kouskouris Elena Yakovleva Eleni Lykopandis Elizabeth Aidi Kamau Emily Borgo Emily Ogilive Felicity Le Georgia-Marie Elias Giuliana De Bellis Greeshma Dantla Imogen Turner Katie Perry Kelly Howell

Kirsten Moylan Kirti Sikarwar Lifang Wei Maria Harris Miel Balestrat Miranda Raffaele Paige Baker Rameen Nadeem Ruchita Pandey Solange Fecci Susan Wu Swarali Sarangdhar Valerina Ong Victoria Birch

WOMEN IN SECURITY MAGAZINE

137

Most Innovative Educator in Cybersecurity WINNER The Girls Programming Network (GPN) is celebrated for its grassroots initiative, which passionately champions gender diversity in the tech industry. GPN's dedication extends to nurturing a supportive community, empowering its volunteers, and effectively cultivating a pipeline for tech careers.

Tech Inclusion’s Girls’ Programming Network Tech Inclusion

FINALISTS

NOMINEES

Tech Inclusion's Girls' Programming Network

Tech Inclusion

Sophia Kakavoules

Cybermarvel - online safety education program

Melissa Larkins

Cyber Security Awareness and Education Manager NSW Department of Education

Ivana Kvesic, Dominika Zerbe – Anders and Kelsy Zalfields

Schools Cyber Security Challenges

Angie Russell

Grok Academy

Serena Pillay

Suzanne Murray Dyke

Senior Manager Learning Experience and Design Phriendly Phishing

Sophia Kakavoules Cyber Culture and Engagement Lead Department of Government Services

138

The transformative impact of GPN is evident in its ability to generate greater interest in tech, bolster diversity, and overcome scaling challenges through its unified nodes, ensuring the preservation of national value. The network's true impact shines through the high demand for its programs, rapid workshop enrollments, and surging participation rates. Notably, newcomers' perceptions are changed, and existing students are more inclined to pursue IT careers, underscoring the enduring worth and remarkable success of the program.

W O M E N I N S E C U R I T Y M A G A Z I N E

Cybermarvel - online safety education program Schools Cyber Security Challenges

N O V E M B E R • D E C E M B E R 2023

Need a professional marketing, strategy and implementation agency that is dedicated, responsive, professional, dedicated, creative, innovative, hardworking, and really cares about your business outcomes?

Then let us help YOU. REACH OUT TODAY FOR AN INSTANT QUOTE. The team at Source2Create has all the necessary skills to get the job done for you, so your time can be reserved to focus on other things.

With:

aby@source2create.com.au charlie@source2create.com.au source2create.com.au

IN THE SPOTLIGHT WITH GIRLS PROGRAMMING NETWORK: WINNER OF THE MOST INNOVATIVE EDUCATOR IN CYBERSECURITY AWARD The Girls Programming Network (GPN) is a deserving winner of this year’s Most Innovative Educator in Cybersecurity award. It has been teaching all kinds of programming and technology skills to women and girls in fun and friendly ways for 15 years reaching thousands of girls around the country, well before awareness of cybersecurity skills and their importance became widespread. Its cryptography workshops have long been popular with students and volunteers. GPN takes a broad approach to cyber education, combining practical training to give students a broad understanding of key security concepts with conversations in its workshops that give its team of knowledgeable volunteers the opportunity to explain the importance of emerging cyber principles in an accessible way. This empowers students to engage with new concepts when they encounter them outside the workshops.

140

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

As the profile of cybersecurity has grown over the last few years students have wanted to learn more, to keep themselves safe online and to get them started on the technical skills they can take in cybersecurity careers that will help them protect others. To satisfy this demand, GPN has worked to create new content packages such as its ‘Security Chatbot’ project in which students code increasingly difficult security tests to protect secret information, and ‘Password Cracker’ where students learn about the importance of strong passwords and, by playing the role of the hacker, explore the world of password hashes and rainbow tables.

A UNIQUE APPROACH One aspect of GPN’s approach that sets it apart

GPN makes a deliberate effort to break down

from many others is that it teaches both sides of

the stereotypes and barriers that prevent gender

cybersecurity together: it teaches individuals how to

minorities from giving tech a go, especially in the

protect themselves online and helps them prepare

male-dominated area of cybersecurity. These efforts

for careers in cybersecurity. This approach gives

are reflected in its volunteer base, a diverse group

students a deeper understanding of cybersecurity

of women and gender-diverse people. They begin

and imbues them with a passion to improve the

the day by sharing a little about themselves that is

cybersecurity landscape for their families, friends

not tech-related to show they like many things from

and the world.

dance to baking to basketball, and still like to code.

Mentorship is an essential part of the GPN program

REMOVING BARRIERS

for both students and volunteers, helping it meet its

GPN goes to great lengths to ensure barriers that

commitment to supporting students and volunteers

could prevent students from signing up or turning up

from their first line of code, throughout university and

are removed. Its events are free, and it provides free

into their careers.

snacks and stationery, as well as all the technology needed for the day. To ensure students can make

Many students who have developed an interest in

it on the day, regardless of whether a parent can

cybersecurity at GPN have gone on to pursue tech

drop them off, GPN runs a ‘walking bus’ from

and cyber studies in university. And many GPN

nearby public transport so students can travel to the

volunteers take a keen interest in cybersecurity

event safely.

after the workshops and have used the leadership skills they pick up at GPN to extend their roles in the

GPN has put considerable effort into broadening its

industry elsewhere.

cybersecurity content over the past few years, doing something novel rather than something its students

Diversity and inclusion are at the heart of the GPN

will have experienced elsewhere. It hopes recognition

program. The organisation strives to create a

as Most Innovative Educator in Cybersecurity will

welcoming environment where women, girls and

increase awareness of its programs and get more

gender-diverse people can share their knowledge,

students to participate, enabling it to highlight the

learn in a supportive environment, have fun and

diverse range of rewarding tech careers available,

make friends.

especially in high demand sectors like cybersecurity.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

141

Equifax Protect Identity and credit protection services. Your response to a data breach is the first step to renewing trust with those impacted. Acting quickly can help repair your brand’s reputation, drive customer loyalty, and ensure customers are protected. Help your customers protect their identity information and reduce the risk of financial loss through credit and identity monitoring:

9 Dark Web Monitoring & Alerts - Be alerted if personal information is found being traded online.

9 Credit Alerts - Real time notifications to important changes on their credit report including if someone applies for credit in their name.

9 Credit Score & Report - Track their credit score and credit report over time.

Equifax has helped organisations with some of the largest consumer data breaches in Australia with Equifax Protect.

For more information visit equifax.com.au/protect

Best Innovative Business 'Reshaping the Future' of the Security Industry SPONSORED BY AustCyber WINNER

AustCyber is applauded for its transformative initiatives that are shaping the future of the security industry. The ACSP Program, which enhances trust in Australian cybersecurity professionals, plays a pivotal role in making the digital environment safer for all. Their AustCyber Innovation Network promotes equal opportunities and fosters a connected community within the industry, furthering collaboration and innovation. Additionally, their partnering Cyber Security Microsoft Traineeship Program directly addresses industry demand for skilled professionals. AustCyber's AUCyberExplorer initiative is instrumental in guiding aspiring professionals along various career pathways in the cybersecurity field. Collectively, these initiatives demonstrate their dedication to advancing and securing the digital landscape while equipping individuals with the skills and knowledge to thrive in the cybersecurity sector.

SecureCode Warrior HIGHLY COMMENDED

Secure Code Warrior is recognised for providing customisable, highimpact secure coding education tailored for developers. Through the effective use of agile learning methods, they successfully upskill and instill software security principles, contributing significantly to the retention of these critical skills. Secure Code Warrior's approach fosters a positive security experience, cultivating a security mindset among developers. Their efforts empower organizations to proactively defend against threats while enhancing code quality. Secure Code Warrior's dedication ensures that companies have a strong partner to train their development teams, serving as the first line of defense in the ongoing battle against cybersecurity threats.

FINALISTS

Cyber Wardens by 89 Degrees East

Cyber Security NSW

NOMINEES InfoSecAssure Pty Ptd Equisec AustCyber

AustCyber

Bugcrowd

SecureCode Warrior

Cyber Security NSW

I S S U E 17

Cyber Wardens

KPMG Australia

Gergana Winzer for KPMG "Cyber in a Box"

Mina Zaki for KPMG's Alliance partnerships

Kelly Henney for KPMG's "Data Protection Navigator"

SecureCode Warrior

WOMEN IN SECURITY MAGAZINE

143

Protective Security Champion WINNER

Rachell DeLuca Director | Protective Security & Risk Specialist, Protective Security Advisory Pty Ltd

FINALISTS

Nadia Hammoud Manager, Security & Emergency Response Centre (SERC) nbnco

Rachell DeLuca Director | Protective Security & Risk Specialist Protective Security Advisory Pty Ltd

Pam Lamotta Specialist, Protective Security Operations and Response IAG

Amy Ruth Hewson

144

Rachell is celebrated for her remarkable impact on Australia's security sector, her profound expertise in risk and protective security, and her unwavering commitment to mentoring and advancing gender diversity within significant projects. Her leadership and passionate advocacy have solidified her position as a prominent figure in the security field, driving positive change for women and serving as an inspirational force for all.

NOMINEES

Amy Ruth Hewson Karen Phillips Kellie Ball Khushboo Gupta Marina Azar Toailoa Nadia Hammoud Pam Lamotta Parul Mittal Rachell DeLuca Richa Sharma

Chief Executive Officer Mitchell Personnel Solutions

Roxanne Pashaei

Sarina Persall

Managed Services & Security (Cloud) Senior Lead Telstra

Zynthea Kaur Maan

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

IN THE SPOTLIGHT WITH RACHELL DELUCA: WINNER OF THE PROTECTIVE SECURITY CHAMPION AWARD Rachell DeLuca, named Protective Security Champion in this year’s Australian Women in Security Awards, has worn many hats in her quarter century long career. She was the first female chair of ASIS International Victoria Australia Chapter in 2021. She is a fellow of the Institute of Strategic Risk Management (ISRM), was a founding member of an unofficial Women in Security & Resilience (WiSR) group, a member of the AWSN, and sat on the Victorian Industry Advisory Council (VSIAC) to inform the Victorian Government on matters affecting the security industry. She has also sat on numerous judging panels for a range of awards where she has seen first-hand the excellent work being done by women and nonbinary persons across the industry. Her involvement with these groups has allowed her to contribute to planning events, online webinars and engage with members seeking advice and someone to bounce things off.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

145

BUSINESS OWNER

She says the mentoring she received early in her

Today, she runs her own consultancy, Protective

career has inspired her to get involved with as many

Security Advisory, through which she works with

parts of the industry as possible, be as visible as

clients to identify their security risk exposure,

possible to other women, provide support and show

design their security controls and systems, and

that women can be successful in the industry.

develop strategic objectives to strengthen their security posture.

Rachell has recently completed a master’s degree in terrorism and international security, studying the

In the past Rachell has worked for two of the Big

changing threat profile and finding that disgruntled

Four engineering consultancies where she consulted

white nationalists now present a more realistic threat

for a range of major projects and clients, including

to western organisations than Islamic extremists.

several water infrastructure owners to protect their

This, she argues, presents a significant challenge

critical network assets. This was achieved via a

because the threat actor may already work within

strategic review of their asset network, a prioritised

an organisation as a trusted insider or may have

asset classification process, and mandating

access to a critical asset as a contractor via its

minimum-security standards for a consistent

supply chain. Integrating security practices at every

approach. These projects are examples of the holistic

business level, particularly in employee vetting and

approach and whole-of-business engagement

ongoing monitoring of key personnel is more crucial

strategy Rachell uses to help her clients achieve their

than ever.

desired outcomes.

146

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

PROTECTIVE SECURITY ADVOCATE

challenges as well as what, she says,

She intends to continue working to promote

seemed like an impossible delivery timeline.

protective security as an industry and as a career path for those starting out. As a small business

She was particularly pleased that the control centre

owner Rachell believes she is well-placed to

was designed with the intent that 40 percent of the

make more of a positive difference through work

workforce would be women—a figure previously

experience and mentoring to further support

unheard of in Pakistan. This was achieved shortly

development in the industry.

after the centre opened and it is heavily focussed on being a supportive environment for female

Rachell cites one of her most impactful security

employees with provisions made for transportation

projects as being the Lahore Safe Cities Project,

to and from work and family-friendly hours of work

undertaken when she was working for Arup. The

for women to enable them to undertake this type

project involved the installation of more than 8,000

of employment.

CCTV cameras and supporting infrastructure across the city of Lahore to reduce crime, enhance public

Security technology comes in many forms and

safety, improve police accountability, and mitigate

in today’s buildings is pervasive. When designing

terrorist activities. To deliver the project, Rachell

systems for major facilities, Rachell works with

made 15 trips to Lahore over two years.

many other disciplines—architects, ICT engineers, mechanical, electrical, fire and structural engineers

Her role was to work with local engineering teams

through every stage of the design and construction

from a range of different disciplines—civil, ICT,

process to ensure security systems are correctly

security, AV, etc—throughout the tender process to

and fully implemented. She says she gains great

select an integrator and then to oversee the delivery

satisfaction walking around Melbourne and seeing

of the project to the original specifications, all while

the many buildings and landmark projects she has

navigating language, cultural, political and technical

worked on.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

147

Best Security Mentor WINNER

Asou Aminnezhad Security Cloud Solution Architect, Microsoft

Asou is being recognised for their exceptional mentorship, which seamlessly blends inclusivity, global impact, personalised guidance, and transformative outcomes. Their influence has empowered women and non-binary individuals from diverse backgrounds, resulting in noteworthy success stories in the field of cybersecurity. Asou's extraordinary talent for unlocking potential and driving positive change makes them a truly exceptional mentor.

HIGHLY COMMENDED

Jalpa Bhavsar Senior Consultant, Incident Capability Uplift, NAB

148

W O M E N I N S E C U R I T Y M A G A Z I N E

Jalpa is distinguished for her exceptional mentoring programs that empower women, offering them valuable guidance and support to excel in cybersecurity careers. Her formal mentoring initiatives, insightful cybersecurity podcasts, and engaging industry presentations highlight her as a genuine leader and role model. Jalpa's steadfast commitment to reshaping the global cybersecurity landscape, addressing skills shortages, and driving positive change is genuinely commendable.

N O V E M B E R • D E C E M B E R 2023

SPECIAL RECOGNITION

Sandy Assaf Head of IT Risk & Compliance, Crown Resorts

Sandy's exceptional contributions to the Purple Team Australia programs have exceeded expectations, with her active engagement in addressing Australia's cybersecurity skills gap and promoting diversity within the industry. Sandy's remarkable efforts have played a pivotal role in attracting First Nation Women Australians to the field and advancing the AWSN mentor program. The success achieved by numerous mentees who have transitioned into leadership roles and reached their career aspirations stands as a clear testament to Sandy's unwavering dedication and guidance.

FINALISTS

NOMINEES

Jalpa Bhavsar

Jenana Roper

Alison Blazow

Paula Sillars

Senior Consultant, Incident Capability Uplift NAB

General Manager Digital Solutions, Pacific Schneider Electric

Asou Aminnezhad

Rimple Kapil Roxanne Pashaei

Leonard Ng

Sandy Assaf

Chathura Abeydeera

Director - Cyber - Cloud & Digital Deloitte

Head of IT Risk & Compliance Crown Resorts

Asou Aminnezhad

Dipti Mulgund

Security Cloud Solution Architect Microsoft

Managing Consultant CyberCX

Shannon Gibb Cyber Security NBNco

Deepa Bradley

Samantha Gibbons

Dipti Mulgund

Sandy Assaf

Jalpa Bhavsar

Sanjivan Mahendran

Jenana Roper Kent Luong Leanne Howell Leonard Ng Louise Castro Marie Patane

Sermin Cesur Shannon Gibb Siddiqua Shaheen Tania Hunt Trish Keeley

Mina Zaki

I S S U E 17

WOMEN IN SECURITY MAGAZINE

149

IN THE SPOTLIGHT WITH ASOU AMINNEZHAD: WINNER OF THE BEST SECURITY MENTOR AWARD In the rapidly evolving world of cybersecurity, where digital threats are ever advancing and the need for skilled professionals is on the rise, there is one issue that still needs significant attention: gender diversity. Women continue to be underrepresented in the field, and breaking through the glass ceiling can be a daunting task. But there are individuals who are actively working to change this narrative. One such champion of gender diversity in cybersecurity is Asou Aminnezhad, winner of this year’s Best Security Mentor award. She is a mentor dedicated to guiding and supporting women as they navigate their careers in the security industry.

INSPIRATION AND BEGINNINGS Asou was inspired to become a mentor for women in security when she saw the great underrepresentation of women in this critical industry. This realisation served as the catalyst for her journey into mentorship. She observed a gap in the availability of mentoring and support tailored to the unique challenges women face in cybersecurity and decided to take action. Asou knew that, by sharing her experiences and knowledge, she could help more women enter and excel in this dynamic and demanding field.

150

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

CHANGING LIVES, ONE MENTORSHIP AT A TIME

• Positive affirmation: she encourages mentees

Mentorship is a two-way street, and it can be

capabilities, which helps counteract negative

immensely rewarding for both mentor and mentee.

self-talk.

to recognise their accomplishments and

One of Asou’s most memorable moments as a mentor was witnessing the transformation of a

• Setting achievable goals: she works with her

mentee named Olivia. Olivia came from a non-IT

mentees to set achievable, incremental goals,

background but with Asou’s guidance transitioned

which boosts confidence and provides a sense

into a successful cybersecurity manager. This

of accomplishment.

transition showcased the transformative power of mentorship, highlighting how dedicated mentors

• Mentorship circles: Asou sometimes facilitates

can have a profound impact on a mentee’s career

group discussions where mentees can

in security.

share experiences and support one another, helping them realise they are not alone in

QUALITIES OF A SUCCESSFUL MENTOR

their challenges.

Being an effective mentor in the security industry, particularly for women, requires a unique set of

• Skill development: By focussing on skill

qualities and skills. Asou emphasises that empathy,

development and continuous learning she

patience and active listening are foundational

builds a strong foundation and reduces feelings

qualities for any mentor. Furthermore, adaptability

of inadequacy.

and the ability to provide personalised guidance are crucial, because each mentee’s journey is distinct.

• Feedback and self-reflection: She gives regular

It is essential mentors are well-versed in the unique

feedback and encourages self-reflection to help

challenges women may face in the security industry,

mentees recognise their progress and areas

and mentors must be committed to creating an

for improvement.

inclusive and encouraging environment. • Mentorship beyond limits: Asou emphasises

TAILORING MENTORSHIP TO UNIQUE NEEDS

that limitations are often self-imposed and

One of the key aspects of Asou’s mentoring approach

encourages mentees to push their boundaries

is tailoring her guidance to meet the unique needs

and take calculated risks.

and challenges women in security may encounter. This means acknowledging and addressing issues

These strategies, tailored to individual needs, work

like imposter syndrome and gender bias. By creating

towards boosting confidence and combatting

a safe space for open dialogue and offering guidance

imposter syndrome, empowering women in security

on building confidence, navigating workplace

to excel and thrive.

dynamics and setting realistic goals, Asou ensures her approach aligns with each mentee’s specific

COMMON CAREER DEVELOPMENT GOALS

needs and aspirations.

Women in the security industry often seek guidance on various career development goals, including

BOOSTING CONFIDENCE AND OVERCOMING IMPOSTER SYNDROME

leadership development, technical skill enhancement

Addressing imposter syndrome and self-doubt is

these goals through personalised career roadmaps,

a central part of Asou’s mentorship. She employs

technical training recommendations and strategies

various strategies to help mentees build confidence:

for achieving a healthy work-life integration.

I S S U E 17

and work-life balance. Asou helps them achieve

WOMEN IN SECURITY MAGAZINE

151

This holistic approach fosters well-rounded

BALANCING GUIDANCE AND AUTONOMY

career growth.

Balancing guidance while allowing mentees to make their own decisions and learn from their experiences

CREATING A SAFE AND INCLUSIVE ENVIRONMENT

is a delicate art. Asou provides advice, shares

To create a safe and inclusive environment for

emphasises the importance of learning through trial

mentees to discuss their experiences, challenges and

and error. This approach fosters independence and

aspirations, Asou emphasises active listening and

resilience among mentees.

experiences and offers resources, but she also

empathy. She ensures mentees feel heard, valued Additionally, Asou promotes diversity and inclusion

SEEKING MENTORSHIP AND MAKING THE MOST OF IT

by recognising and celebrating difference and

For women seeking mentors in the security industry,

fostering a sense of belonging among mentees.

Asou encourages them not to hesitate but to reach

and respected while also maintaining confidentiality.

out and express their interest. When it comes

RECOMMENDED RESOURCES AND NETWORKING

to making the most of a mentoring relationship,

Asou recommends several resources and networking

setting clear goals, and actively seeking feedback.

opportunities for women in security to further their

Building a strong rapport with a mentor is key to a

careers and skills. These include: joining LinkedIn

successful partnership.

Asou advises being proactive, asking questions,

groups for women in cybersecurity; connecting with

152

online communities; attending industry conferences,

CHALLENGING MISCONCEPTIONS AND BIAS

webinars and workshops; seeking out mentors and

Misconceptions and biases about women’s abilities

sponsors within their organisations for guidance and

in security still persist. Asou addresses these issues

career advancement.

by showcasing the achievements and capabilities of

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

She emphasises the importance of diversity in

STAYING INFORMED IN AN EVER-EVOLVING FIELD

problem-solving and innovation, helping mentees

In the dynamic world of cybersecurity, mentors need

build confidence to challenge stereotypes and prove

to stay up to date on industry trends and changes in

their abilities through their work.

order to provide relevant guidance to mentees. Asou

women in security, including those of her mentees.

achieves this by continuous learning through industry

THE FUTURE OF MENTORSHIP FOR WOMEN IN SECURITY

conferences, webinars and ongoing education.

Looking ahead, Asou envisions a future where

collaborates with peers to exchange insights,

mentoring for women in security becomes even

ensuring the guidance she provides remains relevant

more accessible and structured. She hopes to see

and aligned with the evolving security landscape.

She also maintains a professional network and

increased collaboration between organisations, educational institutions and mentors to create

Asou’s dedication to mentoring and advocating

mentorship programs that address the specific

for women’s advancement in the security industry

needs of women in security. Additionally, Asou would

serves as an inspiration and a catalyst for change.

like to see more recognition and support for mentors

Her commitment to fostering diversity and inclusion

who are driving diversity and inclusion initiatives in

not only benefits women in cybersecurity but

the industry.

also contributes to building a stronger and more resilient industry.

https://www.trendmicro.com/en_au/business/products/one-platform.html

I S S U E 17

WOMEN IN SECURITY MAGAZINE

153

Best Place to Work in Security WINNER

MF & Associates MF & Associates' steadfast dedication to gender equality is clearly reflected in the substantial representation of women in cybersecurity roles within the company. They are genuine champions of inclusion, actively removing hiring obstacles and setting a commendable example for the industry. MF & Associates' remarkable unpaid super policy and inclusive hiring practices highlight their genuine appreciation for diverse skills and backgrounds, fostering a culture that draws exceptional talent, including former CISOs and award-winning professionals.

HIGHLY COMMENDED

Equifax Australia Equifax's remarkable commitment to cultivating a diverse and inclusive workplace is deserving of commendation. Their proactive measures to eliminate biases and advance equal opportunities have a significant impact on the industry. Equifax's actions set a shining example for other organizations to emulate, demonstrating that their strategies and accomplishments are not just words but an inspiring and insightful blueprint for creating genuinely inclusive and diverse environments.

FINALISTS

Deloitte Equifax Australia ANZ Bank MF & Associates Orro Monash University

NOMINEES

AARNet (Australia's Academic and Research Network) ANZ Bank Cyber Security NSW Cydarm Technologies Deloitte Equifax Australia Google Privacy, Safety and Security Australia

154

W O M E N I N S E C U R I T Y M A G A Z I N E

InfoTrust MF & Associates Monash University Orro Smokeshield Sydney Metro Enterprise Security Trend Micro

N O V E M B E R • D E C E M B E R 2023

CHAMPIONING DIVERSITY AND INCLUSION: A CONVERSATION WITH AN INDUSTRY LEADER

In this candid conversation with MF & Associates we delve into the strategies and principles that have propelled the organisation to be recognised as the Best Place to Work for Women in Security. Their insights shed light on the impact of their initiatives, the metrics used to assess progress, and the vital role diversity plays in the world of security. Since MF & Associates’ inception, a commitment to diversity has been at the forefront of its mission. The leadership team emphasised the importance of actively seeking a diverse workforce from day one to avoid the common pitfall of ending up with a homogeneous team. The organisation has strived to make decisions through the lens of diversity, benchmarking salaries at each band to remove promotion hurdles and ensuring that gender is no barrier to progress. Measuring the effectiveness of diversity and Maintaining these initiatives is a challenge for a

inclusion initiatives requires the tracking of several

young company like MF & Associates. It hopes its

key metrics, including salaries, event attendance,

inclusive culture will endure as it grows and it is

promotions and workforce diversity numbers. These

committed to reinforcing its intent through policies

metrics help ensure the company stays on track and

that reflect these values.

does not drift away from its commitment to diversity.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

155

For MF & Associates, diversity and inclusion are

positive culture. Externally, it demonstrates to the

more than mere buzzwords: they are the bedrock

industry that success and doing the right thing

of its success. The leader believes the company’s

are not mutually exclusive. The company’s clients,

culture is what attracts staff and clients. It is a

in particular, have shown strong support for its

talking point when engaging with clients and a top

approach to diversity.

priority when hiring new staff. The company’s aim is to lead by example, and to be the change it wants to

For organisations in the security industry looking

see in the industry.

to improve their diversity and inclusion efforts, the leader's advice is straightforward: Do it. They stress

MF & Associates takes a unique approach

the importance of addressing diversity at every level

to mentorship and sponsorship programs. It

of the organisation and finding systemic ways to

encourages mid and senior-level staff to mentor

do better.

externally, thereby supporting the broader industry and attracting more diverse talent into the field. The

MF & Associates was recently acquired by Fujitsu

focus is on addressing both the skills and quality

but will continue to operate as a stand-alone entity,

gaps in the industry.

rebranded as MF&A, a Fujitsu company. It will help strengthen the growth of Fujitsu Uvance, which

However, promoting diversity and inclusion in

focuses on the resolution of societal issues and

security comes with its own set of challenges.

contributes to customer growth through cross

The industry as a whole faces issues of gender

industry digital solutions. MF&A’s commitment to

and diversity, and the organisation's senior team is

diversity and sustainability will further support Fujitsu

committed to tackling these issues head-on. The

in achieving these goals.

strategy involves hiring diverse candidates, providing training to non-cyber trained staff, removing barriers

In conclusion, the company’s insights and

to entry and nurturing the next generation of leaders.

experiences provide a valuable roadmap for organisations seeking to prioritise diversity and

156

Being recognised as the best place to work in

inclusion in security. Its story demonstrates that

security for diversity and inclusion brings internal

doing the right thing can go hand in hand with

and external benefits. Internally, it validates the

success, ultimately benefiting both the organisation

hard work of staff members and reinforces their

and the industry as a whole.

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

Want to get matched with Lead Gen experts but dont know where to start?

Our solution experts can help you find the right supplier, Looking to streamline your B2B lead generation process?

Want to use multiple suppliers but dont have time to coordinate? Need a consistent stream of leads coming into the sales team? Looking to tap into new markets? Need end-to-end lead nurture programs?

LET US HELP YOU OVERCOME YOUR LEAD GEN CHALLENGES REACH OUT TODAY FOR AN INSTANT QUOTE. The team at Source2Create has all the necessary skills to get the job done for you, so your time can be reserved to focus on other things.

With:

aby@source2create.com.au charlie@source2create.com.au source2create.com.au

Australia's Most Outstanding in Protective Security WINNER

Christina Rose Global Security Executive, Qantas Christina's leadership and innovation have profoundly reshaped national screener training standards. Christina's unwavering dedication to public safety and protective security shines through her advocacy, mentorship, and speaking engagements. Her contributions are undeniably deserving of recognition for the lasting impact on regulatory design and training standards, as well as her influential mentorship in the industry.

HIGHLY COMMENDED

Amy Ruth Hewson Chief Executive Officer, Mitchell Personnel Solutions Amy's exceptional leadership shines through in her dedication to understanding and fulfilling the needs of women and diverse groups, all while maintaining strong business practices. Amy's ability to harmonise business requirements with personal needs has made Mitchell Personnel Solutions a standout, caring, and empowering workplace, as evidenced by team-building activities and individual recognition.

FINALISTS

Amy Ruth Hewson Chief Executive Officer, Mitchell Personnel Solutions

Jacinta Thomson Director (SES1) Police Enquiry and Data Sharing department Victoria Police

Vannessa Van Beek

NOMINEES

Christina Rose

Amy Ruth Hewson

Nicole Stephensen

Global Security Executive Qantas

Jacinta Thomson

Radha Ramadev

Joanne Sam

Rebecca Simmons

Sonya Brackenridge

Lesley Arundel

Roxanne Pashaei

Lisa Lay

Sandy Ortmanns

Liz Gomez

Shweta Pandey

Marina Azar Toailoa

Sonya Brackenridge

Christina Rose

Vannessa Van Beek

Nicole Neil

Yvonne Sears

Command Security Adviser Defence Australia

Yvonne Sears Managing Director ISD Cyber

National Senior Director, Avanade

158

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

IN THE SPOTLIGHT WITH CHRISTINA ROSE: WINNER OF AUSTRALIA'S MOST OUTSTANDING IN PROTECTIVE SECURITY AWARD

In the realm of protective security few are as deserving of recognition as Christina Rose, winner of Australia’s Most Outstanding in Protective Security award. Christina’s journey in this critical field is nothing short of remarkable, shaped by years of dedicated service and a relentless commitment to safeguarding organisations and assets.

THE PATH TO EXCELLENCE Christina’s career path has been defined by diverse roles and exceptional contributions. Her journey began with extensive work on the Federal Government’s National Transport Security policy and regulatory settings. From there she transitioned into the private sector, serving as an airport security manager at both international and regional airports. Later, she assumed the role of an airline executive responsible for overseeing security across the Americas, Canada and the Pacific.

I S S U E 17

WOMEN IN SECURITY MAGAZINE

159

Her responsibilities also included active participation

the challenges posed by COVID, ensuring the

in regulatorily required domestic airport and airline

continuation of their employment and conditions.

safety committees. It’s this breadth of experience that makes her deserving of this award.

Moreover, her role has extended beyond Australian borders. It includes her invaluable contribution to the

A COMMITMENT TO PROTECTING WHAT MATTERS MOST

global restart of air operations by the Qantas Group

Protective security is more than just a job for

her to the US, Canada, South East-Asia and New

Christina; it’s a pathway instigated by the events of

Zealand where she has connected with government

September 11, 2001. The vital role of safeguarding

regulators, industry representatives, airline and

critical infrastructure and people deeply resonated

airport colleagues along with local law enforcement

with her, setting her on a path to excellence in

with the view to re-establishing safe and secure

the field.

aviation services. She works closely with her Sydney

of airlines post-COVID. Her dedication has taken

based colleagues who also have contributed

SIGNIFICANT MILESTONES

significantly to the restart and continuation of

Christina’s journey is marked by numerous significant

operations. Christina acknowledges her immediate

achievements. She was instrumental in delivering

colleagues in Group Security for the mutual support

the Air Security Officer program, a vital component

they share.

of aviation security. She was influential in getting every aircraft in Australia having 60 or more seats retrofitted with hardened cockpit doors.

FOSTERING COLLABORATION AND COMMUNICATION In the world of protective security, collaboration

160

Christina’s contributions extend to the establishment

and communication are the pillars of resilience.

of the National Aviation Transport Security

Christina’s extensive experience and industry

Screener training program across the industry.

networking have been instrumental in fostering

Her steadfastness is evident in her successful

cooperation among diverse stakeholders, enhancing

navigation of 120 aviation screening staff through

security practices and resilience.

W O M E N I N S E C U R I T Y M A G A Z I N E

N O V E M B E R • D E C E M B E R 2023

CHALLENGES AND THE ROAD AHEAD

presented aggressively, and it’s essential to

The field of protective security faces its own set

stand strong and unwavering.

of challenges. One of the most pressing issues, as Christina notes, is the lack of acknowledgment

AN HONOURABLE ACKNOWLEDGMENT

of foundational infrastructural physical protective

Being recognised as Australia’s Most Outstanding in

security measures. These measures, which

Protective Security is an honour deeply appreciated

safely and efficiently facilitate people’s travel

by Christina. This acknowledgment, which follows

from point A to B, are often overlooked but are of

a bravery award in 2020, highlights the critical

paramount importance.

need for unwavering vigilance and attention to emerging threats in the aviation sector. As a

MENTORSHIP AND LEADERSHIP

sector critical to economic growth and personal

Mentorship and leadership are pivotal in achieving

wellbeing, the continued advancement of protective

excellence in protective security. Christina’s

security remains a top priority for Christina and the

contribution to the iLead cross-sectoral mentoring

broader industry.

program—a leadership program run by the University of Newcastle (NSW) has garnered positive feedback

Christina’s journey is not just one of personal

and has been a source of enjoyment. Additionally, her

achievement but also a testament to the collective

involvement in graduate programs, particularly during

dedication of those who work tirelessly to ensure the

her tenure with the Australian Government, has

safety and security of our communities and critical

led to numerous appointments to senior executive

infrastructure. In honouring Christina, we recognise

positions. Her dedication to storytelling has been

the unyielding commitment of those who stand on

instrumental in inspiring and engaging newcomers

the front lines of protective security, safeguarding

in the field, encouraging them to become seasoned

our world in the face of ever-evolving challenges.

experts in their domains.

DIVERSITY AND INCLUSIVITY In a world increasingly valuing diversity and inclusivity, Christina believes these attributes may not be critical in the realm of protective security. For her, it is essential to find the best person for every role, with specific requirements being a foundation of knowledge, particularly in legal matters and industry dynamics.

NAVIGATING CHALLENGES As a veteran in protective security, Christina has navigated numerous challenging situations during her career. However, these incidents, too many to recount, have not deterred her but have instead contributed to her wealth of experience.

ADVICE TO ASPIRING WOMEN For women aspiring to enter the protective security industry, Christina offers some valuable advice: have a backbone, be emotionally intelligent and have a solid understanding of your role. Challenges will be

I S S U E 17

WOMEN IN SECURITY MAGAZINE

161

Australia's Most Outstanding in I T Security SPONSORED BY

WINNER

CyberCX

Lisa Currie Chief Information Security Officer, The Bureau of Meteorology Lisa's excellence in fostering collaboration, driving innovation through psychology-based security insights, and maintaining a strong commitment to regulatory compliance and talent retention, all essential for safeguarding critical assets, is truly commendable. Her notable achievements, such as her holistic security planning for the Bureau of Meteorology and foundational work on the Victorian Government's Child Link System framework, exemplify her dedication and impact. Lisa's exceptional qualities, including leadership, innovative security strategies, commitment to diversity, and passion for knowledgesharing, collectively make her a standout winner in the field.

FINALISTS

NOMINEES

Angela Champion

Adeline Martin

Jessica Dodson

CEO WHITE ROOK Cyber

Angela Champion

Joannie Lee-Lang

Anna Aquilina

Katherine Robins

Anubha Sinha

Kristy Wilson

Caity Randall

Lisa Currie

Cecily Rawlinson

Marianne Cologon

Daisy Sinclair Founder | CEO Cyber8Lab Pty. Ltd.

Lisa Currie Chief Information Security Officer The Bureau of Meteorology

Christie Chan

Mitra Minai

Connie McIntosh

Nadia Taggart

Shamane Tan

Daisy Sinclair

Natasha Passley

Chief Growth Officer Sekuro

Daniela Fernandez Palacios

Nicole Neil

Fiona Long

Emily Wade

CEO and Founder InfoSecAssure Pty Ptd

Emma Neville

Cecily Rawlinson

Fiona Long

Director Wa Cyber Security Innovation Hub

Erin Harriott Gergana Winzer Isla Thomas Jana Dekanovska Jeevitha Vijayakumar Jennifer Frances

162

W O M E N I N S E C U R I T Y M A G A Z I N E

Nivedita Newar Puneeta Chellaramani Renee Shephard Roxanne Pashaei Sarah McAvoy Sarah Young Shamane Tan Shyvone Forster Sulata Bhattacharjee

N O V E M B E R • D E C E M B E R 2023

SAVE THE DATE

10 OCT 2024

RISING FROM THE ASHES LIKE A

Phoenix,

Strength,

WE DISCOVER OUR AND THE LIMITLESS

Resilience,

POWER OF

ITHIN US. W h Rebirt

2024