Women In Security Magazine Issue 18 by source2create

JANUARY • FEBRUARY 2024

W W W. W O M E N I N S E C U R I T Y M A G A Z I N E . C O M

ASSOCIATIONS & GROUPS SUPPORTING THE WOMEN IN SECURITY MAGAZINE

MARCH • APRIL

IN 2022, YOU CAN NO LONGER TAKE SECURITY WORKERS FOR GRANTED P10-13 AS THE SECURITY THREAT MORPHS, DEFENSIVE TEAMS MUST CHANGE TOO

MAY • JUNE

WHO RUNS

P76-79

20 22

IF YOU CAN’T SPEND YOUR WAY TO GOOD SECURITY THIS YEAR, TRY FOCUSING ON YOUR PEOPLE P94-97

YEAR OF THE SECURITY WORKER

W W W. W O M E N I N S E C U R IT Y M A G A Z I N E . C O M

the

WORLD W W W. W O M E N I N S E C U R IT Y M A G A Z I N E . C O M

OFFICIAL PARTNER

SUPPORTING ASSOCIATIONS

CONTENTS

INDUSTRY PERSPECTIVES

FROM THE PUBLISHER

Cyber-ready boardroom: blueprint for success

Mind the (gender pay) gap in cybersecurity: ensuring pay equality for all 52

Wishing you all a Merry Christmas and a Happy New Year! Catch up in 2024!

COLUMN Breaking stereotypes

On the edge of innovation: breaking boundaries in 2024 by learning from 2023

From the Source2Create team

WHAT’S HER JOURNEY?

Beverley Shimmin

Elif Cansu Güleç

Robyn Frye

Ejona Preci

Meaghan Bradshaw

Maria Teresa Jimenez Salinas

Natasha Towner

Ayça Güzünler

Colette Hanley

Marina Gistau

Emilly Ricarte

JOB BOARD

98 THE LEARNING HUB

Strengthening cyber resilience through capacity building

Diversity in cybersecurity at Spark: three realities

Inspiring young girls into STEM

ISACA leaders from across the globe reflect on the future of women in security 70 I’ll make my own way – a desire for a chance to succeed

Embracing purpose: my journey to inspire young girls into tech

JANUARY • FEBRUARY 2024

FOUNDER & EDITOR Abigail Swabey

ADVERTISING Abigail Swabey Charlie-Mae Baker

NEW ZEALAND WOMEN IN SECURITY AWARDS 2023

#2023WISAWARDS

107 THE NEW ZEALAND WOMEN IN SECURITY AWARDS 2023 COVERAGE

M A G A Z I N E C O O R D I N ATO R Jane Saafi

JOURNALISTS David Braue Stuart Corner

SUB-EDITOR

TURN IT UP 102

Stuart Corner

DESIGNER Rachel Lee

Source2Create Pty Ltd is the publisher of this magazine and its website (www.womeninsecuritymagazine.com).

OFF THE SHELF 104

STUDENT IN SECURITY SPOTLIGHT Safa Baalfaqih

Farkh Leka Hashimy

Felicity Le

FROM THE PUBLISHER Charting the course: the future of women in security

he landscape of security, both digital

leadership to effectively navigate the complex and

and physical, has traditionally been

multifaceted nature of security threats. As women

male-dominated. However, a seismic

continue to prove their capabilities, more leadership

shift is occurring, and women are

opportunities are likely to open up.

increasingly making significant strides in the security sector.

CHALLENGES TO OVERCOME Persistent gender bias: Despite progress, gender

Historically, women have been underrepresented in

bias remains a challenge in the security sector.

security-related roles, facing barriers that impede their

Overcoming stereotypes and biases is crucial to

entry and progression. However, recent years have

ensuring women have equal opportunities for growth

witnessed a growing recognition of the importance

and advancement in security roles.

of diversity in security teams. Women are breaking

Solution: Organisations can implement diversity

through these barriers, contributing their unique

training and unconscious bias awareness programs

perspectives and skills to address the complex

and establish a culture that values and rewards merit

challenges of the modern security landscape.

regardless of gender.

TRENDS SHAPING THE FUTURE

Lack of representation in leadership: While more

Increasing representation: Organisations are

women are entering security roles, there is still a

actively working towards creating more inclusive

noticeable gap in leadership positions. Breaking

environments, recognising the value diversity brings

through the glass ceiling requires concerted efforts

to security. As more women enter the field we can

to provide mentorship, sponsorship and leadership

expect a shift towards more balanced representation

development opportunities for women in security

in various security roles: from cybersecurity to

Solution: Establishing mentorship programs and

physical security and beyond.

leadership training initiatives and actively promoting women into leadership positions can address

Specialised roles and expertise: The evolving

this gap.

nature of security threats demands specialised skills and expertise. Women are increasingly pursuing

Encouraging STEM education: Encouraging girls to

education and training in cybersecurity, digital

pursue education in science, technology, engineering

forensics and other specialised security fields. This

and mathematics (STEM) is vital for increasing the

trend is likely to continue, with women playing pivotal

pool of qualified women entering security-related

roles in developing innovative solutions to emerging

fields. Early exposure and mentorship can play a

security challenges.

pivotal role in shaping career choices. Solution: Collaborations between educational

Leadership opportunities: The ascent of women into

institutions, industry and non-profit organisations can

leadership roles within security is a promising trend.

facilitate initiatives that promote STEM education for

Organisations are recognising the need for diverse

girls and young women.

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

Abigail Swabey

TRANSFORMATIVE POTENTIAL The future of women in security holds transformative potential for the industry as a whole. Embracing diversity brings a range of perspectives and approaches to problem-solving, fostering innovation and adaptability in the face of evolving threats. Women’s skills, such as collaboration, communication and attention to detail are assets that can enhance the effectiveness of security teams. I truly believe the future for women in security is bright, marked by increasing representation, specialised expertise and leadership opportunities. While challenges persist, the momentum towards a more inclusive and diverse security sector is undeniable. Organisations that champion diversity and actively work to overcome existing barriers will not only benefit from a broader talent pool but also gain a competitive edge in addressing the complex security challenges of the future. As women continue to shape the security landscape, the industry as a whole stands to gain from their diverse perspectives, skills and leadership.

The Source2Create team extends heartfelt gratitude to all our supporters, contributors, sponsors, mentors, and friends. The Women in Security Magazine owes its success to your unwavering support, and we are eternally thankful. Special thanks to our judges, sponsors, volunteers, nominators, and nominees for the 2023 Australian and New Zealand awards. Together, united, we are spreading our message far and wide, fortifying our industry in the process. Wishing you all a Merry Christmas and a Happy New Year! Catch up in 2024!

Abigail Swabey PUBLISHER, and CEO of Source2Create www.linkedin.com/in/abigail-swabey-95145312

aby@source2create.com.au

I S S U E 18

WOMEN IN SECURITY MAGAZINE

AUSTRALIA’S

BEST SELLING S AN AUD I

OK BO

SO AL

A LE

AVAIL AB

CYBER SECURITY BOOK

Bought it for my daughter and we are both very impressed! Great artwork as well as the book itself. She is a 9 year old avid internet user, and I do worry about what she gets up to and the choices she makes. We limit her access and have cyber security overlays on her devices - but we are not too clued up on cyber security so it was always a worry. This book has been great to get conversation flowing that I didnt really know how to start up, and it has definitely taught her some worthwhile lessons on things to look out for and "shadowy corners" of the internet to be cautious of! I recommend this book.

BUY THE EBOOK

BUY THE AUDIOBOOK

BUY THE PAPERBACK

WHAT’S HER JOURNEY?

manager that software developers did not make good project managers. “If you tell me that I can’t do something it makes me even more determined to do it,” she says. Her 20 year stint came to an end in 2003 when the

Beverley Shimmin Program Manager, Cybersecurity Program at Curtin University

company was taken over and the IT department in which Shimmin worked moved to another town 200km distant and she took voluntary redundancy. “I did not want to move my family,” she says. “So I went out into the world of contracting taking a

role as a systems analyst/IT project manager in a major insurance company on their transition to everley Shimmin probably has the longest

the insurance arm of a major UK bank followed by

career journey to have been recounted in

another insurance company transition into the same

Women in Security to date: 40 years, 23 of

bank then moved into release management using the

those in project management. Born in the

knowledge that had gained during Y2K.”

UK, her early career aspirations were to

be a programmer, back in the days when COBOL was

MIGRATION TO AUSTRALIA

widespread, but she was stymied.

Her first contract role lasted three years, until 2007, after which Shimmin and her family migrated to

“I had taken and passed the aptitude tests for

Western Australia where she took a contract IT

programming for the big four banks in the UK. However,

project manager role in retail banking in Perth. That

the banks only wanted graduates for their trainee

lasted three years, then Shimmin returned to the UK

programmer roles, so I didn’t get a role, but Lloyds

and the role she had left in 2007.

Bank took six of us on as trainee testers,” she says. She spent two years in the UK before returning to “My dream was still to be a programmer, so I kept

Perth in 2010 and spent the next 20 years in a variety

knocking on doors. One year later I started as a

of contract project management roles. Her pivot

trainee programmer with a life and pensions company

into cybersecurity started in 2018 when she scored

on a graduate program with four graduates and one

a contract on a cybersecurity project in the banking

guy who hadn’t been to university.”

sector and started studying for a graduate certificate in cybersecurity, taking units in cybersecurity, network

And there Shimmin stayed, for almost 20 years

technologies and network security.

through various roles: software developer, systems analyst, business analyst, project manager, release

“My role was to delivery several cybersecurity projects

manager for Y2K. “This was a beautiful company to

the largest of which was an identity and access

work for, like a family. I was lucky to have had four

management system,” she says. “I was very excited

children during this time,” she says.

about this role as it was back in banking, which was where I had started my career in IT. Prior to

During here time there she transitioned from software

this, I knew very little about cybersecurity. I quickly

development to project management because

learnt that I needed to understand cybersecurity and

“Feedback that I received on my ability to explain

identity and access management if I was to be able

technical information to non-technical people made

to deliver this significant project, plus projects in

me consider a change of direction into project

vulnerability management and intrusion detection and

management.” This despite being told by her line

prevention software.”

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

W H A T ’ S

H E R

J O U R N E Y ?

Shimmin was hooked. “Nine months into this contract

With her masters in cybersecurity Shimmin joined IBM

I knew I enjoyed the cyber projects and wanted to

in 2022, her first fulltime job in over 20 years. “I was

learn more,” she says. “I took the plunge and enrolled

part of the leadership team leading staff and multiple

at Edith Cowan University to complete the Accelerated

projects, mentoring juniors and graduates. I was the

Graduate Certificate in Cyber Security. This is a 100

onsite resource assisting with cyber initiatives,” she says.

percent online course which you can fit around work. There are three extremely structured seven weeks

She did not stay long. “I decided to return to

units, which they state as 20+ hours a week.

contracting in 2023 when the role I am currently doing as the program manager for a cybersecurity program

“The three units were: cybersecurity, network

of work was raised with me,” Shimmin says.

technologies, and network security. It was a baptism of fire as this was my first time in academia since

CAREER HIGH POINT

1983. This was my ‘aha moment’. It was six months

She describes this as the high point of her career. “I

of extremely intense study on top of full-time contract

have both the cybersecurity knowledge through the

work and family life of husband, four young adults

masters of cybersecurity and the project/program

and some of their partners, two dogs and two cats.

management knowledge. I understand what we

During this time, I changed contracts and worked

need to do and why we are doing it. My major is

as a cyber project manager for a managed services

cyber governance. I can read the information in the

provider in the utilities industry delivering IT and OT

product specifications of the third party systems we

projects on their cyber improvement program.”

are implementing and understand the problem being resolved. I do not have imposter syndrome in this

GAINING A MASTERS IN CYBERSECURITY

area. All my analysis, development, testing, masters

And she continued her cybersecurity education,

in cybersecurity, people and project management

enrolling for a masters in cybersecurity. “I loved the

knowledge have come together and fit like a jigsaw.”

breadth of cybersecurity,” she says. “I felt that my 20 years in development had honed my analytical

And Shimmin has become an active member of

brain. I had a reasonable understanding of networks

Perth’s cybersecurity community. She is a member

and network equipment from previous project

of the Australian Women in Security Network,

management roles. I felt I was ready to complete

Second Thursday of the Month club (STotM), Cyber

this masters. I had waited a very long time to do this

Risk Meetup, the Australian Information Security

tertiary education.

Association, Women in Technology WA and Students of Cyber.

“This was during Covid which meant I had times of working from home which meant no traveling to the

And she says, after coming late to the industry she

office. I could finish my day’s work, switch off my

is now a ‘cybersecurity evangelist’. “My aspirations

work computer, have a cup of tea and start studying.

for the years I have ahead of me in my career

In 2020 I completed six units. Weirdly, the time of

would be for some short courses in leadership

isolation enabled me to not feel guilty about studying

within cybersecurity, explaining the cybersecurity

or taking time away from my family. I have a very

landscape to the uninitiated, and how to protect

supportive husband whose career took a back seat

yourself and your company. To those I encounter

when we started our family, and he was an at home

I’m a cybersecurity evangelist on the simple steps

parent in the 1990s: a trail blazer.”

to protect yourself. The evolving security landscape means that, for the foreseeable future, there will be

However, her decision to study for a masters did

cybersecurity uplift programs to be involved in.”

raise some eyebrows. “There were some people who wondered why I would bother to study this late in my career,” she says. “My answer to this is ‘I’m not dead yet!’”

I S S U E 18

www.linkedin.com/in/beverley-shimmin-msc-cybersecurity-5a72a14

WOMEN IN SECURITY MAGAZINE

a project to diversify employment in the sector. We continue to seek support in this regard.” She says this is one of the biggest challenges the

Elif Cansu Güleç Cyber Security Consultant

project faces, because “In every new workplace we go to, as women, we have to prove ourselves.”

RUNNING CYBERHAT.ONLINE At CyberHat.Online Güleç oversees the platform’s operations, and content creation and networks with professionals and organisations in the industry

whilst keeping up with the latest cyber threats and security technologies. ccording to the World Economic Forum’s Global Gender Gap Index 2020, which

“What I enjoy most is the opportunity to make

benchmarks national gender gaps on

a meaningful impact by increasing diversity in

economic, education, health and political

cybersecurity,” she says. “One of the biggest

criteria, Türkiye ranks 133rd out of 153

challenges is gaining visibility and support for our

countries for economic participation and opportunity,

initiative. I hope to continue growing CyberHat.Online,

113th for educational attainment and 109th for

making it a vital resource for women in cybersecurity.

political empowerment and 130th for the overall gender gap.

“With cybersecurity continuously evolving, I anticipate new challenges and opportunities. Staying informed

It’s a reality that Elif Cansu Güleç, as a woman trying

about emerging threats and solutions will be

to make a career in IT, knows only too well. She says

crucial. I also expect the demand for diverse and

she “loved writing code for embedded systems” but

inclusive teams to grow, aligning with CyberHat.

quit because of gender discrimination in the male-

Online’s mission.”

dominated industry. She was told she “wrote code like a man” as if that were a compliment. She was

Güleç says she thinks a career in security has

constantly required to prove herself, frequently given

always been a part of my life, and certainly she was

tasks outside her formal role, and told that preference

introduced to computers at an early age.

would be given to male candidates when applying for jobs.

“My journey began when I woke up one morning at the age of four and was astonished and frightened

Frustrated with this reality, Güleç started her own

by a talking computer,” she recalls. “My parents

business: CyberHat.Online, with a mission to

showed me that the computer could say whatever

“enable curious and talented individuals in the field

I wanted. After that, I would press random buttons

of cybersecurity to come together and share their

and was curious about how devices such as

knowledge and experience.”

computers worked.

She explains: “We publish daily updates about new

“In the 2000s, when I was in primary school, I learned

vulnerabilities and we write blog posts about some of

how to remove the cards from computers, and how to

the vulnerabilities we deem important. We also have

properly insert them and turn them on.”

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

W H A T ’ S

H E R

J O U R N E Y ?

By the time she was learning to read and write, Güleç

networking, IT, Web programming and databases and,

was also dabbling in computer programming and got

as a freelancer, worked in embedded systems and

introduced to Pic programming in middle school, and

data recovery, IT and cybersecurity.

to Telnet. In addition to her work at CyberHat.Online, Güleç is She then went on to study database systems at the

actively engaged in industry associations, posts on

Anatolian Technical High School and came first in a

LinkedIn about vulnerabilities, provides training and

programming competition run by a university, which

consulting services to a number of companies, and

led to her being offered a place at the university.

participates in the work of the BMO Cybersecurity

Instead she chose to study at Yaşar University,

Commission and in CTF competitions.

gaining a bachelor’s degree in computer engineering. Throughout she says: “My family, friends and

MASTERS IN ROBOTICS AND AUTOMATION

university professors have been my constant support.

She then went on to gain a Master’s degree in

They encouraged me to pursue my passions. I’ve

Mechatronics, Robotics and Automation Engineering

also had mentors who guided me through my

from KTO Karatay Üniversitesi.

cybersecurity journey and provided valuable insights.”

During her high school and university years Güleç says she had many different internship experiences in

www.linkedin.com/in/elif-cansu-gulec

places that dealt with computer repair, data recovery,

I S S U E 18

WOMEN IN SECURITY MAGAZINE

Robyn Frye Vice President, Cybersecurity GRC at Workday

ne of the biggest challenges women

and your family understands and enables your

face in their cybersecurity careers is

career aspirations.”

balancing career aspirations with child rearing; and even contemplating this

And her experience with this woman was not a

possibility can be daunting. A woman in

one-off, Frye says. “My most painful leadership

this situation might expect her female superior to be

interactions have unfortunately come from other

understanding and supportive, but Robyn Frye found

women who I thought I looked up to.” In contrast she

the exact opposite.

is full of praise for one male superior in particular, and her account of this relationship contains valuable

“When my partner and I were considering starting

lessons for any leader.

a family I asked for advice from a senior woman, who had three children of her own, about whether

A LEADER TO LOOK UP TO

it was possible to have a successful career whilst

“I reported to a very seasoned male executive for

also having children,” she recalls. “The cold response

two years in my recent history. At first I was very

I got back was that my only option for a successful

intimidated to be in a direct reporting line with

career with kids was to have my partner stay home

this person who I felt was way too seasoned and

full time or to outsource the raising of my children to

experienced to have me as a direct report,” Frye says.

someone else (full time nanny, grandparents, etc). I felt so shut down by this definitive and seemingly

“What I found from working with this leader was that

factual statement.”

he had the most profound impact on my confidence. He took the time to understand me and help me see

However, undeterred Frye did start a family and, while

what my unique strengths were as a leader. He was

she acknowledges being a working parent is not easy,

very transparent with information and his perspective.

says: “After a decade of experience, I feel confident

This helped me to quickly establish trust and to feel

it is possible to be an engaged and present parent

confident with sharing my unique perspective and

while also succeeding in a challenging career. The

opinions with him. In this leader’s presence I felt very

weights are rarely equally balanced between family

confident in who I am and what I knew, as well as

and work but shifting back and forth is manageable

respected and valued.

when you work with a strong and supportive team

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

W H A T ’ S

H E R

J O U R N E Y ?

“I’ve learned from this relationship that a leader

and confidence to a strong, high performing female

can inspire confidence by demonstrating some

leader who has proven experience leading large

vulnerability, extending the olive branch of trust first,

teams and managing multi-million dollar projects with

and connecting on an authentic level. It doesn’t take

exceptional client satisfaction.”

much to have a profound impact on a team member.” Initially Frye worked in EY’s external audit services

A VP AT WORKDAY

organisation and, as she moved up the ranks,

Frye is vice president of cybersecurity governance,

focussed on SOX, HIPAA, healthcare regulatory

risk and compliance (GRC) at Workday, a global

compliance and governance. “I loved forging strong

company headquartered in the US, that develops and

relationships with my client stakeholders and

provides cloud-based human resources and financial

helping them solve their most pressing regulatory

management systems for large businesses: a one-

and compliance issues,” she says. “At EY I partnered

stop-shop for managing a company’s workforce,

closely with talented professionals from different

including payroll, timesheets, benefits and more.

disciplines and skill sets. I learned the joys of

Since June 2019 she has been based in Workday’s

partnership and teamwork and developed strengths in

Auckland office.

coaching and performance management.”

It is her second role in a two decade long career in

After 13 years, parenthood and its conflicts with the

cybersecurity. Frye grew up in California with an

prospect of partner status prompted Frye to explore

interest in and exposure to technology, “down the

other possibilities. “As a new mother I was struggling

road from the garage where HP was born and the

with balancing my various identities, but I also knew

run-down Victorian house where Google got its start,”

that what I loved most about my job was delivering

she says. “I asked for a dial up modem for a birthday

great work, not selling services. I decided to explore

present when I was 10 years old so I could connect

opportunities outside of EY and, with the support of

with friends in online chat rooms, well before the days

an extensive professional network, I interviewed for

of AOL Instant Messenger!”

and landed a role as the senior manager of enterprise technology compliance at Workday in California.”

Despite her early interest in IT, Frye’s first career inclinations were to become an architect, a

Frye confesses to being, initially, terrified at the

psychiatrist or a business owner, but she was

prospect of a new role in which she would be faced

encouraged by her parents to consider skills that

with leading a team without deeply understanding all

would best prepare her for future opportunities in

aspects of her accountabilities, but says: “Workday

technology. She enrolled at the California Polytechnic

was a perfect fit for me: high growth, fast paced,

State University in San Luis Obispo and gained a

genuine people who work hard but also know the

dual major in Management Information Systems

value of fun, and a work culture that was supportive

and Finance. She took a job with EY (then Ernst

of working parents.

& Young) and stayed for 13 years where she had what she describes as the best foundational

“I took the approach of being an inquisitive servant

career experiences.

leader. I asked questions, rolled my sleeves up and slowly got acclimatised. Before I knew it, I had

FOUNDATIONAL EXPERIENCES

spent eight years in that role, we had grown the

“The pace, breadth of experiences, apprenticeship

team by 400 percent, and many on the team had

model and continuous education model took me from

been promoted one or more times into roles of

being a university graduate with limited knowledge

increased accountability.”

I S S U E 18

WOMEN IN SECURITY MAGAZINE

MOVING TO NEW ZEALAND

business issue. I have to shuffle the deck frequently

In June 2019 Workday had a unique business

in order to ensure my time is spent where it is

opportunity that opened the door for Frye to re-locate

most needed.

to New Zealand, which her family jumped at the opportunity to experience.

“As a people leader, I work hard to constantly challenge my thinking about where I am needed

Now, she says a typical day comprises a combination

and how I can enable my team members to step up.

of meetings with the leadership team to drive

One mantra I use over and over is: ‘Is someone else

alignment and solve issues quickly, one-on-one

capable of taking this on?’ If yes, they should be given

meetings with a variety of Workmates on her team to

the opportunity to do it. This approach really helps

provide individual coaching or to review key initiatives,

challenge where I am needed and how I can better

one-or-one or small group meetings with peers,

enable my team.”

stakeholders and/or partners, solo working time to address strategic, performance or administrative

PAINFUL EXPERIENCES

accountabilities, a walk with a Workmate for

Frye says she has honed her leadership skills through

coffee or lunch to catch up informally, and usually

some painful experiences. “I’ve made mistakes that

time to participate in a cultural or fun event in the

I never thought would be possible to recover from.

Auckland office.

Spoiler alert - once those mistakes were discussed I always found my mind had interpreted the impact to

“I tend to start my day early to ensure enough time

be much larger than it really was.

with colleagues in Europe and North America, so I often take time during lunch to support my health/

“I will also admit that, as a people leader, I have

wellbeing and, when my son gets off school, to

made my fair share of mistakes in coaching and

connect with my family. My favourite part of the day

performance management. Regaining the lost trust

is always connecting one-on-one with workmates. I

of a team member is very hard to achieve. All of

love getting to know people on a personal level and

these challenging situations—or low points—are

helping them navigate a challenge or explore a new

painful to think back on but have also been powerful

concept or idea.

learning opportunities. I have a clear picture of the leader I never want to be. I encourage my team to

“I get so much pleasure from supporting others

push the boundaries even if it means we fail (fail fast,

and having them walk away feeling confident and

fix fast), and I always strive to coach and manage

energised. The biggest challenge to my role is

performance in a way that is ethical and fair for the

prioritising how to spend time in my day. Whether

talent as well as the team.”

it’s meetings, supporting a customer or prospect, deliverable deadlines or dealing with an unexpected

She says the high points of her career all centre around “working in exceptional teams to accomplish what felt impossible at the time.” These include a year-long project tackling Sarbanes-Oxley requirements for a Fortune 10 multinational corporation, a multi-year healthcare project that transformed its HIPAA compliance program, and three months in Santiago, Chile working with an entrepreneur to design and implement key performance indicators (KPIs). “While promotions are important career milestones, the moments I look back most fondly on, are where

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

W H A T ’ S

H E R

J O U R N E Y ?

I have been part of a team that has worked hard, in

Outside of cybersecurity Frye has been a board

unity and deep collaboration,” Frye says.

member for two non-profit organisations in the USA where she contributed her audit, compliance, process

CISO ASPIRATIONS

and leadership skills. “I love rolling my sleeves up

In her current role Frye reports to Workday’s CISO

to support a cause that I am passionate about,”

and a CISO role is one she aspires to “I automatically

she says. “This is key if you are going to take on a

feel embarrassed or even egotistical to state that

commitment outside of work obligations.”

aspiration,” she says. “but 20 years ago I would have never imagined I would have had the experience to

And those commitments could embrace further

be a vice president for a multibillion dollar technology

study. “At this point in my career, I’d love to have the

company. Who knows what is possible over the next

opportunity to step back into an academic setting to

two decades.”

further enhance my executive level skills,” Frye says. “While I enjoy learning in professional networking

She is already well immersed in the world of

settings (conference, multi-hour event, etc.), I’d love

cybersecurity. She has been a member of ISACA for

to immerse myself in a course with a diverse set of

almost 20 years and recently became involved in the

professionals to hone my skills in strategy, innovation

Women in Cybersecurity (WiCyS) community as well

and leadership.”

as serving as a committee member for an internal Workday group for cybersecurity women, known as SHEild.

I S S U E 18

www.linkedin.com/in/robynfrye

WOMEN IN SECURITY MAGAZINE

Ejona Preci Principal Manager - Cybersecurity Risk at FREENOW, President Women in Cybersecurity (WiCyS) Germany

jona Preci had graduated with a bachelor’s

A CAREER ROLLERCOASTER

degree in business informatics and started

Preci describes her career journey in cybersecurity

her first job as an IT specialist when an

as a rollercoaster. “There have been moments of

unpleasant experience led her to pivot

exhilaration, like successfully preventing a potential

into cybersecurity: she fell victim to a

breach, crafting a robust security strategy or

sophisticated phishing attack.

successfully delivering a keynote,” she says.

“Luckily, the impact was minimal. However, as you

“These highs make all the hard work worthwhile and

can imagine, I felt extremely overwhelmed, ashamed

reaffirm my passion for this field. However, there

and afraid of what other people might think of me:

have also been moments when complex topics felt

how could an IT specialist fall for a phishing scam?”

overwhelming or when new threats emerged faster

she recalls.

than we could adapt. In those times, doubt would creep in, making me question if I were doing good

That experience was a wake-up call. “It made me

enough. These moments have shaken my confidence

realise how vulnerable I was. That was the moment

many times but have never made me question if I had

I felt I wanted to know more about cybersecurity

taken the wrong turn by choosing cybersecurity as

and take a deep dive into this fascinating field,”

a profession.

Preci says. “So, I decided to shift my career. I made the transition to a cybersecurity position within a

“I think those moments of uncertainty are essential.

consulting company.”

They have pushed me to learn more, evolve and grow. They have made me realise that working in

She admits to not being well-prepared for the

cybersecurity isn’t about having all the answers but

transition. “When it feels scary to jump, that’s exactly

about the relentless pursuit of solutions to protect

when you jump. No risks, no rewards, that’s clear! I

what is most valuable.”

felt incredibly behind, especially when it came to me

talking about imposter syndrome. I was fighting every

And Preci has no regrets about any of the

day with imposter syndrome. That’s the subconscious

career choices she has made since getting into

I had to shut out, and it took me years to do that.”

cybersecurity. She says every choice, even the

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

W H A T ’ S

H E R

J O U R N E Y ?

seemingly odd ones, presented a learning opportunity.

In addition to her bachelor’s degree in business

“I’ve cherished the diversity of experiences because

informatics Preci gained a Master of Science in

they’ve all contributed to who I am today.”

Management Information Systems, which she says gave her a solid foundation in information technology

ROADBLOCKS

and business processes.

Along the way Preci admits to encountering her share of roadblocks, but regards them in a positive light.

GAINING CERTIFICATIONS

“Those obstacles were like stepping stones, helping

However, as Preci embarked on her cybersecurity

me climb to new heights. There were times when I felt

career, she noticed the market putting significant

underestimated, but I turned that into fuel to prove

emphasis on professional certifications, giving

them wrong.”

candidates holding these a competitive edge. So she pursued a variety of courses and training programs to

Preci’s initial leap into the unknown world of

bolster her expertise.

cybersecurity has certainly paid off. Today she is principal manager for cybersecurity risk with

“Some of the courses and certifications I completed

FREENOW, a company operating a host of mobility

include: Certified Information Systems Security

services including public transport, taxis, private

Professional (CISSP) Certified Information Security

hire vehicles, car sharing, e-scooters, e-bikes and

Manager (CISM) Certified in Risk and Information

e-mopeds under multiple brands throughout Europe

Systems Control (CRISC) ITIL 4 Foundation,” she says.

and the UK. “These certifications granted me a profound “My position consists of overseeing and implementing

understanding of cybersecurity principles, covering

all aspects of cybersecurity risk management, from

ethical hacking, risk management, threat and

risk identification to reporting and follow-up,” she

vulnerability management, incident management,

says. “What I enjoy most about it is the ever-evolving

hardware security, network security, security

nature of cybersecurity. It’s like being a detective, and

frameworks and standards.

I get a real kick out of trying to stay one step ahead of those threats.”

“However, during my career, I’ve encountered cybersecurity experts who didn’t study informatics,

In a sense, Preci says, her career aspirations have

yet they have been highly successful in their careers.

come full circle. “When I was younger, I wanted to

Therefore, studying informatics, computer science

study criminology, and then I changed my mind, but in

or any related field is not a prerequisite to enter the

the end, I feel like I sort of got back to the old dream.

cybersecurity field.”

Cybersecurity is indeed the discipline that tackles and handles online crimes.”

Nor does she see the qualifications she has gained as being the most important for her current role, listing

She describes her job as a chess match with hackers

these as effective communication, strategic planning,

who never take a coffee break. “Cybersecurity is a

business acumen and leadership.

very dynamic field, and you never know what you’re going to get on your desk in the next five minutes. But

“Cybersecurity managers should shift their mindset

that’s also what keeps it exciting.

to be more business-friendly, focusing on articulating security concepts in a manner that is accessible and

“A typical day for me involves a lot of meetings,

relatable to non-technical stakeholders, including

assessments and reading. I work with a brilliant

senior executives and board members,” Preci says.

team, and together we’ve created a wonderful work environment and a digital fortress around

“This involves translating complex technical issues

our systems.”

into clear, concise explanations. They need strategic

I S S U E 18

WOMEN IN SECURITY MAGAZINE

planning to develop and execute comprehensive

FOUNDER OF WiCYS GERMANY

cybersecurity strategies that align with the

Preci says she has always been passionate about

organisation’s objectives. Business acumen is

cybersecurity beyond her regular job, and is

necessary to understand the organisation’s operations

actively involved in cybersecurity outside her role

and goals to effectively integrate cybersecurity,

at FREENOW. She recently founded, and serves

and leadership skills to efficiently lead and manage

as president of, the German affiliate of Women in

cybersecurity teams to implement security measures

Cybersecurity (WiCyS) and is an active member of

and respond to incidents.”

several industry associations including ISACA and ISC2. She contributes to ISACA as a topic leader and

FOCUSSING ON AI

a subject matter expert, reviewing and crafting exam

Nevertheless she sees the need to advance her

preparation materials and writing articles and industry

technical knowledge, especially in the rapidly

news on cybersecurity topics.

evolving area of artificial intelligence. “In the coming years, I see AI playing a more significant role in

She has also started her own Cyberstar Talk’s

threat detection and response, anomaly detection

Podcast, which, she says, “serves as a valuable

and information security awareness training.

resource for cybersecurity professionals and

This expected development will certainly impact

enthusiasts alike, providing up-to-date industry news,

our current roles, making it even more crucial to

insights on emerging threats and engaging interviews

understand AI’s interplay with cybersecurity. As a

with influential cybersecurity figures from around

cybersecurity risk manager, staying ahead of these

the world.”

trends is not just a goal, but a necessity. Preci’s achievements saw her recognised in 2023 “I’m all set to level up my skills and qualifications

as one of 44 Cyber Power Women by Top Cyber

in this area by participating in specialised AI and

News Magazine and shortlisted for the Cybersecurity

machine learning courses that focus on cybersecurity

Woman of the Year Award 2023.

applications,” she says. “These courses can help me understand how to leverage AI algorithms and models to enhance security measures, automate threat detection and improve incident response. I also plan to actively engage with AI and cybersecurity communities,

www.linkedin.com/in/ejonapreci

www.ejonapreci.com

cyberstartalkspodcast.buzzsprout.com

attend conferences and participate in forums to stay informed about the recent developments of AI in cybersecurity.”

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

Meaghan Bradshaw Senior Cyber Consultant on Microsoft Incident Response

eaghan Bradshaw is a forensics

response,” after embarking on a graduate program in

consultant in Microsoft Incident

the government.

Response (Microsoft IR, formerly Microsoft’s Detection and Response

“It was a role that let me be creative in my problem

Team -DART), and the first team

solving, pick apart entirely new ways to think, new

member to be based in New Zealand “supporting

skills to dig into, and satisfy my desire for root cause

organisations, solving digital mysteries, and chasing

analysis,” she says. “There’s nothing like picking apart

bad guys on a global scale,” she says.

forensic images to figure out what the bad guys were able to do, and I haven’t looked back since.

“As one of the earliest members of Microsoft IR in the APJ region I’ve had the honour of not only getting

“Working in incident response is rewarding every day.

to expand my influence to customers across the

Not only is every single organisation, compromise

world, but to build out an incredible team of fellow

and engagement unique in its own way, but I get the

analysts in New Zealand, Australia and more, taking

opportunity to work on a global scale and to be part of

on leadership roles quickly and fostering a team

a team that is rolled in to save the day.

culture of high quality output, supporting customers on the worst days of their careers, and feeding back

“JUST ANOTHER TUESDAY”

into the wider infosec community with published

“When we kick into an engagement, the organisation

research efforts.”

that called us is experiencing some of the worst days in their career, but for us it’s just another Tuesday,

Bradshaw graduated from the University of Otago

and being able to provide that level of comfort and

in 2017 with a bachelor of science in physics and a

guidance in such stressful situations never gets

bachelor of arts in computer science. She says she

old. Contributing to every engagement big or small

chose these because, “I’ve always wanted to get

is always rewarding, as is getting the opportunity

to the root of every problem, and had a passion for

to contribute to the wider efforts Microsoft

understanding how things work.”

supports on a global scale, or sharing learnings and recommendations from the front lines using that

She was introduced to what she says is “the crazy

global platform. This is something I feel incredibly

world of cybersecurity and in particular, incident

lucky to be a part of.”

I S S U E 18

WOMEN IN SECURITY MAGAZINE

However “just another Tuesday” Can be a stressful

Collaboration and relationships are, Bradshaw

day for Bradshaw. “Every customer engagement I

says, key to success in incident response, and she

walk into is inherently dealing with a high-pressure

believes these to be functions greatly undervalued in

environment with a group of people under an extreme

many roles.

amount of stress,” she says. “The level of pressure varies, of course, depending on the incident, but when

“The massive community of threat intelligence

it’s reactive, there’s always a heightened sense of

sharing is something I rely upon every day. Threat

urgency from every angle for the first few days.

intel is like a cheat sheet for incident response, and our people work together extremely closely

“Destructive engagements such as ransomware are

to understand what to hunt for, to share when we

particularly high-stress. To add to that, as a forensic

find new tactics, techniques and procedures during

analyst I’m not the one helping get an organisation

our hunting, and testing new attack techniques to

back online, but I am charged with finding out what

understand exactly what is going through the threat

happened, which takes time. We’re often faced with

actor’s mind and what’s left behind. Research is

needing to identify a few really key parts of the story

a massive part of making security professionals

as quickly as possible, sometimes with the added

successful as a whole, and being able to share that

pressure of an organisation needing our advice

research and how it applies to organisations through

to know when they can turn systems back on or

various blogs over my time on Microsoft IR has been

connect their network back to the internet to get their

incredibly rewarding.

operations back up and running. “As a member of an incident response team,

PUT ON THE SPOT

developing threat intelligence isn’t my day job, but

“I remember one incident where I was given data from

it’s absolutely imperative to the success of my

two systems and asked to provide a recommendation

threat hunting and team overall. So forming close

back to the customer after just two hours of analysis

relationships with threat intelligence teams across the

as to whether they needed to sever their corporate

company, and forming those relationships across the

network from a series of remote sites meaning

industry, are key to ensuring we’re the most prepared

significant impact to business operations. In those

we can be when encountering threat actors.

situations I always make sure to just speak to the evidence and make sure I provide as much context

“In the same vein, defenders can’t defend if they don’t

as possible on the risk associated with making

know what they’re defending against: one of the most

such high-pressure decisions so early on in a

important pieces of collaboration an organisation

destructive attack.”

can foster is between blue teams and red teams, and encouraging knowledge sharing between them.

BEWARE OF SILOS “I think that a trap security professionals can easily fall into is one that is experienced across every industry, and every organisation out there. People fall into silos, going forward in their day to day roles, only doing exactly what that role entails, without seeking out more diverse perspectives or understanding how their colleagues just a few teams over could help make their work more effective for everyone.”

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

W H A T ’ S

H E R

J O U R N E Y ?

“Sharing research and findings with the wider

implementing the principle of least privilege, and

community is also something every security

undertaking regular reviews of how corporate

professional should consider no matter their role.

environments are accessed with the goal of moving

While I’ve worked with Microsoft IR I’ve had the

toward a zero trust model.

opportunity to hunt nation state actors using neverbefore-seen techniques, and publish blogs detailing

“All of these steps will take some time for sure, but

not only the technical details of how those techniques

will help organisations continue to improve their

are able to work, but how to hunt for and defend

posture overall in the ever-changing threat landscape.”

against them with a global audience. And for herself, fighting threats Bradshaw says “With a wide visibility of compromises from across

learning about offence has done much to improve

various industry verticals and spanning the globe,

her defence abilities. “The most valuable educational

I’ve had the opportunity to collate and understand

opportunities I’ve taken as a defender have been

how particular threat actors always come back to

completing offensive certifications. There’s nothing

the same playbook no matter the target, and being

quite the same as being faced with a terminal and

able to share that knowledge with the world to ensure

having to figure out how to actually get in to help you

organisations are as prepared as they can be to stop

understand the motivations and actions taken by a

a threat actor in their tracks are some of the most

threat actor when they’re attacking the network you

rewarding contributions any security professional can

need to defend.”

provide back to the wider community.” And, says Bradshaw, threat actors no longer break

ABOUT MEAGHAN

in: they sign-in. “whether that’s through a simple

Meaghan Bradshaw is a senior cyber consultant

phishing email or social engineering of a helpdesk.

on Microsoft Incident Response (Microsoft

Something we’ve encountered in increasing volume

IR, formerly the Detection and Response

over the last year is threat actors just using features

Team – DART) with an education background

within products as intended, or abusing common

in physics, computer science, and offensive

misconfigurations coupled with carrying out those

security. She specializes in digital forensics and

actions at an incredibly aggressive pace.

incident response and has hunted sophisticated adversaries and novel tactics, techniques, and

“With the complexity of modern hybrid environments

procedures in complex customer environments

spanning masses of portals, tools and solutions,

spanning Windows, Linux, and Azure. Outside

when these aggressive actors make their way in,

of customer engagements she has piloted and

security teams within these organisations struggle

helped deliver several training initiatives within

with visibility across everything being abused, making

Microsoft IR, has contributed to internal tool and

it increasingly difficult to stop these actors in their

process development, and has authored several

tracks before they’re able to carry out actions on

public-facing research pieces on novel TTPs.

their objectives.” She says security staff need a single pane of glass offering a comprehensive view of complex

www.linkedin.com/in/meaghan-bradshaw-997ba7223

environments, along with “ensuring administrative actions have multiple steps of approvals, empowering

BlueHat Oct 23. S09: Thinking Outside The (Dead)Box

helpdesk staff to be aware of being targeted by social engineering, performing regular assessments of where privilege is held across your environment,

I S S U E 18

WOMEN IN SECURITY MAGAZINE

Maria Teresa Jimenez Salinas Senior Information Security Officer at Citi

y current position is as a senior

time commitments. At Deloitte I was an auditor

information security officer at

undertaking IT audits and evaluating internal IT

Citi. I have held this position since

controls of companies and various sectors.

December 2018. What I enjoy most about my job is that every day is

A START IN CYBERSECURITY

different: each day I can learn new requirements,

My time at Deloitte was a great learning experience:

new technologies and new security questions. Of

I got to know different ways of working from the

course, given the dynamism of the job, there are

companies I audited, as well as many people

many challenges. First is the need to have precise and

and management styles. This was where my

timely answers to all the questions clients (internal

security career started, because as an auditor you

or external) may have. Second is the need to always

are expected to identify and report any possible

be up to date. Self-study is key in this cybersecurity

security breaches.

journey. I studied at a girls’ school from kindergarten to high school where being surrounded by women

At this point I realised I wanted to pursue a career in

helped me understand how we think and how we

security. My first achievement was at Deloitte when

react to specific circumstances, especially when we

I was promoted from analyst to technology risk

are angry, upset or happy.

consultant. It gave me great satisfaction and boosted my career. After being an auditor, I changed roles in

I studied for an online double degree from Walden

my next job to become an internal control manager

University in the United States and for a Bachelor

at a Mexican media company where I initiated

in Information Technology Administration from the

the internal control function by developing and

Universidad del Valle de Mexico. Four years later

implementing policies and procedures for operations

I pursued a Master in Business Administration at

administration. This initiative broadened my outlook

Universidad de las Americas in Puebla, Mexico.

and complemented my vision of risk in the company.

I started working at Deloitte Mexico while studying

Also, my time at this company holds special

at university. Combining these two activities was

significance to me because I met my husband there.

a big challenge because both required significant

Subsequently, I applied for the position of business

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

W H A T ’ S

H E R

J O U R N E Y ?

information security officer (BISO) at Citi, one of the

I am certified in PECB ISO/IEC 27001 and ISO 22301

biggest banks in Mexico and the world. After almost

and I am pursuing an ISACA certification (CSIM). I am

three years I was promoted to senior information

convinced it is important to develop technical skills

security officer. In this position my responsibilities are:

in security, but most important are communication and management skills, because you have to make

• ensuring security practices/standards compliance and reducing security risks through enhancing

people aware of all the threats we are exposed to in cyberspace and in our everyday lives.

controls and minimising weaknesses in Citi’s applications portfolio.

Prior to joining Citi I had mostly worked in areas

• ensuring audits are passed with a satisfactory

where men were in the majority. However, I am

audit rating for all information security topics.

pleased to say almost half the employees in Citi’s

• supporting development and implementation

information security area are women. This indicates

in Mexico of Citi’s global information security

women are becoming increasingly relevant in

policies, standards and initiatives.

information security.

• providing recommendations on the information security aspects of projects and assessing/

My future plans are to continue in the cybersecurity

reporting on corrective actions plans to improve

and information security area. I aspire to be a CISO in

information security programs and initiatives.

a global company. I am willing to relocate to another country, to learn more about another culture, get

DISCOVERING THE FINANCE SECTOR

to know more people and increase my cultural and

I was reluctant to work in a company in the financial

technical skills. In my free time I like to read historical

sector, but now I work in a bank, I realise my

novels, thrillers and any kind of reading that helps

reluctance was misguided. I have learned so much

clear my mind. Also, I love cooking and baking. I like

about all the regulations that must be complied

to experiment with ingredients to create new recipes

with, locally and globally. Without a doubt the

and new tastes.

financial sector is the most regulated in terms of information security. www.linkedin.com/in/maría-teresa-jiménez-salinas-a4966320

Congratulations to all the 2023 New Zealand Women in Security Award Winners

www.womeninsecurityawards.co.nz

I S S U E 18

WOMEN IN SECURITY MAGAZINE

Natasha Towner Deputy CISO and Security Operations Lead

atasha Towner is deputy CISO and

starting her first job as a quality assurance tester for

security operations lead for the Francis

a payment provider, Commidea. It was there that she

Crick Institute (the Crick). She has been

discovered cybersecurity.

in the role for nearly six months. “My role embraces a range of cybersecurity

FROM QA TO CYBERSECURITY

and data protection functions including leading the

“Following a short time in quality assurance I took on

SOC team and using various security tools,” she

the role of cybersecurity analyst. I learnt to become a

says. “The SOC team is instrumental in ensuring the

cybersecurity analyst from my manager and mentor,

continuing security of the Crick.

Marc White, and this has been my career over the past 13 years,” she says. “He taught me everything

“My day-to-day activities vary. They can include

around cybersecurity! Following Commidea, I worked

reviewing our security status using SOC

at Vanquis Bank and at Optomany where I progressed

tooling, reviewing threats and trends within the

from senior cybersecurity analyst to information

pharmaceutical and research landscape, reviewing

security manager.

the Crick’s cybersecurity tools, processes and other aspects of its security.”

“I am very lucky to have an extremely strong support system. Although cyber security generally is a male

Towner says working at the Crick is very rewarding.

dominated sector to work in. I have always been very

“It is the UK’s biggest biomedical research facility. Its

lucky enough to work with male counterparts without

main function is to find cures for various diseases,

any sexism or misogyny. I have always been treated

including cancer. Being part of an organisation that

as an equal. Within the Francis Crick the Architecture

is trying to help find cures for diseases that affect

and Design and Information Security team is led by

almost every family is inspiring.”

Minu Ali and I have learnt a lot from Minu in the past six months, and continue to do so in the future.”

After completing her A-levels at Chapter School for

Girls, where she studied IT and Law and then forensic

However, Towner says the most important people to

computing at the University of the West of England

her career success have been those in her family, first

(UWE), graduating in 2010 with a 2:1 degree and

and foremost her husband, closely followed by her

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

W H A T ’ S

H E R

J O U R N E Y ?

parents. “My husband Christian Towner has always

Towner holds ISACA professional membership, and

been my biggest supporter and has encouraged me at

is a member of the London chapter. “The journal

every opportunity in my career,” she says. “My parents

published by ISACA is a very useful tool and keeps me

Paul and Tracy, sister Amy and close friend Sarah

updated on new threads and trends in cybersecurity,”

have also always listened and encouraged me to be

she says.

my best” “My further plans include completing my CISSP She has also continued with formal learning since

qualification, mentoring other employees at the Crick

graduating, taking courses on SIEM and rule

and building the profile of cybersecurity. I would like

generation and PCI DSS, along with general online

to further my skills by completing other recognised

courses to learn more about current threats. She

courses. I hope to learn a lot more from my role

has also completed ISACA’s Certified Information

as deputy CISO at the Crick and extend my skills

Security Auditor course. “In all my roles the skills I

and knowledge.”

learnt from my degree and the CISA course have been instrumental in establishing security as a program and setting the basic security framework,” she says.

www.linkedin.com/in/natasha-towner-7260a8218

And Towner has not stopped learning. In 2024 she plans to complete the CISSP course and attend the Hershel Programme for Women in Technical Leadership course. She recently received a Top 100 Future CISO award from Hot Topics.

NEW ZEALAND WOMEN IN SECURITY AWARDS 2023

I S S U E 18

Thank you to our sponsors WOMEN IN SECURITY MAGAZINE

D O Y O U W ANT TO HEL P UP LI FT WO M E N I N CY BER SECU RIT Y?

S P ON S O R S W E LC OM E D

TA N G IB L E UPL IFT PR OG RA M I F YO U ' R E I N T E RE S TE D I N S P ON SO RIN G TU P , P LE A S E ME S SA GE US O N L IN KE DI N. l in k edi n.c om /com pany/ta ng ibl e-up lift-p ro gra m

Big Picture Easy Reliable No job is too big or too small. We look after your marketing & content needs so you can get on with what you do best. GET CONNECTED AND TAKE CONTROL OF YOUR BUSINESS SUCCESS TODAY!

charlie@source2create.com.au

aby@source2create.com.au

Ayça Güzünler Director of Security, Strategic Programs & Business Operations at Booking.com

hen Ayça Güzünler talks about

become the person I am without those learnings. So I

her experience of gender

would not change anything even if I could.”

discrimination she is not one to mince words. “I wish I had

FACILITIES BASED DISCRIMINATION

nothing to mention here. But we all

At university Güzünler faced a different kind of gender

probably have that one person who single-handedly

discrimination: ‘facilities-based discrimination’. “I kept

turned our life to shit for a period, right?”

complaining to the faculty dean about the number of female bathrooms versus male bathrooms in the

That one person was: “The worst manager of

buildings, presenting data on how much we needed to

my entire life, a CSO I reported to for a while. He

walk (sometimes run) in the breaks or during classes/

presented me with roadblocks that caused me not

labs if we needed to pee,” she says.

only career challenges and people challenges but also health challenges. He was, and probably still is, a

“It sounds simple, I know. But doing that long walk

misogynistic person who enjoyed using women to his

to another floor for four years a few times every day

advantage for personal success, yet never gave them

takes a toll on a young person’s mind, and makes

what they deserved.

them feel unwelcome.”

“He blocked multiple female leaders’ growth. He

That was in Güzünler’s native Türkiye, a country as

would give women zero salary raise while others

we noted in another What’s her Journey? in this issue

would enjoy ten to fifteen percent on a yearly basis.

(that of Elif Cansu Güleç) ranked as one of the worst

He would cut the female leaders’ bonus or other

in the world for gender discrimination.

benefits. He would crucify the mistakes of women while protecting his mates who happen to be same

Güzünler has come a long way since her student

gender. He was the exact opposite of a champion.”

days. She is now director of security, strategic programs and business operations at Booking.com

However, Güzünler says there were positive outcomes

in Amsterdam. She has been with the company

from this experience. “I learned a great deal from

since 2019, moving from Vodafone, also in

this awful man. And looking back, I would not have

the Netherlands.

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

W H A T ’ S

H E R

J O U R N E Y ?

“Our team is made up of four pillars, and the scope

Güzünler’s career journey has been aided significantly

is end to end ranging from strategy to delivery,” she

by some champions. After Vodafone in Türkiye

says. “The Strategy Pillar defines the WHY and WHAT

experienced major natural disasters—a flood and

of our security strategy. We formulate the security

an earthquake—it decided to gain ISO22301 and

strategy together with leadership and manage the

ISO27001 certifications.

planning lifecycles using agile methodologies. This entails getting alignment across the organisation on a

“This is when the CSO of Vodafone, Mesut Demirbilek,

high-level execution plan, creating business cases and

became aware of me,” she says. “He not only saw

challenging the strategy where needed with business

the outcome of the tech team’s efforts leading the

and portfolio leads.

network and IT front to help deliver the strategic goal, he saw me as a young talent. He became my

“The BizOps Pillar operationalises the WHAT, helping

champion. I did not know back then the difference

the portfolios on security budget planning, resource

between a mentor, sponsor or champion. I learned

planning and data insights. Through this governance

through experience that a champion is someone

pillar we challenge the target setting process so it is

who makes things happen for you. Mesut Demirbilek

aligned with strategy, yet still sufficiently ambitious.

got me into situations where I would meet amazing people in the industry, leaders and pioneers who each

“The Program Management Pillar delivers the WHAT

opened doors for me. He is still my go-to person for

together with portfolio teams, governing the execution

any kind of life or career decision.

and dependencies continuously through programs or projects which have a start and end date. This pillar is

“What women really need is what men get all the

the connective glue that enable complex initiatives or

time: someone prepared to go out on a limb for them.

projects and transitions to be successful.

A champion is someone who, behind closed doors, slams their fist on the table and says: ‘if there is only

“The Transformation Pillar guides the HOW. We

room for one promotion on the budget, it will be her’.

anticipate the employee impact and concerns of any

In other words, a champion is a committed sponsor

security development or transformation project. Then

who has the agency to influence people at the top

we equip the portfolios with the necessary tools and

and will use it to help you. Someone who will be your

knowledge so we can achieve sustainable change.

brand ambassador and push you to get ahead.”

This pillar is the key to engaging and working with our change partners to find common ground for all

BEING CHAMPIONED

stakeholders with the end goal in mind: advancing

Another champion who played a pivotal role in

cybersecurity and privacy as a common good across

Güzünler’s career was Andrew Sterneberg, in

our organisation.”

2009 corporate security officer at Vodafone in the Netherlands. “Andrew offered me the chance to move

FROM ISTANBUL TO AMSTERDAM

from one continent to another with a challenging

After graduating from Türkiye’s Hacettepe University

but cool job in the Netherlands,” Güzünler says. “The

with a bachelor’s in electrical and electronics

role was a double promotion for me and a huge leap

engineering Güzünler joined Vodafone in Istanbul in

in income. Andrew, back then, was advised by other

2005 and stayed there until 2011 when she moved

sponsors I had: security leaders I worked with in

to Vodafone in Amsterdam, along the way gaining a

Germany, Ingo Geisler and in UK, Nikolaos Loukeris.”

masters in engineering and technology management from Türkiye’s Boğaziçi University in 2009. After four

She also pays tribute to “fearless and inspirational

years with Vodafone in Amsterdam—which became

female leader, Barbara Jongerden, chief legal officer

VodafoneZiggo in 2017—she joined Booking.com

of VodafoneZiggo. “Never in my life or career have

in 2019.

I found someone as accepting and forgiving as

I S S U E 18

WOMEN IN SECURITY MAGAZINE

she was,” Güzünler says. “I worked with her in my

inappropriate behaviour, or those who have reached

30s and at a time when I tried new things. I made

their position only because they were part of the right

mistakes. She provided me the opportunity of failing

bunch of other white men.

and learning. “When I get an invitation for an event, out of “Another thing she did was to expand my role and

curiousity, I check the names or photos provided on

responsibilities right after I had a baby and came

the list, to be reminded again of the inequality. Let’s

back from maternity leave. In a male dominated

face it, we are ‘still’ underrepresented, and the trend

environment, unfortunately it works the other way

is not improving at the pace needed. It results in a

around. Usually we come back from parental leave or

number of problems, but most importantly the lack of

any kind of long term leave to find our team has been

psychological safety for women in security. I do not

shrunk or distributed to other managers. Barbara’s

want to generalise. I am sure there are companies

trust and dedication to female team members have

doing a great job, lifting women as they go. However,

been absolutely amazing to experience and I am

for most, it is not the case. Psychological safety and

grateful to her for being a great role model, helping

the right kind of visibility are critical for any kind of

me find my voice.”

career growth and personal growth.”

She continues to be blessed with good leaders,

And Güzünler's plan for her next phase of growth is

singing the praises of Booking.com CTO Rob Francis.

another masters: “My aspirations lie in the domain of

“He is incredibly humble and does not like to hear too

environmental, social, and corporate governance,” she

many compliments, but I find him to be the smartest

says. “I find great purpose and admiration of people

and most grounded Tech leader I ever had, who is

who deal with global risks and the deadly challenges

fully dedicated to the future and improvement of

humankind is facing.

tech teams, including the growth of female leaders operating under him.”

“Therefore, I have decided to take up another masters program from Amsterdam University and be part of

STILL FACING SEXISM

their ESG academy. I am super excited to grow in this

Güzünler has come a long way after almost two

direction and use my governance experience and risk

decades in IT and cybersecurity but says the gender

management knowhow for improving the world my

imbalance and sexism continue to trouble her. “The

children and, hopefully, their children will live in.”

rare moments of doubt where I think I might have taken a wrong turn are when I feel overwhelmed by the dominance of average men in leadership with

W O M E N I N S E C U R I T Y M A G A Z I N E

www.linkedin.com/in/ayca-m-19962713

J A N U A RY • F E B R U A RY 2024

LIVING THE DREAM “I planned to continue my own studies in parallel at the same university by way of a Master’s degree in Translation and Generative Grammar,” she explains. “It

Colette Hanley Vice President, Technology Risk at Checkout.com

turned out the only place I could just about afford to live in was a dank top floor apartment in the 18th district of Paris. But it was just around the corner from the Moulin Rouge, so I was pretty much living the dream, despite the semi-permanent cockroach infestation.” She admits to being initially out of her depth as a teacher, but says the skills she gained to cope in the

f you check out Colette Hanley’s LinkedIn profile

classroom prepared her for some aspects of her

you will see a list of impressive security roles with

future career in cyber. “I had to think hard about my

global organisations stretching back two decades:

ability to engage effectively with people, and also

from information security compliance manager at

how to move from theory to practise. Not getting it

PWC to her current role of VP technology risk with

right the first time, or the second and the third, was a

Checkout.com (a global company providing online

lesson in how persistence drives incremental change.

payment services) and embracing Barclays Bank (head

It didn’t matter how expert I was in my subject

of standards and compliance), Betfair (global head of

matter, it’s the quality of the communication and the

compliance security), Skype (global head of information

relationship that most affected the outcome.”

security compliance), a similar role at Microsoft after it bought Skype and Nokia (chief privacy officer).

Hanley gained her master’s and France’s Certificate of Aptitude for Secondary School Teachers (CAPES)

What you won’t find is any reference to her earlier,

qualifying her to teach in the French education

very different roles.

system. A few years later she returned to England, took contract work translating French texts and a

“My first loves were language, fine art and ideas,”

variety of jobs. It was at one such—office admin

she says. “I have a degree in French and Italian from

at a hedge fund—that Hanley first encountered

the University of Exeter in South West England. … I

cybersecurity.

was interested in how we tell stories, describe our world and our human experience, how we make a

“I was handed responsibility for managing their

connection and articulate ideas. My special focus

backups. In getting to grips with what backups were

was exploring the relationships between art, society

and why they’re important, I lifted the lid on a universe

and literature and the influence they have on each

dedicated to protecting information. I read up a bit

other. I was also absorbed by the works of the

more on the concepts and then the details.”

French philosophers because they taught me how to challenge my own assumptions, how to organise

STEGANOGRAPHY

ideas about fundamental yet illusive concepts such as

Steganography piqued her interest. “Steganography

existence and ethics.”

and its origins fascinated me since, as far as I was concerned, it was all about hiding meaning in plain

Her first job after graduating was as a lecturer in

sight, reminding me of the literary texts I’d analysed

grammar, linguistics and the ‘conventions of the short

as an undergrad,” she says. She was rather bemused

story’ at l’Université Paris Nanterre on the outskirts

by public key cryptography, saying it “genuinely felt

of Paris.

like an Absurdist experiment.”

I S S U E 18

WOMEN IN SECURITY MAGAZINE

Nonetheless, Hanley was sufficiently motived to make

A DELICATE BALANCE

a massive commitment to cybersecurity: she resigned

Some of her transitions have not been easy, or

her job and used her savings to put herself through

seemed wise at the time. In particular, moving from a

a Master’s in Information Security at Royal Holloway,

well-established bank to a tech startup. “I found I had

University of London, where the ‘Absurdist experiment’

a delicate balance to strike when layering governance

of cryptography could not be avoided. “Unsurprisingly,

and compliance onto this pretty chaotic environment

the first term at RHUL was hard work. Not having a

and without slowing any of the engineers down,”

degree in mathematics meant attending extra maths

Hanley says.

lessons to cope with the cryptography module,” Hanley says.

“I was used to security compliance being driven by mandate which wasn’t the case here. I had to

She was extremely fortunate to be taught

adapt my approach and properly engage with my

cryptography by one of the best. “I had an incredible

stakeholders by asking really good questions and

teacher: the security visionary professor Fred Piper

listening with intent. It was helpful for both parties.

who developed the first cryptography research group

Security might be top of my list but it’s not realistic to

in UK higher education,” Hanley says. “Thanks to him, I

think that my colleagues feel the same. I needed to

aced my crypto exams. I actually have his publication

‘speak their language’ rather than impose mine, then

Cryptography: A Very Short Introduction here on the

join the dots between what I’m asking and what that

shelf behind me!”

means for them. I suppose this is also a reminder of the value of empathy; we’re complex beings and the

Hanley’s formal cyber education did not stop with her

workplace can be really stressful. So let’s keep that in

master’s. She went on to gain a variety of security

mind when we ask people to do stuff.”

and privacy certifications, including CISSP, CISM, CIPM and CDPSE. She says industry certifications

Becoming chief privacy officer at Nokia was another

are important because they provide evidence of a

challenge: the enforcement deadline for the European

baseline of proficiency in a domain, but for the most

Union’s General Data Protection Regulation (GDPR)

part, curiosity still drives her education.

was looming.

“If I stand still, I risk getting stuck and learning moves

“I was charged with operationalising privacy

me forward. It’s healthy for my intellect and good for

requirements across products, services and their

my happiness. Informal opportunities for learning are

200,000 strong workforce, Hanley says. “Building up

rewarding too, such as hearing from industry peers

a function to juggle the regulatory, operational and

how they’re tackling the same challenges I face. Every

business aspects of privacy implementation was

book I open and every person I interact with has the

heavy lifting but completely engrossing.

potential to expand my universe. That’s exhilarating.” “I got to work with some wonderful people: my team, Looking back on her cybersecurity career to date

the privacy officers across the business and some

Hanley says each step has been carefully considered.

talented legal counsel. This network of allies directly

“Keeping an open mind has worked well for me and

influenced performance and outcome for privacy at

allowed me to recognise opportunities when they

Nokia and helped me devise creative approaches

arise. Over the years, I’ve learnt more about what’s

to addressing obstacles and opportunities. When

important for me; I want to be somewhere I’ll add

everyone is invested in collective success, you can

value, where I can try new things, be intellectually

face anything.”

stimulated and have fun.”

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

W H A T ’ S

H E R

J O U R N E Y ?

After five years at Nokia Hanley took on her current

“I may also be involved in discussions about our

role at Checkout.com covering technology risk

security posture with our merchants or regulators.

oversight, security compliance, security assurance

The fragmentation of requirements we’ve witnessed

and data governance.

in the world of privacy is definitely spreading to cybersecurity. Regionalisation and localisation of

“My role is to protect our products, services and

compliance requirements means the ecosystem is

operations, maintain our security compliance

becoming ever more complex to navigate. We’re a

obligations, and provide security assurance to our

fast-moving business so ‘expect the unexpected’

merchants and regulators,” she says. “I enjoy the

is par for the course and our security governance

variety and impact of my work, as well as the chance

must be flexible enough to cope with new needs.

to learn and innovate in a fast-paced environment.

For example, if the business decides to move into a new market, we quickly get to grips with the relevant

A NEW CHALLENGE

regulation and compliance requirements and analyse

“Checkout.com provides payment solutions for

the operational impact.”

businesses and their customers. As a sector, financial services is a prime target for cybersecurity

Outside her role at Checkout.com Hanley says she

attacks. My challenge is to protect our merchants,

believes it to be important to contribute to initiatives

make our business more resilient, manage security

that move the security industry forward. She

compliance for existing and emerging regulation in

participated in the 2023 Cyber Innovation Challenge

a dynamic threat landscape. I also need to make it

run by the City of London.

easy for everyone in the company to understand the link between information security and our company

“A range of financial institutions, tech vendors and

objectives and shape the mindset, behaviours and

the Metropolitan Police came together to tackle an

values of our workforce to create a positive security

industry-specific conundrum around sharing threat

culture. A security leader is a business leader; we

intelligence without compromising internal information

need to align security to the business and not the

or compliance,” she explains. “My contribution was

other way round. This is how we make security

to challenge the tech vendors to make their offerings

relevant and valuable.

robust from a privacy and security compliance perspective as well as defensible to senior leadership

“I’ve enjoyed seeing the positive impact my team has

and customers. Working with such a range of the

had. People are involving us early in their planning

participants but for the good of all was amazing. We

recognising that delivering a quality product means

definitely made ourselves stronger together.”

embedding security from the start. We’ve gained a seat at the table by partnering to understand the

Cybersecurity is Hanley’s third career after teacher

hurdles they face when implementing our governance,

and translator and while it might seem very different,

risk and compliance requirements. We engage

she sees important similarities. “I started out caring

regularly, are pragmatic with our guidance and are

about language, communication and relationships

ready to present options which achieve better results

and I still care about those today. As Bruce Schneier

for everyone.”

put it, ‘If you think technology can solve your security problems, then you don’t understand the problems

She says her day inevitably features activities that

and you don’t understand the technology.’ For me, it’s

contribute to maintaining strong data governance,

all about people.”

embedding security principles, overseeing compliance work and facilitating assurance with security and data protection regulations.

I S S U E 18

www.linkedin.com/in/colette-hanley

WOMEN IN SECURITY MAGAZINE

Marina Gistau CEO Nudgy Consulting | Change Manager Cybersecurity

y name is Marina Gistau. I am

My mission at that time was to assist the managers

the CEO and founder of Nudgy

of the final assembly line to offer client airlines a

Consulting, and a change manager

process and an action plan to build a better customer

in cybersecurity. A few years ago I

experience. Clients often visit aircraft factories to

would never have imagined having

monitor the construction of their planes, report

such a job title, or such expertise. Let me take you

non-conformities, track progress, etc. It was a real

through the key moments in my journey to gaining

challenge for me, at the intersection of two worlds.

expertise in cybersecurity and organisational change.

On the one hand, clients and investors expected an exemplary level of quality throughout the purchasing

As far back as I can remember, I have been

and design process. On the other, the teams close to

passionate about advertising. More specifically, about

the industrial processes in the factory, and closely

the concepts used in advertising to evoke emotion,

connected to the product, were not very receptive to

influence action and so on. I loved spending time

clients’ sensitivity.

analysing billboards or TV ads and wondering how one slogan could have been better than another, or

The challenge was colossal, but the experience

what story I would have wanted to tell if I had been in

reinforced my conviction that humans are at the heart

their place. So, it was quite natural for me to pursue

of any change. It created in me a certain fascination

my studies in a business school in France, specifically

for what is now called ‘change management’: guiding

the Toulouse Business School.

individuals from state A to state B, accompanying them through a multitude of steps and ensuring

FROM MARKETING TO THE AEROSPACE INDUSTRY

they arrive at their destination under the best possible conditions.

After completing my master’s in marketing and

communication an unexpected opportunity presented

THE TURNING POINT: CYBERSECURITY

itself: a mission in the aerospace industry. A sector

After this project had been completed I was

that had never really interested me. Nevertheless,

approached to take on a new mission. That was when

being naturally (perhaps too) curious, I wanted

cybersecurity came to me. At the time we called

to give it a try. There, I discovered a certain

it ‘information security awareness’. The goal was

rigour, unwavering technological demands and,

ambitious: to develop a cybersecurity culture and

above all, passionate colleagues united around a

reduce risks in a group of 130,000 users worldwide,

product: airplanes.

across all entities. Quite a challenge when you do not

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

W H A T ’ S

H E R

J O U R N E Y ?

know much about cybersecurity. That was eight years

shift the boundaries and raise awareness, which

ago. My curiosity was one of the main factors in my

is not always easy in such a large group and with

success. At the beginning of this mission I educated

a communication department very cautious about

myself and enriched my knowledge, day after day

this type of action for end users. But when you have

(for a long time) with videos and podcasts about the

convictions, you have to go all the way, and that

world of cybersecurity: the stakes, the challenges,

is what I did. I produced impactful content for this

the evolution of the sector. At the same time, I used

client: a six episode video saga, a mini-series aimed

my expertise in change management to implement a

at raising awareness of best practices. I initiated

tailor-made strategy in line with my client’s context.

a big change in cybersecurity practices without being alarmist.

It was an adaptation of the Transtheoretical Model of Change. This model evolved through studies

In collaboration with a production agency we

examining the experiences of smokers trying to

imagined, designed and shot these episodes. They

quit. It posits that individuals move through six

were, at the time, very disruptive in tone and in terms

stages of change: precontemplation, contemplation,

of cybersecurity awareness. One challenge was to

preparation, action, maintenance and termination.

convince my client that this campaign—a risk in tone and approach, but a measured one—would make a

This model was the cornerstone of my approach

significant contribution towards the achievement of

during my three years of intervention. Cybersecurity

our transformation and behaviour evolution goals.

may seem highly technical, boring or reserved for

This campaign became a source of pride because

geeks. Not at all. It’s a fascinating field, partly because

it took us to the Corporate Film Festival in Cannes

it impacts all of us every day in our professional and

in 2015 where it won a Gold Dolphin, the highest

personal lives. Our digital lives are so important today

distinction in the human resources category.

that cybersecurity concerns us all, and we must be aware of it.

This achievement made me realise I had a card to play, and above all a voice and a vision for creating

CHANGING BEHAVIOUR TO ENHANCE SECURITY

awareness on this subject. After more than three

My first approach in implementing this strategy

I left the world of cybersecurity to get closer to IT.

was to ask myself “why is it so difficult to change

Today I am helping this same aerospace group

behaviours in terms of cybersecurity? Why isn’t a

transition from Microsoft 365 solutions to Google

known good behaviour always adopted?” I returned to

Workspace, and I continue to develop human-

my guiding principle: the human! You cannot influence

centred support concepts that resonate with me:

a person’s behaviour by simply telling them what to

implementation of a global champions network,

do; the change process is very complex. Applied to

development of corners, a plan for business

cybersecurity, it is even more so, because we often

usage transition.

years with this client, and with a twinge in my heart,

see only the consequences of bad behaviours after the event, or sometimes never. For example, the

After more than two years I felt the need to specialise

hacking of one’s online account can occur long after

in a key aspect of change management: training. I

a data breach, and it is possible to compromise a

also wanted to discover different and smaller clients.

system by clicking on a malicious email without every

So, in 2019, I joined a small company. With this

knowing the consequences of that action.

company I quickly gained expertise in next-generation training concepts, the most effective learning

I spent a lot of time studying behaviours,

methods and pedagogical coherence: the alignment

cybersecurity risks and consequences. I wanted to

of learning standards and teaching.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

NUDGY CONSULTING - A DREAM COME TRUE

few months after creating my company a former

I had kept in the back of my mind for years what

colleague and friend contacted me and told me she

I called a ‘gentle dream’: “One day (when I’m a big

needed a profile of her current project and that I

girl) I would like to have my own company and offer

would be the right person to produce it. Guess what? I

my clients approaches and concepts that resonate

was being offered work on an ambitious cybersecurity

with me,” all while thinking to myself it would

awareness project in a large logistics group based in

probably never happen. As a woman, I believe we

the South of France.

too often suffer from the impostor syndrome. We do not trust ourselves sufficiently and we always

Of course, I accepted. And for more than two years

wonder if we have the legitimacy to act, especially

I’ve been assisting this organisation on various

in the professional world. I always told myself that

strategic axes of cybersecurity. It is a very new

developing my own company was really what I

environment in which everything is to be built,

wanted and that I had expertise to offer. However, I

and one with a recently formed and young team.

always wondered, do I really make a difference? Am I

I have to make them aware of best practices and

legitimate? Do I have enough expertise?

support cybersecurity projects on the human and business side. This includes working hand in hand

If you’re asking yourself these questions, it means the

with technical teams like security operations and

answer is YES! For me, 2021 was the turning point.

enterprise directory to deploy security solutions to

The COVID-19 crisis came and went and the world

the group’s employees. I am also involved in the

was transformed. Everyone thought it was the wrong

cybersecurity crisis communication process with

time, but I felt it was the right time. I dived in, and

employees and partners, working hand in hand with

created my company, Nudgy Consulting. I wanted to

the group’s external communication team.

continue offering consulting services applying global change management practices to cybersecurity

DAILY CHALLENGES

challenges. Why Nudgy? Because I’m very receptive

My daily challenges are mainly trying to get technical

and sensitive to the concept of the nudge, which I find

teams to understand end users’ perspectives and

remarkably effective in change management.

get them to understand that all the changes they make can disrupt users, business continuity, etc. For

I realised my former mission in cybersecurity

example, security tools to filter emails are necessary,

awareness that lasted more than three years was

of course, but must be introduced without disrupting

the most significant of my career, and also the one

critical jobs. This requires significant training to bridge

that pushed me to push my limits, both technically

the gap between technical and functional roles.

and creatively. There is so much to do and provide to users on this subject that I want to go further. A

Another challenge is that the communication departments of large companies are not sufficiently sensitised to the importance of cybersecurity and, unfortunately, do not prioritise it when targeting messages to end users. It is always difficult to get visibility for cybersecurity on internal communication channels. This is regrettable. Cybersecurity often gains attention when it’s too late and a breach has been identified. What I love about my daily life is the unexpected. Every day is different because cybersecurity is unpredictable: you must be agile. Even on my busy

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

W H A T ’ S

H E R

J O U R N E Y ?

days, I always allocate at least an hour to monitoring

needs and daily routines. It’s an ongoing exploration

cybersecurity news and trends, to be aware of

to discover and rediscover the specific business

developments elsewhere in the world.

contexts of the companies we aim to integrate. Understanding their habits, processes, and identifying

I also participate in the design and implementation

ways to secure precise elements of their daily

of many initiatives to raise cybersecurity awareness.

operations is crucial. I’ve encountered instances

These include infographics, poster campaigns and

where companies exhibit somewhat unconventional

writing articles for internal channels. My days are also

cybersecurity practices within their business

punctuated by my exchanges with technical teams,

operations, such as heavy reliance on USB exchanges.

the security operations centre (SOC) and integrated

Surprisingly, these methods were 100% essential due

access management teams. I discuss new solutions

to the nature of the specific acquisition’s industry.

to enable the voices of end users to be heard, and we

Hence, analysing these individual processes, initiating

design workable deployment plans that will preserve

workshops with the respective departments to

business continuity.

comprehend their precise needs becomes imperative.

For nearly a year now, I’ve been leveraging my

Following this, agility comes into play, a quality I

expertise in a new realm of cybersecurity: Mergers

believe cybersecurity must possess to effectively rally

and Acquisitions. In the context of acquiring and

and involve these departments. This agility enables us

integrating new companies, the challenge lies in

to propose alternative processes that not only respect

ensuring that the security measures implemented

the specific business use case but also ensure

do not disrupt end users’ business continuity.

their security.”

Additionally, it’s crucial to guarantee that new collaborators undergo sufficient awareness and

In navigating the complexities of merging different

training to prevent potential security breaches. In my

business cultures and methodologies, it’s crucial to

opinion, merger and acquisitions is not (only) about

strike a balance between security and functionality.

tools, it’s about people!

This involves not just understanding the current landscape but also foreseeing potential future risks

This particular focus allows for an exploration

and evolving alongside the changing dynamics of

of topics spanning cybersecurity solutions, work

the industry. Cybersecurity becomes a key enabler in

methodologies, and even delves into digital

these instances, guiding the integration process while

transformation. We’re delving into highly strategic

preserving the integrity of critical operations.

matters, as the economic stakes are significant. Simultaneously, it’s imperative to remain vigilant to

GOOD VIBRATIONS!

ensure that these advancements don’t adversely

Cybersecurity makes me vibrate (yes, it’s strange

affect everyday operations.”

to say that!), because it is vital to move as fast as technology and digital innovation to be relevant.

When dealing with mergers and acquisitions,

AI, for example, poses new security challenges we

cybersecurity plays a pivotal role in safeguarding

must support users to face, but not reactively. We

the operational flow while embracing innovation.

must anticipate the risks AI can introduce, while

This involves not just technological solutions but

keeping the best of these wonderful technological

also comprehensive training programs to instil a

advancements. For example, I recently used AI tools

security-first mindset among the workforce, thereby

to create a poster campaign aimed at raising user

reinforcing the protective layers against potential

awareness about the need to be vigilant online. This

threats and vulnerabilities. Absolutely love how

campaign is impactful and a bit provocative, but it

cybersecurity can be applied across vastly diverse

leads individuals to question their own practices, and

contexts and industries, each with their own unique

that is what induces change.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

My role has evolved in recent months and I work with

it is time to put the human back at the centre of

the teams in charge of mergers and acquisitions

cybersecurity, because the human factor is the first

on the cybersecurity aspects. My role is to analyse

line of defence against security breaches. Not tools,

the current environment of each acquisition from

not technology, but the human. All cybersecurity

a cybersecurity culture perspective and support

professionals must be aware of this, but above all,

its transition into the group by minimising risks

apply this principle every day. That is what I want

and helping newly acquired staff gain skills in

to bring.

cybersecurity practices. Analysing and uniting cultures is now my area of expertise. Because

I am convinced that wherever there is an opportunity

an integration involves people I also intervene on

to do better, there is also an opportunity to do things

the transitioning practices and jobs, aligning their

differently and think outside the box. In cybersecurity,

environment with our security tools. It enriches me

the unexpected rules. Every day I immerse myself in

to understand the ways of working and the needs of

a constantly changing world: AI, innovations: so many

companies that can differ greatly in size or activity.

exciting challenges to anticipate. My job is a perpetual challenge, an inexhaustible source of learning, and

I write articles for the blog on my website, which I

a mission in which we must give the human its

enjoy sharing with my community to give them best

rightful place.

practices and quick wins in security awareness. I take great pleasure in the daily challenges of my job, where I learn as much as I can to offer my clients. In

www.linkedin.com/in/marinagistau

the near future I would like to grow my company with people like myself and further develop my consulting

www.linkedin.com/company/nudgy-consulting

offer in cybersecurity. nudgy-consulting.com

To succeed in a job like mine you have to be creative and (try to) stay ahead. Learn, always. Question yourself and propose new things. Also, I believe

Congratulations to all the 2023 New Zealand Women in Security Awards Highly Commended & Special Recognition honorees

www.womeninsecurityawards.co.nz

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

Contact us today to find out how you can become an industry contributor, no matter the level of experience. reach out now www.womeninsecuritymagazine.com

correlate international politics and economics with cybersecurity. My education in international relations is set to be completed soon. In my current role, the most critical skills include event planning, project management, communication,

Emilly Ricarte Project and Event Management Specialist

branding, sales strategies, data analysis and process automation. I plan to further develop my skills in artificial intelligence, advanced data analysis, process automation and sales strategy improvement. These skills are essential in an industry that is continually evolving, and especially in cybersecurity.

A NON-TRADITIONAL JOURNEY INTO CYBERSECURITY n my current role as a project and event

My journey into cybersecurity was not a traditional

management specialist I work on events in various

one but evolved from a growing personal interest.

sectors, including defence, technology and the

While working on technology and cybersecurity-

non-profit sector. I particularly enjoy exploring the

related events, I began to grasp the critical

intersections between different fields and finding

importance of protecting infrastructure against cyber

ways to add value to corporations and organisations.

threats. I became more involved in cyber through my

However, one of the significant challenges I face is

participation in events like the Brazil Cyber Nexus,

being underestimated by some individuals who may

which exposed me to the latest tools and techniques

not be accustomed to seeing women in leadership

for ensuring cybersecurity in Brazil.

roles in this domain. Overcoming these biases and stereotypes can be demanding, but it only fuels

The turning point in my journey to cybersecurity came

my determination.

when I delved into online content about women’s role in technology. The Google Women Techmakers

A typical day in my role is office-based during

program piqued my interest and made me realise

regular business hours. However, next year we plan

the potential and importance of promoting gender

to transition to a hybrid work model. I founded my

diversity in cybersecurity and technology. This

agency, M2L Consulting and Service, in 2020 and we

inspired me to become more involved in advocating

currently hold a contract with Brazilian institutional

for opportunities for women in the tech and

and government relations firm Prospectare where

cybersecurity sectors.

we collaborate to organise various events through

the Tomorrow Forces platform for defence industry

Throughout my cybersecurity journey I faced

exhibitions and demonstrations. I am also a

challenges and moments of self-doubt, especially

participant in Muay Thai (Thai Boxing) and I am a

because of the inherent complexity of the field and

practitioner and service provider within the Muaythai

the prevalence of a male-dominated culture. However,

community, we call it “Nak Muay” which can also be

I persisted in my quest to unravel the mysteries and

Thai Boxing. My career journey has been diverse. It

overcome these challenges. While I encountered

started in international relations, which gave me a

setbacks, my passion for cybersecurity and my

solid foundation for understanding global political

commitment to promoting gender diversity in the field

and economic scenarios and enhanced my ability to

kept me focused.

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

W H A T ’ S

H E R

J O U R N E Y ?

I have no regrets about my career changes or job

that guides young people towards cybersecurity

opportunities. I believe every experience, whether

career opportunities. I also organise cybersecurity

challenging or rewarding, contributes to personal

events to facilitate information exchange and the

growth and learning. I embrace the idea that every

sharing of best practice. I serve as a mentor to

experience shapes who we are and prepares

beginners in the field, select speakers for events to

us for future challenges. I see success as being

ensure they address current cybersecurity trends, and

built on a foundation of diverse experiences and

I participate actively in cybersecurity communities.

continuous learning. Looking ahead, I aspire to further my education My mother has always been a significant source of

and keep up with the expected developments

support and encouragement, and my current directors

in cybersecurity. I plan to continue my learning

(Coronel Rogério Gomes da Costa and CEO Heleno

journey to stay up to date on the latest trends

Maffucci) have been instrumental in making all of

and technologies. With the rapid evolution of

this possible. Their commitment to multipotentiality

cybersecurity, it is crucial to remain informed and

and the importance of having a broad perspective

adapt to emerging challenges.

have been influential. They encouraged me to think of my career as a ‘cybernetic radar’ where the ability

Moreover, I aim to expand the scope of our

to understand and navigate various sectors is a

cybersecurity events, applying my project

valuable asset.

management, cybersecurity and emerging technology skills to help organisations address growing

FACING SEXISM AND MISOGYNY

challenges. I view the expected developments in

On the other hand, I have encountered obstacles

cybersecurity as opportunities for innovation and

along the way, such as instances of sexism and

proactive enhancement of security postures.

misogyny. I remember an event where I was mistaken for an escort, and the individual persistently

In summary, my vision is to contribute to building

suggested I could be a great companion. I felt

safer, more resilient environments that can effectively

uncomfortable and ended up staying close to

confront emerging challenges in the cybersecurity

acquaintances to avoid this individual. Today, I would

and project management realms. I am committed

not tolerate such behaviour and would stand up

to acquiring knowledge and experience to achieve

against it, thanks to other women who have been

these goals.

harassed and did not stay silent. Outside of my paid employment I actively contribute

www.linkedin.com/in/emillyricarte

to cybersecurity through a career development hub

I S S U E 18

WOMEN IN SECURITY MAGAZINE

CRAIG FORD Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC and Baidam Solutions.

C O L U M N

Breaking stereotypes Those who know me will probably be familiar with my first book: A Hacker I Am. It remains a personal favourite, for several reasons. Firstly, I was taking a leap in publishing a book. It was something I had never aspired too until about a year before 8 September 2019 when it was released. I am now getting ready to publish my sixth book, Vulcan (number three in my Foresight series). I amaze myself when I see how far I have come as a writer in the years since that first book. You won’t see a hooded figure on the cover of A Hacker I Am. Instead you will see a cartoon representation of me; it’s what some hackers looks like. As an ethical hacker (probably not a very talented one, but one nonetheless), I wanted to have that image and that name for my book. I cringe every time I see a hooded hacker used on the news or on books. Look, I get it, the public recognise this depiction: it is one that has been thrown at them at every opportunity since hacking emerged. It is probably

the industry, but when I ask myself if what I am doing

impossible to change that image now, but that is no

sufficient, the answer is NO.

reason for me, a professional in this space, not to pull

back the curtain on the hidden world many outside of

Like many of the contributors to Women in Security

our industry would think harbours some kind of dark

magazine, I mentor, I share my stories and I

magic, and show them a hacker could be someone

encourage the next generation of cybersecurity

who looks like me, or like Chris Roberts (a US based

professionals. We all help to ensure the next cohort is

CISO, Ethical Hacker and who I believe is an all-round

open and inclusive no matter the sexual orientation,

great guy) with his amazingly bright coloured beard.

gender, religion or colour of its members. If we

It could also be the girl next door, your daughter

all come together we can withstand the constant

or neighbour.

avalanche of threats that face us.

Stereotyping in any industry creates a false perception

My desire to do something to foster diversity in

we must dispel to reveal the reality. That’s how Sam

cybersecurity led me to create Sam, the girl next door,

(Samantha) the lead character in my Foresight series

the teenage hacker with a hidden life no one around

came about. My aim was to encourage diversity in

her knew about.

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

I wanted her to break down stereotypes by showing young women that hacking is not just a boy’s club. Many of the amazing hackers and security professionals I look up to, are female. They are truly badass, and I am proud to call them all peers, friends and colleagues. If my Foresight series has encouraged just one more young woman to look at cybersecurity as a career, or one young man to look

dotm.com.au/

up to that character and think “Wow she is awesome” and see her as normal then the Foresight series has been a complete success. It’s about changing minds, helping people understand that stereotypes are not reality. Let’s pull them down. Let’s rebuild what people think is normal. Let’s make room for everyone. No, let’s go out and encourage all

Join Today for FREE

To NETWORK with other like-minded people

different kinds of individuals to take a look, see what the industry has to offer. We will all benefit from a real shift, a real breakdown of the stereotypes. Go do everything you can, help me. Write a book, article, mentor, find something that works for you.

To MEET prospective candidates for graduate programs

Just do something. www.linkedin.com/in/craig-ford-cybersecurity

www.facebook.com/AHackerIam

To MEET prospective employers of graduate programs

www.instagram.com/ahackeriam

twitter.com/CraigFord_Cyber

www.cyberunicorns.com.au

I S S U E 18

The club is for security professionals (present, future and past)

WOMEN IN SECURITY MAGAZINE

KAREN STEPHENS Karen Stephens is the co-founder and CEO of BCyber. After more than 25 years in financial services, Karen moved into SME cybersecurity risk management. She works with SMEs to protect and grow their businesses by demystifying the technical aspects of cybersecurity and helping them to identify and address cybersecurity and governance risk gaps. She was recently named inaugural Female Cyber Leader of the Year at the 2023 CyberSecurity Connect Awards in Canberra.

C O L U M N

On the edge of innovation: breaking boundaries in 2024 by learning from 2023 I don’t know about you, but for me 2023 has been

staff working in a culture of “don’t ask, don’t tell” when

a year of extreme highs and lows, I would describe

they click on a bad link.

as ‘character building’. I am definitely in the ‘let’s learn from it’ club, so it’s time to reflect on key 2023

The July/August edition (p58) Focussed on

‘boundary breaking’ themes, taking what we can from

empowering the over 50 percent of Australians who

them into 2024 to make it bigger, better and brighter

are largely ignored and yet usually impacted the most

than 2023.

by cyber breaches: the SMEs, school children and retirees. Not a day goes by when the mainstream

I invite you to take a moment and join me, as I revisit

press does not wheel out some horror story, or

this column’s themes in 2023.

talkback radio show discusses how clicking on a bad link ruined someone’s life. Let’s make 2024 the

The March/April edition (p66) Shone a spotlight on

year we bring cyber awareness to all: throughout

the strength that diversity can bring to cybersecurity.

the year, not only in October, the designated Cyber

Diversity of experience is key to a thriving

Awareness Month.

cybersecurity ecosystem, and we can all play our part. For example, you can continue to look beyond the

The September/October edition (p84) Was all about

traditional employee candidates. What about those

personal growth. I urged readers to focus on ‘outside

who have great communication skills and can learn

the box’ activities: networking, allies, micro courses.

the tech skills? (The latter are easier for people to

What did you do? If the answer is “Not much, I got

learn than the former, trust me on this). Or step out of

busy,” with New Year right around the corner, it will

your comfort zone and make yourself approachable

soon be time for resolutions.

and available to those entering the industry. After all, you can never have too much coffee in your life!

Make 2024 your time for doing, and not just for making resolutions! In the words of Winston Churchill:

The May/June edition (p64) Reconfirmed

“Those who fail to learn from history are doomed to

that cybersecurity is not just a tech problem.

repeat it”. Let’s not be those people in 2024!

Communicating this fact is a never-ending battle. I feel I have been saying this ever since I joined

May you and yours have a cyber-safe festive season

the cybersecurity industry, and feared no one was

with 2024 bringing only peace, joy, and happiness.

listening. But I am rather excited to say I am now seeing green shoots of progress. Recently, I have noticed heads of risk, governance and compliance starting to raise the “what are we doing about cybersecurity topic?” A risk-centred approach is gaining traction! Remember: the best security software can be easily undone if you have uneducated

W O M E N I N S E C U R I T Y M A G A Z I N E

www.linkedin.com/in/karen-stephens-bcyber

www.bcyber.com.au

twitter.com/bcyber2

karen@bcyber.com.au

youtube.bcyber.com.au/2mux

J A N U A RY • F E B R U A RY 2024

INDUSTRY PERSPECTIVES

NEHA DHYANI

ANJALI VARGHESE

CYBER-READY BOARDROOM: BLUEPRINT FOR SUCCESS by Neha Dhyani, Cyber Security Expert (CISSP, CCSP, CISM, MITRE ATT&CK Certified Defender) Senior Security Consultant at Nokia Solutions & Networks Anjali Varghese, Cyber Security Specialist (CISA, CISM, ISO 27001 Lead Implementer) Cyber Security Specialist, Grant Thornton

It is December 2023, a big day for CISO Greg House.

a cyber risk; don’t deal with issues when they’re

“There’s going to be tough discussions with bold

highlighted; or don’t want to address what they

decisions to be made,” Greg says to himself as he

don’t know. Sadly, this approach is an increasingly

prepares his final notes for a board meeting starting

dangerous way to manage cyber risk. The reality is

in two hours. Greg is recently appointed as the CISO

that most corporate boards and C-suite executives do

to an organisation that had suffered a massive data

not have significant cyber experience or expertise to

breach a year earlier. Greg compiles the statistics,

understand and appreciate Greg’s presentation.

the report and the findings into a final presentation that highlights the facts the board will neither like

Adding fuel to the fire is the deficiency of curated

nor appreciate. Right before the board meeting, Greg

interactions of Board with CISOs. The result is that

receives a phone call from CEO Lisa Cuddy wanting

all too often, executives are not optimally informed.

a quick catchup. Greg is surprised and rushes

According to a Wall Street Journal report, only 2.3

quickly to Lisa’s office and enters the room with his

percent of directors at S&P 500 companies have

heart pounding.

cyber experience. The amount of cybersecurity expertise on boards remains relatively low at a

His story will resonate with many cyber executives,

time when boards are under increased scrutiny for

because they experience these emotions quite often.

security failings.

Greg’s presentation stops in its tracks when the

Board adopts ‘See No Evil, Hear No Evil, Speak No

Let us dig deep into the challenges and key

Evil’ mindset - where either they don’t believe there’s

considerations that enable the board and the

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

I N D U S T R Y

P E R S P E C T I V E S

CISO to have an effective blueprint for cyber risk management.

• Stringent security regulations, compliance and liabilities. The updated Security of Critical Infrastructure (SOCI) Act, the Australian Signals

KEY CHALLENGES TO MANAGING CYBER RISK:

Directorate’s Essential 8, the Information Security

• Cybersecurity is a business risk. Boards must

Manual and the telecommunication sector

understand that cybersecurity is a business risk

security reforms for telcos are some of the

they must manage, ensuring proper mitigation

mandatory regulatory obligations to which boards

strategies are in place. • Building cyber resilience is a priority. With ever-

must ensure strict compliance. • New business models, ecosystems and

increasing cyber-attacks, one thing is clear: it is

technologies. With massive digital transformation,

not a question of IF a cyber-attack will occur, it is

cloud adoption and industry 4.0 (OT and IT

a question of WHEN. Hence, every organisation

convergence) all offering increased efficiency and

must have a cyber incident management process

expanded capabilities, cybersecurity becomes

in place and know what to do when something

increasingly important. As organisations change

adverse happens.

their businesses models, the risks they face

• Fifty eight percent of Australian CISOs have experienced burnout. Mounting CISO pressures

change as well. • Skill-set shortage. Cybersecurity systems are

are making the job unsustainable. Fifty eight

only as good as the people who operate them, and

percent of Australian CISOs feel they face

with a rapidly evolving ecosystem it can be hard

unreasonable job expectations, according to

to find the right experts to operate key systems,

Proofpoint’s 2023 Voice of the CISO Report. With

especially as those key systems evolve. The

reduced cybersecurity budgets, personal liability

complex web of security vendors also places great

worries and accountability, managing cyber risks

demand on skills.

really takes a toll.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

KEY RECOMMENDATIONS FOR CISO TO ELEVATE LEADERSHIP SKILLS AND CHAMPION CYBERSECURITY:

understand legal and regulatory obligations

• Speak the language of the board. Keep the

organisation holds and where it is stored. It is

and the reputational consequences of a cyber attack. They must know what critical data their

points concise and clear with no jargon, include

vital they adopt a consistent risk assessment

terms like revenue, return on investment, margin

and governance posture across all three pillars:

and capital. Boards understand these terms.

people, process and technology.

Simplifying the link between cyber risk and

• Periodic review of control and response

business risk is crucial, and finding allies in the

measures. Boards must ensure they have

C-Suite is a key strategy.

appropriate incident response measures and

• Spearhead training initiatives and a cyber-aware

business continuity and contingency plans.

culture. Develop initiatives such as targeted

Boards need to ask their CISOs “Do you have a

anti-phishing campaigns and incident response

secondary line of protection, and can you respond

training across all layers of the organisation.

quickly to a failure? Are we testing all the layers?

Building a cyber-aware culture from the top down

What are the results?”

is essential because humans are the first line of

It is imperative to review cyber risk mitigation

defence against cyber attacks. CISOs must talk

strategies and make the necessary changes/

about the overall security program and strategic

improvements to ensure the maturity of cyber

initiatives to keep the business secure while

strategy is being measured.

measuring and reducing risk. • Use board time appropriately. CISOs must

Cyber risk management is a team sport and

understand the organisation risk appetite and

corporate boards must understand the role they play.

translate this into a risk posture the board can

Boards must also recognise that cybersecurity is not

understand. They should focus on the top material

a technology function, that cyber risk is a business

risks the board should be well aware of, adopt

risk and that accountability lies with everyone in the

a risk based approach and calculate a return on

organisation (not just the CISO). In situations where

security investment that can help justify security

there is significant risk for an organisation it is the

investments to the board. It is best to build KPI

responsibility of the CISO to raise awareness of that

metrics when presenting a security posture to

risk and spell out its impact and consequences to

top leadership.

the board as part of regular briefings, rather than

• Remain curious and aware. CISOs must

remaining silent.

constantly evolve their knowledge base and hone their soft skills: communications, public speaking

It is crucial to develop rapport. Board members,

and active listening.

CISO and other relevant stakeholders should invest in building connections and empowering each other.

KEY RECOMMENDATIONS FOR BOARD TO PARTNER WITH CISO TO MANAGE CYBER RISK: • Visibility of threat environment. Boards must understand the risk associated with systems that are critical to core business operations and their security posture. In regular briefings with their CISO they need to ask the right questions to know how best to help. They must ensure cyber risk is

This builds trust, an invisible key element within business which enables organisations to thrive. www.linkedin.com/in/neha-dhyani-cybersecurity

www.twitter.com/Neha_dhyan i1

www.linkedin.com/in/anjali-varghese

part of the broader enterprise risk program. • Continuous risk monitoring. Boards must

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

Source2Create Spotlight

Content Content allows you to establish, share, and strengthen your brand. It helps build relationships which is why we are shining the light on our content service. Content strategies don’t just define the goals your content is intended to achieve, but also the procedure, processes and governance required to get there. We can show you how to manage your content effectively. We can then use that content to attract, acquire and engage your customer and new prospects, deepening your relationships. What are you waiting for?

REACH OUT TODAY

charlie@source2create.com.au

aby@source2create.com.au

LISA VENTURA

MIND THE (GENDER PAY) GAP IN CYBERSECURITY: ENSURING PAY EQUALITY FOR ALL by Lisa Ventura MBE, Founder – Cyber Security Unity

The gender pay gap in cybersecurity remains

what it did, and I wanted to make a positive difference

a persistent and concerning issue. Despite

there. So I would only receive £1,000 more than I had

advancements in recognising and addressing gender

been earning prior to joining the organisation.

disparities in various professions, the cybersecurity sector continues to demonstrate significant pay

I then discovered a male counterpart had also been

disparity between men and women.

offered a “head of…” role, at a level equivalent to the role I had been offered, but he had been given

Several factors contribute to the gender pay

a £15,000 pay increase. I left the organisation

gap in cybersecurity. One major factor is the

and had a short spell in logistics where I was paid

underrepresentation of women in what has,

fairly and treated equally. Then I returned to the

historically, been a male dominated industry. This

cybersecurity industry where I remain today and

underrepresentation can lead to systemic biases in

where I am paid fairly and at the same level as my

hiring, promotions and salary negotiations, which

male counterparts.

contribute to the pay gap.

THE GENDER PAY GAP IN CYBERSECURITY IS REAL: MY PERSONAL EXPERIENCE

SOME SHOCKING STATISTICS: WOMEN IN CYBERSECURITY ARE PAID 21 PERCENT LESS THAN MEN

I had heard many stories about the gender pay gap in

According to (ISC)2’s 2023 Cyber Security Workforce

cybersecurity, but I did not fully believe them, nor did I

Study, although nearly a third of the global

experience this pay gap until 2022. During my time at

cybersecurity workforce is now female, the industry

a leading cybersecurity organisation in the UK I was

continues to grapple with discrimination and a

offered promotion to a “head of…” role which came

substantial gender pay gap. Shockingly, women in

with a £5,000 pay increase. However, I had taken a

cybersecurity are paid, on average, 21 percent less

pay cut to join the organisation because I believed in

than men.

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

I N D U S T R Y

P E R S P E C T I V E S

In its analysis of data the (ISC)2 report shed light on the evolving role of women in the sector. Encouragingly, survey respondents estimated that women constitute over 30 percent of their teams today, a notable increase from approximately 25 percent the previous year. The study revealed other positive trends: 63 percent of female respondents said they had chosen to choice as early as their university days. This figure

WHY DOES THE GENDER PAY GAP EXIST IN CYBERSECURITY?

surpassed that for men, 54 percent. Moreover, over

The gender pay gap in cybersecurity is the result of

half (53 percent) of women initiated their careers in

several systemic, societal and organisational factors.

the profession, compared to just 38 percent of men.

These include:

The study also highlighted the commitment of women

• Underrepresentation

pursue a cybersecurity career, with many making this

to cybersecurity as a long-term career: 68 percent

Women are historically underrepresented in the

said they planned to stay in the field for the duration

cybersecurity sector. The low representation often

of their working lives. Job satisfaction among women

produces stereotypes and biases that impact

was notable, with 69 percent indicating they were

hiring, promotion and salary decisions. As a result,

either very or somewhat content, and women were

women may face barriers in accessing high-

more likely to report being very satisfied (34 percent

paying positions.

versus 27 percent of men). • Unconscious bias However, significant challenges persist, potentially

Unconscious bias, whether in hiring, performance

perpetuating gender imbalances in cybersecurity.

evaluation or promotion decisions, can

A noteworthy 22 percent reported experiencing

significantly contribute to the gender pay

discrimination in their careers, a higher percentage

gap. Preconceived notions about the skills,

than the 13 percent of men reporting the same.

capabilities and leadership qualities of women in cybersecurity can influence decision-makers,

Furthermore, the gender pay gap remains a

affecting salary negotiations and career

considerable concern, particularly in North America

advancement opportunities.

and Europe. Female cybersecurity employees in North America earn an average of just under $US80,000,

• Lack of mentorship and networking

significantly less than the average of around

The absence of mentorship and networking

$US96,500 for their male counterparts. In Europe,

opportunities for women in cybersecurity can

the average salary for women is approximately

hinder their career progression. Mentorship is

$US40,500, in stark contrast to the $US67,000

crucial for skill development, career guidance

earned by men. These disparities underscore the

and access to influential networks. Without these

need for continued efforts to address gender-related

support systems, women may find it challenging

challenges in the cybersecurity industry.

to navigate the industry successfully.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

Negative stereotypes about gender roles persist

HOW CAN ORGANISATIONS CLOSE THE GENDER PAY GAP IN CYBERSECURITY?

in cybersecurity. Stereotypes that associate

Closing the gender pay gap in cybersecurity requires a

technical proficiency with masculinity can

concerted effort from multiple stakeholders, including

influence perceptions of women in technical roles,

employers, educational institutions, policymakers

affecting their perceived value and, consequently,

and individuals. Here are several strategies that

their compensation.

can contribute to narrowing the gender pay gap

Negative stereotypes

in cybersecurity. • Education and training gaps Disparities in educational opportunities and

• Promote equal pay policies

training can contribute to the gender pay gap. If

Companies should adopt and actively enforce

women have less access to quality education and

equal pay policies, ensuring all employees,

training programs in cybersecurity, they may find

regardless of gender, receive equal pay for

it more difficult than their male counterparts to

equal work. Transparent salary structures

secure high-paying positions.

and regular pay audits can help identify and rectify discrepancies.

• Lack of transparency Many organisations lack transparency in their

• Encourage salary transparency

salary structures, making it difficult for employees

Promote transparency around salary structures

to assess whether they are being paid fairly.

within organizations. Open discussions about

Without clear information, women may be ill-

pay can help eliminate disparities and empower

equipped to negotiate salaries and advocate for

employees to negotiate fair compensation.

equitable compensation. • Support diversity and inclusion initiatives • Limited representation in leadership roles

Create and support initiatives that foster diversity

The scarcity of women in leadership positions

and inclusion within cybersecurity organisations.

within cybersecurity organisations exacerbates

Establishing a diverse and inclusive workplace

the gender pay gap. Companies with more diverse

culture can lead to fairer treatment, opportunities

leadership teams are often better equipped to

and compensation for all employees.

identify and address disparities, fostering a more inclusive and equitable work environment.

• Provide mentorship and networking opportunities

• Work-life balance challenges

Establish mentorship programs and networking

Women may face unique challenges related to

opportunities specifically designed to support

work-life balance, particularly if organisational

women in cybersecurity. Mentorship can help

cultures do not support flexibility and family-

women navigate their careers, gain access to

friendly policies. Balancing family responsibilities

opportunities and develop the skills needed

with career demands can impact women’s career

to advance.

trajectories and earning potential. • Address unconscious bias • Negotiation disparities

Implement training programs to raise awareness

Research suggests that women, on average, may

about unconscious bias in hiring, promotion

be less assertive in negotiating salaries than men.

and salary decisions. These should encourage

This negotiation disparity can result in women

objective evaluation criteria and decision-making

accepting lower initial offers and, consequently,

processes to reduce the impact of bias.

earning less over the course of their careers.

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

I N D U S T R Y

P E R S P E C T I V E S

FINAL THOUGHTS Closing the gender pay gap in cybersecurity is a multifaceted challenge that requires ongoing commitment and collaboration. It requires a comprehensive approach that includes efforts to promote diversity, eliminate bias, provide mentorship opportunities and foster inclusive workplace cultures. By recognising and actively working to mitigate these factors, the cybersecurity industry can take significant steps toward achieving gender pay equity. We must do better and be better to ensure the future of the industry and to attract as many people into • Promote educational opportunities Encourage and support women in pursuing

the industry as possible to enable it to combat the growing cyber threat.

education and training in cybersecurity. Bridging the gender gap in education can help create a larger pool of qualified female candidates for

LISA VENTURA MBE - BIOGRAPHY

cybersecurity roles.

Lisa Ventura MBE is an award-winning cybersecurity specialist, writer and keynote

• Advocate for policy changes

speaker. She is the founder of Cyber Security

Advocate for policies at the organisational and

Unity, a global community organisation dedicated

governmental levels that address gender pay

to bringing individuals and companies together

disparities. Such policies include legislation

who actively work in cybersecurity to help

promoting pay equity, family-friendly workplaces

combat the growing cyber threat. In addition,

and other measures that support gender equality.

Lisa is a senior specialist at Qualitest and is in high demand as a speaker and writer on various

• Provide career development opportunities

topics in cybersecurity including the cyber

Offer career development programs and

skills gap, career pathways into the industry,

opportunities for skill-building to help women

managing mental health and burnout, imposter

advance in their cybersecurity careers. These

syndrome, combatting bullying and abuse in the

can include training, workshops and access to

cybersecurity industry, cybersecurity’s image

resources that facilitate professional growth.

problem and the human factors/elements of cybersecurity.

• Create supportive work environments Foster a workplace culture supportive of worklife balance, flexible schedules and family responsibilities. A supportive environment

www.linkedin.com/in/lisasventura

contributes to the retention and advancement of women in cybersecurity. • Celebrate and recognise achievements

www.twitter.com/cybergeekgirl

www.twitter.com/cybersecunity

Acknowledge and celebrate the achievements of women in cybersecurity. Recognising their

www.youtube.com/@CyberSecurityLisa/videos

contributions helps to break down stereotypes and promotes a culture of equality.

I S S U E 18

www.instagram.com/lsventurauk

WOMEN IN SECURITY MAGAZINE

LISA JANE YOUNG

STRENGTHENING CYBER RESILIENCE THROUGH CAPACITY BUILDING by Lisa Jane Young, APAC Intelligence Officer, FS-ISAC

professionals remains an issue despite collaborative

UNRAVELLING AUSTRALIA’S CYBER THREAT LANDSCAPE

efforts by governments and industry to encourage

Australian and Asia-Pacific (APAC) companies

and incentivise entry into the sector. In Australia,

remain highly susceptible to third-party and supply

efforts to address the shortage include collaborating

chain risks. For example, Medibank’s breach in

with technical and further education institutions

October 2022 exposed the personal information of

(TAFEs) and colleges, launching educational

9.7 million people as a result of a third-party vendor

programs for school-aged children and providing

being hacked. Multiple ransomware events have

free cybersecurity training online through platforms

had catastrophic effects on Australian operations

like SkillFinder. However, despite these measures the

over the last 12 months, both directly and indirectly.

shortfall in qualified cybersecurity professionals is

On the geopolitical front, Australia’s position as a

forecast to hit 30,000 across Australia by 2026.

prominent and relatively stable Western economy

The longstanding shortage of cybersecurity

makes it susceptible to hacktivism from nation-state This talent gap is one reason for the Australian

adversaries. This array of potential threats means

cybersecurity sector lagging behind its international

that building operational resilience has become a top

peers. Australia’s cyber sector annual revenue growth

priority for financial firms.

has averaged 8.7 percent annually over the past five years, compared to an average of 11.5 percent for

The question for every organisation in Australia’s

other leading cyber jurisdictions, and behind the US,

financial sector is no longer if an attack will occur,

China, the UK, Japan, Germany, France, Canada and

but when.

South Korea. This shortage, and a rapidly evolving

threat landscape, emphasise the need to develop

SETTING THE TONE FROM THE TOP

cyber resilience, with capacity-building at the heart of

Capacity-building through quality leadership is crucial

such efforts.

to addressing the challenges of cybersecurity and

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

I N D U S T R Y

P E R S P E C T I V E S

talent development amid today’s threat landscape.

a firm’s continued ability to operate, even when

Executives and business leaders set the tone by

under attack.

providing a clear strategic vision and allocating resources for cybersecurity and talent development.

Additionally, these exercises help ensure and

Senior staff are responsible for improving board-level

cultivate a prepared and resilient workforce capable

engagement to ensure commitment to cybersecurity.

of effectively responding to new and increasingly

Cyber employees need leadership, development

sophisticated threats such as artificial intelligence

opportunities and support to lift job satisfaction and

(AI) enabled fraud.

reduce attrition. Integrating cybersecurity into existing corporate frameworks—particularly the enterprise risk framework—is also essential.

HARNESSING THE POTENTIAL OF DISRUPTIVE TECHNOLOGIES With malicious actors already incorporating

Business leaders must also emphasise

emerging technologies into their threats, tactics

collaboration and policy support initiatives. These

and procedures, firms must harness the potential of

include: promoting cooperation among private

emerging technologies, including machine learning

and public stakeholders; participating in sector-

and artificial intelligence, to enhance the productivity

relevant forums; focusing on better practice; and

of existing talent and mitigate the talent shortage.

advocating for supportive regulatory frameworks.

By automating labour-intensive and repetitive tasks,

For example, recent large-scale attacks in Australia

these technologies free up an already scarce pool

have led to greater public-private consultation

of cybersecurity professionals to focus on more

and, subsequently, calls for customer data to be

sophisticated and nuanced responsibilities such

classified as critical infrastructure under Australia’s

as threat analysis, incident response and strategic

Security of Critical Infrastructure Act (SOCI). This

decision-making.

collaborative approach enhances the exchange of knowledge, threat intelligence, best practices and

DIVERSITY FOR CAPACITY

other resources, thereby strengthening the overall

Promoting diversity and inclusion in the cybersecurity

cybersecurity landscape.

workforce is also vital for capacity-building. A diverse team brings a wide range of perspectives and

BUILDING MUSCLE MEMORY AGAINST ATTACKS

ideas, enhancing the effectiveness of cybersecurity

Cyber exercises are integral to capacity-building

into a broader talent pool can help address the

efforts and enhancing a firm’s cyber and business

industry’s talent shortage and strengthen its

resilience. Formulating a comprehensive incident

resilience against evolving cyber challenges.

response plan and regularly testing and refining this

Moreover, an inclusive work environment fosters

plan through cyber exercises allows organisations to

collaboration, trust and engagement, contributing

address weaknesses and build the muscle memory

to a more cohesive and productive cybersecurity

for a prompt and coordinated response, ensuring

team. Embracing diversity not only benefits industry

I S S U E 18

operations when tackling complex threats. Tapping

WOMEN IN SECURITY MAGAZINE

capabilities but also enhances an organisation’s

remain resilient amidst an ever-evolving cyber

reputation: it appeals to clients and partners who

threat landscape.

value socially responsible practices.

ABOUT THE AUTHOR

FOSTERING RESILIENCE THROUGH CAPACITY BUILDING

Lisa Jane Young (LJ) is an intelligence and risk

Amidst the talent shortage and the evolving threat

professional with 20 years experience. She is an

landscape, strengthening cyber resilience through

APAC intelligence officer at FS-ISAC and principal

capacity-building is crucial for Australia’s financial

at LJY Consulting. Prior to joining FS-ISAC, she

sector. Adopting new technologies, conducting cyber

held senior roles with the Australian Criminal

exercises and collaborating with industry, academia,

Intelligence Commission (ACIC), the Australian

and government are vital for preparedness. Initiatives

Taxation Office (ATO), the Insurance Australia

like the Financial Services Information Sharing

Group (IAG) and the New South Wales Police.

and Analysis Center’s (FS-ISAC) Women in Cyber

She holds masters degrees in both criminal

scholarship program—which produced an Australian

intelligence and public policy and co-authored

winner this year—showcase the benefits of promoting

Managing Intelligence: The Art of Influence

diversity and inclusion in cybersecurity. Quality

(Federation Press, 2010), the first textbook to

leadership remains crucial for capacity-building

set out the practical aspects of leading and

because top executives allocate resources and set

managing an intelligence function.

the tone for cybersecurity and talent development. Embracing capacity-building initiatives across these areas allows Australia’s financial institutions to mitigate the impact of the talent crunch and

www.linkedin.com/in/lisajaneyoung

Congratulations to all nominees and winners of the 2023 New Zealand Women in Security Awards

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

Need a professional marketing, strategy and implementation agency that is dedicated, responsive, professional, creative, innovative, hardworking, and really cares about your business outcomes?

Then let us help YOU. REACH OUT TODAY FOR AN INSTANT QUOTE. The team at Source2Create has all the necessary skills to get the job done for you, so your time can be reserved to focus on other things.

With:

aby@source2create.com.au charlie@source2create.com.au source2create.com.au

DIVERSITY IN CYBERSECURITY AT SPARK: THREE REALITIES Spark NZ was named Best Place to Work in IT

“I was raised by a solo teenage mother who had little

Security in the 2023 New Zealand Women in Security

income and was reliant on welfare, so my goal was

Awards. We reported on the achievement elsewhere

to create a better life for myself,” she says. “I believed

in this edition of Women in Security, citing Spark’s

that determination, higher education and hard work

“unwavering commitment to fostering diversity

could get me there.”

and inclusion,” and detailing a number of specific initiatives that contribute to making that commitment

However the lack of role models meant information

a reality.

technology was not on her career radar. “I perceived it to be purely technical and the visibility of it was

Here we look at what this means for Spark people,

limited to the stereotypical ‘computer geek’ in movies.

tracing the career trajectories of women from

That didn’t interest me at all,” she says.

three very different backgrounds who are all now in cybersecurity roles at Spark. All are standout

Celene signed up for a Bachelor of Commerce

employees: finalists in various categories in the 2023

at Victoria University in Wellington but was soon

New Zealand Women in Security Awards. They are:

persuaded to pursue IT instead. “I was encouraged by the careers advisor to consider IT,” Celene says. “Her

Celene Aitchison, Security Certification and

advice was that it’s a growing industry with a skills

Accreditation Specialist, finalist for the Best

shortage and pays well. That was all I needed to hear!”

Volunteer award.

FROM COMMERCE TO IT AND HR Gunjan Bhaskar, Virtual Security Specialist, finalist for

So Celene switched her majors to Information

the Best Security Student award.

Technology and Human Resources. “Taking both IT and HR as core subjects used my strengths in

Cherry Liwag, Chapter Lead Security Certification

different ways, and a varied curriculum meant I didn’t

and Accreditation, finalist for the Cybersecurity

get bored of one subject,” she explains. “Having these

Champion award.

vastly different majors also opened the doors to more potential job opportunities when it came time

Celene Aitchison grew up in a small suburb in

to graduate.”

Rotorua in humble surroundings where there were no

role models working in technology-related jobs. She

After graduating, Celene’s first job was in an IT audit

had a very poor image of technology as a career, but

role with KPMG as a member of its Cybersecurity

strong aspirations.

Consulting team, part of Risk Consulting. “I was

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

I N D U S T R Y

P E R S P E C T I V E S

primarily responsible for security risk assessments, IT controls audits, cyber maturity assessments, privacy risk assessments and wider IT resilience reviews,” she says.

Celene Aitchison

After just over two years in the role, Celene was promoted to Assistant Manager, responsible for leading the technology reviews of major audits. She spent five years at KPMG before joining Spark in January 2023 and, when presented with the opportunity of an internal-facing audit and compliance role at Spark, says she “decided it was a good time to work on the other side.” At Spark, Celene says she is “able to play a key role in the investigation and remediation of security vulnerabilities rather than just reporting them. I also

“Cybersecurity provides a pathway with endless

get to focus more on increasing security maturity

options that don’t limit you to one specialist

within the organisation.”

domain. It’s a career with really good rewards and recognition, as well as promotional and development

VOLUNTARY ROLES

opportunities. All you need to do is look at the

Now well established in her career, Celene is helping

headlines and hiring trends to see that IT-related roles,

guide others by playing a number of voluntary roles.

even in a slower labour market, are increasing.

For almost three years she has been a role model with Inspiring the Future Aotearoa, an initiative that aims

“There are entry-level jobs or short courses that can

to inspire young people throughout New Zealand to

open the doors for someone starting out. The reality

consider different career options.

is that what you learn from textbooks or lectures over three years will likely be redundant when you’ve

She says role models for young people are still in

completed the course. For those interested in

short supply. “This is especially evident in the Bay

cybersecurity, I often suggest a short course covering

of Plenty region where I volunteer now. Students are

the basics, like Security+, to show eagerness and

asked to guess the role models’ jobs. Most guesses

willingness to learn. Next is to source an entry-level

for me are receptionist, office lady or influencer. When

job where you’ll learn on the job and receive training

I tell them about my job, their minds are blown. By

and support from others. Everything I’ve learned

attending career events at schools in the regions,

to get to where I am was actually on the job. I was

I’m trying to create visibility of a young person

fortunate to have great team members to learn from

succeeding in a career in technology.”

and guide me.”

In this volunteer role, Celene often tells students

CAREER ASPIRATIONS

that university is not the only route to a successful,

For herself, Celene envisages moving into audit

well-paid career, particularly in cybersecurity. “As a

quality assurance because of “the satisfaction I get

young person who didn’t come from a wealthy family,

from developing consistent approaches and best

I would’ve loved the idea that I could get an entry-

practice guidance for auditing, and then reviewing

level job with the potential for development and high

compliance to these,” she says. “I often tell others I

income one day without accumulating student loan

want to ‘audit the auditors’ in terms of technology risk

debt,” she says.

and security controls.”

I S S U E 18

WOMEN IN SECURITY MAGAZINE

To this end Celene obtained the Certified Information

Gunjan Bhaskar gained two degrees in her native

Systems Auditor (CISA) certification this year and

India: a Bachelor of Science in Computer Science and

wants “to continue similar training in the security and

a Bachelor of Education in Physics and Mathematics

auditing space that aligns with the audit QA pathway

and Elementary Education and Teaching and became

I’m passionate about.”

a high school teacher.

She has thought about studying to become an internal

She planned to continue with this career after

security assessor, saying: “An ISA helps to increase

migrating to New Zealand, but things did not work

the understanding of PCI DSS across the organisation,

out. First, she needed the certificate of registration

enhance the quality, reliability and consistency of the

which, between the occasional unrelated jobs and

organisation’s internal PCI DSS self-assessments, and

working as teacher reliever, took her a good two years

supports the consistent and proper application of PCI

to achieve. However, she was still unable to get a

DSS measures and controls.”

teaching job beyond early childhood education so cast around for a new career.

Celene believes working at Spark opens up many options. “In a large corporate like Spark

“I realised I needed to find a career in IT because I

there are plenty of opportunities to upskill

always had an interest in this field. However, since I

across different security or technology domains.

was starting from scratch at the age of 28, I had to

Spark supports internal moves, so there may

make sure this worked,” she says. “While researching

be opportunities to move into another security

and talking some more about career opportunities

domain within the tribe.

in NZ, cybersecurity came up. It caught my eye because it had promising job prospects and I found

“To become an even better auditor in years to come,

it challenging as well as engaging: something I

Spark offers the ability to cross-skill and become

was looking for in my career. I found a good course

proficient in the various regulatory standards and

at Unitec, doing the Level Six Graduate Diploma

frameworks we comply to. Working both with internal

in Cybersecurity.

teams across network and operations as well as with external auditors continually enhances my audit skills

“The course covered a wide range of subjects

as well.”

in cybersecurity. It also came with an internship opportunity to extend our theoretical knowledge and gain industry experience. It is a very well structured programme with many opportunities to learn and gain practical experience. I would highly recommend this

Gunjan Bhaskar

course to someone who wants to join the IT industry, but you do need a bit of background knowledge about computing.”

BECOMING AN INTERN AT SPARK Gunjan undertook her internship at Spark. She says this was pivotal to her career. “Learning theories at college is one thing, but getting to see how these translate to work is a whole other experience. I was fortunate enough to have had that experience. The program opened my eyes to possibilities that I didn’t even know existed.

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

I N D U S T R Y

P E R S P E C T I V E S

“The sessions at Spark gave us deep insight into

She says working at Spark also provides opportunities

cybersecurity topics. I was always asking questions

for further study. “Spark offers Udemy subscription

in the sessions which also helped me perform well at

for you to prepare for certifications. For example,

my college submissions. It gave me an opportunity to

currently I am studying for my Security+ examination.

network with like-minded individuals working at Spark

You also learn a lot from your peers and colleagues

and ask for their guidance and help. The program was

while working together. They are always ready to

like a window giving me a glimpse of reality.”

answer questions and help you with difficult tasks. Spark also has a job rotation programme which

She almost missed out on this opportunity: her first

allows you to shadow employees in a different field

application did not get her an interview so she went

of cybersecurity. All of these initiatives support you to

back, rewrote it and applied again. Her advice to

achieve more in your role.”

others on this is: “Be honest about your CV. You want to reflect your efforts to transition into this field. You

Cherry Liwag, a native of The Philippines, also came

want all the information to be up to date and precise.

from humble beginnings. She aspired to become a

And a one-page CV is always the best.”

doctor but the financial barrier was too great so she opted to study for a BSc in Computer Engineering.

While studying, Gunjan also got an opportunity to

“The most sensible choice was to pursue a degree

work part-time as an information security analyst at

that would readily secure employment, enabling me to

Unisphere Solutions, after which she joined Spark as a

contribute to improving our family’s quality of life,” she

virtual security specialist in September 2023.

says. ‘I didn’t have extravagant career ambitions; my primary goal was to secure a job that contributes to

A FULL TIME ROLE AT SPARK

the well-being of my family.”

She says the role encompasses building security assurance reports for customers, supporting Virtual

However, the nearest she got to a computing job

Security Manager (VSM) on an ad-hoc basis, helping

after graduating was working as a telemarketer for a

with the vulnerability management process and

computer software company. But when the company

facilitating customer meetings. A VSM is a Spark

was looking for a trainee Java programmer, Cherry

service in which a Spark employee is embedded in

applied and got the job. “I underwent training and

a customer organisation to help the customer meet

actively contributed to the development of Java

security objectives.

programs for our clients. Following the completion of my contract, I transitioned to focus more on

Gunjan has gone on to gain multiple cybersecurity

programming, specifically in web development.”

certifications: Security Awareness Graduate credential from Wizer, the Sophos Engineer Certification and

She then moved into a quality assurance role at

certifications from Microsoft in Security, Compliance

another software company, and describes this as a

and Identity Fundamentals and Azure Fundamentals.

significant career shift into a role that suited her well.

“All these certifications provided me with fundamental knowledge about standard security practices,”

FROM TELEMARKETING TO QUALITY ASSURANCE TO SECURITY COMPLIANCE

she says. “They helped me gain the background

“I was initially uncertain about whether it was the

knowledge I lacked because of my previous teaching

right trajectory for my career,” she says. “I recognised

career. They also helped me understand the tools and

it demanded a dedicated commitment to learning

techniques used in cybersecurity. Cybersecurity is a

new tools and technologies associated with quality

vast field, and sitting those certifications helped me to

assurance. Given the project requirements, I decided

find my niche in in the sector.”

to embrace the change.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

“Surprisingly, this transition proved pivotal for the

Cherry joined Spark in 2019 as a security advisory

project’s proactive development. Fortunately, I could

consultant and took on her current role as chapter

leverage my existing development skills. I discovered

lead for security certification and accreditation in

a newfound affinity to QA due to my meticulous

January 2023. It is her first leadership role, and

nature and my innate attention to detail and

brought new challenges.

problem-solving skills. My satisfaction now stems from ensuring the quality of the software I deliver,

“Confronting imposter syndrome has been a genuine

contributing to an enhanced overall user experience.”

challenge for me, as self-doubt and feelings of inadequacy often arise,” she says. “It’s a common

In 2010, she relocated to Singapore to explore

struggle for many female leaders. However, valuable

opportunities beyond her home country. She landed

advice from mentors emphasises the importance of

a fixed term contract as a Quality Management

acknowledging these feelings. Understanding that

System Administrator; this marked the beginning of her

nobody is perfect allows for constructive action.

journey at Fujitsu. And then she transitioned to Security

By recognising these sentiments, I turn them into

Compliance, where she’s given the opportunity to

positive drivers for personal improvement.”

be a part of a team launching the SAP IaaS Cloud business. At that time, she taught “Cloud is the next

RESPONSIBILITIES AND CHALLENGES

big thing” so she equipped herself and proactively

However, she says a greater challenge comes from

pursued training and certification, encompassing ITIL,

the nature of her role. “My main responsibilities

COSO, and various ISO standard family.

include defining security C&A strategy, overseeing governance and enhancing roadmaps for meeting

Cherry showcased her proficiency in Audit

various security legislation, compliance frameworks

Management, Quality Management and Security

and commercial obligations while managing risks for

Management. Her contributions extended to helping

all the standards we need to adhere to. We focus on

the BAU team in implementing controls to achieve

standards such as ISO 27001, NZISM, PCI DSS and

compliance outcomes. As one women team she

ISAE 3402.

collaborated with diverse stakeholders within the organization, leading to attain certifications

“Security certification and accreditation is a process

such as ISO 27001 and ISAE 3402 SOC 2 Type II

that ensures products, platforms, systems and

compliance. Her focus remained on ensuring the

applications meet specified security requirements

cloud business aligned with legal, regulatory, and

and standards. With the increase in demand from our

compliance requirements.

customers, and ever-evolving requirements, our team is focused on ensuring Spark continually complies

Developing an interest in auditing, Cherry attained

with various security legislation and compliance

certification for ISO 9001 (Quality Management

frameworks as well as our commercial obligations.”

System) and ISO 14001 (Environmental Management

System). Leveraging this expertise, she played a role

Her team is also responsible selecting security

in guiding the organization to achieve certification in

controls, ensuring they are implemented, assessed,

these standards.

certified, accredited, and continuously monitored.

In 2016, She was offered a job on consulting

“It is a comprehensive and iterative process to ensure

company here in New Zealand. To help setup the ISO

that information systems maintain an appropriate

27001 framework of the organization and its clients.

level of security throughout their lifecycle,” Cherry

She also gained certification for eWAPTx (Advanced

says. “Each role in the process plays a vital part in

Web Application Penetration testing) to expand

achieving and maintaining a secure and accredited

her portfolio.

information system.”

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

I N D U S T R Y

P E R S P E C T I V E S

And Cherry says it is important to spread these roles evenly between men and women on her team. “I ensure the distribution of workloads between men and women within our team are balanced. I also aim

Cherry Liwag

to be a supportive ally to any women’s initiative or programme within Spark. “Women tend to give/have a different perspective. We can use this different perspective to see a wider picture. This will amplify women’s contribution and ensure they have the opportunities to shine.” Cherry also plays her part in Spark initiatives to upskill and ‘side skill’ staff, supporting Spark’s Cyber Security Tribe job rotation program that gives individuals learning and development opportunities across

Looking back on her career trajectory, Cherry says

different domains within security. “This commitment

growing up in a low-income family was the foundation

aims to empower our team members to cultivate a

of her career success.

well-rounded security skill-set and gain exposure to various facets of security within Spark, as well as the

“This experience instilled in me resilience,

adaptability of our cybersecurity team,” she says.

resourcefulness and a strong work ethic. It moulded my deep appreciation for the value of education and

She also hosts staff from other security areas,

hard work. I used this as motivation to break the cycle

showcasing what her team’s work entails and

of poverty.

providing them with a better understanding of regulation requirements and information security

“This has been one of the biggest influences for

standards, including control implementation,

me and my career thus far, inspiring my willpower

control assessment and other certification and

to help elevate the quality of life, not only my own,

assurance activity.

but also that of my entire family. It propels me to relentlessly pursue opportunities, often in the face of

CAREER ASPIRATIONS

daunting challenges.

For herself, her career aspiration is to become a CISO “just like the majority of cybersecurity professionals”.

“It instils a sense of gratitude for all progress made.

She envisions herself at the helm of strategic

My story is a testament to the power of perseverance

decision-making, developing and implementing

for personal and familial success, despite

robust security frameworks to safeguard

socioeconomic constraints. This leads my desire to

organisational assets.

contribute positively to the community, driven by a firsthand understanding of the challenges faced by

“I am committed to staying at the forefront of evolving

those in similar situations to mine.”

cyber threats, leveraging my expertise to secure defences and ensure the resilience of information systems, she says. “Beyond technical proficiency, I aspire to cultivate a culture of cybersecurity awareness within the organisation, emphasising the importance of proactive risk management and compliance.”

I S S U E 18

www.linkedin.com/in/celene-aitchison

www.linkedin.com/in/gunjanb31

www.linkedin.com/in/cherrysliwag

WOMEN IN SECURITY MAGAZINE

MELANIE NINOVIC

INSPIRING YOUNG GIRLS INTO STEM by Melanie Ninovic, Principal Consultant at ParaFlare

When I think of the future of women in our industry,

that teach young girls about STEM and inspire them

I think of the young girls who are in school and yet

to learn about STEM. Here are some things we can do

to choose what they will study in Years 11 or 12,

as industry professionals.

or beyond. And I think of the women who have just graduated from higher education or university and

THE PROBLEM, SCHOOL

need to decide where they want to start their careers.

In July 2023, the Department of Industry, Science and Resources updated its STEM Equity Monitor2,

At least some of them will consider studying or

which identifies current trends in women and girls’

joining a STEM profession and, by extension, the

participation in STEM in Australia. The research found

cybersecurity industry. However, far fewer will do so

the majority of students who undertake many of the

than their male counterparts.

year 12 STEM subjects, particularly science (biology, earth science, chemistry, and agriculture), are girls.

A 2021 study conducted by the University of Houston

However, in areas of STEM such as engineering and

and the University of Washington found boys

IT, this has not improved at a similar rate.

becoming more interested in STEM subjects than girls as early as the age of six1. The research also

Unfortunately, there was little other good news from

found that, by the time girls reach high school the

the study. It found only 21 percent of schoolgirls

gap has widened greatly, and many girls have already

aspire to have a career in STEM. So, most girls know

decided against pursuing education in STEM subjects

what STEM is and the subjects involved, but they have

in later years.

no interest in pursuing these further. And interest or confidence to study or work in STEM only declines as

You might be shocked to hear this, and trust me, so

girls get older.

was I. Perhaps you’re thinking, ‘what can we do to

change this reality?’ As parents we can introduce

This is the bleak reality wherever you look in the

our daughters to STEM activities before they begin

world. However, there is hope for a better future. As

school. As educators we can lead inclusive programs

industry professionals, advocating and being a role

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

I N D U S T R Y

P E R S P E C T I V E S

model for our young female family members, and

THE SOLUTION

volunteering in tailored STEM programs are some

To have any chance of boosting young girl’s

steps we can all take to shift this balance.

understanding of STEM and their appreciation of its career possibilities we must start when they are as

HIGHER EDUCATION

young as five. Sharing our stories and showing girls it

When I was in Year 12 my only options for studying

is possible to have a successful career as a woman in

cybersecurity were to apply for a Bachelor of

STEM can be a powerful way to do this. Remember,

Computer Science or an information technology

you can’t be what you can’t see. Girls need role

degree. Times have changed. There are now many

models like us to look up to.

avenues to study STEM subjects, and specifically cybersecurity, in TAFE, colleges or universities.

That is not to say our careers are all sunshine and rainbows. We still have a gender pay gap in our

Sadly, women remain underrepresented in university

industry. We know women are often overlooked

enrolments and course completions within

for promotion and are poorly represented in top

engineering and IT. Within these two fields, women

positions. We have a duty to young girls to be honest

only account for 19% and 21% of the enrolments

about these challenges, but at the same time show

respectively. In sciences though, women make up

them the significance of STEM. Our communities

over half of all student enrolments, specifically around

depend on what we do, and our work is incredibly

environmental, natural, and physical sciences.

important especially for Australian businesses.

Of course, university courses are not the only

If you have the time and capacity, the following are

pathway to working in STEM, or in cybersecurity.

some of the possible ways you can help improve

In our industry there are many avenues available.

gender diversity in STEM.

These include self-teaching, enrolling in free online learning courses and consuming technical resources

VOLUNTEERING

produced by the community. I feel awareness of these

There are some incredible non-profits and

options is not as great as it could be, and we should

organisations that focus solely on promoting STEM

strive to communicate these options to our Year 12

to young girls. The following are some examples that

graduates and even those in higher education who

often look for STEM coaches, mentors or volunteers.

may feel stuck in what to do. • VIC ICT for Women has programs to guide

THE WORKFORCE

girls and women through school and university

In 2021 women accounted for 27 percent of the

and help them enter and progress through

Australian workforce across all STEM industries.

professional careers in tech. Go Girl is its program

When we look at the cybersecurity industry in

that aims to promote empowerment through

Australia, women represent only 17 percent of the

science, technology, engineering, the arts, and

workforce, according to a study by RMIT’s Centre for

mathematics (ESTEAM) in schoolgirls from Years

Cyber Security Research and Innovation . 3

5 to 12. • Tech Girls Movement hosts an annual competition

One of the biggest problems arising from not having

that brings together teams of schoolgirls between

a balanced workforce is that it hampers innovation

Years 7 to 12. Each team requires a volunteer

because there is a lack of the diverse perspectives

mentor and industry coach who guides them

that women from different backgrounds or career

through the competition to build a technical

paths can bring.

solution to a common global or local problem.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

• Curious Minds is a six-month program (including

You can do this by simply sharing your own story and

a camp) for girls in Years 9 and 10 delivered

the joy your career brings you (if you feel that way).

by the Australian Mathematics Trust and

Seeing you passionate about the work you do would

Australian Science Innovations. It presently has

inspire them even more. If you can, show them what

an expression of interest for STEM coaches on

you do for work. They will love the interaction and

its website.

will probably ask a few questions too. Other ideas

• Purple Team Australia is a program funded by the

can include:

Australian Government to increase the number of female and First Nations Australians in the

• Discussing how girls are not just as skilled in STEM subjects as boys, but how women are just

cybersecurity industry.

as successful in STEM fields.

• Tech Career Paths 4 Girls (TCP4Girls) is a new program that aims to expose young girls to

• Praising any efforts girls make in their curiosity

amazing role models and inspire them to explore

and efforts exploring STEM subjects. If they show

tech careers before stereotypes kick in.

an interest in a particular STEM subject, talk to them about one of the leading figures in that

ADVOCATING

field such as Ada Lovelace (mathematics), Grace

As STEM professionals we need to convince girls

Hopper (computer science), Marie Curie (physics/

that, if they are interested in STEM, they absolutely

chemistry), Mary Jackson (engineering).

can achieve career success in STEM. There are also

• Need a gift idea for Christmas or a birthday? If

opportunities for the cybersecurity community to

one of your female family members (ages 5+) has

become more involved with older girls and share why

taken an interest in STEM, purchase a STEM gift

being in STEM is a great career choice.

or, even better, take them to a STEM workshop during the school holidays. Nothing beats real

• Most Australian universities have a STEM program

world experience, even when kids are so young

that you can reach out to. See if they would be

(Jaycar is not the only provider of these events.

open to having you come to a STEM/career day

Take a look around and see what’s local to you).

to discuss your own path into STEM. Reach out to your high school and offer to present

However big or small your contribution may be, the

to an IT class or group of girls who might take

cybersecurity industry and our community will have

an interest in STEM. I remember being on the

been positively impacted. The more diverse Australia’s

receiving end of such a presentation in my Year

STEM workforce becomes the better we will be in

11 software development class and can still recall

being able to solve complex problems.

the excitement I felt hearing about the female presenter’s programming career.

REFERENCES 1.

BE A ROLE MODEL

november-2021/11222021-stem-stereotypes-

According to the 2023 STEM Equity Monitor, only half of Australian parents talk to their daughters about

study.php 2.

STEM each week. Whilst this was an improvement on previous years, we should aim to communicate these topics whenever possible. If you have a daughter,

https://uh.edu/news-events/stories/2021/

https://www.industry.gov.au/news/state-stemgender-equity-2023

https://www.rmit.edu.au/news/all-news/2023/ apr/cyber-gender-report

niece, granddaughter, female cousin or any other member of your family who fits the demographic of those whose perceptions we need to change, bring

www.linkedin.com/in/melanie-cybers

them on the journey.

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

Want to get matched with Lead Gen experts but dont know where to start?

Our solution experts can help you find the right supplier, Looking to streamline your B2B lead generation process?

Want to use multiple suppliers but dont have time to coordinate? Need a consistent stream of leads coming into the sales team? Looking to tap into new markets? Need end-to-end lead nurture programs?

LET US HELP YOU OVERCOME YOUR LEAD GEN CHALLENGES REACH OUT TODAY FOR AN INSTANT QUOTE. The team at Source2Create has all the necessary skills to get the job done for you, so your time can be reserved to focus on other things.

With:

aby@source2create.com.au charlie@source2create.com.au source2create.com.au

JO STEWART-RATTRAY

PAM NIGRO

SUSHILA NAIR

ISACA LEADERS FROM ACROSS THE GLOBE REFLECT ON THE FUTURE OF WOMEN IN SECURITY by Jo Stewart-Rattray, ISACA’s Oceania Ambassador and Chief Security Officer of Silverchain Group Pam Nigro, ISACA Board Director and Vice President of Security and Security Officer at Medecision Sushila Nair, Vice President of ISACA Greater Washington, D.C. Chapter and Vice President, North America Cybersecurity Practice Lead, Capgemini

As we enter another year brimming with technological developments we security professionals must not only commit to developing our knowledge and expertise—particularly of AI and ML—but also to ensuring women become central to algorithmic

WHAT EMERGING TRENDS AND TECHNOLOGIES IN SECURITY ARE LIKELY TO IMPACT THE ROLE OF WOMEN IN THE INDUSTRY? HOW CAN WOMEN PREPARE FOR AND CONTRIBUTE TO THESE CHANGES?

design. It is so important for gender bias to

Jo: The biggest changes are coming through the

be minimised and for women to receive equal

use of AI. As a result there is the potential for

opportunities in one of the most rapidly growing

automation to change the way jobs are structured,

technology sectors on the planet.

or indeed the way we work. I think we all need to take the opportunities available to upskill and cross

Here, three security leaders share their personal vision

skill in preparation for these changes. Employers

for the future of women in security.

must ensure they provide opportunities to reframe

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

I N D U S T R Y

P E R S P E C T I V E S

roles accordingly and offer team members the

Sushila: With AI being a transformative technology it

chance to learn new skills so they feel confident and

is vital that its development draws on diverse inputs,

empowered entering this new phase of technological

including those from women. Instances of AI bias,

growth. Upskilling and reskilling provide professionals

such as systems favouring male job candidates,

with the comfort and confidence they need, and

highlight the need for inclusive AI training datasets.

the organisations that employs them the skillsets

Similarly, women must embrace human-centric

they need.

security design to ensure biases are countered and inclusivity is built in. To thrive in a rapidly developing

Pam: The hottest issue right now is the fusion of AI

environment women can embrace remote work and

and ML in the realm of cybersecurity. This fusion

the flexibility it affords. Developing strong remote

is rapidly gaining significance in the context of

communication skills and demonstrating their ability

threat detection and response. These technologies

to lead and inspire dispersed teams effectively can

empower the creation of innovative security solutions

help women sustain remote work opportunities, which

capable of automating intricate tasks, processing

are crucial for gender equality in the workplace.

vast datasets and discerning potential threats with swiftness and efficiency that surpass human capabilities. Women interested in cybersecurity can prepare themselves to stay at the forefront of this transformative wave by acquiring proficiency in AI and ML. They should obtain technical skills and cultivate

WHAT ARE THE CURRENT CHALLENGES AND BARRIERS THAT WOMEN FACE IN THE SECURITY INDUSTRY, AND HOW CAN THESE BE ADDRESSED TO CREATE A MORE INCLUSIVE AND DIVERSE WORKFORCE?

a comprehensive understanding of the diverse

Jo: In the security sector women face the same

applications of AI and ML in the cybersecurity domain.

issues they have always faced across the tech sector:

By remaining vigilant about the latest breakthroughs

a shortage of female role models and pay inequality.

and trends in these technologies women can ensure

It all starts with recruitment. Advertisements

they are well-equipped to contribute meaningfully.

for positions need to show flexibility to allow for

I S S U E 18

WOMEN IN SECURITY MAGAZINE

caring responsibilities. Professional development

centre of gender biases. It’s essential to showcase

opportunities need to be available for women even

and celebrate the achievements of women in the

when they are on maternity leave to ensure they do

industry, to provide role models and to challenge

not lose the skills they have attained. Recruitment

existing stereotypes.

processes need to be gender-blind to ensure bias is removed from candidates’ earliest interactions with

Women are still a minority in the security industry,

an organisation. This requires CVs to be presented

which can lead to feelings of isolation and of being

with no identifiers such as name, gender, photo or

an ‘outsider’. And underrepresentation is more

universities. Decisions can then be made without

pronounced in higher management and technical

gender bias. This approach helps to ensure inclusivity

roles. Encouraging more women to enter and stay

not only for women but for candidates from across

in the field through mentorship programs, employee

the diversity spectrum.

resource groups, networking opportunities and community organisations like ISACA can help reduce

Pam: The stark under-representation of women

this underrepresentation.

in both technical and leadership positions within cybersecurity can perpetuate the myth that women

Creating a workplace culture that promotes

are less inclined to enter technical fields, or less

professional interactions across genders in a

capable of fulfilling technical roles. The scarcity

respectful and comfortable manner is key. This

of visible role models and of women in leadership

includes implementing policies that prevent

positions further reinforces this misguided

and address harassment to ensure women

perception, contributing to the notion that women

feel safe and supported when developing

are somehow less ‘technical’. One impactful strategy

professional relationships.

for eliminating these stereotypes is engaging

provides invaluable hands-on experience and allows

WHAT RESOURCES AND SUPPORT NETWORKS ARE AVAILABLE FOR WOMEN PURSUING CAREERS IN SECURITY?

individuals to contribute to the development of

Jo: We are stronger together. My advice to women

cutting edge security tools and technologies, thereby

is: become a member of a professional body such

challenging preconceived notions about women’s

as ISACA and join the SheLeadsTech program where

technical abilities.

you can find networking opportunities to connect

women to become actively involved in open-source security projects. Participation in such projects

with other women who may be in a similar situation Networking within the female community in the

to yourself, and seek out a mentor, especially

security industry is essential, as is mentoring. ISACA

someone who has navigated and overcome career

offers a mentorship program for members who are

path hurdles. You will gain great support and

looking for one-to-one connections to give or receive

encouragement by talking with someone who is

professional development support at any stage in

willing to help you avoid some of the barriers they

their careers. Participation fosters new knowledge

faced. They can offer the benefit of their experience

and insights, new skills and network expansion.

on methods and strategies that have worked well throughout their career, and can be a great source of

Sushila: Women often confront stereotypes that

support and encouragement.

devalue their technical abilities and leadership

skills. I know I did, and I often wondered if I would

Pam: The ISACA Career Centre is a key resource

be successful in a career where I did not look like

for information security professionals and can

everyone else. The idea that women don’t ‘look’

assist those who are seeking to advance their

like cybersecurity experts or CISOs is often at the

IT and security careers. Members can post their

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

I N D U S T R Y

P E R S P E C T I V E S

resumés online and receive email notification of new

equal opportunities for promotion, I go back to blind

postings. This service provides a convenient way to

recruitment. I would also say to employers: never

specify job criteria and target a job search for career

underestimate the capabilities of a busy women, one

advancement. Employers have come to recognise the

who has responsibilities outside the office. They will

ISACA Career Centre as a valuable source of qualified

surprise you. I know they have surprised me over

IT security managers and professionals.

the years.

Sushila: Non-profit, community-based organisations

Pam: Organisations must remain diligent in

provide a platform for women to network, connect

recognising and eradicating bias from their hiring

and learn from other women in the industry. These

and promotion processes. The implementation

women-centred organisations often host regional

of inclusive policies and practices is instrumental

events, workshops and conferences that are

in fostering a workplace that is truly equitable.

specifically tailored to the needs and interests of

Leadership development programs addressing

women in cybersecurity.

gender-specific challenges, flexible work policies and equal pay practices, measurable diversity goals and

ISACA, known for its comprehensive educational

supportive employee resource groups all add layers

and networking resources in IT governance and

of accountability and collaboration. Regular check-

cybersecurity, has initiatives like One In Tech, which

ins, feedback mechanisms and recognition programs

offer the best of both worlds by enabling members to

ensure ongoing commitment to gender equality.

establish connections with both women and men in

Such a comprehensive strategy can not only provide

the industry. One In Tech is particularly beneficial for

equal opportunities for women but can also cultivate

women who are looking to broaden their professional

a diverse and inclusive leadership landscape in the

network beyond gender-specific groups. Many ISACA

security industry.

chapters have events which celebrate women leaders and speakers.

Sushila: Organisations should provide awareness training for all employees—especially hiring managers

Industry prizes and awards for women in security

and executives—to recognise unconscious biases. In

serve to highlight their achievements and

doing so they are supporting women’s opportunities

contributions. These recognitions are essential for

to advance. Establishing employee resource groups

overcoming preconceived notions and biases. They

focused on minorities and different genders can

provide role models for aspiring professionals and

help to create a feeling of belonging and encourage

encourage women to excel in their careers.

people with different backgrounds to connect and share experiences. Providing women with a clear

HOW CAN WE ENSURE WOMEN HAVE EQUAL OPPORTUNITIES FOR LEADERSHIP ROLES IN SECURITY ORGANISATIONS, AND WHAT CAN BE DONE TO PROMOTE GENDER DIVERSITY IN LEADERSHIP POSITIONS? Jo: Awareness raising is incredibly important. Some people are seriously unaware of the issues women face because of unequal advancement opportunities. I think professional bodies have a role to play in this awareness raising by advocating for a gender diverse workforce. We know diversity of thought brings

and transparent leadership career path is invaluable. Such a path needs to be supported with leadership development programs, workshops and training focussed on developing both technical and soft skills. www.linkedin.com/in/jo-stewart-rattray-4991a12

www.linkedin.com/in/pnigro

www.linkedin.com/in/sushilanair

innovation. So why not walk down that path? As for

I S S U E 18

WOMEN IN SECURITY MAGAZINE

SIMON CARABETTA

I’LL MAKE MY OWN WAY – A DESIRE FOR A CHANCE TO SUCCEED by Simon Carabetta, Business Development Manager Cyber Security at Digital Resources Australia

Here’s to the ones that say yes and give us a shot.

least in the minds of my own Nonni when travelling

Thank you to those who provide the foot in the

from the old country to Perth in the 50’s and 60’s.

door and the opportunity to prove ourselves. These

Either way, they were all given a chance, and made

are the ones we should be celebrating the most in

their lives here, and I’ll be forever thankful to all four of

our industry.

them for that decision.

It has been close to five years now since I got my

I feel that there are so many parallels between this

first start in cyber security. I will always be forever

old Southern Italian quote and where I find myself,

grateful to a forward-thinking hiring manager, because

5 years later on, in my career. As a new recruiter,

although my application for the role came right out of

focusing solely on Cyber Security, I love the fact that

left-field, I was the successful candidate and given the

I get to help people break into their first ever security

chance of a lifetime. I haven’t looked back Since.

role or get their dream job. All they want is the chance, the chance to succeed, and they’ll make their own

There’s an old saying that comes from Calabria,

way. The same way I made my own way since day

Italy “Mintammicce impizzu ca pue largu minne

one – however, the opportunities that others can

fazzu Sule!”

help provide you, and the chances given, do continue if you prove yourself at first. For example, the best

Roughly translated, it means “Let me in just a little,

manager I have had so far in my entire professional

then I’ll make my own way!”

career, Dr. Ian Martinus, gave me opportunities in the form of “yes”, every time I came up with an idea

Mostly attributed to Calabrese who wanted a chance

for something. He had the faith that given some free

to make their way to America and start a new life, it’s

reign and armed only with my imagination, I could

a promise that, if given the chance to succeed, they’ll

create initiatives that would then provide further

take it, without asking for anything more. I like to think

opportunities to others as well as advocate for

that this same quote may have been uttered by, or at

better diversity in our industry. Initiatives such as the

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

I N D U S T R Y

P E R S P E C T I V E S

Students of Cyber meetups run by CyberWest and the

in security, what brought you to this point where

West Coast Cyber podcast – amazing things that still

you’re now applying for a role and updating your CV

exist a couple of years later and are still going strong.

in the process? What value do you provide to the potential employer? You’re a cyber security aspirant

In the spirit of providing those opportunities and

who may just be the superstar that the company

giving a chance to those wanting to prove themselves

you’re applying for is looking for, so sell that!

in cyber security, here are 4 CV tips I’m providing to you lovely people wanting to kickstart your cyber

TIP 2: WHERE ARE YOUR ACHIEVEMENTS?

security career:

One piece of advice I regularly give out over the phone to clients is that they’re discussing so much of the

TIP 1: SELL YOUR WHY

tasks and responsibilities in their previous roles,

Not to go all Simon Sinek on you (well I’ve got half

but not talking about any of the success stories or

the name at least) but if you ever get the chance to

achievements. What major projects have you helped

read his breakout work, Start With Why, then I suggest

deliver? What changes or implementations were you

you get onto it ASAP. The TL;DR is companies who’ve

involved in? If you haven’t got much of a job history,

enjoyed long-term success are successful because

then relate these to your studies or even unrelated

they don’t sell a product, they sell an idea and a

jobs – talk about those Transferrable Skills!

purpose, and you should be doing the same.

TIP 3: SIDE PROJECTS I see roughly 20-30 CV’s a day, and out of these,

Make sure that you’re doing something on the side

I’m largely impressed by 1 or 2 of them. The reason

– get on GitHub if you haven’t already. If you’re not

being is that I see so many start with the headline

so technical, include anything that you do in your

“Objective” which is then followed by a really long

spare time. Here’s a hint – hiring managers love to

paragraph about what job the candidate is looking

get to know their candidates, and it will always be

for. Here’s the mistake – your CV is not supposed to

a discussion point in the interview that may take

demonstrate any objective, it’s to sell you as the best

some pressure off and let you speak candidly about

possible person in a crowd of potentially hundreds of

something you’re passionate about (besides security,

other candidates all vying for the same job. Start with

of course). If you volunteer, then do make mention of

WHY. Sell yourself by giving your purpose for working

this on your CV.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

TIP 4: LAYOUT IS KEY

no longer a name on a page to a potential hiring

Whether you’re using Word, Google Docs, Canva or

manager, but you’re now a face and a personality, with

whatever other platform, make sure that you use an

hopes and dreams and aspirations. They now know

eye-catching but simple layout. Don’t go extreme with

you’re interests and that you volunteer at the pet

colours and definitely don’t use fancy or complicated

rescue centre every Sunday and that your favourite

fonts. Keep it simple and keep it concise. Consistency

movie is The Princess Bride (my personal favourite)

is also key – I’ve seen many CV’s lately where different fonts and sizes are being used without

I recently gave a presentation to a group of graduating

reason and it makes it look like something I would

students from North Metro TAFE here in Perth, and

have conjured up in my Year 9 Desktop Publishing

one piece of advice I gave them towards the end

class. Please keep the length to 1-2 pages and be

was to get out of their comfort zone. That may seem

succinct in getting your point across. Getting too

easier said than done for most people, however it is

wordy won’t do any good as hiring managers tend to

certainly true if students, graduates and those coming

skim through and will lose interest if they need to read

across from another industry want to get their big

long paragraphs of information.

break. You’re going to get ahead and stand out in the crowd if you take the chance and go up and speak

CREATE THE OPPORTUNITIES

to somebody, no matter who they are or what their

Sometimes you might not always get the chance to

title is.

succeed or you may not even know the right people who can help provide it. That’s why networking and

To any of those students, graduates or people coming

getting your name out in the community is a really

across from another industry, I really hope you take

good idea. I’ve benefited from attending many various

heed of this article, whenever you get around to

industry networking events here in Perth over the

reading it. Channel that Calabrese Spirit and promise

years as it’s opened a lot of doors that I normally

that if you’re let in just a little, you’ll find your own way!

wouldn’t even know about. Extending your social and professional network is extremely important in Cyber Security as it is in any other industry, because you’re

www.linkedin.com/in/simoncarabetta

Interested In Working Together? Data Admin Services

Content

Media

Advertising

Events

Custom

Special Offer!! New client data admin programs 15% Off

The team at Source2Create has all the necessary skills to get the job done for you, so your time can be reserved to focus on other things.

We can execute anywhere in Australia, reach out today for an instant quote.

W O M E N I N S E C U R I T Y M A G A Z I N E

aby@source2create.com.au

source2create.com.au

charlie@source2create.com.au

J A N U A RY • F E B R U A RY 2024

It’s a bit

Inspiring today’s youth

techy

Stories. Fun. A sense of adventure. We use this philosophy combined with modern technology to inspire young girls into tech careers.

Discover more today. tcp4girls.com.au

EMMA PUDNEY

EMBRACING PURPOSE: MY JOURNEY TO INSPIRE YOUNG GIRLS INTO TECH by Emma Pudney, ex-CTO, catalyst for gender diversity in tech and founder Tech Career Paths 4 Girls

PART 1: FROM THE ASHES OF BURNOUT TO IGNITING PURPOSE

Taking a break was an opportunity for self-reflection.

As an executive in the tech industry my career

empowering women in tech, long suppressed under

seemed to flourish, but something was amiss. I felt

executive duties, resurfaced. I realised the critical

a growing weight, a toll on my wellbeing and on the

need to inspire young girls about tech careers well

It was during this respite that my passion for

deeper purpose behind my efforts.

before societal biases could take

It was not an overnight decision

root in their minds.

to shift from the corporate world to forge my path with Tech Career

Creating the ‘build your own tech

Paths 4 Girls; it was a culmination

career adventure’ platform was a

of years spent re-evaluating

turning point. It reignited my passion

my priorities.

and gave me a purpose-driven path. My goal? To inspire and guide young

Starting my career filled me with

minds into the world of tech, away

enthusiasm and aspiration, with

from stereotypes and limitations.

each milestone seeming to be an achievement. Yet, as responsibilities

This new chapter in my life is a

piled up, I sought meaning beyond promotions and

blend of thrilling challenges and profound fulfilment.

paycheques. Family commitments and increasing

I’m embracing the journey, sharing it authentically,

stress at work made me question the ultimate reason

recognising that life’s beauty lies in the experiences,

behind it all.

not just the outcomes. My aim is clear: to create

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

I N D U S T R Y

P E R S P E C T I V E S

opportunities for young girls across Australia to explore the possibilities in technology through Tech Career Paths 4 Girls.

PART 2: IGNITING PURPOSE FROM BURNOUT When I began conceptualising Tech Career Paths 4 Girls, I recognised there were significant challenges to achieving gender balance in the tech industry. 1. Lack of iconic role models: girls lack iconic female figures in tech, hindering their aspirations. 2. Unrelatable tech perceptions: the common perception of career techies as solitary individuals coding in bleak spaces alienates potential enthusiasts. 3. Early influences on career choices: by the time they enter high school, girls’ career paths are often influenced by media, stereotypes and family biases.

The outcomes give me the warm and fuzzies. Tangible boosts in interest towards tech careers and

4. Flawed introduction to tech: traditional methods of

transformed perspectives are just the beginning. One

introducing tech to girls fall short in engagement and

particular instance truly stands out. Initially, a girl

relevance, reinforcing stereotypes.

responded, “I imagine I would not be good at it” when asked about a tech role. Post-session, her answer

To address these challenges I designed Tech Career

changed to, “I am doing a good job.” Transformative

Paths 4 Girls as a transformative introduction to tech.

shifts like this vividly highlight the program’s

Our approach revolves around storytelling, interactive

profound impact.

adventures and puzzling challenges to captivate girls’ imagination.

Tech Career Paths 4 Girls is our unwavering stand against the dismal 1.6 percent of girls studying

The initial session presents a ‘build your own tech

technology. We strive to equip the future with

adventure’ platform, empowering girls to craft their

empowered women who find job security, intellectual

career destinies. They navigate through job options

stimulation and financial independence. If you share

such as product management, UX design and data

our vision, connect with us via tcp4girls.com.au and

science, interacting with role model videos and tech

be part of this transformative journey.

trivia. This smashes the ‘coding-only’ stereotype. Subsequent cyber mystery workshops redefine conventional sessions. Students connect with a

www.linkedin.com/company/tech-career-paths-4-girls

www.youtube.com/channel/UCuBrVJSsDcEMxgGQ-kMq9MQ

tech-savvy female expert who shares her own tech journey, making it a human experience. Then they delve into a hands-on cyber mystery activity, finding clues and solving puzzles; all designed to ignite their tech curiosity.

I S S U E 18

www.instagram.com/tcp4g

tcp4girls.com.au

WOMEN IN SECURITY MAGAZINE

J O B B OA R D VULNERABILITY MANAGEMENT SPECIALIST | TECHSPACE CONSULTING LIMITED FULL TIME

AUCKLAND

NEW ZEALAND

ABOUT THE ROLE Our stellar client is seeking a skilled and proactive Cybersecurity Vulnerability Management Specialist to boost their organization's defense against cyber threats. In this pivotal role, you will be responsible for identifying, assessing, and mitigating potential vulnerabilities across their systems, networks, and applications. Your primary focus will be on ensuring the resilience and integrity of their information assets through comprehensive vulnerability assessments and penetration testing. SKILLS AND EXPERIENCE • Proven experience in cybersecurity vulnerability management and penetration testing. • In-depth knowledge of cybersecurity best practices, tools, and technologies. • Strong analytical and problem-solving skills. • Excellent communication and collaboration abilities. • Demonstrated ability to implement effective remediation strategies. • Familiarity with regulatory requirements and cybersecurity frameworks. • Ability to identify gaps in the existing setup or process and able to come up with a plan to resolve it

APPLY HERE

IDENTITY AND ACCESS MANAGEMENT (IAM) SPECIALIST | TECHSPACE CONSULTING LIMITED FULL TIME

AUCKLAND

NEW ZEALAND

ABOUT THE ROLE As an IAM Specialist, you will be responsible for designing, implementing, and managing the identity and access management framework and solutions in alignment to the Information Security Strategy. You will play a critical role in ensuring the security and integrity of our systems and data by effectively managing user identities, access controls, and authentication mechanisms. SKILLS AND EXPERIENCE • 5+ years of experience in IAM domain • Relevant IAM certifications • Proven experience in designing and implementing IAM solutions in complex enterprise environments. • Strong understanding of identity and access management principles, standards, and best practices. • Familiarity with IAM technologies and tools, such as identity providers, directory services, access management, and federation services. • Experience with authentication protocols and mechanisms, including SAML, OAuth, OpenID Connect, and MFA.

APPLY HERE

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

CYBERCX ACADEMY | CYBERCX FULL TIME

AUSTRALIA

ARE YOU AUSTRALIA’S NEXT TOP CYBER SECURITY EXPERT? The CyberCX Academy is a paid, permanent full-time training opportunity designed to launch your career in cyber security. No prior experience is necessary. If you want to embark on a rewarding, meaningful career, then you’re in the right place. The CyberCX Academy program provides you with a blend of formal training and practical onthe-job experience alongside a 1,300-strong workforce of cyber security professionals. WHO ARE WE LOOKING FOR? You don’t need to be a cyber expert. We are on the lookout for people who want to learn and grow in a constantly evolving industry that’s combating criminal activity. We’re more interested in who you are, where you have come from, and where you want to take your career. If you’re new to this world, we’ll teach you everything you need to know on the go. ACADEMY PATHWAYS: Consulting For the people who thrive on client-facing relationships, tech talk and advice You will be working with our clients to identify their security needs and provide advice on cyber best practices. Your advice will help protect organisations from cyber threats and empower them to thrive in a changing world. Consulting practices: • Cyber Capability, Education and Training • Governance, Risk and Compliance • Phriendly Phishing • Strategy and Consulting Technical For those who want to get their fingers dirty in code and tech tools You might be developing and implementing security solutions, or our could be testing solutions, monitoring client systems, providing advice on system vulnerabilities or investigating real cyber incidents. Technical practices: • Cloud Security and Solutions • Cyber Intelligence • Digital Forensics and Incident Response • Identity and Access Management • Managed Security Services • Network and Infrastructure Solutions • Security Testing and Assurance

APPLY HERE

I S S U E 18

WOMEN IN SECURITY MAGAZINE

J O B B OA R D INFORMATION SECURITY OFFICER | OLIVER JAMES FULL-TIME

ZURICH

CONTRACT

ABOUT THE ROLE Oliver James is currently recruiting an interim consultant to join one of our clients based in Zurich as an Information Security Officer. In this role, you will support the permanent team in maintaining and ensuring compliance with the required security standards expected of a professional services business. KEY RESPONSIBILITIES Your key responsibilities will include creating, implementing, and overseeing IT security guidelines, security concepts, and system architectures. Additionally, you will continuously develop IT security management, assess operational IT risks, and design/implement security controls. THE SUCCESSFUL PROFILE • 5+ years of experience in an information security officer or CISO role. • Experience in ISMS and the ability to independently formulate and implement new policies and procedures. • Hold relevant certifications such as CISM, CISSP, CCSP, CASP+, CRISC, CISA, ISO/IEC 27001. • Proficient in German and English. • Fantastic communication, analytical, and team player skills.

APPLY HERE

HEAD OF CYBER SECURITY | CARDIFF UNIVERSITY FULL TIME

CARDIFF

ABOUT THE ROLE The successful candidate will strategically and operationally lead and manage the University’s Cyber Security function, motivating a team of security professionals who ensure the security of the university’s complex IT infrastructure. Drawing on the university’s academic expertise in Cyber Security research and education, the successful candidate will be the technical lead for the continuous development and implementation of a programme of work to improve and strengthen cyber security controls. DESIRABLE CRITERIA • Qualification in Cyber Security, such as CISSP. • Direct University IT experience and / or other public sector experience but ideally with some non-public service sector exposure. • Proven management experience of delivering IT Security technologies, policies, processes and services to ISO27000, NIST or Cyber Essentials standards.

APPLY HERE

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

ADVISOR, CYBERSECURITY | AIR CANADA FULL TIME

ABOUT THE ROLE The Advisor, Cybersecurity will be working in a fast paced and innovative environment supporting the overall security posture of Air Canada’s technology environment. Air Canada’s cybersecurity systems are foundational to protecting the data and systems that allow its customers to fly safely. The Advisor, Cybersecurity role acts as a security subject matter expert and provides guidance concerning IT risks and security assessments for Air Canada and its affiliates. He/she will evaluate Air Canada’s existing security systems to determine potential cybersecurity risks, provide inputs on security requirements for personal, commercial and financial data as well as the operation of Air Canada IT networks and infrastructure. Cybersecurity threats continue to evolve, and the Cybersecurity team will evolve with it. RESPONSIBILITIES • Contribute to the development documentation, monitoring and maintenance of information security standards, policies and protocols to ensure organisational infrastructure, data and resources are protected from unauthorised and inappropriate use or access. • Coordinate with operational groups and business units to set up and implement various cybersecurity controls and measures. • Review and offer security recommendations for architecture diagrams. • Lead the delivery of cyber capabilities for Air Canada. • Advise on meeting compliance with information security policies and procedures. • Provide expertise in the definition, selection and implementation of IT Security related controls to the IT Department • Provide security advisory services by conducting tests on a current system to determine vulnerable areas. • Generate security reports for IT administrators and business managers to evaluate the efficacy of security systems and policies. • Track risks using the Air Canada GRC tool (Archer). • Support the business initiatives, while making sure any Cyber specific risk introduced is properly managed. • Identify Cyber risks, communicate and develop “best practice” solutions, and implement mitigating controls consistent with company strategy. • Plan, coordinate and oversee activities related to the design, development and integration of information systems, operations systems and reporting systems in a business or security or risk context. • Introduce new processes and ensure that gaps in the aforementioned items are identified and addressed ahead of time. • Implement and manage governance around business partner/security management both internally and externally. • Work with the vendor’s teams (business and technical) to establish and review policies and IT direction. • Perform project reviews to ensure that they align to Air Canada’s business/ information security requirements. • Ensure that the company’s internal technological processes and services comply with community expectations, laws, and regulations for privacy, security, and social responsibility. • Represent the organization and take an active participation on different IT business or security airline specific forums. • Supporting the leadership team on strategic initiatives specific to the respective portfolio.

APPLY HERE

I S S U E 18

WOMEN IN SECURITY MAGAZINE

Need Event Speaker Services

Tell us more about what YOU need.... Need an MC or host? Looking for a keynote speaker? Want to get matched with industry expert speakers? Need speaker inspiration/ideas? Looking for presenters or analysts? Need your events speaker lineup managed end-to-end?

REACH OUT TODAY FOR AN INSTANT QUOTE. The team at Source2Create has all the necessary skills to get the job done for you, so your time can be reserved to focus on other things.

With:

aby@source2create.com.au charlie@source2create.com.au source2create.com.au

STUDENT IN SECURITY SPOTLIGHT

Safa Baalfaqih is a full-time Saudi student majoring in information security. She was born and raised in the United Arab Emirates. SAFA BAALFAQIH Bachelor of Information Security Student at the United Arab Emirates University

What exactly is the course you are undertaking and how long have you been doing it?

experiences. As a woman pursuing a cybersecurity

I am in my fourth year at the United Arab

representation in the field. However, rather than

Emirates University. I am pursuing a bachelor’s

feeling disadvantaged, I have found empowerment

degree in Information Security with a minor in

and the motivation to excel.

education, I’ve noticed a lack of women’s

Artificial Intelligence.

uncertain about which major to choose and felt

What about specific cybersecurity qualifications such as those offered by (ISC)², CompTIA and ISACA? Have you gained, or do you plan to gain any of these, if so which ones and why?

dissatisfied with the presented options. During this

Participating in regional capture the flag

time I stumbled upon a YouTube video featuring

competitions and enhancing my skills through self-

Kevin Mitnick, one of the world’s most renowned

study and practicing for certifications like CEH and

hackers, which sparked my interest in cybersecurity.

CompTIA Security+ have been vital to my academic

Exploring the realm of cybersecurity, I found it more

growth. Post-graduation, I plan to apply for these

fascinating with every piece of research I undertook.

certifications to further boost my qualifications. In

Eventually, I decided to make cybersecurity my

the ever-evolving field of information technology,

primary choice for a major.

especially in cybersecurity, I believe continuous

When do you expect to complete it, and how did you get there? As I approached the end of high school, I was

learning to be essential. While a bachelor’s degree

What reaction did you get from family and friends when you decided to pursue cybersecurity?

serves as an excellent foundation, I recognise that

Although my decision was met with confusion from their support has been unwavering throughout my

And finally, having come this far, do you have any regrets. If you had your time again, would you take a different path?

academic journey. Upon being accepted into the

Reflecting on my journey, I have no regrets about

InfoSec program, I approached it more as a hobby

clicking on that YouTube video out of curiosity. It led

than formal study. Learning about something I was

me to one of the best decisions of my life. Moving

passionate about made the process enjoyable,

forward, I am committed to staying up to date with

even though I encountered challenges in subjects

the latest trends and advancements in the industry.

friends and family who were unfamiliar with the field,

skills are the primary key to success.

like cryptography.

And of course we’d like to hear about the specifics of your current course. Please give us a few details of what you are studying. What do you enjoy? What do you find challenging? What would you like to see done differently?

www.linkedin.com/in/safa-baalfaqih-117483218

I particularly enjoyed practical topics such as network security, because I prefer hands-on learning

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

Farkh Leka Hashimy is a Dean’s List Computing Security student at RIT Dubai. She is an executive member of the university’s IEEE Student Chapter and Technosphere technology club. She is also a former executive member of the volunteering club, Lend A Hand, which she still actively collaborates with. In her free time, Farkh Leka is a hobbyist illustrator, polyglot, poet, and gamer. FARKH LEKA HASHIMY Computing Security Student at RIT Dubai

Were you inspired by cybersecurity in high school, if so, how? Or was it a later employment role that led you there? What reaction did you get from family and friends when you decided to pursue cybersecurity?

instead of in traditional employment. As such, I firmly

Throughout high school I found that, unlike most of

It is a massive source of motivation and inspiration

my peers who had chosen a path and were working

for me to do something meaningful knowing the

towards it, I did not have any specific field I was

strength of the women in my country and the

passionate about. Still, I knew I wanted something

talent and potential I hope they will one day be able

interdisciplinary because that fitted my nature.

to realise.

I seldom find satisfaction in pursuing just one

It takes much more than cybersecurity expertise to be a good cybersecurity professional. In most roles people skills are essential. There is also the ability to be creative, to ‘think outside the box’. Do you plan to undertake, or are you already undertaking, training in disciplines other than cybersecurity to support your career plans?

thing, so having joined a field at the meeting point of psychology, governance, technology and, most importantly humanity, has been a blessing from God. And I find it quite fun that people are impressed when I tell them I am in cybersecurity!

When you complete your course and gain your qualification, what next? Do you have a clear vision of a role it will help you attain, or, if you are already in work, is it something you feel will help you do your job better and, hopefully, gain a promotion?

acknowledge the privilege and responsibility I have been given as an Afghan woman to make something meaningful out of these blessings.

My plan is to gain some industry experience as a student and hopefully land a full-time job as a cybersecurity analyst. The goal from there on is to gain experience, qualifications, training and more to develop into a well-rounded and truly effective

The mere mention of my major opens the door to

problem-solver who has not only the insights of a

important conversations with people who do not

cybersecurity-trained individual but also insights

realise the omnipresent nature of cybersecurity in

into law, software engineering, mathematics

today’s world. It builds the foundations that enable

and business.

the connections and communications we all enjoy. Not only that, but cybersecurity also presents

I recognise the importance of building such skills

me with opportunities to empathise with the real

early on. Thus I have worked on projects related to

problems people face about their privacy, and their

software development. Specifically, I have some

fears of surveillance.

experience with front-end development of websites and mobile applications, though I am far from

Please give us a brief rundown of your career to date: the jobs you have had, where and when, in cybersecurity and other fields. Please mention anyone who has been particularly influential in your journey.

proficient. The key is to stay consistent with the

Upon graduating from high school I had the freedom

Beyond this, I have also completed a course on Agile

to invest my time in learning new skills independently

development. Presently, my focus aside from my

I S S U E 18

learning. Additionally, I have some experience with machine learning, but I will be building more on that through Kaggle and FreeCodeCamp (a great resource for people who are starting programming).

WOMEN IN SECURITY MAGAZINE

FARKH LEKA HASHIMY

degree is an ethical hacking program I am working

Other courses have covered networking theory and

on. The earlier I expose myself to a lot of learning, the

labs, systems administration and cyber policy and

easier it will be for me to polish those skills later.

law. The cyber policy course stood out as being particularly enjoyable. Additionally, unlike the usual

What about specific cybersecurity qualifications such as those offered by (ISC)², CompTIA and ISACA, Have you gained, or do you plan to gain any of these, if so which ones and why?

syllabus of a cybersecurity degree, our program includes plenty of mathematics. In my opinion, this is a great strategy for teaching students problemsolving skills that will be critical when they enter the workforce.

I think it is evident from my pursuits that I cannot

the entry-level skills of a professional well before I

Almost every aspect of cybersecurity is evolving rapidly. Do you feel your course is doing enough to keep up? Are there topics you would like to see covered, or topics you think should be omitted?

have the urgency of landing my first job. I want to be

No program is perfect, and education often struggles

prepared ahead of time. At the same time, I want to

to keep up with the pace of development. It would be

make sure I don’t overspecialise before I allow myself

nice to see courses related to quantum computing

to explore the field.

and the cutting edge of cybersecurity tools in

be satisfied with doing the bare minimum. So, I hope to complete multiple certifications throughout my degree. For example, the first one in line is the CompTIA Security+. I want to affirm that I have all

addition to the foundation they are building for us.

We do have a cyber analytics and machine learning

Life as a student at RIT Dubai so far has been

and system admin courses to be in the first and

fruitful. That’s not to say it does not have challenges.

second semesters respectively. Still, there are

Certainly, the challenges of a university degree are

many opportunities for students to expand their

there every day no matter what course I am taking,

learning outside of courses, such as university and

but the support and motivation I have found in my

industry collaborations that offer students training

peers and faculty make it all worthwhile.

and seminars.

course. However, I think the program would benefit from expanding these components. Additionally, I find the course moving slower than I anticipated. I would have expected the networking

Beyond this, I have thus far completed three programming courses as part of my degree and explored four programming languages. The programming courses also cover networking, which in my opinion is a great inclusion. I find programming to be challenging but at the same time I gain great satisfaction from writing working code that runs perfectly.

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

S T U D E N T

I N

S E C U R I T Y

S P O T L I G H T

Please tell us about your experience of being a woman studying cybersecurity. Chances are you are in a minority. Do you feel disadvantaged? Have you encountered sexism or misogyny? Do you feel your institution does sufficient to address such issues?

And finally, having come this far, do you have any regrets. If you had your time again, would you take a different path?

Overall I find the experience of being a university

my only regret is the feeling of being an amateur

student in Dubai quite pleasant. I have thankfully yet

and hesitating to put myself out there and under

to meet colleagues or higher-ups who put me down

pressure. The few projects I have worked on would

for reasons related to my identity as a woman, a

have benefited greatly had I believed in my abilities

Muslim, or a hijabi. It has been quite the opposite.

just a little bit more. Additionally, I would have found

Many of the individuals I have encountered have

more freedom to begin exploring earlier and set

been highly supportive and encouraging, particularly

myself on the journey ahead of schedule. It may very

because of the identity I present as an Afghan

well be that the time I took to feel confident allowed

woman. I cannot speak for all female students

me this realisation. So I do feel grateful for my unique

and other women on campus, but I have yet to

journey regardless of the regrets.

I think the experience overall has been positive. I feel the education I am gaining and the work I will be doing are both quite meaningful and have a great potential to impact people in general. I think

experience any particularly discriminating behaviour. I have found all my peers, male and female alike, to be motivated and hard-working individuals with

www.linkedin.com/in/fhashimy

a common vision of excellence and success. I look forward to cultivating a similar environment when I enter the industry and surround myself with likeminded, growth-oriented professionals.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

Felicity Le is an intelligence practitioner, and is studying a double degree in law and justice at Queensland University of Technology. She has a deep passion for international law and national security, and aims to practice in these fields post graduation. When she isn't interpreting legislation or analysing case law, you will find her powerlifting or curling up with a thriller spy novel. FELICITY LE Bachelor of Laws (Honours) and Bachelor of Justice Student at Queensland University of Technology

What exactly is the course you are undertaking? How long have you been doing it? When do you expect to complete it? And how did you get there?

I have always had a deep interest in humanities.

I am undertaking a double degree with a Bachelor

relatable and enjoyed using the critical thinking

of Laws (Honours) and Bachelor of Justice (major

skills, problem‑solving skills and writing skills

in Policy and Governance). I expect to complete this

these subjects required: skills that are necessary

double degree in the middle of 2024. I started off

for an intelligence practitioner. My parents were

studying the Bachelor of Justice as a single degree

very supportive of this pathway as they share

but transitioned into law school after realising how

these passions.

However, my passion for intelligence and national security arose during the early years of my law and justice degree. I found certain topics very

much the two fields complement each other, and realising it was important I knew how laws were made, and understood how to apply them in practice.

Please give us a brief rundown of your career to date: the jobs you have had, where and when. And please, mention anyone who has been particularly influential in your journey.

My first professional position was as a practicing

graduation. My current role in private intelligence

intelligence officer, and it is still my role now. I

has given me a head start in using the skills required

currently work as an investigative officer at a private

of an intelligence officer working in the public

investigations and mercantile firm. My family,

service, including critical thinking, problem solving

especially my parents, who were immigrants, have

and effective communication. The best thing about

been very influential in my intelligence journey.

this field is that intelligence is not only a career

Throughout my childhood, I could see the copious

pathway but is a skill in its own right. Once you have

amount of work and effort my parents put in to

acquired a baseline of thinking outside the box,

ensure my siblings and I grew up well prepared

reading between the lines and communicating your

for life. Now I am older, I can see the trauma that

thoughts clearly, you can use these skills in any

was inflicted not just on my family but on the

intelligence role. For me, that means working in the

community as a whole. Those experiences led me

public service.

onto my current path: ensuring future generations do not have to experience such tragedies and generational trauma.

Were you inspired by intelligence in high school, if so, how? Or was it a later employment role that led you there? What reaction did you get from family and friends when you decided to pursue intelligence?

W O M E N I N S E C U R I T Y M A G A Z I N E

It takes much more than intelligence expertise to be a good intelligence professional. In most roles people skills are essential. There is also the ability to be creative, to ‘think outside the box’. Do you plan to undertake, or are you already undertaking, training in disciplines other than intelligence to support your career plans?

J A N U A RY • F E B R U A RY 2024

S T U D E N T

I N

S E C U R I T Y

S P O T L I G H T

In the role of an intelligence officer, communication

In saying that, studying at law school is not easy.

skills and critical thinking skills are essential. Whilst

The most challenging aspect of my degree is

I regularly use these skills at university and in my

balancing the workload with my job, my internships

professional role, I would love to enhance them

and volunteering commitments. I am grateful for all

further: there is no limit to learning. In particular, I

these opportunities, but I would also like to see more

would like to practice the skill of human intelligence

support for students entering the intelligence field,

where I interact with people and stakeholders. I aim

particularly because most internships and paid roles

to become a practitioner, and practical skills such

are advertised only through word of mouth.

as effective verbal communication are essential to succeed in this role.

Almost every aspect of intelligence is evolving rapidly. Do you feel your course is doing enough to keep up? Are there topics you would like to see covered, or topics you think should be omitted? I believe that universities in Australia should offer more intelligence related courses. It is a big market and interest is growing rapidly amongst law, justice

With my law degree, I had the option to choose

and criminology students. Having this formal

several law electives. With this flexibility, I chose

knowledge ensures students enter the intelligence

electives relevant to my future role including

workforce with a baseline level of knowledge and

introduction to international law, advanced public

skill, rather than being thrown in the deep end not

international law, and the law and ethics of war.

knowing where to start. This is especially the case given that internships or entry level intelligence roles

I have supplemented these electives with the

can be difficult to find, and applicants for some roles

subjects I have chosen for my justice degree. I chose

require certain skills in order to be considered.

subjects relating to political violence and terrorism,

perspective for my law degree and from a theoretical

Please tell us about your experience of being a woman studying intelligence. Chances are you are in a minority. Do you feel disadvantaged? Have you encountered sexism or misogyny? Do you feel your institution does sufficient to address such issues?

perspective for my justice degree. As a future

Fortunately, I have not encountered any sexism or

intelligence practitioner, I believe it’s very important to

misogyny. The practical nature of intelligence work

apply your knowledge and skills in your role but to do

requires a focus on the skills a person has to offer,

so in a lawful way, and I am very fortunate to be able

regardless of their gender. However, there are times

to practice both skills at present.

where I do feel like the odd one out, because I am

political practice, people power and protest. What I have found most satisfying about studying for this double degree was being able to study topics relating to national security from an international law

the only woman and the youngest person at certain events. Whilst I enjoy networking with people from all

I S S U E 18

WOMEN IN SECURITY MAGAZINE

FELICITY LE

life experiences, or are from a generation other than

And finally, having come this far, do you have any regrets. If you had your time again, would you take a different path?

mine.

I have no regrets thus far, although I have been

walks of life, it is difficult to find common ground with other practitioners because they do not have similar

disappointed about the lack of support at times. Having said that, I have observed a growing number

Whilst this did teach me to be independent, it was

of students, including female students, showing a

disheartening to see my fellow university students

deep interest in intelligence over the years. Now, I can

having greater opportunities to engage with mentors,

attend networking events and enter the workforce

get regular placement offers and attend dedicated

knowing I can work with people just like me.

career workshops.

Educational institutions, especially universities—the ‘ivory towers’—are often seen as being out of touch with the real world. If you are not already immersed in the broader world of intelligence you will be part of when you complete your study, what are you doing to prepare yourself for that transition.

As a result, I try to use my platform to reach out to other like-minded students and offer them the mentorship and guidance I lacked when I was starting out in my intelligence career.

www.linkedin.com/in/felicity-le-4a7b01155

There were three extra-curricular activities that helped me get a headstart with my career. Firstly, as much as possible, I attended networking events both in-person and online. Most positions in intelligence, particularly at entry-level, are not publicly advertised, rather news of them is spread through word of mouth. Secondly, I volunteered for like-minded organisations. I found this particularly useful because such organisations are often run by industry professionals with years of experience and many networks. Thirdly, I applied for internships or placements with my university. I am also a board member of the Australian Institute of Professional Intelligence Officers and a member of the QUT School of Justice advisory committee where I advocate for students studying intelligence.

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

Need Data Admin Services

Tell us more about your data Need Data appending services? Need database admin cleaning Data enrichment services

Data Entry Admin services Data Verification services

LET US HELP YOU OVERCOME YOUR BUSINESS DATA CHALLENGES PARTNER WITH A QUALITATIVE FAST-WORKING TEAM Our team understand the importance of time and efficiency when it comes to data projects.

With:

aby@source2create.com.au charlie@source2create.com.au source2create.com.au

LISA ROTHFIELD-KIRSCHNER Author of How We Got Cyber Smart | Amazon Bestseller

The digital adventure of Olivia and Jack Twelve year old twins Olivia and Jack love hanging out together as well as with their group of friends. They spend much time together on the weekends and after school, and have many shared interests; from Lego, chess and basketball to online gaming. They are 21st century digital citizens and have grown up with a wide array of connected devices around them. Their parents are modern too, and quite tech-savvy. They also understand the importance of online safety, especially for Olivia and Jack. They had already set up parental controls on both Olivia’s and Jack’s devices after having conversations with them about why this is necessary in the modern world. Limiting and restricting online access is one way to reduce Olivia’s and Jack’s exposure to the dangers of the internet, and enable their experience online to be as safe as possible, but still enjoyable and fun. One day after school Olivia and Jack were sent a link from a school friend to a brand new online game called Sugarsnap. All the children were talking about it at school, and lots of them were playing it on the school bus. Olivia and Jack could not wait to try it out. They clicked on the link to try and download Sugarsnap but got an alert advising them they could not access the game. “Access Denied!” the screen read. They were puzzled and somewhat annoyed. Their parents overheard them complaining to each other and came over to see what they were talking about. “This is totally unfair Mum” Olivia exclaimed. In a calm, reassuring voice their mother explained: “Remember, we’ve set up these controls for your safety. The internet can be a fun place, but it also has its dangers, and this new game, Sugarsnap, is not appropriate for 12 year olds. It’s rated M and is suitable for 15 year olds and over. It has some violent content that we don’t want you exposed to.” Olivia and Jack understood their parents’ concern but felt their digital wings had been clipped. They felt they were missing out on a new game everyone

W O M E N I N S E C U R I T Y M A G A Z I N E

was talking about. So, they decided to find a way around the limitations. Olivia, who was very tech savvy, thought of using a virtual private network or VPN to bypass the parental restrictions on their device. Jack suggested they research and understand the implications first. They spent the next few days learning about VPNs, online safety and the importance of digital ethics. They also spoke to their friends about Sugarsnap and one of them said they had stumbled into a room in the game that was quite scary and gave them nightmares. At that point Olivia and Jack decided to talk to their parents again. They really wanted to play the game but understood the restrictions were there to protect them from harmful content and dangers they might not anticipate. They discussed what they had learnt about VPNs and proposed a compromise with their parents. They asked if their parents would whitelist the Sugarsnap ‘Green World’ area in the parental control software, making it available for them to use. (The Green World area is safe for children under 15). Impressed by their responsible attitude Olivia’s and Jack’s parents agreed, but reminded them: “The internet has safe and dangerous parts, always be aware of where you are, what you are doing and who you are engaging with.” Olivia and Jack enjoy their digital adventures, and now they always remember their parents’ advice. They learnt that limitations are not just barriers but guides to keep them safe in the vast digital world so they can explore safely and responsibly. www.linkedin.com/company/how-we-got-cyber-smart

facebook.com/howwegotcybersmart

twitter.com/howwegotcybers1

J A N U A RY • F E B R U A RY 2024

Recom mend ed by F amily zone

How We Got Cyber Smart addresses cyber safety, cyber bullying and online safety for elementary school-aged children.

READ NOW

WOMEN IN SECURITY MAGAZINE CONTRIBUTORS 01

1. BEVERLEY SHIMMIN

Program Manager, Cybersecurity Program at Curtin University

2. ELIF CANSU GÜLEÇ

Cyber Security Consultant

3. ROBYN FRYE

Vice President, Cybersecurity GRC at Workday

4. EJONA PRECI

Principal Manager - Cybersecurity Risk at FREENOW, President - Women in Cybersecurity (WiCyS) Germany

5. MEAGHAN BRADSHAW

Senior Cyber Consultant on Microsoft Incident Response

6. MARIA TERESA JIMENEZ SALINAS

Senior Information Security Officer at Citi

7. NATASHA TOWNER

Deputy CISO and Security Operations Lead

8. AYÇA GÜZÜNLER

Director of Security, Strategic Programs & Business Operations at Booking.com

9. COLETTE HANLEY

Vice President, Technology Risk at Checkout.com

10. MARINA GISTAU

CEO Nudgy Consulting | Change Manager Cybersecurity

11. EMILLY RICARTE

Project and Event Management Specialist

12. CRAIG FORD

Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC and Baidam Solutions

13. KAREN STEPHENS

CEO and co-founder of BCyber

14. NEHA DHYANI

Cyber Security Expert (CISSP, CCSP, CISM, MITRE ATT&CK Certified Defender) Senior Security Consultant at Nokia Solutions & Networks

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

15. ANJALI VARGHESE

Cyber Security Specialist (CISA, CISM, ISO 27001 Lead Implementer) Cyber Security Specialist, Grant Thornton

16. LISA VENTURA

Founder, Cyber Security Unity

17. LISA JANE YOUNG

APAC Intelligence Officer, FS-ISAC

18. MELANIE NINOVIC

Principal Consultant at ParaFlare

19. JO STEWART-RATTRAY

ISACA’s Oceania Ambassador and Chief Security Officer of Silverchain Group

20. PAM NIGRO

ISACA Board Director and Vice President of Security and Security Officer at Medecision

21. SUSHILA NAIR

Vice President of ISACA Greater Washington, D.C. Chapter and Vice President, North America Cybersecurity Practice Lead, Capgemini

22. SIMON CARABETTA

Business Development Manager - Cyber Security at Digital Resources Australia

23. EMMA PUDNEY

ex-CTO, catalyst for gender diversity in tech and founder Tech Career Paths 4 Girls

24. SAFA BAALFAQIH

Bachelor of Information Security Student at the United Arab Emirates University

25. FARKH LEKA HASHIMY

Computing Security Student at RIT Dubai

26. FELICITY LE

Bachelor of Laws (Honours) and Bachelor of Justice Student at Queensland University of Technology

27. LISA ROTHFIELD-KIRSCHNER

Author of How We Got Cyber Smart | Amazon Bestseller

I S S U E 18

WOMEN IN SECURITY MAGAZINE

THE LEARNING HUB INTRODUCTION TO CYBER SECURITY This course offered by OpenLearn is suitable for individuals looking to get a basic grounding in cyber security. Participants will learn how to protect themselves online by learning how to recognise cyber threats, understanding the concepts of viruses, trojans and malware as well as how to mitigate the risks, considering cryptography and network security. It is an introductory level course, requiring no previous knowledge of computer security.

VISIT HERE

ADVANCED DIPLOMA IN CYBER SECURITY In this program, students can inherit valuable skills and knowledge in information security and IT security. Some vital foundational subjects include ethics, information security, database management, programming and scripting. Graduates from this program will be skilled in implementing robust security practices for mitigating security threats and responding immediately to security breaches.

VISIT HERE

CYBER SECURITY BEGINNER CERTIFICATE This course offered by the UK PD Academy provides participants with the latest knowledge to identify, prevent and evaluate cybercriminal activities. While this course assumes no prior expertise in cyber security, its target audience is managers in IT business firms, suggesting that some industry experience would be beneficial.

VISIT HERE

MASTER OF CYBERSECURITY AND THREAT INTELLIGENCE The University of Guelph offers one of the best cyber security courses in Canada with a distinctive cutting-edge curriculum. It provides students with a demanding and progressive career in cyber security, digital forensics and cyber threat intelligence. Graduates of this master’s program can become experts in threat intelligence, security analysis and design, intrusion prevention and security incident. Moreover, they can also learn vital subjects such as penetration testing, malware analysis, digital forensics and cryptography engineering.

VISIT HERE

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

FEATURING FREE SECURITY TRAINING RESOURCES THAT ARE AIMED AT INCREASING SECURITY AWARENESS AND HELPING PEOPLE BUILD AND UPSKILL THEIR SECURITY SKILLS.

CERTIFIED INFORMATION SECURITY MANAGER One of the most coveted credentials in cyber security is the CISM, awarded by the ISACA, a global association offering a range of qualifications to security professionals. The CISM provides a globally accepted standard of information security across IT governance, information systems audit and information security roles.

VISIT HERE

CYBER ESSENTIALS The National Cyber Security Centre (NCSC) offers several UK government-backed programmes under their cyber security scheme. The first, Cyber Essentials, is a certification awarded to organisations and businesses rather than individuals, to help protect them against common cyber threats and win the confidence of their clients.

VISIT HERE

PG DIPLOMA IN INFORMATION SECURITY AND CLOUD COMPUTING Offered by NIELIT, one of the cyber security best colleges in India, this is a 24-week PG Diploma in Cyber Security that covers information security & cloud computing concepts, cloud development & security. To be eligible for this PG Diploma in cyber security course, aspirants must have prior undergraduate qualifications in either B.sc/M.sc./B.Tech/ MCA/BCA or a similar equivalent. This cyber security PG course in India can help you tread a bright career path in cyber security.

VISIT HERE

ADVANCED & INTERMEDIATE CERTIFICATIONS FOR CYBER SECURITY/IT PROFESSIONALS The CompTIA Security+ certification is globally recognised, signifying competence in comprehensive cyber security skills, essential for core professions in the IT sector. For specifically cyber security roles, earning this certification is usually a prerequisite. It is held in particularly high esteem in the US: the US Department of Defence compels all employees to be certified, whether or not they work in the IT department.

VISIT HERE

I S S U E 18

WOMEN IN SECURITY MAGAZINE

THE LEARNING HUB ONLINE CYBERSECURITY ANALYTICS This cybersecurity online course is designed to teach students the skills they need for a career as a security analyst, consultant, or a tier 1+ SOC analyst. This intensive program covers network and system administration, strategy and analyst for threat intelligence, security intelligence and event management, and more. The program culminates with a capstone project that pulls together many of the skills learned in the course.

VISIT HERE

NEW ZEALAND DIPLOMA IN CYBERSECURITY (LEVEL 6) The New Zealand Diploma in Cybersecurity Level 6 programme will provide you with technical skills in cybersecurity that are internationally relevant, and help you create a security mindset. This programme will teach you the fundamental concepts in information systems security, cyber law and regulations, cryptography, network security, security risk assessment, cybersecurity governance and practices, ethical hacking and testing, and incident handling.

VISIT HERE

CYBER SECURITY Cyber security professionals protect the data and systems of digital services we use for daily business and communication. Study at Deakin and gain the skills to understand cyber issues and ways to identify, diagnose and resolve these challenges.

VISIT HERE

Reach out to Aby today to find out how your company can help support the Women in Security Magazine. ABY@SOURCE2CREATE.COM.AU 100

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

Our Services Nurture Programs

Event Management

Magazines

Speaker Acquisition

Digital Marketing

Website Creation

Data Admin Services

Lead Generation

Programmatic

Podcasts

No job is too big or too small. Get connected and take control of your business success today!

REACH OUT TODAY

charlie@source2create.com.au

aby@source2create.com.au

TURN IT UP

A PODCAST OF ONE’S OWN With Julia Gillard Former Prime Minister of Australia, Julia Gillard presents a podcast in her role as Chair of the Global Institute for Women’s Leadership. In each episode Julia leads a thoughtful but fun discussion with well-known female (and some male) leaders from the worlds of business, entertainment, media, sport and many more. By celebrating their stories and learning the lessons from their lives, the podcast gives us insight into what needs to be done so more women get to lead!

CLICK TO LISTEN

DIVERSITY DEEP DIVE With Audra Jenkins Welcome to the Diversity Deep Dive Podcast. In this podcast, you will hear insights and uplifting stories of resilience and perseverance against the odds. We will share meaningful dialogue to positively impact diversity and inclusion by dispelling stereotypes, tackling biases, and providing best practices to achieve greater cultural competence.

CLICK TO LISTEN 102

W O M E N I N S E C U R I T Y M A G A Z I N E

HER STORY SPEAKS

SHOES OFF INSIDE

With Jennifer Chesak

With May Lee

When we have the courage to share our stories-walls break down and shame is cast out. Stories have the power to build bridges and break down stereotypes. Relationships, connections, compassion and empathy are built on stories shared and heard. Can stories change the world? Yes—but only if we are brave enough to tell our story and listen to the stories of others. Join me as as real women speak their stories- raw and real, broken and whole, finished and open-ended.

Three trailblazing Asian American women in TV journalism and Hollywood join forces to rattle some cages and dismantle tired old stereotypes about race, age, sex and culture. Award-winning journalist May Lee and actresses Kelly Hu and Tamlyn Tomita (a.k.a. MKT) take on topics that aren't often discussed in the most open, authentic and, sometimes, hilarious way because they are unafraid to be fully themselves

CLICK TO LISTEN

JUST SOMETHING ABOUT HER

INTRO TO AI SECURITY EPISODE 1

With Jennifer Palmieri

With HarrietHacks

Jennifer and Afton Vechery talk about how under-researched women’s health and reproductive systems have been throughout history and how cultural stigmas, ancient legends, perpetuated stereotypes, and institutionalized bans have contributed to big gaps in data and information about women’s health.

Join me in the first of this series of ten Intro to AI Security videos. This one is based on the medium blog of the same name.

CLICK TO LISTEN

Follow me on twitter, Instagram and TikTok @HarrietHacks. Join the slack channel @TheAISecurity.

CLICK TO LISTEN J A N U A RY • F E B R U A RY 2024

THE GUILTY FEMINIST

DIVERSITY CONNECTS US

OUT OF THE SHADOWS

With Deborah Frances-White

With Rachelle Carrié & Dr. Enin Rudel

With Wesley Hamilton

Ever felt like you should be better at feminism? Deborah Frances-White along with her guests, recorded in front of a live audience explores this concept in her comedy podcast. Each week they discuss topics “all 21 first century feminists agree on” while confessing their insecurities, hypocrisies and fears that underlie their lofty principles. I’m a feminist but… one time I went on a women’s rights march, and I popped into a department store to use the loo, and I got distracted trying out face cream. And when I came out the march was gone.

Welcome to Diversity Connects Us. This podcast highlights lived experiences and inspirational stories of strength and tenacity. We will share profound and courageous dialogues that influence diversity, equity, and inclusion by breaking the barriers and labels of stereotypes, confronting biases, and offering best practices to achieve a more significant cultural mindset. We will share some actionable tips from the best trailblazers! Join us as we break through some glass ceilings and disrupt how we think about diversity, equity, and inclusion.

Welcome to "Out of the Shadows." Here, we dive into real and compelling stories that embody tenacity and triumph. Hosted by Wesley Hamilton, we publicly showcase the unsung heroes among us and those breaking barriers. Beyond just stories, this podcast invites you to challenge your preconceptions, rethink stereotypes, and be inspired by authentic journeys.

CLICK TO LISTEN

Be sure to subscribe and join our community; we reshape narratives and bring impactful stories to light together.

CLICK TO LISTEN

BEYOND THE LABEL

BREAKING BOX

BLACKLIGHT

With Dr. Sina McCullough

With Jennifer Lara

With Williesha Morris

Be inspired by individuals from various ages, cultures, backgrounds, and sexualities, who took a leap of faith, broke from tradition, and did something different.-We are not defined by labels or stereotypes. Anything is possible, be you unapologetically.

Breaking the Box is a podcast where we confront and break through the Gender stereotypes society inflicts on us and how it related to To Kill a Mocking bird

Blacklight is dedicated to people of color who defy stereotypes. Brown people don't hike or swim, right? What about dating inter-racially? This podcast will remind you that everyone is unique?

CLICK TO LISTEN I S S U E 18

CLICK TO LISTEN

CLICK TO LISTEN WOMEN IN SECURITY MAGAZINE

103

OFF THE SHELF

MODEL BREAKERS: BREAKING THROUGH STEREOTYPES AND EMBRACING YOUR AUTHENTICITY Author // Charlene Wang Model Breakers: Breaking Through Stereotypes and Embracing Your Authenticity explores the intersection of self-awareness, identity, and minority stories. Charlene Wang invites us to change the limiting beliefs we impose on ourselves and break through the stereotypes that can keep us from achieving our dreams. Through the experiences of numerous Model Breakers, this book will help you to take risks and turn disadvantages into powerful tools.

BUY THE BOOK

I AM NOT: BREAK FREE FROM STEREOTYPES AND BECOME THE WOMAN GOD MADE YOU TO BE Author // Simi John Are you tired of struggling with your identity and settling for a lesser version of you? Are you ready to erase the stories that culture teaches about women and tell a different story? Are you willing to change not just your mindset but the way you live? Then “I AM NOT” is for you.

BUY THE BOOK

UNTAMED Author // Glennon Doyle Filled with hopeful messages . . . encourag[ing] women to reject the status quo and follow their intuition . . . This testament to female empowerment and self-love, with an endearing coming-out story at the center, will delight readers.” Untamed is the first of the empowering books for women because Doyle encourages readers to question what’s beautiful and true for them.

BUY THE BOOK

THE WOMEN CHANGING THE WORLD Author // Peace Mitchell We believe changing the world is 100% possible and it all begins with having the courage to believe that you can. Be inspired by the remarkable true stories of women, just like you who, have followed their calling to make a difference in the world!

BUY THE BOOK

104

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

THE HACKER AND THE STATE: CYBER ATTACKS AND THE NEW NORMAL OF GEOPOLITICS Author // Ben Buchanan “One of the finest books on information security published so far in this century―easily accessible, tightly argued, superbly well-sourced, intimidatingly perceptive.” ―Thomas Rid, author of Active Measures “The best examination I have read of how increasingly dramatic developments in cyberspace are defining the ‘new normal’ of geopolitics in the digital age. Buchanan… captures the dynamics of all of this truly brilliantly.”

BUY THE BOOK

NAVIGATING THE CYBERSECURITY CAREER PATH Author // Helen Patton Finding the right position in cybersecurity is challenging. Being successful in the profession takes a lot of work. And becoming a cybersecurity leader responsible for a security team is even more difficult. In Navigating the Cybersecurity Career Path, decorated chief information security officer Helen Patton delivers a practical and insightful discussion designed to assist aspiring cybersecurity professionals entering the industry and help those already in the industry advance their careers and lead their first security teams. In this book, listeners will find: explanations of why and how the cybersecurity industry is unique and how to use this knowledge to succeed; discussions of how to progress from an entry-level position in the industry to a position leading security teams and programs.

BUY THE BOOK

SECURING OUR FUTURE: EMBRACING THE RESILIENCE AND BRILLIANCE OF BLACK WOMEN IN CYBER Author // The Black Women in Cyber Collective Diversity is not just a buzzword; it’s a critical ingredient in the recipe for a secure digital future. Research consistently underscores the importance of diverse teams in fostering innovative solutions. The cybersecurity realm, where threats constantly evolve, particularly benefits from diverse perspectives that can anticipate and counteract multifaceted challenges.

BUY THE BOOK

GOOD NIGHT STORIES FOR REBEL GIRLS: 100 TALES OF EXTRAORDINARY WOMEN Author // Elena Favilli Good Night Stories for Rebel Girls introduces us to one hundred remarkable women and their extraordinary lives, from Ada Lovelace to Malala, Elizabeth I to Serena Williams. Empowering, moving and inspirational, these are true fairy tales for heroines who definitely don't need rescuing.

BUY THE BOOK

I S S U E 18

WOMEN IN SECURITY MAGAZINE

105

OFF THE SHELF

THAT'S WHAT SHE SAID: WISE WORDS FROM INFLUENTIAL WOMEN Author // Kimothy Joy “A stunning book that celebrates a diverse group of inspirational women, from Maya Angelou to Malala Yousafzai. The book features illustrations and quotes with illuminating biographies to inspire women of all ages and backgrounds.” – Hello Sunshine.

BUY THE BOOK

WOMEN ARE WARRIORS (IN SPANISH) Authors // Irene Cívico and Sergio Parra Castillo The first of our books about women has an amazing title. It tells 26 different stories of 26 women who, throughout history, changed the way people see the world in their respective fields. A journey through history, from old figures such as Coco Chanel and Audrey Hepburn, to the most current, such as singer Lady Gaga.

BUY THE BOOK

HER FEARLESS RUN: KATHRINE SWITZER’S HISTORIC BOSTON MARATHON Author // Kim Chaffee Kathrine Switzer changed the world of running. This narrative biography follows Kathrine from running laps as a girl in her backyard to becoming the first woman to run the Boston Marathon with official race numbers in 1967. Her inspirational true story is for anyone willing to challenge the rules.

BUY THE BOOK

I REALLY NEEDED THIS TODAY: WORDS TO LIVE BY Author // Hoda Kotb In I Really Needed This Today, Hoda not only shares 365 sayings and quotes, she writes about the people and experiences that have pushed her to challenge boundaries, embrace change, and explore relationships to their fullest. Written with her signature wit and warmth, this book is the ideal companion to tuck beside your bed or to bring with you on-the-go to keep you motivated, recharged, and inspired each day.

BUY THE BOOK

ANNAPURNA: A WOMAN'S PLACE Author // Arlene Blum It illustrates how one woman’s courage to forge ahead in a male-dominated world produced scientific work that challenged gender stereotypes and led to all-male clubs breaking their male-only rules.

BUY THE BOOK

106

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

NEW ZEALAND WOMEN IN SECURITY AWARDS 2023 #2023WISAWARDS IN PARTNERSHIP WITH

CyberCX

UNVEILING BRILLIANCE: HIGHLIGHTS FROM THE 2023 NEW ZEALAND WOMEN IN SECURITY AWARDS by Abigail Swabey

In the course of a night filled with glamour,

for an evening even more inspirational than its

inspiration and celebration the 2023 New Zealand

predecessor. Source2Create, the organiser of both

Women in Security Awards unfolded spectacularly

events, achieved something truly extraordinary,

leaving an indelible mark on attendees. Hosted

bringing together students, professionals and

by the dynamic Alexia Hilbertidou, founder of Girl

industry experts, and shining a spotlight on security

Boss, and meticulously created and produced by

heroes who redefine norms, reshape workplaces and

Source2Create, the evening brought together 300

champion careers in security. The awards ceremony

industry leaders, professionals and students at

has become a platform to honour their exceptional

Auckland’s Aotea Centre on November 9th.

achievements, making the evening truly electrifying.

Violinist Hannah Fang opened the event

ESTEEMED JUDGES

spectacularly with a performance that captivated the

The panel of esteemed judges evaluated over 250

audience and set the tone for an evening of elegance

nominations across 15 categories, ensuring the

and distinction. Te Aroha Grace graced the event with

integrity of the awards ceremony. Their commitment

a mesmerising welcoming ceremony, creating an

to fairness and excellence elevated the event, adding

atmosphere of unity and respect. Abigail Swabey’s

to its prestige.

opening speech introduced the theme for 2023, Unmasking the Future of the Security Industry, setting

The generous support of sponsors CyberCX, Spark

the stage for an extraordinary night.

NZ, Westpac, Delinea, SSS IT Security Specialists, Workday and Outfox enabled Source2Create to

The 2023 New Zealand Women in Security

realise its vision for the event: that it would make

Awards followed the inaugural event last year. The

a significant contribution towards building a more

Warmth, camaraderie and a shared commitment

inclusive and progressive security industry.

to diversity in the workplace provided a foundation

108

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

The event’s theme encapsulated the spirit of breaking

involvement and support of each attendee. The

barriers and embracing innovation. Attendees

evening was a tribute to brilliance, dedication and the

were invited to venture beyond the conventional,

relentless pursuit of progress in the security industry.

welcome diverse perspectives and join the ascent to

As the night unfolded, the future of the security

new horizons.

industry was revealed: inclusivity, innovation and celebration of diversity.

The act of unmasking was presented as a rebellion, liberating individuals from the constraints of

Awards given out on the evening were:

conformity. It embraced diversity, challenging and innovation to flourish. Unmasking became

CATEGORIES AND FINALISTS THE ONE TO WATCH IN IT SECURITY

a powerful act, shattering conventional moulds

WINNER: Chido Liberta Mushaya, Te Whatu Ora

and opening doors for the industry to reach

HIGHLY COMMENDED: Issy Riddell-Garner, Deloitte

unprecedented heights.

HIGHLY COMMENDED: Jaimee Mullins, SSS IT

the status quo and allowing creative thinking

Security Specialists The awards ceremony recognised winners, highly commended honourees and recipients of special

HARAKEKE ACHIEVEMENT AWARD

recognition awards. The accolades celebrated

WINNER: KPMG, Kiwa mentoring programme

the outstanding contributions made by inspiring individuals, innovative initiatives and remarkable

CYBERSECURITY CHAMPION

organisations in the community.

WINNER: Denise Carter-Bennett, Datacom New Zealand

The 2023 New Zealand Women in Security Awards

HIGHLY COMMENDED: Katja Feldtmann, Cybershore

event was a resounding success thanks to the

SPECIAL RECOGNITION: Robyn Frye, Workday

I S S U E 18

WOMEN IN SECURITY MAGAZINE

109

CHAMPION OF CHANGE

BEST SECURE CODER

WINNER: Dean Navarro, Fidelity Life Assurance

WINNER: Darya Koko, Best Practice Software

Company Limited

BEST PLACE TO WORK IN SECURITY

BEST INNOVATIVE BUSINESS “RESHAPING THE FUTURE” OF THE SECURITY INDUSTRY

WINNER: Spark NZ

WINNER: Xero

MOST INNOVATIVE EDUCATOR IN CYBERSECURITY

BEST INDUSTRY INITIATIVE THAT SUPPORTS DIVERSITY, INCLUSION AND EQUALITY

WINNER: Education Arcade

WINNER: OMGTech

HIGHLY COMMENDED: Xero - Security Champions

HIGHLY COMMENDED: ISACA Auckland Chapter and

Program

SheLeadsTech

UNSUNG HERO WINNER: Mahsa McCauley, She Sharp

NEW ZEALAND’S MOST OUTSTANDING IN IT SECURITY

HIGHLY COMMENDED: Olivia Uhrle, Quantum

WINNER: Dila Beisembayeva, Te Pūkenga

Security Services

HIGHLY COMMENDED: Jenna Whitman, Callaghan Innovation

BEST SECURITY STUDENT WINNER: Courtney Monique Wilson, The University of Waikato

BEST PROGRAM FOR YOUNG INDIVIDUALS IN SECURITY WINNER: Cyber Skills Aotearoa

BEST SECURITY MENTOR

110

WINNER: Michelle Crowe, Xero

BEST VOLUNTEER

HIGHLY COMMENDED: Hilary Walton, Microsoft

WINNER: Abby Zhang, Kordia

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

Best Secure Coder WINNER

Darya Koko Software Security Engineer Best Practice Software

Darya's commitment to developing a secure application, implementing encryption mechanisms, and conducting rigorous testing highlights her dedication to safeguarding sensitive information and ensuring secure transactions. Her significant contribution to the medical software field, with a focus on patient data security, exemplifies her unwavering commitment to privacy and data protection. Additionally, Darya's active involvement in the cybersecurity community, including publications and participation in threat modeling hackathons, showcases her dedication to knowledge sharing and promoting diversity in the field. These achievements are truly remarkable.

FINALISTS

NOMINEES

Annie Vella

Distinguished Engineer Westpac

Brooke Rakowitz

Brooke Rakowitz Engineer Xero

Jhalak Modi Beena Arora Darya Koko

Darya Koko Software Security Engineer Best Practice Software

112

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

DARYA KOKO, WINNER OF THE 2023 NZ WOMEN IN SECURITY AWARD: ARCHITECTING SECURITY EXCELLENCE

Darya Koko stands as a beacon of innovation in cybersecurity after earning the prestigious 2023 New Zealand Women in Security Award for Best Secure Coder. Her exceptional contributions span diverse projects, showcasing her prowess as a software developer and her unwavering commitment to fortifying digital landscapes. As a software engineer at Best Practice Software Darya played a pivotal role in Kiwibank’s 3DSecure project, establishing an additional security layer for online credit and debit card transactions. Darya ensured the project’s success and timely deployment. Her tasks encompassed software development, code writing and the seamless release to production. The project aimed to bolster the security of online payments by using encryption and decryption mechanisms for secure data transmission.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

113

SECURITY FOR MEDICAL SOFTWARE In her role at Best Practice Software Darya also prioritised the integration of robust security measures into medical software. Recognising the sensitivity of patient information, she implemented role-based access controls, permission management and regular security updates. By adhering to industry best practices, Darya contributed to the creation of a secure environment for users, ensuring the confidentiality, integrity and availability of medical application data. As a participant in a threat modelling hackathon Darya engaged in hands-on exercises to identify vulnerabilities and design robust security controls. This experience sharpened her technical skills and emphasised the importance of proactive threat modelling in building secure systems. Her multifaceted contributions to Kiwibank’s cards

Navigating industry-specific regulations and

and payments projects underscore her proficiency

compliance requirements along with the integration

in cryptography, encryption, decryption, PCI and

of diverse systems presented challenges that Darya

scheme compliance, security key handling and

overcame with her meticulous approach. These

DevSecOps. Her role involved the development of

projects laid a robust foundation for organisations to

a security payment gateway, a secure pin-to-pin

build upon. Secure coding practices not only fortify

feature and a secure block/unblock facility for credit

defences against external threats but also mitigate

and debit cards. These initiatives fortified secure

the financial and reputational risks associated with

payments and empowered users to set and store pin

security breaches.

codes, make secure transactions and block/unblock cards as needed.

Darya Koko’s journey exemplifies excellence in secure coding, and her recognition as the Best

Beyond her coding expertise, Darya made a

Secure Coder at the 2023 NZ Women in Security

significant impact on the industry by publishing

Awards is a testament to her enduring commitment

an article in Women in Security on the History of

to cybersecurity innovation.

Women in Tech and Cyber Security (April/May 2021). This contribution aimed to empower women and shed light on the history of women in technology

www.linkedin.com/in/daryakoko

and cybersecurity.

114

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

Best Volunteer WINNER

Abby Zhang Security Analyst, Kordia

Abby is regarded as an invaluable asset to the security industry due to her exceptional technical skills, mentorship, dedication to diversity and inclusion, and unwavering commitment to positive change. Her influence extends widely, playing a pivotal role in promoting diversity and inclusion, effectively addressing concerns, and inspiring others in the field. Abby's contributions have not only propelled cybersecurity forward but have also cultivated a positive and inclusive culture within the industry.

FINALISTS

NOMINEES

Abby Zhang

Celene Aitchison

Security Analyst Kordia

Toni James

Ayla Narciso

Security Engineer Salesforce

Jan Thornborough

Nicole Yue Lin

Customer Success Manager Crayon

Abby Zhang Denise Carter-Bennett

Celene Aitchison Security Certification and Accreditation Specialist Spark NZ

I S S U E 18

WOMEN IN SECURITY MAGAZINE

115

EMPOWERING CHANGE: ABBY ZHANG'S IMPACT ON CYBERSECURITY AND VOLUNTEERISM In a remarkable achievement, Abby stands tall as the winner of the Best Volunteer award at the 2023 New Zealand Women in Security Awards for the second year in a row. Abby’s journey is a testament to her multifaceted contributions, her seamless blending of technical prowess and mentorship and her fervent commitment to diversity and inclusion in the IT security industry.

VOLUNTEER ROLES Abby’s volunteer journey is extensive and impactful, reflecting her dedication to uplifting others in the industry. She currently holds crucial positions in ISACA’s Auckland Chapter, including membership, sponsorship and marketing committee co-chair, board member and marketing director. Her past roles

CAREER

include: being the SheLeadsTech liaison in ISACA’s

Abby’s professional journey in the IT security industry

Auckland Chapter, a SheLeadsTech ambassador

is equally impressive. As a security analyst at Kordia

in ISACA; a chapter lead and trustee for the New

and a former information security consultant at Triple

Zealand Network for Women in Security; a judge for

Ledger Limited she brings a wealth of experience and

the Global OSINT Search Party CTF for Trace Labs in

knowledge to the table.

2020, 2021 and 2022; ISACA Auckland CommunITy

116

day team lead support for ISACA Auckland chapter;

Abby has overcome her own challenges to break into

and a patroller for Community Patrols of New

security roles. As a female transitioning from a career

Zealand (CPNZ) from December 2020 to February

in a different industry, with English as her second

2023. Beyond the realm of cybersecurity, Abby

language, Abby bucks the trend of who most people

extends her volunteering to NZ Parkrun and serves

assume a stereotypical security analyst should

as a volunteer translator for ISACA China.

be. It’s for this reason she’s particularly passionate

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

The impact of Abby’s volunteer work is exemplified by her proactive engagement with stakeholders where she actively listens to feedback and takes concrete actions. Her personal narrative, shared courageously as a non-native English speaker in tech, inspires others to overcome challenges. Abby’s recent accolades, which include the Best Volunteer Award two years in a row in the New Zealand Women In Security Awards, attest to the profound impact she has had in her various roles.

INSPIRATION FOR CYBERSECURITY ADVANCEMENT about seeing more diversity and inclusion in the field.

Abby’s inspiration to advance cybersecurity and

She sees firsthand the value women and minorities

safety in New Zealand emerges from her belief in

can make and wants to inspire others like her to

the power of role models and positive influences.

follow their dreams and embark on an information

In her day to day role she mentors and coaches

security career.

fellow security analysts from diverse backgrounds, creating a safe space for learning and growth.

COMMITMENT TO VOLUNTEER ACTIVITIES

Abby advocates for diversity and inclusion through

Abby’s commitment to her volunteer activities is

conferences, writing and event organisation,

nothing short of inspirational. She goes above and

contributing significantly to shaping the industry’s

beyond, setting an example for women in the industry

mindset.

through the events she organises on behalf of ISACA and SheLeadsTech. Despite the time and expertise

OUTSTANDING CONTRIBUTIONS

required, Abby spearheads initiatives that create a

Abby is an outstanding example of the change

supportive environment for women. Her dedication

one person can make. Her holistic and substantial

is evident in the numerous events she orchestrates,

contributions to cybersecurity through her technical

including joint study sessions, workshops, panels

expertise, mentorship initiatives, advocacy for

and scholarship programs; all aimed at fostering

diversity and inclusion and her unwavering

diversity and inclusion.

commitment make her an invaluable asset. Abby’s impact is visible in the policies she has influenced,

GOING ABOVE AND BEYOND TO RAISE AWARENESS

the individuals she has mentored, the events she has organised and the stories she has shared.

Abby’s efforts to raise awareness extend far beyond her immediate professional circles. Her influence

Abby’s journey is a beacon of inspiration in

reverberates through public speaking engagements,

the cybersecurity landscape. Her multifaceted

writings and organised events. Her participation

contributions, resilience and commitment to

in conferences and panel discussions such as

fostering an inclusive and diverse environment

ISACA Auckland SheLeadsTech with New Zealand

make her a driving force for positive change in the IT

Network for Women in Security’s (NZNWS) The Rise

security industry.

of Tech Women fuels meaningful conversations around strategies for a more diverse and inclusive workspace.

I S S U E 18

www.linkedin.com/in/abbytryharder

WOMEN IN SECURITY MAGAZINE

117

Champion of Change WINNER

Dean Navarro With 18 years of experience, you've demonstrated leadership, diversity promotion, and mentorship. Your commitment to gender equality is evident in initiatives like the Information Security Ambassador program. Your advocacy for cybersecurity awareness, especially among women, and support for career growth have led to tangible improvements in risk management and a stronger security culture. Your contributions are commendable.

HIGHLY COMMENDED

Ben Amadi With a diverse background spanning various industries, you've made significant contributions. Your efforts extend beyond the workplace, actively supporting underrepresented groups, especially women and minorities. You play a pivotal role in fostering diversity in technical security education, encouraging female engineers to participate in Secure Coding Initiatives. Your dedication to providing dedicated time for training and mentorship has driven increased female engagement, with impressive results. Your contributions are truly commendable.

FINALISTS

Ben Amadi Xero

Conan Bradley Kordia

Dean Navarro Fidelity Life Assurance Company

N-yook Looong Q Spark NZ

118

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

DEAN NAVARRO: A CATALYST FOR CHANGE IN NEW ZEALAND'S CYBERSECURITY LANDSCAPE Dean Navarro, head of information security at Fidelity Life, was honoured with the Champion of Change award at the 2023 New Zealand Women in Security awards. His 18-year career in the cybersecurity industry spans multiple countries including the Philippines, Qatar and New Zealand and is characterised by his commitment to fostering diversity, equity and inclusion. Dean’s professional journey, from security engineer to head of information security, exemplifies his dedication to excellence. His role at two of New Zealand’s leading life insurers, AIA NZ and Fidelity Life, has been marked by a transformative leadership approach. At Fidelity Life he took on the significant challenge of improving the company’s risk maturity and driving action around information security. He is a visionary leader who prioritises building a dynamic and diverse team, emphasising mentorship and career progression opportunities. His commitment to Fidelity Life’s diversity, equity, inclusion and belonging (DEIB) strategy ensures equal opportunities for all team members.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

119

Dean’s initiatives have resulted in significant benefits for women in cybersecurity. Increased representation, recognition, mentorship programs and support networks tailored to women have become integral components of his strategy. Women have experienced a cultural shift towards inclusivity where they feel valued, respected, supported and empowered. Dean’s motivation to become a champion of change is rooted in his core values of community contribution and paying it forward. His mentorship is not only a selfless act but a two-way relationship that enhances his leadership skills and provides new perspectives. He finds gratification in seeing others succeed and in making mentorship a fulfilling and enriching experience. One direct beneficiary of Dean’s inclusive approach

In conclusion, Dean’s journey from security

says: “Dean has supported my growth by sponsoring

engineer to champion of change is a testament to

initiatives to propel my career.” One such initiative,

his unwavering commitment to diversity, equity

the Information Security Ambassador program,

and inclusion in cybersecurity. His transformative

focuses on gender equality, breaking down barriers

initiatives have not only impacted Fidelity Life but

and fostering a stronger security culture across

have had a ripple effect across the industry, setting

the organisation.

a standard for inclusive leadership and cultural transformation. Dean’s contributions deserve

ORCHESTRATING A CULTURAL SHIFT

recognition and appreciation, making him a true

In a little more than a year, Dean has orchestrated

inspiration for positive change in cybersecurity.

a cultural shift at Fidelity Life, resulting in tangible improvements. Marcus McClosky, Fidelity Life’s general legal counsel, says: “Under Dean’s leadership

www.linkedin.com/in/engrdeannavarrojr

we have seen material uplift in security capability and sophistication.” Some of Dean’s key achievements include challenging norms in technology risk profiles, developing a comprehensive information security strategy and assembling a diverse team committed to gender and ethnic diversity. Dean’s journey has not been without challenges. From facing discrimination based on his origin to addressing bias and resistance to change, he has consistently demonstrated resilience and innovative problem-solving. Dean actively challenges deeprooted gender-based discrimination and bias within the industry, promoting inclusive hiring practices and advocating for inclusive decision-making processes.

120

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

NEW ZEALAND WOMEN IN SECURITY AWARDS 2024

CALL FOR EXPRESSION OF INTEREST

BECOME A SPONSOR TODAY EVENT DATE: THURSDAY | 7 NOVEMBER 2024

If you're part of an organisation dedicated to promoting diversity and inclusion, we'd love to discuss our 2024 Awards packages with you. These packages are designed to further our shared mission of recruiting, retaining, and advancing women in the cybersecurity workforce.

CONTACT Aby@source2create.com.au or Charlie@source2create.com.au

By becoming a sponsor and supporting our event, you'll visibly demonstrate your commitment to celebrating diversity and recognising accomplishments within the security industry.

The One to Watch in IT Security WINNER

Your career in IT security is more than a profession; it's your driving force for lasting impact. You've surmounted challenges, mentored future professionals, led thought leadership, and pushed boundaries in safeguarding digital realms.

Chido Liberta Mushaya Fujitsu

We celebrate you for your remarkable achievements and dedication to an inclusive, innovative, and secure cybersecurity field. You're undeniably "The One to Watch in IT Security," and we eagerly await your future contributions.

HIGHLY COMMENDED

Jaimee Mullins SSS IT Security Specialists

122

W O M E N I N S E C U R I T Y M A G A Z I N E

Your journey in cybersecurity, starting as an intern and rising to a pivotal role at SSS, reflects your unwavering dedication and adaptability. Leading significant projects, optimizing processes, and advocating for cybersecurity, particularly among women, demonstrate your commitment to innovation and progress. Your passion for cybersecurity, driven by the chance to safeguard data and effect change, is truly inspiring. Your impressive career growth and steadfast industry commitment deserve commendation.

J A N U A RY • F E B R U A RY 2024

HIGHLY COMMENDED

Issy Riddell-Garner Deloitte

Your cybersecurity journey promotes inclusivity and values diversity, especially for young women and gender minorities. You excel in incident response and SOC processes, earning client trust. Your initiatives break down industry barriers, transform perceptions of security teams, and inspire diversity. Your work with high-school girls and contributions to Kiwibots NZ and Deloitte's Women+ in Cyber initiative highlight your dedication to the industry's growth and creating a cooperative, supportive culture. Your achievements are truly commendable.

FINALISTS

NOMINEES

Chido Mushaya

Lauren Nobbs

Elaine Sabado

Kirsten Neustroski

Fujitsu

Aimee Tomlinson

Eleanor Wright

Lavanya Sajwan

Issy Riddell-Garner

Aleisha Hoult

Elena Calderon

Liz Rooney

Deloitte

Amelia Sarumaha

Freisi Alfonseca

Mala Rehan

Jaimee Mullins SSS IT Security Specialists

Ana Ramirez

Gwen Morgan

Meera Lekshmy

Ashleigh Deverell

Iris Sastrillo

Megha Koli

Myla San Miguel Flux Federation

Ashleigh Forbes‑Day

Isabella Riddell‑Garner

Monique McKenna

Diana Musatova

Beena Jose

Jacinta Fue

Myla San Miguel

One New Zealand

Cat Salanguit

Nicole Gaskell

Gwen Morgan

Chido Mushaya

Jaimee del Rio‑Pasig

Inphysec

Christie Anne Ercilla

Jenna Whitman

Daphne Gumban

Kate Bradford

Diana Musatova

Katja Feldtmann

Dimpal Tailor

Keerthana Kumar

Divya Dantuluri

Kim Sharma

Liz Rooney One New Zealand

Eleanor Wright Quantum Security Services Ltd

I S S U E 18

Jaimee Mullins

Nisha Vasudev Olivia Yang Pratiksha Dalwadi Sasha Mullins Shraddha Nayak Vivien Hii

WOMEN IN SECURITY MAGAZINE

123

CHIDO LIBERTA MUSHAYA: A VISIONARY FORCE IN CYBERSECURITY, AWARDED THE ONE TO WATCH IN IT SECURITY Chido Liberta Mushaya, the recipient of the prestigious One to Watch in IT Security Award at the 2023 New Zealand Women in Security Awards, is making waves in the technology and cybersecurity arena. With a career spanning 13 years, Chido has garnered recognition for her significant contributions and for displaying unrealised potential, setting her apart as a standout individual in the industry. Throughout her distinguished career, Chido has left an indelible mark on organisations worldwide, enhancing their cybersecurity posture. Notable among her accomplishments is the design and development of a ground-breaking cybersecurity roadmap for a critical national infrastructure organisation. This initiative, lauded by top stakeholders, reflects her ability to align security priorities across diverse environments while navigating budget constraints. Crafting tailored cybersecurity plans for organisations of varying sizes has become a hallmark of Chido’s expertise. Chido’s influence extends beyond the organisational realm. As a recognised cybersecurity strategy

124

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

thought leader she delivered a compelling talk on

AMBITIOUS PLANS

“How to Make an Effective Cybersecurity Strategic

Looking ahead, Chido has ambitious plans to support

Plan” at the 2022 ISACA Annual Day in Wellington.

her commitment to the security industry. Integral to

Her role as a cybersecurity architect for government

her vision is her search for additional education from

agencies, where she spearheaded innovative security

top-tier programs, active participation in mentorship,

solutions, further solidifies her reputation as a

and contributing to career advice platforms.

cybersecurity expert. What Chido loves most about the security industry is

ADVISOR TO HIGH LEVEL EXECUTIVES

its emphasis on meritocracy, its global opportunities

Her proficiency in designing cybersecurity policies

and the opportunities it presents for collaboration

based on international standards positions her

with brilliant minds. Her journey from Harare to

as an invaluable advisor to high-level executives.

principal cybersecurity consultant for a global

Chido’s expertise in leading incident response

organisation exemplifies the industry’s openness to

efforts underscores her ability to handle complex

diverse talent.

cybersecurity challenges under pressure. Chido’s journey stands as a testament to her Beyond technical excellence, Chido is committed to

unwavering commitment to continuous growth,

mentoring and coaching, nurturing talent within the

innovation and to making a positive impact on the

industry. This dedication reinforces her passion for

security industry. Chido’s trajectory holds the promise

making a lasting impact.

of shaping the future of cybersecurity through visionary leadership and steadfast dedication. Her

Chido’s journey has not been without challenges.

source of inspiration runs deep, stemming from

As an expatriate of African origin she navigated

her mother’s unyielding strength. In the face of

cultural adaptation challenges when moving to a new

widowhood and the responsibility of raising seven

country. Balancing parenthood and career presented

children, Chido’s mother worked tirelessly to secure

another significant hurdle. Chido’s resilience,

each child a university education. This indomitable

proactive approach and the support of her inclusive

spirit serves as an enduring wellspring of motivation

work environment have enabled her to overcome

for Chido, influencing her path and fostering a deep

occasional bias and stereotyping challenges.

appreciation for hard work and perseverance.

Chido’s impact transcends her immediate work

Chido is a freelance Cybersecurity Strategist and

environment. Her commitment to mentoring young

Security Architect, living in New Zealand. She has

professionals and guiding them toward international

led multiple cross functional teams to deliver

opportunities underscores her dedication to

technology risk management capabilities for various

promoting diversity. As founder of the LinkedIn

organisations. When she is not at work, she is learning

community Zimbabwean of Women she provides

Wiggles music and choreography to entertain her

career guidance and personal development tips to

daughter and nieces.

its members. In showcasing excellence and innovation, Chido

www.linkedin.com/in/chido-mushaya-92a65915

plans strategically and leverages emerging technologies, sharing her knowledge with the cybersecurity community. Her initiatives include greenfield security projects and contributions to industry publications, conferences and webinars.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

125

YOU E R A

INTEREST

E D?

Global Contributors

WANTED OUR NEXT ISSUE'S THEME: Issue 19: Who should be in security?

WAYS YOU CAN CONTRIBUTE: Contribute to one of our

editorial sections

What's Her Journey Career Perspectives Industry Perspectives Technology Perspectives Student in Security Spotlight

Run a listing for

any of the following

Submission Have a book? Deadline: Have a podcast? Jan 24th Have a blog? Have free training and learning opportunities available?

REACH OUT TO JANE@SOURCE2CREATE.COM.AU TODAY

www.womeninsecuritymagazine.com

Best Security Student WINNER

Courtney Wilson University of Waikato

FINALISTS

NOMINEES

Courtney Wilson

Abigail Jaskari

Kaitlin Jones

The University of Waikato

Ayla Narciso

Kate Han

DEFEND

Courtney Monique Wilson

Kimberly Pioquinto

Jessica Lowe

Danielle Domingo

Olivia Uhrle

Gunjan Bhaskar

Pauline Pura

Ilaisaane Falevai

Rafana Fatima

Jessica Lowe

Sarah Pharaoh

Jingjing Zhang

Stacey Dawson

Ayla Narciso

University of Auckland

Gunjan Bhaskar Spark NZ

I S S U E 18

Courtney's unwavering commitment to her community is exemplified through active participation in youth councils, committees, and her exceptional leadership as a high school prefect. Her passion for the dynamic security industry and relentless dedication to safeguarding personal information and online security distinguish her as a truly deserving recipient. Courtney's remarkable contributions extend far beyond the cybersecurity realm, making a profound impact on her community and the world at large.

WOMEN IN SECURITY MAGAZINE

127

COURTNEY WILSON: FORGING EXCELLENCE IN CYBERSECURITY‑ BEST SECURITY STUDENT IN THE 2023 NZ WOMEN IN SECURITY AWARDS Courtney Wilson has emerged as a trailblazer, securing the coveted title of Best Security Student at the esteemed 2023 New Zealand Women in Security Awards. Courtney is studying for a Master of Cyber Security degree at the University of Waikato, and works as an Information Security Analyst at Gallagher and her journey is a testament to her tenacity and leadership in a field traditionally dominated by men. Her journey exemplifies a commitment to academic excellence, ground-breaking research and triumph in the face of unexpected challenges, showcasing Courtney as a trailblazer in cybersecurity. Courtney’s achievements are exceptional. She was the first woman awarded a Sir William Gallagher Cyber Security Scholarship to support study for her

128

master’s degree and has leveraged this prestigious

She has successfully completed a Bachelor of

scholarship to pursue ground-breaking research

Computing and Mathematical Sciences with first

and produce a dissertation under the banner of

class honours, specialising in computer science and

Gallagher Security.

data analytics.

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

technology security analyst, gaining invaluable insights into the intricacies of the security sector. Today, Courtney serves as president of the Waikato Women in STEM club, actively engaging with industry professionals to foster club development and inspire more young women to pursue STEM careers. Her commitment extends to running a mentorship program through the club, connecting members with industry professionals for valuable mentoring experiences. Courtney has held multiple leadership roles. She has Beyond the academic realm, Courtney shone as a

been secretary and chairperson of the Whakatane

standout member of a group of computer science

District Youth Council, a youth representative on the

students from Waikato University that earned a spot

Eastern Bay of Plenty Brass Band committee and

to compete in the Imperial College International

was a prefect at her high school.

capture the flag contest in 2022, securing a position among the top 15 university teams worldwide.

Courtney finds the security industry’s continuous

The team was the sole representative from

evolution a captivating challenge which she

Oceania and finished in the top ten, despite a team

embraces wholeheartedly. The industry’s dynamic

member contracting COVID and having to leave the

nature keeps her engaged and on her toes, which she

competition early. Courtney and her fellow female

relishes. She is passionate about making a difference

teammate demonstrated remarkable resilience and

by contributing to a secure online landscape and

excellence on the global cybersecurity stage.

safeguarding users’ personal information. Courtney’s commitment to effecting positive change in

FOUNDER OF WAIKATO WOMEN IN STEM CLUB

cybersecurity reflects her dedication to enhancing

In addition to her academic achievements, Courtney

evolving technology landscape.

digital security and protecting users in an ever-

has successfully navigated the challenges of being a woman in a predominantly male field. She took proactive steps to address the gender gap by

www.linkedin.com/in/-courtneywilson

founding the Waikato Women in STEM club at the University of Waikato. The club, although facing challenges of limited funding and being for women only, has thrived under Courtney’s leadership, providing support and encouragement to women in STEM through professional development workshops, mentorship opportunities and engaging social events. Courtney’s leadership potential is further exemplified by her hands-on experience in the industry. During her master’s she undertook an internship in artificial intelligence at TOMRA Fresh Food and then transitioned into an employee role as an information

I S S U E 18

WOMEN IN SECURITY MAGAZINE

129

Best Program for Young Individuals in I T Security WINNER

Cyber Skills Aotearoa by Grok Academy

This program is a game changer for New Zealand, positively impacting women, educators (kaiako), and students (akonga) across Aotearoa. It promotes digital resilience, critical thinking, and ethical behavior while challenging cybersecurity career stereotypes. It showcases opportunities for women and creates real-world connections through simulations, driving positive change in the cybersecurity field. Your efforts are truely commendable.

FINALISTS

NOMINEES

Cyber Skills Aotearoa

Surf Smart program NZ

Grok Academy

Education Arcade

Education Arcade Brock Roderick

Youth Action Squad NetSafe

Cyber Skills Aotearoa Youth Action Squad Women+ in Cyber

Women+ in Cyber Deloitte

130

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

EMPOWERING TOMORROW: GROK ACADEMY'S CYBER SKILLS AOTEAROA TRIUMPHS AT THE 2023 NEW ZEALAND WOMEN IN SECURITY AWARDS At the 2023 New Zealand Women in Security Awards, Grok Academy’s Cyber Skills Aotearoa online program secured the prestigious Best Program for Young Individuals in IT Security Award. This accolade is a testament to the program’s innovative approach and significant contributions to cybersecurity education, especially in fostering women’s empowerment in the field. Launched in October 2022, Cyber Skills Aotearoa aims to provide teachers and Year 6-13 students with classroom-ready activities and challenges to develop students’ cybersecurity skills and equip students with essential skills for navigating the online world securely. Cyber Skills Aotearoa is a collaborative effort with Tātai Aho Rau Core Education with sponsorship and support from ASB, AWS, BNZ and government bodies including the Ministry of

I S S U E 18

WOMEN IN SECURITY MAGAZINE

131

Education, New Zealand’s Computer Emergency

The positive impact of Cyber Skills Aotearoa is

Response Team (Cert NZ) and Network for Learning

evident in the feedback received from kaiako

(N4L). All learning resources are available in English

(teachers) and ākonga (students). Trudy Keys from

and te reo Māori.

St Margaret’s School says, “Our students have been reluctant to engage in the digital curriculum and this

Through online content and face-to-face interactions

has been a program that has captured their interest.”

students gain insights into the breadth of opportunities in cybersecurity. Exposure to videos

The program’s engagement with specific

of industry professionals helps in demystifying the

initiatives targeting all-girls schools and schools in

industry, breaking stereotypes and showcasing the

underrepresented communities further emphasises

varied career pathways available.

its commitment to making a positive difference in the lives of women in New Zealand.

COLLABORATION WITH INDUSTRY AND GOVERNMENT

Grok Academy’s Cyber Skills Aotearoa has not only

In the ever-changing landscape of cybersecurity,

scored the Best Program for Young Individuals in IT

Cyber Skills Aotearoa stays current through close

Security Award at the 2023 New Zealand Women in

collaboration with industry and government. Subject

Security Awards, it has also carved a transformative

matter experts contribute to course content, ensuring

path for women in the field. It stands as a beacon of

relevance and authenticity. And the program’s

educational innovation, diversity and empowerment,

continuous evaluation, revision and feedback from

showcasing the impact that thoughtful cybersecurity

teachers contribute to its evolution and alignment

education can have on the future of technology and

with industry standards.

the individuals shaping it.

With a mission to cultivate a cyber-aware generation,

Grok Academy is your one-stop-shop for all things

the program focuses on fostering digital resilience,

Digital Technologies. We are an Australian-based

critical thinking and ethical behaviour in intermediate

not-for-profit organisation made up of education,

and high school students. Beyond its educational

curriculum, and coding experts. Our online learning

content, Cyber Skills Aotearoa distinguishes itself

platform contains educational activities that align

through its unwavering commitment to diversity

with the NZ digital technologies curriculum. Our

and inclusion, seeking to eliminate barriers and

cyber security specific resources are available in

create equal opportunities for women in the

both English and Te Reo Māori and are free to all NZ

cybersecurity profession.

school children.

In the 12 months since its inception, Cyber Skills Aotearoa has left a significant imprint, engaging 11,176 students, including 4560 female students, across 317 schools and kura kaupapa Māori (Māori-

www.facebook.com/grokacademy

twitter.com/grokacademy

language schools) in New Zealand.

www.instagram.com/grokacademy

REAL WORLD RELEVANCE

www.linkedin.com/company/grokacademy

A key strength of the program lies in its realworld relevance. Students engage with simulated environments, allowing them to experiment in a

www.tiktok.com/@grok_academy

targeted, sandboxed manner. The content of each module is linked to events impacting students’ daily lives, creating meaningful connections between the program and the real world.

132

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

Most Innovative Educator WINNER

Education Arcade A remarkable passion project committed to simplifying and enlivening cyber security education. Despite being run by a single individual with a full-time job, Education Arcade continuously elevates its offerings. It's global impact is evident, with content adopted by schools and districts worldwide. Recognised as a beacon of best practices and referenced in academic studies, including social engineering training programs, Education Arcade is making a substantial impact in the field of security education. Congratulations on this remarkable achievement!

HIGHLY COMMENDED

Security Champions Program team from Xero Xero's commitment to cybersecurity shines as you expand globally. Your groundbreaking Security Champions program cultivates a securityconscious culture, empowering employees across functions and regions with cybersecurity knowledge and practices. This initiative promotes collaboration and resilience, setting a remarkable industry standard for security awareness and education. Kudos to Xero for your commendable efforts.

FINALISTS

NOMINEES

Brock Roderick

Education Arcade

Xero’s Security Champions Program

Xero's Security Champions Program Ryan O'Connell IT Azure Trainer, Mentor

Ryan O'Connell Melonie Cole

Melonie Cole Mindshift

I S S U E 18

WOMEN IN SECURITY MAGAZINE

133

REVOLUTIONISING CYBERSECURITY EDUCATION: EDUCATION ARCADE TAKES CENTRE STAGE AT THE 2023 NEW ZEALAND WOMEN IN SECURITY AWARDS In a resounding recognition of innovation in

in web browsers. Each experience focuses on

cybersecurity education, Education Arcade secured

common security threats individuals face daily, and

the coveted Most Innovative Educator award at

weaves a narrative with two or three key learning

the 2023 New Zealand Women in Security Awards.

objectives. The interactivity and visual appeal of

This recognition is testament to the ground-

these game-based learning experiences contribute

breaking efforts of Education Arcade in reshaping

to their memorability, ensuring users retain essential

the landscape of online safety education through

cybersecurity knowledge.

gamified e-learning.

LEVERAGING A GAME DEVELOPMENT ENGINE Education Arcade, a passionate organisation with a

While gamification in education is not a novel

singular objective, has set out to make cybersecurity

concept, Education Arcade distinguishes itself by

awareness education not only simple and engaging

building content in a game development engine,

but also memorable. It employs the power of

setting a new standard for gamification and content

gamification, offering a suite of educational tools that

interactivity in the industry.

includes games, trivia quizzes and a non-fungible token (NFT) investment scam simulator.

One of its key innovations is the democratisation of gamified learning. Traditionally, such learning

134

At the heart of Education Arcade’s innovative

experiences were designed primarily for enterprise

approach is its use of the latest 2D game

clients with substantial budgets. Education Arcade

development engines that enable the creation of

offers its content free to the general public, schools

gamified learning experiences directly playable

and non-profits.

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

Winner

The impact of Education Arcade is evident in the

Overcoming time constraints and technical

widespread adoption of its educational tools. Its

limitations, Education Arcade has achieved

content is used in multiple schools and school

recognition and made significant contributions

districts globally. There are approximately 2,000

to cybersecurity education. Networking with the

regular, monthly, users in the USA, UK, Canada,

wider security community has been a priority. This

Australia and New Zealand. Furthermore, Education

has been achieved through participation in annual

Arcade’s initiatives have been cited in various studies

cybersecurity conferences, contributions to infosec

as examples of best practice in cybersecurity

magazines, appearances on security podcasts

education, validating their efficacy.

and presentations on gamified security learning to community groups.

A standout initiative from Education Arcade is the NFT investment scam simulator which has garnered

Education Arcade’s journey exemplifies the

significant success, reaching approximately 300,000

transformative power of innovation in education,

people to date. By leveraging the tools used by NFT

ensuring cybersecurity awareness becomes

scammers, Education Arcade delivered sound advice

accessible, engaging and memorable for learners

on spotting and avoiding scams in the crypto/NFT

from all walks of life. The Most Innovative Educator

space, turning the tide against fraudulent activities.

award at the 2023 New Zealand Women in Security Awards recognises Education Arcade’s commitment

A COMMITMENT TO FREE EDUCATION

to revolutionising cybersecurity education.

Behind this remarkable initiative is a single individual, also an information security manager in one of New Zealand’s public services, dedicating

www.linkedin.com/company/education-arcade

evenings to continuously improve the free offering. Despite relying solely on sponsorship funding, Education Arcade remains committed to offering free, high-quality cybersecurity education to the wider community.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

135

Unsung Hero WINNER

Mahsa McCauley As a prominent figure in AI and Cyber Security, you are actively fostering diversity within the tech sector through your work with She Sharp. Your dedication to shattering barriers and opening doors for underrepresented individuals, as well as your impressive research contributions and mentorship, are highly regarded. Driven by your vision of a world where technology benefits all, you maintain an unwavering commitment to creating a more inclusive tech landscape that values and empowers everyone.

HIGHLY COMMENDED

Olivia Uhrle For your exceptional contributions to the tech industry, coupled with your remarkable resilience in overcoming challenges, truly set you apart. Your commitment to driving change and mentoring LGBTQIA+ individuals at the University of Auckland, guiding them toward opportunities in cybersecurity, is commendable. And your unwavering dedication to bridging gender gaps in the tech sector, particularly by empowering women, remains a beacon of hope for the industry's muchneeded transformation.

FINALISTS

Izzi Lithgow

Lou Wheeley

SafeAdvisory

Olivia Uhrle

Mahsa McCauley She Sharp

Maniaiwaho Phillips

Abby Zhang

New Zealand Defence Force

Olivia Uhrle Quantum Security Services

Robyn Campbell PwC NZ

136

NOMINEES

W O M E N I N S E C U R I T Y M A G A Z I N E

Cat Salanguit Kathryn Barker Izzi Lithgow

Georgia Kitt‑Lobo Robyn Campbell Tiffany Chu Mahsa McCauley Remya Kumar Yolanda Wilke

Vanessa Leite Monica Makau Barbara McLaughlin Coco Liu Lisa Haselton Chloe Ashford Amaryah Halo

J A N U A RY • F E B R U A RY 2024

DR. MAHSA MCCAULEY: PIONEERING DIVERSITY IN TECH AND BEYOND

In the world of technology and beyond, Dr. Mahsa McCauley stands out as a trailblazer, recently recognized with the Unsung Hero award at the prestigious 2023 New Zealand Women in Security Awards. While her formal role as a Senior Lecturer and Director of Women in Tech at AUT’s School of Computer, Engineering, and Mathematical Sciences is noteworthy, her contributions extend far beyond the academic sphere. Dr. McCauley is a luminary in Artificial Intelligence (AI) and Cyber Security, wielding her influence to champion diversity and inclusion in the tech industry. At the helm of the charitable trust She Sharp, she has orchestrated heroic and unsung efforts to empower women in technology, leaving an indelible mark on the industry. Through She Sharp, Dr. McCauley has constructed a platform where women in STEM can connect, develop skills, and interact with female role models. Her initiatives include workshops, events, and a tireless campaign to dispel misconceptions about the industry. The impact of these efforts has been transformative, dismantling barriers and fostering a more diverse and inclusive tech landscape.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

137

What sets Dr. McCauley apart is her exceptional dedication to promoting diversity and inclusion. She has devoted close to a decade to empowering women in tech, providing resources, connections, and dismantling stereotypes. Her leadership in AI and security, coupled with her tireless commitment to her work, makes her truly deserving of the Unsung Hero award. Dr. McCauley’s inspiration stems from her belief in technology’s potential to create a better world. She envisions a tech landscape where diversity and inclusion are integral, understanding that these elements are essential for innovation and ethical advancements. Her tireless efforts are fueled by a passion to create a world where everyone, irrespective of gender or background, can thrive in the tech industry. Driven by the potential she sees in every individual, she remains a relentless advocate for a more equitable and just tech future. Her commitment to this cause has not gone unnoticed. Dr. McCauley’s accolades include winning

www.linkedin.com/in/mahsamohaghegh

the Emerging Leader category in the 2013 Westpac Women of Influence Awards and the Champion Award at the 2019 YWCA Equal Pay awards. In 2022, She Sharp, under her leadership, secured the Best Industry Initiative Supporting Diversity, Inclusion, and Equality at the Women in Security awards. Undoubtedly, Dr. McCauley’s journey has not been without its challenges. Balancing nearly a decade of voluntary work with her formal role, family commitments, and the challenges of promoting diversity has demanded a heroic effort. Her husband and 7-year-old daughter, often present at She Sharp events, underscore the family’s collective dedication to the cause. While Dr. McCauley is not directly involved in the security industry, her leadership in AI and security research is commendable. Numerous research papers published in esteemed journals and conferences attest to her expertise. She has mentored and supervised countless students, contributing significantly to their success.

138

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

advanced

behavioural

cyber threat detection Spark DDoS is now backed by Radware, a global leader with more than 12,500 customers. Learn more

Cybersecurity Champion WINNER

Denise Carter-Bennett Datacom New Zealand

Denise's journey from Cybersecurity Analyst to Engineer at Datacom showcases her professional excellence and advocacy. With over 20 years of ethical hacking experience, she has made significant contributions to security practices. Denise's commitment extends to supporting women and gender minorities in security through NZNWS. Her personal journey as a neurodivergent individual serves as an inspiration to others. Denise's public speaking, community engagement, and thought leadership further highlight her role as a cybersecurity advocate. Her contributions are commendable and deserving of this award.

HIGHLY COMMENDED

Katja Feldtmann Cybershore

140

W O M E N I N S E C U R I T Y M A G A Z I N E

Katja's remarkable journey from hospitality to cybersecurity, highlighted by founding her firm 'Cybershore,' demonstrates excellence and innovation. Her dedication to community involvement and mentoring future cybersecurity experts is commendable. Despite challenges as an immigrant, Katja advocates for diversity and equal opportunities in the field. Her academic achievements, industry certifications, and recommendations from peers reflect her expertise. Katja's collaborative approach shifts perceptions of IT security and encourages compliance, inspiring others to pursue careers in cybersecurity and contributing to a more robust cybersecurity landscape in New Zealand.

J A N U A RY • F E B R U A RY 2024

SPECIAL RECOGNITION

Robyn Frye Workday

Robyn is a dedicated leader in diversity and inclusion, driving initiatives such as promoting women and allies and leading the New Zealand chapter for Women at Workday EEC. With a team that's around 40% female, she is actively fostering diversity and skill development through role rotation programs. Robyn's innovative thinking, exemplified by the midlevel career rotation program, sets her apart as a leader, demonstrating a commitment to challenging norms and creating positive change.

FINALISTS

NOMINEES

Cherry Liwag

Hana Bouafif

Mikala Easte

Spark NZ

Akarsha Palle

Monisha George

Antoinette Murray

Nerina Donnelly

Anusha Chappidi

Robyn Frye

Cherry Liwag

Sarah Burgess

Denise Carter-Bennett

Sarah Williams

Cybershore

Eponine Pauchard

Swati Singh

Robyn Frye

Georgia Strongman

Tahira Begum

Workday

Jen Fabian

Teodora Bear

Sarah Burgess

Jenna Whitman

Tina Bautista

Kat Lennox-Steele

Vanita Parbu

Katja Feldtmann

Yolanda Wilke

Denise Carter-Bennett Datacom New Zealand

Jenna Whitman Callaghan Innovation

Katja Feldtmann

Xero

Sarah Williams Cybercure

Tahira Begum Fidelity Life Insurance

I S S U E 18

WOMEN IN SECURITY MAGAZINE

141

CHAMPIONING CYBERSECURITY: DENISE CARTERBENNETT'S IMPACTFUL JOURNEY In a triumphant recognition, Denise Carter-Bennett secured the prestigious Cybersecurity Champion award at the 2023 New Zealand Women in Security Awards. Her journey, marked by technical excellence, diversity advocacy, and community engagement, paints a vibrant picture of a cybersecurity professional whose influence transcends the boundaries of her role.

A CYBERSECURITY TRAILBLAZER Denise, a Cybersecurity Engineer based in Auckland, New Zealand, brings a wealth of expertise and passion to her role. Joining Datacom in 2021 as a Cybersecurity Analyst, her outstanding performance swiftly propelled her into the position of a Cybersecurity Engineer in 2022. In this role, she not only oversees project work but also lends her expertise to shaping robust security architectures. With over two decades of experience as an ethical hacker, specialising in open source intelligence and malware analysis, Denise’s journey is a testament to

(NZNWS), Denise plays a pivotal role in supporting

her commitment to fortifying cybersecurity practices.

and advocating for individuals interested in various security domains. Her commitment to uplifting

142

EMPOWERING WOMEN AND MINORITIES

women and gender minorities is evident in her active

Denise’s impact goes beyond her professional

involvement in NZNWS, where she champions

achievements. As a Trustee and Chapter Lead for

diversity in cybersecurity, defense security, physical

the New Zealand Network for Women in Security

security, and information security.

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

UNREALIZED POTENTIAL AND UNIQUE CONTRIBUTIONS Denise’s journey, marked by diagnoses of autism and ADHD, is a testament to her resilience and determination. Embracing her neurodivergent qualities, she found her calling in the exhilarating realm of ethical hacking. Late-night adventures uncovering vulnerabilities and collaborating with affected parties exemplify her dedication to enhancing cybersecurity practices. Denise’s story inspires aspiring professionals, especially those who identify as neurodivergent, showcasing the transformative power of embracing one’s unique qualities.

EXCELLENCE IN PUBLIC SPEAKING AND THOUGHT LEADERSHIP

Achievement Award, Denise’s achievements underscore her significant contributions.

Denise’s influence extends to the public sphere, where she has emerged as a keynote speaker at

OVERCOMING CHALLENGES

various prominent events. Notable achievements

Denise’s journey as a neurodivergent, Maori wahine,

include being the Closing Keynote Speaker at the

and a single mother has been marked by substantial

NZ Cyber Security & Risk Summit, the Indigenous

challenges. Yet, her resilience and commitment

Advocate of the Year at DEFSEC, and a speaker

have propelled her to senior engineer status in a

at KawaiiCon. Her upcoming engagements at

cybersecurity team. Her achievements are not only

the Phishing Symposium and the 19th Annual

reflected in certifications but also in the positive

International Conference for Women Scientists

feedback from her employer, customers, and the

and Engineers affirm her influential presence in

broader NZ security community.

the industry.

DESERVING RECOGNITION COMMUNITY ENGAGEMENT AND VOLUNTEERING

Denise’s journey, from overcoming personal

Denise’s commitment to community growth is

demonstrates the quality, scale, and difficulty of

evident in her role as a Chapter Lead and Trustee for

her achievements. Her commitment to excellence,

NZNWS. Beyond organisational roles, her voluntary

innovation, and community engagement positions

contributions extend to initiatives like Ko Māui

her as a deserving recipient of the Cybersecurity

Hangarau, where she contributed to educating over

Champion award.

challenges to becoming a cybersecurity trailblazer,

100 children. Her involvement in moderating and participating in various events as the NZNWS Lead

Denise Carter-Bennett’s story is one of inspiration,

showcases her dedication to fostering knowledge

advocacy, and transformative impact. Her journey

sharing and community growth.

speaks to the potential within diversity, and her contributions to the cybersecurity industry make

AWARDS AND RECOGNITIONS

her an exceptional and deserving recipient of the

Denise’s impact has garnered recognition from

Cybersecurity Champion award.

various quarters. From being a DEFSEC Women In Security Award Winner to receiving scholarships and nominations for awards like the Harakeke

I S S U E 18

www.linkedin.com/in/denisecarterbennett

WOMEN IN SECURITY MAGAZINE

143

ROBYN FRYE: SPECIAL RECOGNITION FOR CYBER SECURITY CHAMPION Special recognition for Cyber Security Champion in the 2023 New Zealand Women in Security Awards went to Robyn Frye, VP, cybersecurity governance, risk and compliance in the Auckland office of Workday, a global company headquartered in the US, that develops and provides cloud-based human resources and financial management systems for large businesses. She has been in the role since 2019 after moving from the company’s head office in her native California a couple of years earlier. Robyn has been recognised as Cyber Security Champion for her efforts and standout achievements in building a diverse team and helping Workday employees of all genders and backgrounds to grow their careers. Robyn is a leader people want to work with and for. She faces challenges head on and fosters and encourages open, transparent conversations. She is passionate about coaching people who are in the early stages of their careers and/or wanting to transfer into cybersecurity.

A GENDER DIVERSE SECURITY TEAM Her own team is testimony to her achievements: it is the most gender diverse security team in Workday, globally, being 40 percent female and with 50 percent of leadership positions held by women.

144

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

RECRUITING FROM DIVERSITY As a hiring manager she is dedicated to using programs that allow for talent to enter cybersecurity and technology roles through non-traditional recruiting paths, such as a veterans’ program, people returning to the workforce after a few years absence, and individuals who have gone through trade programs. She says some of her best hiring decisions have come from focusing on the possibilities of people rather than their written qualifications. She describes herself as a ‘servant leader’: “known for inspiring teams to reach beyond their known Robyn likes to challenge norms and think ‘outside

capabilities to deliver security innovations and

the box’ when it comes to solving challenges.

continue to mature and who invests in individuals to

An example of this is her formation of a program

propel their career and life’s work in meaningful and

to rotate individuals in mid-level career roles.

personal ways.”

Other specific initiatives she has undertaken at Workday include: www.linkedin.com/in/robynfrye

• co-sponsoring an internal Workday group for cybersecurity women, known as SHEild; • being an executive sponsor of the New Zealand chapter for Women @ Workday Employee Belonging Council, and a panelist for Workday’s International Women’s Day events; • being site leader for Workday’s Auckland office which is home to 200 employees and approximately 20 security employees; • helping to design and develop a rotation program to support skill development and career mobility. This program transitions Workday employees (Workmates) fully out of their current role and fully immerses them in another role for three to six months to cultivate new skills, transfer knowledge and build bridges across silos. Half of the participants are female, and the program helped one woman shift from a SOC analyst role to become public sector compliance lead. Robyn believes diversity is critical in cybersecurity. She believes differences of experience, background and ways of thinking helps foster diverse perspectives, which drive the best outcomes and solutions.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

145

Best Security Mentor WINNER

Michelle Crowe Michelle's dedication to empowering others to build confidence and develop their abilities is driven by a belief in the significance of lifelong learning and gratitude for those who have inspired her. Her selfless imparting of a wealth of knowledge in the security field, particularly as an intimate mentor focusing on individual needs and career development, positions her as an inspiring and empowering mentor, especially for women in the industry. Michelle's commitment to nurturing future generations is truly deserving of recognition.

SPECIAL RECOGNITION

Hilary Walton Hilary's exceptional commitment to mentoring has left a lasting impact on the professional development of many individuals. Going beyond traditional career guidance, she emphasises personal brand building and holistic skill development. Hilary's approachability, industry expertise, and dedication to mentoring, even amidst her busy schedule, are commendable. Her mentorship has empowered mentees, particularly women, fostering gender equality in the field.

FINALISTS

Hilary Walton Microsoft

Lana Tosic Relevant Security Consultant

Michelle Crowe Xero

Tamara Al-Salim New Zealand Defence Force

NOMINEES

Lana Tosic

Michelle Crowe

Anna Thomson

Monica Makau

Dean Navarro

Paul Platen

Hilary Walton

Tamara Al-Salim

Jaco Du Toit

Vanessa Piper

Jan Thronborough

Wendy Bennett

Laura Smith

Vanessa Piper CyberCX

146

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

MICHELLE: GUIDING LIGHTS IN CYBERSECURITY - BEST SECURITY MENTOR AT THE 2023 NZ WOMEN IN SECURITY AWARDS In the realm of cybersecurity, Michelle stands out as a beacon of guidance and mentorship, earning her the esteemed title of Best Security Mentor at the 2023 New Zealand Women in Security Awards. Currently serving as Team Lead at Xero, and having previously held the position of Director of Tech Ops at InPhySec Security, Michelle’s formal role places her in a privileged position where she actively mentors and encourages young individuals in the security industry, with a particular focus on empowering young women. With a career spanning over 13 years, Michelle’s role involves both people and operational leadership activities. Her journey began in the UK Civil Service, where, for over a decade, she coached and mentored younger women, specifically those navigating the complexities of public sector security. Transitioning to New Zealand, Michelle’s leadership roles have provided her with a platform to extend her mentorship to a diverse range of individuals.

I S S U E 18

WOMEN IN SECURITY MAGAZINE

147

Michelle’s mentoring journey, evolving over the past 7-8 years, is characterised by a deep understanding of the security industry and a focus on the unique needs and careers of her mentees. Despite her relatively short time in New Zealand, Michelle has worked with individuals between the ages of 20 and 30, many of whom struggled to find their footing in the security industry. Her mentorship approach is both formal and informal, involving career development discussions and personal developmentfocused interactions. One notable quality that sets Michelle apart is her personalised approach to mentoring. She tailors her guidance to the individual needs of her mentees,

In recent years, Michelle has shifted her focus to

helping them navigate the complexities of the

mentoring students and graduates entering the

cybersecurity landscape. Her impact is evident in the

security industry. Her dedication to helping young

success stories of those she has mentored.

women find their voice and confidence in the often competitive industry demonstrates her commitment

One such success story is Hazel Schapel, a young

to fostering diversity and inclusion.

woman in tech, who emphasises the incredible help she received from Michelle’s mentorship. According

What sets Michelle apart is her ability to break down

to Hazel, Michelle’s guidance was instrumental in

concerns into manageable topics, making them

navigating the intricate path of the cybersecurity

easy to tackle without losing sight of the bigger

industry and understanding what it means to have a

picture. Her work ethic and composed demeanor

career in tech. Michelle’s reassurance and thoughtful

leave a lasting impression, showcasing her as a

advice during pivotal career decisions left a lasting

role model in the industry. Michelle’s values-driven

impact on Hazel, highlighting Michelle’s commitment

approach, emphasis on lifelong learning, and diverse

to nurturing talent.

background contribute to her ability to inspire and empower young individuals, particularly women, in

Michelle’s mentoring extends beyond career

the cybersecurity field.

development discussions; she has actively supported individuals facing specific challenges. One notable

For Michelle, mentorship is not just a role but

example is a young woman with dyspraxia who,

a passion rooted in the belief that continuous

despite being overlooked for promotion multiple

development leads to a fulfilling life. She sees

times, achieved a promotion within 12 months of

mentorship as a way to enable and encourage

Michelle’s mentorship. Michelle’s guidance helped

others to embark on their own learning journeys.

her develop self-awareness, identify opportunities

Grateful for the inspiration and investment in her

for growth, and build confidence in her interactions

own development, Michelle feels a deep sense of

with colleagues.

responsibility to pay it forward. Her motivation lies in witnessing the confidence and abilities of those she

Another mentee struggling with self-confidence found

mentors blossom, propelling her to contribute even

a mentor in Michelle. Through their collaboration,

more to the world of cybersecurity mentorship.

the mentee not only developed confidence but also applied for and secured a role above her current grade, involving people management responsibilities.

148

W O M E N I N S E C U R I T Y M A G A Z I N E

www.linkedin.com/in/michelle-crowe-nz

J A N U A RY • F E B R U A RY 2024

Source2Create Spotlight

Podcasts

We can GENERATE LEADS from your PODCAST

We can SCRIPT & CREATE your PODCAST

We can ADVERTISE & SOCIALISE your PODCAST

5 SERIE S PODCA ST AUD$10 ,000 Ex GST

REACH OUT TODAY

charlie@source2create.com.au

aby@source2create.com.au

Best Industry Initiative that supports Diversity, Inclusion, and Equality WINNER

OMGTech We exemplify the Pam Fergusson Charitable Trust's unwavering commitment to empowering communities and nurturing young minds with vital technological skills. Your unique bond with the tech industry enables you to forge seamless pathways between education and technology, paving the way for Aotearoa's youth to become future innovators and leaders.

HIGHLY COMMENDED

ISACA Auckland Chapter We commend ISACA Auckland for your exceptional contributions through the She Leads Tech initiative. This program has empowered women in cybersecurity and ignited global conversations on gender diversity in tech leadership. Your unwavering commitment to inclusivity and mentorship leaves a lasting impact, exemplifying the positive influence of volunteerism and mentorship, inspiring us to strive for a more inclusive future.

FINALISTS

NOMINEES

OMGTech

Women+ in Cyber

SheLeadsTech

Pam Fergusson Trust

Deloitte

#10KWomen initiative

SheLeadsTech

#10KWomen initiative

ISACA Auckland

Microsoft

Women+ in Cyber OMGTech AWS CloudUp

150

W O M E N I N S E C U R I T Y M A G A Z I N E

J A N U A RY • F E B R U A RY 2024

EMPOWERING THE FUTURE: OMGTECH! RECEIVES BEST INDUSTRY INITIATIVE AWARD AT THE 2023 NEW ZEALAND WOMEN IN SECURITY AWARDS In a triumph for education and inclusivity, OMGTech! secured the Best Industry Initiative for Young Individuals in IT Security at the 2023 New Zealand Women in Security Awards. This recognition is not just an accolade; it’s a testament to the impactful work of The Pam Fergusson Charitable Trust, the driving force behind OMGTech!

FOUNDING VISIONARIES Established in 2014, The Pam Fergusson Charitable Trust carries a legacy of empowerment through technology. Founded by Vaughan Fergusson

ADAPTING TO CHALLENGES

and Zoe Timbrell, with support from Vaughan’s

With the onset of COVID restrictions, public-facing

brothers Shawn and Jonathan Fergusson, the trust

events took a back seat for the Pam Fergusson

pays homage to their mother, Pam. A paraplegic

Charitable Trust. However, the Trust continued

unemployed solo mum, Pam connected her sons

its impactful work through specific programs,

with technology in the ‘80s, changing their lives. The

such as the Indigenous Game Design programme

Trust’s vision is clear—to teach communities, kaiako

delivered in-schools and underserved communities,

(teachers) and tamariki (children) how to harness

professional learning and development courses for

technology, transforming them into the innovators

teachers, enviro-tech school camps and industry-

and leaders of tomorrow.