Women In Security Magazine Issue 19

FROM THE PUBLISHER

The question “Who should be in security?” has never been more pertinent.

The security framework is shifting as the industry recognises the need for diversity in perspectives, experiences and skillsets. In this edition of Women in Security Magazine we explore the importance of inclusivity and the varied personality profiles that should be welcomed into the security domain.

It is essential to challenge preconceived notions surrounding gender roles in security. The industry is no longer exclusive to a particular gender; instead, it thrives on the collaboration of people with diverse talents. Women are increasingly contributing to every facet of security, from cybersecurity to physical security, bringing unique problem-solving approaches and critical thinking to the table.

I see security as a global concern that requires a nuanced understanding of diverse cultures and backgrounds. Including individuals from different ethnicities not only enhances the cultural competence of security professionals but also fosters a global perspective that is crucial to tackling international security challenges. Embracing diversity enables the industry to adapt and respond effectively to the everchanging threat landscape.

Today, professionals from varied disciplines, including technology, psychology and data analysis, play crucial roles in ensuring comprehensive security strategies. Collaborative efforts that draw on the strengths of professionals from diverse backgrounds are essential to staying ahead of sophisticated threats.

Professionals with expertise in technology, artificial intelligence and data analytics are indispensable in developing robust defences against cyber threats. The security sector must actively seek individuals with advanced technical skills to secure critical infrastructures and sensitive data.

I addressed this matter last year at the Australian Women in Security Awards Alumni events, and it remains at the forefront of my thoughts. The future of security relies on the fresh perspectives and innovative ideas of the younger generation. Embracing and nurturing young talent not only ensures a continuous influx of new ideas but also keeps security strategies adaptive to the latest technological advancements. Mentorship programs and educational initiatives are vital in preparing the next generation of security professionals.

Leadership within the security industry should reflect the diversity of the workforce. Creating a leadership culture that values and promotes inclusivity is crucial for fostering an environment where everyone feels heard, respected and empowered. Diverse leadership produces diverse solutions, ensuring a well-rounded approach to security challenges.

As we navigate the complex and interconnected challenges of the 21st century, the question of “Who should be in security?” transforms into a call for inclusivity, diversity and collaboration. Embracing individuals from different backgrounds, experiences and disciplines is not just a moral imperative; it is a strategic necessity in the quest for comprehensive security solutions on a global scale. By redefining the security workforce we pave the way for a safer and more resilient future.

PUBLISHER, and CEO of Source2Create

www.linkedin.com/in/abigail-swabey-95145312

aby@source2create.com.au

OFFICIAL PARTNER

SUPPORTING ASSOCIATIONS

CYBER SECURITY BEST SELLING AUSTRALIA’S BOOK

the book itself. She is a 9 year old avid internet user, and I do worry about what she gets up to and the choices she makes. We limit her access and have cyber security overlays on her devices - but we are not too clued up on cyber security so it was always a worry. This book has been great to get conversation flowing that I didnt really know how to start up, and it has definitely taught her some worthwhile lessons on things to look out for and "shadowy corners" of the internet to be cautious of! I recommend this book.

NATHAN CHUNG

NEURODIVERSITY IN CYBERSECURITY

Neurodiversity and cybersecurity are a match made in heaven. Many people with neurodivergent traits have natural skills that enable them to excel working in cybersecurity. Despite this, neurodivergent people face multiple barriers to working in cybersecurity and they often do not get the support they need with many being invisible, especially women.

NEURODIVERSITY

Neurodiversity refers to natural variations in the human brain and covers a multitude of conditions such as autism, ADHD (attention deficit hyperactivity disorder), dyslexia, dyspraxia, Tourette’s Syndrome, dyscalculia, and more. According to the US National Library of Medicine, it is estimated that 15-20 percent of the world’s population have neurodiverse conditions. STEM fields such as cybersecurity are popular with neurodiverse people: an estimated 15 percent of the STEM population are believed to be neurodiverse.

In cybersecurity, neurodivergent people can offer a competitive advantage. Many are naturally gifted with high creativity, intense hyperfocus, strong attention to detail, outside-the-box thinking, the ability to recognise patterns, strong visual-spatial skills, and more. These skills are very much needed in cybersecurity, but despite this, neurodivergent people working in cybersecurity need help to thrive.

INVISIBLE WOMEN

According to ISC2, women represent 30 percent of the global cybersecurity workforce, up from 17 percent in 2017. Despite this improvement, the key

demographic of neurodivergent women is often ignored and forgotten.

First, consider the stereotypes. The stereotypical cybersecurity professional is often a man. Similarly, the stereotype of a neurodivergent person is also a man. Social bias and popular culture also reinforce these stereotypes. Popular media images of neurodivergent people are Dustin Hoffman’s character in the movie Rain Man, Keir Gilchrist’s character in the TV series Atypical and Elon Musk.

Second, scientific studies and medical research reinforce the prevalence of these gender biased stereotypes. A research study by the American Journal of Human Genetics found males to be at greater risk of suffering neurodevelopmental disorders than females and, as a result, males being correctly diagnosed significantly more often females. This gender bias is so pervasive that, when neurodivergent women visit a doctor, they are often dismissed, their conditions misdiagnosed, and they are left to deal with the issues and the pain alone.

Third, if a neurodivergent woman does get a job, she often struggles to fit in. Imagine being an alien on Earth and not understanding people, social conventions, how to communicate based on cultural

norms, or how things are done. To compensate, neurodivergent women are forced to adapt to their environment, putting their mental health at risk. This is called masking.

Masking for a neurodivergent person is similar to running a virtual server operating system with a heavy I/O load on an old laptop with less than a gig of RAM. That server is going to eventually crash with a Blue Screen of Death. When a neurodivergent person masks they increase their risk of anxiety, depression or mental exhaustion. What can be done?

THE INTERVIEW

The first obstacle for neurodivergent people working in cybersecurity is the interview. Interviews are a very social activity, and many companies will often have multiple interview rounds, often with interview panels with multiple people, and often in a single day; a nightmare for many candidates. What a lot of job seekers do not realise is that they can request accommodations such as remote interviews over Zoom or Teams, for interviews to be spread over

“Masking for a neurodivergent person is similar to running a virtual server operating system with a heavy I/O load on an old laptop with less than a gig of RAM. That server is going to eventually crash with a Blue Screen of Death. When a neurodivergent person masks they increase their risk of anxiety, depression or mental exhaustion."

- Nathan Chung

multiple days, for interview questions to be provided ahead of time, for closed captions, for additional time to answer questions, and more.

THE OFFICE

The second obstacle for neurodivergent people working in cybersecurity is the office. Offices are often loud, chaotic, full of people and full of distractions that can create overwhelming sensory overload for neurodivergent people. COVID-19 changed everything. People stopped coming into the office and started working remotely. The big bonus: people with neurodiverse conditions, in particular women, thrived working remotely. Now in 2024, remote work is being eliminated, with many companies wanting workers back in the office.

A 2023 poll asked neurodivergent people: “If your employer encourages you to return to the office, do you plan to do so?” Eighty five percent responded “No”. Return to office mandates risk destroying all the gains made by neurodivergent people, especially women. The best option is to allow people to choose their workplace.

CONFERENCES

The third obstacle for neurodivergent people working in cybersecurity is conferences. To advance in cybersecurity, people often attend conferences for training and to network with other people. Problem: conferences are often not accessible for people with disabilities, much less for people who are neurodivergent.

A poll conducted in 2023 asked: “How would you rate the capacity of big conferences to provide accommodation for your disabilities?” Fifty eight percent responded: “They don’t provide anything.” Almost all the people who selected this response were women. To help, conference organisers should have quiet rooms for people to recover from sensory overload, provide captions, provide better signs and maps for navigating the event, have remote participation options, and more. These facilities would go a long way to make conferences more accessible for everyone.

CONCLUSION

Many neurodivergent people will find success working in cybersecurity. The barriers are many, especially for neurodivergent women who have been invisible and ignored for years, but the barriers can be brought down. Ultimately, to help more women, especially neurodivergent women, get into cybersecurity, we need to listen to them, support them and work with them to see them thrive. Then we will see how far they can go. www.linkedin.com/in/nc808

AMANDA-JANE TURNER

Cybercrime is big business, thanks to technical advancement and interconnectivity creating more opportunities. This regular column will explore various aspects of cybercrime in an easy-to-understand manner to help everyone become more cyber safe.

COLUMN

Who should fight cybercrime?

Cybercrime is diverse. It includes malware, cyberenabled fraud, cyber espionage, disruption, child exploitation material, romance fraud, tech support scams, spreading hate online and cyber bullying.

Criminals behind cybercrime are also diverse. They may be nation state-sponsored attackers acting on behalf of or for their country; activists wanting to make a statement; individuals or criminal enterprises committing fraud; individuals, groups or criminal enterprises creating and sharing or selling child exploitation material, or criminals running large call centres involved in tech support scams.

It follows that we need a diverse workforce in cybersecurity fighting all these diverse cybercrimes and cybercriminals.

We need to look beyond people with degrees in computer science, start thinking about criminologists, and see their to ability to analyse crime and criminals as an asset in fighting cybercrime. We need to think

about fraud investigators and those who have worked in or studied policing, and see their investigation skills as an asset in cybersecurity.

Aside from those working in cybersecurity, anyone who uses technology can help fight cybercrime. They can make it harder for criminals to successfully phish for credentials, to trick people in romance fraud, or place malware on computers, all of which make it harder for criminals to be successful. Let’s help raise awareness in our families, workplaces, schools and communities of how we can all be part of the cybersecurity solution.

Who should fight cybercrime? Anyone who uses technology.

www.linkedin.com/in/amandajane1

www.demystifycyber.com.au

WHAT’S HER JOURNEY?

Dr Fauzia Idrees Abro

Associate Professor, Director DL MSc in Cyber Security and Campus MSc in Information Security at Royal Holloway, University of London

Dr Fauzia Idrees Abro is an associate professor, director DL MSc in cyber security and campus MSc in information security at Royal Holloway, University of London.

She has come a long way from where her life journey began. She was born in a remote area of Pakistan where education for girls was not the norm. Abro was one of the lucky ones: she gained a school education and aspired to become a doctor, recognising the unmet healthcare needs of women in rural areas.

However, instead she acceded to her parents’ wishes for her to study engineering and enrolled for a degree in electronic engineering. She excelled, gaining a gold medal from the Institution of Electrical & Electronics Engineers Pakistan for her final year project on the security of cellular mobile systems.

“This project sparked my interest in security, a passion that deepened during my subsequent experience in the military,” she says. “Working on networks and security in a real-world setting intensified my fascination with the subject.”

This interest led Abro to study for a master’s degree in cryptology and information security at Pakistan’s National University of Sciences and Technology, which she gained with distinction.

A PIVOTAL CAREER MOMENT

This was a decade after gaining her bachelor’s degree and working in the military and was, she says, a pivotal event. “This breakthrough marked a significant turning point in my career, allowing me to merge my technical foundation with specialised knowledge in information security. This educational milestone opened doors for me to actively contribute to the cybersecurity domain.”

In her role at Royal Holloway Abro oversees two postgraduate programs in information and cybersecurity. “One program is campus-based while the other is designed for distance learning, catering specifically to a global audience constrained by full-time employment and geographical limitations that prevent them from participating in on-campus programs,” she says.

“This dynamic allows me to contribute to the field of cybersecurity advocacy to a wider audience. One aspect of my role I find particularly enjoyable is the opportunity to engage in cybersecurity education on a global scale. Facilitating learning experiences for students from diverse backgrounds worldwide, all under the guidance of esteemed professors from Royal Holloway, fuels my passion for cybersecurity advocacy.

“Having assumed this position in July 2022, I am relatively new to the role, yet I am thoroughly enjoying the multitude of opportunities it presents to extend quality cybersecurity education to both privileged and underprivileged communities through a single platform.”

Abro says her major challenge is the rapidly evolving cyber threat landscape. “The need for continuous updates to our educational offerings to keep pace can be demanding. However, our strong industry partnerships and collaborative efforts with experts in the field help bridge this gap. The willingness of industry professionals to share the latest insights with our students greatly contributes to our ability to stay ahead of the curve.

“A typical day for me is a well-balanced blend of technical and non-technical cybersecurity management within an educational framework, coupled with ample research opportunities. Engaging in meetings with industry experts, academic partners and students forms a substantial part of my routine. While some days may be challenging to navigate, the rewards lie in the constant learning environment that nurtures my passion for the field. Overall, my role allows me to contribute to cybersecurity education on a global scale while staying attuned to the everevolving landscape of cyber threats.”

PHD AND MASTER’S

Between gaining her MSc and taking on her current role at Royal Holloway, in 2022, Abro gained more qualifications. She holds a PhD in Information Security Engineering from City, University of London, in information security engineering. This, she says, “involved in-depth research on the analysis and detection of malicious software.”

Since her PhD she has gained an MBA in innovation and entrepreneurship from the University of Kent, UK. “This program not only honed my management and leadership skills but also provided me with a holistic perspective that has proven invaluable in my leadership roles,” she says.

“The diverse knowledge acquired through these qualifications and courses has played a pivotal role in effectively leading teams and navigating the challenges of different organisational roles.”

Abro says her learning has been particularly useful for her current role. “Balancing the intricate technicalities of security with effective leadership is paramount to ensuring the success of security programs and initiatives. The ability to communicate complex security concepts to diverse audiences, both technical and non-technical, has also been instrumental in my success.”

Abro is now looking to undertake further study to develop her financial education skills, saying this aligns with her aspirations in cybersecurity

consultancy where understanding the intricacies of the financial market is critical.

“Given that financial institutions are often attractive targets for cyber criminals, enhancing my financial knowledge will enable me to offer more comprehensive and effective cybersecurity solutions in this specific domain.”

NO REGRETS

And Abro has no regrets about any aspects of her career in cybersecurity, saying she has never questioned any of the choices she made. “My journey has been marked by a continuous sense of fulfilment and passion for the work I do. If anything, my predominant sentiment has been a realisation of the vastness of this domain and the perpetual need to learn and adapt.

“The highs in my career have been moments of achievement, such as successfully implementing robust security measures, contributing to cuttingedge research and witnessing the positive impact of my work on organisations. These moments reinforce my commitment to the field and provide a sense of accomplishment.”

She acknowledges there have been challenges and setbacks but says these have served as valuable learning experiences that “have not deterred my dedication to security but rather fuelled a determination to overcome obstacles and enhance my skills. The dynamic and ever-evolving nature of the security landscape ensures there is always more to learn and discover.

“Far from feeling I’ve invested too much time in this field, I consistently recognise the need to invest more, given the rapid advancements and persistent threats. The journey in security, with its highs and lows, has only strengthened my conviction that this is precisely where I belong and where I can make a meaningful impact.”

www.linkedin.com/in/fiabro

Kenia Carvalho is VP, Regional Information Security Lead for BNY Mellon and is based in São Paulo, Brazil. “An institution that is America´s oldest bank and the first company listed on the New York Stock Exchange, today BNY Mellon powers capital around the world though comprehensive solutions that help clients manage and service their financial assets throughout the investment life cycle, she says. She joined the company in 2022.

And if you look at her LinkedIn profile you will see ‘information security’ in the job title of every role she has held since 2006. Hers is a career path forged from a seed planted back in 2000 when she was researching the philosophy of ethics and data.

“The term ‘information security’ was not used in Brazil at the time, and the area didn’t exist as we know it,” she says. “I was shocked by the way data and information were treated in Brazil. So, I thought to myself, ‘Wow, is there an area that takes care of this topic? It’s an important topic, how can we protect people’s data?’ A little seed was planted on that day. Then, it wasn’t until I was in my third job that I had contact with InfoSec and did everything to get into the area. I started from scratch.”

From that point on, Carvalho says she worked diligently to build her career in information security. “I worked and studied hard to be prepared to work within the information security area, and I am still focused on studying and looking for the best way to contribute more and more with my colleagues, employer, and community. “For most of the journey, I didn’t have any direct mentors. Everything I learned to ease my way was through books and daily corporate experiences.”

Carvalho gained a degree in computer science technologies in 2003. She was working at the time and after graduating she quit her job and used all her savings to spend a few months in Italy.”

BREAKING INTO INFOSEC

Her first job on returning to Brazil was in IT, working for a company providing support and administration of networks and IT projects for a large American bank, Citi. It was there that her passion for information security grew and she made the transition. “I mentioned to my IT coordinator that I was interested in working with infosec and a few months later I received a job proposal from the bank I was providing services to, and within the information security area.”

That was the start of Carvalho’s information security career, and she was fortunate to get off to a good start. “This area was being restructured. The company was merging the business security area with the technology security area, so I was with a team of experienced professionals faced with all the security programs that were starting to take shape in Brazil, replicating the HQ in the US,” she says.

“I had a great learning opportunity, because over the years job rotation within infosec allowed me to get a very wide view of the area. During this part of my professional journey, I managed to improve my academic profile. I took a lot of internal and external technical courses, an information security postgraduate specialization and got two professional certifications in the risk-security field.”

A CAREER BOOST

Carvalho stayed 10 years with Citi and left after receiving an offer from another US company, Goldman Sachs to take up a regional role. It delivered a major boost to her career. “It was different from anything I had experienced until then; it was something big and with extremely qualified people, and over the five years I was there, there was not a day in which I did not learn something, whether it was observing people, or from hands-on tasks. It was an incredible experience that brought me qualifications and learnings I never imagined reaching or experiencing.”

Then, in the midst of the COVID-19 pandemic, Carvalho made a major career shift: from a multinational bank to a medium sized Brazilian Fintech company, Iugu. It operates a payments platform with APIs that enable businesses to integrate and manage online payment transactions.

The experience proved transformative. “It was a company full of energy and young people, and with a different risk appetite from what I was used to,” Carvalho says. “It was a great challenge for me. I realised how rigid I was, and my creativity came to the surface. I started to have a more humanised outlook, because I was facing a younger generation with new ideas and new ways of doing business.”

I worked and studied hard to be prepared to work within the information security area, and I am still focused on studying and looking for the best way to contribute more and more with my colleagues, employer, and community. For most of the journey, I didn’t have any direct mentors. Everything I learned to ease my way was through books and daily corporate experience.

“In this company I had the great chance to also play the role of data protection officer. I was able to put into practice everything I had learnt in previous years of study on privacy and data protection, in addition to restructuring the entire infosec area. I went back to the roots of information security by getting my hands dirty. It was very surprising to me that I was able to reinvent myself in such a profound way.”

A RETURN TO BANKING

After two years with Iugu, Carvalho returned to big banking, taking her current role with BNY Mellon, but with a fresh outlook. “I was more open, more playful, looking for new ways to implement different programs. It didn’t take long for me to realize there were lot of opportunities in this company,” she says.

“It is a Vice President position whose mission is to contribute to the implementation of information security strategies for the business area. I am the go-to person for the entire LATAM region when it comes to information security and cybersecurity matters within the areas of business, internal staff, clients, and regulators. Part of my role is to contribute to the development and supporting of an information security aware culture and mindset

among employees, contractors and service providers, reducing the likelihood of reputational damage, and of any regulatory issues arising from non-compliance with the bank’s information security management policies and standards, including local procedures. Given the nature of my work, I need to be constantly connected with other business units: operations, technology, legal, risk and compliance. In that sense, I collaborate with other stakeholders to develop and implement consensual decisions.”

“One of the main things I love about my job is the dynamic environment and the autonomy I have to go ahead with my initiatives. Some of my challenges include presenting cybersecurity as an important value that allows business products and services to operate efficiently, and helping our clients navigate the complex and dynamic financial world. In my position, there is no typical day. I usually organise my tasks in small projects and blocks that allow me to adjust my schedule. I need to be ready to change gears based on the needs of internal clients and business partners. If I had to describe my daily routine, however, I would certainly include the local and global meetings, review and analysis procedures and processes, cybersecurity educational initiatives, technology learning and problem-solving.”

IS SEXISM A GAME?

Like many women who have risen to high level roles, Carvalho experienced her share of sexism and misogyny, but her way of dealing with it was perhaps atypical: “At the beginning of my career there was less diversity in the workplace and, I thought was normal, so just ignored it because I had a goal in mind. I wanted to be successful. So, I didn’t allow anything

or anyone to stand in my way.” “Those were different times, and we had a lot of progress in this space and many things changed during these years and today I can see a different environment, that this behavior is not allowed, people have more voice, and we work for a more inclusive environments in the firms. Nowadays I have been participating of Cyber and Tech groups for promoting a healthy and democratic corporate environment for women.”

After almost 20 years in information security roles, Carvalho has certainly been successful, but says: “Information security is not an easy area. You have fascinating and rapidly evolving adversaries, and you are forced, as a result, to be constantly learning and developing.” Improvement, she says, is “a neverending exercise,” and for her one focus area for improvement is neuroscience.

“Considering that companies have been focusing more and more on human beings as the most important asset they have, I think it is important to understand how our brains work in the context of so many generations and technologies. I am going back to the basics—the scientific data, the biology— to understand behaviours and connect with people and ideas.

“From a technical point of view, the main topics I am interested in are AI and governance frameworks for data and information protection. I have been studying cognitive science and AI. I am interested in topics regarding the ethical use of technology and the cognitive science in human learning.”

www.linkedin.com/in/kenia-carvalho-crisc-cdpo-6a227610

Roma Singh was born into a conservative family in the City of Joy in West Bengal, India. where she attended an all-girl convent school. She wanted to be a doctor but failed to qualify for a position in the national entrance exams. Her parents were unwilling to allow her an extra year to prepare for the medical entrance exams so she accepted a place at the engineering college where she studied for bachelor’s and master’s degrees in technology, electronics and communications engineering. Her master’s thesis was on the implementation of cryptography in the C programming language.

It was during her university days that Singh developed a liking for cybersecurity when her friends talked about various hacking activities around the world. While studying for her master’s Singh landed her first job, as a part-time lecturer. She remembers it well.

“It was a Saturday afternoon. I walked home and surprised my parents with the first offer letter of my life,” she says. “It was an inspirational experience for me to teach brilliant bachelor’s students and interact and knowledge-share through group discussions, seminars and laboratory experiments or in the library.”

Singh moved to the UK and worked there for several years before migrating to Australia 10 years ago, where she struggled to find employment.

“It was hard for me to secure the first job, hence I started volunteering which helped me gain local experience and build a strong network,” she says. “Over the years, I continued to establish my career in information technology through various helpdesk support, networking support and desktop engineer roles.”

ROME WAS NOT BUILT IN A DAY!

During COVID lockdowns in Melbourne staff in her workplace were sent to work from home or from backup sites, which created many IT support challenges. “The office became a second home for me in those days. I resorted to online cybersecurity learning,” Singh says. “I would read on the train on the way home and would post interesting content like cybersecurity news and how to maintain good cyber hygiene in the Yammer community of the organisation I worked for.

“My managers kept praising me and my continuous improvement efforts. One of them told me: ‘You are punching way above your weight. You’re a role model for others.’ I have been a mentor to junior colleagues over the years and I knew it was time for me to take that risk and start being uncomfortable and embrace the unknown.

“I told myself ‘If not now, then never.’ Someone finally gave me a chance. I landed my first cybersecurity role. In my current position, I offer specialist cybersecurity advice to clients and help achieve outcomes. The IT and cybersecurity roles I enjoy most are those in which no two days are the same. Every day is a new day of learning, collaborating and facing challenges to achieve desirable outcomes.”

RECONNECT TO YOUR SOUL

Singh says: “the very first and crucial step towards a successful career is the realisation of your passion in life. What do you want to do, and why do you want to do it? The second step is setting out to achieve it. Are you willing to take risks, embrace discomfort, make sacrifices and learn new things to move ahead?

“A job title, a contract role, longer travel time to work or even a lower salary should never be a barrier between you and your dreams. If you want something, go get it. Also don’t forget to be kind to yourself. At the end of the day, you can only do so much.”

SMALL DROPS OF WATER BUILD AN OCEAN

She also stresses the value of continuous learning. “Life happens and I know we are all dealing with so much in our lives, but we surely can make some time for learning. The first 24 years of my life, I had no social life. I was shy and in my own world. I am sure we have all heard how important networking is. Going to cyber conferences, meetups and talks not only increases your knowledge but also exposes you to different technologies, tools, artefacts and, most important of all, people.

“Engaging in the community and volunteering my time has been a very rewarding experience for me. I started volunteering when I was at school. After school hours some of us would stay back and teach underprivileged kids who had no access to education. Today, I try to help wherever I can from local sports clubs or neighbourhood or not-for-profit organisations

“Joining organisations like AWSN, AISA, ISACA has helped me advance my learning and boost my professional network. I have taken courses

and gained certifications like ISC2 Certified in Cybersecurity. The Purple Team Australia Program, which offers a Diploma of Cybersecurity, was a massive learning opportunity for me.

“0xCC also run training conferences on various topics which include web app hacking fundamentals, introduction to C, reverse malware engineering, digital forensics, and others which helped me brush up my skills. The Tangible Uplift Program (TUP) was another great learning experience for me. It taught me how to think like a CISO. I also participated in the incident response competition run by Retrospect Labs, which was a great learning experience for me, collaborating with four other women for 10 days in an exercise to respond to a cyber breach and dealing with legal, regulatory, board and media obligations around that. Attending AISA Cybercon gave me the privilege to attend Locksport villages and Career villages which had an inclusive and informative atmosphere.

“Bsides Melbourne was another great conference at which to listen to inspirational stories. Code Review - HackerChix by InfoSect was another great course I undertook and highly recommend. Cybersecurity is a massive and evolving field. To keep pace we must develop a habit of continuous learning and knowledge sharing through our social networks. Take part in those incident response and capture the flag competitions and explore the world of endless possibilities.”

Singh says leadership is a way of life. “Every little seed of empathy you plant around you helps makes you a leader. The experiences you share in your community, motivating and uplifting others set great examples of captainship.

“And lastly, I have a habit of leaving the house in perfect condition. I heard someone once say, ‘Chores can wait’ and this changed my life. Everything else can wait, now is the time to pursue your dreams because ‘If not now, then never’.”

www.linkedin.com/in/romasingh19

Sheavy Kaur

Sheavy Kaur’s journey in cybersecurity unfolds as a captivating blend of serendipity, adaptability and continuous learning. Hailing from a small town in India with limited opportunities for girls in IT, her initial pursuit of programming was fuelled by a flourishing curiosity for technology. However, a transformative moment occurred after relocating to Australia where she immersed herself in networking and extended her expertise by teaching IT students, broadening her horizons and deepening her passion for the field.

Kaur had no clear, predefined vision of specific roles when she ventured into cybersecurity: her path unfolded organically. It was guided by a readiness to embrace new challenges, adapt to emerging trends and seize opportunities aligned with her evolving interests. From programming in India to networking and teaching in Australia, each experience enriched her perspective, cultivated diverse skills and paved the way for a rewarding career in cybersecurity.

Kaur is grateful for the diverse experiences and unexpected twists that shaped her path, particularly the experience of being a woman in cybersecurity. She views this as an opportunity to bring a different perspective to the table, firmly believing that diversity

in thought and experience is the cornerstone of innovation, especially in such a dynamic and complex field.

As a cybersecurity specialist today, Kaur’s interest has spread beyond the technical aspects. Her initial spark of curiosity has evolved into a steadfast commitment to making the digital world a safer place for all.

For aspiring cybersecurity professionals, Kaur offers a comprehensive roadmap. A strong foundation, she emphasises, is built on a combination of technical and non-technical disciplines. University studies should encompass computer science fundamentals, information security, networking, ethical hacking, cyber law, risk management and essential soft skills like communication and leadership. Practical experience, hands-on training and engagement with industry professionals are crucial complements to academic learning, preparing individuals for success in the dynamic field of cybersecurity.

Looking ahead, Kaur predicts a thrilling, tech-fuelled ride over the next two years. AI superhero squads, quantum computing, zero-trust architectures and the convergence of operational technology (OT) and IT security are expected to reshape the landscape. The release of the 2023-2030 Australian Cyber Security Strategy and the accompanying Action Plan underscores a commitment to making Australia a world leader in cybersecurity by 2030.

Kaur’s inclination to step out of her comfort zone has been one of the most important factors in her career. The combination of curiosity, a hunger for learning

and guidance from mentors has propelled her forward. A supportive sisterhood of women in IT and security serves as a source of inspiration, pushing her to make meaningful contributions to the field and advocate for inclusivity and diversity.

The most satisfying aspect of Kaur’s current role lies in the tangible impact on safeguarding digital assets and fostering a culture of security awareness. Solving complex challenges, collaborating with diverse teams and empowering organisations to navigate the evolving landscape bring immense satisfaction. Additionally, mentoring and advocating for the next generation of women in security contribute to broader professional fulfillment.

Maintaining work/life balance is deemed crucial, especially in the demanding field of cybersecurity. Kaur prioritises self-care, sets clear boundaries, practices effective time management and engages in personal interests to achieve a harmonious equilibrium. Leveraging supportive networks, delegating responsibilities and embracing continuous learning further enhance the balance between professional commitments and personal life.

To stay current and effective in her role, Kaur employs a multifaceted approach to learning and engagement. Active participation in conferences, workshops, webinars, networking with peers, joining professional organisations, independent research and pursuing relevant certifications are all integral components of her continuous journey. A mindset of lifelong learning, curiosity and adaptability is emphasised, acknowledging change as the only constant in cybersecurity.

Addressing the cybersecurity skill shortage poses challenges and opportunities for Kaur’s organisation. The rapidly evolving threat landscape and the demand for specialised expertise impact recruitment strategies. Roles requiring niche skills such as threat hunting, cloud security and risk assessment, present significant challenges in talent acquisition. The competition for top talent in these areas necessitates innovative approaches to talent development, partnerships with educational institutions, and a focus on cultivating a diverse and inclusive workforce.

www.linkedin.com/in/sheavy

After four years studying law and gaining a Bachelor of Laws from Deakin University, Beth Dwyer was confused about her future direction and had no desire to practice law.

Fortunately, she had taken electives in cybersecurity, intellectual property law, privacy and digital law. “I finally felt that I had found an area I could see a future in,” she says.

Armed with this realisation Dwyer joined the Cyber and Digital Risk consulting team at Boston Consulting Group (BCG) which, she says, “exposed me to a broad array of cyber topics across multiple industries and clients.” She spent almost five years with BCG before joining MYOB in Sept 2023.

“As a non-technical person in a technical field, I had my doubts, particularly in the early days pursuing a cybersecurity career, Dwyer says. “Imposter syndrome kicked in, as I’m sure is very common for almost everyone in their early career across any industry, but I was able to navigate this by forming a strong network of both cybersecurity and non-cybersecurity professionals. I also ensure I continuously invest in my learning and development, always challenging myself to branch beyond my comfort zone.

“In addition to building a supportive network and embracing continuous learning, I found seeking

out mentorship played a critical role in overcoming moments of uncertainty. Having a mentor provided me with valuable guidance and reassurance during challenging experiences.”

“KEEP YOUR OPTIONS OPEN”

As someone who had limited awareness of cybersecurity, let alone as a career option, during her high school years, Dwyer’s advice to today’s high school students is “keep your options open and broad and choose subjects that enable you to apply for a range of different university courses.” She adds: “It’s so easy to not undertake a certain maths or science subject when you’re unsure of your path, only to find that it is a prerequisite for a university course you might want to study.”

Dwyer says that, in addition to working with “a fabulous team of cybersecurity and risk professionals” there are multiple aspects of her current role that give her fulfilment.

“I love the everyday challenges that come with working in cyber risk and the fact that no two days are exactly the same. Solving complex problems, getting to collaborate across multiple teams, and seeing actionable outcomes and changes from the work we undertake is a highlight of the role. I feel satisfied seeing actual change across an organisation, whether it be risk buy-down or behavioural shifts from the initiatives we are working on.

“Having the opportunity to contribute to improving the overall security posture and cyber resilience of MYOB is really satisfying and knowing my efforts are contributing to creating a more secure environment for both our organisation and our customers brings me fulfilment.”

Dwyer says a typical day in her role might involve “responding to any urgent security matters from across the business that require cyber risk support, communicating with stakeholders such as legal, procurement or product teams on security matters, and progressing on uplift initiatives that we have committed to as a team.”

She adds: “There are some consistent responsibilities and priorities my role includes. A few of these include working on cybersecurity strategy for the organisation, conducting cybersecurity risk assessments and developing mitigation strategies, vendor/third party assurance and risk assessments, cybersecurity policy management, cybersecurity awareness for the organisation, amongst many other things.” She is also involved in a range of audits including PCI DSS and ISO27001.

CONTINUOUS LEARNING

In addition, to be effective in her role, Dwyer says she needs continuous learning and engagement with a range of stakeholders from different backgrounds. “Regularly participating in industry webinars and conferences helps me gain insights into trends and threats. I also have a healthy stream of cyber news and articles I consume via LinkedIn and other platforms. These provide a space for discussion and exchange of opinions, which I find useful. It is particularly useful to have different perspectives on cyber issues.”

She adds: “Additionally, collaborating with my colleagues and continuing to expand my network within the cybersecurity field helps me stay on top of developments. It’s a proactive approach to learning and networking to ensure I can continue to grow my skills and understanding of an ever-growing field.”

In addition to building a supportive network and embracing continuous learning, I found seeking out mentorship played a critical role in overcoming moments of uncertainty. Having a mentor provided me with valuable guidance and reassurance during challenging experiences.

Dwyer’s career journey is very different from what she might have expected as a young student embarking on a law degree. For others contemplating a pivot into cybersecurity, she says: “Cybersecurity is an extremely broad area so I would recommend identifying the area/s you find most interesting and tailoring your learning to suit.

“Cyber is also always evolving, so ongoing learning is critical to success in the industry, regardless of background, to stay on top of trends, threats and technologies. There are several transferable skills from other professions, such as problem solving, critical thinking and project management, that are very valuable in the field of cyber, in addition to standard soft skills such as communication that are developed in any role.

“Finally, I would spend time connecting with industry groups and learning from other individuals because there are countless people who have changed career pathways into cybersecurity, and there is always so much you can learn from others. The best advice I received in the beginning of my cyber journey was that I could learn everything I needed to know about cyber over time, but my attitude, way of thinking, work ethic and communication skills would be fundamental.”

www.linkedin.com/in/beth-dwyer

Florence Mottay

Florence Mottay has been VP and Chief Information Security Officer (CISO) at Zalando since 2022, when she joined the company to lead the team responsible for providing protection of critical assets, early detection of information security vulnerabilities and incidents, and fast response and recovery.

Florence is also a strategic advisor for Paladin Capital Group, a multi-stage venture capital firm focused on leading investments in the best technology companies globally. With more than 20 years of experience in cybersecurity and ethical hacking, Florence was previously the Senior Vice President of Information Security and Global Chief Information Security Officer of one of the world’s largest food retail groups, Ahold Delhaize, based in The Netherlands. She was responsible for the overall cybersecurity practice across eight countries and 19 retail brands. During her tenure, Florence founded the firm’s Global Women in Tech program. Earlier in her career, Florence spent 10 years supporting the growth of small businesses specialising in information security. During that time, Florence led the delivery of information security and IT governance services to global software and technology vendors, financial companies and retail firms in her roles at IOActive, Cigital, and Security Innovation.

Florence Mottay’s first foray into cybersecurity was with a US startup, Florida-based Security Innovation, in 2003, as employee number seven.

“I had a degree in mathematics and one in software engineering, but I did not know anything about information security and ethical hacking,” she says. “I remember understanding roughly 40 percent of what the other six were talking about on my first day. As a project manager, I did not necessarily need to know the technical details, but I decided it was interesting and that I wanted to learn more anyway.”

And learn she did. “I asked one of the other six employees who was an amazing ethical hacker to be my mentor and he spent the next five months teaching me (almost) everything I needed to know to become an ethical hacker myself,” she says. “This took time and effort. After my workdays I studied every night until 3am. And it worked! I became a strong ethical hacker and a recognised member of the team.”

Mottay’s role at Security Innovations eventually took her to Zalando, where she works today as Chief Information Security officer, a German online retailer of shoes, fashion and beauty products active throughout Europe.

Hers is a career journey with many twists and turns which started when she left her native France for Florida at age 16 to continue her studies in mathematics as an exchange student. There she was introduced to James Whittaker, then a professor of computer science at Florida Institute of Technology and later the founder of Security Innovation. He would have a profound impact on Mottay’s career journey over many years, after a less than auspicious start.

Whittaker had acquired grants from Microsoft and IBM and was offering scholarships to students. Mottay was recommended to him, separately, by her teachers in assembly language and statistics.

IF AT FIRST YOU DON’T SUCCEED…

“James asked me to meet him on a Wednesday at 11am. As I arrived, he told me he did not have anything for me at the moment, but that I could come back the week after if I wanted, which is what I did,” Mottay says. “That day, he told me again that he did not have any role for me, but that I could come back. This little back and forth lasted for 11 weeks. On the 11th Wednesday, James (who admitted later he could not believe that I kept on coming back!) offered me a job for 10 hours a week.”

Her first assignment was to reverse engineer some C code from the 70s. “It was one of the hardest projects I’ve ever had to work on,” she says. “I was not sure of the quality of my work, but it must have been alright as my contract got renewed after six months, and both the number of weekly hours and my rate increased.”

Whittaker’s next intervention in Mottay’s career was to get her to switch her university education from mathematics to software engineering. “James offered to sponsor the rest of my bachelor’s degree and my master’s degree if I moved from mathematics to software engineering.” Mottay says. “Mathematics was my real love, but I recognised the potential in software engineering and decided to take on the challenge. Over the three years that followed, I continued working for James, started leading projects and ended up working 40 hours per week in addition to my classwork.”

Mottay graduated in 2001, moved to Colorado and took a job as a software engineer while supporting her then boyfriend, now her husband, who had decided to embark on a master’s degree in computer science. She had been there only six months when Whitakker once again intervened in her career journey: he lured her back to Florida to join his startup, Security Innovations.

The company grew and garnered customers, including large financial institutions and tech companies in Europe, and Mottay was asked to move to Amsterdam to run the European operation.

FROM FLORIDA TO AMSTERDAM

“My husband and I took the opportunity and landed with our three-month-old in Amsterdam in June 2005. Overnight, I went from being a technical person to leading a small business. It was challenging but gave me the opportunity to polish my technical-to-business ‘translation’ skills and to learn how to manage profit and loss.”

After four years in the role, Security Innovations’ EMEA business was sold to another cybersecurity company, Cigital, and Mottay stayed on for four more years to run its European business before moving to IOActive, a company specialising in hardware hacking, where she led its EMEA business.

“It was a wonderful new experience hacking vessels, printers, voting machines and so many other things,” she says. “By then, we were in 2016 and I felt I had acquired a lot of expertise in ethical hacking, software, firmware, and hardware security, and that it was time to get a ‘grown up’ job.”

So Mottay joined Ahold Delhaize—one of the world’s largest food retail groups employing 400,000 staff—as its European CISO. “This opened up a new world for me,” she says. “First, I became a cost centre rather than a profit centre, which comes with its own set of challenges, but different ones.

“Being a CISO comes with similar challenges to those of any business leader. In particular, making the right decisions to balance security, cost and customer

experience is challenging, but also an integral part of the job. Second, this gave me the opportunity to lead the entire function of information security including identity and access management, which was new territory.”

Two years later Mottay was promoted to global CISO, and four years later, in September 2022, left to join her current employer, Zalando, where she says she is “responsible for defining the strategy and leading the execution of the company’s cybersecurity practice, including identity and access management and privacy engineering.”

Today Mottay has been working in cybersecurity for 23 years and says she still really enjoys her work. “I get up feeling excited about the day. Beyond the field itself, I enjoy the people I work with: my team, my peers and the very diverse community at Zalando.”

A MEETING-HEAVY ROLE

Hers is a meeting-heavy role. “On an average day I have over 10 meetings,” she says. “In between, before and after, I do emails and respond to requests I get via chat. I always break around 6:00 or 6:30 and spend time with my family. If needed (which is thankfully not very often) I go back to work after dinner is finished.”

Outside of her role at Zalando, Mottay sits on the advisory board of Paladin Capital Group, a global venture capitalist specialising in cybersecurity investments, and is a co-chair of Evanta’s Benelux CISO community (Evanta is a Garner subsidiary that creates and runs communities of C-level executives from major organisations). Over the years she has

joined many groups of like-minded security leaders including the CISO Circle of Trust Foundation—an organisation founded in 2022 by ten large Dutch companies to improve their protection against cyber attacks and threats—and the Multinational Information Sharing and Analysis Center (MN-ISAC), an organisation whose mission is to improve the overall cybersecurity posture of global multinationals.

“With these groups, we aim to tackle the hard problems that we all face and support our communities who also face cybersecurity challenges,” Mottay says. “In addition, I have been on the RSA program committee for years and have built strong relationships with security professionals, both in the corporate and government sectors. I also have a few mentees, internal to Zalando and external, most, but not all in cybersecurity.”

Mottay has come a long way since being a 16-yearold French high school student studying mathematics on an exchange visit to Florida. “I took a lot of chances in my career, rather I should say that my husband and I took a lot of chances in our lives. And we regret none of them. Truth is that we will never know what would have happened had we made other choices. So, we feel blessed with the choices we made and don’t look back.”

Mottay acknowledges the role of James Whittaker. “He is the one who got me into security and remains a very dear friend of mine” She cites as “sounding boards and sources of inspiration,” Ben Wishart and Natalie Knight, respectively the CIO and CFO of Ahold Delhaize when she worked there, adding “Although I’ve only been at Zalando for a year I have also met fantastic professionals including Meg Greenhouse, a strong female leader who is committed, among other things, to diversity, inclusion and belonging.”

www.linkedin.com/company/zalando/about

www.linkedin.com/in/fmottay

Dr Mohuya Chakraborty

Director of the Cybersecurity Centre of Excellence at the University of Engineering and Management (UEM) in Kolkata

Professor Mohuya Chakraborty, newly appointed director of the Cybersecurity Centre of Excellence at the University of Engineering and Management (UEM) in Kolkata, India is a highly accomplished cybersecurity professional, blockchain expert and the author of two Udemy courses on cybersecurity: Introduction to Ethical Hacking and Computer Networking and A to Z of Cryptography. The centre is her creation.

Her first degree was in physics, back in 1991 when cybersecurity as a discipline did not really exit. She followed this with bachelor’s and master’s degrees in electrical, electronics and communications engineering and a PhD in mobile communications and computing: her thesis was mobility management schemes for 4G mobile wireless networks.

Her interest in cybersecurity developed when she started teaching networking. “There was a network security module in the course that I liked very much because it dealt with various algorithms used in cryptography,” she says.

“I then started developing an interest in that and going forward took up certification courses in cybersecurity and blockchain from the EC Council under Coursera.

I supervised several undergraduate, postgraduate and doctoral research projects, published several

research articles, books and eventually set up my own brainchild – The Cybersecurity Centre of Excellence (CCoE) at our university. I have collaborated with several professionals in this area from across the globe and organised four ethical hacking conferences. I am happy that I took the initiative towards this venture.”

FOUNDED A CYBERSECURITY CONSULTANCY

And she has not stopped there. Three years ago she started her own cybersecurity consultancy. “I have been fortunate to help more than 80 clients in several aspects on cybersecurity such as whitepaper and research paper writing, online course development, hands-on projects, etc,” she says.

She has also organised several international conferences, gaming and coding competitions on cybersecurity and ethical hacking, is a regular blog writer/expert opinion provider on LinkedIn and associated with several cybersecurity groups.

And she has received an invitation from the University of Vaasa, Finland to review a PhD thesis on ‘Cybersecurity in Healthcare’, which she describes as “an amazing accomplishment in my work.”

Chakraborty’s involvement in cybersecurity spans many facets of the industry but what excites her most, she says, is cryptography. “Cryptography is the heart of cybersecurity, and there is a lot of scope to develop new algorithms.” She adds: “I also like malware analysis through Wireshark.”

Looking back she credits her husband as being one the main influences on her career. “He urged me to choose this path and is connected to the cybersecurity industry.” She adds: “These days, I have a lot more faith in cybersecurity.”

www.linkedin.com/in/dr-mohuya-chakraborty-cmgrsmieee-44263456/

www.facebook.com/mohuya.chakraborty.3

2024 Australian

JOHN TAYLOR

Group Executive | CIO | CTO | CISO

MAXINE HARRISON CISO from Department of Energy, Environment and Climate Action

DANIEL GRZELAK Chief Innovation Officer at Plerion

SALESHNI SHARMA Director, Regional Information Security Officer: AsiaPac at W. R. Berkley Corporation

NADIA TAGGART CISO at Western Sydney University

ANAFRID BENNET Head - Technology, Security & Property at Greater Western Water

LAURA WHELAN Director, Security & Business Continuity at National Indigenous Australians Agency

JACKIE MONTADO

Chief Digital and Technology Officer at Wesfarmers Industrial and Safety

LEANNE FRY CIO at AUSTRAC

CLIVE REEVES

Deputy CISO AsiaPac at Telstra

STEPHEN BENNETT

Group Chief Information Security Officer at Domino’s Pizza Enterprises Limited

YASO ARUMUGAM

Assistant Director-General Data and Digital, CIO, CISO at National Archives of Australia

SARAH LUSCOMBE Head of Cyber Security at the University of Canberra

MARYAM BECHTEL Chief Information Security Officer at AGL

PAUL CLARKE Head of Security at Canva

womeninsecurityawards.com.au

NIKKI PEEVER Director, Cybersecurity at CAUDIT

ROXANNE PASHAEI

Chief Information Security Officer at NSW Rural Fire Service

CRAIG FORD Australian Best-Selling Author | vCISO | AISA Member Board of Directors | Security Journalist

JASON MURRELL Independent Chair CSCAU | Cyber Security Standards Development

DAN MASLIN

Group Chief Information Security Officer at Monash University

LYNWEN CONNICK

Cyber Security and Technology executive l Chief Information Security Officer | CIO | Advisory Board Member | Mentor | Diversity Advocate

TAMSIN JOWETT ICF Executive Coach & Diversity Consultant at Coaching To Thrive

JANICE LAW

Chief Information Security Officer at Services Australia

ARE OPEN Nominations

1 ST FEB 2024 TO THE 30 TH JUNE 2024

Why Nominate?

TIP #1

To identify rockstars

To celebrate ‘hidden’ security superstars

To lift and empower the entire company

To express admiration for fellow co-workers

To pause and express your gratitude

To pay it forward - and give back to the community

HOW TO SUBMIT A WINNING NOMINATION

TIP #2

Authenticity

First and foremost, be authentic. When crafting your nomination, share real stories and concrete examples that highlight the nominee's impact in the cybersecurity & protective security field. The more genuine and specific, the better.

TIP #4

Emphasise Diversity & Inclusion

Share how the nominee has contributed to creating an inclusive environment in the cybersecurity & protective security sector. Highlight initiatives that promote diversity and equal opportunities.

Highlight Achievements

Whether it’s groundbreaking projects, leadership roles, or innovative solutions, make sure to showcase the nominee’s outstanding contributions to the industry. Numbers and metrics can add that extra punch!

TIP #5

Collaboration is Key

Collaboration is key.

If you’re part of a team, gather input and insights from your colleagues. They might have unique perspectives on the nominee’s contributions and can help strengthen your nomination.

TIP #3

Support with Testimonials

Gather testimonials. Reach out to colleagues, mentors, or anyone who can provide additional insight into the nominee’s skills and impact. A well-rounded nomination with testimonials adds credibility and depth.

Today Heidi Mejia is a client executive at Tesserent, part of the Thales Australia cybersecurity solutions group. She came to the role after a ten-year career as a chef with various Australian organisations, and a brief stint in cybersecurity sales.

Her initial move into sales was from the role of chef, occurred within the same company, an oyster wholesaler. From this, she transitioned to a sales role with cybersecurity company, Bitdefender, then to partner development manager before moving to Tesserent in October 2023.

The move into cybersecurity, she says, fulfilled a long-held ambition. “I had been keen to work in cybersecurity for a long time. … When COVID hit, all the chef roles in the hospitality industry dried up overnight and I lost all my work as the industry complied with mandatory shutdowns. I spotted a vacancy in Bitdefender, a cybersecurity company I knew about because I had been using their product for a long time. I took a chance and submitted my application and after four rounds of interviews I got the job.”

COVID did more than create the opportunity for Heidi to make the move into cybersecurity, it also provided the motivation. “COVID really galvanised my interest

in cybersecurity, watching on the sidelines as attacks escalated in velocity,” she says. “I was motivated to join the battle to help keep our nation safe and protect people and organisations,” she explains.

THE POWER OF PASSION

And her passion helped her make the break into cybersecurity. At the interview for her role at Bitdefender Heidi asked why, with neither qualifications nor background experience in IT or cybersecurity, why were they interested in her for the job.

“The director who interviewed me could feel my passion and determination to learn and remarked it was better to hire someone who is hungry and willing to learn than to hire someone with experience, who was less motivated to learn,” she explains.

“So, I got my first important break in the industry, was I incredibly grateful for and have never looked back. When I first started out, I knew I had to start from scratch, which was perfectly fine with me. I prefer to work my way up, that way, I can be exposed to learning the ins and outs of everything and build a solid foundation. I find it makes me more adaptable and flexible. My goal is to be an industry leader in cybersecurity and in time, I know I will get there,” she enthuses.

To overcome the challenges of diving into a completely new industry, Heidi says she asks lots of questions, keeps reading and continuously researching.

“I always strive to deepen my knowledge and put it into practice. After some time and perseverance, it pays off and begins to flow naturally. It is important to work with great people and immerse yourself in a strong team culture under a highly skilled leader— which I’m grateful to have in my past company and here at Tesserent—so you can be supported in your learning and continue to develop and improve,” she says.

TESSERENT ROLE

In her role at Tesserent Heidi is helping businesses of all sizes across many sectors—banking and finance, healthcare, critical infrastructure, government and retail—stay protected through risk management, and helping them be compliant with frameworks such as the Essential Eight and the NIST Cybersecurity Framework.

“I benefit daily from being briefed on threat intelligence from our security operations centre and our expert advisory team. I make time to read every day about what’s new, emerging and trending. I keep myself informed. I also subscribe to updates from the Australian Financial Review and Australian Signals Directorate. I attend as many cybersecurity conferences as possible to hear from the wider industry,” she explains.

Given Heidi career history it is hardly surprising her advice to anyone aspiring to make a career switch into cybersecurity is simply: go for it.

“Send that resumé or reach out on LinkedIn. You have nothing to lose by trying,” she recommends. “Don’t let your lack of experience or coming from another industry ever prevent you from giving it a go. Australia has a massive shortage of cybersecurity talent, and many organisations are willing to hire and train people that come from other backgrounds and disciplines. Start from scratch and be willing to learn and build experience, but make sure you leave your ego at the door. I was a chef, and I made the transition to cybersecurity, so anyone who is determined can do it,” she stresses.

www.linkedin.com/in/heidimejia

Nalini Jadia

Sr Cyber Security Risk Leader

Nalini Jadia is in a senior cyber risk leader/assessor role at HP in Spring, a suburb of Houston, Texas. She assesses risk related to third-party vendors and evaluates their security posture, because “vendors are the weakest link in the business chain.” She says there is never a dull day.

“No risk is like any other: all vendor brings different scenarios and different challenges. This is what I love about this work. Being an avid learner, this is the perfect place for me. With each assessment I learn something new, and I can use that knowledge when making other risk assessments.

“With a changing risk environment, you are always on a learning curve. You can never master it. You have to keep updating your knowledge and horizons.

“My day starts mostly at 7:00am and generally ends at 4:00pm, but it all depends on meetings with stakeholders and vendors. Sometimes, when working with the global team, I have to schedule meetings very early in the morning and late at night to meet their time zones. With a flexible routine, this allows me to adjust my hours accordingly.”

Jadia started her educational journey in India, studying for a bachelor’s degree in mathematics, but abandoned this to get married and then took a very career different path.

FROM COSMETOLOGY TO CYBERSECURITY

“After completing some courses in cosmetology [the study and application of beauty treatments] and haircare and getting a license, I started a salon offering hair and beauty services, which I continued for almost 15 years,” she says.

This was not her only career pivot. “One day I met one of my customers who inspired me to learn a foreign language -specifically Japanese, one of the most difficult languages with three different scripts. I started my linguistic journey, completed an advanced diploma in Japanese from the Japanese Language Proficiency Training Institute in Pune, India. I also gained some certifications from the Japanese government and started working with a multinational company managing a team of 100 translators: their workload and the quality of their translation services.”

Jadia left this job to join her husband in the US, and made yet another career change. “After coming to the land of opportunities, I decided to go back to school and complete my education, as that was a missing part of my life,” she says.

“I went to community college and then joined a bachelor of science course in psychology at the Northern Illinois University. I supported myself financially because my husband refused to help me with my school payments. I worked multiple part-time jobs at various beauty salons, on very low wages. I

provided translation services in courtrooms, taught mathematics to kids, did babysitting and more.”

Jadia completed her bachelor’s degree with honours and gained multiple awards in research in neuropsychology, but her stressful lifestyle caught up with her.

A MAJOR SETBACK

“On the last day of my bachelor’s course, I suffered a facial paralysis attack. That was shocking and life-changing, because I was going through some stressful family issues at the same time. I decided not to sit and cry over spilt milk but to take command of my life and start preparing for the GRE exam [a standardised test that is part of the admissions process for many graduate schools in the US and Canada] which was the requirement for a master’s degree.

“I took the GRE exam the same day as my divorce came through, passed the exam and was admitted to the master’s program in management information systems (MIS) at Northern Illinois University.

“Every day I taught myself by watching YouTube videos about computers and IT-related stuff. I passed

my MIS degree with a grade point average of 3.6 and was awarded a Dean’s Scholarship for Women’s Leadership in IT. This scholarship paid for me to study expensive SAP courses and take the exam. I passed the exam and decided to pursue my career in SAP. However, getting a job in SAP was a little challenging, so I started applying for internships, and got my break at TransUnion [a US consumer credit reporting agency] in cybersecurity. That opened the door into cybersecurity for me.”

After completing her internship, Jadia continued working and studying. “Starting late in my career path, I never lost my focus, I set some rules to achieve my desired outcome, and one of them was to get/try for every year one new professional certification,” she says. “Many times, I didn’t pass on the first go, but I never gave up. I achieved some industry-recognised certifications such as CISA, CISM, and CTPRP.”

I keep on upgrading my knowledge and expertise. I am currently preparing to learn about AI/ML security risks.”

www.linkedin.com/in/nalini-jadia-it-infosec

Cheryl Pome’e

At age 17, New Zealander Cheryl Pome’e was feeling “10 feet tall” and with “a bullet-proof cocky attitude” so she left school and joined the New Zealand Army as an Information Systems Operator (ISOP). It proved to be a decision with lasting impacts on her life journey.

“After completing the Army aptitude test, I was informed, I had the pick of any trade. I remember joking with the recruiter ‘What pays the most?’ and that is how I fell into IT,” she says.

It was not an easy path she had chosen. “My first years in the Army were hard and grueling, not only was I learning how to be a soldier, but I was also learning IT system engineering,” she says. “IT did not come naturally to me. I was more of the sporty, outdoorsy type and had not completed any computer subjects in school.”

Eventually, everything clicked into place and Cheryl was put in charge of a team preparing ISOPs for overseas deployment. She was deployed in 2009, spending nine months in East Timor, where “my boss who had worked in the private sector before joining the Army, taught me about customer service. This helped me to improve my communication skills and handling requests.”

On her return from East Timor Cheryl was promoted to lance corporal and sent on leadership courses. These and the five years she spent in the Army, she says, have served her well ever since.

“I have never found it hard to land a job after being in the Army. It has been a talking point in every interview I have had, even today, more than 10 years on. I believe the time I spent and the skills I learned in the Army have been the biggest contribution to my career in IT and security.”

DIGITAL SECURITY LEAD

Today, Cheryl is the Digital Security Lead with Tauranga City Council. This is her first official cybersecurity title after a string of IT roles held since leaving the Army. “Security was built into everything I did in the Army,” she says. “I have carried that through into all my roles since. Although I wouldn’t officially step into a security role until 10 years after the Army. I was always drawn to security,quite often security was a part of my IT roles, also I consulted on security during some customer projects.”

Cheryl did not study computing at school and without that background, her IT career in the Army did not get off to a good start. “There was a point in my first year in the Army when we were learning networking, I was failing big time. I could not for the life of me get my

head around networking. I was even asked if I should consider changing trades. If I had learned computer networking in school, I would never have had to struggle as much as I did,” she says.

She also confesses to missing out on what would have been other useful school learnings. “High school English covers a lot of the areas that are a huge benefit to security roles. I did take English at high school, but I was not serious about it.”

To compensate she took a professional and technical writing course with an online polytechnic some years ago, which “has been extremely helpful with reports, policies, standards, and communication emails.”

And, she says, “Debating was an extra-curricular at my high school, but something I chose not to do. Debating teaches skills like critical thinking, analytics, and how to get your point across. Analysing complex security issues, persuasiveness and effective communication are skills I use daily in my current role. I have learned these skills over time throughout my career, but it would have been handy to have debating skills prior.”

She also stresses the importance of both verbal and written communication skills for anyone wanting a career in cybersecurity. “In an incident, you need to effectively communicate your findings or translate the technical information for executives. Report writing is something no cybersecurity role can escape. Information in reports needs to be clear and readable to the intended audience. Cybersecurity professionals quite often attend meetings where they will be required to articulate cybersecurity recommendations, requirements, or changes. Having the ability to communicate effectively and clearly is very valuable.”

AN EXPERIENCED INTERVIEWEE

Cheryl has held more than a dozen IT or security roles since leaving the army, so has plenty of experience with interviews management styles, managers’ personalities, and company cultures. In her view, there is no getting around a bad manager. “I am a firm believer that your manager will make you or break

you,” she says. And on the question of job interviews: “It is important that when they ask you ‘Do you have any questions for me?’, you take the opportunity. You are interviewing them as much as they are interviewing you. I always ensure I have questions lined up and if questions pop into mind during the interview I add them to the list.”

Good culture, Cheryl says, is essential, and fear of failure does not make for a good culture. “Whenever I am implementing change, I always start the conversation with ‘We are doing something new, we might fail, but we will learn and adjust’,” she says. “I have worked in teams where failure was feared. I have for the most part been able to change this culture. One team I was in, I was unable to change the culture. It made working difficult, people were stressed, and work was slow, very slow. People can create a good culture, but managers are the ones that can entrench it into the team.”

Today Cheryl is responsible for training staff in security and awareness of cybersecurity risks. “Having a great security training and awareness program ensures that people have security front of mind and security is incorporated into everything they do,” she says.

“For me, Cybersecurity training and awareness is very important. The stronger your people are the better protected you are from attacks. It is fun coming up with friendly phishing email simulations. I find people love the challenge and we see great learning outcomes. People will often message me saying something like ‘You will have to do better next time!’ or ‘Oh no, you are sneaky!’”

“Last year I was fortunate to be able to organise a Cyber Smart Week. There were cybersecurity presentations, music, and games. We even had a cybersecurity song written and played it for everyone. People got really into it, I cannot wait to run another again this year.

“After creating and updating a policy or standard, I need to ensure the teams directly affected are

aware and they update their processes/procedures to meet the policy or standard. I conduct workshops with teams, which allows them to come along on the journey and discuss ideas and let me know what issues they might face.”

A FAMILY AFFAIR

With two children and both Cheryl and her husband holding full-time jobs in cybersecurity—she says they have “fun debates”— Cheryl finds balancing work and family life a challenge.

“I struggled for a long time and often put work before my family. My attitude today has changed, family is forever, a job is just for now. I have no issues now with taking time off work and attending my kids’ school trips, plays, and prize-giving’s. Spending quality time with my kids is important. It’s not about being in the house together. It is about going on adventures and creating memories they can look back on.

“We love going on family holidays, so I always ensure we have a trip planned. Having a trip always coming has been instrumental in keeping me sane. Last year we went to Disney World, which the kids absolutely loved, and so did us parents.” And she has returned to a teenage passion: karate. “I use karate to force me to finish work on time, I do not want to miss a class and I am extremely motivated because my Sensei has asked me to grade for my Black Belt in Okinawa, Japan in September. Karate has been a great outlet for frustrations, and for strengthening my mind.”

www.linkedin.com/in/cherylpomee

Head of Information Security at Vault Platform

As a child growing up in India, Ash Mohanaprakas learnt English, but it did little to prepare her for life in the East London suburb of Newham at age 11, which was a melting pot of ethnicities and accents.

“I felt like each person spoke an entirely different language as I tried to figure out simple terms like ‘bottle’ and ‘water’ in what felt like a super-fast stream of speech,” she says.

Her response was to relearn English in much the same way as she was learning French and German in school: writing down words she did not understand, looking these up in a dictionary and “reading books all the way from nursery rhymes upwards.”

Mohanaprakas clearly had a gift for languages, and much else: she took the French GCSE exam in year nine along with native French speakers. She went on to achieve the top grades in her school with seven A*s and 4As, including German, Spanish, and French. She then went on to gain advanced level Mathematics (A), Media Studies (A*), English Language (A*) and Drama (AS-Level).

As a result of her academic performance she was put forward to participate in a program for gifted and talented children that later became OxNET, a service run by Oxford University’s Pembroke

College to encourage pupils from a diverse range of backgrounds to apply for places in the UK’s top universities.

LINGUISTICS AT OXFORD

Mohanaprakas chose to apply for a place at the University of Oxford studying linguistics and Portuguese, because of Portugal’s involvement as a colonial power in India: she was “curious about how the Portuguese maritime engagements in India would be portrayed by Portuguese authors.”

By the time she graduated Mohanaprakas had already become a mother, at age 20. After dabbling in multiple disciplines during her university years, including writing about cultural issues in a community newsletter and working as a costume designer/ assistant director on a movie portraying life in the UK for immigrants from South Asia, she took an admin/ database role with one the University of Oxford’s Philanthropic functions.

“This was really where I saw the benefits of my training in linguistics and languages,” she says. “I quickly got to grips with HTML because it was, in essence, another language. I very much enjoyed understanding the relational databases underpinning the relationship management and fundraising ERP system we used, and I progressed quickly to a process and training role.”

“I found myself enjoying implementing efficiencies in how we did things, and I picked up a TAP Training Academy qualification to help me design, develop and deliver online and in-person training for the tool which supported the £120m plus annual fundraising targets for the university’s philanthropic functions, the largest higher education charity outside of the US.”

At around this time the European General Data Protection Regulation (GDPR) was coming into force and the UK’s regulator had introduced the Fundraising Preference Service to enable individuals to block direct marketing communications from named charities they no longer wanted to hear from. Mohanaprakas became involved in the analysis and

design of an ERP tool to enable the charity to comply with its requirements, and this, she says, marked a turning point in her career, setting her on the path towards a regulatory role.

A GRC ROLE

She saw a governance, risk and compliance job advertised at the University of Oxford, applied and was hired in an underfill capacity for a year. And this, she says, is when the possibility of career in security first arose.

“I never initially thought of a career in cybersecurity. I was candid with my CISO on why I saw myself in security. It was mostly because I wanted to gain a deeper understanding about how organisations worked. Security seemed to be at the heart of all organisational functions and activities, and I saw this as an opportunity to understand better how organisations run and succeed.”

Her main role was “to get past the National Health Services’ digital red tape to enable patient data to be used for research purpose,” she says. “This allowed me to work with a range of top academics within the university and support them with secure research data management and manage stakeholders to ensure their departmental and divisional security risks were understood and managed effectively.”

During this time Mohanaprakas gained CISMP certification, completed the Open University course in cybersecurity and gained a PCI DSS qualification. After two years she was in search of new challenges.

“I realised I needed to experience the private sector in my twenties while I had the energy for it,” she

explains. “Whilst the University offered excellent worklife balance, I wanted to work in a more meritocratic environment where I could see the impact of the changes I had initiated within a shorter time frame.”

HEAD OF INFORMATION SECURITY

So, Mohanaprakas got a job as head of information security with Perspectum—a startup medical technology company spun out from Oxford University—where she was responsible for securing personally identifiable information and the security of diagnostic software. “Here, I felt I was properly in security, as my previous role had a bigger governance focus, and wasn’t as technical in terms of hands-on operations,” she says.

Mohanaprakas stayed with Perspectum for three years before moving to a cybersecurity consulting role with Bridewell, a cybersecurity services company that specialises in protecting critical national infrastructure organisations. She stayed for only a year during which time she progressed from a senior consultant to a senior lead consultant, managing up to five other consultants and contributing to the sales conversations as well as services to enterprises and government. However, there was a downside.

“While I thoroughly enjoyed consulting, I was also exposed to the challenges faced by an ambitious woman from an ethnic minority in cybersecurity. All the stereotypical attitudes, the pay gap and lack of recognition were real issues for me. I realised that one of my core strengths is in getting things done well. I was able to build a good reputation within the company and with clients.

“What I enjoyed less was the underlying feeling of fighting against my peers to get that next promotion, and while I enjoyed the competitiveness to do better, I did not enjoy the reality of race, gender, or perceived ‘experience’ contributing to that decision, as opposed to evidence of achievements being the deciding factor.”

Mohanaprakas’ search for a better working environment led her to her current employer, Vault Platform, which she describes as “an impact-led tech

startup, bringing innovative digital solutions to the problem of unreported misconduct and ESG violations in the workplace.” She is head of information security.

JOINING A MISSION-LED STARTUP

“Vault Platform stood out to me as it’s a missionled tech start-up that was very mindful of the tech culture and has endeavoured to create a positive working environment,” she says. “I have been enjoying working with the leadership and wider team to implement good controls and demonstrate Vault’s maturity to customers from a security standpoint. It is challenging being the only IT/security person, but the work culture, the conscientious approach to expansion and investment in people have all been green flags.”

She been here for almost a year and has led the security and compliance program for Vault, including ISO 27001 and SOC 2 Type II attestations. “As the only security resource, I get involved in a range of activities across the company. I work with finance, ops and legal to ensure our operational security policies and processes are carried out effectively,” she says.

“I also work closely with the engineering and tech functions to ensure the product we’re bringing to the market is enterprise-ready, with security baked in from the very beginning of each project. I also work with marketing to ensure the security requirements our customers expect their vendors to have are accurately understood and demonstrated in our external-facing content. I also ensure new requirements are understood and fed back into the organisation for improving our solutions.”

Over the past year, Mohanaprakas says a key focus has been the implementation of proactive security controls and a risk management framework for facilitating key decision-making at Vault.

“Working for an early-stage startup, I am constantly challenged to be as lean as possible whilst not compromising the value, and maximising resources. Demonstrating the value of having the right tools and processes that work for the company, ensuring that controls do not compromise on the user experience

of the tool has really helped me improve and change the traditional perception of security as a blocker,” she says.

“On a typical day, I could be doing new employee onboarding and their IT set up, or articulating risks as part of the product/ feature development processes, investigating vulnerabilities and suspected incidents, or having risk-based discussions with key stakeholders.

“I believe my problem solving and relationship management skills play a key role in helping me succeed in my current role. Working with stakeholders of different seniority and expertise, it’s essential decisions are risk-informed and pragmatic whilst we maintain the high standards we aim to achieve.”

“My husband has been a pillar of strength through and through in realising my ambitions and going after them.”

Outside of her day job Mohanaprakas is a member of Oxfordshire regional CISOs network and of the Inclusive InCyber women’s network, mentors cybersecurity students in the UK and India and is a committee member of SADAH.org, a charity working to support South Asians manage their diabetes long term.

“I have been able to offer my skills and understanding of the fundraising regulations and good governance to ensure the charity is set to succeed and has mature processes for handling of personal and sensitive information,” she says.

Looking to the future Mohanaprakas is eying a business leadership role and perhaps gaining an MBA, “not very cybersecurity focused, but I think it’ll be valuable in navigating leadership and elements of wider organisational challenges,” she says. She also plans on tackling CISSP/CISA/ CISM at some point in the future.

www.linkedin.com/in/amohanaprakas

CRAIG FORD

Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC, Baidam Solutions and Ipswich City Council. Member of the Board of Directors – AISA (Australian Information Security Association).

COLUMN

Who should be in cybersecurity?

Who should be in cybersecurity is the theme of this edition of Women in Security magazine. It’s a question that perplexes me a little. I am a massive believer in diversity and inclusion, as many of you would know if you have read any of my previous articles in this magazine, or any of my books. Knowing that you might think I would answer “everyone.”

On really thinking about the question though, that’s not the case. Now, before you jump to a negative conclusion as to the direction I am heading with this, let’s break it down a little.

Cybersecurity is important. It’s complicated and a person needs many years’ experience before they can consider calling themselves an expert. No one in this industry knows everything. I certainly don’t. There is probably more I do not know than what I know. That is the nature of cybersecurity. There are so many different paths you can take, so many different skill sets, some of which will fit you better than others. It’s complicated.

That’s evident from the never-ending stream of data breaches and cybersecurity incidents. It’s hard to get security right. And you can’t stop a zero-day vulnerability from being exploited if you are not aware of it and have no idea how you might protect your organisation from it. There are no silver bullets. Cybersecurity is all about reducing your risks and trying to get things right from the start.

I know that’s not answering the question as to who should be in cybersecurity, but I don’t think I should. I think it is up every individual to decide whether cybersecurity is the right place for them. If you are considering a career in cybersecurity I believe you should ask yourself one question: how badly do I want to work in cybersecurity?

Why? Because it’s hard, it’s stressful and it is an industry that is neither easy to get into nor very

forgiving of mistakes. That said, we should all be allowed to make mistakes. We are human, after all. However, it is a reality that when an incident occurs it’s a pile-on. The industry condemns the poor people doing their best, working ridiculous hours trying to minimise the impact of an incident. We should be getting behind them, helping them recover and allowing them (and us) to learn from what has occurred.

I got a little sidetracked, so let’s get back to the question of who should be in cybersecurity. Everyone and no one. It is not my decision, it’s yours. It’s your life and your choice. You need to walk your own path, not mine or anyone else’s.

Once you have made that decision, the industry’s responsibility is to make you feel welcome, to allow you to do your best, and become a valuable contributor to this battle we are all waging to keep the malicious hordes at bay, to keep the lights on and businesses running, to not judge people on their appearance, their culture and what experience they have.

If we are open to allowing everyone an opportunity we may be surprised at just how great this industry can be, and the extent to which the diversity of our teams can produce the out-of-the-box thinking we need if we are to succeed.

So, make your choice. Once you do, I will be here to help make the industry as welcoming as possible.

Want to get matched with Lead Gen experts but dont know where to start?

Our solution experts can help you find the right supplier,

REACH OUT TODAY FOR AN INSTANT QUOTE.

The team at Source2Create has all the necessary skills to get the job done for you, so your time can be reserved to focus on other things.

INDUSTRY PERSPECTIVES

SASHA MULLINS

NAVIGATING ADHD: THE UNFINISHED TALE OF HOW I FELL INTO CYBER SECURITY

Bear with me on this, it wasn’t exactly a straightforward journey. Now that I think about it, it wasn’t straightforward at all. I have many people who can attest to that. ‘Many’ being… Well, everyone in my life, I guess. Though, actually only ‘some’ of ‘everyone’ picked up that I was truly different.

Well, no. For the most part they knew I was different, but more in a “oh my gosh Sasha can you please remember for once…” kind of way, rather than a “oh your brain is a bit spicy” realisation.

Wait, is it ‘bear with me’ or ‘bare with me’? This is getting confusing. I’ve lost the point. Let me start over. Plain and simple, I was diagnosed with ADHD at the age of 24, which wasn’t so long ago.

I guess my ADHD could be described as a version of ChatGPT, except with all the functionalities you did not ask for:

• Takes 5-10 business days to respond to your question.

• Interrupts everything you say.

• Loses train of thought mid-sentence.

• Answers every question with a story that has at least 10 sub-plots.

• Tries to befriend you the moment you say anything.

• Will shut down if your ‘vibe’ is off.

Interestingly though, a lot of the story I am about to tell I wrote before I was diagnosed. And, throughout the tale you may notice I don’t talk to all of the things associated with ADHD. You see, even though I wrote the story only a few months before my diagnosis, I still had not fully comprehended what ADHD meant. So, when I was experiencing things like insomnia, time-blindness, lack of object permanence, rejection sensitivity and more, I didn’t understand that these could all be tied back to the way my brain worked. What’s more, even though it felt etched into my skin, my being, my entire self, it wasn’t until it was sketched onto a piece of paper that I could confidently say OK, this is 100 percent me.

I would say I became self-aware about two years ago, but my self-awareness took a while to come to terms with (and remember), and then it took another year to go through the actual ‘process’ of getting diagnosed. It should not take a year. However, the way this process is set up makes being on the receiving end of it feel as if they took all the ingredients of ADHD, mixed them in a pot, and served them on a plate that says “F*** You”.

But now that I have it (the piece of paper, not ADHD – let’s be clear I always had that), I would like to share the ‘story’ I wrote post self-awareness but pre-

On a final note, before I share my tale, I’d like to highlight that it may feel a bit unstructured at times, or occasionally repetitive with the phrasing (welcome to my brain). Let’s remember I had complete control over the words on the page, but these were genuine moments where my mind trailed (well, a summarised version). I wanted to give some indication of what that looks like.

So, without further ado, here is a little bit of insight into my neurodiverse journey into cyber security:

I attended an all-girl secondary school where ‘technology’ was predominantly food, sewing or design related. So, though my introduction to cybersecurity did not start here, my journey did.

I struggled in school, and I mean really struggled. The sciences, maths and business subjects made me feel incredibly incompetent. Noise would crowd the air as my peers and I would fumble to our seats. I did not know it at the time, but those moments were my safe space. Like clockwork everyone in the room would mechanically switch to focus mode. I didn’t understand it, I could never do it and, as a result, I felt so alone. My brain didn’t work that way. So much of my education went a bit like this:

Always told to stop talking.

Always told to stop distracting.

Always told.

Always stopped.

Always. Always. Always.

Always sitting there in the silence that felt so loud, peering through a teacher’s words to try to cancel out the voices playing in my head. A sickening remix of uncontrollable sounds: elevator music, a song I heard once three years ago, a list of things on my to-do list, a list of things I wanted to say, a list of conversations replaying over and over, things that were funny, things that weren’t appropriate, words that tickled a certain part of the brain: these things were always on repeat.

Always. Always. Always.

So, yes, I struggled in school. And if it weren’t for the creative subjects I don’t know where I would be today. I enjoyed things like performing arts, English and media studies and, for the most part, I understood them. Not that I always excelled in them. You see the curriculum enforces a strict set of deadlines which felt like an everlasting battle, and I wasn’t winning. It sewed a cloak of stigma to my personality that I couldn’t seem to un-weave no matter how much I tried. Procrastinator, lazy, unmotivated, unsuccessful, “would do better if she stopped f**** talking for once and paid attention more often.”

A few of those words I could read in my teacher’s eyes. I don’t blame them; I must have been an incredibly challenging student. But I just wish they could have seen I was trying.

When high school was coming towards its end I was shocked that so many around me could articulate their career plans clearly. I was suddenly surrounded by

future lawyers, doctors, accountants, scientists and so on. Where the hell did that come from? It felt like everyone was called to a meeting that I wasn’t invited to. Seriously though, was it their parents channelling through them, or did they genuinely wake up one day with a sudden urge to pay their taxes?

I woke up with songs in my head, never goals, never plans. I still wake up with songs in my head. Doesn’t everyone? Which part of the brain even triggers that?

Sorry, off topic. Where was I.

The school naturally provided students with a career path based on their subjects. However, mine were a bit of a mixed bag. I switched between calculus, performing arts, statistics, chemistry, history, English and media studies.

But having a broad range of subjects was strategic to me. I couldn’t set myself a path if I didn’t know what it was. So, it was smart. It was the right decision. No, stop, wait. Why the hell did I do chemistry?

Anyway, I legitimately convinced myself at one point that the reason I could not see my future was because I didn’t have one. It put me in such a dark place. How was I supposed to get out of it? After all, I am a procrastinator, I am lazy, I am unmotivated, I am unsuccessful. And you know what? Maybe if I just stopped f***** talking for once and paid attention more, I could do better. But that’s not me.

University was a somewhat compulsory next step in my journey. And, while I recognise this was a privilege I should have been extremely grateful for, at a time when I could not picture a career, approaching a degree felt nothing but daunting. Everyone around me attempted to take on the role of a career guide as I sat through conversation after conversation about my skills (limited), my

passions (useless) and my goals (non-existent). The result was marketing and psychology. Sophisticated enough to sound exciting, broad enough to maybe enable me to make it somewhere in the world. I can only assume that is what my family were thinking when they chose those degrees for me.

I wanted to see the silver lining though. This was a chance to make new friends in a new city and that is exactly what it became. I set sail for windy Wellington, moved into the halls of residency and almost drank myself into a coma every weekend.

It was bliss.

For a while it didn’t matter that I wasn’t considered academically smart, because I was good with people. I always have been. I grew up in a social family with lots of cousins and friends, and mum was an absolute social butterfly, plus her and my dad are both in sales.

Thanks to them, I had the gift of the gab. And for a while there I was truly happy, on a high streak. But the rush can last for only so long, and eventually the

paranoia set in that I would fail my courses, become the dropout my teachers expected me to be and amount to nothing. I was always trying to change the outcomes of my grades but as much as I tried, I couldn’t. I would procrastinate. I was lazy, I was unmotivated and I could never be successful. And maybe I would do better if I just stopped f**** talking for once and paid attention.

You do this every time. You always mess up. Always. Always. Always.

Always sending myself into an avoidant state of mind, shoving everything that matters into a ticking time bomb of chaos. Always wondering if I have disappointed people I care for. Always fixating on everyone’s expectations. I needed help.

Please, I needed help.

My emotions have always been extremely unpredictable and difficult to control. Everything: happiness, sadness, stress and love, they’re all

intensified, and they come in waves. Subsequently, when I feel lost, it can be difficult to see the other side.

In this case it was my siblings who reached out to me in my attempt to reach sanity. My brother suggested I should look at information systems. It was a mandatory course for my commerce degree anyway. So, what did I have to lose? There was an assignment which involved introductory coding, and I can honestly say I have never experienced hyper-focusing to that level in my entire life. I excelled, and I enjoyed every moment of it.

This was it. This was me.

Following that semester I changed my degree, and by this point I had also dropped psychology. I have a lot of respect for people who enjoy statistics, I am not one.

Okay, off topic once again. Back to the story.

I was greatly inspired by the impact the course had on me, and I wanted to create that experience for others. I’m not going to sugar-coat this though, I also desperately needed money. Hence, I applied to be a tutor for the course in the following semester.

Now, just as a side note, I have this habit of making whatever I’m doing at any point in time my entire personality. In high school it was largely performing arts, in university it was tutoring, and as time went on it became cyber security. But I’m jumping ahead. Tutoring had its challenges, but it was the first time I felt I was around people who saw me academically, and I mean truly saw me. Don’t get me wrong, they could still see I was a procrastinator, but they never saw me as unmotivated or unsuccessful, and I had a probably quite annoying but fascinating trait: I never stopped talking. I felt at home with people who were very different from me.

I think what most surprised me during this time was how much finding something I was passionate about would influence the other components of my everyday life. All of a sudden, I could see I was capable of achieving higher grades, and higher grades soon became the standard across all my courses, even the ones I wasn’t necessarily passionate about. Tutoring not only increased my confidence, but for the first time ever in my education, I had a slight grasp on time itself. You know that feeling of untangling headphones? That is what it felt like. The intertwined lanes of tasks and deadlines became less jumbled, less noisy, less overwhelming. I could do this.

I had many achievements toward the end of my degree: the top tutor award for the university, the dean’s list for both my BA and BCom degrees, the top performing student in my information systems course in (drum roll please) …. cyber security!

I know, about time we got here.

From landing an internship with one of the banks to working fulltime in its cyber security team, to then working at a cyber security-focused organisation, my world has forever changed (for the better if that wasn’t clear). It’s a diverse, fast-paced environment where no two days are the same. And, with so much innovation and creativity across the industry, I finally have the ability to work with my brain, rather than against it. But ultimately this would be nothing without the people along the way. Throughout every part of my cyber security adventure, there…

Well, I’m sure that sentence was going to be absolutely great, but sadly that seems to be the point where I got distracted by something else and forgot the story existed. However, I can make a guess that I was going to highlight my appreciation for the people in my life. And wow, no wonder I stopped typing. Where do I even begin to describe how much love and admiration I have for so many people around me? I wouldn’t be where I am today without them. My inspiring family and friends both inside and out of work who love and support me every day, and my partner in crime who I am so grateful for. I am so incredibly fortunate.

I want to re-iterate that this story was written during a darker time of my life. You see, when you start to realise that every single habit, tendency, behaviour, thought process can be tied back to one simple thing, it’s easy to spiral. And, when the spiral takes over, sometimes it can feel impossible to hold onto the good.

In all honesty it feels weird to think there was ever a time when ADHD was not a concept used in my everyday life. But I am also only at the beginning of my journey, and I have to say, through all the

challenges, there is so much joy in having a not-sotypical brain.

Look, I’m not here to tell you that I have completely solved the challenge of being neurodiverse in the workplace. I still find myself working twice as hard just to achieve simple things like ‘time management’, when the reality is that I do not have a concept of time itself. But what I can tell you is that cyber security played a big role in helping me recognise the power that comes with ADHD. My superpowers: creativity, confidence, hyper-focusing, intuition, positivity, a big picture mindset, and more. You know what? ChatGPT wishes it had ADHD.

Okay, maybe not so much.

What I am trying to say is that, while I may have a notso-typical brain, cyber security is a not-so-typical kind of job, and that makes us a perfect pair. Perhaps if you are reading this as a fellow spicy brainer, or you’re just someone who is a little unsure about your path, cyber security could be a match for you too.

Now, it is time I wrap this up, but before I sign off, I would like to say a few final words:

I am not a procrastinator.

I am not lazy.

I am extremely motivated.

I am successful.

I will never stop f**** talking.

Pay attention because that is me.

www.linkedin.com/in/sasha-mullins-335325a3

WHO GETS A SEAT AT THE TABLE?

“Having a seat at the table” symbolises influence, decision-making power and a voice in shaping the trajectory of an organisation.

Ground-breaking New York congressperson Shirley Chisholm—the first black woman elected to Congress—told us back in the 1970: “If they don’t give you a seat at the table, bring a folding chair.” It was an inspirational statement from a legendary woman. It is also very instructional, and a critical piece of advice I, as a woman in cybersecurity, can truly relate to it.

According to ISC2’s most recent survey, women hold only 25 percent of cybersecurity roles. Female representation in cybersecurity is growing, but there is a long way to go. One of the most significant factors influencing boardroom dynamics is gender disparity. Despite strides made in recent years to promote diversity and inclusion, women in cybersecurity remain underrepresented in boardrooms globally.

WHAT DOES IT REALLY MEAN TO GET A SEAT AT THE TABLE?

When a woman breaks through the gender barrier and gains a board seat she has demonstrated technical

proficiency, strategic thinking and continuous learning. The increased diversity she brings to that board will make it more resilient, more inclusive and more forward thinking.

WHAT DO YOU DO TO GET A SEAT AT THE TABLE?

There are many factors that determine who earns a place in the boardroom.

Understand the relationship between actions and titles

First and foremost, let’s bust the myth that you need to be very senior to earn a seat at the table.

Titles don’t make you a leader. Your leadership standing is determined by the steps you take. Numerous individuals manage to earn a seat at the table, despite job titles that do not accurately reflect their position in the hierarchy. In a previous role I secured my place in that organisation’s hierarchy by thinking strategically, articulating my perspectives effectively and aligning with the organisation’s strategic vision and mission, despite not having a board position or a senior role.

Make sure you are heard

Ensure your voice is heard by strategically inserting yourself into conversations. Balance spontaneity with preparation; don’t rely on unprepared improvisation. Research and develop your perspectives and talking points. Embrace disagreement and commit to your stance. Avoid the need to be always right. Constant insistence on correctness does not make for effective communication; it may, in fact, demonstrate ignorance.

Strategic thinkers

Cybersecurity requires more than tactical responses to address weaknesses and mitigate threats: it’s a strategic necessity. Individuals who can think strategically about cybersecurity risks and align them with broader business goals are increasingly sought after in the boardroom. The ability to understand the business impact of cybersecurity decisions, risk management and the integration of cybersecurity into overall business strategy is essential.

Strategic thinkers in cybersecurity are adept at translating technical jargon into business language, effectively communicating the potential

consequences of cyber threats to stakeholders and making informed decisions that align with organisational objectives.

Ethical considerations

Today, when cybersecurity decisions have farreaching ethical implications, leaders who prioritise ethical considerations are increasingly valued. Individuals who understand the importance of privacy, transparency and the responsible use of technology contribute to a cybersecurity strategy that both protects the organisation and upholds its ethical standards.

Commitment to continuous learning

In the fast-paced world of cybersecurity, staying ahead of the curve is essential. Those who exhibit a commitment to continuous learning and who adapt to emerging threats are highly valued. Cybersecurity professionals who engage in ongoing education, attend conferences, obtain certifications and actively seek out the latest developments in the field demonstrate the agility to navigate the ever- changing cyber landscape.

You must be a people person

Developing strong connections with the people in your organisation will go a long way towards gaining you a seat at the table. Keep your eyes and ears open. Do floor walks to understand people’s concerns.

People face multiple cyber threats every day of their lives. Understanding psychology is crucial to empathising with employees and what they go through when they become victims of cybercrime.

Communication and stakeholders management skills

Effective communication is a cornerstone of success in any leadership role. It is essential to hone your communication skills so you can convey complex technical information in a clear and concise manner. The ability to articulate cybersecurity risks, strategies and solutions to both technical and non-technical stakeholders is crucial for fostering collaboration and gaining support for cybersecurity initiatives.

Building strong relationships with stakeholders is equally critical. Leaders who can articulate the business value of cybersecurity initiatives and engage stakeholders in meaningful conversations are wellpositioned to secure and retain their seat.

Networking and mentorship

Building a strong professional network is essential for anyone aspiring to reach a leadership role in cybersecurity. Attend industry events, join cybersecurity organisations and engage with professionals both online and offline. Mentorship

relationships with experienced cybersecurity professionals can provide valuable guidance and insights, helping women navigate the complexities of the field and make informed career decisions.

GO FOR IT!

You need to be focused on yourself and on the priorities in your personal and professional life, and not be distracted by external events such as office politics, social media, etc. Fear of missing out (FoMo) is a powerful lure. Unfortunately, it causes you to focus on issues that can be detrimental to your success, and prevents you focusing on issues that are important.

Doing the above helped me gain a seat at the table and I am sure it will help you too!

In 2023, I took a Leap of Faith. To start my entrepreneurial journey in cybersecurity in India.

With many things running through my mind then, I decided it’s time to do something better and bigger than what I was doing in my various job roles. Hence, I founded SyberNow with a Mission to “Make Every Human the Strongest Defense against cybercrime.”

We go beyond awareness, guiding individuals towards mindfulness. A mindful individual not only protects themselves and their family but also strengthens the entire organisation’s cybersecurity.

www.linkedin.com/in/poojashimpi

sybernow.com/services

MANAGING AI BIAS AND THE VITAL NEED FOR UPSKILLING AND RESKILLING IN TECHNOLOGY: OUR INDUSTRY DEPENDS ON IT

In recent years AI has manifested in various forms, from smart speakers to sophisticated chatbots like ChatGPT. We have seen significant strides in machine learning and problem-solving capabilities that hold immense potential to positively impact and simplify our lives.

However, as we delve deeper into the realms of AI, it becomes apparent that the power of AI technologies also creates many challenges and ethical considerations. AI operates on algorithms created by human beings, and these algorithms can inadvertently perpetuate biases, particularly when applied to questions of gender, social norms and cultural equality.

AI’s rapidly growing capabilities represent a doubleedged sword. On the one hand, AI has the capacity to transform social norms, amplify under-represented voices, create jobs we have not yet dreamt of and contribute to positive change. On the other hand, it has the potential to exacerbate existing inequalities, particularly when these are the result of gender bias, and it has the potential to eradicate some lowerlevel jobs. This is where upskilling and reskilling—in cybersecurity and the wider tech industry—plays a crucial role.

THE INFILTRATION OF AI BIAS

One of the significant challenges we face is the underrepresentation of women in AI. According to the World Economic Forum, only 22 percent of people working

in AI globally are women. This lack of diversity leads to biased algorithms, reinforces gender stereotypes and perpetuates inequalities.

The consequences of gender bias in AI are farreaching, affecting everything from recruitment systems to the design of technology-enabled services. Inclusive AI development is not just a matter of ethics but also a necessity to ensure fair, secure and unbiased digital interactions. Companies must take concrete steps to foster diversity within their teams and to ensure the design and deployment of technology benefits everyone.

While national policies and initiatives play a crucial role in addressing these challenges, individuals in the tech sector can make a difference within their spheres of influence. Mentorship programs, especially for women interested in technology, can break down harmful gender norms and provide the guidance women need to pursue STEM careers. The creation of gender-balanced project teams and the adoption of participatory approaches in technology design are practical steps towards fostering inclusivity.

REDEFINING CYBERSECURITY

Security professionals today operate in an environment without precedent. They are dealing with rapidly evolving digital threats. The pace of change in this sector and the new knowledge and new skills required by security professionals are without precedent.

Reskilling and upskilling provide three profound benefits: they will ensure the security workforce continues to grow in numbers and expertise; they will provide a pathway for professionals whose jobs are threatened by AI; they will help to reduce gender and other biases.

Interestingly, half the global respondents surveyed for ISACA’s recent Privacy in Practice 2024 report said their organisation was offering training to enable nonprivacy staff to move into privacy roles. This is a trend that must continue to accelerate.

Reskilling programs should focus on increasing the representation of women in technology, which is critical if we are to address, and one day eliminate, gender bias.

Here are some key ways to achieve this:

Inclusive education initiatives: establish educational initiatives that foster interest and inclusivity in STEM subjects from an early age. Encourage girls to pursue technologyrelated studies by providing mentorship, resources and exposure to successful women in the field.

Mentorship and networking opportunities: create mentorship programs connecting experienced cybersecurity professionals, both men and women, with aspiring female talent. These mentorship opportunities can provide guidance, career advice and a supportive network.

Promote gender diversity in leadership: actively promote gender diversity in leadership roles within cybersecurity organisations. Having visible female leaders can serve as inspiration and motivation for women pursuing or considering careers in cybersecurity.

Flexible learning options: recognise the diverse responsibilities that women often juggle. Provide flexible learning options such as online courses and part-time programs to accommodate these responsibilities.

Develop partnerships with industry: forge partnerships between educational institutions and industry stakeholders to ensure educational programs align with the current needs of the cybersecurity workforce. This collaboration can facilitate internships, apprenticeships and practical experiences.

Address gender stereotypes: actively challenge and break down gender stereotypes within the field. Highlight successful female cybersecurity professionals, showcase their achievements, and emphasise the varied skillsets that make women valuable contributors to the industry.

Create supportive workplace cultures: foster workplace cultures that prioritise diversity and inclusion. Encourage organisations to implement policies that prevent discrimination and to create environments where women feel valued and heard.

Support continuous professional development: establish mechanisms that encourage women to pursue certifications, attend conferences and engage in ongoing learning opportunities to stay abreast of evolving cybersecurity trends.

HUMANITY MUST CONTROL TECHNOLOGY

The UN Secretary General’s call for a future where humanity controls technology rather than the other way around resonates profoundly. Upskilling and

reskilling in technology fields and cybersecurity are not needed only to adapt to technological advancements but to shape a future where AI benefits all, leaving no one behind. This requires a collective commitment to inclusivity, diversity and ethical considerations. As we champion this future, let us remember that small changes within our spheres of interest can accumulate into significant positive transformations for the common good.

ABOUT THE AUTHOR

Jo Stewart-Rattray has over 25 years’ experience in the security industry. As a director of BRM Advisory she consults in risk and technology issues with a particular emphasis on governance and IT security in businesses. She regularly provides strategic advice and consulting to the banking and finance, utilities, healthcare, manufacturing, tertiary education, retail and government sectors.

www.linkedin.com/in/jo-stewart-rattray-4991a12

FOSTERING DIVERSE AND INCLUSIVE WORKPLACES: EMBRACING NEURODIVERSITY

In their quest to boost a cybersecurity workforce in Australia that is currently under-resourced and insufficiently diverse, organisations are recognising the importance of prioritising diversity and inclusion. While diversity is generally seen as embracing differences in gender, age, culture, ethnicity and religion, organisations are increasingly acknowledging neurodiversity and taking steps to understand it and how it can be fully embraced in the workplace.

Strictly speaking, neurodiversity simply refers to the fact that there is no single “normal” or “typical” way for the brain to work and that there is a wide variety in the way individuals experience and interact with the world around them.

Autism is one form of neurodiversity, characterised by differences in social relating, communication and sensory processing. In Australia at least one in 70 individuals is autistic, yet only a minority disclose their diagnosis because of their concerns over how it may be received.

Research by the Aspect Research Centre for Autism Practice (ARCAP) demonstrated the complexities involved in a decision to disclose, particularly in the workplace. Following disclosure, autistic adults described reactions that ranged from negative (shock, disbelief they were autistic), neutral (no reaction) to positive. In the latter case, they felt liberated, accepted, celebrated and valued, and their workmates were curious to learn more. However, negative experiences were reported much more often.

It was also clear from this research that disclosure experiences were influenced by context. Therefore, organisations that wish to benefit from the advantages of a neurodiverse workforce need to ensure an inclusive and supportive environment.

CREATING AN AUTISM-FRIENDLY WORKPLACE

The creation of an inclusive workplace that embraces neurodiversity requires more than mere compliance with diversity and inclusion policies. It requires active welcoming and celebration of the unique strengths

that neurodivergent individuals bring to the workforce: a rich pool of talents, different perspectives and innovative thinking. The benefits of embracing neurodiversity are particularly evident in problemsolving, creativity and overall team dynamics.

While policies for inclusivity are important, there are also practical steps organisations can take to foster autism-friendly workplaces.

Understanding experiences from the perspectives of neurodivergent individuals is critical. Environmental or activity assessments conducted by experts, including neurodivergence consultants, provide insights into the specific needs and challenges faced by individuals with diverse neurological profiles. The insights gained can be used to design workplaces that accommodate and support all employees and that foster a sense of belonging.

Making adaptations to the environment and workplace processes can help create a workplace that accommodates neurodiversity. These adaptations might include workspace modification, minimisation of sensory experience—which can be overwhelming for neurodiverse workers—and the provision of resources such as quiet areas. By reducing unnecessary stimuli and creating an environment that supports and is comfortable for neurodivergent individuals, organisations can make their workplaces more inclusive.

Training and information sessions about autism are crucial to breaking down barriers and dispelling misconceptions. Training, developed and delivered with neurodivergent individuals, ensures information is positive, relevant and respectful. By demystifying autism, organisations create a foundation for open communication and understanding.

NEURODIVERSITY AND CYBERSECURITY

The benefits of embracing neurodiversity become especially pronounced in the realm of innovation. Many neurodivergent individuals possess unique perspectives, unconventional problem-solving skills and a talent for thinking outside the box. In fields such as technology, design and research, where creativity is paramount, neurodivergent individuals

can contribute valuable insights that drive innovation and competitive advantage.

Many neurodivergent individuals exhibit qualities that align closely with the demands of the cybersecurity sector. Attention to detail, pattern recognition and focus are traits well-suited to roles involving code analysis, threat detection and vulnerability assessment. Non-traditional thinking in cybersecurity can be a game-changer, and the unique strengths and perspectives of autistic adults can be valuable.

Ultimately, fostering inclusive workplaces that embrace neurodiversity is not just an ethical imperative, it’s a strategic advantage. Organisations that prioritise diversity and inclusion position themselves as leaders in innovation, adaptability and employee satisfaction. Environments that value the unique contributions of every individual produce stronger teams and contribute to a more equitable and compassionate society.

ABOUT THE AUTHOR

Dr Vicki Gibbs is a Clinical Psychologist and Head of Research at Autism Spectrum Australia (Aspect). Vicki is also the parent of a young man on the autism spectrum and is passionate about research that aims to make a difference in the everyday lives of autistic people and their families. Vicki has specific training and expertise in diagnostic assessment as well as qualitative and quantitative research methods. Vicki’s PhD thesis focused on exploring violent victimization of autistic adults, investigating the extent, nature and impact of these experiences and resulted in five published papers. Vicki has also led or supported research projects on a wide range of topics, including several autism and criminal justice related projects and projects related to autism screening and assessment practices, employment, education, financial well-being, and self-compassion.

www.linkedin.com/in/dr-vicki-gibbs-06a9296a

BAKER

EMBRACING NEURODIVERSITY IN CYBERSECURITY

"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained, you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle."

— Sun Tzu, The Art of War

According to Deloitte, 10-20 percent of the global population is neurodiverse, so it is likely a significant portion of cyberattacks will be orchestrated by neurodiverse individuals. Recognising this, a logical step to enhance cybersecurity would be to assemble a team that mirrors the diversity of potential threat actors. It is therefore crucial to understand how neurodiverse individuals can thrive in cybersecurity.

My own journey, particularly my late attention-deficit/ hyperactivity disorder/autism spectrum disorder (ADHD/ASD) diagnosis, reshaped my perspective of myself and others. Through overcoming initial hesitations rooted in societal stigmas I’ve come to appreciate the compassion and strong sense of justice that often characterise neurodivergent individuals. In the realm of cybersecurity these traits can pivot a neurodiverse individual’s focus towards people-centric solutions and away from the norm of corporate-centric approaches.

tremendous asset in security analysis and monitoring. However, this ability comes with challenges; neurodivergent individuals may struggle in typical work environments due to their heightened response to sensory stimulation, making remote work an attractive and productive alternative.

The number of neurodivergent individuals in cybersecurity remains low. A significant factor may be the unsuitability of traditional recruitment processes and behavioural expectations. Interviews, which require candidates to demonstrate high social skills and quick responses if they are to be successful, can disadvantage neurodivergent candidates. A more inclusive and accessible recruitment process could unlock the untapped potential of neurodiverse individuals.

In conclusion, neurodivergent individuals not only fit well in cybersecurity but can excel, offering cost savings and innovative solutions, and addressing societal employment challenges. The neurodiversity spectrum is wide: there can be great variation in how individuals manifest their neurodiversity. Creating an environment that is truly inclusive of these individuals can enable them to make significant contributions to an effective cybersecurity industry.

www.linkedin.com/in/dahye-baker

GETTING MORE WOMEN INTO CYBERSECURITY

My fascination with computers and technology was ignited during my early childhood. As one of three sisters, I spent a considerable part of my youth alongside my father, an avid enthusiast of technology, electronics and crafts. My days were filled with joyous activities such as wiring, welding, sorting electronic components, dismantling keyboards, crafting furniture, painting and renovating antique radios.

Three decades ago, while I was still in high school, my father—who was employed by the Israeli Ministry of Defense—was relocated to the US. Living in New York presented an incredible cultural and language-building opportunity that was a rarity at the time. My love for physics, chemistry, statistics and maths enabled me to skip the 10th grade and to graduate from high school in just three years.

On turning 18, in line with the duty of Israeli citizens, I joined the Israeli Defense Forces (IDF). My desire was to become a pilot, but women barred from this role at the time. I found an alternative by serving in an IDF Air Force F-15 squadron operation command centre. Although the unit was open to both genders, I was among the few women in the unit. The operations command centre, being the heart of the squadron, was responsible for managing missions, preparing materials for pilots’ flights, real-time communication, and addressing unexpected situations.

Today, the battlefield has expanded into the virtual realm, emphasising the significance of cybersecurity. Yet, it’s disheartening that the majority of defenders in this field are still men.

Recognising the shortage of cybersecurity professionals globally, the Israeli government established the Council for Advancement of Women in Science and Technology in 2000. The aim was to change the narrative in the belief that inclusivity would not only be a game-changer but would also enhance the nation’s GDP and quality of life. Initiatives like these should start at the educational level, raising awareness of gender bias in schools and organisations.

The dynamic nature of the IT environment calls for increased investment in women’s development within the cybersecurity industry by all countries and governments. While progress has been made with more women in leading positions, the data shows that we are still a minority. Diversity in education, the workplace, and mindsets is crucial.

EXPANDING THE TALENT POOL

As leaders, we hold the power to make a difference. Setting goals to address the gender gap in cybersecurity, promoting skill development and education, creating scholarships and offering

incentives for women to pursue computer science and engineering are steps in the right direction. Company leaders can expand the talent pool by actively recruiting more female candidates, implementing flexible working conditions, ensuring equal compensation benefits, setting targets to reduce gender bias, placing women in leadership roles, and providing career development programs.

By becoming role models and taking action, leaders can foster a culture of diversity within their teams, leading to innovation and progress. It is their collective responsibility to unlock the untapped potential of women in cybersecurity for the benefit of everyone.

In the last few years, I have seen strong women in leading positions in many companies. However, data analysed by Pew Research shows that we are still a minority. Diversity in education, in the workplace and in people’s minds is key. If you own a company, if you are an investor in companies, or if you are in a leadership position, you can help the world.

Here are some ways countries, companies and leaders can understand the unfulfilled potential for women in cybersecurity and act upon it for everyone’s benefit. Based on my personal journey and the insights I have offered into Israel’s efforts, I would urge leaders to address the gender gap in cybersecurity by assisting with skill development and education.

STEPS TO INCREASE DIVERSITY

For example, you could create scholarships and incentives for women to study computer science and engineering in high school and college. If you are a leader in your company, find ways to recruit more female candidates. Notice whether your company is talking about gender bias as a trendy topic or actually doing something about it. Are you taking real measures to drive change? Here are some ideas.

• Can you introduce flexible working conditions to accommodate caregivers?

• Are you sure you are offering equal and fair compensation benefits, regardless of gender?

• Perhaps you could define a target such a 50 percent female workforce to reduce the gender bias associated with roles within research and other technology-oriented departments and put more women into leadership positions.

• Offer career development programs for women in your company.

If we as leaders become role models and take action, our teams can enjoy a culture of diversity and foster a heterogeneous environment which can lead to more innovation and progress.

ABOUT THE AUTHOR

Gily Netzer, CMO, brings marketing leadership to Cybersecurity and DevSecOps companies. Passionate, innovative and results driven marketing strategist and veteran leader with 20 years of international B2B Cybersecurity experience. Building teams across regions, establishing new technological categories, forming a marketing machine for consistent rapid growth, market leadership, partner and customer relationships. Gily is a contributor to publications such as Forbes, Help Net Security, CyberSecurity Ventures, IT Toolbox, and serves on the advisory board and mentor.

www. linkedin.com/in/gilynetzer

KAREN STEPHENS

Karen Stephens is the co-founder and CEO of BCyber. After more than 25 years in financial services, Karen moved into SME cybersecurity risk management. She works with SMEs to protect and grow their businesses by demystifying the technical aspects of cybersecurity and helping them to identify and address cybersecurity and governance risk gaps. She was recently named inaugural Female Cyber Leader of the Year at the 2023 CyberSecurity Connect Awards in Canberra.

COLUMN

Who should be in security?

Who should be in security? That’s a big question with a simple answer. And the answer is… absolutely everyone!

2024 started with the proverbial Big Bang. We had the mother of all breaches with 26 billion records leaked from multiple sites, including Tencent, Weibo, Twitter, LinkedIn, Adobe and Canva; a mind blowing 12 terabytes of data. It is difficult to comprehend such massive data volumes. This will provide some perspective: Many ISPs cap monthly data usage at one terabyte(1) the Hubble Space Telescope generates about 10 terabytes of new data every year (1) and IBM’s famous Watson game-playing supercomputer has 16 terabytes of RAM(1). So it was a mega leak, and it may not include recent Australian based breaches like Nissan Australia, the Victorian courts or The Iconic

If you are thinking, “well so what?”, these breaches have given cybercriminals access to a huge database of personal information that can be used for credential stuffing activities, where cybercriminals use the leaked customer credentials to try to log into other websites. Some will be successful because many people reuse login credentials for more than one website. It was this type of breach that saw customers of The Iconic flood its Facebook page with complaints of fraudulent orders placed in their names.

So, in my opinion, we are now all casualties of the data privacy wars. No one is left untouched, and security is now the responsibility of us all. Cybercriminals do not respect age, gender, or geographical boundaries. If you are connected to the Internet, you are fair game. And the risks are unavoidable unless you are living totally off the grid with no Internet. Nor can cybersecurity give you 100 percent foolproof protection, 100 percent of the time.

Good cybersecurity means acknowledging the risks and getting the basics right, all the time.

It is all well and good to say we all need to harden our cyber resilience to be more cyber safe, but sometimes even getting started is the most confusing and challenging part. Looking beyond security software and all it entails, here are four steps to get you (and your family) started:

Good password hygiene. Passwords are an important line of defence when it comes to protecting your data. Increase your personal cyber resilience by:

1. Keeping your passwords safe. Do not write them on sticky notes, reuse them or share them.

2. Choose complex passwords. Have at least 16 random characters.

3. Keep an eye out for news of major breaches/ leaks and update your passwords if you think you have been caught up in one.

4. Never use any personal details in your passwords.

Responsible social media use. Social media is a great source of useful information for cybercriminals. Be aware of what you share online, not only about yourself but about your family and friends. Remember everything you share on social media can and will be used against you. A quick preventative measure is to lie (yes lie) when completing security questions, just in case you have overshared personal information on a social media account.

Cyber awareness training. This is not needed only by workers. Everyone, young and old, need to have some cybersecurity training. There are many free online training programs available where the only cost

is time. Being informed is a great way to strengthen your cyber resilience.

Secure online buying. We all love a bargain, but we need to keep our wits about us when bagging that online deal.

1. Purchase only from online retailers you are familiar with and have confidence in.

2. Before providing any information, verify the website address and site details.

3. Do not click on emails or SMS messages offering “special deals”. Type in the entire website address or use a store’s official app.

4. Use a secure online payment platform to make your purchases or have a separate debit card that is used for online purchases only.

Maintaining continual vigilance is hard, but only by constantly doing our bit can we create a safer cyber environment for all.

Notes

(1) Terabytes, Gigabytes, & Petabytes: How Big Are They? (lifewire.com)

www.linkedin.com/in/karen-stephens-bcyber

www.bcyber.com.au

karen@bcyber.com.au

twitter.com/bcyber2

youtube.bcyber.com.au/2mux

CAREER PERSPECTIVES

DECODING CYBER ROLES IN 2024

Cybersecurity is an industry in a state of constant flux. Since its humble beginnings in the 1970s with the advent of computer networks and Bob Thomas’s Creeper worm cybersecurity has developed into a fully-fledged industry in its own right.

In the past there was no specific career path one could take to become a cybersecurity professional. Even now, senior cybersecurity professionals, including those in the C-suite, are mostly people who started out in computer science, network administration, software development or information technology-related fields. Over time, and through the evolution of technology, they have learnt the skills necessary to deal with cybersecurity issues.

It’s easy to see, with the rapidly expanding list of specialised job titles and acronyms, how the cybersecurity industry can remain something of an enigma to those seeking to join it. As a specialist cyber recruitment consultant, it’s my job to keep up with the industry at large and break down those barriers. It’s important to highlight that not every role in cybersecurity requires deep technical skills or needs someone who looks like a hacker in a hoodie writing scripts.

Whether you’re a new graduate, an experienced worker looking for a career change, or a seasoned

cyber industry professional, here’s a list of some of the most commonly recruited roles in cybersecurity, with the certifications most often sought for each.

DEFENSIVE SECURITY

Roles: security or soc analyst, blue teamer, defensive security specialist, incident responder.  Certifications: GCIH, GCFA

Defensive security is a subspecialty of cybersecurity that focuses on protection. Think of defensive security specialists as the security guards of data and networks. People in these roles provide vulnerability analysis, respond to incidents, investigate alerts, and in some cases conduct threat hunting. When threats arise, people in these roles will monitor and analyse the event and often, in real-time, initiate a response to try and mitigate it.

OFFENSIVE SECURITY

Roles: penetration tester, red teamer Certification: OSCP, GPEN

Offensive security, also known as OffSec, is all about actively seeking out vulnerabilities in an organisation’s environment. Offensive security experts, often known as ‘ethical hackers’, look for cracks in the security armour to identify any weaknesses a malicious hacker might find and endeavour to exploit in a cyber

attack. They work to strengthen network security by performing simulated breaches for a company.

SECURITY ENGINEERING AND ARCHITECTURE

Roles: security engineer, security architect

Certifications: SABSA, TOGAF

Security engineering and architecture refers to the design, development and implementation of security systems, tools and processes for an organisation. A security engineer will generally employ engineering principles to deploy systems. An architect will often have a background in engineering and have progressed to designing security systems rather than implementing them. Some security architect roles are consultative, and an increasing number require the architect to have an engineering background, enabling them to influence the wider technology audience within a large enterprise.

SIEM AND SOAR ENGINEERS

SIEM (security incident event monitoring) engineers design, deploy and configure SIEM tools to aggregate and correlate data, enabling the security operations team to detect anomalies, identify potential threats and respond swiftly to security incidents. SOAR (security orchestration and automation response) engineers develop, implement and manage the automation, scripts and playbook content for the defensive security teams. SOAR engineers require a level of scripting skill, often in Python and, ideally, extensive security operations experience.

APPLICATION SECURITY AND DEVSECOPS:

Application security (AppSec) engineers are responsible for ensuring security is embedded into the development process of an organisation (aka ‘shifting security to the left’) to prevent security vulnerabilities or unauthorised access, whereas

DevSecOps engineers are responsible for integrating security testing at every stage of the DevOps development process. They use tools and processes that encourage collaboration between developers, security specialists and operation teams to build software that is both secure and efficient to roll out.

GOVERNANCE, RISK AND COMPLIANCE (GRC)

Roles: cyber risk GRC officer, cyber risk GRC consultant, GRC analyst

Certifications: CISSP, CISA, CISM

Governance, risk and compliance is a subspecialty of cybersecurity that focuses on aligning an organisation’s business objectives with IT. Policies and process are monitored and their security risks assessed and managed to make sure any action undertaken is consistent with the strategic goals of the business, and meets all industry and government regulations. GRC professionals spend a lot of time reviewing compliance frameworks such as ISO27001 or SOC2 standards and ensuring projects are aligned with these. They also examine code, model threats and conduct risk assessments to identify potential vulnerabilities in an organisation’s systems.

LEADERSHIP AND THE C-SUITE

Roles: CISO (chief information security officer), CSO (chief security officer), head of security, security manager

The chief information security officer is responsible for establishing a strong security strategy for an organisation and ensuring all digital assets and information systems are protected. They oversee the entire information security function within a company and their job requires a broad range of technical and soft skills, including great leadership skills, communication skills and an in-depth understanding of cybersecurity that enables them to communicate well with both a technical and non-technical audience. They are required to engage with the C-suite and board members to ensure these people understand the cyber threat landscape to the extent that the company takes appropriate measures to mitigate threats.

Some organisations will have a CSO who has a role slightly different to that of a CISO. Whereas a CISO will be focused on an organisation’s data, systems and information security, the CSO is responsible for physical and corporate security as well as information security.

The cybersecurity industry is as varied as it is dynamic. As the field continues to grow, it will need individuals who bring with them a whole host of talents from all different backgrounds to fill these roles. As a cybersecurity recruitment specialist I can confirm that there are plenty of jobs on offer from entry-level positions to senior leadership, to the board room for those seeking these. I can only hope, with better education around the various opportunities available for workers, excitement for this industry will continue to build and bring with it a whole new generation of diverse cyber professionals.

https://www.linkedin.com/in/j-mccrudden

We can SCRIPT & CREATE your PODCAST

We can ADVERTISE & SOCIALISE your PODCAST

We can GENERATE LEADS from your PODCAST

5 SERIES PODCAST AUD$10,000 Ex GST

REACH OUT TODAY

CULTURAL BLIPS SINK SHIPS

I’m still confused as to why in 2024 many organisational leaders think culture is something that exists only in a tub of yoghurt.

No matter how many experts in psychology, business and leadership continue to provide mountains of evidence showing us how important culture is to an organisation, we are still faced with micromanagement enablers and meaningless exercises in futility that lead nowhere.

So, here are two questions I’d like to pose and try my utmost to answer:

1. Why do some leaders still ignore the importance of organisational culture?

2. Are they even aware that the culture they’ve created has become toxic?

The eternal optimist in me would like to think that a ‘No’ answer to the second question is the reason why some organisations across Australia still possess a negative culture. However, having had a professional career for 21 years now, I can understand why some ‘leaders’ would not touch learnings about culture with a 60-metre pole.

WHY THE NEGATIVITY?

I wrote an article back in November of last year in which I called out the toxic situation at a former workplace and the type of comments I was hearing from senior management. I still firmly believe there was a deeply rooted issue of culture there that, from what I am hearing from others, still exists today. However, this article is not about that particular workplace, it is merely going to use it as an example for why there are still senior managers who drive an organisation into the cultural abyss.

Let’s talk about business strategy. Many businesses in the tech space—whether they be consulting, selling a solution, or helping drive an industry—have their own unique processes and procedures, all driven by an overall strategy. Are they sales driven? Are they relationship and customer focused? Do they have a long-term vision based on a sustainable business model? Are they purely motivated by their ‘Why’? These questions are important to ask, because I’ve worked for each of these types of organisations and have seen the difference their drivers make.

A cybersecurity business that is purely sales-focused and driven by profits will not last. It will either go under or play a short-term game in which being

acquired is part of its overall plan. All power to those leaders, and good on them, but what they are unknowingly doing is building a culture of toxicity and hyper-competitiveness within their own team members and producing a high staff turnover. These companies are a dime a dozen and, as someone who has worked for them in the past and who is now taking a high-level view as a recruiter, I can tell you: the people in such organisations suffer.

WORK HARD, PLAY HARD IS GROSS

Yes, the people suffer. And this is still something that happens frequently in our industry. I’m not here writing about whether business leaders should or should not have some kind of acquisition strategy in mind. Nor am I saying we should not be focused on sales. To do so would be crazy: sales are what keep a business going. What I am saying is that these are typically the type of organisations that get culture wrong.

These are the organisations that raise a flag which states very bluntly: work hard, play hard. This type of culture absolutely needs to die. The reason is that these leaders see the play hard element as the reward for burnout and the toxic competitiveness that comes from their overall strategy. In a postCOVID world where the cost of living is rising and a number of other external factors are accelerating that burnout, we need to start taking a more employeecentric approach. Surely these leaders recognise that there are other incentives than opening a bar tab at the local pub on a Friday afternoon or holding team building exercises every few months which they believe to be ‘fun’ and ‘engaging’.

I have nothing against putting on a few drinks for staff every now and again, and certainly nothing against team-building exercises, but these are NOT rewards for hard work.

These leaders should think about:

• Financial bonuses for exceeding KPIs

• Paid training

• Paid overtime or time in lieu

• Flexible working options for all staff regardless of their role, or flexible working rosters

This is not an exhaustive list, and there are many, many other amazing incentives business leaders can offer if they want the right people to join them, and the right people to stay.

LET’S BE MORE AWARE

I would really like to open the conversation with business leaders in the cybersecurity sector. This is certainly not an attack on them and their practices, it’s more an observation on why things are not working in some businesses but working really well in others. The question of employee retention often comes up in my discussions with various candidates and clients, yet many cannot pinpoint why there is such a rapidly revolving door at the front of their office.

As a community and as an industry, we need to raise awareness about toxic cultures. We will then be better placed to address issues such as lack of diversity and inclusivity, and the many other cultural issues that bedevil cybersecurity in general.

www.linkedin.com/in/simoncarabetta

CYBERSECURITY: AN INCLUSIVE INDUSTRY FOR EVERYONE AND HOW TO BREAK INTO IT

Cybersecurity is a rapidly growing industry that plays a crucial role in safeguarding digital assets and information from ever-evolving cyber threats. The cybersecurity industry—traditionally perceived as the domain of tech-savvy individuals with a strong background in computer science—is evolving. The importance of diversity and inclusivity is increasingly being recognised. In this article we explore the idea that cybersecurity is an industry for everyone. We delve into the qualities that make individuals from diverse backgrounds valuable contributors to the field and cover some ways to break into the industry.

THE IMPORTANCE OF DIVERSE SKILLSETS IN CYBERSECURITY

One of the common misconceptions about cybersecurity is that it is exclusively for individuals with a deep technical background. While technical skills are undoubtedly essential, a successful cybersecurity team requires a diverse set of skills and perspectives.

Diverse skillsets are the backbone of a robust and effective defence against ever-evolving cyber threats. A successful cybersecurity team thrives

on a multifaceted skillset that extends beyond traditional programming or network management capabilities. Communication skills are crucial for effectively conveying complex security concepts to non-technical stakeholders, making cybersecurity accessible and understandable to individuals across various departments within an organisation.

Problem-solving abilities enable professionals to think critically and strategically and devise innovative solutions to tackle emerging threats. Risk management expertise enables the identification and prioritisation of potential vulnerabilities, ensuring resources are allocated efficiently to mitigate the most significant risks. Taking a holistic approach to skills diversity means combining technical expertise with a range of soft skills that collectively fortify an organisation’s cybersecurity posture.

Crucially, the ability to think critically and engage in continuous learning is paramount in an industry where threats constantly evolve. Cybersecurity professionals must stay ahead of the curve, adapting to new technologies and emerging attack vectors. This adaptability, coupled with a curiosity-driven

mindset, allows individuals to proactively anticipate and respond to the dynamic nature of cyber threats. A successful cybersecurity team will embrace diversity not only diversity of backgrounds and experiences but also in the amalgamation of skills that collectively support a comprehensive defence strategy. As the cyber landscape continues to morph, the value of diverse skillsets becomes increasingly evident, emphasising the need for a well-rounded and versatile workforce to safeguard digital assets in the modern era.

GOING BEYOND SKILLSETS FOR TRUE INCLUSIVITY IN CYBERSECURITY

As cyber threats become more sophisticated the industry benefits from a variety of perspectives and experiences. Diverse teams can approach problems from different angles, making it easier to anticipate and respond to a wide range of cyber threats. Inclusivity in cybersecurity also extends to gender, race, ethnicity and other demographics. It requires fostering a workplace culture that values different backgrounds and ideas.

Inclusivity is the cornerstone of a resilient and effective cybersecurity environment. Embracing diversity in terms of gender, race, ethnicity and background not only contributes to a richer pool of talent but also fosters a variety of perspectives crucial for tackling the diverse and complex challenges in cybersecurity.

Inclusivity in cybersecurity extends beyond demographics to encompass diverse career paths, recognising that individuals with non-traditional backgrounds can bring unique insights to the field. This approach helps break down stereotypes and dispels the notion that a specific educational or professional trajectory is a prerequisite for success in cybersecurity. By creating an inclusive environment the industry promotes innovation, creativity and adaptability; qualities essential to combating rapidly evolving cyber threats.

Inclusivity in cybersecurity is therefore essential for building a resilient defence against cyber threats on a global scale. Cybersecurity is a collaborative effort that requires input from individuals with various perspectives and experiences. A diverse workforce can better anticipate and understand the motivations behind cyber attacks, allowing for more effective prevention and response strategies. Inclusive teams are better equipped to devise holistic security measures that consider the needs and vulnerabilities of a diverse user base. Ultimately, fostering inclusivity in cybersecurity not only strengthens the industry’s ability to protect digital assets but also aligns with principles of fairness and equity.

BREAKING DOWN STEREOTYPES IN CYBERSECURITY FOR GREATER INCLUSIVITY

Historically, the image of a cybersecurity professional has been that of a script kiddie, wearing a hoodie and sitting in a dark room surrounded by screens filled with lines of code. This stereotype has deterred many from considering a career in cybersecurity, especially those who do not fit that mould. The reality is that cybersecurity encompasses a broad range of roles, including policy and compliance, risk analysis, incident response and security awareness training. Countering this stereotype is therefore essential to attract a diverse pool of talent to the industry.

This means promoting positions that require skills other than coding, such as those focused on policy development, risk management and security awareness training. By raising awareness of the diversity of cybersecurity experts, the industry can encourage individuals of all genders, ethnicities and backgrounds to envision themselves as contributors integral to the field. This shift in representation not only attracts a wider talent pool but also challenges biases that may hinder diversity in recruitment. Emphasising the human-centric aspects of

cybersecurity, such as problem-solving, critical thinking and communication skills, contributes to a more inclusive narrative that encourages individuals from various walks of life to recognise their potential in shaping the future of cybersecurity.

ENSURING ACCESSIBILITY AND TRAINING FOR INCLUSIVITY IN CYBERSECURITY

Ensuring accessibility and providing comprehensive training are fundament to fostering inclusivity in cybersecurity. There is a need for educational programs and training initiatives that cater to different learning styles and backgrounds and make the industry more accessible to a diverse range of individuals. Cybersecurity bootcamps, online courses and mentorship programs can play a pivotal role in providing accessible pathways for individuals who may not have followed traditional educational routes into the field. By breaking down barriers to entry the industry can tap into a broader talent pool, bringing in fresh perspectives and insights that contribute to a more inclusive cybersecurity landscape.

In addition, companies and organisations within the cybersecurity sector should prioritise ongoing training and professional development opportunities for their workforces. This commitment to continuous learning not only ensures that cybersecurity professionals stay abreast of the latest threats and technologies but also promotes inclusivity by offering pathways for career growth and skill enhancement. Investing in training programs that accommodate different learning styles and preferences contributes to a workplace culture that values diversity and recognises the potential of individuals from various backgrounds to excel in cybersecurity roles. Ultimately, by making

accessibility and training integral components of cybersecurity practices, the industry can take significant strides toward building a more inclusive and resilient cybersecurity workforce.

BREAKING INTO CYBERSECURITY: AN INDUSTRY FOR EVERYONE

Cybersecurity is not reserved for a select few. It offers opportunities for everyone interested in safeguarding the digital realm. Contrary to those lingering stereotypes already discussed, the cybersecurity industry is diverse and inclusive, welcoming individuals with various educational backgrounds, experiences and skillsets. The industry values a broad spectrum of talents, ranging from technical proficiency to effective communication and critical thinking skills. The industry thrives on diversity, and by acknowledging that cybersecurity is indeed for everyone, we can build a stronger, more resilient defence against cyber threats. To help you break into the industry, here are a few things to help you.

NETWORKING MATTERS

Building a professional network is crucial in any industry. Attend, in person and virtually, industry conferences, seminars and workshops that are dedicated to the industry. These events provide opportunities to connect with industry professionals and peers, to learn about the latest trends and gather insights that can help you excel in your career. I’ve invested a lot in building my professional network in cybersecurity and have spent much time developing my network on LinkedIn and Twitter in particular, as well as at face-to-face and virtual events.

JOIN ONLINE COMMUNITIES

There are many online forums, social media groups, Discord channels, Slack groups and platforms where cybersecurity enthusiasts can gather to discuss topics, share insights and ask questions. Join these to engage in discussions, ask for advice and share your experiences. LinkedIn, Twitter, Reddit and specialised cybersecurity forums are great places to start.

GAIN SOME HANDS-ON EXPERIENCE

Theory alone is not sufficient in cybersecurity. Practical experience is highly valued. Consider setting up a home lab where you can experiment with tools

and techniques in a controlled environment. ‘Capture the Flag’ (CTF) competitions and platforms like ‘Hack the Box’ provide hands-on challenges that can help you refine your skills.

FIND A MENTOR

A mentor can provide guidance, motivation and a valuable perspective. Seek out experienced professionals in cybersecurity who can offer advice, share their experiences and help you navigate your career path. Mentorship can significantly accelerate your career growth. If there is a particular person you would like to have as a mentor, do not be afraid to ask them. The worst that can happen is they say no, and you never know, they might say yes.

STAY UP TO DATE WITH INDUSTRY NEWS

Cybersecurity is a rapidly evolving field. New threats and technologies emerge by the second, never mind daily or weekly, and there is much to keep up to date on. Subscribe to industry newsletters, follow cybersecurity blogs, listen to industry podcasts and keep an eye on reputable news sources to stay up to date with the latest developments.

DEVELOP YOUR SOFT SKILLS

While technical skills are important, soft skills like communication, problem-solving, and teamwork are essential for cybersecurity. Effective communication is especially important in explaining complex technical concepts to non-technical stakeholders.

DIVERSITY IS AN ASSET

Remember that diversity brings a range of perspectives to the table, and is incredibly valuable in cybersecurity. Embrace your unique viewpoint and use it to contribute to the industry’s growth and innovation. The cybersecurity industry is perfect for those who are neurodivergent, because those who have autism spectrum disorder or ADHD, for example, can often spot patterns and idiosyncrasies that may be overlooked and critical. In addition, their hyperfocus can be a great asset to cybersecurity when it comes to navigating through any attacks or data breaches.

FIND JOB OPPORTUNITIES

When you feel ready, start looking for job opportunities. Cybersecurity roles vary widely, from

penetration testing and threat analysis to security consulting and incident response. Tailor your CV and cover letter to align your skills and experience with the specific role you are applying for.

CONFIDENCE, RESILIENCE, AND PERSEVERANCE

Lastly, believe in yourself and your abilities. The cybersecurity field may have challenges, but perseverance is key. Don’t be discouraged by setbacks; instead, view them as opportunities to grow, learn and improve.

FINAL THOUGHTS

Cybersecurity is an industry that should be open to everyone. Beyond technical expertise, the field values diverse skillsets, backgrounds and perspectives. Breaking down stereotypes, fostering inclusivity and providing accessible training are essential steps toward creating a cybersecurity workforce that can effectively tackle the evolving landscape of cyber threats. As we look to the future, embracing diversity in cybersecurity will not only enhance the industry’s ability to protect digital assets but also contribute to a more inclusive and dynamic global cybersecurity community.

LISA VENTURA MBE

Lisa Ventura MBE is an award-winning cybersecurity specialist, writer and speaker. She is the founder of Cyber Security Unity, a global community organisation dedicated to bringing together individuals and organisations who actively work in cybersecurity to help combat the growing cyber threat. As a consultant Lisa also works with cybersecurity leadership teams to help them work together more effectively. She also provides training on the benefits of hiring those who are neurodiverse. She is a mindset and mental health coach and offers help and support to those affected by stress, burnout, bullying/abuse and mental health issues in cybersecurity and Infosec.

www.linkedin.com/in/lisasventura

www.lisaventura.co.uk

HOW JOURNALISM SET ME UP FOR A CAREER IN CYBERSECURITY

It’s not uncommon to speak to people working in the cybersecurity industry who started their careers doing something completely unrelated. The military, law and finance are just a few of the industries I know of people having worked in before moving into cyber.

When I look at the twists and turns my own career has taken, I wonder how I ended up where I am now. Sometimes I feel my life to be one of those Choose‑Your Own Adventure books. I chose a cybersecurity career but could have chosen one of many others.

When I gained my undergraduate degree a BA with majors in art history and Mandarin, I had no idea what I wanted to do with my life. Everyone I knew at ANU was applying for graduate roles in the public service. All I knew was I did not want to do that or stay in Canberra.

Over the next couple of years, I did what a lot of young people do when they don’t know what to do with their lives: I saved money and went travelling. My travels took me to Asia, including Beijing where

I interned at a contemporary art gallery, the United States where I spent a summer living in New York studying art at Sotheby’s and drinking (excessively) at bars in the Lower East Side, and to Europe where I backpacked.

When I eventually decided to come home, I moved to Melbourne. After living in Melbourne for a few years I was in a job I did not like, so I decided it was time to go back to university. I had long held a passion for writing, so I thought I would enrol in a postgraduate communications degree course at RMIT. After telling me the grade point average from my undergraduate degree was too low to apply for a full masters, RMIT suggested I apply for a Graduate Diploma in Journalism because the entry requirements were less strict, and it would give me an easy path into the master’s program.

I decided to apply and was called to an interview with the program coordinator. Thinking I would be asked only general questions on why I wanted to do the program, I did nothing to prepare. Boy, was I in for a rude shock.

The interviewer asked me for well-known names: from prime ministers to sporting teams. I still remember having no clue as to who was Prime Minister of India. That interview made me realise how little I did to stay up to date with the news. I now make a point of knowing the names of the world’s leaders.

Today, my journalism skills help me in my current role in many ways. One thing newspaper writing taught me was to understand my audience: who am I writing for and the main point I want to get across.

A problem I see a lot with technical people— cybersecurity, IT, networking, developers, etc—is they are often tasked with writing documentation without being told its purpose.

I often review documents designed to explain why a system is important to the business and how it aligns with the goals of the organisation’s executives and find the writer getting bogged down in the nitty-gritty details of how products are configured; details an executive will neither understand nor care about.

Journalism also taught me to think critically: to not simply believe what people tell me but do my own research and find proof of what they are saying. I’ve found, especially in government departments, that internal politics can lead to many blame games. Learning how to interview people when I studied journalism has helped me when speaking to stakeholders to gather information. I learnt it is essential to take notes during meetings for later reference.

Finally, it was journalism first sparked my interest in working in technology. When studying for my degree I shot a TV news story about a robotic ice-cream bar, and wrote an article on women who worked in tech. Only while interviewing women for that assignment did I wonder why I had never considered a career in tech. The answer was: I did not know I could work with computers. It seems strange to say that now, when almost all jobs involve using computers in some way.

When I look back at all the different jobs I’ve had: waitressing, bartending, digital marketing, communications, English teaching, software testing and, now, cybersecurity, I sometimes wonder how I ended up here.

My career path was not linear, but I learnt so much along the way. It might be a cliché, but the journey is more important than the destination. Funnily enough, I have ended up back in Canberra, despite desperately wanting to leave after finishing my university studies. Canberra has improved a lot since then.

One thing you should take away from reading this is that everything you’ve done in your life to date will help you in the future. I always say the skills I learnt in hospitality, including dealing with the public and working under pressure, are very valuable, and applicable to any industry.

Also, remember to read the news (hopefully my journo professors see this).

Need Data Admin Services

PARTNER WITH A QUALITATIVE FAST-WORKING TEAM

Our team understand the importance of time and efficiency when it comes to data projects.

STUDENT IN SECURITY SPOTLIGHT

Yasaman is a Cyber Security Researcher and a former Quantum Computer Engineer, passionate about advancing technology. Proud member of STEM Women Global Network and STEM Women Australia Network. Focused on CyberSecurity, Blockchain, Cryptocurrency, Machine Learning, Distributed Systems, and Quantum Encryption.

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest? Cybersecurity plays a crucial role in safeguarding our everyday lives by protecting sensitive information we often take for granted. Imagine the vast amount of personal data stored online; from bank accounts and social media profiles to insurance and medical records. This information is integral to our daily activities and its security is paramount.

In a world where our lives are increasingly interconnected through digital platforms, cybersecurity has become the frontline defence against potential threats. It’s not just about preventing unauthorised access; it’s about securing our assets, preserving the confidentiality of our health records and safeguarding our personal identities. Think about the potential consequences if this information were to fall into the wrong hands:

financial loss, compromised health data and threats to personal privacy.

What makes cybersecurity particularly exciting is that it’s a dynamic field that constantly evolves to counter emerging threats. Professionals in this field are like digital guardians, using cutting-edge technology to stay one step ahead of cybercriminals. It’s not just about addressing current challenges but also anticipating and mitigating future risks. In essence, a career in cybersecurity is not just a job; it’s a mission to ensure the integrity, availability and confidentiality of information that underpins our modern society.

By contributing to the cybersecurity landscape, professionals become key players in the ongoing battle to create a secure digital environment for individuals, businesses and organisations alike. In the digital age it’s a field where one’s skills directly impact the safety and wellbeing of individuals, making it both rewarding and essential in today’s technology driven world.

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

When I initially embarked on my academic journey, delving into computer hardware engineering for my bachelor’s degree and subsequently specialising in computer architecture for my master’s, I naturally encountered the realm of security as an integral component of my studies. At first, it seemed like an interesting but somewhat specialised aspect of the broader field. However, as I delved deeper into the intricacies of cybersecurity my perspective underwent a significant transformation.

What caught my attention initially was the realisation that security is not merely an optional layer but an indispensable element of the functionality and integrity of any software, application, network or architectural design. It is not confined to a niche; instead, it permeates every facet of the technological landscape. Witnessing its significance across diverse

domains and within various companies heightened my appreciation of the critical role cybersecurity plays in safeguarding digital assets.

One aspect that continues to intrigue me is the ever-evolving nature of cybersecurity. The landscape is dynamic, presenting new challenges and threats, despite our best efforts to fortify data and systems. This perpetual state of flux keeps the field engaging and ensures there is always more to learn and discover. It’s fascinating to observe how, even with advancements in security measures, there are constant innovations in cyber threats that demand our attention and expertise.

What started as an interesting component of my academic curriculum has evolved into a passion and a career path I find both challenging and rewarding. My realisation that the work in cybersecurity is never truly done, that there are always new frontiers to explore and potential vulnerabilities to address adds a layer of excitement to the field. It’s this ongoing pursuit of knowledge and the dynamic nature of cybersecurity that has solidified my commitment to the discipline, making it a continually evolving and captivating aspect of my professional journey.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

Upon graduation my aspiration is to secure employment in a cybersecurity role that aligns with my passion for research and development. The dynamic nature of cybersecurity and its pervasive importance across diverse sectors have opened up unique opportunities for professionals.

As organisations and governments increasingly recognise the critical need to secure their data the demand for skilled cybersecurity experts is on the rise. One of the distinctive aspects of cybersecurity is its versatility; it is a field that spans almost every industry. There is a broad spectrum of employment opportunities: from established organisations and government agencies to emerging startups dedicated to data security.

This wide-ranging applicability excites me because it means I can apply my skills and knowledge in a variety of contexts, contributing to the security landscape in different ways. Specifically, my preference lies in the R&D sections of companies and organisations. This choice is motivated by a desire to stay close to academia and research while simultaneously addressing real-world challenges.

The R&D environment offers a unique blend of innovation and practical problem-solving allowing me to contribute to the advancement of cybersecurity solutions. It provides the opportunity to explore cutting-edge technologies, analyse emerging threats and develop proactive measures to counter evolving risks. Moreover, being part of an R&D team allows for continuous learning and adaptation to the ever-changing cybersecurity landscape. It aligns with my intrinsic motivation to not only understand existing security issues but also to contribute to the development of novel and effective solutions.

My post-graduation career goal is to immerse myself in an R&D role within cybersecurity. This choice is driven by the desire to combine my academic background with hands-on problemsolving, and to make meaningful contributions to the ongoing evolution of cybersecurity practices and technologies.”

When you decided to pursue a career in cybersecurity, how did your parents, peers or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

I consider myself fortunate to have been born into a family that has consistently provided unwavering support for its children and their dreams. When I made the decision to pursue a career in cybersecurity, my parents were not only understanding but also incredibly encouraging. Their unwavering support became a cornerstone of my journey into this field and I am grateful for the positive influence they have had on my career choices.

My parents, recognising the evolving landscape of technology and the increasing significance of cybersecurity, actively encouraged my sister and I to pursue our dreams. Their support was both financial and emotional, because they took a genuine interest in understanding the field and its potential for growth. Their belief in our abilities and aspirations instilled confidence and determination in us, enabling us to pursue our chosen paths with enthusiasm.

Fortunately, I did not encounter any opposition or negative challenges from my family, peers or career advisors. This lack of resistance allowed me to focus wholeheartedly on my studies and professional development in cybersecurity. It created a positive environment that nurtured my passion for the field and facilitated my pursuit of knowledge and skills. While I did not face direct opposition, I am aware that not everyone may have the same experience.

In navigating potential challenges, I believe open communication and education are essential. Having conversations with family members, peers or advisors about the importance of cybersecurity and the opportunities it offers can help dispel misconceptions and build support. Sharing success stories and illustrating the impact of cybersecurity on the modern world can also contribute to creating a more positive and informed perspective.

My decision to pursue a career in cybersecurity was met with wholehearted support from my family. Their encouragement has been a driving force in my journey, and the absence of opposition

has allowed me to focus on my goals without unnecessary obstacles.

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

The most influential factor shaping my journey in cybersecurity has been the opportunity to encourage and empower other women and young girls who are embarking on their own life journeys. From the early stages of my career, I recognised the importance of fostering inclusivity and diversity in cybersecurity. Being a woman in a traditionally male-dominated industry, I felt a responsibility to not only excel in my own pursuits but also to serve as a source of inspiration for others.

Sharing my personal journey, experiences and achievements with other women and young girls has been a deeply rewarding aspect of my career. I’ve actively sought opportunities to mentor, support and advocate for gender diversity in cybersecurity. This commitment has allowed me to build connections within the community and create a network of support for those who may face unique challenges in pursuing a career in technology.

Having a strong voice as a woman in cybersecurity has not only empowered me, it has also contributed to breaking down stereotypes and barriers in the field. It has inspired me to be a trailblazer, demonstrating that women can thrive and excel in technical and security-focused roles. Witnessing the impact of my advocacy on the aspirations of other women has become a driving force in my career.

The experience of encouraging diversity has broadened my perspective on the potential impact of cybersecurity on a global scale. It has heightened my awareness of the need for diverse voices and perspectives to address complex security challenges. As a result, my career aspirations have evolved beyond personal success to include a commitment to fostering an inclusive cybersecurity

community. The most influential factor shaping my journey in cybersecurity has been the opportunity to empower other women and young girls. This has not only strengthened my own sense of purpose and determination, it has also influenced my career aspirations by emphasising the importance of diversity, inclusivity and advocacy in the cybersecurity landscape.

Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?

Yes. The alignment between academic projects and industry needs is a testament to the proactive approach taken by the program. Cybersecurity research within the academic realm is consistently geared towards addressing real-world industry challenges, fostering a dynamic and responsive learning environment.

In my academic journey, I have witnessed a concerted effort to integrate the latest advancements, methodologies and tools relevant to the contemporary cybersecurity landscape. Faculty members and researchers actively engage with industry trends, emerging threats and evolving technologies to ensure the curriculum remains current and reflects the challenges professionals face in the field.

Moreover, the emphasis on cybersecurity research further enhances the program’s ability to adapt to industry demands. Faculty members are involved in cutting-edge projects that explore novel solutions and strategies to counteract evolving threats. This not only enriches the academic experience for students but also ensures that the knowledge and skills they acquire are directly applicable to the challenges faced by cybersecurity professionals in the industry. The collaboration between academia and industry is a key strength of my academic program. Through partnerships, internships and collaborative projects, students are exposed to real-world scenarios and gain insights into industry

best practices. This holistic approach ensures graduates are well-prepared to navigate the ever-changing landscape of cybersecurity when they enter the workforce.

I am confident my academic program is effectively keeping pace with the industry’s current landscape. The integration of industry-driven projects, active engagement in cybersecurity research and collaborative initiatives contributes to a comprehensive and up-todate educational experience, preparing students to address the dynamic challenges of the cybersecurity field.

What aspect of your cybersecurity studies excites you the most, and why?

What excites me most is the dynamic intersection of cybersecurity with other domains such as finance, blockchain and quantum computing. While cybersecurity is inherently captivating, exploring its integration with emerging technologies and critical sectors adds a layer of novelty and challenge I find particularly thrilling.

The fusion of cybersecurity with finance introduces a fascinating dimension because financial systems have become prime targets for cyber attacks in today’s digital era. The intricate nature of financial transactions, the vast amounts of sensitive data and the interconnectedness of global financial networks creates a complex landscape that demands innovative cybersecurity solutions.

Being at the forefront of securing financial systems involves not only understanding traditional cybersecurity principles but also navigating the unique challenges posed by the financial sector. Similarly, the integration of cybersecurity with blockchain technology presents an exciting challenge. As blockchain gains prominence in

various industries including finance, healthcare, and supply chain, ensuring the security of decentralised and distributed systems becomes paramount. The decentralised nature of blockchain creates both opportunities and challenges, and addressing the security aspects of this technology requires a nuanced understanding of cryptographic principles and consensus mechanisms.

The evolving landscape of quantum computing introduces a paradigm shift in cybersecurity. Quantum computing has the potential to render existing cryptographic algorithms obsolete, necessitating the development of quantum-resistant encryption techniques. This area of study is not only cutting-edge but also holds the key to ensuring the future security of digital communications.

What excites me the most is the prospect of applying cybersecurity principles at these new and challenging frontiers. It’s the combination of traditional cybersecurity knowledge with the exploration of ground-breaking technologies that fuels my enthusiasm. I am eager to contribute to the development of innovative solutions that address the specific security concerns posed by these emerging areas, ultimately playing a role in shaping the future of cybersecurity in an ever-evolving technological landscape.

Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges?

One of the most challenging yet intriguing aspects of my cybersecurity studies is the relentless innovation of cybercriminals. The continual emergence of new tactics and ideas to compromise our systems and data means every cybersecurity model must be continually updated to stay ahead of evolving threats. This dynamic nature poses a dual challenge, one that demands constant vigilance and adaptability but also makes the field endlessly fascinating.

The challenge lies in the fact that cybersecurity is not

a static discipline; it’s a continuous, evolving battle against adversaries who are constantly refining their techniques. Cybercriminals are quick to leverage new technologies, exploit vulnerabilities and devise sophisticated attack vectors. As a result, staying ahead of these threats requires a proactive and strategic approach.

To overcome these challenges, I adopt a multifaceted approach. Firstly, I prioritise ongoing education and professional development. Staying abreast of the latest developments in cybersecurity through continuous learning helps me understand emerging threats and evolving attack vectors. Engaging in regular training programs, attending conferences and participating in webinars are essential components of this strategy, as is collaboration with peers and industry professionals.

Building a network within the cybersecurity community allows for the exchange of insights, sharing of best practices and collective problemsolving. Collaborative efforts provide a valuable resource for gaining diverse perspectives on tackling new challenges and staying informed about the latest threat intelligence. Also, it is essential to cultivate a mindset of curiosity and adaptability. Embracing the dynamic nature of cybersecurity as an opportunity for growth rather than a hindrance helps in navigating challenges with resilience. This involves developing a proactive mindset that anticipates potential threats and focuses on implementing preemptive security measures.

Lastly, leveraging automation and advanced technologies is an integral part of my strategy. Implementing automated tools for threat detection, analysis and response can significantly enhance the efficiency of cybersecurity defences. This allows for a more agile response to emerging threats, freeing up time for cybersecurity professionals to focus on strategic initiatives and proactive measures. While the evolution of cyber threats poses a continuous challenge, my approach involves a commitment to ongoing education, collaboration, adaptability and the strategic use of technology. By staying informed, connected and proactive, I aim to navigate the everchanging landscape of cybersecurity with resilience and effectiveness.

Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?

Absolutely. The rapidly evolving nature of technology, with new techniques emerging daily, underscores the necessity for professionals to continually update their skillsets. While technical proficiency remains a cornerstone of success in the field, a well-rounded cybersecurity professional should also possess a range of non-technical skills. Interpersonal communication skills are crucial in a cybersecurity role for several reasons. First and foremost, effective communication is essential for conveying complex technical concepts to non-technical stakeholders, such as executives, clients or regulatory bodies. The ability to articulate cybersecurity risks, strategies and solutions in a clear and understandable manner is paramount for fostering collaboration and securing organisational buy-in.

Additionally, strong interpersonal skills contribute to effective teamwork within cybersecurity teams. As the field often involves collaboration with professionals from diverse backgrounds and with differing expertise, being able to communicate and collaborate efficiently fosters a culture of shared understanding and collective problem-solving.

Cybersecurity is not just about technical proficiency; it’s about building a collective defence against cyber threats, and effective communication is integral to this collaborative effort.

Management skills also become increasingly relevant as people progress in their cybersecurity careers. The ability to manage projects, teams and resources is crucial for implementing comprehensive cybersecurity strategies. Because cybersecurity professionals often find themselves in leadership roles or involved in decision-making processes, managerial skills are essential for driving initiatives, allocating resources effectively and ensuring the successful implementation of cybersecurity measures.

Furthermore, possessing a broad understanding of business processes, risk management and compliance frameworks enhances one’s ability to align cybersecurity initiatives with organisational goals. This holistic perspective allows for the development of more comprehensive and effective security strategies. While technical expertise is foundational, additional training in non-cyber skills is vital for a well-rounded cybersecurity professional. The combination of technical proficiency with effective interpersonal communication and management skills enhances individual career prospects and contributes to the overall effectiveness of cybersecurity initiatives within an organisation. Embracing a holistic approach to professional development ensures that cybersecurity professionals can navigate the complexities of the field and actively contribute to the success of their organisations.

www.linkedin.com/in/yasaman-samadi-209714187

scholar.google.com/citations?user=zrm6njIAAAAJ&hl=en

stemwomen.global/profile/yasaman-samadi

www.stemwomen.org.au/profile/yasaman-samadi

Bachelor of Computer Science at Auckland University of Technology

Bernie Garnell was born in USA and grew up spending time in the USA, Japan, India, Germany and, now, New Zealand because her father’s work as a consultant took him around the world. She is studying for a bachelor’s degree in computer science at Auckland University of Technology majoring in networks and cybersecurity, in addition to working at Faraday, a company that helps high-risk individuals take control of their privacy, which she cofounded.

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest? Personally, I find social engineering fascinating, and I think it’s the most relatable and relevant aspect to those outside security. I like to talk about the different types of phishing attacks or online scams and the methods attackers use to trick users into giving away sensitive information. Most of my peers have not yet had formal corporate cybersecurity awareness training, so it’s relatively new information for them.

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experience today compare?

My first impression of cybersecurity, like many students, was primarily pen-testing and ethical hacking. I guess that’s the sexy side that lures a lot of young people into the industry, but it’s also the most accessible, with many resources like Hack The Box, TryHackMe and YouTube videos. However, as I’ve spent time in this space, I have realised that people-facing roles such as educating people on cybersecurity awareness and creating business policies to keep data safe are just as pivotal, and probably account for the majority of roles in the industry.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

I’m currently working at a startup called Faraday with my co-founder Jacques Cantin. I got cyber-stalked and harassed a year ago and through that experience I realised there is a lack for support around documenting and reporting cyber harm incidents. Through Faraday I have been talking to organisations and people across the world about the challenges they face, which motivates me even more to continue our mission to help people gain control of their cyberharm situations.

When you decided to pursue a career in cybersecurity, how did your parents, peers or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

I left high school a year early to go to university to pursue security. I had some opposition from teachers who said I should stay to finish my high school experience. However, this was during COVID, so I don’t think I missed out on much. My parents, friends and digital teacher were my biggest supporters. It was also a time when the job market was showing strong demand for security staff.

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

I can’t name a particular person, but the team at Aura Information Security—where I did two summer internships—definitely helped shape my journey. I am immensely grateful to have had the opportunity to work with such a remarkable group of experts. They helped expand my knowledge and understanding of cybersecurity. I would never have learnt in a classroom what I learnt working there: the questions that get asked in an audit, a consultant’s thought processes during a red team audit, and how to write a report for clients.

Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. During my time at Aura Information Security I watched my mentor, Lachlan Davis, perform a live attack simulation on a security operation team in training. It was extremely exciting to see both the red and blue teams working at the same time. It also demonstrated how little things, like not enabling MFA or changing a default password, can put an organisation at risk.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

I gained practical experience through my summer internships at Aura Information Security, which I undertook through Summer of Tech, a New Zealand organisation that connects employers with local students and graduates for paid work experience and graduate jobs.

What aspect of your cybersecurity studies excites you the most, and why? Conversely, which aspect of your studies do you find least interesting or useful, and how do you navigate through it?

I find my studies require a lot of memorisation which can take up a lot of time. I also find it difficult studying some topics that are not extremely relevant to the roles I want. I use Quizlet and write things down verbatim and find that helps.

Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges? After completing my internship, I realised there were certain skills required for the job I had at the time, and that I would not learn in my courses. This demotivated me because I felt my studies were not preparing me for the real world. However, I came to the realisation that, while my courses may not have taught me specific skills such as web-app auditing or how to write framework guidelines, they provided me with a foundation of knowledge I could use to better inform my thinking.

Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?

My security coursework focused a lot on policy, which I thought was pretty relevant. We did not have any courses on pen testing even though it’s a popular area. I would have liked to have taken a class or two focused solely on that.

Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?

One hundred percent. Helping people understand different security risks by explaining them in a way that’s understandable and relevant to them not only helps keep companies safe but can help people avoid becoming victims of cyber attacks in their personal lives. Often, when people think of cybersecurity, they think of big nation-state attacks. However, I think it’s important to shed light on the smaller things, such as having better privacy on social media to prevent an attacker from creating a convincing pretext to enable a social engineering attack.

Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?

Yes. I’ve been going to New Zealand’s Information Security Interest Group (ISIG) and trying to keep up to date with the latest security trends through different news platforms and RSS feeds. My Faraday cofounder and I did our first ISIG presentation late last year and got some great feedback. Going to ISIG has also really helped me expand my network and get to know the wider Auckland community.

What is your preferred source for staying informed about cybersecurity trends and general information?

LinkedIn is great. I get to see the topics that people are most actively talking about. Also, Krebs on Security, Security Week for updates, and Darknet Diaries for when I want a podcast binge.

Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences.

I don’t know If I have felt disadvantaged or discriminated against, but there was definitely a feeling of not belonging. I would walk into a class and be one of only three, or sometimes the only girl in the room. That could be nerve-racking and uncomfortable, but I found having a support system of friends to talk to helped.

What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?

I use 2mfa and password managers consistently and avoid duplicating passwords. I use different usernames on accounts. I am not active on social media other than LinkedIn and I try to keep my digital footprint low.

Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?

Summer of Tech has been a great resource and something I highly recommend to all computer science students in New Zealand. Setting up an account can be somewhat tedious, but it gives you the opportunity to apply for many security jobs. I did not have a strong technical background, but I found being involved with security interest groups and having an interest in security outside my particular role demonstrated to my interviewers I was passionate about the industry, which I think made me stand out.

www.linkedin.com/in/bernie-g-1b4847207

Tian Sang was born and grew up in China and moved to Australia in 2013 to pursue her studies. She lives in Melbourne. She recently gained a Cert IV in Cyber Security from Holmesglen Institute of TAFE and is now studying to gain industry certifications, including CompTIA Security+ and Network+, whilst seeking employment in cybersecurity.

Cert IV in Cyber Security Graduate at Holmesglen Institute of TAFE

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?

I like to use superhero stories to explain to my kids what I’m studying and what I want to be in the future. I think it applies to anyone who is unfamiliar with the field.

Cybersecurity is like stepping into the shoes of a digital superhero where every day presents an opportunity to be the guardian of the digital realm. Just like Iron Man engineering his suits to protect the world, a cybersecurity professional engineers defences to shield organisations from cyber threats. We also have the Black Widows of the digital world, unravelling the intricate webs of cybercriminals and ensuring the safety of sensitive information. And when there are malicious forces, Thor of cybersecurity will jump in and wield his mighty hammer of threat detection and response.

In essence, a career in cybersecurity is an exhilarating journey of collaboration that allows individuals to channel their inner superhero and

combine their respective strengths. We unite our skills to be the guardians of the digital age, securing the online world from unseen dangers through the power of teamwork.

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

My experience since I started my journey has helped deepen my understanding of the field.

Initially, I perceived cybersecurity to be a highly technical, focused field. As I progressed my studies and connected with people already in the field, I discovered its multidisciplinary nature. Cybersecurity goes beyond technical skills; it weaves together technical expertise, strategic thinking, communication and collaboration skills, and a deep understanding of human behaviour. This realisation broadened my perspective. I started to shift my focus beyond acquiring only technical skills to rediscover and leverage my transferable skills, seeking ways to use my existing skillset to make positive impacts and meaningful contributions to the field.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

Upon graduation my aim is to secure a position within a cyber defence team. I believe working in this area will not only allow me to establish a robust foundation of technical skills, analytical skills and problem-solving skills, but will also enhance my resilience, my ability to learn and adapt, and my ability to communicate and coordinate in swiftly changing situations. These competencies closely align with my current skillset and will contribute to my long-term career goal.

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

I have been fortunate to connect with exceptional

mentors from various domains of cybersecurity during my cyber journey. They have provided guidance in my learning, the development of my practical skills, and my preparation for job applications, bringing unique insights from their areas of expertise. From these mentors I learnt that purpose, persistence and resilience are the most important factors for a successful career in cybersecurity. The valuable advice and encouragement I’ve received from them have been very helpful as I navigated my career path. They have also enriched various aspects of my life.

Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. Engaging in the Purple Team Program stands out as a memorable highlight in my journey. This program focused on empowering women in cybersecurity. It offered theoretical and practical training and mentorship that significantly shaped my skills and understanding of the field. The hands-on experiences provided a valuable perspective, while connecting with mentors and peers expanded my professional network. I gained a great deal from this program and would recommend it to every woman who is looking to navigate a career in cybersecurity.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

While I have not yet secured employment or an internship my active involvement in programs such as the Digital Jobs Program, Purple Team Program (providing incident response simulations and CTF challenges), and the AWSN Incident Response Competition has greatly enhanced my practical experience. These initiatives gave me opportunities to apply theoretical knowledge, to sharpen my technical skills and to navigate real-world scenarios, contributing immensely to my overall readiness for a professional role.

Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?

Yes. Technical proficiency is indeed important, but it alone is not sufficient for success. Soft skills, particularly interpersonal communication and management skills, are essential. Effective communication is pivotal for translating complex technical information into understandable terms, for facilitating collaboration with diverse teams, and for building relationships with stakeholders. Moreover, as I advance in my career, management skills will become crucial for leading projects and teams, and for ensuring the strategic implementation of cybersecurity measures. During the early stages of my career I aim to improve my technical expertise and to cultivate a well-rounded skillset that will contribute to my competence in a future role.

Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?

Yes. I have participated in industry events like BSides, volunteered at CyberCons, and I am a member of AWSN. My involvement has enriched my experience by providing networking opportunities, mentorship and exposure to diverse perspectives.

Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider?

Reflecting on my journey, I would not

alter my career trajectory. Every step, from my past job experience and my recent academic pursuits to my participation in competitions and community engagement, has been integral to my growth in cybersecurity. I deeply appreciate the diverse range of experiences that have steered my path, providing me with a comprehensive skillset and a profound understanding of, and passion for, the industry.

Have you actively sought employment opportunities in cybersecurity, and if so, what has been your experience with the application and interview process?

Yes, I have been actively pursuing entry-level positions in both the private and public sectors, ranging from internship programs, graduate programs and cadetship programs to entrylevel analyst roles. The application and interview processes proved to be highly competitive and challenging. While I have not yet secured a role, I see these experiences as valuable learning opportunities. I gained practical insights during my preparations for interview, and the feedback provided always gave me a fresh perspective, enabling me to identify areas for improvement.

www.linkedin.com/in/tian-sang-42856079

Big Picture Easy Reliable

No job is too big or too small. We look after your marketing & content needs so you can get on with what you do best.

GET CONNECTED AND TAKE CONTROL OF YOUR BUSINESS SUCCESS TODAY!

Basila Shamsudeen Shaffi grew up in Chennai (formerly Madras) in South India. Her career began in education, teaching ICT, Computing and STEM subjects to students from diverse cultural backgrounds at schools in India. She now lives in the United Arab Emirates, where she has been an ICT/computing/STEM educator in several institutions, including Raffles International School, Victoria English School, and GEMS Winchester School.

Basila holds a master's degree in cybersecurity from Cyber Heals Academy, an MSc in computer science and bachelor's degrees in education and computer applications.

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?

When introducing cybersecurity to beginners, it’s vital to craft compelling narratives emphasising the field’s significance. Cybersecurity professionals operate on the frontline, defending digital systems against diverse threats. Their role extends beyond finance, impacting national security and societal resilience. Cybersecurity is not only a job; it’s a position at the forefront of digital defence, offering the excitement of combating new threats. I would aim to spark curiosity and highlight the career’s importance, emphasising the feeling of being on the front line of a dynamic digital battlefield.

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

My journey into cybersecurity started when I saw the complexity and mystery surrounding code. However, my view has changed significantly. I now see that cybersecurity entails much more than the intricacies of coding. It encompasses strategic thinking, risk management and technological competence. It serves as a dynamic guardian of digital landscapes, involving ethical considerations, legal frameworks and an understanding of the human element. Today, cybersecurity is a blend of technical skills, strategic thinking and ethical awareness.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

I aspire to a role that aligns with my multifaceted skillset and fervent commitment to education and community engagement. I am particularly motivated to contribute to defensive cybersecurity domains, focusing on roles such as security awareness and training, security analysis, security architecture, and digital forensics. This choice is driven by my desire to leverage my mentoring, classroom management and communication skills to instil security awareness into student communities and empower women in the field.

My journey in cybersecurity represents a meticulous alignment between the diverse landscape of defensive cybersecurity and my personality traits, which include confidence, empathy and an adventurous spirit. I envision a role where I can actively address the evolving challenges in the field while also making a meaningful impact on individuals facing mental challenges. This aspiration is not merely a career choice but a commitment to fostering an inclusive and secure digital environment.

In actively seeking employment opportunities, I approach the application and interview process with a tailored resumé, highlighting my adaptability and my diverse skillset. By undertaking thorough research on each role and by actively engaging in interviews I aim to convey my passion for cybersecurity, my readiness for continuous learning and my dedication

to contributing meaningfully to the cybersecurity community. Each step in this process is a valuable learning experience, reinforcing my determination to make a successful career transition into this critical domain.

When you decided to pursue a career in cybersecurity, how did your parents, peers or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

My parents, peers and career advisors initially expressed some objections and unfavourable perceptions. Despite a successful decade in teaching, my passion for cybersecurity persisted. I encountered challenges, but my unwavering interest triumphed over obstacles. The master’s program at Cyber Heals Academy aligned with my financial considerations and provided extensive exposure to the cybersecurity domain.

Today, I stand confident and accomplished, empowered by a diverse educational background and a profound understanding of cybersecurity. My vision is to instil security awareness into the student community and support individuals facing challenges, combining my teaching expertise with cybersecurity skills.

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

The most influential people in my cybersecurity journey are the inspiring women leaders and mentors listed below.

Maitha Al Shamsi, information security analyst, Telecommunications and Digital Government Regulatory Authority (TDRA) - UAE

Aisha Al-Marzooqi, cybersecurity capacity development analyst, Telecommunications and Digital Government Regulatory Authority (TDRA) – UAE

Dr Bushra Al-Blooshi: advisory board, senior consultant, and chairwoman, Dubai Cyber Innovation Park (DCIP) - UAE

Dr Huda Al-Khuzaimi: assistant professor of research and director of the Cyber Security Centre at New York University Abu Dhabi (NYUAB) – UAE

Dr Reem Faraj Al-Shammari: global thought leader in cybersecurity and digital transformation; director of research and innovation Department of Dubai Electronic Security Centre (DESC) – UAE

Simultaneously, my career journey has been significantly shaped during my tenure at Victoria English School, UAE by senior leader Keith Sykes. In addition, the unwavering support from my mentor, Dr Mohamed Ibrahim, in the Cyber Heals Academy master’s program significantly influenced my approach to cybersecurity. His excellence in course delivery and steadfast support inspired me to aspire to leadership roles.

Both figures contributed to my goal of making impactful contributions to the cybersecurity landscape. The combined influence of all these figures underscores the importance of diversity and mentorship in shaping successful careers in cybersecurity.

Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. The most memorable event in my cybersecurity learning journey occurred during my time at Cyber Heals Academy where I embarked on a

hands-on project that simulated a real-world cyber threat scenario. This experience exposed me to the complexities of incident response and the requirement for swift decision-making and collaboration. The project enhanced my technical skills and provided a profound understanding of the challenges faced in the field.

Additionally, my personal exploration involved indepth research on emerging cybersecurity topics such as AI-driven threats and blockchain security. Unravelling these complexities not only broadened my knowledge but also instilled a deep appreciation for the ever-evolving nature of cybersecurity. These combined experiences have significantly shaped my learning journey and demonstrated the importance of practical application and continuous exploration in the dynamic realm of cybersecurity.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

I have actively sought practical experiences to complement my theoretical knowledge through lab exercises and projects on various capture the flag (CTF) platforms. By engaging in practical projects at Cyber Heals Academy I have contributed to implementing security measures and analysing network traffic. Today, I participate in penetration testing and threat intelligence projects.

These experiences have enhanced my technical skills and fostered effective communication and collaboration in a professional cybersecurity setting. They have provided a comprehensive understanding of challenges and responsibilities in the field, strengthening my dedication to a successful cybersecurity career.

The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice?

In my dedicated pursuit of professional growth, I am strategically mapping out my journey to acquire certifications that will significantly elevate my cybersecurity expertise. Currently, my focal points are the ISC2 Certified in Cybersecurity (CC), Certified Information Systems Security Professional (CISSP) and EC Council’s Certified Ethical Hacker (CEH) Master. These certifications, renowned for their stringent standards and industry relevance, mark essential milestones in my commitment to staying ahead in the dynamic field of cybersecurity.

My certification roadmap extends to specialised credentials in cyber defence, such as CRISC and GSEC to enhance my skills in incident response, threat intelligence and security architecture. This deliberate approach reflects my proactive dedication to continuous learning, ensuring preparedness for the evolving challenges in cybersecurity.

Beyond certifications, my future plans are to immerse myself in hands-on experiences through cybersecurity internships and defence projects, actively participating in lab exercises to hone my skills. These practical engagements will not only provide valuable insights but also function as a catalyst for my career transformation.

My initiative-taking pursuit of certifications and practical experiences aims to fortify my knowledge base, positioning me to contribute effectively to the dynamic cybersecurity landscape. I am eager to leverage these skills to make a meaningful impact in my future endeavours and contribute to the broader cybersecurity community.

Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?

Yes, the program at Cyber Heals consistently aligns with the rapidly evolving cybersecurity landscape. The curriculum is forward-looking, integrating the latest industry trends and cutting-edge technologies. Regular updates ensure relevance to current threats

and practical experiences such as hands-on projects and internships, provide a real-world perspective. Networking opportunities with industry professionals further enrich my understanding. Overall, the program effectively keeps pace with the dynamic nature of cybersecurity threats, ensuring I am well-prepared for the professional realm.

What aspect of your cybersecurity studies excites you the most, and why? Conversely, which aspect of your studies do you find least interesting or useful, and how do you navigate through it?

I am most enthusiastic about the exploration of network security. Initially, I perceived it as being intricate, but through resource exploration, handson labs and the use of tools like Wireshark and Metasploit I now find it captivating. The satisfaction I have derived from identifying network threats and vulnerabilities through practical applications has become a notable achievement.

Certain topics such as security operations centre (SOC), firewall configuration and routine compliance standards initially held less appeal. However, recognising their significance, I adjusted my perspective and delved into privacy policies and frameworks. This exploration kindled a particular interest in formulating policies tailored for specific demographics, such as students and women. Overcoming the perceived monotony, I adopted a growth mindset and approached learning with enthusiasm and dedication. The incorporation of artificial intelligence into cybersecurity systems is equally exciting, facilitating real-time threat detection and response.

Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges?

I address challenges with a systematic approach, breaking down complex topics, collaborating with peers, and gaining hands-on experience through platforms like TryHackMe and Cybrary. I stay

current with evolving technology through industry publications and webinars.

I take a holistic approach to cybersecurity through crossdisciplinary research and active participation in industry events. I apply my theoretical knowledge through hands-on experiences, engagement in projects and participation in capture the flag challenges.

I am grateful to the Cyber Heals master’s program and to Dr Mohamed Ibrahim for his mentorship, for providing a structured learning path and for helping me overcome challenges and build confidence. All these challenges served as catalysts for improvement.

Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?

With the escalating threat landscape there needs to be more emphasis on offensive security, ethical hacking and penetration testing to equip professionals with the skills needed to identify and address vulnerabilities before malicious actors can exploit them.

Moreover, with the pervasiveness of cloud technologies and IoT devices, there is a compelling need to accentuate coverage of cloud security and the integration of robust cybersecurity measures into IoT ecosystems.

The human factor is also a critical vulnerability, making training on cybersecurity awareness and the psychology of social engineering essential. I also believe a profound understanding of human psychology is necessary to counter social engineering attacks. Training on mitigation strategies and training using simulated social engineering

attacks should be integral to coursework, because social engineering attacks are on the rise.

However, the focus on new threats should not be at the expense of traditional topics. A well-rounded cybersecurity curriculum should strike a balance between emerging trends and foundational principles to prepare professionals for the evolving challenges of the field.

Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?

In the evolving field of cybersecurity, a wellrounded skillset is vital. Proficiency in interpersonal communication is crucial. It enables cybersecurity professionals to convey complex technical concepts to diverse stakeholders. Leadership and management skills are equally important to facilitate effective team coordination and advocacy for cybersecurity initiatives at organisational levels. These skills contribute to strategic thinking, prioritisation and the guidance of teams towards successful security outcomes.

The integration of non-cyber skills with technical proficiency is needed to align security efforts with broader business objectives. This alignment is essential for gaining executive support, securing resources and ensuring cybersecurity aligns with organisational goals. Additionally, adaptability and critical thinking skills are indispensable for addressing the dynamic nature of cyber threats.

Cybersecurity professionals equipped with these non-cyber skills can proactively respond to challenges, assess risks, and formulate effective solutions, fostering a resilient cybersecurity posture.

Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?

I have gained valuable insights from my involvement in diverse cybersecurity communities such as Women in Cybersecurity Middle East, Women in Cybersecurity Australia, Women Know Cyber Group, Ibby Mentorship Inner Circle, Dark Reading, and various cyber conferences and forums. These engagements have significantly enhanced my comprehension of the industry and its evolving technologies. Moreover, I have had the privilege of being able to establish connections with exceptional leaders and female role models within the cybersecurity domain.

I believe active participation in broader communities, especially those communities focused on women, is conducive to career growth and can create a supportive atmosphere for aspiring individuals. Such an extended network assures professionals of support from their peers and mentors. Access to the knowledge, connections and experiences of seasoned leaders enables more informed and strategic conversations. The broader cybersecurity community, beyond the confines of the workplace, serves as a secure space for networking, fostering valuable connections and nurturing professional relationships.

What is your preferred source for staying informed about cybersecurity trends and general information?

To stay informed about cybersecurity and gain a comprehensive understanding of the evolving cybersecurity landscape:

• I follow key publications like Dark Reading and Cyber Scoop for in-depth analyses and real-time

updates on emerging threats;

• I use platforms such as Coursera, LinkedIn Learning and Udacity for curated courses by industry experts;

• I read thought-provoking blogs from industry leaders like Brian Krebs (KrebsOnSecurity) for nuanced insights;

• I listen to cybersecurity podcasts like Security Now and The Cyber Wire for engaging auditory learning;

• I stay updated in real-time by following reputable experts, organisations and thought leaders on platforms like Twitter;

• I participate in cybersecurity events like Black Hat and RSA Conference for live interactions and  networking.

Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences.

I am fortunate not to have encountered noticeable instances of gender imbalance. Despite some isolated incidents, my overall experience has been positive and supportive, largely due to the inclusive work environments I have been part of.

Open dialogue and advocacy are required to address diversity and inclusion issues. Fortunately, the institutions I have been part of have been proactive in addressing gender-related challenges by implementing programs to foster an inclusive environment. I acknowledge the gender disparity in cybersecurity, but I see it as an opportunity for positive change. By promoting inclusivity, engaging in open conversations and advocating for diversity, we can contribute to cultivating a more balanced and innovative cybersecurity landscape.

What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?

I employ a sophisticated password manager to generate and manage complex, unique passwords for each online account, bolstering the overall

security of my digital identity. I regularly update my software, including operating systems and security applications to ensure I benefit from the latest patches and enhancements, reducing vulnerabilities. I have implemented multifactor authentication for access to critical accounts, adding an extra layer of security and enhancing overall resilience. I exercise caution in my online activities, especially on social media. To mitigate potential privacy threats I refrain from oversharing personal information. I conduct regular audits of my online accounts and activities, including scrutinising access logs and monitoring financial statements, enabling me to promptly identify irregularities and take swift action in case of unauthorised access or suspicious activity.

Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider?

A few years ago, recognising the need for a shift, I strategically explored cybersecurity’s diverse domains and shifted my focus from penetration testing to defensive cybersecurity. This transition allowed me to contribute to student communities, empower women and support individuals with mental challenges.

My advice to aspiring cybersecurity professionals, especially women, is to align their skills and aspirations with the evolving landscape of cybersecurity. Challenges are learning opportunities, and seeking support from mentors and colleagues is crucial in this constantly changing field. Embracing the evolving nature of cybersecurity and staying focused on aspirations can produce both emotional and financial rewards.

My career trajectory, marked by introspection and adaptability, underscores the significance of aligning one’s professional path with personal aspirations in the ever-changing field of cybersecurity.

Have you actively sought employment opportunities in the cybersecurity field, and

if so, what has been your experience with the application and interview process?

In my pursuit of a career transition into cybersecurity I have encountered both challenges and enriching experiences. Applying for jobs required me to tailor my resumé to various cybersecurity job domains in order to showcase my diverse skill set and adaptability. By thoroughly researching each role I was able to fine tune my application and hold informed discussions during interviews.

Interviews, though demanding, proved to be valuable learning experiences. Engaging with industry professionals allowed me to express my passion for cybersecurity and demonstrate how my educational background aligned with the field. Emphasising a commitment to continuous learning and a proactive mindset, I demonstrated my readiness for the dynamic cybersecurity environment. Each application and interview has contributed to my growth, reinforcing my dedication to a successful career transition into this critical domain.

www.linkedin.com/in/basila-shamsudeen-shaffi

Elisabeth Chen studied cybersecurity at Liberty University Online, based in Virginia, US. She first gained a general information systems degree and then went on to gain a master’s in cybersecurity.

“I’ve always wanted to work in IT but I didn’t know that I wanted to be in cybersecurity specifically until I was in college,” she says. “My current job is my first in the industry and I work as a cybersecurity analyst. I hope to work toward earning several certifications as I progress in my career. I’ve earned my CC from ISC2, and I hope to go on to earn my security + and perhaps a networking + certification as well.”

She adds: “I believe soft skills are just as important as hard skills to being a good cybersecurity professional. Understanding how to communicate, especially with people who aren’t very good with technology is very important to being good at my job.

“Creativity makes all the difference, because solutions are rarely straightforward. While I did work towards these skills in my education, I also found communities in platforms like LinkedIn and publications where I could hear from others and read up on modern issues.”

Chen says she was one of the few females in her classes and is presently the only female cybersecurity professional in her workplace. “However, I have been very lucky in that I never felt disadvantaged. My colleagues have been great and do a great job fostering equality. I have no regrets about my career choice, but I do wish I had taken more programming and networking classes at school.

www.linkedin.com/in/elisabeth-chen-6ba66126b

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?

I say: picture being the defender of the digital realm, safeguarding it against invisible threats and ensuring the security of this online world. I tell them cybersecurity is not only about code or computer geeks; it’s about thinking strategically, collaborating effectively and adapting to an everevolving landscape.

I explain that my passion for cybersecurity stems from the thrill of solving complex puzzles and making a tangible impact in the digital space. I tell them cybersecurity offers an exciting career path filled with opportunities to make a difference and be at the forefront of innovation in the digital age.

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experience today compare?

My initial attraction to cybersecurity stemmed from a desire to protect digital assets and combat cyber threats. However, as I’ve delved deeper into the field, I’ve realised cybersecurity is a multifaceted domain that extends far beyond conventional perceptions. It is not only about building digital fortresses; it’s

about understanding the intricate dance between attackers and defenders, constantly evolving strategies to outsmart adversaries and staying ahead of emerging threats.

Through experiences in vulnerability analysis and threat detection I’ve learned the importance of creative problem-solving, swift reaction and continuous learning in navigating the dynamic landscape of cybersecurity. These insights have fuelled my passion for the field, driving me to embrace resilience, innovation and to relentlessly pursue excellence in safeguarding digital environments.

My journey in cybersecurity has been a revelation, transforming my initial perceptions into a deeper, more nuanced understanding of the field’s complexities and challenges. Each experience, from uncovering vulnerabilities to detecting emerging threats, has underscored the importance of adaptability, critical thinking and proactive defence strategies. My passion for cybersecurity remains unwavering, despite the evolving nature of cyber warfare. That desire is fuelled by a commitment to constant growth, innovation and the protection of digital assets against ever-evolving threats.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

My aspiration is to secure employment in vulnerability assessment and forensics. Motivating this choice is the opportunity to delve into the intricate layers of digital systems, uncovering vulnerabilities and fortifying defences against potential threats.

The role of a vulnerability assessor appeals to me because it involves not only identifying weaknesses in digital infrastructures but also devising robust strategies to mitigate risks and enhance overall security postures. Similarly, the field of forensics intrigues because it offers the chance to investigate cyber incidents, analyse digital evidence and piece

together the intricate puzzle of a cyberattack. The prospect of contributing to the proactive defence of digital assets and aiding in post-incident analysis drives my aspiration towards these specific cybersecurity roles.

When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

I was lucky to have strong support from my family, professors and friends. My professors recognised my knack for creative problem-solving and my love for tackling complex challenges. During my undergraduate studies I discovered my passion for data science, where I enjoyed analysing data to find patterns and make predictions, especially with the help of artificial intelligence. It was during this time I became interested in cybersecurity after working on a project where I used data to detect malicious activities in networks. This experience ignited my interest in cybersecurity and inspired me to pursue a career protecting digital assets and fighting cyber threats.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

I have actively sought practical experience through virtual internship programs during my semester breaks. I participated in programs offered by Forage for companies like ANZ and Deloitte, where I gained valuable insights into the field of cybersecurity and developed practical skills.

These experiences allowed me to apply my academic knowledge to realworld scenarios and understand the practical implications of cybersecurity in professional settings. Additionally, I am eagerly looking forward to starting my work placement this year with the Department

of Finance, where I aim to further enhance my practical skills and contribute effectively to the cybersecurity team.

The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice?

I am working towards obtaining ISC2 certification and passing the Microsoft Exam SC-900. These align closely with my career goals and aspirations because they provide comprehensive coverage of essential cybersecurity concepts and technologies. Additionally, they are recognised and respected within the industry, so will increase my credibility as a cybersecurity professional.

I also plan to pursue CISSP certification, because it is widely regarded as a benchmark for cybersecurity expertise and leadership. By obtaining these certifications, I aim to demonstrate my commitment to continuous learning and development in cybersecurity while enhancing my skillset to meet the evolving demands of the industry.

Given the rapid evolution of cybersecurity threats, do you feel your academic program adequately keeps pace with the industry’s current landscape?

While my academic program provides a strong foundation in fundamental concepts and principles, I believe there is always room for improvement to ensure alignment with the industry’s current landscape. To address this, I actively seek out additional learning opportunities beyond the classroom, such as online courses, workshops and participation in cybersecurity communities. These endeavours allow me to stay informed about the latest developments, emerging threats and best practices. Additionally, by pursuing industry certifications and LinkedIn learning and engaging in hands-on project, I will further enhance my practical skills and readiness to tackle real-world cybersecurity challenges.

What aspect of your cybersecurity studies excites you the most, and why?

The fusion of data analysis with security strategies excites me the most. Coming from a computer science background, I’m drawn to the practical application of analytic techniques to identify and mitigate cyber threats. This interest grew from my involvement in projects where I used data analysis to proactively address vulnerabilities and enhance cybersecurity measures.

The ability to uncover patterns and anomalies within datasets not only enables potential cyber attacks to be predicted and prevented, it also underscores the critical role of data-driven decision-making in bolstering digital defences. This combination of analytical skills and cybersecurity expertise ignites my passion for exploring innovative solutions to safeguard digital assets and tackle emerging threats.

Conversely, which aspect of your studies do you find least interesting or useful, and how do you navigate through it?

I occasionally encounter topics that feel less captivating, particularly those centred around

theoretical frameworks and abstract concepts. However, recognising the importance of a comprehensive understanding, I navigate through these less stimulating areas by seeking practical applications or real-world examples that demonstrate their relevance. Additionally, I often engage in discussions with peers and mentors to gain alternative perspectives and insights, which help me to contextualise the material and make it more engaging. This approach ensures that, even in areas where my interest might wane, I remain committed to grasping the underlying principles and their practical implications for the cybersecurity landscape.

www.linkedin.com/in/fzahoor13

Nicky Bryant is a dedicated student specialising in security and intelligence in Arizona, USA. Here, she shares her journey into the realm of IT security. Her insights provide a glimpse into the evolution of her passion and the challenges she has faced.

When she was young her interest in public service led her to consider law enforcement as a career. However, when she explored the diverse programs in security, cyber and intelligence at her current university, she discovered the captivating world of cybersecurity.

During her university years, Bryant developed a deep affinity for preventative security: averting incidents and attacks before they become real threats. Reflecting on the early stages of her career, she emphasises the complexity of constantly analysing unforeseen aspects and biases, a challenge she finds both daunting and fascinating.

Bryant also has a passion for emergency medical services (EMS) and was uncertain whether to pursue this as a career rather than cybersecurity. She feels fortunate to have found a balance between these two significant interests by pursuing EMS in a volunteer capacity.

Bryant’s journey in cybersecurity progressed without a predefined vision of specific roles. Her advice to her high school self and other aspiring cybersecurity professionals would be to start from the ground up, stay hungry for knowledge, and not be deterred by

a lack of initial qualifications or of experience.

She emphasises the importance of university study focusing on various aspects of cybersecurity to build a strong foundation. When contemplating job offers, she emphasises the significance of company culture.

She acknowledges the substantial influence of her professors and mentors on her cybersecurity career and recommends students build connections with educators who can serve as valuable mentors.

The most satisfying aspect of Bryant’s current role is her awareness that her work in cybersecurity has a genuine impact on the world and this compensates for the challenges of maintaining work/ life balance and clear boundaries, and embracing leadership roles.

To stay current and effective in her role, Bryant engages in daily briefings, subscribes to reputable sources and actively participates in cybersecurity conferences. She emphasises the value of belonging to industry groups and advises individuals transitioning into the field to embrace their strengths and apply their diverse skills.

Her journey is an inspiration to those navigating the intricacies of cybersecurity, showcasing resilience, passion and a commitment to making a tangible impact on the world.

DEVYANI BHATTACHARYA

Devyani Bhattacharya was born in Madhya Pradesh, India and moved to Sydney when she was 10 years old. She is studying at Macquarie University for a Bachelor of Information Technology with a major in cybersecurity and a minor in AI. She is at the start of her third year and expects to graduate in June 2025. She also has an intern role as a cyber risk consultant at GuardWare Australia..

Bachelor of Information Technology Student at Macquarie University

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?

Cybersecurity is a fast paced and captivating industry. It offers challenges and opportunities and a chance to expand your knowledge and skills. With threats in the digital landscape constantly on the rise, cybersecurity professionals are in high demand. This demand translates into promising salaries. So, if you’re looking for a career path that offers stability and financial rewards, cybersecurity has got you covered.

Lastly, one of the most striking aspects of the cybersecurity community is its inclusivity. Regardless of your background or skill level there’s a place for you in this field. It’s a welcoming environment where diversity is celebrated and where everyone is encouraged to pursue their passions.

Reflecting on your initial perceptions of cybersecurity when you first considered

studying it, how does the reality of your experiences today compare?

I initially envisioned a highly specialised and technical field, thanks in part to how cybersecurity is portrayed in the media. It seemed to be a mysterious domain, shrouded in complexity. Yet, as I embarked on this journey, I soon realised my assumptions were far from reality. Cybersecurity professionals are not solitary figures hidden behind screens in dimly lit rooms. They are just like any other corporate individuals, collaborating with colleagues and making things happen.

I was initially pursuing psychology at university, so a switch to cybersecurity was daunting. However, I decided to go ahead with no experience or background but an open mind. With plenty of resources out there and a very supportive community keen to welcome me, I’ve never felt more passionate about anything.

As I delved deeper into the realm of cybersecurity

I quickly realised there’s a diverse range of roles to explore. For someone like me, who has an analytical mind and thrives on social interaction, positions such as consultant, incident response team member and security operations centre analyst stood out. Cybersecurity embraces a wide range of skillsets and preferences, whether you lean towards the technical aspects or prefer a more people-oriented role.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

My career aspirations in cybersecurity are driven by my passion for teamwork, my analytical mindset and my desire to make a meaningful impact defending against cyber threats. I am excited about the prospect of contributing to the security of organisations and helping to safeguard their digital assets. Specifically, I’m drawn to security operations centre analyst, incident response, blue team and/or consulting roles.

My motivation for choosing these roles stems from

my preference for collaborative environments rather than independent work. Additionally, I’m motivated by the opportunity to use my analytical mind to solve complex problems and mitigate security threats effectively.

My interest in incident response was sparked by my experience at the AWSN Incident Response competition in 2023. During the competition my team and I were immersed in a simulated cyber crisis scenario, mirroring real-world incidents. We had to respond swiftly and effectively using various skills such as digital forensics, network traffic analysis and communication, with stakeholders such as board members. This experience provided invaluable hands-on exposure and reinforced my desire to pursue a career in incident response.

Similarly, my internship experience at Sparke Helmore exposed me to the world of blue teaming and SOC where I gained valuable insights into defensive cybersecurity strategies and techniques. I was inspired by the proactive approach of blue teams to identifying and mitigating security risks before they escalate into incidents.

Lastly, subjects such as digital forensics, which I studied at university, further fuelled my interest in roles within SOC environments. I was fascinated

by the investigative aspect of digital forensics and the crucial role it plays in incident response and threat detection.

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

The most influential factor thus far has undoubtedly been my aunt. Despite her living in the USA and me seeing her only every couple of years, her impact on my career path has been profound. She’s deeply involved in cybersecurity, specialising in architecture. While she did not directly push me into cybersecurity, her passion for IT and technology certainly rubbed off on me. I was initially majoring in business analysis and information systems and, through a few elective courses, I found myself drawn to cybersecurity. Now, our shared interest has given us even more to talk about whenever we catch up.

Growing up, I was always drawn to puzzles and mysteries, whether unravelling clues in murder mystery games or piecing together evidence to crack the case. Cybersecurity, as it turns out, is like a real-life puzzle-solving adventure, exceeding my expectations and constantly capturing my interest.

In addition to my aunt, my father played a significant role in my journey. Working in IT himself, he has been a constant source of motivation and support throughout my degree course. His unwavering encouragement meant the world to me, giving me the confidence and reassurance I needed to pursue my passion for cybersecurity.

In essence, the combined influence of my aunt’s expertise and shared mindset coupled with my father’s unwavering support have significantly shaped my path in cybersecurity, igniting my curiosity and fuelling my aspirations in this dynamic field.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment

or internships?

Here’s a breakdown of my main experiences.

Internship at Sparke Helmore. This IT internship provided me with invaluable exposure to the security and infrastructure teams. Job shadowing SOC analysts and infrastructure specialists gave me a firsthand perspective on how things operate in the cybersecurity realm outside of the academic environment.

Cisco Mentor Me Program. Participation in this mentorship program equipped me with essential skills beyond technical expertise, such as interview skills and LinkedIn profile writing. Additionally, it provided me with access to valuable resources and helped expand my professional network, which is crucial in the cybersecurity industry.

GuardWare Cyber Risk Consulting Internship. My current internship at GuardWare is giving me handson experience in the consulting side of cybersecurity. Working with SMEs allows me to gain insights into real-world consulting practices and helps me determine if this career path aligns with my interests and goals.

It is commendable that GuardWare recognises the challenges facing cybersecurity interns and graduates and actively works to provide practical experience beyond academic qualifications. The biggest hurdle for anyone starting out in this industry is that companies want to hire people with three to four years’ experience. Because of this many newcomers struggle to get their initial breakthrough. By offering opportunities for hands-on learning and mentorship, GuardWare is not only preparing interns like myself for the industry but also addressing the need for experienced personnel in cybersecurity.

What aspect of your cybersecurity studies excites you the most, and why?

What excites me the most is the vibrant and supportive community at Macquarie University. While the coursework and lecturers are undoubtedly

excellent, it’s the sense of camaraderie and collaboration that truly sets Macquarie apart.

Participating in hackathons, workshops and other events has been incredibly rewarding. I’ve found people with more experience always willing to lend a helping hand and provide encouragement, fostering a culture of continuous learning and growth.

In particular, my time as a marketing executive at the Women in Computing Society has been instrumental in sparking my interest in cybersecurity. Organising and collaborating in Introduction to Hacking workshops has given me firsthand exposure to the fascinating world of cybersecurity and its vast potential.

Moreover, cybersecurity itself is an incredibly dynamic and stimulating field. The constant influx of new threats and challenges means there are always unknowns to navigate, keeping me on my toes and pushing me to stay ahead of the curve. I thrive in environments where there’s never a dull moment, and cybersecurity offers endless opportunities for learning and professional development.

Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges? I can relate to the challenge of coding in cybersecurity studies, especially when a semester feels rushed due to the pressure of other academic units. I’ve found the key to overcoming this challenge lies in proactive preparation and seeking out additional resources for support. I make it a habit to familiarise myself with the syntax and language usage well in advance. By reviewing a couple of weeks before the semester begins, I can hit the ground running when classes start and have a solid foundation to build upon.

Moreover, I actively seek out supplementary resources to reinforce my understanding of coding concepts. This includes textbooks, online tutorials,

YouTube videos and other online resources that provide alternative explanations and examples.

Lastly, I take advantage of the assistance and support available to computing students at my university. Whether it’s attending office hours, seeking help from teaching assistants, or participating in study groups.

Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?

While technical skills are undeniably crucial in cybersecurity coursework, there’s room for additional emphasis on non-cyber skills, particularly interpersonal communication and management skills.

In the real world, cybersecurity professionals are not sitting behind screens all day. They are often required to communicate complex IT and security information to colleagues and stakeholders who may not have the same technical background, or to manage cybersecurity programs. Therefore, strong interpersonal communication skills are essential for effectively conveying information, building relationships and gaining buy-in for security initiatives.

It’s also worth considering the potential pitfalls of solely focusing on technical coursework. Without exposure to non-cyber skills, students may struggle to adapt to the demands of the workplace where effective communication and leadership are often just as important as technical proficiency. Therefore, integrating training in non-cyber skills into cybersecurity coursework can better prepare students for the holistic requirements of future roles and ensure they are equipped to excel in a variety of professional settings.

What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?

With most of my accounts I use MFA for login purposes and I use devices with pre-installed antivirus software. Here are additional things I do that help me stay cybersafe.

• By using a password manager I can generate and store complex, unique passwords for each of my accounts, minimising the risk of a breach if one password is compromised.

• By using different email addresses for different purposes (like one for shopping and another for banking) I can compartmentalise my online presence and reduce the impact of a potential breach.

• By ensuring my social media accounts are set to private I can control who has access to my personal information and minimise the risk of identity theft or social engineering attacks.

• By avoiding public Wi-Fi networks like those in malls or airports, or using my own hotspot, I reduce the risk of my data being intercepted.

www.linkedin.com/in/devyani-bhattacharya-62a44a255

How Olivia and Jack’s parents handle social media on a sleepover

Sleepovers are very popular in Olivia’s and Jack’s circle of friends. Jack had been invited to a summer sleepover with a few other boys to celebrate the end of the school year. He had been previously and liked the adventure of going to a friend’s house. He always took his little bear with him. Even though he had almost finished primary school he liked having a small piece of home with him.

During the past year at school, Jack noticed that many of the children had started using a social media messaging app called Chit Chat. The app was recommended for people 13 and older. Even though none of the children had turned 13 many were using it. Jack was under a lot of pressure from his friends to get the app and use it to connect, and his friends without it were left out. Unfortunately, there were whispers going around about the extent of bullying on the app, and some children were taking photos of each other without permission and posting them in the app. Not everyone misused Chit Chat, but there were always some not doing the right thing.

Some of the parents contacted the school to complain and share their concerns. The school made some announcements and held a parent evening to educate parents and caregivers about the safe use of social media, what to watch out for and how to educate children in the appropriate use of apps and devices.

Olivia, Jack and some of the other girls and boys did not use Chit Chat because their parents did not think it was age appropriate and preferred to follow the recommended age guidelines set by Australia’s eSafety Commissioner.

Before Jack’s upcoming sleepover party at Oliver’s, his mother contacted Oliver’s parents to learn about his family’s house rules around social media and devices.

Oliver’s parents explained they had a “no device in bedrooms or bathrooms rule” and that devices were locked away in a special box overnight. They admitted that, in the past, there had been some problems with their older children spending too much time on Chit Chat, including being involved in online cyber bullying.

They had also set up time restrictions for their younger children and encouraged their older children to consider how they spent their time online.

In general, they tightly controlled the posting of photos on social media. They did not let their younger children post any photos online without parental permission, and they encouraged their older children to be very mindful of what they were posting online and, with photographs of people, ask permission from the subjects before posting. Issues related to people’s digital footprint were discussed regularly at the dinner table, along with the handling of interactions with strangers.

Olivia’s and Jack’s parents felt a lot more confident about Jack going for a sleepover at Oliver’s house. They reiterated the following house rules and explained why they were important.

• Devices will be locked away at night and cannot be used in bedrooms or bathrooms, to remove any temptation to use devices when there are no adults around to supervise.

• Posting photos of other people should happen only with their permission.

• If you are contacted by a stranger online do not engage. If this happens, tell an adult and ask for help.

• If you experience cyber bullying, take a screen shot or save the post and tell a trusted adult so they can help you deal with it. You can report it to Chit Chat or the social media platform on which it happened, or to authorities such as the eSafety Commissioner.

• Do not share any personal information with any strangers online, such as where you live, and be very careful when accepting friend requests that the ‘friend’ is who they claim to be. If in doubt, ask a trusted adult for help.

www.linkedin.com/in/lisarothfield-kirschner howwegotcybersmart.com

Lisa has partnered with Cool.Org , and her content is found on the Department of Education website .

WOMEN IN SECURITY MAGAZINE CONTRIBUTORS

1. NATHAN CHUNG

Cloud Security Architect

2. AMANDA-JANE TURNER

Author of the Demystifying Cybercrime series and Women in Tech books. Conference Speaker and Cybercrime specialist

3. DR FAUZIA IDREES ABRO

Associate Professor, Director DL MSc in Cyber Security and Campus MSc in Information Security at Royal Holloway, University of London

4. KENIA CARVALHO

VP, Regional Information Security Lead at BNY Mellon

5. ROMA SINGH

Cyber Security Specialist

6. SHEAVY KAUR

Information Security Specialist at RAAFA WA

7. BETH DWYER

Senior Information Security Consultant, Cyber GRC at MYOB

8. FLORENCE MOTTAY VP and CISO at Zalando

9. DR MOHUYA CHAKRABORTY

Director of the Cybersecurity Centre of Excellence at the University of Engineering and Management (UEM) in Kolkata

10. HEIDI MEJIA

Client Executive at Tesserent

11. NALINI JADIA

Sr Cyber Security Risk Leader

12. CHERYL POME’E

Digital Security Lead, GRC - ALGIM ICT Professional of the Year 2023

13. ASH MOHANAPRAKAS

Head of Information Security at Vault Platform

14. CRAIG FORD

Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC and Baidam Solutions

15. SASHA MULLINS

Strategy & Risk Consulting, CyberCX

16. POOJA SHIMPI

Founder & CEO, SyberNow | We specialise in Security Awareness to Mindfulness Trainings for corporates

17. JO STEWART-RATTRAY

ISACA’s Oceania Ambassador and Chief Security Officer of Silverchain Group

18. DR VICKI GIBBS

Head of Research, Aspect Research Centre for Autism Practice

19. DAHYE BAKER

Web Developer | Consultant at deyst solutions

20. GILY NETZER

3X CMO, Advisory Board and Member of Forbes Communication Council

21. KAREN STEPHENS

CEO and co-founder of BCyber

22. JASMINE MCCRUDDEN

Cyber Security Recruitment Specialist @ Decipher Bureau

23. SIMON CARABETTA

Business Development Manager - Cyber Security at Digital Resources Australia

24. LISA VENTURA

Founder, Cyber Security Unity

25. ANNIE-MEI FORSTER

Senior Cybersecurity Consultant at oobe

26. YASAMAN SAMADI

PhD student in Computer Science at RMIT University

27. BERNIE GARNELL

Bachelor of Computer Science at Auckland University of Technology

28. TIAN SANG

Cert IV in Cyber Security Graduate at Holmesglen Institute of TAFE

29. BASILA SHAMSUDEEN SHAFFI

Basila holds a master's degree in cybersecurity from Cyber Heals Academy, an MSc in computer science and bachelor's degrees in education and computer applications.

30. ELISABETH CHEN

Young Cybersecurity Professional

31. AROOJ FATIMA

Masters of Cybersecurity Student at Edith Cowan University

32. NICKY BRYANT

Student specialising in security and intelligence in Arizona, USA

33. DEVYANI BHATTACHARYA

Bachelor of Information Technology Student at Macquarie University

34. LISA ROTHFIELD-KIRSCHNER

Author of How We Got Cyber Smart | Amazon Bestseller

WHAT'S ON IN

March 2024

IETF 119 BRISBANE

In Person

Brisbane, Australia 16-22 March

VIEW HERE

MINORITIES IN CYBERSECURITY (MIC) ANNUAL CONFERENCE

In Person

NYLO Las Colinas | Dallas, TX 24-28 March

VIEW HERE

GARTNER SECURITY & RISK MANAGEMENT SUMMIT

In Person Sydney, Australia 18-19 March

VIEW HERE

AUSTRALIAN CYBER CONFERENCE

In Person Canberra, Australia 25-27 March

VIEW HERE

GARTNER IDENTITY & ACCESS MANAGEMENT SUMMIT 2024 UK

In Person London, UK 4-5 March

VIEW HERE

APRES-CYBER SLOPES SUMMIT

In Person Park City, Utah 19-21 March

VIEW HERE

CISO ADELAIDE

In Person

Adelaide, Australia 26 March

VIEW HERE

INTERNATIONAL CONFERENCE ON CYBERSECURITY, CYBERCRIME AND CYBERTHREATS

In Person Miami, FL 11-12 March

VIEW HERE

GLOBAL CYBERSECURITY CONFERENCE 2024 Online 20-22 March

VIEW HERE

SUNSHINE CYBER CON

In Person Tampa, FL 27-28 March

VIEW HERE

April 2024

EDITION

SECURITY

In Person Hyatt Regency, Sydney

VIEW HERE

PERTH

2024

CLOUD NEXT'24

In Person Las Vegas, NV, USA

WICYS

Nashville, Tennessee 11-13 April

VIEW HERE

VIEW HERE BLACK

HAT

CONFERENCE

ON CYBER

VIEW HERE

CYBERSECURITY EXPO

In Person Bristol, UK 25 April

VIEW HERE

THE LEARNING HUB

DATA ANALYTICS COURSE ONLINE

This online course is taught by industry experts, so you can be confident that you’ll be learning from the best. By enrolling in this program, you will gain in-demand data analysis skills. Learn how to prepare data, perform data analysis, use data visualization techniques, and more in this Data Analyst course.

FULL STACK WEB AND MOBILE DEVELOPMENT

This 22-week course will help prospective job candidates impress employers with their robust knowledge of both backend and front end development. You will learn a wide range of technologies and their applications, including MongoDB and Node.js.

ONLINE CLOUD ENGINEERING BOOTCAMP

This is an accelerated, 24week training program for IT professionals who want to advance their careers. The curriculum includes live lectures, workshops, and weekly projects covering the concepts and theories of operating systems, networks, and cloud engineering.

SOFTWARE DEVELOPMENT

This 28-week software development course will help you become a developer at a casual pace. In the first eight weeks, you’ll learn all about the basics of front end development, including HTML, CSS, and JavaScript.

JAVASCRIPT SHORT COURSE: SYDNEY

If you want to become a web developer, a JavaScript course is a great place to start. Through this course, you will leverage JavaScript’s diverse features to build interactive apps and websites. With world-class practitioners as your instructors.

INTRODUCTION TO CYBER SECURITY

This two-hour class will give you a comprehensive overview of the concepts and principles of cyber security. Aside from that, you will also learn about cyber security risks and the challenges of designing a security program.

FEATURING SECURITY

TRAINING RESOURCES THAT ARE AIMED AT INCREASING SECURITY AWARENESS AND HELPING PEOPLE BUILD AND UPSKILL THEIR SECURITY SKILLS.

ANALYZING WITH CLOUDERA DATA WAREHOUSE

This four-day course will teach you to apply traditional data analytics and business intelligence skills to big data. This course presents the tools data professionals need to access, manipulate, transform, and analyze complex data sets using SQL and familiar scripting languages.

VISIT HERE

CYBER SECURITY FOR BEGINNERS

From the same firm that brought you The Daily Security tip comes Heimdal Security’s Cyber Security Course for Beginners. Although this, too, is email-based, its syllabus is significantly more extensive than that of The Daily Security Tip.

BUSINESS ANALYTICS

Business Analytics is not based on rote memorization of equations or facts, but focuses on honing your understanding of key concepts, your managerial judgment, and your ability to apply course concepts to real business problems.

CYBERSECURITY BASICS

Cybersecurity basics covers the history of cybersecurity, types of cyberattacks, and key security concepts and tools. This class serves beginning learners. Graduates can apply the course toward the requirements for the professional certificate in IBM cybersecurity fundamentals.

VISIT HERE

CYBERSECURITY SKILLS ONLINE

As the name suggests, Cybrary is an online library for cybersecurity, IT and other InfoSec-related study materials. After creating a free account, you get access to almost 500 courses, each ranked by their difficulty and all of them free.

MILITARY-GRADE CYBERSECURITY TRAINING

NexGenT was created by two US Air Force veterans with extensive experience teaching and training network engineering and cybersecurity.

TERRIBLE, THANKS FOR ASKING

With Nora McInerny

Delve into the raw and authentic realm of human emotions with "Terrible, Thanks For Asking," hosted by Nora McInerny. Through candid conversations, Nora navigates life's complexities, sharing stories of resilience and vulnerability that resonate universally, making it an indispensable addition to this collection of podcasts tailored for a female audience seeking diverse and meaningful narratives.

CLICK TO LISTEN

UNLOCKING US

With Brene Brown

This is an enriching podcast where meaningful conversations unravel insights on vulnerability, courage, and connection. With Brene's expertise in human behavior and engaging interview style, the podcast offers a valuable resource for women seeking self-improvement and genuine connections in everyday life.

CLICK TO LISTEN

FIERCE GIRLS

With Amy Shark, Yael Stone and more From athletes to aviators, scientists to spies. From the deep blue sea to the dark, black skies. Australia is full of girls who dare to do things differently. Adventurous girls. Girls with guts and spirit.

Join the amazing Amy Shark, Yael Stone, Dame Quentin Bryce, Claudia Karvan, Turia Pitt, Stephanie Gilmore, Leah Purcell and more as they tell the inspiring tales of some of Australia's most extraordinary women.

WE CAN DO HARD THINGS

With Glennon Doyle

"We Can Do Hard Things," led by Glennon Doyle, intricately weaves personal experiences with profound life lessons, resonating deeply with its female audience. Through candid dialogues and introspective monologues, Glennon navigates complex themes, offering a source of inspiration and empowerment among the carefully curated assortment of podcasts tailored to women's diverse interests and aspirations.

CLICK TO LISTEN

SECOND LIFE

With Hillary Kerr

With Creative Process podcast

Listen to Empowering Stories from Inspiring Women, discussing their lives, work & creative process.

CLICK TO LISTEN CLICK

Hillary Kerr brings you "Second Life," an inspiring glimpse into the transformative journeys of women who have successfully pivoted careers.

THE GUILTY FEMINIST

With Deborah Frances-White

This podcast humorously and thoughtfully explores the intersection of feminism and everyday imperfections. It provides a distinctive perspective within the collection of podcasts designed to resonate with women, navigating the complexities of modern gender discourse with both honesty and levity.

THE MEL ROBBINS PODCAST

With Mel Robbins

This podcast is an empowering resource for women, combining actionable life advice with personal anecdotes to drive positive change. With Mel Robbins' engaging delivery and expertise in motivation, the podcast stands out as a treasure in the assortment of podcasts catering to the leadership and aspirations of women. CLICK

STUFF MOM NEVER TOLD YOU

With Anney and Samantha

With a balanced blend of research and personal stories, the podcast dives into chats about womanhood, history, and modern challenges, making it an enriching choice among the curated selection of women-centric podcasts. CLICK

SHE WILL SHINE

With Casey Benjamin

The She Will Shine podcast brings you the real stories of female business owners. Discover their journey, their motivation, and the challenges they faced to create a successful business on their own terms. CLICK TO

THE HIDDEN ECONOMICS OF REMARKABLE WOMEN

With Reena Ninan

A Foreign Policy series about women creating change through economic empowerment, hosted by Reena Ninan. This season, we have partnered with journalists around the world to cover underreported ways women are challenging the status quo.

THE ART OF SPEAKING UP

With Jessica Guzik

The Art of Speaking Up is a podcast that empowers professional women to achieve their wildest career goals by helping them strengthen their voices and find their inner power. CLICK

SHIFTING TO THE POSITIVE: A WOMAN’S GUIDE TO POSITIVE THINKING

Embark on an empowering exploration with a guide that's more than just a book; it's a beacon of hope and inspiration for women seeking to transform their lives. Shifting to the Positiveoffers a compassionate approach to rediscovering your inner strength and turning every challenge into an opportunity for growth.

BUY THE BOOK

THE LITTLE BOOK OF FEMINIST SAINTS

This book is filled with tidbits and facts about history’s most prominent women. It's perfect for getting your daily dose of inspiration.

BUY THE BOOK

THE EMOTIONALLY ABUSED WOMAN: OVERCOMING DESTRUCTIVE PATTERNS AND RECLAIMING YOURSELF

Does your husband or lover constantly criticize you and put his needs before yours? Do you sometimes wonder if your best friend is truly a friend? Does your boss try to control your every move? Does your fear of being left alone keep you in chronically hurtful relationships? If any of these questions sound familiar, you could very well be suffering from emotional abuse--the most widespread but also the most hidden abuse that women experience. This type of abuse is just as damaging as physical or sexual abuse. But there is help in this invaluable compassionate sourcebook. As a marriage, family, and child therapist who has grappled with these issues herself, Beverly Engel guides you through a step-by-step recover process, helping you shed the habits begun in childhood and take the first few steps toward healthy change.

BUY THE BOOK

WOMEN, PEACE AND SECURITY

This book offers an accessible overview of the issues related to the Women, Peace, and Security (WPS) global agenda. This new edition has been updated and includes new chapters on WPS and Environmental Change and on WPS in Regional and Security Organizations.

BUY THE BOOK

FREE WOMAN: LIFE, LIBERATION, AND DORIS LESSING

//

Free Woman begins at a wedding and ends in the African bush. This is a memoir of Feigel's own journey as a writer, which becomes enmeshed with that of Doris Lessing. Co-opting a dead novelist into an obsessive, ambivalent relationship, Feigel sets about learning from her about how to live.

BUY THE BOOK

CIRCE

Author // Madeline Miller

When I was born, the name for what I was did not exist. Circe is the daughter of Helios, the sun god, and Perse, a beautiful naiad. Yet from the moment of her birth, she is an outsider in her father's halls, where the laughter of gossiping gods resounds. Named after a hawk for her yellow eyes and strange voice, she is mocked by her siblings - until her beloved brother Aeëtes is born.

BUY THE BOOK

MUMPRENEUR EVOLUTION - ON OUR TERMS

Author // Erin Thomas Wong

On Our Terms: An inspirational book for women in business: 23 success stories of building businesses around family life.

BUY THE BOOK

THE SOUL OF A WOMAN

Author // Isabel Allende

As a young woman who grew up in the first feminism wave in the 1960s, Isabel Allende has her fair share of accomplishments, including meditation power and what it mean to be a woman. This book offers unique insights into all of that.

BUY THE BOOK

ASK FOR IT: HOW WOMEN CAN USE THE POWER OF NEGOTIATION TO GET WHAT THEY REALLY WANT

Author // Linda Babcock & Sara Laschever

Women learn how to change their fear of negotiating into confidence that they’ll gain more if they ask for more—more pay, more status, more resources, more equitable treatment. Required reading for working women.

BUY THE BOOK

SECURING OUR FUTURE: EMBRACING THE RESILIENCE AND BRILLIANCE OF BLACK WOMEN IN CYBER

Author // The Black Women In Cyber Collective

This book offers solace, unity, and motivation for those who feel marginalized in the realm of technology and cyber, inviting them to discover a supportive community and the courage to amplify their voices. Moreover, it provides an eye-opening experience for those who are part of the majority and haven't experienced being "othered" in this industry.

BUY THE BOOK

BIG MAGIC: CREATIVE LIVING BEYOND FEAR

Author // Elizabeth Gilbert

Readers of all ages and walks of life have drawn inspiration and empowerment from Elizabeth Gilbert’s books for years. Now this beloved author digs deep into her own generative process to share her wisdom and unique perspective about creativity.

BUY THE BOOK

THE CONFIDENCE CODE: THE SCIENCE AND ART OF SELF-ASSURANCE---WHAT WOMEN SHOULD KNOW

Author // Katty Kay & Claire Shipman

Confidence. We want it. We need it. But it can be maddeningly enigmatic and out of reach. The authors of the New York Times bestseller Womenomics deconstruct this essential, elusive, and misunderstood quality and offer a blueprint for bringing more of it into our lives.

BUY THE BOOK