EMPOWERING TOMORROW'S LEADERS: A FUSION OF EDUCATION AND ENTREPRENEURSHIP
P10 OT SECURITY: PROTECTING OUR MOST CRITICAL ASSETS TO SAFEGUARD OUR FUTURE
P48 ADVANCING THE CYBERSECURITY SECTOR THROUGH WORKFORCE DIVERSITY
P54
EMPOWERING TOMORROW'S LEADERS: A FUSION OF EDUCATION AND ENTREPRENEURSHIP
P10 OT SECURITY: PROTECTING OUR MOST CRITICAL ASSETS TO SAFEGUARD OUR FUTURE
P48 ADVANCING THE CYBERSECURITY SECTOR THROUGH WORKFORCE DIVERSITY
P54
Welcome to a milestone edition of Women in Security Magazine as we proudly present our 20th issue. This significant milestone prompts me to pause, reflect and recommit to my mission: fostering a vibrant, inclusive future for cyber security.
Our theme for this edition “The Future is Now” could not be more apt. It serves as both a rallying cry and a sobering reminder of the imperative before us. The future of cyber security hinges on our ability to inspire, educate and empower the next generation of professionals. It’s a challenge that demands our immediate attention, because the talent pipeline we nurture today will shape the industry of tomorrow.
“Today’s children are tomorrow’s cybersecurity warriors. We must empower them with the knowledge, skills and values to protect our digital world.”
- Barack Obama
Consider for a moment the rapid pace of technological advancement. With each innovation, new opportunities and threats emerge, underscoring the critical need for skilled cyber security experts. Yet, as we navigate this ever-evolving landscape, we must not lose sight of the human element at its core.
Cyber security is more than just a job; it’s a calling, a community, a connection. It’s about safeguarding not only systems and data but also the trust and confidence of individuals and organisations worldwide. To uphold this trust we must build a workforce that reflects the diversity and richness of the communities we serve.
In this issue we embark on a journey of exploration and discovery. We shine a spotlight on the bright and aspiring individuals entering cyber security, each bringing their unique perspectives and aspirations. Through insightful interviews and thought-provoking features we explore strategies to empower these emerging leaders, nurture their skills through innovative self-learning portals and exhilarating CTF competitions, and foster a culture of generosity and mentorship that transcends generational and societal boundaries.
As you delve into the pages of this magazine I encourage you to not only absorb the wealth of knowledge and insight it offers but also to reflect on your role in shaping the future of cyber security. Whether you’re a seasoned professional, a budding enthusiast or an advocate for diversity and inclusion, your contributions matter.
Together, let us reaffirm our commitment to building a future where cyber security is not only a profession but a beacon of hope and resilience. Let us seize the present moment to lay the foundation for a tomorrow that is brighter, safer and more inclusive for all.
“The next generation holds the key to unlocking the future of cyber security. Their digital native instincts, coupled with a passion for innovation and a drive for social good, will shape the landscape of cyber defence for years to come.”
Thank you for joining us on this journey.
If there’s a feature, topic, theme, career advice or an incredibly inspirational individual you believe should be showcased in the magazine, don’t hesitate to reach out to me. Your input is invaluable in shaping content that resonates with our readers.
Abigail SwabeyPUBLISHER, and CEO of Source2Create
www.linkedin.com/in/abigail-swabey-95145312
aby@source2create.com.au
Abigailthe book itself. She is a 9 year old avid internet user, and I do worry about what she gets up to and the choices she makes. We limit her access and have cyber security overlays on her devices - but we are not too clued up on cyber security so it was always a worry. This book has been great to get conversation flowing that I didnt really know how to start up, and it has definitely taught her some worthwhile lessons on things to look out for and "shadowy corners" of the internet to be cautious of! I recommend this book.
No team in any discipline is a static entity: people join, people leave; they aspire to advance their careers, some into specialised niches, others into managerial or leadership roles.
Akey responsibility of every senior manager is to oversee and guide these aspirations in the best interests of the individuals and the organisation they serve. This requires managers to be attuned to the aspirations and abilities of individuals, to see potential in some they do not see in themselves and help them realise that potential.
And it means striving to ensure the organisation gets the best possible leaders, in each of many diverse leadership positions. Today’s cybersecurity industry with its rapidly evolving threat landscape, driven by rapid and far reaching technology developments, arguably requires a particular blend of leadership skills.
Telstra CISO for Asia Pacific, Narelle Devine, is responsible for one of Australia’s largest teams of cyber security professionals. She faces these challenges across teams that are particularly diverse in geography, ethnicity and responsibilities. She says taking the leap into a leadership role can be a career defining moment for an individual. “We always want to set our leaders up for success.”
An attribute she identifies as being highly desirable in a cybersecurity leader might not be top of mind for many people: entrepreneurship. “Entrepreneurship is incredibly applicable to all sorts of different fields of study and disciplines, and real magic comes when it’s applied to fields such as STEM,” she says.
“I’ve seen a subtle demonstration where a staff member has applied all the skills an entrepreneur would possess to grab a challenge and solve it in an incredibly clever, savvy way. They had an ability to look through the challenge and see an opportunity. They could balance risk with opportunity. They were curious, resilient and innovative. Combined with their drive, passion and dedication, they delivered a great outcome.”
She lists traits associated with entrepreneurship as being curiosity, persistence, adaptability, resilience, innovation, an ability to take calculated risks, self-
awareness, creative problem solving, passion, decisiveness and long term thinking. She says many of today’s leaders exhibit these traits. “I’ve rarely met a cyber professional who isn’t passionate and persistent. Entrepreneurial flair absolutely has a place in cyber regardless of where you’re practicing your craft.
“In such a dynamic industry as cyber security, where the landscape is always changing, our leaders of tomorrow will need all these traits. There’s absolutely a place for entrepreneurial flair regardless of whether you’re trying to build a cyber security business or you’re working to help protect a large organisation. If you’re facing a complex challenge, bringing someone in who sees solutions and opportunity can help speed up the navigation through that challenge.”
No matter how entrepreneurial a good leader may be, they are nothing without a team to lead and Devine says the two need to complement each other. “Crafting a well-balanced, high performing team around a leader can be the difference between delivering on the vision and not. Look for people who complement you and have strengths that compensate for your weaknesses. Make sure not to skew your team with people who are too technical or too passionate about using cyber to protect the business.
Entrepreneurship is incredibly applicable to all sorts of different fields of study and disciplines, and real magic comes when it’s applied to fields such as STEM. I’ve rarely met a cyber professional who isn’t passionate and persistent. Entrepreneurial flair absolutely has a place in cyber regardless of where you’re practicing your craft.
– Narelle Devine
“Technical skills and passion are important but a balanced team with all-round people, process and technology skills is really important; a team that knows how to challenge the business, and each other, and with that special attitude that tries to work hard with other teams to find a way to successfully balance cyber risks with business priorities, and achieve the right outcomes.”
As for the other attributes of successful leaders, Devine says she was “reflecting on what we look for in a leader with my trusted Deputy CISO” and they kept coming back to someone with an open, enquiring mind and willingness to learn. “We’re looking for our leaders to understand how we can keep improving cyber while also enabling the business to be successful. Those two must go hand in hand.
“Protecting the business while also enabling the business are not mutually exclusive and are key to a successful cyber leader. And an open, enquiring mind is critical to always finding new and better ways to keep up with emerging challenges and working together with the business to support new business initiatives, whilst also reducing legacy risk.”
Like professionals in every industry, cyber security professionals train to advance their careers: they take specialist cyber security courses, management, communication and leadership courses. And they can also take courses in entrepreneurship; there is no shortage of them. However, it is moot whether entrepreneurship can be taught, and there are many articles discussing this question. This one, on Wired, argues entrepreneurship can be taught, but it comes with a caveat: “A degree program in entrepreneurship can teach important skills — and perhaps help graduates achieve their goals more quickly through internships and networking opportunities. But the essential passion, drive and creativity of an entrepreneur cannot be measured or taught.”
Devine agrees: “I believe we can teach most people most things. You can have all sorts of skills, but if you don’t want to apply them, they’re mute. Passion and drive is such an important element of entrepreneurship and cannot be understated!”
On the teaching of ‘most things’ Devine says Australia does well. “We are fortunate to have access to high quality education here in Australia.” However, she stresses the importance of the informal education that “comes through experience and learning from each other,” saying: “A conscious, well-designed mentoring and peer engagement program to complement the formal learning is incredibly powerful. The rate of change, complexity and breadth of regulatory, policy, business and technology issues requires continuous learning and growth.
“We have a great ecosystem of very talented cyber leaders in Australia, and globally, who are all usually very happy to share their knowledge and experience. Having a strong professional network, supported by effective mentoring, is really important to cultivate effective, flexible, and well-rounded leaders.”
www.linkedin.com/in/narelle-devine-csm-79548826
Cybercrime is big business, thanks to technical advancement and interconnectivity creating more opportunities. This regular column will explore various aspects of cybercrime in an easy-to-understand manner to help everyone become more cyber safe.
There is no globally agreed definition of what constitutes an act of cyber warfare. However, in the twenty-first century whenever there is kinetic conflict there is sure to be disruptive cyber activity. In some cases the cyber disruption happens just prior to physical attack. Think about how Viasat’s KA-SAT network suffered from a cyber attack that disrupted Ukrainian communications just before Russia physically invaded the country. How could this not be an act of cyber warfare?
Russian cyber threat actors boast on their Telegram channels about how they have contributed to the war effort by mounting disruptive attacks against Ukraine and its allies. Meanwhile, the Ukrainian Government proudly boasts on its public military intelligence website about the cyber attacks it has mounted against Russia. It has shared images of the documents it claims to have exfiltrated from Russian government computers. Russia and Ukraine are two countries in kinetic conflict, and each is mounting
cyber attacks against the other. How can this not be cyber warfare?
With critical infrastructure so reliant on technology and the internet, enemy nations can easily disrupt essential services of a country or its allies from the safety of their own territory. In a world heavily reliant on the internet, warring nations can easily disrupt the logistics, health services, water and sewage plants and power stations of their enemies, crippling a country’s core services and impacting the health, safety and security of civilians.
War is no longer confined to the battlefield. The future of war is in cyberspace. The future of cyber warfare is now.
www.linkedin.com/in/amandajane1
www.demystifycyber.com.au
Elizabeth Omotayo’s journey into the realm of cybersecurity is a testament to her unwavering commitment to addressing societal insecurities, particularly those deeply ingrained during her upbringing in Africa. Witnessing firsthand the prevalence of cybercrimes and money laundering in her community, Elizabeth felt a calling to confront these issues headon. As she embarked on her educational journey in Canada, her interest in cybersecurity burgeoned, fueled by a recognition of the persistent threat posed by cybercriminals and the urgent need for skilled professionals to combat them.
In the early stages of her career, Elizabeth took deliberate and pivotal steps to transform her passion for cybersecurity into a professional pursuit. Armed with a thirst for knowledge and a determination to make a difference, she delved into research on cybersecurity crimes, focusing her efforts on the alarming phenomenon of cyberbullying and its dire consequences, particularly for vulnerable groups like teenage girls. Through her research, Elizabeth aimed not only to understand the mechanisms behind cyberbullying but also to identify strategies for combating this pervasive issue.
Moreover, Elizabeth’s journey was marked by a steadfast commitment to honing her practical skills. Recognising the importance of hands-on experience in cybersecurity, she took the initiative to set up a home cyber laboratory, where she could experiment with various tools and techniques in a controlled environment. Additionally, she created a threat intelligence Honeypot, a sophisticated system designed to lure cyber attackers and gather valuable insights into their tactics and strategies. Through these endeavors, Elizabeth demonstrated her proactive approach to learning and her dedication to mastering the intricacies of cybersecurity.
Unlike many individuals navigating their career paths, Elizabeth never hesitated in her conviction to pursue a career in cybersecurity. With a clear vision of her desired role in cyber operations, particularly in offensive security, she remained steadfast in her pursuit of excellence. Driven by a sense of purpose and a desire to make a meaningful impact, Elizabeth embraced each challenge as an opportunity for growth and learning, refusing to be deterred by setbacks or obstacles along the way.
Reflecting on her journey, Elizabeth offers valuable insights and advice to young and to aspiring
cybersecurity professionals. She emphasizes the importance of staying focused on one’s aspirations and listening to one’s inner voice, even in the face of uncertainty or doubt. Furthermore, Elizabeth underscores the significance of building a strong foundation in networking and programming, citing Python and JavaScript as essential skills for success in the field of cybersecurity.
Looking to the future, Elizabeth remains keenly aware of emerging trends and threats in the cybersecurity landscape. She recognises the growing importance of Artificial Intelligence and the metaverse as significant challenges that will shape the future of cybersecurity over the next two years.
To stay current and effective in her role, Elizabeth employs a multifaceted approach, staying abreast of cybersecurity news, conducting in-depth research, and actively participating in forums and community activities to raise awareness about cybersecurity threats, particularly among vulnerable populations like senior citizens.
She has ambitious goals and aspirations and plans to pursue certifications such as CISSP and ultimately aims to become a Chief Information Security Officer (CISO), leveraging her expertise and experience to lead organisations in safeguarding their digital assets and infrastructure. The aspect of her current role that brings her the most satisfaction is the analysis of reports and the utilisation of software tools to mitigate cybersecurity risks, allowing her to make a tangible impact in protecting critical systems and data.
Elizabeth Omotayo’s journey in cybersecurity portrays her passion, perseverance, and dedication to making the world a safer place. Through her relentless pursuit of excellence and her unwavering commitment to continuous learning and growth, Elizabeth embodies the qualities of a true cybersecurity professional, poised to confront the challenges of tomorrow with confidence and resilience.
www.linkedin.com/in/omotayo-e-0a66835a
www.instagram.com/the_waleola
Partner at Deloitte specialising in Transformation, Data, and Cyber
Daniella Kafouris, a Partner at Deloitte specialising in Transformation, Data, and Cyber, embarked on her journey into cybersecurity with an unconventional twist. Initially drawn to the realm of the United Nations, Daniella pursued studies in arts and law. However, her trajectory shifted upon encountering a Cyber Law diploma, sparking a newfound passion for cybersecurity.
Opting out of traditional legal pursuits, Daniella ventured into consulting, establishing her own firm, CyberAdvice. Through self-teaching and practical problem-solving, she honed her skills, ultimately catching the eye of industry leader Deloitte, where she continued to expand her expertise.
Navigating the complexities of cybersecurity, Daniella confronts challenges with unwavering resilience, balancing innovation in a turbulent economy with the perpetual threat of data breaches. In her current role at Deloitte, she spearheads transformative initiatives that integrate data-driven insights with robust cybersecurity protocols, ensuring organisations stay ahead of emerging threats while maximising operational efficiency.
Despite initial uncertainties stemming from her non-technical background, Daniella discovered the expansive nature of cybersecurity, welcoming diverse skill sets into the industry fold. Drawing from her legal and regulatory expertise, she offers a unique perspective that bridges the gap between legal frameworks and cybersecurity protocols, enhancing compliance and risk management strategies for clients across various sectors.
Her career path unfolded organically, driven by client demands and market forces, emphasising the importance of adaptability in a rapidly evolving landscape. From advising startups on cybersecurity best practices to collaborating with multinational corporations on large-scale digital transformations, Daniella’s journey reflects the dynamic nature of the cybersecurity field and the limitless opportunities it offers for professional growth and development.
Reflecting on her journey, Daniella imparts valuable advice to her younger self, encouraging a broader perspective on industry opportunities. She highlights the importance of embracing change, seizing unexpected opportunities, and staying curious in the face of uncertainty.
Looking ahead, Daniella anticipates impactful developments in cybersecurity, mentioning the need for vigilance amidst geopolitical tensions and technological advancements. With the rise of artificial intelligence, quantum computing, and interconnected digital ecosystems, she envisions a future where cybersecurity becomes even more integral to safeguarding organisational assets and protecting individual rights in an increasingly digitised world.
Beyond monetary considerations, Daniella values professional growth opportunities and influential mentors who shape her trajectory. She recognises the importance of continuous learning and collaboration in staying abreast of industry trends and emerging threats, leveraging her network to exchange insights and best practices with fellow cybersecurity professionals.
In a demanding field, Daniella prioritises worklife balance, cherishing family time amidst her busy schedule. As a dedicated wife and mother of two, she finds solace in shared meals and quality time with loved ones, recognising the importance of maintaining personal well-being amidst professional responsibilities.
To remain at the forefront of her field, Daniella embraces continuous learning, surrounding herself with brilliant minds and fostering a culture of intellectual discourse. By encouraging her team to challenge assumptions, think critically, and innovate fearlessly, she cultivates an environment where new ideas flourish, driving impactful change and driving her career forward with passion and purpose.
www.linkedin.com/in/daniellakafouris
Manager II Cyber Defence & Ops US at Ahold Delhaize
Embarking on a career in cybersecurity is akin to traversing uncharted territory, where resilience, adaptability, and a strategic mindset are essential for success. Jennifer Funk, Manager II Cyber Defence & Ops US at Ahold Delhaize, shares her profound insights and experiences, shedding light on the multifaceted nature of the cybersecurity domain.
Reflecting on the pivotal steps that catalysed her transition into cybersecurity, Jennifer underscores the significance of patience and realistic expectations. She recalls the allure of the field, coupled with the recognition that true mastery requires time and dedication. “I see a lot of people diving into the field expecting a quick change or quick learning pay off when the reality is the cybersecurity field is VAST,” she reflects. Her journey represents the importance of perseverance amidst the complexities of cybersecurity education and career development.
Throughout her professional trajectory, Jennifer encountered moments of uncertainty and selfdoubt, common sentiments shared by many venturing into unfamiliar terrain. “There were times I would feel the knowledge was not coming fast enough, or I was just not capable of getting into
the cybersecurity field at all,” she admits candidly. However, Jennifer’s resilience and unwavering resolve propelled her past these hurdles. She emphasises the importance of self-care and resilience, advocating for individuals to prioritise their well-being amidst professional challenges.
Addressing the nuances of cybersecurity education, Jennifer offers sage advice tailored to the individual’s aspirations and interests. She acknowledges the diversity of degree programs and certification options, urging prospective students to align their educational pursuits with their career objectives. “Not all cybersecurity or computer science degrees are equal,” she cautions, emphasising the need for meticulous research and discernment.
Jennifer’s journey underscores the transformative power of self-belief and perseverance, qualities she wishes to impart to her high school self. Encouraging exploration and resilience, she underscores the importance of embracing challenges and refraining from underestimating one’s capabilities. “We are, especially as young adults, so quick to think we can’t do something just because it seems daunting,” she reflects.
Looking ahead, Jennifer identifies Artificial Intelligence (AI) as a pivotal trend shaping the cybersecurity landscape. While AI promises advancements in threat detection, it also poses challenges, empowering malicious actors with sophisticated tools. “In some respects, it will speed up reaction time, make identifying threats easier, and other boons for defenders,” she observes. Jennifer stresses the importance of proactive measures to mitigate emerging threats effectively.
In terms of professional growth, Jennifer outlines her strategic approach to certification and skill development. With plans to pursue certifications such as SANS FOR 508 for technical advancement and CISSP for leadership development, she underscores the importance of continuous learning and adaptation in an ever-evolving field.
Maintaining a harmonious work-life balance remains a cornerstone of Jennifer’s approach to
cybersecurity. Acknowledging the inherent challenges of balancing various responsibilities, she advocates for self-compassion and flexibility. “Realising 100% is not always going to happen, and that is ok,” she reassures, emphasising the value of self-care amidst professional demands.
Drawing from her own transition into cybersecurity, Jennifer highlights the value of transferable skills and networking. Leveraging existing strengths and seeking mentorship from seasoned professionals, she underscores the importance of fostering a supportive community conducive to personal growth.
Jennifer’s journey serves as a testament to the resilience, adaptability, and continuous learning inherent in the cybersecurity profession. Her insights offer invaluable guidance for aspiring professionals navigating the dynamic landscape of cybersecurity.
www.linkedin.com/in/jenniferfunk1
Product Security at Dell
Yaamini Barathi Mohan’s journey into the realm of cybersecurity was sparked by a single course in Cryptography during her pre final year. As a student with a penchant for mathematics and problemsolving, the intricacies of information security immediately captivated her. Eager to deepen her understanding, Yaamini immersed herself in various courses and internships, exploring topics ranging from cloud security to networking.
Reflecting on this transformative period, Yaamini shared, “It became evident to me that analytical thinking was crucial for excelling in the field of Information security. This experience ignited my passion for cybersecurity, and since then, I’ve been continuously exploring and expanding my knowledge in this dynamic field.”
The pivotal steps that transformed Yaamini’s interest in cybersecurity into a professional pursuit began with a realisation: her skill set needed refinement to excel in the field. Recognising the importance of relevant certifications and courses, she embarked on a thorough research journey to identify the best path forward. Ultimately, she concluded that pursuing a
Master’s degree in cybersecurity would provide her with the comprehensive knowledge and exposure she sought.
In her own words, Yaamini expressed, “After thorough research, I concluded that obtaining a Master’s degree in cybersecurity would provide me with comprehensive knowledge and exposure to various aspects of the field. As a cybersecurity master’s program typically provides a well-curated combination of courses such as ethical hacking, IoT security, cryptography, and more.”
Her decision led her to Johns Hopkins University in Maryland, USA, where she embarked on a fulfilling educational journey. The program offered a curated blend of courses in ethical hacking, IoT security, cryptography, and more, laying a solid foundation for her career in cybersecurity. Since then, Yaamini’s journey has been one of continuous learning and improvement, with each day presenting new opportunities to enhance her skills and deepen her expertise.
Reflecting on her early career, Yaamini acknowledges that her path in cybersecurity wasn’t entirely organic.
While her goal was to gain comprehensive knowledge of the security field, she actively pursued different opportunities and roles to achieve it. From ethical hacking to vulnerability response, Yaamini’s journey was marked by deliberate efforts and perseverance, ultimately leading her to roles that fulfilled her aspirations.
In contemplating job offers representing career advancement in her cybersecurity specialisation, Yaamini considers factors beyond remuneration. She prioritises roles that offer scope for growth and learning. Additionally, she values companies that place first and foremost the security of their assets and actively support diverse communities.foremost the security of their assets and actively support diverse communities.
Influenced by her father’s guidance and inspired by the achievements of women cybersecurity professionals, Yaamini is grateful for the supportive network that has guided her professional journey. She actively participates in cybersecurity communities and organisations, advocating for gender equality and fostering diversity within the field.
Drawing from her experience, Yaamini offers advice for individuals transitioning into cybersecurity from other professional backgrounds. She highlights the importance of building a strong foundation, identifying transferable skills, specialising in a specific area, networking with professionals, staying updated with industry trends, embracing continuous learning, gaining practical experience, and remaining adaptable and resilient to challenges.
www.linkedin.com/in/yaamini-barathi-mohan-45632b188
Cyber Risk Advisor at Advaya Cybersecurity Consulting
Anita Modi’s journey into the world of cybersecurity began with a stroke of luck after completing a bachelor’s degree in computer science. Her academic path took an unexpected turn when she was accepted into an Honours degree program, where she found herself drawn to modules on cryptography and information security governance and risk. These modules ignited her initial interest in information security, prompting her to structure her academic pursuits around information security-related subjects.
As Anita delved deeper into her studies, her fascination with cybersecurity grew. She realised the critical importance of protecting digital assets and sensitive information in an increasingly connected world. This realisation led her to pursue a master’s degree in advanced cybersecurity, where she delved into advanced topics and gained a deeper understanding of the complex challenges facing cybersecurity professionals.
Transitioning from academia to the professional realm, Anita’s journey took her to E&Y, one of the Big 5 firms, where she began her career as an information security analyst. Here, she was exposed to realworld cybersecurity challenges, including identifying system vulnerabilities and mitigating cyber threats.
The hands-on experience she gained from various positions at other organisations provided invaluable insights into the dynamic nature of cybersecurity, solidifying her passion for proactive cyber risk management.
In her current role as a cyber risk advisor, Anita faces complex challenges on a daily basis. She highlights that one of the most significant challenges organisations face is ineffective communication of cyber risks to organisational stakeholders. Bridging the gap between technical jargon and business outcomes requires not only a deep understanding of cybersecurity principles but also strong communication and analytical skills. Anita has made it her mission to translate technical complexities into language that resonates with executives, enabling them to make informed decisions that align with the organisation’s overall goals.
When identifying risk and determining its impact to an organisation, Anita points out that there are a number of limitations with loosely defined as risk categories such as “high” or “critical” where the thresholds aren’t well defined, the ceiling of “high” isn’t easily distinguishable from the floor of “critical”. This makes it difficult to determine if certain cyber risks have materially increased or decreased. Typically
risk tolerance/appetite levels are missing from a risk matrix. A risk matrix without the corresponding risk appetite is not complete. Financial impact is at the heart of making informed business decisions and without financial measure, organizations may find it difficult to determine the level of resource allocation and the level of prioritization of certain risks. What’s interesting is that measuring cyber risk is a lot like measuring other risks. Migrating to a quantitative cyber risk model of analysis and reporting allows for more accurate data, which leads to more informed decision-making.
Despite her drive and passion for bringing this awareness to her clients, Anita’s journey in cybersecurity has not been without its challenges. As a woman in a predominantly male-dominated field, she has encountered moments of uncertainty and self-doubt. Balancing the demands of a demanding career with the responsibilities of motherhood has also presented its own set of challenges. However, Anita has navigated through these obstacles with resilience and determination, relying on her passion for cybersecurity and the support of mentors and peers to guide her forward.
Looking ahead, Anita’s vision for the future of cybersecurity is one of inclusivity and diversity. She believes that by empowering more women and underrepresented groups to pursue careers in cybersecurity, the industry can benefit from a wider range of perspectives and ideas. As she continues to make strides in her own career, Anita remains committed to paving the way for the next generation of cybersecurity professionals and advocating for a more inclusive and equitable industry.
Anita Modi’s journey in cybersecurity is a testament to the power of passion, perseverance, and continuous learning. From her humble beginnings in academia to her current role as a cyber risk advisor, she has overcome numerous challenges and obstacles to carve out a successful career in a field she is deeply passionate about. As she continues to make her mark in the cybersecurity world, Anita remains steadfast in her commitment to making a meaningful impact and driving positive change in the industry.
www.linkedin.com/in/anita-modi-cyber-risk
MAXINE
DANIEL GRZELAK Chief Innovation Officer at Plerion
SALESHNI SHARMA Director, Regional Information Security Officer: AsiaPac at W. R. Berkley Corporation
NADIA
ANAFRID
LAURA
JACKIE
LEANNE FRY
CLIVE REEVES Deputy CISO AsiaPac at Telstra
STEPHEN BENNETT Group Chief Information Security Officer at Domino’s Pizza Enterprises Limited
YASO ARUMUGAM Assistant Director-General Data and Digital, CIO, CISO at National Archives of Australia
SARAH LUSCOMBE Head of Cyber Security at the University of Canberra
MARYAM
PAUL
DAN
LYNWEN
To identify rockstars
To celebrate ‘hidden’ security superstars
To lift and empower the entire company
To express admiration for fellow co-workers
To pause and express your gratitude
To pay it forward - and give back to the community
TIP #1
First and foremost, be authentic. When crafting your nomination, share real stories and concrete examples that highlight the nominee's impact in the cybersecurity & protective security field. The more genuine and specific, the better.
TIP #4
Share how the nominee has contributed to creating an inclusive environment in the cybersecurity & protective security sector. Highlight initiatives that promote diversity and equal opportunities.
Whether it’s groundbreaking projects, leadership roles, or innovative solutions, make sure to showcase the nominee’s outstanding contributions to the industry. Numbers and metrics can add that extra punch!
Collaboration is key.
If you’re part of a team, gather input and insights from your colleagues. They might have unique perspectives on the nominee’s contributions and can help strengthen your nomination.
Gather testimonials. Reach out to colleagues, mentors, or anyone who can provide additional insight into the nominee’s skills and impact. A well-rounded nomination with testimonials adds credibility and depth.
TIP #2Ellie Blackman’s journey into the world of cybersecurity is a captivating narrative that underscores the transformative power of passion, perseverance, and personal growth. Her career trajectory didn’t follow a conventional path but rather unfolded through a series of pivotal moments and deliberate choices, each contributing to her evolution as a cybersecurity professional.
It all began during Ellie’s tenure in Technical Support at a small company, where she found herself on the front lines of customer interactions, addressing inquiries and concerns related to privacy and data security. Through these interactions, Ellie developed a profound understanding of the importance of safeguarding personal data and educating individuals on cybersecurity best practices. This experience served as the initial spark that ignited her interest in cybersecurity, revealing to her the crucial role that technology plays in protecting sensitive information.
As Ellie transitioned through different technical roles, she found herself yearning for more substantial challenges that would push her boundaries and ignite her passion for learning. It was during this period of introspection that a colleague’s encouragement led her to consider a vacant cybersecurity role at Culture
Amp, a decision that would ultimately alter the course of her career. Despite initial hesitations and doubts about her qualifications, Ellie’s innate curiosity and determination drove her to seize the opportunity and embark on a new chapter in her professional journey.
In her current role at Culture Amp, Ellie’s days are characterised by a diverse array of responsibilities and priorities, each demanding a unique blend of technical expertise, strategic thinking, and collaborative teamwork. From conducting thorough SaaS assessments to responding to security questionnaires and spearheading process improvement initiatives, Ellie’s contributions are instrumental in fortifying the organisation’s cybersecurity posture and fostering trust among its stakeholders.
Navigating the complexities of her role hasn’t been without its challenges. As a relatively newcomer to the field, Ellie has grappled with moments of uncertainty and self-doubt, questioning her decision-making and expertise. However, with the unwavering support of her colleagues and a steadfast commitment to continuous learning and growth, Ellie has embraced these challenges as opportunities for personal and professional development, emerging stronger and more resilient with each hurdle overcome.
Looking towards the future, Ellie is driven by a relentless pursuit of excellence and a desire to expand her knowledge and expertise in cybersecurity. With plans to pursue certifications such as the Certificate of Cloud Security Knowledge, Ellie is poised to deepen her understanding of cloud security best practices and emerging technologies, further enhancing her ability to safeguard sensitive data and mitigate cyber risks.
Beyond the confines of her professional endeavours, Ellie places a strong emphasis on maintaining a healthy work-life balance—a feat made possible by her organisation’s commitment to employee wellbeing and flexibility. Through mindfulness practices, self-care routines, and setting clear boundaries, Ellie strives to cultivate harmony and equilibrium in her daily life, ensuring that she remains both fulfilled in her career and grounded in her personal life.
Reflecting on her journey, Ellie offers sage advice to aspiring cybersecurity professionals embarking on their own career paths. She emphasises the importance of self-belief, resilience, and a willingness to embrace challenges as opportunities for growth
and learning. By leveraging one’s unique strengths, cultivating a growth mindset, and seeking out mentorship and support from peers and colleagues, Ellie believes that anyone can succeed in the dynamic and ever-evolving field of cybersecurity.
In evaluating job offers and career opportunities, Ellie prioritises factors beyond mere remuneration, placing a premium on growth opportunities, a supportive work environment, and alignment with her personal values and aspirations. By surrounding herself with leaders and peers who champion each other and foster a culture of collaboration, innovation, and inclusivity, Ellie seeks to continue making meaningful contributions to her organisation and the broader cybersecurity community.
Ellie Blackman’s career journey serves as a testament to the transformative power of passion, perseverance, and continuous learning—a journey marked by resilience, growth, and a relentless pursuit of excellence in the pursuit of a safer and more secure digital future.
www.linkedin.com/in/ellie-blackman-704635122
Head of Security at Till Payments | Board Member, AWSN | Creator of ITSA (IT Security Awareness Framework)
Embarking on my journey in cybersecurity in 2007 as a campus graduate, little did I anticipate the twists and turns that would shape my unconventional path within this dynamic field. As an accomplished identity, security, technology risk and compliance leader, my story is one of resilience, innovation and an unwavering commitment to fortify organisations against evolving threats. Today, I am honoured to share my insights and experiences with the esteemed readership of Women in Security Magazine and reflect on the transformative power of comprehensive cybersecurity leadership.
In 2005, during my third year of engineering, a campus placement led me down a path intended to take me into database administration. However, destiny had other plans, propelling me into the world of cybersecurity on day three of campus to corporate training. I was armed with little knowledge of security but the support of my first manager and guidance from mentors became my beacon, propelling me into a realm where I would become adept at incident response, vulnerability management and governance, risk and compliance (GRC).
Late-night shifts became the classroom where I learnt to monitor alerts, analyse logs and devise proactive strategies to mitigate risks. My journey was marked by a steadfast commitment to learning and adapting. My expertise expanded across diverse security domains: from SOC, engineering and compliance to risk management as I recognised the importance of a holistic approach to cybersecurity.
My journey took a new turn when I moved into the retail sector where I continued my exploration of PCI compliance by implementing and maintaining various security controls. Joining a product company that had made multiple acquisitions proved pivotal for my learning, particularly in assessing the risks associated with mergers and demergers. I broadened my understanding of business requirements and the critical role security plays in planning operations for business success.
One of the most intriguing lessons learnt during that time was the art of delivering dynamic presentations. I transitioned from static to dynamic presentations and realised the transformative impact these had by capturing attention and fostering a deeper understanding of security language. This shift proved instrumental in me earning my place among senior leadership and executives. Business leaders began actively engaging with and comprehending the insights provided by my security reports. This heightened attention and understanding of security continued to shape my journey.
By the time I concluded my roles in India, I had accumulated hands-on experience implementing various security products, in security engineering, conducting application security testing, performing pen testing, managing incident response, conducting risk assessments, enforcing, and adopting PCI controls and overseeing vulnerability management. I had also acquired skills in storytelling and delivering dynamic presentations to senior leadership, enabling them to gain a nuanced understanding of how security aligns with and contributes to business success.
Arriving in Australia in 2013, I faced initial challenges and biases during interviews. Undeterred, I persevered, gradually acquainting myself with the nuances of the cybersecurity landscape. Eager to expand my expertise, I pursued a master’s degree in digital forensics, gaining a comprehensive understanding of cyber law. During my first maternity break, I founded my organisation, and gained valuable sales experience despite limited exposure to sales. This was a transformative chapter in my career.
Subsequently, joining an Australian retail giant provided a platform to showcase my technical expertise. The role allowed me to refine my existing skills and acquire new ones: cloud migration, extended IT functions and others.
A pivotal moment in my career was the creation of the IT Security Awareness (ITSA) framework, a comprehensive toolkit designed to measure and enhance organisational awareness of cybersecurity risks. This initiative underscored my commitment to driving cultural change and fostering a proactive security mindset within organisations.
Leveraging my background in building reliable processes, I implemented robust security management frameworks. I championed initiatives aimed at strengthening the overall security posture of organisations, such as vulnerability management, securing web applications and conducting internal audits.
With exposure, experience and continuous learning, I aspired to define, implement and govern security for an organisation—a dream I have realised in my current role as head of security at a fintech.
Fulfilling my commitment to continuous improvement, I discovered a valuable community in AWSN, a space where I could connect with like-minded individuals and contribute meaningfully. Motivated by a strong desire to elevate the importance of security in executive discussions I applied for and secured a position as treasurer on the board of AWSN. I am providing the benefit of my experience in critical decision-making and fulfilling my longstanding desire to understand the intricacies of a board director’s role.
Now, as both a head of security and a board member, I persistently advocate for robust security practices, ensuring these receive the attention and recognition they rightfully deserve.
In closing, my journey demonstrates my perseverance, adaptability and continuous passion for cybersecurity. Throughout this journey I have sought to inspire other women to carve their unique paths, overcome challenges and make a lasting impact on the ever-evolving landscape of cybersecurity. Together, let us fortify the future, and make it one in which organisations thrive securely, guided by innovation, collaboration and an unwavering dedication to cybersecurity excellence.
I have held many roles in my career: associate engineer, specialist, risk analyst, founder, creator, nonexecutive director, information security manager, head of security, product owner. My career has not been a linear progression, but rather a journey in which each title represented a stepping stone towards increasing mastery of the digital landscape.
www.linkedin.com/in/madhurinandi/
Cyber Security Sales & Marketing at Cochlear
Ankita, formerly a seasoned customer success manager at DXC Connect, describes her transformative journey into cyber security. With over 14 years of diverse experiences, Ankita’s narrative offers profound insights into the intricacies of navigating this dynamic field. Since leaving DXC Anita has taken her first role in cyber security with Cochlear, managing data privacy and risk for the sales and marketing team. Her journey commenced with a fervent desire to rekindle the deeply ingrained passion for technical problem-solving she developed in her engineering days.
“I started my career in a technical role but moved into various non-technical roles until I realised my passion was for learning and solving complex problems,” Ankita recalls. This introspection led her back to the technical sphere, with cyber security emerging as a compelling domain in which to realise her aspirations.
Ankita’s pivot into cyber security was not without its challenges. “The biggest challenges have been building trust and relationships and developing the resilience to keep moving forward in my career despite the demands of my personal life,”
she says. Amidst her myriad responsibilities Ankita found solace in her unwavering focus and commitment to staying up to date with the latest technological advancements.
Ankita acknowledges grappling with uncertainties about transitioning into cyber security. “When I first thought of pivoting into cyber security, I had a lot of doubts,” she admits. Questions about her past experiences becoming obsolete and concerns about starting afresh loomed large. However, Ankita remained resolute in her pursuit of a career in cyber security, guided by a clear vision of her desired trajectory in cybersecurity. “For a long time, I had been involved in delivery roles supporting customer outcomes,” she says.
Looking ahead, Ankita anticipates significant developments in the cyber security landscape, such as a growing need for robust monitoring tools and heightened awareness of privacy laws. When evaluating possible career advancements, ahead of monetary considerations Ankita prioritises a company’s vision and its commitment to staying abreast of industry trends.
At home, Ankita found unwavering support from her partner, who has been instrumental in shaping her cyber security career. “My partner has been a significant influence,” she says. His encouragement and belief in her abilities bolstered Ankita’s confidence, demonstrating the profound impact a supportive environment can have on professional growth.
In her quest to continue this growth, Ankita plans to pursue certifications such as CISSP, recognising their pivotal role in fortifying her expertise and career prospects.
Maintaining a harmonious work-life balance remains paramount for Ankita, a feat made possible by a supportive environment and judicious time management practices.
For individuals embarking on a similar journey into cyber security, Ankita’s story underscores the value of transferable skills and stakeholder management experience. These attributes, she asserts, are indispensable for navigating the multifaceted landscape of cybersecurity.
Ankita’s odyssey serves as a testament to the transformative power of resilience and the importance of determination and a clear vision when charting a course through the complexities of the cybersecurity domain.
www.linkedin.com/in/ankita-singh-a0b87929
Senior Security Governance and Strategy Officer at Paystack
When asked what advice about a cybersecurity career she would give her high school self, Oluwatosin (Tosin) Fatokun says: “Know what you want and go for it, give it all it takes and focus on the positives. You don’t need to have it all figured out; clarity comes from taking action. All things are possible to those who believe and let go of limiting mindsets.”
She adds: “Cybersecurity encompasses numerous sub-fields, so take the time to research and explore them to determine where your interests and strengths lie. In the early stages, focus on learning broadly rather than specialising immediately. This approach will help you build a strong foundation and find the right path within cybersecurity.”
She has certainly lived by those edicts: progressing from her initial inspiration to pursue a career in cybersecurity while studying for a Bachelor of Science in computer science at Nigeria’s Covenant University to her current role as senior security governance and strategy officer with Paystack, a company providing payment services to more than 60,000 companies in Africa.
The spark that ignited Oluwatosin’s cybersecurity career was a talk she listened to while studying at university. It was given by the then CISO of the
Nigerian Stock Exchange, who was also the first female CISO in Nigeria.
“Her presentation about cybersecurity, her daily responsibilities and the exciting aspects of her job left a lasting impression on me,” Fatokun says. “At that moment, I knew cybersecurity was the career path I wanted to pursue, even though I was only in my first year of university.”
So, in addition to her university studies Oluwatosin studied for and gained several cybersecurity qualifications and dedicated time to researching and gaining a deeper understanding of the field, developing an interest in the specialisation that later became her career.
“When I began my journey in cybersecurity, I didn’t have a clear vision of the specific roles I aspired to. All I knew was that I wanted to work in cybersecurity, and I was open to exploring all the options that came my way,” she says. My early work experiences revealed my natural inclination towards governance and strategy, which eventually became my chosen area of expertise.”
Young Nigerians must dedicate a year contributing to the nation. During her service year Fatokun continued her studies and obtained certifications. “By the time I completed my education and service year, I had earned four certifications, including CompTIA Security Plus and Certified Ethical Hacker (CEH),” she says. “These certifications greatly impressed prospective employers and demonstrated my commitment to the field by going beyond mere interest and putting in the necessary work.”
She also actively engaged with the cybersecurity community through networking events, conferences and online forums, and sought out mentors and industry professionals who provided valuable guidance and insights.
Oluwatosin made considerable efforts to understand how she would leverage her knowledge and skills into a role working in cybersecurity, conducting extensive research on how to break into the industry, including how to land her first job and preparing for interviews.
“I vividly remember my first interview. I had prepared by jotting down key points on a piece of paper, which I kept in my wallet for revision. During the interview, a question came up that I couldn’t recall, so I asked the interviewer if I could check my notes. He agreed, and after refreshing my memory, I confidently explained the answer, ultimately securing the job.”
Oluwatosin started her career in penetration testing, but soon discovered her real passion. “I moved to security operations, where I realised that my true interest lay in developing strategies, defining metrics, documentation, and reporting” she says.
“My manager noticed this inclination and offered me the opportunity to work with the governance, risk and compliance (GRC) team. Joining the GRC team felt like coming home: I had found my niche in cybersecurity.”
In addition to remuneration and alignment with career goals, Oluwatosin lists company culture as one of her top priorities when considering a role. “Evaluate the company’s culture and values to ensure they align with your own. A positive work environment will significantly impact your job satisfaction and overall well-being. Also look out for opportunities to develop new skills, take on leadership roles, or work on challenging projects that will further your professional growth.”
As for challenges along the way, Oluwatosin puts imposter syndrome “a common challenge, even among seasoned professionals, don’t let it get the best of you, you won’t be there if you’re not good anyways.” high up the list.
“If you’re looking to transition into cyber security, it’s important to remember that you don’t need to
know everything from the start,” she says. “Begin by becoming a security champion on your team and embrace curiosity, because cybersecurity is a field for lifelong learners. It’s impossible to know everything, so start from where you are and gradually expand your knowledge.”
Of her current GRC role as senior security governance and strategy officer with Paystack, Oluwatosin says: “I find it incredibly rewarding to develop strategies that not only protect our organisation’s digital assets but also contribute to its growth and success.
“Additionally, being able to navigate complex security requirements and regulatory obligations across several African countries gives me a sense of accomplishment. Overall, knowing that my work directly impacts the organisation’s ability to achieve its objectives and protect its stakeholders is what I find most fulfilling.”
And having realised her ambition to gain a role in GRC, Oluwatosin says she still works to build and update her skills, devoting time to taking courses and pursuing certifications that help her stay informed about new technologies and best practices in cybersecurity. She also participates in various cybersecurity platforms where the latest security developments are shared, and she engages in knowledge and experience-sharing groups, which, she says, are invaluable for navigating the complexities of cybersecurity and discussing ideas with peers.
“Most technologies are built with an emphasis on function and purpose without due consideration for the security implications. As a result, new technology tends to be a source of new vulnerabilities and may even itself be a threat agent within an information system. As companies scale and try to strike a balance between hiring and automation, there’ll be an increasing use for third-party tools which pose a significant measure of risk to their organisations.”
www.linkedin.com/in/oluwatosin-fatokun
Now in its sixth year, the Australian Women in Security Awards® brings together the security industry to celebrate and elevate the profile of the Australian IT Security, Cyber, and Protective Security sectors. This event serves as a beacon of inspiration, encouraging young women, men, and non-binary individuals to explore rewarding careers in this dynamic field.
PROUD SPONSOR OF THE BEST SECURE CODER AWARD
CyberCX is the leading provider of professional cyber security and cloud services across Australia and New Zealand. With a workforce of over 1,300 professionals, we are a trusted partner to private and public sector organisations helping our customers confidently manage cyber risk, respond to incidents and build resilience in an increasingly complex and challenging threat environment.
Through our end-to-end range of cyber and cloud capabilities, CyberCX empowers our customers to securely accelerate opportunities in the digital economy. Our services include: consulting and advisory, governance, risk and compliance, incident response, penetration testing and assurance, network and infrastructure solutions, cloud security and solutions, identity and access management, managed security services and cyber security training.
PROUD SPONSOR OF THE BEST SECURITY STUDENT AWARD
At AusCERT, we’re passionate about data security and keeping your information safe. That’s why we deliver 24/7 service to our members alongside a range of comprehensive tools to strengthen your cyber security strategy.
From the start of AusCERT, we’ve continued to develop our systems and our culture to be the best it can be. Our range of services accommodate all areas of network security for your organisation.
Our culture will be the reason you love us though. If you’re looking for a CERT or for a company that really gets you you’re looking in the right place.
PROUD SPONSOR OF THE BEST INDUSTRY INITIATIVE THAT SUPPORTS DIVERSITY, INCLUSION & EQUALITY AWARD
AustCyber’s mission is to support the development of a vibrant and globally competitive Australian cyber security sector. In doing so, we will enhance Australia’s future economic growth in a digitally enabled global economy. AustCyber exists to grow Australia’s cyber security ecosystem, export our cyber security to the world, and make Australia the leading centre for cyber-education. For more information, visit: www.austcyber.com.
PROUD SPONSOR OF THE UNSUNG HERO AWARD
As one of Australia’s leading life insurers we’ve learnt that the most important part of life isn’t the stuff we own, but the experiences we share with the people we love. It’s living life. This Australian life.
That’s why we do what we do, protect people, not things, to help you look after what matters most. From covering your children’s education, to keeping up the mortgage payments for the family home or rehabilitation to get you back on track sooner.
Together with our partners we protect more than 5 million customers and their families, helping them look after what matters most, so they have the freedom to keep living the life they planned.
PROUD SPONSOR OF THE ONE TO WATCH IN PROTECTIVE SECURITY AWARD
Sekuro is a cyber security and digital resiliency solutions provider that helps CIOs and CISOs take a strategic approach to cyber security risk mitigation and digital transformation. Operating at the intersection of the digital technologies and cyber security industries, Sekuro reduces cyber risk while new technologies are adoptedultimately building business resiliency and enabling fearless innovation.
Our six practice areas (Strategy and Architecture, Governance, Risk and Compliance, Technology and Platforms, Offensive Security, Managed Security Services and People and Program Enablement) are full of the brightest minds in the industry. They work together to look beyond the threat landscape of today and into an opportunity landscape of tomorrow.
PROUD SPONSOR OF NETWORKING AT THE 2024 AUSTRALIAN WOMEN IN SECURITY AWARDS
At NAB, relationships are our strength. We are here to serve customers well and help our communities prosper. More than 38,000 colleagues at the bank provide 10 million customers with secure, easy and reliable banking services. More than 90% of the Group’s workforce are in Australia and New Zealand, with the wider team located in parts of Asia, London, New York and Paris.
Our scale and connectivity help us to tackle some of the most significant challenges facing our business and community. Cyber security is of utmost importance to our organisation, and NAB’s Group Security teams are committed to helping our communities prosper and provide safe banking. To achieve this, we aim to hire the best talent and create a culture where colleagues can grow.
Central to our success is the strength and diversity of our teams. NAB is a proud champion of women working in the security industry and proudly supports the Australian Women in Security Awards.
EMERALDSPONSOR
At Equifax (NYSE: EFX), we believe knowledge drives progress. As a global data, analytics, and technology company, we play an essential role in the global economy by helping financial institutions, companies, employers, and government agencies make critical decisions with greater confidence.
Our unique blend of differentiated data, analytics, and cloud technology drives insights to power decisions to move people forward. Headquartered in Atlanta and supported by nearly 15,000 employees worldwide, Equifax operates or has investments in 24 countries in North America, Central and South America, Europe, and the Asia Pacific region.
EMERALD SPONSOR
Netskope, a global SASE leader, helps organisations apply zero trust principles and AI/ML innovations to protect data and defend against cyber threats. Fast and easy to use, the Netskope platform provides optimised access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivalled visibility into any cloud, web, and private application activity. Thousands of customers trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organisational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.
Join forces with these industry trailblazers at the Australian Women in Security Awards!
Be part of a powerful movement driving change and championing diversity in the security sector. Elevate your brand alongside visionary leaders and make an impact that resonates far beyond the boardroom. Together, let’s pave the way for a safer, more inclusive future!
SPONSOR NOW
Nominationsclose June 30th Tickets on sale now!
BUY TICKETS
Nonye Anyanwu, an IT Compliance Officer with a wealth of experience in cybersecurity, has journeyed through the digital landscape with a profound fascination for technology guiding her every step. From her earliest encounters with computers, she was captivated by their inner workings and the boundless opportunities they presented. Reflecting on her journey, she shares, “Technology has always been a passion of mine. I was drawn to its complexity and the endless possibilities it offered from a very young age.”
As she advanced through her education, Nonye’s interest in cybersecurity continued to burgeon. When the opportunity to study cybersecurity presented itself during her university years, it felt like a natural fit for her burgeoning passion. “Studying cybersecurity in university felt like the perfect convergence of my interests and aspirations,” she recalls. “It allowed me to delve deeper into the realm of technology while addressing real-world challenges.”
Over time, Nonye’s interest in cybersecurity evolved beyond a mere fascination with technology to encompass a profound appreciation for its critical importance in the modern world. “Cybersecurity isn’t just about protecting systems and data; it’s about
safeguarding trust, innovation, and the very fabric of our digital society,” she explains. “Understanding this broader significance has been a driving force in my journey.”
When she first embarked on her cybersecurity journey, Nonye didn’t have a clear vision of the specific roles she aspired to. Instead, her path unfolded organically as she delved deeper into the field. “I found myself naturally gravitating towards certain aspects of cybersecurity,” she reflects. “I developed a passion for understanding and addressing digital threats, which ultimately led me to specialise in IT Governance, Risk, and Compliance.”
For Nonye, building a strong foundation in cybersecurity involves more than just technical expertise—it requires a blend of technical acumen and soft skills. “Technical skills are essential, but equally important are soft skills like communication, problemsolving, and ethical decision-making,” she advises. “These skills enable cybersecurity professionals to navigate complex challenges and collaborate effectively with colleagues.”
In her role as an IT Compliance Officer, Nonye discusses the importance of aligning personal values with organisational culture. “Company culture
plays a significant role in job satisfaction and longterm success,” she asserts. “It’s essential to find an organisation that shares your values and supports your professional growth.”
When considering future professional growth, Nonye is proactive about pursuing certifications and qualifications that will enhance her expertise. “Certifications like CISA and CISM provide valuable credentials and deepen my understanding of auditing, control, and assurance in information systems,” she notes. “Continuing education is vital in a field as dynamic as cybersecurity.”
What brings Nonye the most satisfaction in her role is the tangible impact she makes in enhancing cybersecurity posture and ensuring regulatory compliance. “Knowing that I’m contributing to the security and compliance landscape is incredibly fulfilling,” she states. “Collaborating with crossfunctional teams allows me to leverage diverse perspectives and drive meaningful change.”
To stay current and effective in her role, Nonye adopts a multifaceted approach that includes networking
with peers, engaging in security communities, and staying abreast of the latest developments in IT.
“Continuous learning is essential in cybersecurity,” she emphasises. “The field evolves rapidly, and staying informed is crucial to effectively address emerging threats.”
Reflecting on her journey, Nonye offers invaluable advice for individuals transitioning into cybersecurity from other professional backgrounds. “Consistency, practical experience, and relevant certifications are key,” she advises. “But don’t underestimate the value of transferable skills—qualities like problemsolving and communication are highly sought after in cybersecurity roles.”
In essence, Nonye Anyanwu’s journey in cybersecurity exemplifies the transformation of passion into purpose—a journey marked by continuous learning, adaptability, and a steadfast commitment to securing digital assets in an ever-evolving threat landscape.
www.linkedin.com/in/nonye-anyanwu
Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC, Baidam Solutions and Ipswich City Council. Member of the Board of Directors – AISA (Australian Information Security Association).
I am sitting here, thinking about the theme of this edition of the Women in Security magazine - “The Future is Now,” trying to figure out what I want to write on this topic in my regular column, and it got me thinking. How much time do we waste procrastinating about things in our lives? I’m not talking about me procrastinating on my column topic; I mean about real things in our lives.
As many of you would already know, I have taken what you might call a leap of faith. I have co-founded Cyber Unicorns with my wife, Melissa, in the second half of 2023. I left the comfort of a good job with a good company that I still love and still do regular work with via my new company. Why on earth would I do such a thing, leave a secure job with no guarantees of success or long-term stability for my family?
It is literally that simple. It’s something that is part of my core and is something many of you would already know about me. I want to make a difference, especially in diversity and education in the cybersecurity space. The reason Cyber Unicorns was born was to help create cyber education and awareness in several areas: small businesses, moms and dads, kids, seniors, and the general population overall. As a business, we have invested quite a bit to build an online training platform as part of the Cyber Unicorns website and an app to be able to access it from your mobile devices. We have priced them so that they will be affordable for all. We are not in this to make money (yes, I still need to feed my family so they aren’t free - money is something we all need at least a little of to survive). I want to
generate something that I have been talking about for years. I want to create a cyber awareness program that will generate real behavior change in the general population, like the slip-slop-slap campaign in Australia did in the 90s.
Now, I think that is great, but I am not here to do a promo about Cyber Unicorns; that’s not the point. If that’s not my point, then what is my point then do you say? Well, let me tell you. I have been thinking about this for at least 3-4 years. Anyone who has listened to any podcasts that I have been a guest on over the last couple of years, I have mentioned it. A desire to spread basic cyber safety knowledge to everyday people and kids. The journey started with my three different book series (A Hacker I Am, Foresight and The Shadow World), and I knew that it was just the start of what was needed. That means for approximately three years I procrastinated on this problem, this initiative that I knew I needed to take on. I talked about it and likely thought about it many times over the years but didn’t make a move to tackle it.
It is, in the end, a reason so many people don’t achieve their goals or dreams; we sit on them and
overthink them. We either think we are not capable or not good enough to achieve what we desire to accomplish, or it is too risky. I have a good job, I have a family to support. It is not possible. I am telling you it is. You can achieve your dreams; you can build a company or a career. The Future is Now.
Now before you all go and quit your jobs. Seriously, don’t do that. Figure out what you want to achieve, the pie-in-the-sky outcome. Now you have that, go backward from that time and figure out the real steps or blockers that you need to overcome to achieve it. Be realistic, truly think about it all. Money to substitute income, qualifications, or experience in whatever it is you want to do (or experience in things that will help you achieve it if this is something not done before). Know the steps, and know the risks and obstacles to overcome. Now go start to put the pieces into place, it
may take months or years to get it all lined up and get ready to take that final step; there may never be a final step if you are like me. I am always pushing, always trying to look at what is next and start to prepare. The future is Now, get your plan, and don’t take no for an answer ever. If it is important to you, really important to you, don’t wait for it to happen to you, make it happen.
www.linkedin.com/in/craig-ford-cybersecurity
www.facebook.com/AHackerIam
twitter.com/CraigFord_Cyber
www.cyberunicorns.com.au
The hunt for skilled professionals continues to intensify especially within the cyber security industry.
Yet recruiting and nurturing top talent remain daunting tasks. Amidst the persistent threat of cyber attacks it is imperative to cultivate a robust pipeline of cyber security experts equipped with the knowledge and skills to counter emerging threats. An innovative approach gaining momentum in the industry is the integration of gamified self-learning portals and capture the flag (CTF) competitions to foster future cyber talent.
GAMIFICATION: DRIVING ENGAGEMENT AND LEARNING
Gamification has emerged as a potent strategy to captivate and motivate learners, transcending the traditional boundaries of education. Organisations such as Cybrary, Udemy and Pluralsight have embraced gamification to enhance their cyber security training offerings. Through the integration of points, badges, leader boards and progress tracking systems, learners are incentivised to actively participate in their educational endeavours. Gamified self-learning portals not only facilitate knowledge
acquisition but also foster a sense of achievement and motivation, driving learners to continuously improve their skills and expertise.
“Gamified self-learning portals provide an inclusive and accessible avenue for individuals, including women, to develop critical cybersecurity skills in a supportive environment.”
CTF COMPETITIONS: BRIDGING THEORY AND PRACTICE
Capture the flag (CTF) competitions are simulated cyber security challenges where participants must navigate through intricate puzzles, exploit vulnerabilities and defend against simulated cyber threats. These competitions provide invaluable hands-on experience allowing participants to apply theoretical knowledge to real-world scenarios in a controlled environment.
CTF competitions are hosted by various organisations, including universities, cybersecurity conferences and online platforms such as Hack
The Box, TryHackMe and OverTheWire. Participants, ranging from cybersecurity enthusiasts to seasoned professionals, collaborate in teams or compete individually to solve challenges across multiple categories, including cryptography, reverse engineering, web exploitation and forensics.
“CTF competitions offer a unique opportunity to apply theoretical knowledge in practical settings, fostering problem-solving skills and building resilience in the face of cyber threats.”
Several organisations have embraced the synergy between gamified self-learning portals and CTF competitions to nurture cyber talent effectively. For instance, the SANS Institute, a renowned provider of cyber security training and certification, offers a gamified platform called NetWars which combines self-paced learning modules with immersive CTF challenges. Participants can hone their skills through interactive exercises and then put them to the test in live competitions.
Similarly, CyberStart, another initiative of the SANS Institute, introduces high school and college students to cyber security through gamified challenges and CTF activities. By gamifying the learning experience, CyberStart aims to inspire the next generation
of cyber defenders and bridge the skills gap in the industry.
One of the most compelling aspects of gamified self-learning portals and CTF competitions is their potential to promote diversity and inclusion within cyber security. Organisations like Women in Cybersecurity (WiCyS), the Australian Women in Security Network (AWSN) and New Zealand Network for Women in Security (NZNWS) actively encourage women to participate in CTF competitions and provide support and resources to facilitate their involvement. By creating a welcoming and supportive environment each association aims to empower women to pursue rewarding careers in cyber security.
The integration of gamified self-learning portals and CTF competitions represents a promising approach to cultivating future cyber talent. By harnessing the power of gamification and hands-on learning, organisations can engage, inspire and empower individuals from all backgrounds to embark on a journey towards cyber security excellence. As we embrace these innovative tools we can collectively work towards building a stronger, more inclusive cyber security community equipped to tackle the challenges of tomorrow.
Operational technology (OT) is the backbone of our society. It’s the technology powering our water systems, electricity grids, manufacturing plants and transportation systems. It’s the technology that underpins physical processes such a pumping water from a reservoir to a suburb. Operational technology is of great importance to our nation, and we must secure it from cyber threats.
Cyber attacks pose a significant threat to essential services like energy, water, food production and ports, and the challenge of safeguarding the OT of the critical infrastructure on which these services rely is growing. The chaos a cyber attack on such services could cause by disrupting or disabling the facilities providing these services has heightened attention from government entities on the protection of critical infrastructure.
Operation technology is pervasive and essential to the functioning of critical infrastructure. It enables humans to monitor and control processes such as water pumping and purification, electricity generation and transmission, the movement of
containers in ports. Increasingly OT is automating these processes, reducing or eliminating the need for human involvement. Nor is OT limited to critical infrastructure: every industry is increasingly reliant on operational technology for process and environment monitoring and control.
OT cyber security is a relatively new field of cyber security, despite the fact that OT has been around for many years. The abundance of OT and its growing interconnectivity with IT, such as in smart buildings, is fuelling the need to harden the defences of OT environments and better protect them from cyber threats.
The guiding principle of IT security is ‘CIA’: confidentially, integrity and availability. OT security, in contrast, prioritises safety and resilience. Tampering with OT processes can have severe consequences that include the disruption of critical operations, life-threatening safety hazards and long-lasting environmental damage.
Even halting operations to mitigate an ongoing cyber attack can have significant societal impacts. This was vividly demonstrated in the Colonial Pipeline shutdown, an attack on the company’s IT infrastructure required its pumping operations to be shut down, precipitating fuel shortages, disruptions to essential services like airports and ambulances, and widespread panic.
The Colonial attack was on its billing systems, not its infrastructure, yet the impact on that infrastructure, and on those dependent on it, as massive. It’s not difficult to envisage the chaos that would result from an attack directed specifically at critical infrastructure.
The importance of protecting our most critical assets cannot be overstated and the Australian Government is focussed on boosting the cyber security of Australia’s critical infrastructure. It has set several major goals, including that, by 2030, Australia will be the most cyber secure country.
The Cyber and Infrastructure Security Centre (CISC) in the Department of Home Affairs has driven regulation and legislation covering the security of critical infrastructure. The Security of Critical Infrastructure (SOCI) legislation been expanded and amended over the past two years. Most recently with the Security Legislation Amendment (Critical Infrastructure
Protection) Act 2022. This legislation is continually reviewed to keep it up to date with the ever-evolving threat landscape.
We are expecting further clarifications and modifications to the existing laws and guidelines to be announced later this year. The SOCI Act now covers 11,000 organisations. It has expanded the range of organisations regarded as critical from electricity, gas, water and ports to include those undertaking data processing, transport, and manufacturing.
These legislative amendments highlight the significant changes the landscape has already undergone, and how the Government is looking to uplift Australian cyber security across our critical infrastructure.
Shared responsibility for security uplift is also a major focus of the obligations under the SOCI Act. It requires mandatory reporting of cyberattacks and implementation of a proven risk management program, and it mandates government involvement in the event of a severe attack that could affect the operation of critical infrastructure.
In March 2023 CISC held its inaugural Cyber and Infrastructure Security Conference. One of the most notable points to emerge from that event was a
statement taken from a report into the 9/11 terrorist attacks. The report concluded that these attacks resulted from a failure of imagination: the US security organisations failed to conceive the possibility of such an event. A similar lack of imagination is common to the operators of many of Australia’s critical infrastructure and services.
Organisations already have strong processes and policies in place around physical safety and natural disasters. The Government wants critical infrastructure organisations to take cyber security just as seriously and incorporate this mindset into their business risk management, just as they do their other business risks. Australia historically has had a more “she’ll be right, and our OT is safe” attitude, but sentiment has begun to shift over the past few years. Top-down management is further driving the cyber security obligations of organisations. Boards and executives are now required to have awareness of all their responsibilities for a secure and resilient critical infrastructure. The SOCI Act and the Australian Government are a driving force behind this shift. As a result, we can begin to see organisations starting to treat their OT cyber security like their IT cyber security,, which is often a lot more mature.
OT cyber security is crucial in today’s world, just like IT cyber security, and requires diverse talent, including women. Merged OT and IT present new challenges for those charged with protecting systems from cyber threats, and the Australian Government is taking steps to enhance OT cyber security through initiatives like the SOCI Act and mandatory obligations. Elevating cyber security awareness in critical infrastructure organisations is a key step towards reaching the national goals of a secure digital ecosystem. To ensure the stability of our society we need to take a proactive approach to OT cyber security, and we need to do it together as a community.
Belinda Noel is the Chief Growth Officer at Secolve, the OT security specialists. She is passionate about championing operational technology security and highlighting the stories of the OT people who are at the core of protecting our nation’s critical infrastructure.
www.linkedin.com/in/belinda-noel
We have bred a highly tech-savvy younger generation. Advances in digital entertainment and the development of sophisticated apps have attracted the attention of our youth, but COVID created a period of intense online learning unlike anything we’ve seen before.
Children as young as five were thrown in the ‘digital deep end’, receiving passwords, usernames, access to classroom chats and online learning tools. While educators and parents were doing their absolute best to adapt to the pressures of delivering a curriculum online, looking back I wonder if we missed an opportunity to explain what online safety entails and to emphasise the importance of good digital citizenship.
The responsibility for instilling digital literacy and safe practices into the youngest members of society lies not only with educators and parents, but also with the wider tech community.
CONNECTING TECH PROFESSIONALS WITH FUTURE LEADERS
I am an advocate for mentorship in our sector; the benefits are huge for both mentor and protegee. Mentorship supports career development, underrepresented groups and business productivity.
Adapting the concept of mentoring to the younger cohort—by connecting tech professionals with primary, secondary and tertiary students—has enormous potential to establish healthy and
safe digital habits and promote our exciting industry sector.
Professionals can help bridge the gap between knowledge and practical real-world application. In doing so they can serve as role models, sharing insights into the importance of cybersecurity, the ethical use of technology and the ramifications of having a digital footprint.
Tech professionals and organisations have access to vast resources that can be invaluable to schools and educational institutions. They can develop age-appropriate content on digital safety, provide input to interactive learning modules and sponsor talks and workshops. Such initiatives not only aid education: they present students with an array of possibilities within the tech sector, inspiring potential future careers.
Organisations such as the ISACA Foundation promote connection between a global community of digital trust professionals and the next generation of IT and cyber leaders though multiple initiatives, including academic scholarships focused on digital trust for undergraduate and graduate students.
Strong collaboration between industry and educators can also help develop future entrepreneurs. By supporting and encouraging young people to develop their own solutions to real-world problems we can help foster a sense of ownership and digital responsibility. Competitions like hackathons, in partnership with schools and tech firms, can provide practical experience and teach the importance of innovation while maintaining ethical standards online.
Some of the ways we can work towards digital responsibility include:
Curriculum integration. Schools could consider integrating digital citizenship into their curricula, focusing on topics like online privacy, the permanence of digital actions, and the recognition of misinformation.
Industry-school partnerships. Ongoing partnerships between schools and tech companies can provide resources, mentorship and insights into the industry.
Interactive workshops and seminars. Regularly scheduled events led by tech professionals can keep students engaged and up to date with the latest in online safety and digital practices.
Mentorship programs. Pairing students with tech mentors who can offer guidance and career advice, and model positive digital behaviour can be highly impactful.
Entrepreneurial opportunities. Initiatives such as incubator programs and innovation challenges that focus on ethical and responsible tech development can create avenues for students to engage in entrepreneurship.
Parental involvement. Educating parents about digital citizenship enables them to reinforce these values at home and monitor their children’s online behaviour effectively.
These strategies can help our younger generations manage the digital landscape safely and confidently. The goal is to not only protect them from the risks associated with digital life but to empower them to use technology to create a better future for themselves and others.
Jo Stewart-Rattray has over 25 years’ experience in the security sector. As a director with BRM Advisory she consults on risk and technology issues with a particular emphasis on governance and IT security in businesses. She regularly provides strategic advice and consulting to the banking and finance, utilities, healthcare, manufacturing, tertiary education, retail and government sectors. www.linkedin.com/in/jo-stewart-rattray-4991a12
Like other STEM industries, the cybersecurity sector is facing a skills gap which will limit its ability to rapidly innovate and adapt. The sector is not operating at full capacity: the under-representation of women prevents it accessing the full innovative potential of the workforce1. The complexity of skills required in the cybersecurity sector is growing, driven by evolution towards a knowledge-based economy that prioritises data and information1. Also, a broader suite of skills and capabilities beyond the technical competencies of STEM is required to address systems level challenges and meet the industry’s wide range of cybersecurity needs that includes specialist skills in governance, management and coordination.
The best way to unlock capability and innovation and access the full potential of the sector is to increase gender diversity and inclusivity across the
cybersecurity workforce. A more diverse and inclusive workforce will create opportunities to: access more workers to meet current and future skills needs; tap into broader skills sets to understand and respond to the behaviours of adversaries; leverage new perspectives that will be central to delivering adaptive and innovative outcomes. The adaptive, innovative and iterative nature of the cybersecurity sector will enable it to make positive progress on gender equity quickly.
Having worked actively to expand gender diversity in the sector for the past five years, particularly female leadership representation, I welcomed the publication of the 2023 Gender Dimensions of the Australian Cyber Security Sector Report1 by RMIT University and the Australian Women in Security Network (AWSN). It found women comprise only 17 percent of the cybersecurity workforce and have much lower representation at the leadership level. These findings
inspired me to help cybersecurity organisations with practical actions to implement some of the report’s recommendations designed to increase inclusivity and diversity in the sector’s systems and culture.
One of the key themes explored by the report relates to career and leadership development pathways that promote gender equity. The report correctly identifies women’s leadership programs and career mentoring as important initiatives to drive gender equity through the development and promotion of women.
Leadership development is known to be a key enabler for women to achieve excellence in technical sectors and it supports women’s retention. 2,3 Female leadership development is a means to attract and retain talent and unlock the entire workforce potential, through:
• improving women’s leadership skills.
• demonstrating commitment to providing women with meaningful career pathways and opportunities.
• expanding women’s contribution as leaders at all levels.
• reaping the decision-making, innovation and economic benefits of female leaders.
Additionally, female leadership development supports the embedding of diversity and inclusivity into culture. The presence of more women in leadership roles at all levels will draw other women into organisations and help them climb the leadership ladder, amplifying attributes and behaviours that support a diverse and inclusive culture at all leadership levels. When applied correctly, investment in female leadership development rapidly increases the number of quality leaders, creates a robust leadership pipeline and attracts, develops and retains competitive talent.
Currently, only eight to nine percent of female cybersecurity professionals in Australia have leadership development opportunities such as leadership development programs and career mentoring available to them.1 This indicates a gap in the sector that invites additional investment, not only in senior leaders, but in leaders at middle management levels who are responsible for implementing gender equity policies, 4 and in the emerging leaders of the future.
For women in male-dominated industries and women of colour, it can be challenging to find examples of leadership styles that resonate and encourage them to step into leadership. Without support for leadership development from a mentor or manager, it can be
Only eight to nine percent of female cybersecurity professionals in Australia currently have leadership development opportunities, including leadership development programs and career mentoring, available to them.
Accelerate women into leadership roles though sponsorship and experiential development opportunities.
Embed leadership development and career progression through career planning.
Leadership development, particularly as part of structured and systemic change, must be underpinned by allocated resources, structured opportunities, support processes, investment from senior executives, accountability mechanisms and transparency measures.
difficult for women to know how to ask for leadership development support, or what support to ask for.
It is also important to understand that leadership occurs at all levels and does not require a leadership title or management responsibility. Informal leadership roles within the cybersecurity sector include being an expert or adviser in a field of knowledge, a mentor, leading a collaboration or an initiative, or being a committee member. These are all important leadership development opportunities for women.
To assist cybersecurity organisations, I have developed a Pathway to Leadership DiversityTM model for women in cybersecurity that is evidencebased and informed by best practice. It takes a holistic approach that integrates formal, social and experiential learning approaches across four key stages of development (Figure 1).
Implement tailored leadership development for female STEM leaders at all levels based on research, best practice and women’s lived experience.
Augment leadership training with role models, mentors and networks, which are critical enablers to the development of leadership skills for women and for their career advancement.
The full Pathway to Leadership Diversity TM cycle was explored in detail in a recent white paper, Advancing the Cyber Security Sector: Pathway to a Diverse and Inclusive Cyber Security Workforce. It offers practical, achievable actions to expand leadership diversity at the organisational level, informed by research and STEM industry best practice, and five years of tailored female leadership development for women in the STEM and security sectors, backed by strong evaluation. Solutions are presented as an integrated suite of strategies to address the development of emerging and established female leaders, specifically from early- to mid-career. Real world approaches are showcased using examples from cybersecurity organisations.
The white paper was launched in Canberra on 21 March alongside an inspiring panel discussion with diversity-leading organisations in cybersecurity who shared their views on how to build a diverse and inclusive cybersecurity workforce, including by leveraging female leadership. Panel members included Laura O’Neill (MF&Associates), Trudy Bastow (CyberCX) and Linda Cavanagh (AWSN).
Access Advancing the Cyber Security Sector: Pathway to a Diverse and Inclusive Cyber Security Workforce at https:// ayaleadership.com/advancing-thecyber-security-sector-white-paper/
1. RMIT University, Gender Dimensions of the Australian Cyber Security Sector – Report, 2023, https://www.rmit.edu.au/content/dam/rmit/au/ en/research/networks-centres-groups/centrefor-cyber-security/gender-dimensions-of-theaustralian-cyber-security-sector-report.pdf
2. McGinty S, Women in STEM: Navigating Barriers to Leadership, 2021.
3. The African Academy of Sciences, Factors which Contribute to or Inhibit Women in Science, Technology, Engineering, and Mathematics in Africa, 2020. https://www.iavi. org/phocadownload/Factors%20which%20 Contribute%20to%20or%20Inhibit%20 Women%20in%20STEM%20in%20Africa.pdf
4. Williamson S, Colley L, Foley M and Cooper R, The Role of Middle Managers in Progressing Gender Equity in the Public Sector, 2018. https://www.psc.nsw.gov.au/sites/default/ files/2020-10/Middle%20Managers%20and%20 Gender%20Equity.pdf
www.linkedin.com/in/susanmcginty-ayaleadership ayaleadership.com
Increasing the number of people with diverse skills, experiences and ways of thinking who are contributing their talent to the cybersecurity sector will expand the workforce and reduce the skills gap.
Dr Susan McGinty is an award-winning scientist and global STEM leadership development expert, speaker and author, who is inspired to transform the profile of leadership in STEM and Security to achieve innovation sustainability, uplift women into leadership roles, and enable diversity and equity in these sectors. She is the CEO of Aya Leadership and a Board member of Women in STEM Leadership.
With technology dominating almost every aspect of our lives, cyber security is arguably one of the most critical fields of expertise. As our world becomes increasingly digitised the need to safeguard our data and networks from cyber threats has never been more crucial. However, despite the large global cyber security skills gap and the increasing demand for cyber security professionals, women remain woefully underrepresented.
According to the Global Cyber Security Index (GCI) report there is still a significant knowledge gap in many countries in terms of cyber security strategy formulation, awareness and culture, and in cybercrime legislation, programs and incident response infrastructure. In addition, there is also a lack of capability and capacity to close all these knowledge gaps.
The Index listed the cyber security skills shortage as one of the top pain points for many CISOs across the world. Globally there are around four million unfilled IT and cyber security vacancies, according to (ISC)2, and the number is expected to rise much further by 2025. (ICS)2 also estimates the cyber security workforce needs to grow by a staggering 145 percent to meet the demands of organisations globally.
Fifty nine percent of respondents to ISACA’s State of Cyber Security 2023 report indicated their organisation’s cyber security team was somewhat or significantly understaffed (ie they did not consider the specified team size to be adequate), and 71 percent said some cyber security positions within their teams remain unfilled. In addition, 54 percent believe fewer than half of all applicants for open cyber security positions are qualified for the job.
You might think, given there is such a huge cyber security skills gap, filling vacancies would be easy to
do. However, this is definitely not the case, and for women in cyber security, the outlook is not changing. According to the Women in Cyber Security report, sponsored by KnowBe4, women held only 25 percent of cyber security jobs globally in 2022, which was up from 20 percent in 2019 and from 10 percent in 2013. The report predicts women will represent 30 percent of the global cyber security workforce by 2025 and 35 percent by 2031.
The landscape for women in cyber security is changing, but it is a very slow process. Over the past decade there has been a concerted effort to bridge the gender gap in technology fields, including in cyber security. Initiatives aimed at encouraging more women to pursue careers in cyber security have gained momentum, and the results are starting to show. Today, more women are entering the field, bringing with them diverse perspectives and skill sets that are invaluable in the fight against cyber threats, but much more needs to be done to bring additional women into the cyber security industry. Despite the increasing demand for cybersecurity professionals, women remain significantly underrepresented. Several factors contribute to this disparity: there are systemic challenges that hinder women’s entry and progression in cyber security careers.
Too many gender stereotypes. From a young age, societal norms often dictate which career paths are considered suitable for men and women. A belief that technology-related fields are more suited for men can deter women from pursuing careers in cyber security and lead them to believe they lack the necessary skills or interest in technical subjects.
A lack of female role models in cyber security. The scarcity of visible female role models and mentors in cyber security further exacerbates the problem. Without representation at leadership levels or in prominent industry roles, aspiring female cyber security professionals may struggle to envision themselves succeeding in the field. The absence of relatable role models can also contribute to feelings of isolation and inadequacy among women considering careers in cyber security.
Unconscious bias. Unconscious bias, both within educational institutions and workplaces, can manifest in various forms such as assumptions about women’s abilities or suitability for certain roles. Biased hiring practices and workplace cultures that favour male employees can create barriers to entry for women in cyber security. Women may encounter scepticism or resistance when seeking opportunities for advancement or leadership roles, further perpetuating gender disparities.
The lack of supportive environments. Hostile or unwelcoming environments within educational institutions or workplaces can deter women from pursuing or remaining in cyber security careers. Instances of bullying, harassment, discrimination or microaggressions can create a hostile atmosphere that undermines women’s confidence and sense of belonging. Without a supportive environment that values diversity and inclusion, women may feel marginalised and opt to pursue alternative career paths.
Limited access to education and training. Access to quality education and training programs in cyber security can be limited for women, particularly those from underrepresented communities or low-income backgrounds. Socioeconomic factors,
including financial constraints and lack of access to resources, can pose significant barriers to acquiring the skills and qualifications needed for entry into the field. Without equitable access to educational opportunities, women may struggle to compete with their male counterparts for cyber security roles.
Challenges with work/life balance. The demanding nature of cyber security roles, characterised by long hours and high-pressure environments, can present challenges for women balancing career aspirations with familial or caregiving responsibilities. The perception of cyber security as a male-dominated and inherently competitive field may discourage women from pursuing careers that require sacrifices in their personal lives. Employers must prioritise initiatives that promote flexibility and support worklife integration to attract and retain women in cyber security roles.
Cyber security’s ongoing image problem. The cyber security industry is rife with images that depict script kiddies dressed in hoodies huddled over their laptops, with much of this imagery being very dark and depicting a closed world that is difficult to break into. In addition, the frequent appearance of keys and padlocks in cyber security imagery is also problematic. Addressing these factors requires a multifaceted approach that involves collaboration between educational institutions, employers, industry
associations, governments and policymakers. Initiatives aimed at challenging gender stereotypes, promoting diversity and inclusion, are essential steps toward creating a more inclusive cyber security workforce. These initiatives should include the provision of mentorship and support networks and the provision of equitable access to education and training opportunities.
yes, I’m the great imposter in cyber security. One of the biggest challenges many women in cyber security grapple with is feeling themselves to be imposters. Imposter syndrome is a pervasive phenomenon in many professions, and cyber security is no exception. However, the impact of imposter syndrome among women in cyber security is significant because of various societal factors that compound these feelings of inadequacy and self doubt.
Furthermore, those societal stereotypes and biases often contribute to women feeling they must constantly prove themselves in order to be taken seriously in cyber security. This pressure to constantly demonstrate competence can exacerbate feelings of imposter syndrome: women may worry that a mistake or perceived failure of any kind will confirm them as imposters who should not be in cyber security.
Additionally, the fast-paced and constantly evolving nature of cyber security can contribute to imposter syndrome. The rapid advancement of technology means cyber security professionals must continuously learn and adapt to new threats and techniques. For women who already feel they are struggling to keep up, the prospect of falling behind can be daunting and reinforce feelings of inadequacy.
It is important for women in cyber security to recognise their experience of imposter syndrome does not reflect their actual abilities or qualifications. Seeking support from mentors, colleagues and professional networks can help women in cyber security combat imposter syndrome by providing reassurance, guidance and opportunities for skill development.
The future for women in cyber security is slowly looking better, with more opportunities and a growing focus on closing the gender gap. Several industry trends are indicative of these improvements. They include:
Increased awareness and initiatives. There is a growing recognition of the importance of diversity in cyber security. Organisations are launching initiatives such as mentorships programs and scholarships to encourage women to enter the field.
Fewer barriers and stereotypes. Women are increasingly shattering stereotypes and demonstrating their excellence in cyber security. This paves the way for future generations to see cyber security as a viable and rewarding career path.
A larger talent pool. A more diverse workforce brings a wider range of perspectives and problem-solving approaches, ultimately leading to a more robust defence against cyber threats.
More leadership roles becoming available. The number of women in leadership positions within cyber security is rising. They become role models who inspire future generations and contribute to a more inclusive work environment.
The future for women in cyber security today is looking much better but ongoing commitment and investment from the industry as a whole are required if progress is to be maintained. By embracing diversity and inclusion, providing support and opportunities for career growth, and leveraging the unique skills and perspectives women bring to the table we can build a safer and more resilient cyber ecosystem for everyone. The journey ahead for women in cyber security may be challenging, but the rewards offered by a more diverse and inclusive cyber security workforce are well worth the effort. We need to pave the way for a future where women play a leading role in securing our digital world.
Lisa Ventura MBE is an award-winning cyber security specialist, published writer/author, and keynote speaker. She is the Founder of Cyber Security Unity, a global community organisation that is dedicated to bringing individuals and organisations together who actively work in cyber security to help combat the growing cyber threat. As a consultant Lisa also works with cyber security leadership teams to help them work together more effectively. She provides cyber security awareness and culture training and training on the benefits of hiring those who are neurodiverse. She has specialist knowledge in the human factors of cyber security, cyberpsychology, neurodiversity and AI in cyber.
www.twitter.com/cybergeekgirl
www.twitter.com/cybersecunity
www.linkedin.com/in/lisasventura
www.facebook.com/lisasventurauk
www.instagram.com/lsventurauk
www.youtube.com/@CyberSecurityLisa/videos
lisa@csu.org.uk
CYBER SECURITY UNITY ON SOCIAL MEDIA
www.linkedin.com/company/csunity
www.twitter.com/CyberSecUnity
www.facebook.com/CyberSecUnityUK
In an era dominated by digital advancements cybersecurity has emerged as one of the most critical disciplines for ensuring the safety and integrity of online systems. As the cyber threat landscape continues to evolve the demand for skilled professionals capable of defending against cyber attacks is at an all-time high.
To ensure we are preparing individuals for the complexities of modern cyber threats we need to supplement traditional education and training with new learning pathways. This need has produced innovative approaches such as gamified self-learning portals and capture the flag (CTF) competitions. These tools for fostering future cyber talent are very effective, and are gaining momentum. This is evident from the success of companies such as Secure Code Warrior. Its cyber security learning platform
is extremely popular with developers. More than 400,000 developers are using it, and the company has seen 100 percent year-on-year growth for its global secure coding tournament.
Gamified self-learning portals offer an engaging and interactive platform for individuals to acquire and improve their cybersecurity skills. Unlike conventional educational methods—which may rely heavily on theoretical concepts and passive learning—gamified portals leverage gamification techniques to make learning more enjoyable and effective. By incorporating elements such as points, badges, levels and leader boards, these portals transform the learning experience into an immersive journey in which users are motivated to progress and continually improve.
One of the key advantages of gamified self-learning portals is their ability to cater for a wide range of skill levels, from beginners to advanced practitioners. Through a combination of tutorials, interactive challenges and real-world simulations, users can gradually build their knowledge and expertise in various areas of cybersecurity, including network security, cryptography, malware analysis and incident response. Moreover, the self-paced nature of these portals allows individuals to tailor their learning experience to their interests and objectives, fostering a sense of autonomy and ownership of their educational journey.
CTF competitions represent another valuable avenue for developing cybersecurity skills in a practical and competitive environment. CTFs simulate real-world scenarios where participants must solve a series of challenges to uncover vulnerabilities, exploit weaknesses and defend against attacks. These challenges encompass a wide range of attack and defence techniques, from reverse engineering and web exploitation to forensics and binary analysis. They provide participants with exposure to diverse cybersecurity concepts and techniques.
What sets CTF competitions apart is their emphasis on hands-on experience and problem-solving abilities. Unlike traditional exams or assessments, which may focus on memorisation and theoretical knowledge, CTF challenges require participants to think critically and apply technical skills to achieve success. This practical approach not only reinforces learning but also cultivates essential skills such as analytical thinking, creativity and teamwork: qualities that are invaluable in the field of cybersecurity.
Moreover, CTF competitions foster a culture of continuous learning and improvement, because participants are constantly exposed to new challenges and evolving threats. By participating in CTFs regularly individuals can refine their skills, explore emerging technologies and stay abreast of the latest trends in cybersecurity. Furthermore, CTFs provide a platform for networking and community building, enabling participants to connect with like-
minded individuals, share knowledge and collaborate on future projects or initiatives.
A good example of how highly regarded CTFs have become was BSides Canberra in late 2023 when more than 900 participants and 345 teams competed in the CTF competition over three days. One Sydney headquartered company took 35 of its staff to the conference, demonstrating how important it viewed the conference, the CTF and the teamwork and networking it evoked
The number of cyber security industry specialists attending these events, taking part and performing well in CTF competitions means they represent good opportunities for individuals to showcase and refine their skills and uncover new job opportunities. More and more organisations are holding CTF competitions because they have identified these as a good way to assess talent for their future cyber security hires.
In conclusion, gamified self-learning portals and CTF competitions play a vital role in fostering future cyber talent by providing engaging, practical and accessible pathways for individuals to develop their skills, expertise and careers in cybersecurity. By embracing innovative approaches to training and skills development we can empower the next generation of cybersecurity professionals to navigate the complexities of cyberspace and safeguard the digital assets of organisations and society at large.
www.linkedin.com/in/mattdunham
A lot of people believe you can’t be on active duty in protective security when you’re pregnant, but my experience proved this belief to be false. Last year, when I first learnt I was pregnant, I was over the moon, but I knew I couldn’t continue the work I was doing and put in long hours while pregnant. I reached a point last year where I was not enjoying my work and had lost my passion for the job.
My mental and physical health mattered most, so I needed to find a role and a workplace that would allow me to continue doing what I love while taking
care of myself and that would provide a healthy work life balance. I decided to take a step back from security management to make sure I was putting my health first.
I was able to work full time until I was eight months pregnant because of my manager, my team and a partner who all supported me. The culture in the security team I joined made me want to go to work every day and made me comfortable despite my constant morning sickness. The team members were able to help me work hours that suited me and
undertake tasks that did not compromise my safety. I was able to continue learning new skills and feel part of the team. I was not treated any different because I was pregnant.
A lot of people would say to me “I hope you’re safe at work” because they knew the type of work I was doing was not entirely safe, but I never felt safer. I always felt heard and, throughout my pregnancy, I was comfortable communicating how I felt. There was never a time my manager failed to help make things easier for me.
My advice to anyone who is pregnant and working in security is that life is much easier when you have a manager and team who work with you, not against you. I have always believed that my work should fit my life and I have been able to achieve that in my current workplace. It was not easy stepping back after working very hard to get into security management, but it was the best decision for my family at the time and I am happy I took that step.
Returning to work a few months after the birth of my child was a smooth process because I had a return to work plan that acknowledged where I was in my life and did not pressure me to work at full speed.
So, it is possible to work in a physical security role while pregnant, so long as your safety is always put first and you are in a team with a positive culture.
I love the field I’m in and I don’t see myself leaving the security industry anytime soon. By trying new places and new roles I learnt what works best for me. I am planning to continue building my career in security management, but for now I’m enjoying the break while watching my two babies grow.
www.linkedin.com/in/marina-azar-toailoa-66259511a
Karen Stephens is the co-founder and CEO of BCyber. After more than 25 years in financial services, Karen moved into SME cybersecurity risk management. She works with SMEs to protect and grow their businesses by demystifying the technical aspects of cybersecurity and helping them to identify and address cybersecurity and governance risk gaps. She was recently named inaugural Female Cyber Leader of the Year at the 2023 CyberSecurity Connect Awards in Canberra.
So, what age is too young to start someone on their cyber safety journey? I have been puzzled over this question for weeks as I prepared to write a few words on the topic. Should we be saying to parents: “you be you” and let everyone make their own decision? Or should we rely on the government to play big brother, step in and say: “this platform is not suitable for your children” (hello TikTok). I landed somewhere between the two. I know every parent wants to keep their children safe from harm, but sometimes their own actions do the exact opposite. As parents we need to educate ourselves and learn what is age-appropriate for our children.
Let me explain. It is wonderful to share exciting news and experiences such as a birth, adoption, starting a new school, graduation and the like, and wanting to share the news far and wide is understandable. However, putting everything out and about on social media is not such a good thing. The practice of sharing your family news on social media platforms does not take into consideration your role as your child’s privacy custodian. Some good pointers to be mindful of include:
1. Be careful what you share. What you share may be used by people you don’t know for activities you don’t condone. This article highlights some of the dangers.
2. Think beyond the here and now. Social media has been around for a while and we are starting to see children get to an age where they start to question what has been shared about them by their parents. Reddit posts like this one have started to appear and be picked up by mainstream media.
3. Protect your child’s privacy - play the long game. When you go to share something about your child, ask yourself “how will it impact my child’s future adult self?” This was brought home rather starkly by Deutsche Telekom. It joined forces with the creative agency adam&eveBerlin to produce “Don’t share your kids personal information without consent Deutsch Telekom Deepfake AI Ad” (Viewer discretion is advised).
In my world there is nothing like a real life example to bring it all home. So grab a hot beverage of your choice and get comfortable.
Picture this. Your child has been invited to a playdate by someone who pretty much shares their entire life on social media. Now you’re a bit old fashioned when it comes to data privacy and have a strict no-social media rule. This means no photos of the family are to be placed on any platform. The usual “please don’t share any pics of my kid on any platform” request is made, and to get the point across you ask to have a quick look at a few pics the couple has placed on its social media platforms.
Now you’re not a ‘professional bad guy’ but after a quick browse you can work out their home address, cars, children’s names, school, ages, year groups, sports, interests, etc. Get the idea? While no social media postings of your family may have occurred on that day, you may never get another invite. This is called putting your family’s data privacy first. It is neither a popular nor an easy path.
After reading the above you may think I am a social media luddite who lives off the grid in the middle of nowhere. I am not. But I am hypersensitive and aware of the pitfalls of oversharing. Coming back to the original question, my answer is that you can never be too young to start your cyber safety journey. While the internet can be scary, it can also be a magical place of wonder. So, remember:
• Start the cyber safety discussion early.
• Respect the age minimums of social media platforms.
• Provide practical advice to kids. For example, on good password hygiene and on adding friends to social platforms. (If you don’t know them in real life you don’t know them at all!)
• Parental controls are their friend NOT something they need to “work around”.
• Model good behaviour. Your children are watching you and copying you. For example: no devices in bedrooms, no working around parental controls.
And my story? That may or may not have happened in real life.
www.linkedin.com/in/karen-stephens-bcyber
www.bcyber.com.au twitter.com/bcyber2
karen@bcyber.com.au youtube.bcyber.com.au/2mux
Artificial intelligence (AI) is no longer the future; it’s the present. Its applications sprawl across multiple sectors. From disease diagnosis to personalised advertising, AI has not only influenced our lives, it has revolutionised them.
However, despite its widespread presence, have you ever wondered why our daily interactions with AI sometimes leave us feeling uncomfortable due to its seemingly inherent tendency towards bias and discrimination?
Whenever Google Images misrepresents women’s job roles or Google Photos abruptly labels black Americans as ‘gorillas’, it’s the result of AI’s inherent bias and the complex ethical issues that come with it. Even a popular platform like Tinder Plus stumbled and incorporated a discriminatory personalised pricing algorithm charging users aged over 30 higher prices.
All these incidents display an unsettling similarity: biases that are sexist, ageist and racist. However, bias in AI is not limited to sex, age or race; these examples are merely the tip of the bias iceberg. An alarming number of AI incidents have arisen due to biases based on numerous other diversity attributes: from ethnicity and language to disability, religion, socio-economic status, political ideology, nationality, geographic location, and many more.
In the dynamic unseen world of AI, where innovation races ahead of understanding, countless AI incidents are shaking our world to its core. Security, privacy and technical issues are usually blamed, but we need to dig deeper and address the root cause; the alarming lack of diversity and inclusion (D&I) in AI design, development and deployment. The crisis begs us to collectively challenge the status quo and question the “what, why, how and where” of embedding D&I into the AI life cycle. As debate and dialogue around
ethical and responsible AI intensifies, the integration of D&I principles is becoming a moral imperative and a necessary step to creating inclusive, unbiased and trustworthy technology.
Our latest research publication, AI and the Quest for Diversity and Inclusion: A Systematic Literature Review (AI and Ethics, 2023), is a deep dive into this critical conversation. Through rigorous analysis of 48 scholarly articles, we map out the challenges and the corresponding solutions to address D&I in AI and to enhance D&I practices by AI. Our review aims to serve as a roadmap for building an inclusive AI future.
Policymakers, technologists and ethical AI advocates, it’s time to stand up and take note! The good, the bad and the dynamics of D&I in AI – they are all there. We identified a staggering 55 unique challenges and 33 solutions associated with D&I in AI, as well as 24 distinct challenges and 23 potential solutions to benefit D&I practices by AI.
Our literature review revealed:
• a disheartening disparity in the focus of AI research projects: those exploring D&I in AI significantly outnumbered those leveraging AI to enhance D&I practices.
• a worrying pattern of neglected diversity attributes. Although gender gets some attention, critical diversity attributes such as ethnicity, race, religion and language often get sidelined under the weight of biases. Therefore, it’s time to extend our focus beyond gender. The limited exploration of the many attributes of diversity underscores the urgent need for comprehensive research that includes intersectionality in AI studies.
• a dominance by the health sector in existing research. This suggests equally important fields such as law, education and others remain largely unexplored.
• a focus on facial analysis and natural language processing in AI systems at the expense of potential game-changers like voice recognition and large language models.
• a lack of attention to AI governance challenges and solutions. Additionally, researchers from the US contribute heavily to D&I in AI research but those from countries like China, with leading AI development, are noticeably absent. Also, the Global South, which has a very diverse population whose members face many D&I challenges, is under-represented.
• tangible solutions to the D&I challenges created by AI remain frustratingly sparse. This suggests greater collaborative efforts between developers and researchers and a wider exploration of challenges and potential solutions are crucial to the development of a more equitable AI landscape.
The fast-evolving AI landscape is at a crossroads of transformation. The path towards responsible, D&I friendly AI starts with awareness, knowledge and resolve. Diverse and inclusive AI is not just a dream on the horizon; it is an attainable reality, one we must strive for collectively. The future of AI must be defined by a ‘world-for-all’ philosophy. Our systematic literature review sets out that path. It’s time for change, one AI algorithm at a time. Let’s diversify AI together, and create AI that is unbiased and fair for all.
sites.google.com/view/rifatarashams?pli=1
scholar.google.com.au/ citations?user=fTalomgAAAAJ&hl=en&oi=ao
www.linkedin.com/in/rifat-ara-shams
Over the course of your career there will be lulls and peak activity times. If you are not in a busy moment, you will be at some time in the future. This is why it is imperative to work on operational efficiency throughout your career. The time to level up is now!
When you are extremely busy it can be difficult to even dream of setting aside time to work on productivity, but a half hour block once a week can become a game changer. When it is not a three fire alarm week, spending more time on these activities can be extremely beneficial, but for now let’s examine what can be done with limited time.
Start with data collection, at least two weeks’ worth, but a month’s worth is even better. Reflect on the repeated activities in your day-to-day life. Maybe you frequently write a similar message after a meeting, compose a document after a certain event or gather data from one place and then analyse it in a spreadsheet. Perhaps you have regular sections in a report and gather that data from multiple places, etc.
Whatever your role is, unless you’ve already fully optimised all repetitive tasks you likely have a few that could be aided by automation.
After you gather data regarding your repetitive tasks you need to come up with a way to represent them visually. You can do this with freehand drawing or with diagramming tools. Draw.io is a great free option for creating a diagram of events. As you map out a task, consider event triggers: what causes you to do the next thing. Figuring out cascading events will enable you to design your automation later. You might need to make some adjustments based on choices made, but as you gain familiarity with your chosen tool your design process will adapt to it.
MEGHAN JACQUOTChoose an automation tool that works with your tech stack and is approved by your organisation: you don’t want to introduce any shadow tech.
When choosing a tool, there are few things to consider.
• Does it involve coding?
• There are tools that can be custom built or ones that require a lot of coding.
• There are tools that have a low code interface that require minimal knowledge of things like html, JS or Python.
There are tools that are no code, and that’s fine also.
There are a few other questions you need to think about. Does it meet your needs? Is it approved? What’s the cost?
Step 1: gather data
Step 2: analyse for trigger events
Step 3: choose an automation tool
Step 4: build the automation
Step 5: test
Step 6: repeat
Once you have used your chosen tool to diagram your events and their triggers you are well on your way to incorporating automation into your workflows. The next step is to test what you have created. First, set up some tasks to see if the automation works as expected. Then you’re ready to put these new automations into practice. Keep those weekly blocks on your calendar and see if there are new and more challenging tasks you can automate.
Also, don’t forget to celebrate. You’ve improved your workflows and hopefully worked towards a better work-life balance.
In addition to automating workflows, another way to level up is to regularly use AI/ML productivity tools. Ninety percent of respondents to a JFrog report,
Software Supply Chain State of the Union 2024, said their organisation used AI/ML-powered tools. Instead of completing a manual code review, could you run it through an AI-powered tool first? Could you use some penetration scanning tools that might give you additional context or suggestions on what to test for manually? If you’re a defender, could you analyse user behaviour data and look for anomalies?
When determining to use a model built by your organisation or another you should first figure out what you are looking to accomplish, then decide how you will assess if you have accomplished your goal. Afterwards, you can gather some data. Finally, complete a task with and without the AI tool.
Will it save time? Are the results more comprehensive? How’s the signal to noise ratio?
It’s best to prepare when you have downtime: you never know how busy you will be in future and, if the future is now, you’ll want to have as many tools in your toolbelt as you can. Carpe diem!
• Draw io, https://app.diagrams.net/
• JFrog report, Software Supply Chain State of the Union 2024, https://jfrog.com/software-supplychain-state-of-union/
• GitHub AI Tool, Code Scanning Autofix via Copilot and CodeQL, https://github.blog/2024-03-20found-means-fixed-introducing-code-scanningautofix-powered-by-github-copilot-and-codeql/
• BSidesSF Conference, “You Can’t Spell Dystopia without AI” theme, 4 to 5, May 2024 https://bsidessf.org/
• List of 2024 International AI Conferences, https://oxfordabstracts.com/blog/top-aiconferences-to-attend-in-2024/
www.twitter.com/CarpeDiemT3ch
www.linkedin.com/in/meghan-jacquot-carpe-diem
www.youtube.com/c/CarpeDiemT3ch
Sophie Buchanan is an expat who spent her formative years in Middle Eastern, African, Pacific, and Asian countries. Currently, pursuing a Bachelor of Information Technology with a major in Business Information Systems. Sophie is in her penultimate year of studies, focusing on enhancing her expertise in this field.
Macquarie University IT Student
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?
Cyber security is like being a digital detective where you always need to remain one step ahead. You defend critical resources from hackers and safeguard vital information whilst identifying hacker motivations, areas of entry and strategies. It is fast paced, ever-changing, and is crucial for protecting businesses and individuals worldwide.
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. Using packet analysing services such as Wireshark in real time allowed me to fully grasp the sheer amount of data being sent between individuals and networks online and the human reliance on technology to safely transmit private information.
Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? Id yes, what adjustments would you consider?
After my Tertiary education I decided to work before
I went to university with the intention of gaining real world experience to ensure I would choose a degree I would enjoy and would be competent in. For me this allowed me to fully investigate different areas of interest and without this time of observation I am confident I would not be studying within the Information Technology Field.
During this time, I applied to be a retail salesperson at a Tech company and by chance ended up in a Technical Specialist role and felt a deep passion towards it. I had never envisioned myself in these spaces and think that more exposure to STEM for women would open many up to a fulfilling career. So, for this reason I am glad I decided to do what was best for me and not feel pressured into going into uni straight away.
I do however wish I had selected another major to compliment my business info systems major with such as cyber security or AI furthering my technical capacity.
What aspect of your Cybersecurity studies excited you the most and why?
The aspect of Cybersecurity that excites me the most is the opportunity to make a tangible impact on protecting individuals, organisations and society from cyber threats. In today’s interconnected world, the ramification of a successful cyber-attack can be devastating, from financial loss to compromise of personal privacy to disruption of critical infrastructure. By taking a cyber security unit in my degree I learnt how cyber experts help safeguard the digital future of company’s and individuals.
More specifically from my introductory cyber courses I have gained a specific interest in threat types such as trojan horses, viruses and bugs as these pose more complex challenges to businesses due to fast replication and capacity for entire networks to be quickly corrupted. This ties into my strong belief in staff training and identification which is needed for the everyday user to be able to spot illegitimate programs.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
In the rapidly evolving tech landscape, where the storage of larger data packets and automation are becoming more prevalent, cyber professionals face the challenge of staying up to date with emerging tech, current cyber threats and industry accepted protocols and policies.
Therefore, the need for non-cyber skills such as management and interpersonal communication is necessary for restructuring post cyber-attack, planning of business protocols, idea generation and cyber hygiene training.
For instance, during timely incident responses, effective management ensures tasks are divided and actions are concrete, and time bound before any patching takes place. This is crucial for mitigating potential damages, allowing companies to regain full control of company financial assets.
Planning cyber strategies and business protocols also necessitates interpersonal skills to collaborate with businesses effectively to best determine their cyber strategy. Understanding business needs,
including resources and budget, identifies the extent and feasibility of cyber-hygiene practices and policies post implementation. Additionally cyber hygiene best equips businesses to identify future errors before they arise and in order to encourage this cyber consultants must reduce information silos with their sharp interpersonal skillset. For these reasons investing in cyber professionals who can blend business acumen skills, including management, creativity, and communication.
The cybersecurity industry offers various certification from different organisations. Have you pursued do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice?
In the short term I am currently studying towards taking the Microsoft AI 102 Exam which uses Azure to design and implement AI solutions. With AI and open source playing a more significant role in cyber security in recent years I believe that being Microsoft AI certified would be advantageous in cyber areas such as predictive analysis and automation of big data trend spotting. Additionally studying to use cloud platforms such as Azure allows for a first-hand experience with cloud based services that are often targets of business cyber-attacks.
After completing my time at Accenture’s 2024 Tech Bootcamp selected students received the opportunity to gain access to a Google Cyber Security 6-month course. I am yet to start this study but am keen to dive deeper into practical aspects of cyber security as taught by online Google Professionals before the final exam date in Feb 2025. This course focuses on SIEM tools, SQL, IDS, Linus and Python as well as common threat identification and mitigation techniques.
I am also open to any IT student suggestions on courses that helped them during their degree and excited to continue my learning throughout my career.
Are there any specific aspects of your cyber security studies that you find particularly
challenging? If so, what are they, and how do you approach overcoming these challenges? Due to the broad nature of my Bachelor of Information Degree I see the capacity for professional exploration in areas such as Cyber security, Networking, Business information systems and coding/app development. With my degree giving me an introduction into so many technical branches, I struggle with knowing which area to further delve into as I have limited subject options in my flexible zone.
To mitigate this I engage in extracurricular competitions such as the Loreal Brandstorm, Startmate and Accenture tech Bootcamp to seek guidance from other STEM professionals, however I’m looking forward to joining the workforce to mitigate some of the limitations on my exploration and narrow down my interests with real world IT scenarios.
Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so please share your experiences.
Unfortunately to ignore the reality of bias within STEM fields would be naive. In my previous role as a technical specialist, a customer requested a male technician before I was able to start the appointment and introduce myself. This situation showed to me how often women are in positions that demonstrate their technical ability yet are not given the opportunity to showcase their skills due to gender bias. I believe that the best way to combat this bias is to start with education by fostering workshops and sponsorships with university societies and schools, as quotas - whilst well intentioned - may further the concept that women are not able to succeed in STEM landscapes unassisted.
www.linkedin.com/in/sophiebuchanan2021
REACH OUT TODAY FOR AN INSTANT QUOTE. The team at Source2Create has all the necessary skills to get the job done for you, so your time can be reserved to focus on other things. aby@source2create com au charlie@source2create.com.au source2create com au With: Need a professional marketing, strategy and implementation agency that is dedicated, responsive, professional, creative, innovative,
Isabelle Ho’s upbringing was marked by a blend of cultures, having been born and raised in Australia while extensively travelling to Asia and Europe during her formative years. Her educational journey recently culminated with the completion of the Graduate Certificate in Cyber Security at UNSW, following her graduation from Purple Team Australia at the end of 2023. Currently preparing for the ISC2CC exam, Isabelle’s aspirations extend further as she contemplates pursuing additional certifications such as cloud-based credentials or CompTIA Sec+. With the anticipation of her graduation ceremony at UNSW in May, Isabelle’s journey in cybersecurity continues to evolve with each milestone she achieves.
Purple Team Australia Graduate and Graduate Certificate in Cyber Security at UNSW
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?
In casual conversations about the dynamic realm of cybersecurity, especially with friends and colleagues in the healthcare sector, I’ve noticed a natural curiosity sparked by sharing my own journey and enthusiasm for the field. From delving into capture the flag competitions to mastering phishing attacks during university coursework, I convey the excitement and depth of cybersecurity.
In these discussions, I often draw parallels between the strategies used in cybersecurity, such as phishing, and the nuanced understanding of human behaviour required in healthcare, particularly in
nursing. Just as we assess patients’ behaviours, thoughts, and interests to provide effective care, cybersecurity involves understanding the motivations and vulnerabilities of potential threats.
My passion for cybersecurity is palpable; it’s not just about technical challenges like hacking WiFi networks or navigating complex scenarios. It’s also about the thrill of solving puzzles, protecting digital spaces, and effectively managing high-pressure situations. This enthusiasm has sparked curiosity among my nursing peers, prompting them to consider whether transitioning into cybersecurity could be a viable option for them too.
To bridge the gap between healthcare and cybersecurity, I emphasise the shared skills and values between the two fields. Both require exceptional communication, risk assessment, and crisis management abilities. By highlighting these similarities, I aim to demystify cybersecurity and showcase its potential as a career path for those with diverse backgrounds, including healthcare.
Ultimately, cybersecurity is about protecting stories, identities, and lives in a digital context, much like nursing aims to heal and protect in the physical world. This perspective opens up new avenues for discussion, encouraging individuals to explore how their existing skills and values can contribute to the ever-evolving landscape of cybersecurity.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
Reflecting on my initial perceptions of cybersecurity, I likened it to the mental health of IT—dealing with risks, vulnerabilities, and malicious actors, viruses and worms, akin to diagnosing and treating the various ailments that could afflict the digital world. This analogy drew me in, with the allure of navigating through a landscape marked by both slow-paced analysis and high-adrenaline moments of critical incident response. Despite my excitement, there were
apprehensions about fitting into a male-dominated field, especially coming from a nursing background without formal IT training.
Today, my experience in the field of cybersecurity has largely validated my initial perceptions—it remains an exhilarating and rewarding domain. The reality has unfolded to reveal the multifaceted nature of cybersecurity, where technical prowess is just one part of the equation. The soft skills I’ve honed as a nurse, particularly in understanding human psychology and behaviour, have proved invaluable. These skills have enhanced my ability to navigate the complex human elements inherent in cybersecurity, such as social engineering and human behaviour which inherently drives all actions.
However, the journey has also illuminated some stark realities about the industry. While my passion and the intriguing aspects of cybersecurity have only grown, navigating the job market as a newcomer has presented unexpected challenges. The widely publicised shortage of cybersecurity professionals contrasts sharply with the reality on the ground, where entry-level positions are scarce and the demand is heavily skewed towards individuals with mid to senior-level experience. This discrepancy has highlighted the substantial investment in skills development, certifications, and practical experience required to make a mark in this field.
Moreover, while the male dominance within cybersecurity was anticipated, my journey has revealed a vibrant community of professionals advocating for diversity and inclusion. Discovering niches within cybersecurity that value a blend of technical and non-technical skills has been encouraging. It underscores the importance of a multidisciplinary approach and the unique contributions someone with a background in mental health can bring to the table.
In sum, the reality of my cybersecurity journey has been both challenging and affirming. It has reinforced my initial love for the field while also setting the stage
for continuous learning and adaptation. Despite the hurdles, the dynamic nature of cybersecurity and the opportunity to apply my background in mental health in novel ways continue to fuel my enthusiasm and drive for making a meaningful impact in this critical and ever-evolving domain.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
My aspiration is to secure a role within a blue team. I envision my journey starting as a SOC/security analyst, a foundational role crucial for honing skills in monitoring security alerts, analysing threats, and effectively responding to security incidents.
I am particularly drawn to the dynamic nature of monitoring network traffic and systems for suspicious activities, a task that resonates with my passion for safeguarding digital environments.
Progressing from a SOC/security analyst, my ambition is to delve into incident response. This role, focused on investigating and mitigating security incidents, appeals to me because it embodies the proactive and impactful aspect of cybersecurity. Implementing security policies, procedures, and technologies to protect an organisation’s environment is not merely a job; it’s a mission to create a safer digital world. Utilising tools like SIEM solutions, firewalls, IDS/IPS, and endpoint security software represents tangible means through which I can contribute to this mission.
Ultimately, my goal is to evolve into a threat hunter. This advanced position involves proactively searching for cyber threats not detected by traditional security measures, representing the pinnacle of my cybersecurity career aspirations. It demands a deep understanding of the adversary’s tactics, techniques, and procedures, making it both challenging and rewarding.
What distinguishes my aspirations is my unique background in mental health. My experience in risk assessment and human psychology provides me with a distinct perspective on identifying vulnerabilities and weaknesses in an organisation’s security posture. I believe that understanding the human element—both in terms of potential threats and within the team I will work—is crucial. My skills in mental health can offer invaluable insights into behavioural patterns that could signify security risks, enhancing the effectiveness of the blue team’s efforts.
In summary, my dream job within the blue team framework is fueled by a desire to apply my combined skills in cybersecurity and mental health towards creating resilient, secure digital environments. This blend of technical prowess and psychological insight motivates me to pursue a career path that not only challenges me but also contributes to the broader goal of enhancing cyber defence mechanisms.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
When I made the decision to transition into cybersecurity, the reactions from my family, peers, and career advisor were a mixed bag of support, concern, and scepticism. Navigating through the opinions and expectations of both sets of parents, including in-laws, introduced a unique set of challenges. Accustomed to my success in nursing and mindful of my responsibilities as a wife and
mother to two young children, they viewed my career shift with apprehension, labelling it as a potential mid-life crisis. Their concerns centred around my ability to balance professional aspirations with family obligations, questioning the timing and feasibility of such a significant change.
Addressing these concerns required a strategic and united approach with my husband. Together, we engaged in extensive discussions, outlining our plan to manage the balance between family, work, and my studies. We prepared for various scenarios, including the possibility of reassessing my decision if cybersecurity did not resonate with me as anticipated. By openly communicating our strategies and seeking their support, especially in caring for our children, we gradually turned their apprehension into backing. Their initial scepticism has since transformed into enthusiasm, particularly as they witness my passion and achievements in the field, although they occasionally inquire about when I’ll secure a job in cybersecurity.
My peers’ reactions ranged from surprise to encouragement. While some were taken aback by my decision to return to studies, others expressed confidence in my ability to transition into this new field, supporting me in various ways throughout this journey.
Fortuitously, I have been blessed with an exceptional mentor from my nursing career who has consistently advocated for my well-being and happiness. His support has been invaluable, providing encouragement and moral support as I juggle my many responsibilities.
Ironically, the most significant opposition came from within. Doubts about the impact of my career change on my family and whether I could excel
in a new domain were constant companions. Yet, the unwavering support from my husband, friends, and mentor bolstered my confidence, reminding me of the viability of pursuing one’s passions without sacrificing the balance between work and family life.
The journey from scepticism to support among my parents and the affirmation of my peers and mentor underscored the importance of following one’s passion. My success in my studies and involvement in Purple Team Australia, capped by the honour of giving the graduation speech, have not only validated my career change but also showcased the joy and fulfilment that come from pursuing a dream, no matter the stage in life.
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
The most influential factor in my journey into cybersecurity has undeniably been my husband. His pivotal role in shaping my career path has been both foundational and transformative. It was he who introduced me to the captivating world of cybersecurity during my maternity leave, urging me to delve into a book on social engineering. The captivating narratives within this book, illustrating the intricate dance of social manipulation and its far-reaching implications, struck a chord with me, echoing my experiences in mental health.
Yet, beyond sparking my initial interest, my husband has stood as an unwavering pillar of support, empowering me to navigate the challenges of balancing work, family, and personal growth. He has been instrumental in fostering an environment where I can pursue my passion for cybersecurity while also prioritising breaks and personal well-being. His encouragement has propelled me to engage in various programs and pursue certifications, solidifying my commitment to this career change.
His sacrifices and encouragement have ignited my determination to excel in this new field. This drive
is reflected in my achievements, such as securing the top spot in Purple Team Australia’s Capture the Flag competition and earning high distinctions in my university subjects. Moreover, my efforts extend beyond formal education to hands-on projects at home, where I dedicate significant time to applying and experimenting with newfound knowledge, all in a bid to honour his unwavering support.
Furthermore, my current role as a mental health nurse for Medibank has reinforced my resolve to make a difference in cybersecurity. Witnessing firsthand the aftermath of a data breach and its profound impact on clients, staff, and the broader community has underscored the critical need for robust cybersecurity measures. The ensuing distrust, reluctance to engage with services, and palpable anger highlight the urgent necessity for improved protection, especially for the most vulnerable.
In summary, the blend of personal encouragement from my husband and the professional insights gained from my current role have not only shaped my journey into cybersecurity but have also deeply influenced my career aspirations. This unique combination of support, firsthand experiences, and a fervent desire to contribute positively to the field motivates me to pursue a role where I can leverage my skills and experiences to safeguard and make a tangible difference in the lives of others.
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. The most memorable and significant event in my cybersecurity journey has undeniably been my participation in the Purple Team Australia cybersecurity program. This experience stands out for several reasons, but chiefly because it provided me with the rare opportunity to connect with other women who share my interest in cybersecurity. Discovering peers in similar life stages, with diverse backgrounds and skill sets, yet united by a common passion for cybersecurity, was both inspiring and empowering.
The program facilitated encounters with incredible mentors who guided, challenged, and expanded my capabilities beyond what I initially thought possible. Participating in my first Capture the Flag competition within this nurturing yet challenging environment was a pivotal moment for me. It wasn’t just about the competition; it was about immersing myself in the real-world application of cybersecurity principles, spanning blue, red, and purple team activities. The mentors, representing diverse domains, offered invaluable insights into the roles and responsibilities within each team, helping to clarify my career aspirations within cybersecurity. This guidance was instrumental in shaping my understanding of the field, guiding my further studies, certifications, and home practices toward achieving my professional goals.
Moreover, the program fostered lifelong friendships. The support network I’ve built with these women has become a source of ongoing motivation and encouragement, underscoring the importance of community in navigating the complexities of a career in cybersecurity.
The inaugural nature of the Purple Team Australia program amplified its impact on me. Being part of the first cohort in a field where women are significantly underrepresented was both a privilege and a challenge. The program’s commitment to diversity, welcoming participants from non-traditional backgrounds such as hairdressing, business, and nursing, like myself, was a breath of fresh air. It challenged stereotypes and barriers that often discourage women from entering or advancing in the cybersecurity field.
The most invaluable takeaway from this experience is the spirit of camaraderie and support that permeated every aspect of the program. It left a lasting impression on me, reinforcing the belief that more women, more diversity, and more inclusiveness can only enrich the cybersecurity space. This program not only equipped me with the technical skills and knowledge to progress in my cybersecurity
career but also instilled a deep sense of belonging and confidence in my ability to contribute meaningfully to this ever-evolving field.
The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice?
Certifications serve as vital markers for validating skills, knowledge, and facilitating career progression. My approach to pursuing certifications is strategic, aimed at aligning them with my career stage and aspirations within the cybersecurity landscape.
My journey began with the renowned graduate certificate in cybersecurity at UNSW, driven by its esteemed reputation in computer science and the renowned Richard Buckland’s teaching prowess. This intensive and gratifying course provided me with a solid foundation in cybersecurity principles.
Recently, I’ve booked my exam for the ISC2-CC certification, enticed by a free exam voucher offer and the opportunity to attain a certificate representing foundational skill sets from a reputable organisation. The ISC2-CC certification emphasises managerial and leadership skills, catering to individuals aspiring for roles blending technical expertise with managerial acumen.
Additionally, I’m considering the CompTIA Security+ certification for its global recognition and comprehensive coverage of key cybersecurity topics. This certification underscores practical, hands-on skills across various security domains, making it invaluable for beginners seeking to demonstrate readiness for cybersecurity roles.
Specialisation is a crucial aspect of my certification plan, particularly in cloud security. For those inclined towards AWS, the AWS Certified Solutions Architect certification offers essential knowledge on AWS Identity and Access Management (IAM). Similarly, focusing on Microsoft Azure would involve acquiring
certifications like Azure Fundamentals (AZ-900) and Security Engineer Associate (AZ-500) for a comprehensive understanding of Azure AD and Azure RBAC.
Penetration testing holds a particular interest for me, starting with the CompTIA Pentest+ for entrylevel skills and progressing to the advanced OSCP certification for seasoned professionals. These certifications are pivotal in showcasing expertise in identifying, exploiting, and mitigating vulnerabilities.
However, it’s crucial to recognize that certifications are just one facet of the broader learning journey in cybersecurity. Continuous learning and hands-on practice through platforms like Hack The Box or Try Hack Me are indispensable for staying updated on evolving threats and technologies. Mastery in cybersecurity also demands a deep understanding of cryptography, encryption, zero-trust architecture, and the nuances of symmetric and asymmetric encryption. Furthermore, proficiency in Linux, scripting, and basic programming complements theoretical knowledge and certifications.
Ultimately, my choice of certifications is driven by a desire to establish a robust foundation in cybersecurity, specialise in areas of interest, and continually develop a diverse set of skills essential for navigating the complexities of the cybersecurity landscape.
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
On one hand, UNSW provides a robust foundation in cybersecurity principles, paying closer attention with a comprehensive approach to critical thinking and problem-solving. This foundational knowledge is essential, equipping students with the theoretical understanding necessary to navigate the intricate world of cybersecurity.
However, concerning the practical facets of industry readiness, there exists a gap between academic preparation and the expectations for cybersecurity graduates in the workforce. The reality is that many of the skills deemed essential for immediate effectiveness in a cybersecurity role are often cultivated outside the structured curriculum of the university program. This includes hands-on experience with the latest tools, techniques, and an awareness of emerging threats, all of which are in a constant state of flux.
Therefore, while it may appear that the academic program does not entirely keep pace with the rapid changes in the cybersecurity industry, it’s crucial to acknowledge that no educational program can perfectly mirror the dynamic nature of the field. The expectation that graduates will emerge fully prepared for all facets of their future careers without the need for further learning or external experience is unrealistic.
While my program at UNSW furnishes a solid theoretical foundation, the responsibility also falls on students to actively pursue additional opportunities to cultivate practical, industry-relevant skills. This approach ensures that graduates are not only grounded in the fundamental principles of cybersecurity but also adaptable and primed to continue learning in response to the ever-evolving threat landscape.
Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?
Reflecting on my coursework in cybersecurity, particularly within the comprehensive program offered by UNSW, I appreciate the breadth and depth of areas covered. The degree commendably introduces students to a wide array of methodologies, fostering a well-rounded understanding of cybersecurity. This exposure is invaluable, preparing students to navigate the multifaceted landscape of cybersecurity with a solid foundation in various technical aspects.
However, one area that I believe deserves more emphasis is social engineering. The significance of social engineering in the cybersecurity domain cannot be overstated, as it directly targets the human element, arguably the most vulnerable aspect of any security system. Social engineering exploits require a deep understanding of psychology and human behaviour, areas that are markedly distinct from the technical focus that characterises much of the current curriculum.
While acknowledging the challenges of incorporating a comprehensive exploration of social engineering and its psychological underpinnings into a technically
oriented program, the increasing prevalence and impact of such attacks on a broad population highlight the need for greater coverage. Specialised lectures or courses on social engineering could bridge this gap, equipping students with a more nuanced understanding of these threats and strategies to mitigate them.
Finding experts capable of delivering such specialised content may pose a challenge. However, the effort to integrate this critical area into the cybersecurity curriculum would significantly enhance the preparedness of graduates to address one of the most pervasive threats in the modern cybersecurity landscape. By fostering an understanding of the psychological tactics employed by social engineers, students could gain valuable insights into designing more robust security measures that account for the human factor, thereby better protecting against a wide range of cyber threats.
Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences.
Throughout my academic journey in cybersecurity, I’ve encountered situations that have shed light on the gender disparities within the field. One recurring challenge has been in university tutorials or group
work, where instances of mansplaining and being talked over by male students have been all too common. It’s not uncommon for male peers to either repeat my ideas as their own immediately after I’ve shared them or feel the need to explain concepts to me as if assuming I lack understanding or capability based on my gender.
Interestingly, these difficulties extended beyond interactions with male peers. A particularly ironic situation arose during university exams. As a new mother needing to breastfeed my baby every three hours, a four-hour exam posed a significant challenge. While a male lecturer showed empathy and accommodated my needs, a female lecturer made me navigate bureaucratic hurdles. Despite the necessity of breastfeeding, I was compelled to apply for special consideration, a process the lecturer informed me was at their discretion. Only after presenting the university’s policy on supporting breastfeeding was I reluctantly allowed the necessary time during the exam. This experience was not only stressful and humiliating but also highlighted the lack of inclusiveness and consideration for women’s needs, especially those of mothers, within academic settings.
These experiences have underscored the complex layers of gender dynamics within the cybersecurity field and academia. They serve as a stark reminder of the progress still needed to foster an inclusive environment that values diversity and equity. Such challenges haven’t deterred me; instead, they’ve fueled my determination to excel and advocate for a more inclusive and understanding cybersecurity community where the contributions of all members are respected and valued equally, regardless of gender.
Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?
Yes, I’ve actively pursued employment opportunities in the cybersecurity field, and the journey has been
challenging. The application process revealed a market inclined towards hiring individuals with mid to senior-level experience, significantly limiting the availability of entry-level roles.
My attempts to secure entrylevel positions have been met with limited success. Responses to applications have been few, and while I have progressed to initial and second-round interviews on occasion, follow-up communication from employers has been lacking. The scarcity of opportunities and the lack of feedback have been disheartening, underscoring a gap between the demand for cybersecurity professionals and the accessibility of roles for newcomers to the field.
This experience has been a source of frustration, as it contrasts sharply with the industry’s reported need for more cybersecurity professionals. It’s discouraging to find that the barrier to entry is not a lack of interest or capability on the part of aspiring cybersecurity professionals but rather a hesitancy among organisations to embrace and invest in new talent. Despite these challenges, my eagerness to contribute to the field remains undiminished. I am convinced of my ability to make a positive impact in cybersecurity; I am simply seeking an opportunity to demonstrate this potential.
www.linkedin.com/in/izzieho
www.izzieho.com
Kayla McLoughlin, originally hailing from the UK, relocated during her early childhood and currently resides in Sydney, Australia. She recently completed her Bachelor of Cybersecurity at Macquarie University and now serves as a Junior Incident Responder at Pepsico.
Bachelor of Cybersecurity Graduate at Macquarie University
Now that you have graduated, which specific cybersecurity role do you aspire to and what motivates your choice?
Having enjoyed diverse experiences within the realm of cybersecurity, I have yet to encounter a branch of it that I did not find intriguing. I chose to pursue the DFIR (Digital Forensics and Incident Response) path because I felt that it was not as prominently covered in university curricula and other learning environments.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
My loved ones’ reaction to my career choice was primarily one of surprise. Given that I never completed high school for various reasons, many had perhaps resigned to the notion of my potential going unfulfilled. However, as they witnessed me laying down the foundational blocks of my life and excelling in my studies, their confidence and support gradually grew.
Beyond your academic studies, what practical experience have you gained in the
field of cybersecurity through employment or internships?
Beyond my academic pursuits, I’ve engaged in activities that directly benefit me:
• I’ve dedicated significant time to “Homelabbing,” creating environments to explore concepts that pique my interest, whether it’s experimenting with new vulnerable web apps or analysing malware.
• I interned with EY’s offensive security team, where I had the privilege of working for and learning from some incredibly knowledgeable and kind individuals who imparted a lot of technical and industry knowledge during my short time there.
• Teaching opportunities provided by my university have been invaluable in solidifying my understanding of various subjects. It has been immensely fulfilling to share my knowledge and expertise with fellow students.
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
I believe there’s a significant gap in exposure to certain aspects of cybersecurity that are prevalent in the industry. For instance, in past course offerings, I noticed a lack of attention given to Blue team-oriented units. An example of this is my only academic encounter with a SIEM (Security Information and Event Management) system in university occurred during a CTF (Capture The Flag) event everything else came through my own self-studies.
Another area of concern is the limited exposure to Cloud environments within my academic program. Without additional study, students may find it challenging to grasp the security considerations associated with the cloud, such as Identity and Access Management (IAM) and multitenanted environments.
What aspect of your cybersecurity studies excites you the most, and why?
My most cherished aspect of my studies was the environment fostered by my university’s computing department. Here, I had the privilege of constant access to individuals more knowledgeable in cybersecurity than myself. Whether it was lecturers engaging students in two-hour discussions about niche security topics at our tables or industry professionals delivering enlightening guest talks, it was the human connections that truly enriched my educational experience.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
Without a doubt, I attribute much of my success in this field to what are commonly referred to as “soft skills.” I often joke with friends that my greatest superpower in this industry is my knack for striking up conversations with anyone, be it colleagues or strangers. It’s a skill I believe is vastly undervalued.
I firmly believe that the ability to effectively communicate complex information to individuals lacking the same knowledge base is crucial. Whether it’s educating end users or briefing the C-suite, these skills play a significant role in mitigating the human element of risk.
Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?
I’m a regular attendee at Sectalks Sydney, and I make an effort to attend several other conventions each year, including 0xCC, Bsides Canberra, and Hacksyd, among others. Attending these events has been incredibly valuable to me in my cybersecurity journey. I’ve had the privilege of meeting outstanding and highly talented women at these cons, many of whom I still engage with regularly and admire to this day.
Additionally, I’ve been involved in organising women in security initiatives within my university. These initiatives aim to create an inclusive environment where women feel empowered to participate in Capture The Flag (CTF) events. I’m pleased to say that these efforts were met with resounding success in achieving their goals last year.
What is your preferred source for staying informed about cybersecurity trends and general information?
I’m an avid user of Twitter and various online forums. Accounts like vx-underground have been an invaluable source of knowledge for me. Additionally, participating in Discord communities has provided me with access to a wealth of small but significant pieces of information that have accumulated over time, greatly enriching my understanding of cybersecurity.
Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences. Since transitioning, I’ve noticed a shift in how my opinions
on security topics are perceived and trusted. There was a particular instance during a group discussion on a security topic when someone posed a question, and I offered my response, only to have another individual dismiss my input as incorrect. I took it in stride, understanding that we all make mistakes, and I anticipated them to provide counterpoints. However, instead of presenting original arguments, they essentially echoed my initial response as if it were their own idea.
Following that conversation, a colleague approached me to validate my experience and assure me that I wasn’t imagining things. This phenomenon isn’t unique to me; I’ve observed it happening to numerous women I’m acquainted with. Nowadays, I make a conscious effort to speak up when I witness similar situations occurring to others, advocating for fair treatment and recognition of diverse perspectives.
Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?
Yes, indeed, I’ve had some success with job applications and interviews, and I believe it’s a combination of luck and skill. Luck plays a role in finding opportunities that align with your strengths and interests, while skill comes into play through practising interview techniques.
In my experience, the key to successful interviews is authenticity. Letting your passion shine through and genuinely being yourself can make a significant difference. Additionally, taking the time to get to know the individuals interviewing you by showing sincere interest in them can leave a positive impression. It’s about creating a memorable and positive interaction that goes beyond just answering questions.
www.linkedin.com/in/kay-mcloughlin
Anushka Ravalji is currently in her final year at Macquarie University, Sydney, Australia, pursuing a double degree in Bachelor of Information Technology with a major in Cybersecurity and Bachelor of Commerce with a major in Accounting.
Final year Commerce and Information Technology student with majors in Accounting and Cybersecurity respectively
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?
A career in cybersecurity is characterised by its dynamic nature and diverse opportunities. With technology permeating every aspect of our lives, the demand for cybersecurity professionals extends across various industries and geographical boundaries. This widespread reliance on technology ensures that cybersecurity expertise is valued globally, offering professionals the chance to work in a multitude of companies and countries.
Cybersecurity roles encompass a broad spectrum, ranging from incident response to consulting and risk advisory. Each role requires a unique set of skills, ensuring that there is a position suited for individuals with varying talents and interests. Whether you possess a knack for dismantling and assembling computer hardware or enjoy the investigative aspects of cybersecurity, there is a niche waiting for you in this ever-evolving field.
Reflecting on your initial perceptions of cybersecurity when you first considered
studying it, how does the reality of your experiences today compare?
When I embarked on my Bachelor of IT degree, I was uncertain about which specific area of the vast IT industry I wanted to pursue. However, I was certain about my passion for working with people and my desire for a client-centric role that involved helping others. Additionally, my curiosity about emerging technology trends and my penchant for investigative work led me to seek a career path that would satisfy these interests.
What surprised me the most about cybersecurity was the breadth of roles available and the diverse range of skills I could develop and utilise within this field. From learning programming languages to conducting digital footprint autopsies and providing clients with advice to enhance their security posture, cybersecurity has provided me with opportunities to continuously learn and grow while making a tangible impact in the field.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
Coming from a family background rooted in the financial services industry, the realm of IT seemed unfamiliar compared to my parents’ expertise. Opting for a double degree in IT and Commerce with a major in Accounting stemmed from my mother’s influence, who is a Chartered Accountant. I reasoned that if the IT field didn’t align with my expectations, I could pivot towards accounting.
Despite the contrast between my parents’ careers and mine, they remained supportive throughout my academic and career journey. Their guidance was invaluable in helping me navigate the IT landscape, leveraging my strengths while integrating my accounting knowledge and broader business acumen into my professional pursuits. Their unwavering support and tailored advice have been instrumental in shaping my career path in IT.
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
I had the opportunity to participate in the Australian Defence Force’s Cyber Gap Program cohort of 2023, where I completed an internship. During this program, I gained practical skills in incident response and familiarised myself with regulatory frameworks such as NIST and ASD Essential 8. The learning experience was enriched through a structured module system and engaging Capture the Flag (CTF) exercises.
Additionally, I had the privilege of attending a weeklong conference in Canberra, where I immersed myself in seminars covering various topical issues related to Australia’s cybersecurity defence strategies. These sessions, facilitated by industry experts, provided valuable insights into the roles and responsibilities within the Australian Public Sector cybersecurity landscape.
During the summer holidays, I embarked on an internship program at Deloitte, specifically within the Risk Advisory pillar in the Cloud Security team. This experience allowed me to refine my technical expertise in assessing client security posture and offering actionable solutions. Working in a large multinational consulting firm provided me with a comprehensive understanding of the diverse cybersecurity roles available and how to translate my cybersecurity studies into practical applications within a professional environment.
Given the rapid evolution of cybersecurity threats, do you feel that your academic
program adequately keeps pace with the industry’’s current landscape?
I believe learning is never ending and my university studies have prepared me for the current threat landscape, however, given the rate at which things change in cybersecurity, I believe it is up to me to stay aware, upskill and adapt as need be. I think my overall understanding of cybercrime, the digital landscape and security will give me a good starting point for my career however the rest of the learning will definitely occur on the job.
What aspect of your cybersecurity studies excites you the most, and why?
One of the most rewarding aspects of studying cybersecurity and working in the field is the rapid pace of change and the tangible impact our efforts can have on clients and the broader Australian community. We’ve witnessed firsthand the devastating consequences of cyber breaches on critical infrastructure and the privacy of individuals. However, by promoting better cyber hygiene among employees and customers, regularly assessing company security posture, and implementing comprehensive protection measures, we can significantly enhance data security.
Being able to contribute to sensitive situations where customer data may have been compromised is particularly fulfilling. In such instances, I find satisfaction in assisting clients in safeguarding their digital assets or guiding them through challenging circumstances. The opportunity to make a meaningful difference in protecting valuable data underscores the importance and fulfilment of roles within cybersecurity.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
The concepts of “technical skills” and “soft skills” are ubiquitous across industries, emphasising the importance of developing a well-rounded skill set.
In my experience, success in any role hinges on striking a balance between these two skill sets. While technical expertise is crucial, it is complemented by soft skills such as effective communication, collaboration, emotional intelligence, and conflict resolution.
Mastering soft skills enables individuals to thrive in team environments, fostering seamless communication and cooperation with colleagues. Additionally, possessing emotional intelligence allows for the effective management of stakeholders and the resolution of conflicts in the workplace. By nurturing these essential skills, individuals can enhance their ability to excel in their roles and contribute meaningfully to their organisations’ success.
Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against?
I believe workplaces across various industries have made significant progress in creating environments where women feel safe and respected. While IT, particularly cybersecurity, remains predominantly male-dominated, there are many women achieving remarkable successes in their roles with the support of their male colleagues. However, I’ve observed instances where women may inadvertently foster a sense of competition among themselves, which can hinder their collective growth. Rather than uplifting each other, there may be a tendency to inadvertently impede one another’s progress.
I firmly believe that regardless of gender, we can all collaborate to support each other’s career advancement. By fostering a culture of mutual support and encouragement, we can achieve better outcomes for everyone involved. It’s essential to recognize that success knows no gender, and by working together, we can create an inclusive and empowering environment for all individuals to thrive.
Reflecting on your journey thus far, would you, with the benefit of hindsight, make any
changes to your career trajectory? If yes, what adjustments would you consider?
I firmly believe that everything happens for a reason. However, if I were to express a wish, it would be to have explored my career options at an earlier age. Initially, I hadn’t considered a career in IT during my high school years. Had I been more open-minded and looked beyond the paths others were taking, I might have developed my technical IT skills sooner.
Looking back, I take pride in my adaptability, particularly when I transitioned to university without the familiar presence of my high school friends. Despite this challenge, I was able to forge strong connections and find a sense of belonging within the university community. Leading the Women Entering Business (WEB) society as its President has been a particularly rewarding experience for me. Overall, I am content with the way my journey has unfolded. I believe that overcoming obstacles has enriched my journey, making it both rewarding and enjoyable.
www.linkedin.com/in/anushka-ravalji-456714220
Bachelor of Computer Science student majoring in Cybersecurity at the University of Wollongong, Australia. Originally from Giza, Egypt, embarked on a journey that led her to the Kingdom of Saudi Arabia during her early years and eventually to Australia, where she currently resides in Wollongong, New South Wales. Now in her final year, gaining practical experience in the field as a Cybersecurity Consultant intern at GuardWare.
UOW Computer Science Student majoring in Cybersecurity
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?
Cybersecurity encompasses the vital task of safeguarding both software and hardware devices against a myriad of threats. It serves as the shield that thwarts hackers from pilfering your online data during activities such as browsing, making transactions, or engaging in online conversations. Behind the scenes, dedicated security professionals diligently monitor for potential breaches, striving to keep your information secure from cybercriminals.
Despite the pervasive nature of online activities, some individuals downplay the necessity of implementing robust security measures, believing themselves immune to cyber threats. Yet, in today’s interconnected digital landscape, cyberattacks are escalating globally. Consequently, grasping the fundamental tenets of cybersecurity and adopting protective measures as individuals has become paramount.
The allure of cybersecurity lies not only in its role as a defender against malicious actors but also in its empowerment of individuals to assert control over their digital identities. Equipping oneself with the requisite knowledge enables confident navigation through the digital realm while sidestepping potential cyber threats.
For those drawn to new challenges and opportunities, cybersecurity presents an ever-evolving field. The perpetual emergence of novel cyber threats ensures constant evolution, offering a plethora of roles to explore and master. Whether one’s interests lie in ethical hacking, cryptography, or cyber risk management, there exists a niche awaiting exploration and expertise.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
When I embarked on my university journey, cybersecurity was not even on my radar. I found myself torn between various degree options, contemplating paths from medicine to engineering, with cybersecurity nowhere in sight. It wasn’t until I began exploring other potential areas of study that I stumbled upon the dynamic realm of cybersecurity. I’ll admit, initially, I was uncertain about its relevance in the job market. However, as I delved deeper into the curriculum, the breadth and intricacy of the field captivated me, and I knew it was where I envisioned myself in the future.
In the second year of my degree, I had the opportunity to delve into various subjects, from cryptography and network security to delving into the principles of ethical hacking and artificial intelligence. Each course expanded my understanding of new facets within the field, sparking fresh insights and fueling my curiosity and passion further.
Looking back on my journey, I am astonished by the transformation in my perception of cybersecurity. It has evolved beyond being just a degree; it now
represents an opportunity for me to showcase my dedication and make a tangible impact. As I continue to progress in my cybersecurity journey, I am constantly reminded of my growth. What began as a simple curiosity has blossomed into a profound passion driving both my academic and professional endeavours. With each challenge encountered and every milestone achieved, my commitment to cybersecurity deepens, fueled by the myriad of exciting opportunities it holds for the future.
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
My journey into professional cybersecurity began as a Cyber Cadet for the SXSW event in 2023, an exhilarating opportunity facilitated by GuardWare in collaboration with Investment NSW. Tasked with conducting cyber checks, my role involved administering questionnaire-based interviews aimed at assessing individuals’ digital safety.
The questions ranged from the intricacy of password management to the practice of utilising separate email accounts for distinct online activities, such as social media and banking, and the importance of regular data backups. The objective was to evaluate participants’ vulnerability to data loss and cyber threats, emphasising the significance of proactive digital security measures.
Engaging with diverse perspectives during these assessments was enlightening. Some participants demonstrated acute awareness of potential online risks and expressed eagerness to enhance their digital asset protection strategies. Conversely, others appeared less informed or concerned about their digital vulnerabilities.
This experience proved invaluable, not only for honing my practical cybersecurity skills but also for deepening my appreciation of its significance in today’s interconnected world. It underscored the imperative of educating individuals about optimal
cybersecurity practices and fostering a culture where digital safety is paramount.
Through interactions during the cyber checks, I gained a newfound appreciation for the vital role cybersecurity professionals play. Beyond safeguarding business networks, they serve as guardians of personal data and privacy, reinforcing the critical importance of their expertise in preserving digital security for individuals and organisations alike.
The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice?
The cybersecurity industry presents a wealth of educational opportunities, and I have actively pursued numerous courses and certifications to enhance my knowledge and expertise in the field.
One such endeavour involved participation in courses offered on LinkedIn, including the SMB Implementing the NIST Cybersecurity Framework. This course not only delved into governance, risk, and compliance (GRC) practices but also provided practical strategies for implementing the NIST framework, ensuring robust security for small to mediumsized businesses.
Additionally, courses like Building and Managing a Cybersecurity Program, CompTIA Security SY0601 Cert Prep 1 Threats Attacks and Vulnerabilities, and Becoming a Cybersecurity Professional (learning path) have broadened my understanding of various topics within cybersecurity. I meticulously noted key insights from these courses, conducting further research to deepen my comprehension of their significance in the cybersecurity landscape.
I also found value in Cisco’s offerings, such as the Cyber Threat Management course, which elucidated the diverse threats individuals and organisations may encounter and how to mitigate them effectively. The Introduction to Cybersecurity course by Cisco, which I undertook during my first year of study, provided foundational knowledge that bolstered my confidence in the field.
By acquiring these certifications and completing these courses, I have honed my ability to navigate the cybersecurity terrain with confidence and expertise. Furthermore, these credentials serve as tangible evidence of my commitment to continuous learning and readiness to tackle complex cybersecurity challenges for prospective employers.
Looking ahead, I aim to pursue additional professional certifications, such as the Certified Information Systems Security Professional (CISSP), post-graduation. This certification will validate my proficiency in IT security and my capacity to develop and oversee comprehensive cybersecurity programs. Currently, I am diligently preparing for the exam, eager to leverage this credential to further enhance my standing in the cybersecurity field and advance my career prospects.
What aspect of your cybersecurity studies excites you the most, and why?
Among the myriad aspects of cybersecurity, ethical hacking holds a special allure for me. This field revolves around adopting the mindset of a hacker to proactively uncover vulnerabilities within organisational systems and networks before
malicious actors exploit them. The essence of ethical hacking lies not only in resolving incidents but also in preventing them altogether.
As an ethical hacker, the pursuit of strengthening current security measures is a continuous journey. It entails pushing the boundaries to fortify defences against potential cyber threats. What excites me most is the thrill of unravelling new vulnerabilities and witnessing the resilience of systems fortified with robust security measures, making penetration increasingly difficult.
In the realm of cybersecurity, there exists a wealth of captivating topics, from ethical hacking to cryptography to network security, each offering opportunities for exploration and understanding. Every day presents a new opportunity for learning and growth. As I progress in my cybersecurity journey, I eagerly anticipate delving deeper into these topics and leveraging my skills to tackle real-world challenges in the cyber landscape.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
Certainly, proficiency in non-technical skills is increasingly essential across various job titles within cybersecurity, including project managers, security analysts, and other IT professionals.
In today’s job landscape, technical expertise alone often falls short of meeting the demands of roles within cybersecurity. Instead, employers prioritise candidates’ abilities to lead teams effectively and communicate adeptly with others.
Interpersonal communication skills, for instance, play a pivotal role in fostering collaboration and addressing security concerns within organisations. Security analysts, in particular, rely on strong communication abilities to collaborate closely with teams and address evolving security challenges.
On the other hand, management skills are indispensable for team leaders and project managers, who oversee task assignments, resource scheduling, and project alignment with goals. Effective management ensures projects progress according to plan, contributing to overall success.
These non-cyber skills contribute significantly to shaping the organisational environment, fostering trust, collaboration, and innovation. A well-crafted project plan, coupled with adept management and communication, forms a robust strategy for success. When combined, these skills cultivate an environment conducive to successful projects and positive team dynamics.
I firmly believe that investing in training for non-cyber abilities such as management and interpersonal communication is imperative, given the multifaceted requirements and job dynamics of many cybersecurity roles.
What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?
As I’ve delved deeper into the realm of cybersecurity, my awareness of the importance of safeguarding my
digital identity has grown significantly. It’s become evident that online protection extends far beyond merely setting strong passwords; it requires vigilance at every juncture.
One of the key steps I’ve taken is to enhance the security of my passwords, ensuring they’re both robust and unique for each account. This precautionary measure ensures that even if one account is compromised, the others remain secure. Though it demands some effort, the peace of mind it affords is invaluable. Additionally, I’ve established a routine of regularly updating all software and antivirus programs and implementing multi-factor authentication. This added layer of security offers reassurance, knowing that access requires more than just a password.
Navigating the realm of social media has revealed both its benefits and risks. While it serves as a valuable tool for connectivity, it can also pose significant threats to personal security. Hence, I’ve taken steps to carefully manage my privacy settings, ensuring that only trusted individuals have access to my shared content. Moreover, staying vigilant against common online scams, ranging from suspicious emails to deceptive messages or calls, is imperative. Being able to discern fraudulent attempts and protect personal information is essential in today’s digital landscape.
Overall, adopting a proactive stance towards cybersecurity has been empowering. With each precautionary measure I implement, I gain confidence and reassurance in my online interactions and the security of my digital identity.
Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider? Reflecting on my career journey, I can’t help but ponder if there are aspects I would approach differently armed with hindsight. One significant adjustment I would make is initiating my foray into
cybersecurity sooner. It wasn’t until my second year of university that I truly immersed myself in the field, and looking back, I recognize the advantage of an earlier start. Beginning earlier would have provided me with a stronger foundation and allowed me to grasp the intricacies of cybersecurity sooner.
Moreover, I regret not seizing more opportunities for hands-on programs and internships in cybersecurity. Engaging in such experiences could have accelerated my skill development, provided insights from seasoned professionals, and offered practical exposure to real-world challenges. Additionally, it could have aided me in identifying specific areas within cybersecurity that resonate most with my passions and strengths. While I’m still in the process of discovery, I remain optimistic about finding my niche in due time.
Moving forward, I am dedicated to prioritising continuous learning and professional growth in cybersecurity. This entails attending conferences, obtaining certifications, and nurturing connections within the cybersecurity community. While there may be aspects I would alter if given the chance to revisit the past, I am grateful for the experiences thus far and enthusiastic about the prospects that lie ahead in my cybersecurity career.
www.linkedin.com/in/eman-elshimy-4a5266200
Are you a student passionate about shaping the future of security? Do you have innovative ideas and insights to share with a global audience? Join us in contributing to the Women in Security Magazine and become a voice for the next generation of security leaders!
Gain valuable exposure: Reach over 5000 subscribers globally and showcase your expertise to industry professionals.
Make an impact: Share your experiences, challenges, and aspirations to inspire others and shape the future of security.
Let us know you are interested. We will send you a series of questions of which you can choose which ones you would like to answer. Submit those back to us in an email. We will then edit to be a concise and flowing edited Q&A.
Don't miss this opportunity to be part of a vibrant community of students driving change in the security industry. Contact us today to learn more about how you can contribute to the Women in Security Magazine!
Contact: jane@source2create.com.au
Jessica Sylvia Clement is currently enrolled in the second semester of the MSc Cyber Security program at Royal Melbourne Institute of Technology (RMIT). Additionally, she holds a position as an intern at HEX20 Global, specialising in researching cyber aspects within satellite-based systems.
M.Sc Cyber Security Student at RMIT
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest? I always find it exciting to delve into discussions about my field. Our current era is undeniably defined by its digital saturation, with technology pervading every aspect of our lives. In such a landscape, where digital data is abundant, the potential for hacking and misuse looms large. This is where my role becomes both crucial and thrilling. Just think about it – being a guardian of the online realm, where one’s skills are constantly in demand, and where we play an essential role in safeguarding the digital sphere for individuals and organisations alike.
I often like to start conversations by painting this picture, emphasising the excitement and importance of what we do. For instance, I might say something along the lines of, “Isn’t it incredible to be at the forefront of securing the digital world, where our expertise is vital for maintaining its integrity?”
I also enjoy sharing concrete examples, particularly those related to smishing, given its widespread occurrence. These anecdotes not only highlight the prevalence of cybersecurity threats but also serve as
compelling illustrations of the dynamic nature of our field. Narrating stories about various hacks and how experts tackle them adds an extra layer of intrigue to the conversation, showcasing the constant challenges and innovations within cybersecurity.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
I earned my bachelor’s degree in forensic science, but the practical components of the course were disrupted by the onset of COVID. Online learning left me feeling somewhat incomplete, except for the digital forensics portion, which ignited my interest in cybersecurity. I had begun exploring cybersecurity as a hobby during my undergraduate studies, and my fascination with the subject drove me to pursue it further in my master’s degree.
The experiences I’ve gained since then have been vastly different from my initial perceptions. What I once thought of as a relatively narrow field focused solely on websites and personal devices has revealed itself to be a much broader landscape. Currently, I am employed by a satellite and space-based company, where I’ve come to understand the expansive scope of cybersecurity beyond traditional notions of online safety. It encompasses complex areas such as satellite systems, highlighting the remarkable evolution of my understanding of the field. It’s been eye-opening to realise the vastness and intricacy that cybersecurity truly encompasses.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
As I toss my graduation cap into the air, I’m poised to dive headlong into the electrifying realm of Cyber Forensics. Imagine this: delving into the intricate minds of cyber criminals, untangling the threads of their digital mischief, and uncovering the essence of their motives. It’s akin to being a cyber detective, dissecting the who, what, and why lurking behind the digital curtain.
But here’s the twist: my ambition doesn’t stop at understanding the criminal psyche. I’m also passionate about shaking up the status quo with risk analysis and staying ahead of emerging threats. It’s akin to embodying the spirit of Sherlock Holmes in the cyber domain—deciphering patterns and ensuring a safer digital frontier for all.
This is the kind of adventure that sets my pulse racing, and I’m eagerly poised to embark upon it!
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
Despite the unwavering support of my parents and those around me, I wrestled with my own doubts when it came to pursuing a career in cybersecurity. Making the leap into a technical field without any prior background in technology felt like a formidable hurdle. I often found myself questioning whether my sheer interest and passionate drive were enough, or if I needed to measure up to the brilliant minds already established in the field.
To conquer these internal uncertainties, I made a conscious effort to trust in my intentions, embracing the magnitude of the challenge and pushing beyond my own perceived limitations. Having my family as a steadfast support system played a crucial role in navigating through these uncertainties, providing the foundation I needed to forge ahead.
Who or what has been the most influential factor in shaping your journey in cybersecurity
so far, and how has it impacted your career aspirations?
It all started with my fascination for digital forensics during my bachelor’s, where I eagerly dove into the world of uncovering deleted data by dissecting hard disks. This passion led me to explore online courses on cybersecurity, and in that journey, I stumbled upon my ultimate favourite YouTuber, NetworkChuck, whose videos became a profound source of inspiration. Spending countless hours absorbing and practising the techniques he demonstrated, I eventually set up my first virtual box and began honing my skills by chasing flags on platforms like TryHackMe and Hack The Box.
The journey didn’t stop there. I found myself influenced by other YouTube personalities such as John Hammond and David Bombal, whose insights and tutorials added further depth to my learning. As I gained hands-on experience through internships, I proactively connected with supportive individuals on LinkedIn, joined vibrant Discord groups, and absorbed invaluable guidance from the cybersecurity community.
Social media played an instrumental role in my growth until I took a significant leap forward by pursuing a master’s degree in cybersecurity. Since then, my journey has only intensified, thanks to the unwavering support and teachings from remarkable mentors at RMIT. Additionally, the guidance from HEX20’s CEO, Mr. Lloyd, has significantly fueled my career aspirations, propelling me toward new heights in the cybersecurity field.
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. A standout moment in my cybersecurity journey remains vivid in my memory: the undertaking of a project centered on risk analysis and business continuity planning. The pinnacle of this experience was presenting the project to Mr. Munashe Kandawasvika, the Manager of Security Governance, Risk, and Compliance at UniSuper. The sense of
accomplishment as I shared my risk analysis and plan was amplified by his positive feedback and appreciation. This encounter significantly bolstered my confidence, affirming my capabilities to thrive in the field.
While this event may seem modest in the broader scope of my cybersecurity journey, it stands as a pivotal moment that ignites my passion. Now, armed with newfound confidence, I eagerly anticipate future research endeavours, confident that they too will yield success.
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
In addition to my academic pursuits, I’ve garnered significant practical experience in cybersecurity through diverse internships. These roles have afforded me the opportunity to immerse myself in ethical hacking, particularly in uncovering vulnerabilities within real-world websites and software. Actively documenting and reporting these findings has equipped me with invaluable hands-on experience in the operational facets of cybersecurity.
Moreover, I’ve contributed to projects spanning cryptography and risk management, thereby expanding my expertise in these pivotal domains. A standout engagement involved volunteering with the cyber police department in Kerala, India, further enriching my practical knowledge.
Presently, I am interning with HEX20, a satellitefocused company, where my research centers on identifying vulnerabilities and fortifying security protocols for both ground and space-based satellite systems. This role has provided me with profound insights into the intricacies of safeguarding satellite technology.
Beyond my direct involvement in cybersecurity, I proudly serve as a Women in STEM Ambassador and a Cybersecurity Ambassador at RMIT. In these
capacities, I actively champion the next generation’s pursuit of careers in cybersecurity, offering glimpses into the myriad opportunities within this dynamic field.
The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice?
In terms of certifications, I am currently strategizing to pursue the CND, CEH, and CHFI certifications offered by EC-Council. This decision stems from both their recognized value in the industry and recommendations from seasoned professionals I’ve connected with on LinkedIn. I see these certifications not just as a challenge but as crucial tools to keep my skills sharp in the rapidly evolving field of cybersecurity.
Furthermore, the prevalence of these certifications as prerequisites in cybersecurity job descriptions significantly influences my choice. Many employers prioritize candidates with these credentials, making them integral to my career trajectory. However, I’m mindful to pursue only those certifications that directly align with my job requirements, ensuring that each adds tangible value to my skill set.
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
I am confident in the well-crafted program structure, which seamlessly aligns with prevailing cybersecurity trends and threats. Our professors, who are industry stalwarts, impart a curriculum that blends theory with hands-on experience, keeping us at the forefront of the ever-changing cyber landscape.
Furthermore, the program fosters active participation in hackathons, facilitates interaction with industry experts, and encourages contributions to research projects that directly influence the evolving cybersecurity ecosystem. This holistic approach
ensures that we are not only well-equipped with knowledge but also actively engaged in shaping the future of cybersecurity.
What aspect of your cybersecurity studies excites you the most, and why?
As I delve into diverse case studies throughout my studies, I’ve come to grasp the ease with which individuals, organisations, and even entire nations can be targeted and potentially harmed from the comfort of one’s home. This realisation is both daunting and exhilarating. I’m particularly drawn to deciphering the criminal mindset and find great satisfaction in the challenge and excitement of staying one step ahead of evolving techniques to outsmart malicious actors.
Moreover, I find the realms of programming, cryptography, and networking to be deeply intriguing subjects that further fuel my passion for understanding and navigating the complexities of cybersecurity.
Conversely, which aspect of your studies do you find least interesting or useful, and how do you navigate through it?
While I’ve found the subjects themselves consistently engaging and beneficial, the transition in teaching methods towards self-learning via videos and uploaded materials hasn’t been as impactful for me compared to previous approaches. To navigate through this challenge, I’ve incorporated interactivity into my study routine.
Instead of solely relying on passive consumption of content, I actively engage in discussions with peers and online communities to expand my understanding and viewpoints. Additionally, I develop practical projects or scenarios relevant to the subject matter, transforming theoretical knowledge into tangible hands-on experience. By adopting this approach, I aim to maximize the benefits of self-learning while effectively addressing the limitations I perceive in the current teaching methodology.
Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges?
Certainly. Transitioning from a non-technical and nonmathematics background into cybersecurity studies has presented me with numerous challenges. Notably, I’ve observed that I dedicate more time to assignments and studies compared to my peers with technical backgrounds, some of whom possess prior industry experience. Particularly in problem-solving and ethical hacking challenges, I often encounter obstacles that leave me feeling stuck and unable to find solutions.
To overcome these hurdles, I actively seek assistance from peers or tutors when faced with difficulties. I adopt a meticulous approach, meticulously noting down the mistakes I make and strategizing on how to address them moving forward. Embracing a mindset of continuous learning, I recognize that making mistakes is an inherent aspect of the learning process. I derive lessons from each misstep, persisting until I achieve success. With a determined attitude, I refuse to give up on challenging tasks in my studies, consistently pushing myself to overcome obstacles and conquer new heights.
Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?
Indeed, I believe there’s room for enhancing the practical aspect of my cybersecurity coursework. Introducing more hands-on experiences and realworld simulations would offer a more immersive learning journey, enabling students to directly apply theoretical concepts to tangible scenarios.
However, I also suggest a slight adjustment in the emphasis placed on cryptography, specifically in the intricate details of cryptographic protocols. While I recognize the significance of cryptography in information security, delving excessively into the complexities of cryptographic algorithms can sometimes feel overwhelming. I propose a balanced approach that efficiently allocates time across various cybersecurity domains, potentially reducing the depth of focus on certain aspects of cryptography. This adjustment could contribute to a more well-rounded and engaging learning experience for students.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
Beyond mastering technical skills, it’s crucial to polish interpersonal communication and management abilities. These non-cyber skills enhance collaboration and ensure effective cybersecurity initiatives. Picture a well-rounded cybersecurity professional, not just tech-savvy, but also a strong communicator and adept manager –ready to navigate the ever-changing cyber landscape with confidence and finesse.
Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?
Besides my engagement in forums, webinars, and online discussions within dynamic cybersecurity communities, I am honoured to hold the position of cybersecurity ambassador at RMIT. In this capacity, my main responsibility is to promote awareness and inspire others to pursue careers in cybersecurity. It’s not merely about imparting knowledge but also about absorbing valuable insights from fellow community members. This dual role has not only enabled me to contribute to the expansion of the cybersecurity community but has also deepened my personal learning journey. The supportive and collaborative
atmosphere has truly enriched my cybersecurity voyage, making it both fulfilling and inspiring.
What is your preferred source for staying informed about cybersecurity trends and general information?
I must admit, my quest for cyber-related information leads me to frequent searches on browsing platforms like Google and Microsoft, resulting in tailored and automatic news that perfectly aligns with my interests. Furthermore, I glean valuable insights from articles on “Medium” and stay abreast of the latest developments by following “The Hacker News.” To optimise my time, I tune into cybercrime podcasts during my commute to work, absorbing information in an engaging auditory format. This multi-channel approach ensures I receive a diverse range of perspectives and remain wellinformed about the constantly evolving landscape of cybersecurity.
Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences.
Thankfully, in my personal journey, I haven’t encountered situations where being a woman in cybersecurity has made me feel disadvantaged or discriminated against. I attribute this largely to the supportive community of fellow women professionals in the industry, which has been invaluable in providing encouragement and solidarity.
However, I do recognize the gender disparity within my class, where women make up only 25 percent compared to the majority of men. This underscores the urgent need to encourage and empower more women to enter the field. Viewing this as an opportunity, I actively engage with women, girls, and school children, aiming to inspire and encourage them to consider careers in
cybersecurity. I firmly believe that fostering inclusivity is crucial for the growth and diversity of the field.
What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?
To enhance my personal cybersecurity in today’s digital landscape, I’ve implemented several key measures:
1. I prioritise regularly updating all my devices and applications to ensure I have the latest security patches installed.
2. I rely on a password manager to generate and manage strong, unique passwords for each of my accounts, minimising the risk of unauthorised access.
3. Whenever possible, I enable two-factor authentication to add an extra layer of security to my accounts.
4. I remain vigilant against phishing threats by carefully scrutinising email links and avoiding clicking on suspicious attachments.
5. I’ve invested in reputable antivirus and anti-malware software to provide real-time protection against potential threats.
6. Lastly, I stay informed about the latest cybersecurity trends and best practices through online forums and reputable sources, allowing me to remain proactive in adapting to the everevolving digital landscape.
Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider?
Reflecting on my journey, if I had been aware of the cybersecurity path earlier, I might have opted for a related field during my bachelor’s degree. Looking back, I also see the value in pursuing specialised certifications earlier in my career to deepen my skills and knowledge in cybersecurity. This could have potentially provided a more focused trajectory for my professional development in this rapidly evolving field.
However, I acknowledge that every learning experience, regardless of timing, contributes to personal and professional growth. Recognizing the importance of adaptability and self-correction in any career, I am committed to continuous learning and improvement in the dynamic realm of cybersecurity.
Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?
Yes, I have actively pursued employment opportunities within the cybersecurity field. Although I have yet to apply for full-time positions, I intend to do so in the near future. In terms of internships, I have been fortunate enough to secure opportunities with several companies.
One notable observation is the scarcity of casual or part-time positions within this field, which is understandable given its complexity. As a result, I have opted to wait until completing my master’s program before exploring full-time employment opportunities.
When it comes to job applications and interviews, I often encounter specific qualifications that I may not always possess. However, I make a concerted effort to research every term mentioned in the job criteria and thoroughly understand the company and its requirements before applying. Personalization is paramount to me; I dedicate time to tailor my resume for each company, striving to elicit positive feedback.
Furthermore, when preparing for interviews, I meticulously research industry leaders if I am called for an interview. I diligently practise and review my concepts beforehand to ensure that I am wellprepared to articulate my skills and knowledge during the interview process.
www.linkedin.com/in/jessica-sylvia-clement/
Director at Private Wealth Network | Impactful Education & Peer Experiences for Family Office
Twins Olivia and Jack love adventures and holidays, especially ones that involve being active! They particularly love holidaying with their cousins who are of similar ages. They always have a great deal of fun with lots of laughter and games. But there was one thing that bothered them when catching up with their cousins: their aunt and uncle were always ‘sharenting’: sharing too much private information about their children on social media.
Olivia and Jack noticed their cousins felt embarrassed and uncomfortable when their pictures and stories were posted online for everyone to see. The cousins were even teased at school about how much their parents shared about their lives. Olivia and Jack decided it was time for their parents to talk with their aunt and uncle ahead of the upcoming family holiday.
Olivia and Jack spoke with their parents, saying, “We can’t wait to go on our family holiday with our cousins, but we’re also worried about how much aunt Emma and uncle Steve post online. Last year they posted heaps of photos of our holiday that none of us wanted. Now, many of our friends know exactly what we did on holiday. We prefer to share our own stories and photos with the people we choose.”
Olivia explained: “We also know sharenting can be dangerous. It’s like leaving the front door wide open for strangers.” Jack added. “And it can affect us kids too! It’s about our privacy and the things we might not want the whole world to know.”
Olivia’s and Jack’s parents spoke to aunt Emma and uncle Steve at a family dinner and both listened very carefully. They hadn’t realised the impact of their actions and how much it embarrassed all the children. They promised to think before they shared and to respect their children’s privacy.
The family holiday arrived, and it was a blast! The phones were not out at every moment, there was a lot of laughter and special memories made together. Olivia’s and Jack’s cousins felt happier, knowing their moments were private and special.
And so, Olivia and Jack had helped their family understand the importance of privacy in a world that is always connected. They all learnt that some things are meant to be shared only through the heart, not on the internet.
1. Start the conversation about posting on social media early, and keep talking about it. Have an open conversation with your entire family about the importance of privacy and the potential risks of oversharing. This includes cousins, grandparents and caregivers.
2. Set boundaries that fit your family values. Decide together what is okay to share and what should stay private.
3. Respect each other’s wishes. Always ask for permission before sharing someone’s photo or story, especially if it involves children. Many schools and sporting organisations have guidelines about posting photos of other people’s children that include a requirement to ask for permission beforehand.
4. Educate each other. Learn about the privacy settings on social media platforms and use them to control who sees your posts.
5. Create a private group. If you want to share moments with family and friends, consider creating a private group where you can control membership.
www.linkedin.com/in/lisarothfield-kirschner
howwegotcybersmart.com
How We Got Cyber Smart addresses cyber safety, cyber bullying and online safety for elementary school-aged children.
Lisa has partnered with Cool.Org , and her content is found on the Department of Education website .
1. NARELLE DEVINE
Telstra CISO for Asia Pacific
2. AMANDA-JANE TURNER
Author of the Demystifying Cybercrime series and Women in Tech books. Conference Speaker and Cybercrime specialist
3. ELIZABETH OMOTAYO
Web Specialist (networks and security)
4. DANIELLA KAFOURIS
Partner at Deloitte specialising in Transformation, Data, and Cyber
5. ANITA MODI
Cyber Risk Advisor at Advaya Cybersecurity Consulting
6. ELLIE BLACKMAN
Security Analyst at Culture Amp
7. MADHURI NANDI
Head of Security at Till Payments | Board Member, AWSN | Creator of ITSA (IT Security Awareness Framework)
8. JENNIFER FUNK
Manager II Cyber Defence & Ops US at Ahold Delhaize
9. ANKITA SINGH
Cyber Security Sales & Marketing at Cochlear
10. YAAMINI BARATHI MOHAN
Product Security at Dell
11. OLUWATOSIN (TOSIN) FATOKUN
Senior Security Governance and Strategy Officer at Paystack
12. NONYE ANYANWU
IT GRC Specialist
13. CRAIG FORD
Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC and Baidam Solutions
14. BELINDA NOEL
Chief Growth Officer at Secolve
15. JO STEWART-RATTRAY
Oceania Ambassador, ISACA
16. SUSAN MCGINTY
CEO Aya Leadership
17. LISA VENTURA
Founder, Cyber Security Unity
18. MATT DUNHAM
Director at Decipher Bureau (Cyber Security Recruitment)
19. MARINA AZAR TOAILOA
Security Operations
20. KAREN STEPHENS
CEO and co-founder of BCyber
21. DR. RIFAT ARA SHAMS
Postdoctoral Fellow, Data61, Australia’s National Science Agency (CSIRO)
22. MEGHAN JACQUOT
Security Engineer, Inspectiv
23. SOPHIE BUCHANAN
Macquarie University IT Student
24. ISABELLE HO
Purple Team Australia Graduate and Graduate Certificate in Cyber Security at UNSW
25. KAYLA MCLOUGHLIN
Bachelor of Cybersecurity Graduate at Macquarie University
26. ANUSHKA RAVALJI
Final year Commerce and Information Technology student with majors in Accounting and Cybersecurity respectively
27. EMAN ELSHIMY
UOW Computer Science Student majoring in Cybersecurity
28. JESSICA SYLVIA CLEMENT
M.Sc Cyber Security Student at RMIT
29. LISA ROTHFIELD-KIRSCHNER
Author of How We Got Cyber Smart | Amazon Bestseller
COMPLETE CYBER SECURITY COURSE: HACKERS EXPOSED!
An advanced practical skillset in defeating all online threats - advanced hackers, trackers, malware and all Internet nastiness including mitigating government spying and mass surveillance.
Learn in-demand skills to launch a new career in Cybersecurity with our immersive bootcamp.
This is your path to a career in cybersecurity. In this certificate program, you’ll learn in-demand skills that can have you job-ready in less than 6 months. No degree or experience required.
TryHackMe is a browser-based cyber security training platform, with learning content covering all skill levels from the complete beginner to the seasoned hacker.
Learn from world-renowned industry experts such as Microsoft, CloudSwyft and Cisco, and start building a roster of skills that’ll catapult you into the next generation of tech leaders.
To assess the strength of your organization’s cybersecurity posture, you need to gather information, perform scanning and enumeration, and show how an adversary could hack into your systems.
Sophisticated cyber actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services
This is an open platform where you can find materials for your cybersecurity training which are freely available under open-source licenses. Every instructor can use this material and can update it and a new instructor can pick up where a previous one left off.
No matter your experience level in tech, the Cybersecurity Bootcamp at Fullstack Academy will work with your unique educational and career goals. Fullstack Academy Cyber grads are prepared for a variety of cybersecurity roles.
It’s a platform where you can develop cybersecurity skills for your IT team. It’s a platform where you can get hacking experience from beginner to expert level. Education institutions also make use of content you can find on this platform to help their students close the gap between theory and practical
Bugcrowd is designed to innovate and secure the reputation of every business and protect its customers against cyberattacks. It is one of the largest companies specializing in bug bounty programs and vulnerability disclosure.
It has become imperative for every organization to become aware of all risks inherent in the evolving cyber landscape. This course provides a comprehensive understanding of how to identify and mitigate vulnerabilities within an organization’s networks, systems, and data.
This course is geared toward a prospective cybersecurity professional or members of the general public. The SANS Institute hopes that by offering courses like this for free, people will be better educated on cybersecurity, and it will ultimately “help strengthen the security of our nation.”
The Federal Virtual Training Environment (FedVTE) is a valuable resource center for US Government staff who need cybersecurity training. It contains over 500 hours of cybersecurity training in different domains.
Unlimited access to hundreds of cybersecurity courses including ethical hacking, penetration testing, and much more. Beginner-friendly and great value for money.
This is a platform where you can find comprehensive, handson, and technically challenging cybersecurity courses online. It also contains fundamentals courses that a beginner can take and gradually move to more advanced courses.
With Lisa Mulligan
Welcome to A Dog Called diversity. A podcast exploring the themes of diversity, equity and inclusion through sharing stories of personal and powerful lived experiences. Diversity and Inclusion Leader Lisa Mulligan, speaks with fascinating people and uncovers unique experiences with the purpose of building a more inclusive, accepting and kind world.
With Kai and Simeon
We’re a podcast and consultancy created to foster Diverse Representation, Equity, and Belonging in Creative Industries. Our mission is to take a critical look at current issues marginalized groups experience as employees and consumers, then provide actionable solutions.
With Mona Bitar
The EY Strong When We Belong podcast series explores how diversity, equity, and inclusion (DE&I) can create a better and more inclusive workplace, drawing on individuals' stories and lived experiences. The series includes EY people and guests from UK businesses, charities, and boards.
With Caroline O'Donoghue
Irish presenter Caroline O'Donoghue’s podcast offers an impassioned defence of femaletargeted and made culture that’s typically dismissed as lightweight by both society at large and those charged with marketing it.
With Women Speak Cyber
Gender diversity in the cyber security industry isn’t a new problem; but it still remains a relatively unaddressed problem, which only further aids the vicious cycle that is inequality.
With Jessica Hyde
A DFIR expert shares her journey from retail management to the Marines to a successful career in forensics.
With Rebecca Carroll
Writer, podcast host, producer, and editor Rebecca Carroll’s new podcast focuses on how race is inextricably linked to issues such as healthcare, jobs, climate change, and the media.
With Rosario Dawson and Retta
Hosted by Rosario Dawson and comedian Retta, And Nothing Less is a new podcast honoring the centennial anniversary of women’s right to vote.
With Diane von Furstenberg
InCharge with DVF is Diane von Furstenberg’s newly-launched debut podcast series. Expect candid interviews with inspiring women (Elaine Welteroth, Priyanka Chopra-Jonas, and Karlie Kloss are part of the impressive lineup) that focus on the trials and tribulations of their accomplished lives and career.
With Cheryl Strayed
Strayed will be lighting up these perilous times as she calls up some of the world’s most prolific writers (such as Margaret Atwood and Judy Blume) for wisdom, insight, and inspiration.
With Andrea Minkow and Amy Jin
From examining female founders’ often inhibiting need to be liked, to explaining how to fundraise in a time of financial crisis, each episode tells you everything you need to know about “starting, scaling, and raising money for a business.”
With Scottie Beam and Sylvia Obell
If episode two’s interview with Nadia Hallgren (director of the Michelle Obama-documentary Becoming) is any indication of what’s to come, this new podcast is definitely worthy of your time.
With Amy C
Living Corporate centers and amplifies Black and brown voices at work through facilitating authentic dialogues with executives, entrepreneurs, activists, authors. influencers, elected officials and more.
With Alicia Garza
Lady Don’t Take No is a podcast created by Alicia Garza for people who like their political commentary with a side of beauty recommendations.
With Tonya Mosley
The Emmy award-winning radio journalist explores what it means to live and thrive as a person of color in our society. It offers guidance on “how you can be you in a world that doesn’t always want you to be,” and tackles some of the most pressing issues people of color face, making it an educational must-listen for all.
FULL TIME TEXAS
At Lockheed Martin Aeronautics, we're taking innovation to the next level. From designing the most advanced air vehicle to designing aircraft that defies gravity, our engineers live on the cutting edge of technology. But we are not just invested in aircraft; we are also invested in people. We know that our success is a combined effort, and we therefore strive to provide opportunities for employees to learn, grow, and thrive. Never have the opportunities for a technical career been so limitless.
APPLY HERE
CYBER SECURITY ANALYST | CAPGEMINI
FULL TIME ENGLAND
This is a critical role covering the Cyber Security of the client digital estate. Incumbents will be required to carry out Incident Response to analyse and manage cyber security events in defence of the clients core network. They will be responsible for ensuring clients networks and systems are maintained and monitored from a security perspective.
APPLY HERE
SENIOR ENGINEER | CANONICAL
FULL TIME DUBAI
Canonical delivers open source to the world across every class of compute. Canonical Ubuntu is the world's favourite Linux for cloud, desktop and IoT. Our engineering teams work on operating systems, programming languages, applications, devices, infrastructure and services. We work in Golang, Python, C, C++, and Rust for system services, and use React and Flutter on the front end.
SENIOR CYBERSECURITY ENGINEER | GENERAL DYNAMICS MISSION SYSTEMS
FULL TIME PITTSBURGH, PA
Experience with applying NIST Risk Management Framework. Experience with specific RMF overlays Strong knowledge of cyber security technology and trends Recognizes and incorporates various security designs and lessons learned. Effective in communicating issues, impacts, and corrective actions as they affect the cyber design and implementation.
APPLY HERE
FULL TIME DUBAI
Bachelor's degree or equivalent practical experience.Candidates will typically have 7 years of experience in an investigative role involved in the production of threat intelligence for decisionmakers/customers and involved in direct customer support. Experience in an operational role involved in the research and writing of threat intelligence products for decision-makers/customers.
APPLY HERE
FULL TIME WASHINGTON, DC
TikTok is the leading destination for short-form mobile video. Our mission is to inspire creativity and bring joy. U.S. Data Security (“USDS”) is a subsidiary of TikTok in the U.S. This new, security-first division was created to bring heightened focus and governance to our data protection policies and content assurance protocols to keep U.S. users safe.
APPLY HERE
FULL TIME FRANCE
Pluxee is a Global Leader in Employee Benefits and Rewards services present in 31 countries. Our Vision is to “bring to life a personalized employee experience at work and beyond”. We have embarked on a significant digital transformation and growth program resulting in growing online presence and digital services. Consequently, the Security of our digital solutions has become a key focus for our activities.
CYBER SECURITY SPECIALIST | MIGGO SECURITY
FULL TIME ISRAEL
This is a full-time on-site role for a Cyber Security Specialist at Miggo Security. The Cyber Security Specialist will be responsible for conducting application security assessments, implementing cybersecurity measures, monitoring network security, and ensuring overall information security. The role will require collaboration with crossfunctional teams to identify potential vulnerabilities and develop strategies to mitigate risks.
APPLY HERE
FULL TIME INDIA
Primary role of IT Security Analyst II performing application administration and Active Directory. User provisioning and De-provisioning. User life-cycle management, performing certifications, Access Reviews and terminations, etc., Knowledge on group policies and types of accounts. Knowledge on Identity Access Management governance and provisioning tools like SailPoint, Active Directory and Service Now.
APPLY HERE
FULL TIME FRANCE
At Schneider Electric, we are undergoing a transformative journey by leveraging Artificial Intelligence & Automation technologies to empower users with Machine Learning and Cognitive computing, driving business value.Simultaneously, as the number of cybersecurity threats continues to grow, we recognize the importance of having a comprehensive cybersecurity approach across our solutions to safeguard our business and customers.
FULL TIME ISRAEL
As a Security Researcher, your primary focus will be on creating and researching anomaly and behavioral based threat models, dissecting attack techniques, and leading proactive threat hunting endeavors across a spectrum of domains, including cloud infrastructures (with a specialized emphasis on Office 365 and Azure), network security, proxies, firewalls, DNS, Active Directory, Azure Active Directory, and SharePoint, and product security.
APPLY HERE
FULL TIME NEW ZEALAND
One New Zealand are looking for two Security Architects to join our team! As a Security Architect you will take ownership of defining and implementing cross-domain security architectures, drive solution design and governance, and enhance cyber maturity across the organization.
SECURITY OPERATIONS ANALYST | WSP
FULL TIME NEW ZEALAND
As the premier design, engineering, and environmental consultancy in Aotearoa New Zealand, WSP exists to future-proof our cities and environment. Our 2,500 expert professionals in 35 offices across Aotearoa are united by the common purpose of creating positive, longlasting impacts on the communities we serve.
APPLY HERE
CLOUD SECURITY RESEARCHER | VWV GROUP SA
FULL TIME ISRAEL
At Varonis, we see the world of cybersecurity differently. Instead of chasing threats, we believe that the most practical approach is to protect data from the inside out. We’ve building the industry’s first fully autonomous data security platform to help our customers dramatically reduce risk with minimal human effort.
APPLY HERE
SECURITY ANALYST (PHYSICAL SECURITY) | ASOS
FULL TIME ENGLAND
You’ll be supporting our Physical Security Department, in the protection of our ASOSers, our properties and our assets. You’ll support both office and field-based teams, ensuring we minimise risk and reduce loss across our offices and supply chain.
APPLY HERE
CYBER SECURITY MANAGER | HR WAYS - HIRING TECH TALENT
FULL TIME PAKISTAN
The Cyber Security Senior Manager will play a critical role in safeguarding our company's digital assets, customer data, and information systems. This position demands a highly skilled and experienced professional capable of developing and implementing advanced cybersecurity strategies and managing security initiatives.
APPLY HERE
Author // Brene Brown
It is not the critic who counts; not the man who points out how the strong man stumbles, or where the doer of deeds could have done them better. The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood; who strives valiantly.
Author // Maya Angelou
Here is a book as joyous and painful, as mysterious and memorable, as childhood itself. I Know Why the Caged Bird Sings captures the longing of lonely children, the brute insult of bigotry, and the wonder of words that can make the world right. Maya Angelou's debut memoir is a modern American classic beloved worldwide.
Author // Virginia Woolf
A Room of One's Own is an extended essay by Virginia Woolf. First published on 24 October 1929, the essay was based on a series of lectures she delivered at Newnham College and Girton College.
Author // Ellen Pao
In 2015, Ellen K. Pao sued a powerhouse Silicon Valley venture capital firm, calling out workplace discrimination and retaliation against women and other underrepresented groups. Her suit rocked the tech world—and exposed its toxic culture and its homogeneity.
BUY THE BOOK
Author // Emily Chang
This book elucidates how the bro culture of Silicon Valley evolved, recounts firsthand experiences of women subjected to biases, and provides insights on how to instigate positive changes in the industry.
Authors // Kathryn Jacob, Sue Unerman and Mark Edwards
One in four US workers feels they do not belong at work. Structural racism, the patriarchy of the boardroom, pay disparities are just a few of the obstacles in our workplaces that systematically alienate and repress employees of color, women, LGBTQ workers, and employees with disabilities.
Author // Magdalena Yesil
"Power Up" is a testament to the resilience, ambition, and prowess of women in the digital age. Magdalena Yesil, a pioneering Silicon Valley investor, shares her insights and offers a roadmap for women to thrive in the evolving economic landscape.
Author // Jenny Blake
"Pivot" addresses the essential art of reinventing oneself in an ever-evolving professional landscape. Drawing on her experiences, Jenny Blake presents a methodical approach to navigating and thriving during significant career transitions.
Author //Cheryl Strayed
A powerful, blazingly honest memoir: the story of an eleven-hundred-mile solo hike that broke down a young woman reeling from catastrophe–and built her back up again.
Author // Naomi Alderman
The electric new novel from the Women’s Prize-winning, bestselling author of The Power.
Author // Sophia Amoruso
#GIRLBOSS proves that being successful isn't about where you went to college or how popular you were in high school. It's about trusting your instincts and following your gut; knowing which rules to follow and which to break; when to button up and when to let your freak flag fly.
Author // Chimamanda Ngozi Adichie
In this personal, eloquently-argued essay--adapted from the much-admired TEDx talk of the same name--Chimamanda Ngozi Adichie offers readers a unique definition of feminism for the twenty-first century.
Author // Elissa Shevinsky
Lean Out offers a counter-narrative to mainstream tech discourse, diving deep into the intricacies of gender inequality. Shevinsky collates voices from the trenches, painting an unfiltered picture of tech's culture.
THE BOOK
Authors // Thomas J. Parenty and Jack J. Domet
Cybersecurity threats are on the rise. As a leader, you need to be prepared to keep your organization safe.
Companies are investing an unprecedented amount of money to keep their data and assets safe, yet cyberattacks are on the rise--and the problem is worsening. No amount of technology, resources, or policies will reverse this trend. Only sound governance, originating with the board, can turn the tide.
BUY THE BOOK
Author // Jean Axelrad Cahan
The contributors argue that while conflicts over transboundary water systems in the Middle East do occur, they tend not to be violent nor have they ever been the primary cause of a war in this region. The authors place water disputes in larger political, historical and scientific contexts and discuss how the humanities and social sciences could contribute more towards this understanding.
BUY THE BOOK
Editors // Amrita Chhachhi, Thanh-Dam Truong, Saskia Wieringa
This book presents a variety of feminist perspectives on human security under globalisation. Looking at gender as a multifaceted power domain, and human security as a policy framework, it explores the configuration of the state, power/knowledge systems and the implications for people living with deprivation and social exclusion.
BUY THE BOOK
Author // Claire Winslow
What does the rainbow mean to you? Learn the meanings behind the colours of the pride flag! Shaped pages reveal each colour of the rainbow as you read, in this sweet book about love, diversity, and self-esteem that is accessible to the youngest readers.
Author // Jon Roberts
In this gently-told but immensely informative new diverse and inclusive picture book Jon Roberts tells the stories of a number of children with a variety of disabilities inspired by the real-life experiences of his daughter, Kya who is on the autistic spectrum, and some of her friends.
Authors // Sihle Nontshokweni and Mathabo Tlali
A beautiful story about self-image, culture and confidence. Wanda is a young South African girl who struggles with how her classmates treat her because of her hair. Her mother tells her that her hair is beautiful but her schoolteacher makes her tie it up ‘neat and clean’. Discover how Wanda builds her confidence with the help of her supportive family.
Author // Ibtihaj Muhammad
It’s the first day of school and it’s Asiya’s first day wearing her beautiful blue hijab –a headscarf worn by Muslim women. Unfortunately, some of the children are cruel and it’s a challenging day for Asiya, but she finds the strength to overcome. This story has a great message about dealing with intolerance and having pride in who you are.
Author // Jessica Love
Julian's imagination goes wild after he sees three fabulously dressed women on the subway. He can’t wait to try looking fabulous and sparkly just like a mermaid. But what will his grandmother say about it? This book is beautifully illustrated and pulls you into Julian’s story and the world around him. It's a way to open up the subject of gender norms and challenging expectations and a delightful read from start to finish.
Author // Karen Owen
Join the SPUD team – the Super Perceptive Undercover Detectives – with Callie and her best friend Grace. They need to solve the mystery of the missing items, but Callie also needs to get used to her new hearing aids that make everything so much louder! Callie soon discovers that the hearing aids also give her the special ability to communicate with Bo the bird.
Author // Reshma Saujani
Girls Who Code provides an invigorating entryway for young girls into coding. Reshma Saujani emphasizes the importance of closing the gender gap in technology and encourages girls to harness the power of coding to make a difference.
Author // Jennifer L. Eberhardt
How do we talk about bias? How do we address racial disparities and inequities? What role do our institutions play in creating, maintaining, and magnifying those inequities? What role do we play? With a perspective that is at once scientific, investigative, and informed by personal experience, Dr. Jennifer Eberhardt offers us the language and courage we need to face one of the biggest and most troubling issues of our time. She exposes racial bias at all levels of society—in our neighborhoods, schools, workplaces, and criminal justice system.
Authors // Porter Elisabeth & Mundku
What is being done in conflict-affected countries to advance women's participation in peace processes and decision-making? In Peace and Security- Implications for women the authors combine a broad overview with specific local knowledge to examine the implementation of UN Security Council Resolution 1325, 'Women, Peace and Security.