PROMINENT WOMEN PROTECTING OUR NATION P56
WOMEN DEFENDING OUR TOMORROW P74
BREAKING BARRIERS: WOMEN LEADING THE CHARGE CRAFTING SECURITY POLICIES P82 PROTECTING THE PROTECTORS: DO SECURITY GUARDS NEED WEAPONS AND MORE PPE?
P94
Welcome to Issue 21 of the Women in Security magazine! This edition is particularly special as we explore the theme "Guardians of Tomorrow," focusing on the incredible women who are dedicated to safeguarding our nation.
A guardian is defined as a person who guards, protects, or preserves. Synonyms include defender and protector. While the word "guardian" may hold different meanings for many, in this issue, we highlight women who are safeguarding nations.
In a world where security threats are evolving and multiplying rapidly, the role of women in safeguarding our nations has never been more critical. This edition celebrates and highlights the incredible contributions of women who are the true guardians of tomorrow.
Women have long been the unsung heroes of national security, working tirelessly behind the scenes to protect our future. In this issue, we delve into the stories of remarkable women who are at the forefront of defence and security. From cybersecurity experts to military strategists, these women are breaking barriers and making significant impacts in their fields. Their dedication, resilience, and innovative approaches are paving the way for a safer and more secure world.
You'll find inspiring individual journeys of women who have made significant contributions to the security landscape. We also provide industry perspectives, shedding light on current challenges and future opportunities within the field. Our Students in Security Spotlight section highlights the achievements and
innovative practices of the next generation of security professionals. Additionally, our regular columnists continue to offer their expert insights and thoughtprovoking commentary.
When I think of my “Guardians of the Galaxy” list, those who match the "Guardians of Tomorrow" theme and inspire me in national security, I think of individuals working tirelessly behind the scenes to secure our future. In Australia, we're fortunate to have industry legends like Claire O'Neil, Stephanie Crowe, Lynwen Connick, Maria Milosavljevic, Mandy Turner, Jacqui Loustau, Narelle Devine, Maryam Bechtel, Rachel Noble, Abigail Bradshaw, Catherine Burn, Jessica Hunter, Sara Goldsworthy, Bec Shrimpton, and Kylie Watson.
Beyond our shores, the list expands to include global luminaries such as Celeste Wallander, Jen Easterly, Keren Elazari, Dr. Alissa Abdullah, Chani Simms, Wendy Thomas, Lori Lipkin, Bonnie Butlin, Jane Frankland, Tanya Janca, Major General Lorna M. Mahlock, Kirsten Davies, Lynn Dohm, Katie Moussouris, Confidence Staveley, Lauren Knausenberger, Mei Leng Tham, Grace Park, Theresa Payton, Lindy Cameron, Colleen Rose, Joyce Corell, Nancy Norton, Mel Migrinio, and Gina Haspel.
"Women have long been the unsung heroes of national security, working tirelessly behind the scenes to protect our future."
From Japan's Tomomi Inada and Renho Murata to India's Punita Arora and China's General Zhang Haiyang, and from Europe's Air Marshal Sue Gray, Ursula von der Leyen, Florence Parly, Elisabetta Trenta, Kajsa Ollongren, Ine Eriksen Søreide, to Brigadier General Ingrid Gjerde of Norway, these women have made significant contributions, demonstrating leadership and dedication in cybersecurity and military protective security strategies. They have played crucial roles in shaping defense and military strategies, contributing to both national and international security efforts.
I know the list goes on far and wide, but in this issue, I have listed 37 of them for you to view. Enjoy the issue!
Abigail Swabey
PUBLISHER, and CEO of Source2Create
www.linkedin.com/in/abigail-swabey-95145312
aby@source2create.com.au
by Abigail Swabey
The landscape of national security is increasingly shaped by the strategic and technical expertise of women who lead efforts in both cybersecurity and military protective security. These remarkable leaders are not only protecting our nations from contemporary threats but also shaping the future of security and defence.
WOMEN IN CYBERSECURITY
Breaking Barriers
The cybersecurity sector has traditionally been maledominated, but women are steadily breaking through these barriers. Female professionals are making their mark as ethical hackers, cybersecurity analysts, and leaders in cybersecurity firms. Their involvement is crucial as diverse teams are better equipped to tackle the multifaceted challenges posed by cyber threats.
Unique Perspectives
Women bring unique perspectives and approaches to cybersecurity. Their problem-solving skills,
attention to detail, and often collaborative working style contribute to more effective threat detection and response strategies. Additionally, women in cybersecurity are driving the conversation around ethical hacking and responsible disclosure, ensuring that cybersecurity practices evolve alongside emerging threats.
WOMEN IN THE MILITARY
Breaking Stereotypes
The military has seen a significant increase in female participation over the past few decades. Women now serve in various capacities, from combat roles
to strategic leadership positions. This shift not only challenges traditional gender norms but also enriches military operations with diverse viewpoints and skills.
Women like General Ann E. Dunwoody, the first female four-star general in the U.S. Army, and Air Marshal Padmavathy Bandopadhyay, the first woman Air Marshal of the Indian Air Force, have paved the way for future generations of women in the military. Their leadership and service have demonstrated that women can excel in the highest echelons of military command.
Women in the military contribute a wide range of skills that are crucial for modern warfare. Their involvement in intelligence, logistics, medical services, and technology integration ensures that military operations are well-rounded and effective. Moreover, women often bring a collaborative and inclusive approach to leadership, fostering unity and cohesion within military units.
The integration of cybersecurity and military defence is increasingly important in the digital age. Women who bridge these fields play a crucial role in developing strategies that protect national security from both physical and cyber threats. Their ability to navigate both realms ensures a comprehensive approach to defence.
Women are also leading the way in training and educating the next generation of cybersecurity and military professionals. Through academic roles, mentorship programs, and advocacy, they are ensuring that more women enter and thrive in these fields. This, in turn, strengthens the overall capabilities of our national defence.
Here’s an exploration of some of these influential women and their contributions.
Assistant Secretary of Defense for International Security Affairs Celeste Wallander is an esteemed expert on European and Eurasian security issues, particularly focusing on Russian foreign and defence strategies. She has authored over 80 publications and holds a Ph.D., M.Phil., and M.A. from Yale University. Wallander’s extensive knowledge and strategic insights play a critical role in shaping U.S. defence policies and international security affairs.
Acting Deputy Under Secretary of Defense for Policy Cara Abercrombie serves as the Assistant Secretary of Defense for Acquisition, advising on matters related to the DoD Acquisition System. Her strategic oversight encompasses a wide range of areas including space, intelligence, tactical warfare, and command and control systems. Abercrombie’s leadership ensures the effective management and advancement of defence acquisition programs.
Deputy Assistant Secretary of Defense for Cyber Policy Mieke Eoyang brings her rich experience from Capitol Hill to her role in shaping U.S. cyber policy. Previously, she served as VP for the National Security Program at Third Way and as Chief of Staff to Representative Anna Eshoo. Eoyang’s focus on the politics of national security and cybersecurity enforcement significantly influences the development and implementation of robust cyber defence strategies.
MILANCY D. HARRIS (US)
Acting Under Secretary of Defense for Intelligence & Security As the Deputy Assistant Secretary of Defense for Special Operations and Combating Terrorism, Milancy Harris is responsible for guiding policies and overseeing their implementation to counter terrorism and manage special operations. Her strategic acumen is vital in addressing emerging security threats and ensuring national safety.
Founder and Executive Director, CyberSafe Foundation Confidence Staveley is a prominent cybersecurity leader and advocate for digital inclusion in Africa. Her initiatives through the CyberSafe Foundation aim to enhance cybersecurity awareness and capabilities across the continent.
REBECCA HERSMAN (US)
Director, Defense Threat Reduction Agency Rebecca Hersman leads the Defense Threat Reduction Agency, overseeing efforts to counter and deter the use of weapons of mass destruction. With a team of over 2,200 experts, Hersman ensures the development and execution of strategies to mitigate emerging threats, contributing to global security.
EASTERLY (US)
Director of Cyber and Infrastructure Security Agency (CISA) Jen Easterly heads CISA, focusing on reducing risks to the cyber and physical infrastructure essential to everyday life. With a background in public service and experience at Morgan Stanley, Easterly’s leadership is pivotal in enhancing the resilience of critical infrastructure against cyber threats.
DENEEN DEFIORE (US)
VP and CISO at United Airlines
Deneen DeFiore leverages over 20 years of experience in technology and cybersecurity to protect United Airlines’ information assets. Her previous roles at GE Aviation and collaboration with the U.S. Department of Defense underscore her expertise in building robust cybersecurity capabilities.
KEREN ELAZARI (ISRAEL)
Security Analyst and Researcher, Tel Aviv University Keren Elazari is a globally recognized security analyst and researcher. Her influential TED talk on cybersecurity has educated millions, and her work at Tel Aviv University and various cybersecurity initiatives highlights her commitment to enhancing global cyber resilience.
CHANI SIMMS (UK)
Managing Director and Co-Founder, Meta Defence Labs Ltd Chani Simms, a seasoned CISO and cybersecurity consultant, specialises in helping organisations implement and manage information security and data protection programs. Her expertise is instrumental in strengthening cybersecurity frameworks across various sectors.
DR. ALISSA ABDULLAH (US)
Senior VP and Deputy Chief Security Officer at Mastercard Dr. Alissa Abdullah, known as Dr. Jay, leads the Emerging Corporate Security Solutions team at Mastercard. Her efforts in protecting information assets and advancing security innovations are critical in safeguarding the financial sector’s infrastructure.
KIRSTEN DAVIES (US)
CISO at Unilever Kirsten Davies brings her extensive experience in leading security functions at major corporations to her role at Unilever. Her leadership in designing and implementing converged security strategies ensures the protection of the company’s global operations.
WENDY THOMAS (US)
CEO, Secureworks As CEO of Secureworks, Wendy Thomas leads efforts to secure human progress through innovative security solutions. Her strategic vision and leadership drive the development of advanced cybersecurity measures.
BONNIE BUTLIN (CANADA)
LYNN DOHM (US)
Executive Director, Women in Cybersecurity Lynn Dohm leads efforts to bridge the gender gap in the cybersecurity workforce. Her dedication to education and advocacy promotes diversity and inclusion in the field, essential for addressing complex security challenges.
Advisory Board Member at Canadian Institute for Cybersecurity Bonnie Butlin, co-founder of the Security Partners’ Forum, leads initiatives to connect security professionals worldwide. Her work with WISECRA and the Canadian Cybersecurity Alliance emphasises the importance of global collaboration in cybersecurity.
TANYA JANCA (CANADA)
Founder, Security Trainer and Coach of SheHacksPurple Tanya Janca, also known as SheHacksPurple, is a cybersecurity educator and author. Through her platform, she educates individuals and organisations on secure software development, fostering a culture of cybersecurity awareness.
MAJOR GENERAL LORNA M. MAHLOCK (US)
LAUREN KNAUSENBERGER (US)
Chief Information Officer, United States Air Force Lauren Knausenberger oversees the Air Force’s IT and cybersecurity operations. Her leadership ensures the integration and security of air, space, and terrestrial assets, critical for national defence.
KAMELIA ARYAFAR (US)
Director of Engineering, Cloud
Artificial Intelligence, Google Dr. Kamelia Aryafar leads AI and ML teams at Google Cloud, focusing on solving largescale search and recommendation challenges. Her expertise in AI and engineering drives advancements in secure and intelligent technology solutions.
MEI LENG THAM (SINGAPORE)
Command of the Cyber National Mission Force (CNMF) Major General Lorna M. Mahlock is a trailblazer in military cybersecurity. As deputy director of cybersecurity for combat support at the NSA, she plays a crucial role in safeguarding critical infrastructure and national security.
Ministry Chief Information Security Officer, Ministry of Sustainability and the Environment, Singapore Tham Mei Leng is the Ministry Chief Information Security Officer (MCISO) in the Ministry of Sustainability and the Environment (MSE). Her role involves providing cybersecurity leadership to the Agency CISOs in MSE HQ and the agencies in the MSE family (namely PUB, NEA, and SFA) in charting the development of cyber and data security goals, strategies, and action plans.
THE HON CLARE O’NEIL MP (AU)
Minister for Home Affairs and Minister for Cyber Security, Australia Clare has a special interest in economics, Indigenous Australia, and the welfare of children. She was elected to Federal Parliament in 2013, representing the electorate of Hotham in Melbourne’s South East. Hotham is one of the most diverse electorates in Australia, with 35% of residents born overseas. Clare’s political career includes roles as Shadow Minister for Justice, Shadow Minister for Financial Services, Shadow Minister for Innovation, Technology and the Future of Work, and Shadow Minister for Senior Australians and Aged Care Services. In 2022, she was appointed the Minister for Home Affairs and Minister for Cyber Security, becoming a Cabinet member.
RACHEL NOBLE PSM (AU)
INDRA JOSHI (UK)
Former Director of the NHS AI Lab
Dr. Indra Joshi has a portfolio of experience spanning data/AI strategy, digital health, and health equity. She created the NHS AI Lab, which led to the development and deployment of over 80 AI technologies into UK health and care. She is also a Founding Member and Clinical Director of One HealthTech.
ROSE (UK)
CISO at Barclays UK Colleen Rose has worked at Barclays since 2018, and she is currently the CISO of Barclays’ UK arm. Prior to Barclays, she spent 14 years at Unilever in various senior roles encompassing security and IT.
Director-General, Australian Cyber Security Centre Rachel Noble leads the ASD and is responsible to the Minister for Defence. She has served in various roles within the Department of Defence, Department of Immigration and Border Protection, and the Department of Prime Minister and Cabinet, contributing significantly to Australia’s national security.
ABIGAIL BRADSHAW CSC (AU)
Head, Australian Cyber Security Centre Abigail Bradshaw is responsible for leading the Australian Government’s efforts to improve cyber security. She has held key National Security Operations roles and has a background in the Royal Australian Navy, where she was awarded the Conspicuous Service Cross in 2005.
LINDY CAMERON (UK)
British High Commissioner to India
WAKEFIELD (UK)
Co-director of the Cybersecurity and Criminology Centre, University of West London Alison Wakefield is the chair of the Security Institute and professor of criminology and security studies. She has written several award-winning papers and books on security and crime.
Deputy-Director General - Capability and Corporate Management of the Australian Secret Intelligence Service Catherine Burn was appointed Deputy-Director General Capability & Corporate Management in April 2018. She has a distinguished career with the New South Wales Police Force and has been awarded numerous accolades, including the Australian Police Medal.
Lindy Cameron CB OBE was appointed British High Commissioner to the Republic of India in April 2024. Previously, she was the CEO of the UK’s National Cyber Security Centre (2020-2024), with a background in international development, national security policy, and crisis management.
NANCY NORTON (US)
Retired Vice Admiral, US Navy, former Director of Defense Information Systems Agency Vice Adm. Nancy A. Norton managed a global network and led more than 8,000 personnel in her role at the Defense Information Systems Agency. She has extensive experience in command and control capabilities and defending enterprise infrastructure.
Former Director of the Central Intelligence Agency (CIA) Gina Haspel was the first woman to serve as Director of the CIA (2018-2021). She managed a global intelligence network and has been awarded several prestigious medals, including the Distinguished Career Intelligence Medal and the Legion of Honor (France).
AIR MARSHAL DAME SUE GRAY (UK)
Deputy Commander of RAF’s Operations Air Marshal Dame Sue Gray is the highest-ranking woman in the Royal Air Force. She has led the Defence Safety Authority and supported UK military deployments worldwide.
ANNEGRET KRAMPKARRENBAUER (GERMANY)
Former Minister of Defence Annegret Kramp-Karrenbauer has had a significant influence on German military policies and NATO affairs. She has held various political posts, including Minister President of the Saarland and Minister of Defense from 2019 to 2021.
KAJSA OLLONGREN (NETHERLANDS)
Minister of Defence Kajsa Ollongren is a key figure in shaping Dutch defence strategy and international military cooperation.
INE ERIKSEN SØREIDE (NORWAY)
Former Minister of Defence Ine Eriksen Søreide has been influential in Norwegian defence policy and NATO affairs.
BRIGADIER GENERAL INGRID GJERDE (NORWAY)
Senior Military Officer in the Norwegian Armed Forces Brigadier General Ingrid Gjerde is known for her role in international military operations. She has led Norway’s contingent in Afghanistan and commanded the Norwegian King’s Battalion.
LYNWEN CONNICK (AU)
Former CISO of ANZ An executive leader with extensive experience in all aspects of information security and cyber security. Former Group Chief Information Security Officer (CISO) at Australia and New Zealand Banking group for 6.5 years. Led Australia's cyber security review and development of Australia's 2016 National Cyber Security Strategy. Experience in offensive and defensive cyber operations. Significant experience at the Australian Signals Directorate(ASD) including as a Deputy Director of the agency and 6 years running ASD's Cyber Security mission. Previous Chief Information Security Officer for the Department of Defence and CIO for intelligence agencies. Science degree (computer science major) from Melbourne University.
DR MARIA MILOSAVLJEVIC (AU)
CISO of ANZ Newly appointed Dr Milosavljevic joined ANZ from the Australian Government where she was the inaugural Chief Data Integration Officer at the Department of Defence, building data and AI capabilities. Prior to this Dr Milosavljevic was the CISO and Chief Data Officer at Services Australia, and the inaugural Government CISO at the New South Wales Government, where she established a new whole-of-government function responsible for cyber security.
The contributions of women in cybersecurity and military defence are indispensable. Their leadership, expertise, and unique perspectives enhance the effectiveness and resilience of national security measures. As we move forward, it is essential to continue supporting and empowering women in these fields, recognizing that their involvement is not just beneficial but crucial for safeguarding our nations. Women, with their exceptional skills and dedication, are indeed pivotal in ensuring the safety and stability of our world.
Cybercrime is big business, thanks to technical advancement and interconnectivity creating more opportunities. This regular column will explore various aspects of cybercrime in an easy-to-understand manner to help everyone become more cyber safe.
When we think of efforts to ensure the safety and security of nations, and when we think of security, law enforcement or military personnel as guardians of tomorrow, we may not realise that, as part of these efforts, nations sponsor what could be considered criminal activity.
Think of the Russia/Ukraine conflict, where the Ukrainian government’s military intelligence proudly posts on its public website about how it has successfully compromised Russian systems and stolen sensitive military information from Russian databases. Think of how threat actors acting on behalf of Russia (or that are part of the Russian military intelligence) impeded communications traffic prior to invading Ukraine.
Think also about how the servers or websites of large-scale cybercrime businesses get taken down or taken over by law enforcement. Do you think law enforcement asked nicely to have access to those sites? How do you think the campaign by law enforcement in the Five Eyes countries to infiltrate and then take control of one of the LockBit leak sites occurred?
LockBit would not have happily handed over its credentials to the UK National Crime Agency (NCA). However, the NCA was part of an international disruption campaign targeting LockBit. NCA states on its website that it took over the primary administration environment of LockBit’s platform, and took its source code.
It's all about perception, whose side one is on. When the government of a country one lives in or is allied to uses cybercrime techniques to disrupt the activities of an enemy state, is it a good thing. If an enemy state uses cybercrime techniques against the country one lives in or is allied to, it is cybercrime. Take a moment to think about this.
The guardians of tomorrow are getting into a grey area: what is considered cybercrime is dependent on whose side you belong to. With guardians disrupting on behalf of their governments, the line between what is crime and what is not is becoming blurred. Quis custodiet ipsos custodes? (Who will guard the guards themselves?) This is getting murky.
www.linkedin.com/in/amandajane1
www.empressbat.com
GRC Analyst and Founder of CyberPatron Network
Adesola Oguntimehin, a GRC Analyst based in Lagos, Nigeria, shares her journey and insights into the world of cybersecurity. Her foray into the field began during a period of self-reflection, where she sought a career path that resonated with her experiences and aspirations. Having worked across diverse sectors, including Banking, she found herself drawn to the terms and skills within cybersecurity, particularly in Governance, Risk, and Compliance (GRC). This curiosity led her to delve deeper into the field, focusing on areas that aligned with her strengths and interests, such as GRC. Over time, her passion for cybersecurity intensified, driving her to share her knowledge and experiences with others through initiatives like CyberPatron, where she mentors enthusiasts and guides them on their cybersecurity journey.
Adesola offers valuable advice for professionals transitioning into cybersecurity from other backgrounds. She emphasises the importance of grasping the fundamentals of cybersecurity, developing a structured learning roadmap, and accessing relevant resources tailored to one’s
chosen specialisation. Engaging with communities of practice for mentorship and collaborative learning can significantly enhance the transition process, fostering meaningful interactions and knowledge sharing.
As a GRC Analyst, Adesola’s daily routine revolves around ensuring effective risk management and compliance within her organisation. She oversees risk management processes, collaborates with cross-functional teams to address emerging risks, and stays informed of industry trends and regulatory developments. Her role requires a strategic blend of risk management, compliance oversight, and collaborative engagement with stakeholders to uphold organisational integrity and resilience.
Adesola’s career path in cybersecurity evolved organically, guided by her interests and experiences. Initially, she gravitated towards roles within Governance, Risk, and Compliance (GRC), leveraging her prior knowledge and experiences in related areas. Her transition into cybersecurity was smooth, facilitated by a strong foundation and a passion for continuous learning and growth.
Looking ahead, Adesola identifies the proliferation of AI-powered technology as a significant threat in the cybersecurity landscape. AI-guided techniques enable more efficient cyber attacks, underscoring the need for enhanced cybersecurity awareness and proactive measures to mitigate evolving threats.
When contemplating job offers in cybersecurity, Adesola says it’s so important to consider factors beyond remuneration, such as career advancement opportunities, work environment, and employer support for work-life balance. Prioritising personal and professional growth ensures alignment with longterm career aspirations and values.
For aspiring cybersecurity professionals, Adesola recommends focusing on foundational areas such as computing, network security, and IT governance during university studies. Courses that offer handson technical skills development and supplementary knowledge in areas like encryption and penetration testing provide a strong foundation for success in cybersecurity careers.
Maintaining a balanced lifestyle, both personally and professionally is her core goal. Engaging in
mentorship activities, pursuing personal interests outside of work, and fostering a supportive work environment contribute to her overall well-being and job satisfaction.
In terms of professional development, Adesola plans to pursue certifications such as CISA, CISM, and CISSP to advance her expertise in GRC and position herself for leadership roles within the cybersecurity landscape.
Adesola’s journey exemplifies the passion, dedication, and continuous learning inherent in the cybersecurity profession. As she continues to make strides in her career, her insights serve as inspiration for aspiring cybersecurity professionals worldwide.
www.linkedin.com/in/adesola-oguntimehin
Tebogo Nong
Cyber Security Analyst
Tebogo started her journey into cybersecurity through an intriguing academic exploration. During her Master’s research in film archival management using Blockchain Technology, she discovered an interest in blockchain security. This curiosity gradually led her into the expansive world of cybersecurity.
Transitioning from a budding interest to a professional career, she has been strategically aligning herself with relevant courses and traineeships. A crucial step in her journey was participating in the Cybergirls fellowship, Africa’s largest female-focused cybersecurity training, mentorship, and placement program. This experience provided a solid foundation and set the stage for her burgeoning career in cybersecurity.
One of the most challenging aspects of her role has been understanding the importance of lifelong learning. “I have been keeping up with the latest trends and ensuring that I am always refining my skills,” Tebogo explains. She navigated moments of doubt by adopting a “bias for action,” a piece of
advice she received from Multi Award Cyber Security Leader Confidence Stavely. This proactive approach helped her overcome uncertainties and solidify her commitment to the field.
While she had clear career goals, she also allowed her path to unfold organically. Reflecting on her journey, she advises her high school self to join more tech communities and engage in tech-centered activities. For aspiring cybersecurity professionals, she emphasises the importance of foundational knowledge in networking, as it underpins all other areas in the field.
Looking ahead, she anticipates significant advancements in AI Security, Cloud Security, Blockchain Security, and Space Cybersecurity over the next two years. She views cyber threats in AI and Cloud as the most significant emerging threats due to the increasing adoption of these technologies by businesses.
When considering career advancements, she values opportunities for innovation and growth alongside remuneration. Understanding the substantial skills gap in cybersecurity across Africa has driven her to be diligent and determined in her professional endeavours. She highlights the CompTIA Security+ certification as essential for anyone starting a career in security.
When balancing her professional and personal life, she strives to be a good decision-maker. She has a personal trainer to keep her accountable, maintains a spiritual practice for peace, and enjoys the support of a community of friends with whom she shares interests in music, travel, and the arts.
To stay current and effective in her role, she relies on a mentor, engages with other cybersecurity practitioners on social media, and follows tech creators on YouTube, TikTok, and Instagram. Her current training involves monitoring network activity, analysing security breaches, and mentoring students. She finds tools like SIEM systems, and network analyzers, pivotal in enhancing her work.
She is actively involved in several industry organisations, which provide support, opportunities,
and a sense of community. Her work background is made up of a team of phenomenal women that play a significant role in addressing the cybersecurity skills gap among women. For those transitioning into cybersecurity from other professional backgrounds, her advice is to enjoy the journey, conduct thorough research, join cybersecurity communities, follow industry leaders, and never stop learning.
Tebogo Nong’s journey is a testament to the power of curiosity, continuous learning, and the importance of community and mentorship in shaping a successful career in cybersecurity.
www.linkedin.com/in/tebogo-nong-mfa-5abb7620a
Security Operations
After five months off work on maternity leave following the birth of my second child, I’ve been able to return to work following initially undertaking my normal duties on weekends. I found returning to work a few days a week was a good way to find my feet at work after half a year off. It also gave me the majority of my week at home to enjoy with my family. My ultimate goal is to have a perfect balance between work and my personal life.
I did not have any pressure from my employer to return to work, which was refreshing. They were very supportive of me returning to work when I felt ready. They were always available to set a return to work plan for myself that considered my career goals, and my managers were always making sure the team, including myself, put my family first.
I decided to return to work to have time to myself outside of parental and home duties. It’s very common to feel identity loss after having a baby and I was aware of this after I had my first child. I have always been a very routine based person. I go to work, go to the gym, study and come home. So, after
I had my second baby this year I returned to the gym after a few weeks because it is my favourite hobby and I decided to return to work after a few months because it is a part of who I am which allows me to keep in touch with my identity outside motherhood. It is really important to keep on top of one’s mental health, especially through the postpartum period. So, for my own mental health, going back to work was a part of keeping on top of my happiness. It’s common to experience parental guilt when returning to work but I did not experience this because I always remind myself: when you look after yourself you show up better for your kids.
Security is something I’m really passionate about, and the team I work with make me love going to work. I was also very fortunate to complete my certificate IV in training and assessment while on maternity leave, which has opened extra opportunities for me in the security field.
My manager in the security team at Crown Resorts, where I work, has been very supportive of my career goals and when I return to work my progression plan to re-enter security management will commence.
My husband is always my best support in every aspect and especially in terms of my career. He works around me and helps with our children so I can still pursue a career while being a mother. I feel really fortunate being able to be transparent with my management team about where I am in terms of my home life and where I plan to go with my career.
I am very eager to grow back into security management with a plan that allows me to work around my family. Becoming a mum lit a fire inside me that makes me want to work more to provide the best I can for my children. I want them to know they did not hold me back but pushed me forward and that I never gave up on my goals no matter how busy life became with two babies.
I also believe it’s very important to lead by example and show your children the importance of pursuing a career you love. I feel content knowing what I want to achieve with my career in a place that understands my family comes first. So, for anyone wanting to return to work after having a baby, my advice is to write a plan of your goals and find a place that understands you want to grow your career without compromising your values and priorities. For now, I’m finding my way back into the workforce while being open to a security management or trainer role becoming available to me.
www.linkedin.com/in/marina-azar-toailoa-66259511a
Cyber Security Governance, Risk, and Compliance Consultant in Perth, WA
Biljana’s interest in technology started early, back in her primary school days when she first accessed a computer running Windows 95. However, it wasn’t until she discovered cybersecurity as a distinct field that she saw a unique intersection between her legal career and technology. “The rapid changes in cybersecurity pose many legal challenges, so I saw a gap in the market for lawyers who understand and have thorough knowledge of cybersecurity,” Biljana explains.
Her transition from law to cybersecurity was marked by significant steps of commitment and learning. Despite having no technical IT background, she applied for a master’s degree in cybersecurity. “I had little confidence that my application would be successful, but I did it anyway just to see what would happen. Fast forward two years, and I graduated with top marks,” she shares. This academic achievement solidified her desire to pursue cybersecurity professionally. Biljana further strengthened her expertise with industry certifications, including Certified in Cybersecurity (CC) and various Microsoft cloud certifications. She also joined several industry bodies such as the Australian Information Security
Association (AISA), Australian Women in Security Network (AWSN), Women In Technology WA (WITWA), and Women in Cybersecurity (WiCyS). Additionally, she expanded her skills through coding courses with She Codes. “All of these helped to expand my knowledge, grow my professional network, and build a support network of like-minded women,” she notes.
Biljana’s decision to leave a successful career in commercial and property law was not without moments of doubt. “I had a great job with an amazing team at a top law firm. Things were great, but I felt that my heart wasn’t there anymore and that it was time to pursue what I loved,” she reflects. The support of her family was crucial during these times of uncertainty. “They know how much I love cybersecurity and fully support my career shift,” she says. Pursuing something she was passionate about gave her the extra drive to overcome any doubts.
When Biljana began her cybersecurity journey, she didn’t have a clear vision of specific roles. “Everything unfolded organically without specific goals in mind,” she admits. To her high school self and others aspiring to enter cybersecurity, she offers this advice: “Even though IT and cybersecurity have traditionally been male-dominated fields, there is room for women there too. Go ahead and study IT because it’s what you love. You don’t have to be technical to pursue a career in cyber – there are many fields of study such as law, criminology, and psychology that intersect with cybersecurity.”
Biljana anticipates that cybersecurity will become integral to everyday business processes, with all
"I had a great job with an amazing team at a top law firm. Things were great, but I felt that my heart wasn’t there anymore and that it was time to pursue what I loved. Pursuing cybersecurity was something that I was truly passionate about that gave me the extra drive to overcome any doubts I had about my career shift."
technology-related contracts including cybersecurity clauses (you would be surprised how many contracts currently don’t even mention cybersecurity!). She also expects software and application development companies to adopt security by design as a standard practice. “There are too many vendors on which I do risk assessments that do not include any security information about themselves or their software. This is something I expect to shift in the next two years with users becoming more conscious about cybersecurity,” she predicts.
For Biljana, professional development opportunities and flexibility are crucial factors when considering a career advancement. “A company that invests in their employees’ development indicates to me that they have the same values as me and will support my professional growth,” she says. Flexibility, particularly the ability to work from home, is another important factor. “Getting the work done to a high standard should be what matters, not the location.”
Biljana’s professional journey has been significantly influenced by the support networks she has built. She has been a member of AISA and AWSN since she first started studying cybersecurity. “I really like how AISA has monthly branch meetings with presentations on relevant cyber topics and networking opportunities. AWSN is an amazing community of
supportive women and male allies that has given me unparalleled opportunities,” she shares. Her involvement with AWSN has also helped her develop leadership skills and provided training opportunities at discounted rates.
Biljana is currently studying for the Certified Information Security Manager (CISM) certification, focusing on the information security governance and risk management domains. “I believe CISM is beneficial for someone in a role similar to mine in governance, risk, and compliance,” she says.
The most fulfilling aspect of her current role is the ability to use her transferable skills to fill gaps in her organisation. “Bringing value to the team and the organisation with my unique skill set has given me the most satisfaction. I am also very lucky to work with an amazing team of talented professionals,” she says.
Maintaining a work-life balance in a demanding field like cybersecurity requires strategic effort. Biljana stays current and effective by following top cybersecurity voices on LinkedIn, skimming through news sites like cyberdaily.au, and listening to podcasts such as West Coast Cyber Podcast and Darknet Diaries. She also regularly attends webinars run by Cyber Security Champions of Tomorrow.
“The discussions and insights shared during these sessions aren’t available on any other platform, so I always recommend them to all my friends,” she highlights.
For those considering transitioning into cybersecurity from other professional backgrounds, Biljana’s advice is straightforward: “Go for it, don’t be scared, and take that first step of signing up for that cybersecurity course you have been considering. People transitioning from other professional backgrounds bring a wealth of transferable skills that can be applied to cybersecurity. Making the transition can be daunting at first, but you won’t regret it once you are doing what you love.”
www.linkedin.com/in/biljana-roksandic
Governance, Risk, and Compliance (GRC) Analyst based in Lagos, Nigeria
Innocentia Anyanwu’s interest in cybersecurity was sparked during the COVID-19 pandemic when she stumbled upon a Facebook post by John Obidi about the Head Start Summit. This virtual event featured industry giants in cybersecurity, publishing, artificial intelligence, and leadership. It was here that she first encountered Confidence Staveley, Africa’s most celebrated female cybersecurity leader.
“I attended one of the sessions, and that was the first time I heard about Confidence Staveley. She was so passionate about cybersecurity, and I remember when she said that ‘Data is the new oil.’ That statement stuck with me. Because she spoke with so much grace that day, I had to search for her on Instagram. I remember sending her a message asking if I could volunteer for the ‘No Go Fall Maga’ group, an initiative used to share cybersecurity information in a relatable manner, and she immediately responded and gave me the go-ahead. That was the beginning of my cybersecurity journey.”
Today, Innocentia is a proud alumna of the CyberGirls 3.0 Fellowship cohort and is building her career as a GRC Analyst. Her interest in cybersecurity has
grown significantly, and she is now more focused on making an impact by protecting data and ensuring privacy. She is also working on creating awareness of cybersecurity best practices among locals in her community to strengthen their knowledge and protect their personal information.
Reflecting on the early stages of her career, Innocentia touches on the importance of overcoming imposter syndrome, especially when transitioning from a different field. “I am a licensed pharmacist passionate about securing the health data of patients to prevent their personal information from being stolen. When I discovered that cybersecurity could give me the required skills to do this, I became enthusiastic about this new field. It wasn’t long before imposter syndrome hit me during the early days of my career. I was scared of failure and not being good enough because I didn’t have any background in information security or computer science. I overcame this fear by focusing on what’s important, which is my ‘WHY’.”
In her current role, Innocentia faces challenges head-on, particularly the complexities of ensuring organisations comply with laws like HIPAA and mitigating risks. She remains dedicated to protecting health data from breach attempts and emphasises the importance of resilience and continuous learning. “Initially, I did not have a clear vision, but as time passed, I began to have a strong conviction to go into the GRC field to ensure that healthcare organisations
are compliant with the Health Insurance Portability and Accountability Act (HIPAA). The need to protect health information from threat actors grew, and I have continued to advance my career in this area.”
If Innocentia could offer advice to her high school self, she would emphasise the importance of resilience and self-belief. “I would advise my high school self to be resilient, open to learning, and keep believing in your abilities. I have always been a shy person and thought I was not capable of being a cybersecurity professional when I started off, but it got better with time and determination.”
She anticipates that AI and machine learning will play a significant role in cybersecurity. “In the future, I believe the implementation of tools using artificial intelligence and machine learning would be very beneficial. Cybercriminals are using deep fakes and AI to scam their victims, and the cybersecurity workforce needs to be armed with knowledge of these tools, how they can negatively impact the cybersecurity industry, and also innovate processes that can utilise artificial intelligence to protect victims.”
Innocentia identifies phishing attacks, insider threats, and social engineering as significant threats in the cybersecurity landscape over the next two years. “A lot of threat actors have been utilising AI and API
security vulnerabilities to attack large organisations and top-performing companies globally. This is becoming a trend now, and we as cybersecurity professionals need to do a lot of awareness to mitigate the risks involved.”
For those considering a career advancement in cybersecurity, Innocentia values continuous learning and career growth over remuneration alone. “A fat paycheck is great, but it is of no use if the organisation does not support me with opportunities to hone my skills and make me an asset to them.”
Mrs. Confidence Staveley remains Innocentia’s most substantial influence in her cybersecurity journey. “She was the first mentor I ever had as a cybersecurity professional and has opened doors to opportunities that I never thought I could possibly access. Her personality speaks volumes, and I have learned a lot about how to become a highly sought-after GRC analyst from her through her CyberGirls initiative.”
Innocentia plans to pursue certifications like CompTIA Security+ and ISC2 Certified in Governance, Risk, and Compliance to further her career. She also emphasises the importance of maintaining a work/ life balance to prevent burnout. “Setting deadlines for myself and beating them early is a great way to improve my productivity. I also engage in social events like ‘Capture the Flag’ to blow off steam while learning about the latest trends in cybersecurity.
"I am a licensed pharmacist passionate about securing the health data of patients to prevent their personal information from being stolen. When I discovered that cybersecurity could give me the required skills to do this, I became enthusiastic about this new field."
To stay current in her role, Innocentia subscribes to newsletters like The Hacker News and follows cybersecurity leaders on LinkedIn and Twitter. She also enrolls in courses on Udemy to learn new skills.
Innocentia’s journey in cybersecurity is a testament to resilience, continuous learning, and the power of mentorship. Her story is an inspiration to anyone looking to make a significant impact in the field of cybersecurity.
www.linkedin.com/in/innocentia-anyanwu
Cyber Risk-Tech Analyst at Deloitte Portugal
Ema Correia’s journey into the world of cybersecurity is a tale of unexpected twists and turns, relentless curiosity, and the power of seizing opportunities.
As a Cyber Risk-Tech Analyst at Deloitte Portugal, Ema’s path wasn’t always clear-cut, but her commitment to growth and exploration has propelled her into a thriving career in one of the most dynamic fields today.
Ema’s story begins with a childhood dream of pursuing law, fueled by her innate sense of justice and a desire to make a difference in the world. However, as she progressed through her academic journey, she found herself drawn to the intersection of law and technology. It was during her master’s program that Ema’s curiosity led her to explore a course in cybersecurity, and it was a revelation.Here was a field that bridged her legal expertise with an ever evolving landscape of digital threats and international policy. Reflecting on her initial interest in cybersecurity, Ema recalls how the field offered a unique opportunity to leverage her legal expertise in addressing evolving
challenges, particularly in international policy and digital threats. It was a perfect marriage of her passion for justice and her fascination with emerging technologies, and she knew she had found her calling.
But making the transition from law to cybersecurity wasn’t without its challenges. Ema knew she needed to equip herself with the necessary skills and knowledge to thrive in this new domain. So, she immersed herself in scientific literature, sought guidance from mentors, and pursued post-graduate courses focused on privacy and cybersecurity. Each step brought her closer to her goal, laying the foundation for her eventual transition into a full-time cybersecurity role.
What sets Ema’s journey apart is her willingness to embrace uncertainty and let her path unfold organically. She didn’t have a predefined roadmap; instead, she trusted in her ability to adapt and grow along the way. This openness to new experiences led her to immerse herself in projects that challenged her, broadening her skill set and deepening her understanding of cybersecurity.
“Success isn’t just about being naturally gifted. It’s 1% talent and 99% hard work.”
As Ema looks back on her early career, she realises that a huge part of that journey was shaped by mentorship forming her professional pathway. From a lead attorney who instilled a passion for continuous learning to a senior manager at Deloitte who recognised her potential in cybersecurity, the guidance and support of these mentors have been instrumental in her growth and development.
Looking ahead, Ema sees a cybersecurity landscape shaped by rapid technological advancements and evolving threats. From AI-driven attacks to the proliferation of zero trust frameworks, the challenges ahead are daunting. Yet, Ema remains undaunted. Armed with her insatiable curiosity and a commitment to continuous learning, she’s ready to tackle whatever comes her way.
In her current role at Deloitte Portugal, Ema finds fulfilment in collaboration and the opportunity to work with clients from diverse backgrounds. Each engagement presents new challenges and learning opportunities, driving her growth as a cybersecurity professional.
Balancing the demands of her career with her personal life is no small feat, but Ema has found a rhythm that works for her. Through effective time management and the flexibility of remote work, she’s able to pursue her passions outside the office, whether it’s spending time with loved ones or indulging her wanderlust.
As Ema looks to the future, she remains committed to staying current and effective in her role. Whether it’s through continuous learning, active engagement with professional networks, or fostering collaboration within her organisation, she’s determined to stay ahead of the curve in a field that never stands still.
For aspiring professionals looking to follow in her footsteps, Ema offers some sage advice: “Embrace the unknown, seek out mentors who inspire you, and never stop learning. It’s a recipe for success that has served her well on her journey from law to cybersecurity, and it’s a mindset that will continue to guide her as she navigates the ever-changing landscape of digital security”.
www.linkedin.com/in/emamcorreia
Cyber Security Analyst at the WA Department of the Premier and Cabinet in the Cyber Security UnitCapability and Uplift
Andra Cimpean’s pathway into cybersecurity is a unique story of diverse skills and unwavering dedication. Currently a Cyber Security Analyst at the WA Department of the Premier and Cabinet in the Cyber Security Unit - Capability and Uplift, her journey began in an unexpected place: the world of competitive chess.
As a teenager, Andra was a high-performance chess player, competing in prestigious tournaments like the Junior World Championships. She pursued a Bachelor’s degree in Psychology, aiming to enhance her chess performance through better profiling of adversaries and managing high-pressure situations. However, the pandemic prompted her to reassess her career trajectory. A skills assessment suggested she would excel in an investigative role, leading her to explore cybersecurity.
“As I read about cyber and completed some online CISCO courses, I felt it was a match made in heaven. I simply put on a different hat and started playing against actual enemies, or as we often refer to them, the ‘malicious actors’,” Andra recalls.
Her background in chess provided a solid foundation for her cybersecurity career, allowing her to leverage her problem-solving skills and strategic thinking. “I have witnessed countless people in cybersecurity who took unconventional pathways and successfully leveraged their transferable skills.”
Transitioning from identifying “weaknesses” on a chessboard to finding “vulnerabilities” within cyber environments, Andra’s journey has been one of continuous learning and adaptation. In 2021, she enrolled in a Master’s Degree in Cyber Security from Edith Cowan University. In the last semester of study, she was successful in landing a Work Integrated Learning Internship at DPC. “The internship provided me with invaluable hands-on experience, introducing me to the real world of cyber and quickly building my confidence in my own skills. I strongly encourage students to undertake work placements as they make a huge difference in your employability.”
Reflecting on her early days in the field, she notes, “Everything looks appetising at the beginning of your journey and most people take their sweet time figuring out what they like. It took me almost two years until I could visualise my dream role and career pathway.”
As she gained experience, Andra gravitated towards Security Architecture. “I started making proactive efforts to support my vision by consulting industry experts and requesting targeted training, such as the SABSA Chartered Security Architect – Foundation Certificate. I was confident in my decision, and my manager was very supportive.” Her proactive approach also led her to the Tangible Uplift Program, where she was among 50 women selected across Australia to train for the Certified Information Security Manager (CISM) exam.
Mentorship has played a crucial role in Andra’s professional development. “While I am grateful to all my colleagues and mentors, I am keen to mention Peter Gigengack’s contribution to my professional journey. I benefited from his continuous mentorship since I was an intern,” she shares. His support and trust enabled Andra to progress significantly, culminating in her managing six interns over four months. “Peter recently won the AWSN Mentor of the Year award, showing the impact he had not only on my journey but on countless other women in cybersecurity across Australia.”
When contemplating career advancement, Andra prioritises training and personal development over remuneration. “Coming from a highly competitive background, training was always the number one priority. Your expertise dictates your value as a specialist regardless of the field of work.” She advises discussing the training budget and flexibility around attending training during working hours when considering a new role. “Investment in training leads to better overall performance, and organisations need to acknowledge this to improve their retention rate.”
Andra finds immense satisfaction and fulfilment in her current role. “Working as a Cyber Security Analyst for Whole-of-Government across WA has offered me a key position which allowed me to experience a variety of environments. I get a strong sense of fulfilment from my work as I can see the direct impact it has on the WA community and the people around me.” Her role involves coordinating efforts, reporting, and assisting with engagements at all
"Everything looks appetising at the beginning of your journey and most people take their sweet time figuring out what they like. It took me almost two years until I could visualise my dream role and career pathway.”
levels, from executives to technical specialists. One of her favourite projects is delivering Vulnerability Assessments, and she also enjoys assisting public sector agencies with Business Continuity and Disaster Recovery Planning.
Reflecting on the early stages of her career, Andra highlights the importance of networking and volunteering. As a student, she joined the Australian Information Security Association (AISA) where she benefited from networking and professional development opportunities. After continuous volunteering for the association, Andra was invited to join the WA Committee and since then delivered various events supporting AISA’s vision of educating and raising an informed community about cyber risks and data theft.
Andra’s dedication and contributions to the field have not gone unnoticed. She won the “2023 Volunteer of the Year Award’’ at the AISA Awards Gala during the Melbourne CyberCon, a testament to her commitment and impact on the cybersecurity community.
Her journey from the chessboard to cybersecurity is a testament to the power of transferable skills and the importance of continuous learning and mentorship. Andra Cimpean’s story is an inspiring example for anyone looking to transition into cybersecurity from a different professional background.
www.linkedin.com/in/andra-cimpean-67a016135/
Nominations officially closed on June 30, 2024, at 11:59 PM.
The submitted nominations are then reviewed and scored by the judges.
The scores are compiled, and the top 3-5 nominees are selected as finalists.
The finalists will be announced on August 25, 2024.
And the winners will be revealed at the Gala Dinner ceremony on October 10, 2024.
If you are a finalist, you will be notified via the email address and phone number provided on the nomination form.
Alongside that we post several social media posts announcing finalists as well.
Each of the judges ranks the entries in order of preference. The winner will be the entry with most 1st places. If these are tied then the nominees will be given to 3 tiebreaker judges to score on, and in these situations we will also have Highly Commended awards given. If there is still a tie then the Producer and Partner will have a casting vote.
If there is only 1 entry for a category then judges will be asked to recommend whether any award should be made or not.
General Admission (purchased after February 2nd) AU$500 Ex GST BUY TICKETS
Bangalore Chapter Leader - World Wide Women in Cybersecurity community
Divya’s journey from a student of security to a pivotal figure in one of India’s leading banks is marked by perseverance, continuous learning, and a passion for fostering security in the digital age.
When asked how she would spark interest in cybersecurity among those unfamiliar with the field, Divya emphasises the global shortage of cybersecurity professionals and the sector’s critical importance across various industries. “I would love to support women tech enthusiasts and college students by highlighting the vast career options available in cybersecurity. It’s a recession-free job with great salary and growth opportunities,” she explains.
Divya is the Bangalore Chapter Leader of World Wide Women in Cybersecurity (W3-CS) which is an affiliate to Security Bsides Bangalore. She an active volunteer for (ISC)2 Bangalore Chapter and Information Sharing and Analysis Center (ISAC). She is a member of various prestigious communities like PMI Bangalore Chapter, Cloud Security Alliance Bangalore Chapter, CXO Cywayz.
Reflecting on her initial perceptions of cybersecurity, Divya recalls her early days when she transitioned from core banking and internet banking roles. She was the first cybersecurity employee at her organisation, learning new terminologies and tools such as SIEM, SOC, EDR, and more. “Preparing for my CISSP certification was enlightening, giving me the knowledge and best practices that are crucial for decision-making and drafting SOPs,” she says.
Divya’s journey was not without its challenges. She encountered resistance when transitioning to her new role but received support from senior executives who encouraged her to pursue further certifications. “There was a neutral reaction from my peers and parents, but I felt highly privileged to be selected to start cybersecurity operations in my organisation,” she shares.
The influence of mentors and colleagues has been significant in Divya’s career. She credits her colleague, Mr. Koti Jawahar R, for motivating her to pursue cybersecurity courses, and she draws inspiration from social media influencers like Mr. Prabh Nair. Active participation in cybersecurity communities has also enriched her experience, leading to recognition and invitations as a panellist in industry events.
"I was the first cybersecurity employee at my organisation, learning new terminologies and tools such as SIEM, SOC, EDR, and more. Preparing for my CISSP certification was enlightening, giving me the knowledge and best practices that are crucial for decision-making and drafting SOPs."
A defining moment in Divya’s career was participating in a Capture The Flag (CTF) event in June, 2023, during the Security BSides Bangalore annual conference, where she emerged as a runner-up and received the Best Volunteer of the Year Cybersecurity Excellence Award. “It was a very significant event, and I never looked back in my career,” she proudly states. Divya has won the “Women Influencer in Cloud Security” Award and “Young Achiever of the year 2024 in Cybersecurity” award. She is the recipient of Aspiring CXOs Award 2024 under the category “Cybersecurity Awareness and Education Champion”.
Practical experience has been a cornerstone of Divya’s journey. She has worked across multiple security domains, gaining hands-on experience with tools like Kali Linux and Nessus, handling ISO 27001 audits, and managing SIEM incident management and GRC change management. She is also involved in anti-phishing and cyber awareness sessions for various stakeholders.
Certifications have played a crucial role in Divya’s professional development. She holds a CISSP certification and endorses it for its vendor-neutral approach and the high standards maintained by ISC2. “It is essential for most job recruitments, and the salary factor is encouraging,” she notes.
As cybersecurity is always evolving, Divya believes that continuous learning is key. She emphasises that while academic programs provide a strong foundation, real-time implementation and industry engagement are necessary to stay updated. “No single program is applicable to all profiles in cybersecurity,” she adds.
One aspect of cybersecurity that excites Divya the most is pen testing through CTF events, which she finds thrilling and a testament to her capabilities. Conversely, she found cryptography topics in CISSP challenging and navigated through them by utilising multiple resources and peer discussions.
Divya’s commitment to cybersecurity extends to her personal life, where she takes extensive measures to enhance her digital security, such as using password managers, enabling 2FA/MFA, and educating her family about cyber threats.
Reflecting on her journey, Divya acknowledges that she might have considered a career as a civil servant if given a chance, but she remains passionate about her role in cybersecurity. She plans to actively seek new employment opportunities in the field in the latter half of 2024, signalling her readiness for new challenges and contributions. Divya is empaneled in the National Security Database at Cadet, Falcon and Scholar levels and she is certified CyberCrime Intervention Officer who is helping cyber victims through ISAC CopConnect App.
It is clear that Divya has demonstrated resilience, adaptability, and a commitment to advancing cybersecurity. Her story is a testament to the potential within the field and an inspiration for aspiring professionals, particularly women, to explore and excel in cybersecurity.
www.linkedin.com/in/divya-gowda-k
www.w3-cs.com
Former Digital Forensics and Threat Intelligence Analyst at CyberSafe Foundation
Geraldine T Mapfumo’s journey into the field of cybersecurity began with a spark of curiosity ignited by the intriguing name of the discipline itself. During her attachment in 2021, she found herself captivated by the term “cybersecurity.” This curiosity led her to dig deeper, revealing a field far more fascinating and complex than she had initially imagined. Over time, her interest evolved from a surface-level attraction to a profound appreciation for the critical role cybersecurity plays in safeguarding digital assets and information in our interconnected world. This growing passion drove her to continuously seek further knowledge and expertise, propelling her into the dynamic and ever-evolving world of cybersecurity.
In the early stages of her career, Geraldine took several pivotal steps to transform her burgeoning interest into a professional pursuit. A significant milestone was her application to the CyberGirls Fellowship in 2023. This fellowship was instrumental in shaping her career trajectory, providing her with invaluable insights and knowledge in the field. Through the program, she discovered a deep-seated passion for justice and investigations, which led her to specialise in Digital Forensics and Threat Intelligence. This transformative experience not only solidified her career path but also equipped her with the skills and expertise needed to embark on a fulfilling journey in cybersecurity.
Geraldine often thinks about the advice she would give her high school self. She would highlight just how important thorough research is when exploring different career paths and encourage an early start in IT. This early exposure, she believes, can significantly shape future career opportunities providing a solid foundation for a career in cybersecurity. She also stresses the importance of continuous learning, networking with industry professionals, and maintaining an open-minded approach to new technologies and developments in the field.
For aspiring cybersecurity professionals considering university studies, Geraldine advises focusing on networking and Linux. A solid understanding of networking concepts is crucial for grasping the fundamentals of cybersecurity, while proficiency in Linux provides hands-on experience with tools and techniques commonly used in the field. Mastering these areas during university studies, she believes, is essential for preparing for the complexities and challenges of the cybersecurity landscape.
Geraldine predicts a significant trend towards the increasing adoption of artificial intelligence and machine learning in cybersecurity defences, which will enable more efficient threat detection and response capabilities. Additionally, the rise of remote work and cloud technology will drive the need for enhanced cybersecurity measures to protect sensitive data accessed outside traditional corporate networks. The growing interconnectedness of devices in the Internet of Things (IoT) ecosystem will also necessitate heightened security measures to safeguard against potential vulnerabilities and cyber threats. Staying abreast of these advancements and continuously enhancing skills will be essential for professionals to effectively address emerging challenges.
She also highlights several significant threats that she foresees happening within cybersecurity over the next two years. One major concern is the increased
utilisation of artificial intelligence and machine learning by cyber attackers to enhance their tactics and evade detection, leading to more sophisticated and targeted cyber threats. The continued growth of ransomware attacks and the expansion of IoT devices create new attack vectors, while the focus on supply chain attacks poses serious threats as attackers exploit dependencies within the supply chain to compromise organisations and access sensitive data. Vigilance, proactive security measures, and a comprehensive understanding of these emerging threats will be crucial for cybersecurity professionals to safeguard against potential risks.
When contemplating career advancements, key considerations for professional growth and skill development are essential, as continuous learning and staying abreast of industry trends are vital in a field like cybersecurity. Evaluating company culture, work-life balance, and the potential for mentorship and career advancement within the organisation are also critical. Ensuring that the job responsibilities align with personal interests and values is key to maintaining motivation and fulfillment in the role.
For those transitioning into cybersecurity from other professional backgrounds, Geraldine recommends pursuing relevant certifications, utilising transferable skills, and networking with industry professionals. Staying informed about emerging trends, starting at entry-level positions, and developing a strong understanding of compliance regulations are also crucial steps. By following these recommendations and taking proactive steps to build knowledge, skills, and networks within the cybersecurity industry, individuals can enhance their transition and set themselves up for a successful career in cybersecurity.
www.twitter.com/geraldinet35812?s=09
www.linkedin.com/in/geraldine-t-mapfumo
www.instagram.com/ge_raldine2431
Cybersecurity Resilience and Privacy Expert at PwC
Sparked by a chance encounter that set Yetunde Olofinle on a course toward a fulfilling and impactful path to a cybersecurity career. “It’s a funny story about how I first got interested in cybersecurity,” she recalls. “A few years back, I was on this road trip and came across a CISA review manual someone else came with. Out of curiosity, I started flipping through its pages, and domain 5: ‘Protection of Information Assets’ immediately caught my attention. I remember thinking to myself, ‘Protection of information assets? What does that even mean?’ I was intrigued, so I started reading up on it, and the more I learned, the more I wanted to know.”
This serendipitous moment marked the beginning of Yetunde’s relentless pursuit of knowledge in the field. Despite returning the book at the end of the trip, her curiosity remained insatiable. She turned to the internet, devouring resources from reputable cybersecurity blogs like Infosecurity Magazine, online courses from platforms such as Cybrary and Simplilearn, and even YouTube tutorials from industry experts. A particularly impactful case study on a phishing attack underscored the critical importance of cybersecurity and solidified her dedication to the field.
Reflecting on her journey, Yetunde is grateful for the seemingly random encounter with the CISA manual that ignited her passion. “What started as mild curiosity has become a full-blown career path I’m passionate about. I find how cybersecurity sits at the intersection of technology, human behaviour, and organisational processes endlessly fascinating.”
Transforming her interest into a professional pursuit involved several pivotal steps. Yetunde immersed herself in self-study, building a strong foundational knowledge through various books, blogs, videos, and industry reports. Joining a discussion group further amplified her learning, providing a wealth of knowledge from peers who shared her passion. She then enrolled for the CISA exam and passed with flying colours, which validated her theoretical knowledge. Realising the importance of hands-on experience, she sought an internship that proved to be a game-changer, boosting her confidence and preparing her for full-time roles. Landing her first position as an Information Security Analyst, Yetunde credits mentorship as a significant factor in her success. “I was privileged to find a mentor who guided me, shared invaluable insights, and helped me navigate the cybersecurity field as I transitioned into a professional career.”
Navigating her current role as a cybersecurity consultant, Yetunde identifies the need to deeply understand each client’s unique business as one of the most complex aspects. “Every client I work with is unique—they all have their own goals, environments,
and ways of operating. Even within the same industry, no two are exactly alike,” she explains. This in-depth understanding is crucial for aligning cybersecurity needs with overarching business objectives. To overcome this challenge, she immerses herself in the client’s world, engaging in extensive research and in-depth conversations with key stakeholders. “It’s a seriously time-intensive process, but it’s also incredibly gratifying to tailor cybersecurity strategies and solutions to address a client’s distinct needs precisely.”
She finds immense satisfaction and fulfilment in her work. “It’s the opportunity to collaborate with my talented team to help our clients solve complex security challenges. Each engagement brings its own set of unique challenges, which serve as valuable learning opportunities for us to grow and enhance our skills. Seeing a plan come together and having a positive real-world impact on a client’s security posture gives me a profound sense of accomplishment.”
Offering advice to her high school self, her self-belief and perseverance. “I would reassure my younger self that nothing is too difficult, and even if it’s difficult, I can do difficult things. Confidence in one’s abilities is crucial in navigating the complexities of a cybersecurity career with resilience and determination.” She would also encourage herself to pursue aspirations fearlessly, embrace challenges as opportunities for growth, and approach setbacks with a positive mindset.
Yetunde like so many others can see the significant number of emerging threats in the cybersecurity landscape, particularly AI-powered attacks. “As AI and machine learning technologies continue to advance rapidly, malicious actors will likely leverage these capabilities to launch highly sophisticated and disruptive cyber attacks.” To counter these threats, she advocates for developing AI-driven defensive mechanisms and robust AI security controls and governance frameworks. Collaboration between the cybersecurity community, academia, and regulatory bodies will be crucial in staying ahead of these evolving threats.
When considering career advancements, Yetunde advises to weigh up several factors beyond remuneration. “The organisation’s culture holds significant importance to me. A positive work environment, characterised by mutual respect, collaboration, and support, is essential for personal well-being and professional growth.” She also values growth prospects, alignment with personal and professional goals, and quality of life factors such as work-life balance and flexibility. “Remuneration alone isn’t enough to make me take a role. The culture, growth potential, organisational values, and lifestyle fit have to make sense too.”
To stay current and effective in her role, Yetunde employs several strategies, including the “one new thing a day” rule, podcasts, cybersecurity newsletters, and attending industry events. “Staying current and effective in this cybersecurity role is no joke. The landscape is constantly shifting, so I’ve got a few key strategies I rely on to make sure I’m keeping up with all the latest info and developments.”
Belonging to industry organisations, particularly ISACA, has been immensely beneficial for Yetunde. “These organisations provide exclusive access to valuable resources such as publications, webinars, and professional development tools that are crucial for staying current in the field.” Her ISACA membership has expanded her professional network, provided opportunities for mentorship, and offered recognition for her achievements. “Being part of an organisation like that is a game-changer.”
For individuals transitioning into cybersecurity from other professional backgrounds, Yetunde advises leaning into curiosity, building a solid knowledge base, finding a niche, utilising free resources, actively networking, and committing to lifelong learning. “The transition can be challenging, no doubt. But if you stay curious, find your niche, take advantage of resources, network actively, and prioritise always learning—you’ll be setting yourself up for real success in this exciting new cybersecurity career.”
www.linkedin.com/in/yetunde-olofinle-cism-cisa-crisc-gdprcdpo-itil-a1820b7a
Elmarie Biermann Director at Cyber Security Institute
Elmarie Biermann’s journey into the field of cybersecurity began with an unexpected spark during her time at the University of Potchefstroom, now the North-West University. “When doing my Master’s degree, one of the subjects was computer security, and the practical exam required the cryptanalysis of an encrypted message. The process to find the original message was exciting, especially when it led to success,” she recalls. This experience led her to pursue a PhD in computer security, setting the foundation for a career that transitioned from academia to the private sector.
Reflecting on her early career, Biermann notes the significance of her educational background in shaping her professional trajectory. “Pursuing a PhD in computer security and growing research in the information security space were pivotal steps,” she explains. Her transition from academia to founding the Cyber Security Institute was driven by her passion for education and a desire to address the growing need for cybersecurity expertise. “Establishing a company to provide bespoke cyber security training and cyber risk management services was a natural progression.”
While navigating her current role, Biermann identifies staying ahead of the curve is a constant challenge. “The dynamic nature of cybersecurity requires continued studying, research, and certifications to remain relevant. The change to AI and quantum computing also brings about challenges from both an offensive and defensive side.” She approaches these challenges with commitment to continuous learning and professional development, a principle she instils in her team as well.
Despite her impressive accomplishments, Biermann admits to experiencing moments of uncertainty about her career choice. “ The domain is challenging, and establishing and growing a company as a woman is even more so. As women, we easily tend to fall for the imposter syndrome, more so in the technical field where men are dominant.” Her strategy to navigate these doubts involves continuous education, forming networks, and building mentoring partnerships. “By continually studying, reading, researching, and speaking at international events, I manage to stay relevant.”
Interestingly, Biermann’s career path unfolded organically, without a specific vision of where it would lead. “Never thought I would end up establishing and growing a company in the field – so no clear vision or roles.” Her advice to her high school self reflects the importance of confidence and networking. “Be sure of yourself. Build your network, reach out to people in the field from the beginning.”
Biermann anticipates that Artificial Intelligence and Quantum Computing will be the most impactful developments in cybersecurity in the future. “These
technologies will shape the landscape significantly,” she notes. She also highlights the importance of practical experience and relevant certifications for aspiring cybersecurity professionals, cautioning against certifying for the sake of certifications alone.
In her role, Biermann finds the most satisfaction in guiding organisations towards security maturity and seeing the growth of interns in her company. “Being able to guide organisations to a level of security maturity and assist them in successfully certifying against the ISO/IEC 27001 standard is fulfilling. Seeing our interns take up their rightful place at the security table is rewarding.”
Maintaining a work-life balance is crucial, particularly in a demanding field like cybersecurity. Biermann’s daily routine includes an early morning training session at a boxing gym for women, which helps her manage stress. “The end of the day I spend an hour reading before making dinner with the family. Routine and structure allow me to create and manage balance.”
Staying current and effective in her role, Biermann makes daily time for reading cybersecurity news, research papers, and attending webinars. “Providing training requires intense studying and expanding
the network of partners, role-players, and mentors,” she adds. Her typical day involves meetings with clients, developing training content, lecturing, and collaborating with research teams.
Belonging to industry organisations like ACM and IEEE has provided Biermann with access to valuable resources and networks. Addressing the cybersecurity skill shortage, her organisation focuses on developing training paths and practical, hands-on content for public and private entities.
For individuals transitioning into cybersecurity from other professional backgrounds, Biermann advises “Be prepared to study continuously and read daily. Start with a practical, hands-on cybersecurity foundational course and set to plan your learning path to the envisioned role”.
Elmarie Biermann’s journey is a testament to the power of education, perseverance, and the importance of staying adaptable in the ever-evolving field of cybersecurity. Her story inspires others to pursue their passions with confidence and dedication, regardless of the challenges they may face.
www.linkedin.com/in/ebiermann
Lori Polansky
Security Engineer from New Jersey
Lori Polansky, a Security Engineer from New Jersey, has carved a remarkable path in the field of cybersecurity, driven by a blend of curiosity, determination, and robust support systems. Her journey began with an intrinsic interest in technology, which she pursued through a bachelor’s degree in computer science and initial roles in IT. However, it was the increasing prevalence of information breaches that truly sparked her interest in cybersecurity. “Security issues were no longer a concern of only Fortune 500 companies,” Lori recalls, “but impacted everyone in their daily lives, including small businesses, government entities, and individuals.”
Lori’s transition from a general IT role to a cybersecurity specialist was marked by strategic steps and the pivotal support of her professional and personal networks. Lori contributed most of her career pivot to her manager, Walter Ivanov, who not only advocated for her shift but also provided the guidance necessary to turn it into reality. “He initiated the idea of a security career and provided guidance to turn it into a reality,” she notes. With Ivanov’s
encouragement, Lori completed three online security graduate certificates and earned her CompTIA Security+ and ISC2 SSCP certifications. Lori also gained practical experience by assisting the security team part-time and coordinating internal securityfocused projects. “Having both a professional and personal support system for the transition is key,” Lori emphasises.
As Lori advanced in her career, she encountered new challenges, particularly when Lori transitioned from the private sector to the public sector. Despite her relevant technical skills, the differing standards and methods required adaptation. To overcome these challenges, she focused on building relationships with her coworkers and actively sought knowledge through documentation and inquiry. “During available time during the business day, I review documentation and ask questions on any new areas,” she explains.
Lori’s journey was not without moments of doubt. She questioned her decision to switch to cybersecurity and her ability to succeed in the field. “After working part-time for the security team for a year, I decided to
take the plunge and switch to a full-time position,” she shares. Lori navigated her doubts through reliance on her support systems, finding inspiration in colleagues who had successfully transitioned into security roles, and maintaining a mindset focused on embracing new experiences despite potential failure. “It is better to try something new and possibly fail at it than to live with the regret of fear preventing you from holding you back from new experiences,” she reflects.
Lori’s path in cybersecurity unfolded organically. She knew she wanted to work in the field but did not have a specific role in mind initially. Her first security position was a lateral move in terms of salary and career grade, which required her to prove her potential and technical skills to her company and herself. “Even if you are unable to start work in a specific interest area, continue self-study in that area so you have the option to specialise at a later time,” she advises.
For aspiring cybersecurity professionals, Lori offers valuable insights. She encourages a focus on foundational knowledge of networking and security concepts and suggests obtaining industry certifications such as CompTIA Network+ and Security+ before completing a degree. “The cybersecurity hiring trend for the past several years tends to prioritise certifications over college degrees for entry into the field,” she observes, though she acknowledges that degrees can aid in career advancement later on.
Looking ahead, Lori sees company culture, professional development, and workplace flexibility as crucial factors in career advancement. She values a supportive manager, a collaborative team environment, and opportunities for ongoing education and certification. “Money is not worth being uncomfortable in a work environment due to culture, specific personality conflicts, or an unrealistic workload,” she states.
"As
I advanced in my career, I encountered new challenges, particularly when I transitioned from the private sector to the public sector. Despite having no relevant technical skills, the differing standards and methods required adaptation."
Her current role brings her satisfaction and fulfilment, particularly in the diversity of tasks and the continuous learning required. Lori belongs to several industry organisations, including ISC2 New Jersey, WiCyS, and Cybrary, which have provided her with networking opportunities, professional support, and mentorship roles. “Belonging to a cybersecurity community can offer support, advice, training opportunities, contacts, and even friendships,” she affirms.
Addressing the cybersecurity skill shortage, Lori encourages existing knowledge from other industries into security roles. “Security has a place in every industry,” she notes, urging individuals to consider positions in their current fields where they can apply their unique insights.
Lori Polansky’s journey is a testament to the power of support systems, continuous learning, and the courage to embrace new challenges. Her story inspires current and aspiring cybersecurity professionals to pursue their goals with determination and adaptability.
www.linkedin.com/in/lori-polansky-security-nj
Kritika Sharma
Junior Security Specialist at LEAP Dev
Kritika Sharma was introduced to cybersecurity while studying for a bachelor’s degree in information technology, but it was being on the receiving end of cyber attacks that really set her on her course to becoming a cybersecurity professional.
“During my university studies we had a subject on cryptography and encryption, which I found very interesting,” she explains. “Later, when I started my career in helpdesk support, I received some phishing emails. The information security team would send out some security awareness training materials every month, which I really enjoyed. That gave me the appropriate knowledge to handle those phishing emails. Then, I realised I wanted to be a part of the security team.”
To fulfil that ambition, Sharma did what many aspiring cybersecurity professionals do: she started taking online courses on her own initiative. “Studying for certifications like CompTIA Security+ and AWS Cloud Practitioner, and studying through various online platforms deepened my interest in the field,” she says. So, when Sharma got an opportunity to be a part of the security team, she was well prepared, and took it.
Cybersecurity is a complex discipline and Sharma did have her doubts. “Cybersecurity is an evolving field. I did experience moments of uncertainty about pursuing a career in this field,” she says.
“There are new threats and tools, and keeping informed is a little challenging. As a starting point, I talked to professionals in the field, and they gave me a roadmap to follow. I started with short-term goals like simply listening to a cybersecurity related podcast, reading news, learning new concepts, and most importantly, staying focused. I am still following that roadmap, and it has helped me a lot in my career. For my future professional growth, I plan to obtain a master’s degree, undertake advanced certifications like CISSP, and continue learning new skills.”
Sharma is now a security specialist and says her day typically involves “monitoring security alerts across various platforms, assessing vulnerabilities, incident response, reading news, emails to stay updated with the latest threats, and making others aware of security best practices.”
She adds: “Protecting sensitive data and information, defending against cyber threats, and knowing that my day-to-day efforts contribute to this sense of security is incredibly rewarding.”
www.linkedin.com/in/kritikasharma-cybersecurity-analyst
Senior Risk Manager in Data Governance at Westpac
Within the cybersecurity industry, the journey of professionals often begins with a spark of interest that evolves into a passionate pursuit of knowledge and expertise. For Joelle Ngougo, a Sydney-based Senior Risk Manager in Data Governance for Westpac, this journey has been nothing short of transformative.
Joelle’s fascination with cybersecurity was kindled by the proactive approach of companies wanting to prioritise cybersecurity awareness. Two years ago, she embarked on a journey within her organisation as a cyber champion. This role not only allowed her to actively contribute to creating a cyber-safe work environment but also served as the foundation for her overwhelming interest in cybersecurity. As she shared cyber culture and awareness among her colleagues, Joelle found herself immersed in a world of continuous learning and exploration.
Reflecting on the early stages of her career, Joelle discusses the steps she took to transform her interest into a professional pursuit. While not yet working in a dedicated cyber position, she took proactive measures to increase her knowledge and skills. Pursuing a cybersecurity course at Harvard University VPAL was a significant milestone in her journey. The experience provided her with invaluable insights and networking opportunities, shaping her vision for the future.
Despite her passion for cybersecurity, Joelle acknowledges experiencing moments of uncertainty along her journey. Doubt, she believes, is a natural part of the process, pushing individuals to challenge themselves and strive for excellence in their field. For Joelle, navigating through these doubts has been
a testament to her resilience and commitment to personal and professional growth.
When Joelle began her cybersecurity journey, she did not have a clear vision of the roles she aspired to. However, her training at Harvard University provided her with a clearer direction. Envisioning herself as a Cyber Business Analyst supporting companies in ensuring compliance with cyber requirements, Joelle recognised the importance of continuous learning and skill development in this rapidly evolving field.
Reflecting on her high school self, Joelle urges the importance of laying a strong foundation in information technology, particularly focusing on coding, network administration, and psychology. She encourages aspiring cybersecurity professionals to embrace continuous learning and obtain relevant certifications to stay updated in this dynamic field. She stresses the importance of focusing on areas such as information technology, software development, cloud computing, data management, and network architecture. Additionally, she highlights the significance of understanding risk management as a fundamental concept in cybersecurity.
Looking ahead, Joelle anticipates that Artificial Intelligence (AI) will play a significant role in shaping the cybersecurity landscape. While AI offers opportunities for enhanced security, it also presents challenges, including the potential for AI-assisted cyber threats. Anticipation and Proactive measures are key elements to navigate this evolving security landscape effectively.
Joelle Ngougo’s journey into cybersecurity exemplifies the transformative power of passion, dedication, and continuous learning in this dynamic field. As she continues to make strides in her career, her insights provide valuable guidance for aspiring cybersecurity professionals navigating their own paths in this critical domain.
www.linkedin.com/in/joelle-n-a4367577
Cyber Security Consultant and Research Fellow, School for Data and Computational Sciences, Stellenbosch University
Noelle van der Waag-Cowling, a Cyber Security Consultant and Research Fellow at Stellenbosch University, stands as a beacon of innovation, resilience, perseverance and passion in the vibrant South African cybersecurity Industry. Her journey into this dynamic field began with a spark of curiosity that ignited during a project centered around employee social media habits and policies in 2014. Little did she know, this modest beginning would evolve into a passionate pursuit that would define her career. From that point, her interest grew, fueled by a blend of prior IT experience and her current work in strategic studies. For Noelle, delving into cybersecurity seemed like a natural progression, and as she immersed herself in the subject, her fascination only deepened.
“In the ever-evolving landscape of cybersecurity, perseverance and passion are our greatest assets. Each challenge is an opportunity to innovate and grow, propelling us forward on this exhilarating journey of discovery.”
Reflecting on the early stages of her career, Noelle recalls the pivotal steps she took to transform her interest into a professional pursuit. Hours of self-study, guidance from a mentor, extensive networking, and an unwavering passion for the field enabled her to carve out a unique niche—a focus on strategic cyber threats and resilience building, a path less travelled but by her peers infinitely rewarding.
Navigating her current role, bridging the gap between research and practice, and the constant need for reinvention and skill expansion presents its challenges, but Noelle embraces them wholeheartedly, bridging that gap with unparalleled dedication.
Despite the uncertainties that often accompany career choices, Noelle’s journey in cybersecurity has been characterised by a resolute sense of purpose. The dynamic nature of the field, coupled with the unwavering support of the technical community, has served as a beacon of inspiration, propelling her forward with unwavering hesitation.
For Noelle, her path into cybersecurity unfolded organically, devoid of rigid goals or predefined roles. Yet, she emphasises the importance of early self-learning and experimentation, urging aspiring professionals to embrace a future that blends technical expertise with a diverse array of skills and experiences.
When considering the essential areas of focus in university studies, Noelle challenges conventional wisdom, advocating for a balanced approach that combines technical expertise with analytical and language proficiency—a testament to the interdisciplinary nature of cybersecurity.
As she peers into the future, Noelle anticipates huge shifts in the cybersecurity landscape—AI integration, quantum computing, and the mainstream adoption of edge security technologies. Yet, amidst these advancements, she remains vigilant, recognising emerging threats stemming from global insecurity and the convergence of physical and digital systems.
In her pursuit of professional excellence, Noelle places equal emphasis on factors beyond remuneration—flexibility, work-life balance, and personal fulfilment. These values, she believes, are essential for navigating the demanding terrain of cybersecurity with resilience and grace.
To stay current and effective in her role, Noelle relies on a combination approach—reading, participation in webinars, and active engagement within her community of practice. For her, learning is not just a
Addressing the cybersecurity skill shortage, Noelle highlights the need to remove barriers to entry for young professionals and foster a supportive environment for skill development and growth. Drawing from her own experience, she offers advice to individuals transitioning into cybersecurity from other professional backgrounds, highlighting the value of passion, perseverance, and the diverse array of roles within the field.
As she continues to blaze trails in the cybersecurity landscape, Noelle’s journey serves as a testament to the limitless possibilities within the field. Her unwavering passion, coupled with her relentless pursuit of excellence, inspires not only her peers but also the next generation of cybersecurity professionals. In her hands, the future of cybersecurity is bright, promising, and filled with endless opportunities for innovation and impact.
www.linkedin.com/in/noelle-van-der-waag-cowling-a203a8a/
www.twitter.com/noelle_cowling
Alexis Nguyen
Principal Consultant – Cyber at Systra ANZ
Alexis’ journey began with a strong foundation in project management and governance, which naturally led her to explore the field of Information Governance. Reflecting on her career trajectory, Alexis shares, “As I looked at the remaining 15 years of my career, I realised that a postgraduate qualification in cybersecurity would be incredibly beneficial. The shortage of skilled cybersecurity professionals, particularly in governance, risk, and compliance (GRC), is alarming. This could have severe ramifications for data and information security in the long term.”
Alexis’ decision to pursue further education and earn her Lead Auditor ISO 27001 certification opened doors to a cyber assurance role, a position she has thrived in for the past two years. “It’s been amazing to grow professionally at this stage in my career and to be supported by incredibly talented people. I’m so glad I took on the extra study (and debt),” Alexis remarks with a smile.
Navigating the complexities of a rapidly changing technical environment is no small feat. Alexis highlights the challenge of staying current in a
field where legislative instruments often lag behind technological advancements. “For me, it’s about staying up to date with my cross-domain knowledge. This means reading broadly, including seeking information in different jurisdictions or agencies. DarkReading.com is one of my favourite sites for its comprehensive coverage, and attending events helps me access information in an easily consumable format,” she explains.
Despite her success, Alexis has faced moments of uncertainty, particularly due to the overwhelming nature of information overload. Alexis shares, “I often feel overwhelmed. Transitioning into cybersecurity, especially the governance space, is tough. The subject, when incorporating risk-based approaches can be challenging to black and white thinkers. And, of course, there’s the gender bias. It can be really challenging to take command of a room and get respect in cybersecurity.” Alexis’ advice to others facing similar doubts? “When something isn’t working, stop. Take a deep breath, look for alternatives, and reset the conversation.”
Alexis’ career path has been anything but linear. “I am neurodivergent. I believe the term is “neurospicy”
these days. My whole career has been organic and lacking specific goals. I’m grateful that I’ve always been able to do jobs that I like, that interest me, and that challenge me,” she reflects. Now, with a clearer vision, she aspires to focus on assurance in the operational technology space, particularly at the intersection of critical infrastructure sectors. “The convergence of IT and OT fascinates me, and the potential for destruction and disruption in this space is alarming.”
For those considering a career in cybersecurity, Alexis emphasises the importance of interpersonal skills. “Cybersecurity professionals usually work in, or across, teams and need to collaborate effectively. Skills like creative problem-solving, adaptability, and emotional intelligence are increasingly valued. As we advance in our careers, these skills become essential for training and mentoring junior staff,” she notes.
When asked about her most satisfying moments in her current role, Alexis highlights stakeholder relationship management. Alexis couldn’t do her job nearly as effectively if she did not have good working relationships. When you get the relationships right, everything else just comes together,” she explains. Organising and delivering OT-led critical infrastructurecybersecurity incident response simulations has demonstrated the importance of these relationships, particularly strategic inter-agency networks.
Balancing work and life is crucial, especially in a demanding field like cybersecurity. Alexis emphasises the need for continuous learning and staying current. “To stay effective, I employ strategies like reading broadly and attending events. Belonging to industry organisations such as the Australian Institute of Project Management and the Australian Information Security Association provides access to current thinking and valuable networking opportunities,” she shares. As well as that, she maintains her core governance SME roots as a Fellow of the Governance Institute of Australia and InfoGovANZ. She notes the latter as providing a very senior organisational view of information security.
"As I looked at the remaining 15 years of my career, I realised that a postgraduate qualification in cybersecurity would be incredibly beneficial as the shortage of skilled cybersecurity professionals, particularly in governance, risk, and compliance (GRC), is alarming."
Addressing the cybersecurity skill shortage, Alexis acknowledges the complexity of the issue. “The cybersecurity skill shortage is talked about without a deeper understanding of the broad spectrum of cybersecurity skills and knowledge required. There is a real shortage of cybersecurity engineers, and equally, cybersecurity governance and policy professionals who can work with entities to provide assurance that they can attain and maintain accreditation,” she observes.
Drawing from her experience, Alexis advises individuals transitioning into cybersecurity from other professional backgrounds to be proud of their transferable skills. “Cybersecurity requires multiple experiences and perspectives if we are to get it right. Be aware of, and proud of what you are bringing to the table from your former profession. You have earned the right to be at the table,” she asserts.
Alexis Nguyen’s journey in cybersecurity is a testament to the power of continuous learning, resilience, and the importance of fostering strong relationships. Her story is an inspiring example of how passion and perseverance can lead to a fulfilling and impactful career.
www.linkedin.com/in/alexisn168
Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC, Baidam Solutions and Ipswich City Council. Member of the Board of Directors – AISA (Australian Information Security Association).
I have been in the ICT and cybersecurity industries for more than 20 years. I started at the very bottom of the food chain and worked my way up from my first traineeship in a small IT shop. I have earned my stripes over the years, sometimes learning the hard way. Failure is sometimes the best teacher: you figure out what you did wrong and then work at it until you figure out how to get it right. Some people thrive in this space while others crumble. That’s the reality.
Threats evolve, techniques and protections change almost as fast as you can learn about them, but the malicious actors are always at least one step ahead. That’s the reality. We don’t do well at matching their pace, at taking the battle to the enemy. So how do we change this pattern?
I believe there are two things we need to change to tip the balance and enable the good team to start to shift the needle.
Cyber education for children as young as six or seven years of age can really change the way the next generation looks at the online world and how it perceives threats. Think about it. Teaching the right way to behave in the online world from first interactions would have a long-lasting impact on the cyber awareness of both individuals and the public overall. The more we look to do this, the better educated everyone will be, reducing the number of incidents and the profitability of cyber criminals.
Such teaching would also raise the bar, bringing advocates for cybersecurity into every organisation. As these children grew up and entered the workforce they would see the importance of staying safe and secure. They would help others improve their online behaviour, uplifting cyber awareness in the wider community of companies and families.
The old way of approaching education by waiting until people have entered the corporate environment and then spending years trying to break all their old habits does not work. Sometimes, we get lucky. We get to shift the needle a little, but it is very difficult to achieve wins.
I know we are all working on this issue, tackling the misconceptions that cyber is a boys’ club. That’s why I created the character Sam (Samantha) in my hacker fantasy novel series Foresight. That’s why this magazine exists. That’s why we have the Women in Security Awards (best night of the year). We are making a difference, but progress is very slow.
The diversity needs of our industry are wider than simply achieving balance in the number of males and females. To achieve the true diversity of thought we require, we must change our approach to cyber/ information security. We need to look at ways to bring in all different perspectives: psychologists, lawyers, gay, straight, male, female, culturally diverse, neurodiverse. They all matter.
Why? As I said at the start, cybersecurity is HARD. There is no getting around that. So, what we need are new ways of approaching problems, new ways of looking at problems, ways of taking a step back and tackling the impossible. Then, and only then, we may be able to stop trying to push back the hordes and be able to take back control of our systems, of our clients’ data, and maybe even find ways of putting our enemies on the back foot.
There is no doubt this is not going to be easily achieved. It will take all of us coming together and accepting that we have lost control; accepting that, just because something has been done a certain way for the last however many years does not mean it should still be done that way.
I know I and many others have talked previously about cyber education for the young and about diversity,
especially diversity. However, that does not mean we should cease bringing up these issues. We cannot sit idle and do nothing about making a change.
Instead, we can focus on achieving both these goals in our time in the industry. We, as leaders or future leaders, can help mould the future, help create a world in which we no longer need to focus on diversity because it will simply be. If we do these things, we can change how education is approached. We, as a society, will all see their true value and they will be taught to future generations in the same way as they will be taught to talk or ride a bike.
A utopia of sorts in the world of cyber. Let’s make it a reality together.
www.linkedin.com/in/craig-ford-cybersecurity
www.facebook.com/profile.php?id=61552330571786
www.instagram.com/cyberunicorns.com.au
x.com/CraigFord_Cyber
www.cyberunicorns.com.au
DIANA JOUARD
by Diana Jouard , Product Manager of Neo at Ping Identity
Acquiring technical knowledge will open up a host of career opportunities in the cybersecurity space.
For women seeking a dynamic and rewarding professional career, one which allows them to make a very real contribution to the prosperity of individuals and organisations alike, there’s arguably no better path than cybersecurity. It’s interesting, well paid and, in today’s climate of rising security risks and the emergence of artificial intelligence (AI), utterly essential work that women should be involved in at every level.
I’ve enjoyed every aspect of my eight-plus years in the ICT and cybersecurity industries. From the beginning of my journey to the present day—I started out as an enterprise product consultant for a software company and worked my way through a series of increasingly senior roles before segueing into cyberspace three years ago—there have been challenges and multiple opportunities to make my mark. And, hopefully, forge a path for other women to follow.
As a product manager at Ping Identity, where I’m responsible for credential verification software that enables users to store and share their identity data securely, I know I’m making a worthwhile contribution to an urgent global quest: preserving privacy and safeguarding individuals and organisations from the bad actors who continue to proliferate in the digital realm.
The cutting-edge technology we develop helps to combat the threats posed by AI-driven deep fake technologies: the images, video and audio that are so chillingly similar to the real thing that our identities can easily be falsified at any time.
I have significant autonomy and decision-making responsibility in my role helping customers use our platforms to strengthen their digital identity security
posture. There’s also the ongoing opportunity to contribute to shaping the vision and direction of our organisation by providing feedback that can help the company continue to innovate and improve.
It’s fascinating, fast paced and intense, and it never gets old. If you’re someone who loves a new challenge every day, there’s a lot of appeal.
So, how can other women find and pursue positions in this dynamic sector where our gender remains significantly under-represented, not only in Australia, but around the world?
If I’m asked this question by younger women contemplating their career options, my advice is always the same: get some technical skills under your belt. That doesn’t necessarily mean becoming a fullyfledged programmer or software developer, unless, of course, that’s your bent. But a major or minor in computer or data science, a graduate certificate or a short, specialised course that demonstrates a degree of interest and aptitude is something you can and should do, if you’d like doors and opportunities to open up.
Even in roles like mine that aren’t necessarily hardcore technical, being able to talk—and understand!— the jargon of your counterparts in engineering is incredibly helpful. It adds credibility when you’re speaking with customers and means you can be much more of an asset to project teams, third party service providers and your own technical services department.
In fact, most of the interview panels I’ve encountered have had at least one technical person sitting in. The question they’re likely pondering as they put you through your paces is: how useful a partner are you likely to prove, and should they give you the nod?
That’s why I often feel thankful for my decision to complete a computer science major as part of my college degree a decade ago. That grounding gave me an entry into the ICT and cybersecurity industries and, as I gained real world experience, helped me find the confidence to apply for more senior, specialised positions.
It’s something too many women fail to consider when contemplating their career options and planning their courses of study. Some eschew science, technology, engineering or maths (STEM) subjects while others just don’t understand how beneficial these skills can be should they wish to forge rewarding careers in emerging industries like cybersecurity.
The lack of female representation is detrimental to the high-tech sector and the broader community we serve. As we continue the fight to secure our tomorrow in what is becoming an increasingly dangerous digital landscape, we need as many good women (and men) as we can get on the cyber defence team. To this end, I urge women at all levels, especially those just beginning their careers, to consider layering on technical knowledge and coursework. From there, the possibilities are endless.
www.linkedin.com/in/diana-jouard
By Marise Alphonso , Information Security Professional
Australia has some impressive high-ranking female leaders in the security domain across government, regulatory, advisory and protective services, with national and international experience spanning the armed forces, politics and the private and public sectors of the economy. With expertise in information security, data privacy and eSafety, these women lead the charge safeguarding Australia from cyber threats.
Lieutenant General Michelle McGuinness was appointed to the role of Australia’s National Cyber Security Coordinator in February 2024. Having served in Australia’s Defence Force for three decades, McGuinness is well-placed to lead a portfolio that embraces strengthening Australia’s cybersecurity capability, leading national cybersecurity policy and the coordination of responses for major cyber incidents. Given the high profile data breaches impacting Optus and Medibank, McGuiness’ role is key to protecting Australians from the consequences of identity theft, scams and foreign intelligence interference that may result from the theft of their personal information.
Clare O’Neil, Australia’s first Cyber Security Minister, has been pivotal to the development of Australia’s Cyber Security Strategy released in November 2023. The strategy sets out details of six ‘shields’ to defend citizens and businesses from cyber threats, with each shield providing an additional layer of defence. The aim is to make Australia the most cyber-safe nation by 2030. Since taking on the role, O’Neil has been involved in establishing and promoting initiatives such as Hack the Hackers—offensive capabilities that target and disrupt hackers—and the Act Now. Stay Secure campaign, where she has posted to social media on the key steps Australians can take to protect their digital presence. Her advocacy for getting Australians to know they have power against cyber challenges is a fantastic demonstration of ‘tone from the top’ in putting Australia on the path towards becoming a leading cyber nation.
Julie Inman Grant is Australia’s eSafety Commissioner and leads eSafety, Australia’s independent regulator for online safety. Working to keep children and adults safe online, eSafety leads
Australia’ Safer Internet Day initiative every February. Individuals and organisations are provided with the opportunity to reflect on online safety practices and take steps to improve their use of the online world. Grant, highly experienced in public policy and safety in the technology industry, was instrumental in launching the global Safety By Design initiative aimed at embedding safety principles into the development of online products and services. She led the work to develop a world-first regulatory regime under the Online Safety Act 2021 making online service providers accountable for the safety of people who use their platforms.
By establishing a set of Basic Online Safety Expectations via the Online Safety Act, the Australian Government requires social media, messaging and gaming service providers and other apps and websites to take reasonable steps to uphold Australians’ safety online. To increase transparency and accountability, the eSafety Act can require online service providers to report on how they are meeting expectations to improve online safety standards.
Carly Kind, Australia’s Privacy Commissioner, commenced her role in February 2024. Prior to taking on this role, Kind was the director of the UK-based Ada LoveLace Institute. She has a background as a human rights lawyer working at the intersection of technology policy and human rights. She has built up the Ada Lovelace Institute to be a centre of excellence for research related to the social and ethical impacts of artificial intelligence (AI) and datadriven technologies.
Given her experience in the technology and human rights spaces, Australia is very fortunate to have Kind step into the role of privacy commissioner at a time when AI practices are increasingly becoming mainstream in the lives of Australians through the use of platforms such as ChatGPT. With changes to Australia’s Privacy Act (1988) due to go before Parliament in 2024, Kind’s expertise in human rights and data privacy will serve Australians well, ensuring the reforms made protect the privacy rights of all Australians.
Since February 2020, Abigail Bradshaw has headed the Australian Cyber Security Centre (ACSC), the Australian Government body aimed at improving cybersecurity. It sits within the Australian Signals Directorate (ASD). Bradshaw began her career as an officer in the Royal Australian Navy and has deep experience in crisis management and incident response. She has stated the ACSC’s purpose as being to minimise the harm of cyber incidents to individuals and organisations. The ACSC has established partnership programs that enable Australian organisations to sign up as partners and receive information about cyber threats as well as assistance with incident response.
A massive thank you to these women for rising through the ranks and paving the way to making the online world secure and safe for all of us.
www.linkedin.com/in/marisealphonso
by Lisa Ventura MBE , Founder – Cyber Security Unity
When it comes to the protection of our borders and national security, diversity is crucial to ensuring resilience and adaptability. Traditional approaches have often focused on uniformity and conformity while, from a national security perspective, threats have grown exponentially in recent years. Cyber attacks from nation states are coming at us thick and fast, with security and data breaches occurring almost every day.
To combat these ever-growing threats there’s growing recognition of the value of neurodiversity—the spectrum of neurological differences that includes autism, ADHD, dyslexia and others—for bolstering national security efforts.
WHY ARE NEURODIVERGENT INDIVIDUALS WELL SUITED TO CAREERS IN SECURITY?
Neurodivergent individuals possess unique perspectives, cognitive abilities and problem-
solving skills that can be invaluable in domains critical to national security. These domains include: cybersecurity, intelligence analysis and counterterrorism. By embracing and harnessing this diversity, governments can unlock a wealth of untapped talent and enhance their ability to safeguard against emerging threats.
One area in which neurodiversity can make a significant impact is cybersecurity. The industry needs professionals who can think outside the box, anticipate potential vulnerabilities and develop innovative strategies to defend against cyber threats. Neurodivergent individuals often excel in tasks that demand intense focus, attention to detail and pattern recognition: all essential qualities in cybersecurity roles. Their ability to approach problems from unconventional angles can lead to the discovery of vulnerabilities that might have been overlooked by more neurotypical individuals.
Similarly, in intelligence analysis, those who are neurodivergent can offer a fresh perspective on complex datasets and disparate information sources. Neurodivergent individuals may exhibit strengths in data analysis, information synthesis and information recall which are critical for identifying patterns and uncovering insights that traditional methods might miss.
Neurodivergent individuals can also play a vital role in counterterrorism efforts. The ability to understand and anticipate the behaviour of adversaries is essential for developing effective counterterrorism strategies. Neurodiverse individuals—with their propensity for hyperfocus and attention to detail—can contribute to analysing terrorist propaganda, identifying radicalisation patterns and detecting potential threats. Their unique cognitive abilities can complement traditional approaches to counterterrorism leading to more comprehensive and nuanced strategies for preventing attacks and neutralising extremist threats.
Such adjustments might include offering alternative interview formats, providing clear job descriptions and actively seeking out neurodiverse candidates through targeted outreach programs.
To fully leverage the power of neurodiversity in national security, governments and organisations need to overcome various challenges. Some of these challenges include:
Addressing stigma and misconceptions: combatting negative stereotypes and misconceptions about neurodiversity is crucial for fostering an inclusive environment in national security. Education and awareness initiatives can help dispel myths and promote understanding of the strengths and capabilities of neurodiverse individuals.
Implementing inclusive recruitment practices: adjusting recruitment processes to make them more inclusive can attract neurodiverse talent.
Providing reasonable adjustments, accommodations and support: offering reasonable adjustments, accommodations and support tailored to the needs of neurodivergent individuals can enable them to thrive in national security roles. These adjustments could include flexible work arrangements, sensory-friendly workspaces and access to assistive technologies or communication tools.
Creating supportive work environments: cultivating a workplace culture that values diversity and inclusion is essential for unlocking the potential of neurodiversity. Encouraging open communication, promoting teamwork and providing opportunities for professional development and mentorship can foster a supportive and inclusive environment for all employees. Organisations that have a diversity champions program will often be able to create greater team cohesion and provide wellbeing support for those who are neurodivergent.
Offering training and education programs: developing specialised training and education programs designed to accommodate the unique learning styles of neurodiverse individuals can help build their skills and expertise in national security-related fields. Providing access to relevant training resources and mentorship opportunities can empower neurodiverse individuals to excel in their roles.
Promoting leadership and advocacy: elevating neurodivergent voices into leadership positions and advocacy roles can help drive systemic change within national security organisations. Empowering neurodiverse individuals to advocate for their needs and perspectives can lead to more inclusive policies and practices that benefit the entire workforce.
Fostering collaboration and peer support: creating opportunities for neurodivergent individuals to connect with peers, share experiences and offer mutual support can enhance their sense of belonging and wellbeing in the workplace. Establishing peer mentoring programs or affinity groups can facilitate networking and collaboration among neurodiverse employees.
Measuring and celebrating success: recognition and celebration of the contributions of neurodiverse individuals to national security initiatives are essential for promoting a culture of inclusion and diversity. Establishing metrics to track the impact of neurodiversity initiatives and highlighting success stories can reinforce the value of neurodiversity within an organisation.
Those who are neurodivergent bring much to the table when it comes to unlocking the power of neurodiversity for national security. They often have skillsets that make them great candidates for work in national security.
Enhanced problem-solving skills: neurodivergent individuals often possess unique cognitive abilities that are well-suited to complex problem solving tasks. Their different perspectives and approaches can lead to innovative solutions and strategies for addressing security challenges.
Improved threat detection and analysis: neurodivergent individuals may excel in tasks that require attention to detail and pattern recognition, making them valuable for identifying emerging threats, analysing data and detecting potential security breaches.
Diverse skill sets: Neurodiverse individuals bring a diverse range of skills and talents to national security efforts. They may excel in areas such as data analysis, cryptography, coding and cybersecurity, complementing traditional skill sets and bolstering overall capabilities.
Increased resilience: a diverse workforce that includes neurodiverse individuals can enhance organisational resilience by bringing a variety of
perspectives and approaches to problem-solving. This diversity of thought can help organisations adapt more effectively to evolving security threats and challenges.
Expanded talent pool: by tapping into the talent pool of neurodiverse individuals national security agencies can access a broader range of skills and expertise. These people can help address skills shortages in critical areas such as cybersecurity and intelligence analysis and ensure the workforce is equipped to meet evolving security needs.
Innovative technologies and strategies: neurodivergent individuals will often contribute to the development of innovative technologies and strategies for enhancing national security. Their unique perspectives and problem-solving abilities can lead to the creation of novel tools, techniques and approaches with which to tackle emerging threats and vulnerabilities.
Increased employee satisfaction and retention: creating an inclusive work environment that values neurodiversity can lead to higher levels of employee satisfaction and retention. Neurodivergent individuals who feel supported and valued are more likely to remain engaged and productive, contributing to overall organisational success.
Stronger community engagement: embracing neurodiversity can foster stronger connections with diverse communities and stakeholders. National security agencies that reflect the diversity of the populations they serve may be better equipped to build trust, collaborate effectively and address security concerns in a holistic and inclusive manner.
Sadly, it is very common for those who are neurodivergent to experience bullying and abuse in the workplace. A recent study by the Chartered Institute of Personnel and Development (CIPD) in the UK found
one in five neurodivergent employees had experienced harassment or discrimination at work, while only half felt safe talking about neurodiversity in the workplace.
In addition, a further 31 percent of neurodivergent employees had not told their manager or HR about their neurodivergence. Thirty seven percent were concerned about people making assumptions based on stereotypes and 34 percent felt there was too much ‘stigma’ attached to neurodiversity.
Neurodivergent individuals may be subjected to bullying and abuse in the workplace because of a lack of understanding and awareness surrounding their conditions. In many cases, misconceptions and stereotypes about neurodiversity can lead to discriminatory attitudes and behaviours from coworkers and supervisors. Neurodivergent individuals may be perceived as different or ‘strange’, making them targets for harassment or exclusion within the workplace. In addition, the challenges neurodivergent individuals may face in communication, social interaction and sensory processing can be misunderstood or misinterpreted by others, leading to further marginalisation and mistreatment.
The competitive nature of many workplaces and the pressure to conform to societal norms of behaviour and performance can exacerbate the vulnerability of neurodivergent individuals to bullying and abuse. They may struggle to navigate office politics, to understand unwritten social rules or to meet certain performance expectations, making them more susceptible to criticism, ridicule or ostracism from their peers. The stigma surrounding neurodiversity may also discourage individuals from disclosing their conditions or seeking support, leaving them isolated and without recourse when faced with bullying or abuse in the workplace.
Neurodivergent individuals often experience higher levels of imposter syndrome compared to their neurotypical peers because of societal perceptions and misconceptions about their abilities and worth.
The pervasive stigma surrounding neurodiversity can lead individuals to internalise feelings of inadequacy or incompetence, despite their accomplishments and qualifications. Additionally, neurodivergent individuals may face unique challenges when navigating social interactions, communicating and processing sensory inputs, which can contribute to feelings of being different or ‘other’. This sense of not fitting in or belonging can exacerbate imposter syndrome, because individuals may fear being exposed as frauds or of being incapable of meeting expectations.
The discrepancy between neurodivergent individuals’ internal experiences and external feedback can fuel imposter syndrome. Many neurodivergent individuals possess strengths and talents that are not always recognised or valued in traditional academic or professional settings and, as a result, they may downplay their achievements or attribute their successes to luck or external factors rather than acknowledging their own abilities and efforts.
The pressure to conform to neurotypical standards of performance and behaviour can also create a sense of inadequacy or insecurity, leading neurodivergent individuals to doubt their own competence and legitimacy in their roles. Addressing imposter syndrome among neurodivergent individuals requires fostering a culture of acceptance, validation and support that recognises and celebrates their unique talents and contributions.
Neurodivergent individuals present organisations with valuable opportunities for enhancing national security capabilities in an increasingly complex and interconnected world. If organisations can tap into the unique strengths and perspectives of neurodiverse individuals they will have a rich pool of talent and innovation that can strengthen cybersecurity, intelligence analysis, counterterrorism and other vital aspects of national security.
Through inclusive policies, supportive environments and targeted training initiatives the full potential of neurodiversity can be unlocked to build a more
resilient and effective national security infrastructure for the future.
Lisa Ventura MBE is an award-winning cybersecurity specialist, writer and keynote speaker. She is the founder of Cyber Security Unity, a global community organisation dedicated to bringing together individuals and companies actively working in cybersecurity to help combat the growing cyber threat.
In addition, Lisa is a senior cybersecurity awareness specialist at Qualitest and is in high demand as a speaker and writer on various topics in cybersecurity including the cyber skills gap, career pathways into the industry, managing mental health and burnout, imposter syndrome, combatting bullying and abuse in the cybersecurity industry, cybersecurity’s image problem and the human factors/elements of cybersecurity.
www.twitter.com/cybergeekgirl
www.twitter.com/cybersecunity
www.linkedin.com/in/lisasventura
www.instagram.com/lsventurauk
www.youtube.com/@CyberSecurityLisa/videos
REACH OUT TODAY FOR AN INSTANT QUOTE. The team at Source2Create has all the necessary skills to get the job done for you, so your time can be reserved to focus on other things. aby@source2create com au charlie@source2create.com.au source2create com au With: Need a professional marketing, strategy and implementation agency that is dedicated, responsive, professional, creative, innovative,
By Venessa Ninovic , Senior Intelligence Analyst – Law Enforcement
Open source intelligence (OSINT) is the process of collecting and analysing publicly available information. It is used for various worthy purposes including fraud prevention, threat intelligence gathering, security, journalism, investigations and tracing missing persons.
But, like most good things, OSINT can also be used for bad, threatening the privacy of your children. I will provide tips on how to investigate your child’s digital footprint, and how the information posted can be used. Late last year I was on a panel run by the Australian Women in Security Network, where I advised parents to “red team your kids…” It got a few laughs, but that is the essence of this article.
Understanding your child’s digital footprint is a great way to establish what type of privacy settings their profiles have and what they are posting. Let’s be real. If you have teenagers, there is a 90 percent chance you will be blocked from using the same platforms. Basic searches can help overcome the hurdle of not even being able to search for their name on the platform due to being blocked.
Searching for your child’s name is a great way to get a quick and basic understanding of what has been posted about your child, or what your child is posting. If your child has a common name, I suggest you use quotations (also known as ‘Google dorking’) to narrow your search further, and ensure you are finding results for you child.
Before you begin searching, it’s good to know there are various search engines other than Google. Trying other search engines, like Bing or Yahoo, can generate different results.
Here are some examples of Google dorking searches you can do. Remember to also look at image results to find potential display pictures.
• Your child’s name and the state they live in: “Amy Smith” “NSW”.
• Your child’s name and the suburb that they live in: “Amy Smith” “North Sydney”.
• Your child’s name and the school they attend: “Amy Smith” “Sydney Girls High School”.
• Your child’s name and their best friend’s name: “Amy Smith” “Anna Raymond”.
• Your child’s name and their interests: “Amy Smith” “painting”.
• Your child’s email address: “amysmith104@ hotmail.com” and the handle in the email address: “amysmith104”.
To maximise your results you can also try variations of your child’s name, including nicknames and middle names. Also try removing the space between their first and last name. To search for usernames, try searching “@annasmith105”, with the @ symbol.
To search for your child on a particular social media platform, you can use the following Google dork: site:instagram.com <username>.
If you have located, or know, your child’s usernames for social media or gaming sites, you can put these into the websites below to reveal their profiles on various platforms which use that exact username.
• https://instantusername.com
• https://usersearch.org
• https://whatsmyname.app
If you have located a profile picture of your child, you can upload this into multiple search engines to search for other profiles where that picture has been used and where that image has been posted. To do this, save the image, go to the image function of the search engine and upload the photo.
It is unlikely the youth of 2024 are using Facebook; they would more likely be using platforms like Instagram and TikTok. The same goes for gaming and messaging platforms. There are so many new platforms popping up it’s imperative you understand the platforms they use, and how these function. What are the privacy settings? Are there chat features? How easy is it to accept friends, look up users and make phone calls with users? Even the most innocuous platforms like Spotify can allow users to have conversations through virtual rooms and live discussions, which is something to think about.
Pivoting is a term used to describe going down a rabbit hole while conducting OSINT searches. For example, finding and analysing an email address can
provide you with a potential username, year or date of birth (like amysmith1998@hotmail.com), social media profiles where the email address has been shared, and so forth.
For posts and photos of children, it might not be an email address that will provide these pivoting opportunities. It could be the colour of your child’s school jumper, even if the logo is omitted. The Lowes website provides images of hundreds of different school uniforms, which can be used to identify the school your child attends.
Is there a photo of you front door online? A photo with the house number on it? Or a photo of the interior of your home, with a unique feature like a fireplace? All this information can be used to pivot and find out more about where your family resides. This technique is known as ‘geolocation’ in the OSINT world.
Whether you are a ‘mumfluencer’ or just someone who wants to share photos of your family online, it’s good to check your privacy settings and your digital footprint. Have you used your full name in your usernames? Have you uploaded photos of your children? Are your privacy settings public? Have
you referenced your children’s first names? Have you posted images on their birthdays? Do you have images of your home? These are all questions you need to think about, because this information can be used by scammers, groomers and hackers.
Google has been expanding its process enabling you to remove personal information found in a Google search, making that process available to more people. There are several steps in the removal of your child’s personal information (such as email address and phone number) from Google search results, which are outlined here: https://www.wired.com/story/removepersonal-info-from-google-search-results/
TEACH YOUR CHILDREN ABOUT OSINT
If you have teenagers, my guess is they are quite internet savvy. I recommend you teach them about OSINT. It is an amazing skill to have, and demand is expected to grow, with many industries now requiring OSINT analysts. Talking to your children about OSINT may spark future career interests while showing them how to search for information available online, the dangers of posting personal information, and raising their awareness of privacy settings.
CHILD PRIVACY RESOURCES
https://clicksafeintelligence.com/ https://www.esafety.gov.au/parents/issues-andadvice/privacy-child https://www.accce.gov.au/resources/for-parents-
https://playingitsafe.org.au/parents-and-carers/ https://www.thinkuknow.org.au/
OSINT RESOURCES
https://osintjobs.substack.com/ https://osintnewsletter.com/ https://osinttelegraph.com/ https://www.osintdojo.com/diagrams/instagram
www.linkedin.com/in/venessaninovic
By Colby Prior , Founder of Sunred Security and Sasenka Abeysooriya, Program Director and Senior Strategic Adviser at The University of Queensland
INTRODUCTION
‘Stranger danger’ our parents would say as they kept a close eye on us from the park bench, instilling in us a healthy fear of strangers. Ironically, when we go online and routinely interact with strangers, this innate caution tends to disappear. This striking difference highlights how we handle dangers differently in different settings, and it sets the stage for an important conversation about how our online behaviour differs from our real-world caution.
‘STRANGER DANGER’ IN THE PHYSICAL WORLD VS ONLINE
Teaching children to be cautious around strangers has relied heavily on the idea of ‘stranger danger’ for many years. This method, which began in the middle of the twentieth century in response to prominent kidnapping cases, teaches young children to be cautious. Basic safety precautions like staying in groups in strange places, never going with strangers and refusing to accept gifts or rides are instilled in
children at an early age. By raising consciousness about the risks presented by strangers in everyday settings, these principles aim to shield the young and vulnerable from harm.
Many online interactions involve actions that go against these guidelines, disregarding the deeply ingrained cautions about ‘stranger danger’. Activities like making friends on social media, seeking relationships through online dating and disclosing personal information to unknown (or known) organisations are common. There are psychological aspects specific to the digital world that make these things easier. People may become less cautious when using the internet because of the feeling of anonymity it offers. People are more willing to open up to strangers online because they feel more in control of their digital interactions, where they can block or ignore users. This disparity represents a major change in our perception and management of interactions with strangers in the digital age.
Cyber threats nowadays are far more complex and coordinated than the stereotypical image of a mysterious stranger in a hoodie would have you believe. This change is best illustrated by advanced persistent threats (APTs), which are not perpetrated by only a few bad apples but rather by groups of highly trained cybercriminals who break into systems and steal sensitive information over an extended period. Rather than seizing opportunities as they arise, APTs are targeted at specific organisations, frequently zeroing in on less experienced or less seasoned personnel who are less likely to be able to identify and counteract these sophisticated attacks. The shift from individual hackers to coordinated groups highlights the importance of better knowledge and stronger defences to safeguard confidential data and company assets.
At the same time, phishing attacks have changed significantly over the past two decades. Criminals are becoming good at using social engineering and cutting-edge tech to make these scams look like genuine communications. It is very difficult to identify modern phishing attempts because they often use persuasive narratives and personal information. They are difficult to spot, even for the most tech-savvy people, including those of younger generations. To combat these increasingly sophisticated cyber attacks, people must be more vigilant and receive better cybersecurity education so they can identify and avoid falling victim to such schemes.
A 2024 study conducted by Ernst and Young (EY) found members of Generation Z more likely to fall for phishing emails than older generations. Only 31 percent of Gen Z felt very confident identifying phishing attempts, a nine percentage point drop from 40 percent in 2022. Many more (72 percent) said they had opened an unfamiliar link that seemed suspicious at work than Millennials (51 percent), Gen X (36 percent) and Baby Boomers (26 percent).
And the proliferation of phishing emails generated by artificial intelligence has added to the complexity of detecting malicious links and content.
The consequences of data breaches on individuals and organisations are becoming more obvious as we deal with complex digital interactions and advanced cyber threats. For example, the Optus breach in Australia exposed flaws in supposedly secure systems. Nearly 10 million users’ personal information was made public in this incident, putting many Australians at risk of identity theft. The fallout was a severe loss of confidence in addition to a logistical nightmare: thousands were forced to replace key identification documents like driver’s licences. Companies like Optus face not only shortterm financial losses but also long-term effects like damaged customer trust and heavy legal fines as a result of data breaches. Cyber literacy and awareness are crucial for our protection in the digital age, just like the ‘stranger danger’ lessons we learned as children.
Like early lessons on ‘stranger danger’, we need to proactively incorporate cybersecurity education into school curricula and adult learning programs so we do not have to wait for the next data breach to wake us up. Children should be prepared to safely navigate both the real and virtual worlds from an early age. The same is true for adults; as cyber risks evolve, so too must the education and awareness programs designed to keep people safe online. Teachers need to create all-encompassing lesson plans, parents need to make sure their children are safe when using the internet at home, and lawmakers need to pass legislation to raise the bar for digital education for students of all ages.
We can foster a generation that knows how important it is to keep personal data safe by making sure everyone is aware of the dangers of cyberspace, how to manage risks when shopping online, and how to stay vigilant when using technology.
In the event of a data breach, individuals and organisations should know they are not alone. Victims of cybercrimes such as phishing, data breaches, hacking and identity theft can rely on organisations such as IDCARE, Australia and New Zealand’s national identity and cyber support service for invaluable assistance.
www.linkedin.com/in/sasenkaabeysooriya
www.twitter.com/sasenka89
www.instagram.com/sasenkaabeysooriya
www.linkedin.com/in/colby-prior
www.twitter.com/colbyprior
Sasenka Abeysooriya is an accomplished executive with extensive expertise in strategy, governance, risk, transformation and program management, specialising in multiple disciplines including enterprise architecture, change management, data governance and cybersecurity. He has been recognised both nationally and internationally as an industry expert in data governance. Sasenka currently serves as the program director for The Queensland Commitment, an initiative established by The University of Queensland to break down barriers to education and build a brighter future for the state by 2032. His professional background spans operational and consultancy roles across a variety of sectors, with a specific focus on higher education. He holds degrees in Economics and Finance, Information Technology and International Relations. Additionally, he is deeply committed to social causes, actively supporting underprivileged children in Australia and Sri Lanka.
Colby Prior is a seasoned security engineer and cybersecurity trainer with a passion for protecting digital landscapes. Colby has honed his expertise in designing and implementing robust security measures to safeguard against cyber threats. As a dedicated trainer he is committed to educating individuals and organisations on best practices for cyber defence, empowering them to navigate the complex digital environment with confidence. Colby's dynamic approach to training combines technical knowledge with practical insights, making him a trusted resource in the realm of cybersecurity.
the book itself. She is a 9 year old avid internet user, and I do worry about what she gets up to and the choices she makes. We limit her access and have cyber security overlays on her devices - but we are not too clued up on cyber security so it was always a worry. This book has been great to get conversation flowing that I didnt really know how to start up, and it has definitely taught her some worthwhile lessons on things to look out for and "shadowy corners" of the internet to be cautious of! I recommend this book.
CRAIG WHYTE
by Craig Whyte , Associate Director at Decipher Bureau
In the rapidly evolving digital landscape women are playing a crucial role in safeguarding our future through cybersecurity. Despite facing significant challenges, women are emerging as pivotal figures in defending nations against complex cyber threats.
This article explores some of their contributions globally, key policies they have created, governance innovations they have driven, and the untapped potential of neurodiversity in national security. It highlights the necessity for a gender-diverse workforce in cyber to enhance the protection of our future.
Women make up only 17 percent of the cyber workforce in Australia. However, their representation is growing: their numbers increased fourfold from 2016 to 2021, compared to a threefold increase in the number of men.
Challenges reported by women in the industry include gender stereotypes, balancing work and family responsibilities and not having role models or mentors. As more female leaders emerge they will serve as role models for future talent, and help protect our nation.
Women like Lauren Knausenberger and Tami Hudson exemplify the significant impact female leaders can have.
Lauren Knausenberger. As the former chief information officer of the United States Air Force, Knausenberger led significant modernisation initiatives. She scrapped outdated IT policies, introduced IT-as-a-service models and implemented a zero-trust cybersecurity model. These efforts enhanced the Air Force’s ability to detect and respond to threats in real-time, bolstering national security in the US.
Tami Hudson. At Wells Fargo Hudson serves as the executive vice president and cybersecurity client officer. She has implemented robust cybersecurity risk management frameworks, enhanced incident response capabilities and integrated advanced cybersecurity technologies. Her leadership ensures the protection of the financial sector, which is crucial for national economic stability.
INTERNATIONAL SECURITY STRATEGY POLICIES: WHO’S WRITING THEM?
Women are not only defending digital borders but also shaping the policies that govern them.
Marietje Schaake, a former member of the European Parliament, played a key role in drafting the EU’s General Data Protection Regulation (GDPR). This regulation has set a global standard for data privacy and protection, demonstrating the influence women can have on international cybersecurity policies.
In Australia, Jacqui Loustau, founder and executive director of the Australian Women in Security Network (AWSN), has been instrumental in advocating for gender diversity in cybersecurity. Her efforts focussed on breaking down barriers and fostering a more inclusive environment for women in security, ultimately influencing policies at both national and organisational levels.
Women are driving governance innovations that shape the future of cybersecurity. Michelle Price, former CEO of AustCyber, has fostered collaboration between the government, the private sector and academia to build a robust cybersecurity ecosystem in Australia. At AustCyber she developed initiatives that support innovation, research and the commercialisation of cybersecurity solutions.
Dr Lesley Seebeck, as an adjunct professor at the Australian National University, has developed comprehensive cybersecurity strategies that integrate national security, economic stability and technological advancement. She has fostered public-private partnerships and encouraged crosssector collaboration, enhancing the overall security framework in Australia.
Organisations benefit from having more women in the cyber workforce because the diversity they bring is essential for problem solving and tackling complex threats. Those organisations that are able to retain and provide job satisfaction for their female cybersecurity staff are better able to attract new female talent who will in turn help to inspire the next generation.
Embracing neurodiversity in national security can also significantly enhance problem-solving capabilities, innovation and overall effectiveness. Neurodiverse individuals—such as those with autism spectrum disorder (ASD), ADHD and OCD—bring unique strengths like pattern recognition, problem-solving and attention to detail.
Organisation face challenges attracting people with these talents and creating an environment in which they can thrive. Traditional recruitment processes can deter neurodivergent candidates from applying, and teams are often not set up to fully support them.
To build a neurodiverse workforce leaders must revamp their recruitment strategies and processes. They need to create a supportive working environment
and provide training to create a culture of inclusion and understanding that supports neurodivergent colleagues effectively. This is not without its challenges, but if done well can enhance cyber resilience within the workforce and make effective use of neurodivergent employees’ unique skills.
The inclusion of women and neurodivergent individuals in cybersecurity is not just a matter of equity but a strategic necessity. Women like Lauren Knausenberger and Tami Hudson demonstrate the critical role female leaders play in national security. By addressing the challenges they face and leveraging their unique strengths, we can build a more resilient and innovative cybersecurity workforce.
Sources:
• “Women critical to future of Australia’s cyber security: report.” RMIT University.
• “Women in Australia’s Cyber Security Industry Growing.” Australian Cyber Security Magazine.
• RAND Corporation. “Neurodiversity and National Security: How to Tackle National Security Challenges with a Wider Range of Cognitive Talents.”
• The Strategist - Australian Strategic Policy Institute. “Neurodiversity and National Security.”
• Marietje Schaake. “General Data Protection Regulation (GDPR).” European Parliament
• Jacqui Loustau. “Advocacy for Gender Diversity in Cybersecurity.” AWSN
• Michelle Price. “Cybersecurity Innovations and Collaborations.” AustCyber
• Dr Lesley Seebeck. “Cybersecurity Strategies and Public-Private Partnerships.” Australian National University
www.linkedin.com/in/craigstuartwhyte
Content allows you to establish, share, and strengthen your brand. It helps build relationships which is why we are shining the light on our content service.
Content strategies don’t just define the goals your content is intended to achieve, but also the procedure, processes and governance required to get there. We can show you how to manage your content effectively .
We can then use that content to attract, acquire and engage your customer and new prospects, deepening your relationships
What are you waiting for? REACH
JO STEWART-RATTRAY
by Jo Stewart-Rattray , Oceania Ambassador, ISACA
Australia has made significant strides to establish robust cybersecurity frameworks. Government initiatives, including the 2023-2030 Australian Cyber Security Strategy, outline comprehensive plans to enhance the nation’s cyber resilience.
The Australian Cyber Security Strategy in particular includes six clearly defined cyber shields focused on improving threat intelligence sharing, enhancing incident response capabilities and promoting cybersecurity awareness. Importantly, the strategy emphasises that collaboration between government, businesses and the community is the ultimate weapon to protect against cyber threats.
In addition, the Australian Government has identified opportunities to strengthen cybersecurity laws to ensure adequate protection for Australian citizens
and businesses. These enhancements will establish fundamental cyber risk mitigations to boost confidence in our digital economy.
While regulation is important, it often exists in tension with innovation. Crafting policies that provide adequate security without hindering technological advancements is crucial for fostering a vibrant tech ecosystem, one in which businesses can innovate whilst adhering to best-practice cybersecurity standards.
Maintaining effective cybersecurity governance is a significant impost on businesses. Ensuring regulatory compliance can be resource-intensive, especially for small and medium enterprises (SMEs). However, regulatory compliance also creates a competitive
advantage by building trust with customers. ISACA’s 2024 State of Digital Trust report reinforces this notion and identifies the top benefits of digital trust for an organisation—cited by the 5,800 digital trust professionals responding to ISACA’s study—as being: positive reputation (71 percent); more reliable data for decision-making (60 percent); and fewer privacy breaches (60 percent).
Those organisations with robust cybersecurity measures offer customers and stakeholders increased confidence that their personal data and privacy are valued, respected and safeguarded against breaches and misuse.
But to achieve high confidence and digital trustworthiness organisations must often overcome obstacles that may limit or prevent them from pursuing digital trust. ISACA’s survey found lack of staff skills/training to be the biggest obstacle to achieving high levels of digital trust, cited by 53 percent of respondents. Additional significant
obstacles cited included: lack of leadership buy-in (44 percent); lack of budget (44 percent); lack of alignment of digital trust and enterprise goals (43 percent); digital trust not a priority (39 percent); lack of technological resources (37 percent); and insufficient processes and/or governance practices (37 percent).
While artificial intelligence can play a role in transforming security measures by enabling efficient and effective threat detection its rapid proliferation and infiltration into everyday life also increases security concerns.
There is no doubt AI systems can analyse vast amounts of data in real-time, identifying patterns and anomalies that might indicate a cyber threat. However, the deployment of AI in cybersecurity raises significant policy considerations. According to a new of 3,270 digital trust professionals, only 15 percent of organisations have AI policies, and 40 percent offer
no AI training. These figures are concerning given that 70 percent of respondents said staff were using AI, and 60 percent reported the use of generative AI tools like Microsoft CoPilot, Google Gemini and OpenAI’s ChatGPT.
As AI becomes integral to cybersecurity it will be crucial to address the associated risks through comprehensive policies. The ISACA poll found 60 percent of respondents worried or very worried about bad actors exploiting generative AI, with misinformation and disinformation being the top AI risks, identified by 81 percent of respondents. Despite these concerns, ISACA found only 35 percent of organisations prioritising AI risks, underscoring the need for more proactive governance.
AI is reshaping the workforce: 45 percent of respondents anticipated job eliminations and 80 percent predicted job modifications over the next five years. It will be critical to develop policies that address AI competency and the ethical implications of AI.
Interestingly, the ISACA survey found digital trust professionals in fields like information security, governance, risk and privacy to be optimistic about AI’s impact on their careers: 78 percent of respondents expected a neutral or positive effect. Eighty five percent identified a need to enhance their AI skills and knowledge within two years to harness AI’s potential while mitigating risks.
AI’s ethical implications must be a core consideration in policy development. Ensuring transparency, fairness and accountability in AI systems is essential to prevent biases and protect individuals’ rights.
Looking ahead, future policies must address several key areas to ensure the secure and responsible deployment of AI. One crucial aspect will be the establishment of comprehensive AI policies that provide clear guidelines for AI usage, risk
management and ethical standards. These policies will serve as a foundation for responsible AI practices, ensuring that AI technologies are developed and used in a manner that prioritises safety and ethical considerations.
Training and education also play a vital role in the effective deployment of AI. Providing AI training to employees is essential for enhancing their competency and awareness, enabling them to leverage AI technologies effectively and responsibly.
Fostering collaboration between government, industry and academia is key to sharing knowledge and best practices. Public/private collaboration will drive innovation and ensure AI developments benefit from a wide range of expertise. Finally, promoting diversity and inclusion in AI development and deployment is essential. Inclusive policies will ensure diverse perspectives are considered, leading to more innovative and equitable AI solutions.
Governance plays a pivotal role in shaping the cybersecurity landscape and managing the integration of emerging technologies like AI. In Australia, by balancing regulation and innovation, we can create a secure digital environment that benefits businesses and individuals alike.
Jo has over 25 years’ experience in the security industry. She consults in risk and technology issues with a particular emphasis on governance and IT security in businesses as a director with BRM Advisory. She regularly provides strategic advice and consulting to the banking and finance, utilities, healthcare, manufacturing, tertiary education, retail and government sectors.
www.linkedin.com/in/jo-stewart-rattray-4991a12
by Ema Margarida Correia , Cyber Risk-Tech Analyst at Deloitte Portugal
In today’s tech-driven world, where innovation and disruption are the norm, cybersecurity has emerged as a critical concern. Due to its undeniable transformative influence on society, cybersecurity has taken the spotlight, fundamentally changing the way we navigate our daily lives, reshaping the way we work and even the way we interact with each other.
As our world becomes increasingly digitally connected and as technology becomes more integrated into our daily lives, the need for robust cybersecurity policies becomes more apparent. This is particularly evident when we consider the central role cybersecurity now plays in safeguarding critical infrastructure, including healthcare, legal and financial institutions, all of which have a significant impact on our lives.
Over the past decade the cyber landscape has undergone rapid evolution, with attackers amplifying
the threat by employing increasingly sophisticated methods with greater reach. The global spike in cyberattacks is a stark illustration of this trend.
In Australia alone, 94,000 cybercrimes were reported in FY23, a 23 percent increase on the previous year, and the average cost of cybercrime per report increased by 14 percent, according to the Australian Signals Directorate’s Cyber Threat Report 2022-2023
A similar scenario unfolded in the European Union, according to the latest European Union Agency for Cybersecurity (ENISA) Threat Landscape Report, dated October 2023. It reported an increase in cybersecurity attacks, both in terms of variety and number of incidents. Hacktivism has continued to grow, and new ransomware groups have emerged. The first half of 2023 saw an unprecedented increase in ransomware incidents, to 31.32 percent of the threat landscape analysed between July 2022 and June 2023.
These escalating threats coupled with the rapid pace of technological advancement underscore the
urgency for policymakers to keep up with the evolving cyber landscape. But therein lies the real challenge: the lengthy regulatory process fails to match the pace at which cyberspace is changing. And the traditional approach of playing regulatory catch-up is no longer sufficient, especially with the integration of artificial intelligence into cyber threats.
While legal expertise is undoubtedly essential for drafting any legal document, it can fall short when formulating cybersecurity policy, potentially resulting in outdated laws or, worse, legal loopholes that leave critical areas unprotected. Effective cybersecurity policymaking therefore requires a comprehensive understanding of the ins and outs of the dynamic world of cybersecurity, along with the technical and legal frameworks in which cybersecurity operates.
Developing robust cybersecurity policies therefore requires a collaborative effort. Legal experts must ensure policies are legally sound and enforceable while cybersecurity experts must provide technical insight into evolving threats and complex network structures to ensure proposed solutions are technically feasible, and ultimately lead to more resilient frameworks.
“It is change, continuing change, inevitable change, that is the dominant factor in society today. No sensible decision can be made any longer without taking into account not only the world as it is, but the world as it will be...” - Isaac Asimov
Several studies have shown that gender-diverse teams are more innovative and better equipped to tackle complex problems thanks to the different perspectives they bring to the table.
Therefore, fostering gender diversity in cybersecurity policymaking not only promotes equality and inclusion in a historically male-dominated field, it also ensures consideration of a broader range of potential problems and solutions, resulting in more effective cybersecurity strategies.
Let’s delve deeper into why women’s contributions are invaluable in crafting comprehensive policies and regulations.
• Diversity of perspectives and skills. Diversity of perspectives is fundamental to the development of comprehensive cybersecurity policies. Homogeneous teams run the risk of groupthink and unconscious bias. Women bring different experiences and offer a different lens on cybersecurity challenges and solutions, which can help identify blind spots and ensure policies address the needs and concerns of a broader range of stakeholders.
• Bias-free cyber policies and regulations. Women’s involvement in policymaking ensures wider representation, guaranteeing that regulations address diverse interests, needs and concerns. By avoiding unconscious bias and by considering a wide range of viewpoints, policymakers can develop regulations that are both fairer and more effective.
• Different risk perception. Research suggests women typically perceive risk different from men. In general, women often take a more cautious approach to risk, consider a broader range of social impacts, and tend to prioritise preventative measures. While this is neither inherently positive or negative, incorporating diverse perspectives contributes to a more holistic understanding of cybersecurity threats and vulnerabilities and ensures policies address a broader range of risks.
• Adequate focus on gender-specific threats. Men and women experience cyber threats and their impacts differently, with women being more vulnerable to certain types of cyberattacks, such as online harassment and misogyny, cyberstalking and image-based abuse. Without gender diversity at the decision-making table there is a greater risk of overlooking gender-specific threats or misunderstanding the unique challenges women face in cyberspace. By including diverse perspectives, policymakers can identify and address blind spots in cybersecurity policy, ultimately improving its effectiveness.
In summary, women are pivotal players. They will have a role in shaping cybersecurity strategy and policies. Embracing diversity and inclusion in policymaking is fundamental to crafting policies that are comprehensive, effective, unbiased and responsive to the complex challenges of cyberspace. Embracing diversity and inclusion will also finally close the gender gap. In our quest for security and resilience, diversity isn’t just a buzzword – it’s our greatest asset.
www.linkedin.com/in/emamcorreia
by Chantelle Ralevska , Founder & Director @Psyber
It was two years ago while sitting as an audience member at a Vogue Codes event and hearing from inspiring female technology leaders that an idea struck Chantelle Ralevska like lightning. A fire was ignited and the journey of Psyber began.
Ralevska has been working in cybersecurity and technology for six years. She has delivered cybersecurity education to more than 440,000 people globally, including employees at some of Australia’s largest organisations, such as Westpac, Woolworths and Macquarie Group.
Today Ralevska is the founder of Psyber, a startup focused on people-centric cybersecurity solutions for businesses and schools across Australia. Psyber’s speciality is cybersecurity awareness training, but it also offers consultancy services to help organisations stand up their own awareness function. Psyber is unlike other training providers. Its industry experts have collaborated with educators and teachers to develop one-of-a-kind customisable and engaging training aligned to best practice learning methods.
Ralevska says 99 percent of all cyber attacks are the result of human error, whilst many awareness offerings are off-the-shelf products designed to tick a box and meet compliance obligations. “At Psyber, we wanted to create learning that works: learning that is highly customised to a business; learning that engages staff and leads to lasting behavioural change.”
Psyber is Australia-based and Australian-made. Courses are customised for the Australian market and regularly updated to keep up with the ever-changing threat landscape.
Ralevska says: “We want to help foster a proactive approach to cybersecurity. To make it as accessible as possible and help build the foundations that allow a business to create a strong security culture.”
Psyber is collaborating with cybersecurity experts, educators and psychologists to deliver meaningful outcomes for students, teachers and parents. Ralevska notes that cybersecurity became part of
the Australian curriculum describing this as a huge step forward.
“My mum was deputy principal of a junior school at the time the idea for Psyber was born and, being in vastly different fields we would speak openly about cybersecurity issues,” she says. “It was eye-opening to see firsthand just how little was being done in schools to teach students and teachers about this incredibly important topic. While students learn about digital safety issues, such as cyberbullying, they are not taught key cybersecurity topics that impact them on a daily basis; topics like how to set a strong passphrase and how to spot phishing communications.”
To support teachers to meet Australian curriculum requirements and develop scalable education for all schools, regardless of location, Psyber has built the CyberSafe Academy. This is an innovative, gamified online learning program where K-12 students
complete modules to develop their understanding of cybersecurity in ways that are both fun and impactful. The program has been designed to put the student learning experience at the forefront, leveraging proven teaching methods to create positive student outcomes.
“At Psyber, we believe cybersecurity education should be a right, not a privilege,” Ralevska says. “We wanted to be a part of the change that brought this mission to life.”
Ninety four percent of children use the internet by the age of four. Seventy two percent have experienced at least one cyber threat. The purpose of Psyber’s CyberSafe Academy is to raise awareness and develop foundational skills so children and young people know what to look out for, and what practices to put in place in order to use the internet with privacy and security in mind.
Ralevska says schools and children are an alluring target. “The harsh reality is that, whilst children are digital natives and incredibly tech savvy, they are also more willing to share personal data and more willing to trust: two characteristics that cybercriminals prey on. New data out of a UK cybersecurity firm found that K-12 education was the single most targeted industry globally last year, and that is because schools possess incredibly sensitive data about both students and parents.”
Psyber wants to bolster the cybersecurity of the entire education industry. Through partnerships with government and industry, it is hoping to make this happen.
In addition to educating children and young people and teachers and parents on cybersecurity, Psyber is on a mission to address the cybersecurity talent pipeline, Ralevska says.
“It’s estimated the global cybersecurity talent shortage could reach 85 million workers in just the next six years. Given that our platform allows us to connect with students, we wanted to respond to the growing concern in our industry and inspire more young people to enter careers in the industry. Our senior school programs include education on cybersecurity pathways as well as real-life stories from cybersecurity and technology professionals.
“Research shows that what children learn at an early age and the careers they are exposed to have an impact on their career trajectory. By developing cybersecurity knowledge as early K-6, we know that, long-term, we will inspire more students to consider cybersecurity careers.”
Psyber is a female-founded and female-run startup that assigns high priority to diversity. It is one of only four percent of cybersecurity startups founded by women.
Ralevska is passionate about empowering more women to enter the cybersecurity field. “Diversity is our biggest superpower in any industry,” she says.
“Our hope is that, by working with more children and amplifying cybersecurity within schools, we will have an impact, that young girls will see themselves in us and think, ‘hey, that’s something I’d love to get into.’ After all, you can’t be what you can’t see.”
She says Psyber is also selling educational resources for teachers and parents to help make cybersecurity fun. “For too long, cybersecurity has been perceived as this incredibly techie industry dominated by men. We want to reshape children’s perceptions of it altogether. We want to show that, actually, cybersecurity is incredible fun: protecting your data, taking charge of your digital footprint, all of these things are empowering and really fun.
Looking forward, she says: “Psyber has incredible partnerships and projects in the works. Cybersecurity is not going away. With advancements in AI we know that attacks are becoming more sophisticated and efficient. We see Psyber becoming the one-stop-shop for all cybersecurity education needs, regardless of who you are and what you do.”
https://psyber.com.au
www.instagram.com/psyberau
www.linkedin.com/company/psyberau
by Coralyn Vega , Cybersecurity Advocate / AI & Digital Marketing Maven
When I think about the subject of cybersecurity and the women defending our tomorrow, I can’t help but liken these women to superheroes. Wonder Woman, played by Gal Gadot, is my favourite icon of strength and justice. Even though critics were not too fond of Ms Marvel, I admire her uniqueness and resilience; qualities that are essential in the field of cybersecurity. Just like Wonder Woman and Ms Marvel, women in cybersecurity demonstrate immense power, intelligence and resilience protecting our digital worlds.
Reflecting on powerful women naturally leads me to think of influential female leaders throughout history who have shaped the world. Women like Corazon Aquino from the Philippines, my country of birth, hold a special place in my heart. She is revered for her role in the peaceful People Power Revolution which restored democracy after years of authoritarian rule. Her calm yet determined leadership during a critical period of political upheaval has made her a beloved figure in Philippine history.
Similarly, Golda Meir of Israel—a country I hold dear as a Jew—left a profound legacy as a formidable leader, the ‘Iron Lady’ of Israeli politics before the
term became associated with Margaret Thatcher. Meir was known for her straightforward, no-nonsense leadership style and her ability to make tough decisions during perilous times, particularly during the 1973 Yom Kippur War. Her leadership helped solidify Israel’s standing as a nation, reinforcing its resilience in the face of adversity.
In stark contrast to these historical figures, here I am in the United States, a nation that prides itself on its progressive values, yet it has not seen a woman take the highest office as President. This juxtaposition is especially poignant given that women constitute only about 24 percent of the workforce in cybersecurity, according to a report by the International Information System Security Certification Consortium (ISC2). This despite the field being as vital to national security as the presidency is to governance. This statistic highlights the broader issue of gender inequality in both the political and technological arenas. Despite significant progress, women are still underrepresented in leading roles that shape the future of societies and industries alike.
The journeys of women like Lisa Jiggetts and Parisa Tabriz are not just personal triumphs but clarion calls for the potential and critical need for female leadership in cybersecurity. Lisa Jiggetts, who founded the Women’s Society of Cyberjutsu, started her career in a technical role where she quickly recognised the significant gender gap in her field. Determined to make a difference, Lisa’s vision for the Women’s Society of Cyberjutsu was born out of her passion to empower and support women through training, mentorship and community. Her organisation is now pivotal to fostering female talent in cybersecurity, offering resources that help women start and advance in security careers.
At the other side of the spectrum, Parisa Tabriz, known affectionately as Google’s Security Princess, began her career as a security engineer. Her title reflects her role’s uniqueness and her approach to ‘hacking’ traditional perceptions of tech roles. As leader of the security team for Chrome she has been instrumental in developing initiatives that protect billions of users from cyber threats. Her work has not only made the internet a safer place but has also served as a powerful example of how women can influence and lead in high-tech environments.
Just like Wonder Woman and Ms Marvel, women in cybersecurity demonstrate immense power, intelligence and resilience protecting our digital worlds.
Both women exemplify how starting in technical roles does not confine a person to the back office. Instead, these roles can be springboards into influential positions that shape the industry. Their stories highlight the strides women are making in cybersecurity, transforming the field from the inside out and setting the stage for future generations of women to follow. These inspiring examples showcase what women can achieve. They demonstrate leadership, innovation and a commitment to enhancing security in our increasingly digital world.
The road to increasing female participation in cybersecurity is filled with barriers, from stereotypical
by Marina Azar Toailoa , Security Operations
A very popular topic now spreading through all protective security departments is the issue of weapons and extra PPE for security guards. This has always been a hot topic that gets a lot of attention. However, after the Bondi Junction attack it gained extra attention, which led to a review into the use of weapons by security guards.
The main reasons raised for security guards to carry more PPE and weapons are that doing so would promote the safety and security of the asset they’re employed to work within, and better protect the wider community. In the wake of the Bondi Junction attack, many people were quick to jump to the conclusion that extra weapons and safety gear would prevent similar attacks from happening, or enable them to be better managed.
I have been employed in facilities where I carried multiple weapons which I never used. A weapon is always a last resort. Communication and deescalation techniques should be used as much as possible before a weapon is touched. There is also no point providing all security guards with extra weapons if they are not trained adequately on how to use them, or do not understand the right time to use them.
The topic is much debated, and my view is that equipping guards with extra weapons is not the answer to improving security. I do believe security guards can benefit from extra safety gear such as stab proof vests and duress alarms and location devices so their control operator can know their exact location during their shift in the event of an emergency and the need for a rapid response.
However, I believe the solution to improving security guard response and emergency management lies in extra site-specific training provided by RTOs or the site at which they are employed.
The initial course to obtain a security license contains much information on security duties with many scenarios covering shopping centre response to low-risk situations, and work within clubs and pubs. From my own observations, the security operations course is great. However, it could benefit from increased specific training on high stress situations and emergencies.
When I was managing sites, many security guards were not sure how to respond to high-risk situations, or were confused about the situations in which they had powers to respond.
The security course needs to provide further clarity surrounding security powers and how to respond when danger is present. Security guards can
also benefit from refresher training on situational awareness. It is up to the site at which they are employed to invest in training to ensure their team is constantly upskilled. This will also boost their team’s confidence to respond without second guessing themselves.
There is much debate within the industry on who should pay for this extra training. Whether it’s the security guard or the site, it’s critical to invest to ensure that, when the time comes, the individual is promoting and protecting safety and security of the asset, community and themselves appropriately.
I do hope security courses provide extra training surrounding high risk emergencies in the near future and there is less pressure on security guards to risk their own lives to protect others. Safety is paramount, including their own.
www.linkedin.com/in/marina-azar-toailoa-66259511a
Karen Stephens is the co-founder and CEO of BCyber. After more than 25 years in financial services, Karen moved into SME cybersecurity risk management. She works with SMEs to protect and grow their businesses by demystifying the technical aspects of cybersecurity and helping them to identify and address cybersecurity and governance risk gaps. She was recently named inaugural Female Cyber Leader of the Year at the 2023 CyberSecurity Connect Awards in Canberra.
In our little corner of the cyber world, we have been saying for years that “cyber is more than just a tech problem, it’s a business risk problem.” Strong cyber resilience is all about good governance and risk management; a rather controversial statement when, traditionally, cyber resilience has been all about the tech, with the focus on ‘security in depth’ and, more recently, ‘security by design’. However, lately we have started to see a shift in attitude from some quarters.
So, let’s unpack what some see as a rather scary world of ‘cybersecurity governance’: what it is, why it is important and how you can start taking a few small steps in the right direction.
When all is said and done, it is simply the approach your business takes to manage your cyber risk as defined by your management team. Generally, it involves establishing and maintaining a framework, management structure and processes to address identified cyber risks.
The importance of cybersecurity governance lies in its role in preparing you for a cyber breach incident and providing you with the ability to demonstrate to your key stakeholders (clients, partners, investors, regulators, insurers, etc) your preparedness and
resilience and ability to respond to cybersecurity incidents. In practice, it also means that, should a cyber incident occur, you know exactly what to do, and when and how to do it.
Establishing a cybersecurity governance program can seem somewhat overwhelming. So, here are two things you can do to get yours started today.
1. Understand your cyber risk. Complete a thorough cyber risk assessment of your business and communicate the most critical risks to the board. This includes understanding your threat landscape, identifying vulnerabilities and assessing the effectiveness of current cybersecurity tools in mitigating the identified risks. After this assessment, actions and monitoring tasks will be outlined and followed up, but that is for another day.
Special hint: your cyber risk assessment will ensure you identify critical risks such as third-party vendors, and specific actions your business can undertake to mitigate any associated risks. Third-party risk is just one example of the many risks you will need to identify and address, but as it seems to be in the headlines at the moment, it’s worth a special mention (let’s give a shout out to Firstmac, IRESS, (which resulted in OneVue being affected) and MediSecure)
2. Written and practiced plans. Develop comprehensive cyber breach response and business continuity plans to address any potential cyber incidents. These plans should be developed in collaboration with key stakeholders and should include a structured cyber breach response strategy, crisis management protocol and routine assessments of cyber risk status.
Special hint. Build muscle memory by conducting regular run throughs of your cyber breach response and business continuity plans. You don’t want the first time you open the plans to be in response to a live breach.
Remember, good cyber governance is not a niceto-have. It is a must-have, if you take your cyber resilience seriously.
www.linkedin.com/in/karen-stephens-bcyber
www.bcyber.com.au
twitter.com/bcyber2
karen@bcyber.com.au
youtube.bcyber.com.au/2mux
Gcwalisile Matse is currently pursuing a BSc(Hons) in Network Security and Computer Forensics at Botho University.
BSc(Hons) Student in Network Security and Computer Forensics at Botho University
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest? Honestly, the first thing I mention is how well cybersecurity professionals are compensated. It takes a lot of hard work and dedication to succeed in this field, and even when you achieve success, the job remains challenging. Secondly, cybersecurity roles offer the flexibility to work from home, allowing professionals to maintain a healthy work-life balance. For me, this career is perfect because it suits my personality. I’m a free spirit who loves travelling, and I don’t want to be tied down by geographic boundaries. Lastly, this career offers a variety of incredible roles, allowing for smooth transitions from one role to another. This flexibility ensures that you’re never stuck in the same job, always encountering new challenges and opportunities to explore.
I’ve always wanted an unconventional career— something that challenges me while being fun and intellectually stimulating. Upon graduation, I aspire to secure a role as a SOC Analyst. SOC roles often serve as stepping stones to more advanced positions in cybersecurity, such as incident response manager or cybersecurity architect. Since my end goal is to become a CISO, starting out in SOC will be a great learning opportunity. Besides the potential
for career growth and development, there are numerous job opportunities for skilled SOC analysts due to the increasing frequency and complexity of cyber attacks.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
I’ve always wanted a career that’s a bit out of the ordinary—something challenging, fun, and intellectually stimulating. After graduation, my main focus was for a role as a SOC Analyst. These positions are great stepping stones to more advanced roles in cybersecurity, like incident response manager or cybersecurity architect. Since my ultimate goal is to become a CISO, starting as a SOC Analyst will provide me with invaluable learning opportunities.
Moreover, there’s significant potential for career growth and development in SOC roles. With the increasing frequency and complexity of cyberattacks, skilled SOC Analysts are in high demand, which means plenty of job opportunities. This path aligns perfectly with my aspirations and will set a solid foundation for my future in cybersecurity.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
Honestly, I didn’t face much opposition because, at the time, people in Eswatini had little idea what cybersecurity was. It wasn’t a common field. Now, thankfully, there’s a bit more awareness. I remember a friend once asked me what I was studying. When I said “cybersecurity,” she responded, “Ah! Gcwali, you mean you spent 12 years in school just to be a security guard?” That moment made me realise how much education and awareness our country needed.
In other words, nobody really cared about my choice as long as I knew what I was doing. My mom,
however, was always encouraging. She understood the endless opportunities this field could offer and supported me wholeheartedly in pursuing it.
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
My journey in cybersecurity has been long and fascinating. Growing up, I struggled to figure out what I wanted to do career-wise. One thing I was determined not to do was settle for a career just because it was the common choice among my peers. In Eswatini, teaching is a safer option for most people. So, I took some time for soul-searching and asking God about my calling.
A friend introduced me to an American series, “CSI: Cyber.” At that point, I had no tech background and had never thought I’d pursue a career in IT. This series ignited my interest in the field and has been the most influential factor in shaping my cybersecurity journey. Even when things get tough and I begin to doubt myself, it reminds me why I chose this path.
Botho University has been the second most influential factor, teaching me all the fundamentals to get started in my journey. During my studies, I came across the CyberGirls fellowship, which played a huge role in shaping my cybersecurity career. CyberGirls helped me focus on my chosen path of SOC/Incident Response. This seven-month intensive program trained me from novice to professional, and I graduated at the top of my career path. Without this fellowship, I would still be learning everything I came across related to cybersecurity, which isn’t the right approach. You have to choose a path and build knowledge and skills in that specific area.
The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones,
and what factors influenced your choice?
CyberGirls gave me a fantastic opportunity to earn the Security Blue Team’s Blue Team Level 1 (BTL1) certification, which is worth £400. This was an incredible start, but I’m not stopping there. I also plan to pursue four other entry-level cybersecurity certifications to prepare myself for a role as a SOC Analyst. Specifically, I’m aiming for CompTIA’s Network+, Security+, CySA+, and, after gaining some experience, the CISSP certification.
These certifications will not only deepen my knowledge and skills but also help me stand out when I start applying for SOC roles. By building this solid foundation, I’m confident that I’ll be wellprepared for the challenges and opportunities ahead in my cybersecurity career.
Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges? Absolutely! One aspect of my cybersecurity studies that I find particularly challenging is online learning. It often feels like taking one step forward and two steps back. Cybersecurity is a field that thrives on constant hands-on learning and practice. No matter how much theory you absorb, it’s easy to forget without practical application.
At this point, I’m really eager for one-on-one learning experience with my professor, those lab activities, and group projects with my classmates. Being home all the time and learning online can feel so isolating and stagnant. Maybe it’s because I’m still young and haven’t fully experienced college life as I should.
To overcome this challenge, which has been bothering me for a while now, I decided to apply to some universities in the USA for the same program for the fall semester. I got accepted into all of them with partial scholarships ranging from $15,000 to $25,000. The Illinois Institute of Technology offered me a $25,000 international transfer scholarship and a place in their honours program. While that would have been a fantastic opportunity, I chose another college that aligns more closely with what I’m looking for. This other US college offers the chance to graduate with three industry-recognised cybersecurity certifications: CompTIA A+, Network+, and Security+.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
Definitely yes! There is a significant need for additional training in non-cyber skills, such as interpersonal communication and management. Cybersecurity professionals often work in teams, and effective collaboration is key. Strong interpersonal communication skills enhance teamwork, ensuring clear and effective information sharing, conflict resolution, and consensus building.
Skills like creative problem-solving, adaptability, and emotional intelligence are also increasingly valued in our fast-paced, dynamic field. These abilities help professionals navigate the complexities and uncertainties of the cybersecurity landscape. As we advance in our careers, we often take on roles that involve training and mentoring junior staff. Strong interpersonal and management skills are essential for effective coaching, providing feedback, and fostering the career development of team members.
What is your preferred source for staying informed about cybersecurity trendsand general information?
Staying informed about cybersecurity trends and general information is crucial, and I have found a mix of sources that provide comprehensive coverage. Here are some of my go-tos:
• Krebs on Security: Brian Krebs offers insightful and timely updates on various cybersecurity issues.
• Threatpost: This site delivers news on the latest threats and vulnerabilities.
• SANS Institute White Papers: These whitepapers are excellent for deep dives into specific topics and new developments.
• ISACA: They provide a wealth of resources, including research, certifications, and professional networking opportunities.
• (ISC)²: This organisation offers up-to-date information and valuable certifications.
• Security Now: A podcast that keeps me entertained and informed about the latest in security news.
These sources help me stay well-rounded and up-todate in the ever-evolving field of cybersecurity.
What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?
Enhancing personal cybersecurity involves several proactive steps to protect against digital threats.
Here’s how I make sure my online presence is secure:
• Strong Passwords and Authentication: I use complex passwords and rely on password managers to generate and store them securely. I also enable multi-factor authentication (MFA) on all accounts that offer it, adding an extra layer of security beyond just a password.
• Regular Software Updates: Keeping software up to date is crucial for patching vulnerabilities. I make it a habit to update all my devices and applications regularly.
• Using VPNs: When accessing the internet on public Wi-Fi, I use Virtual Private Networks (VPNs) to encrypt my data and protect my privacy.
• HTTPS for Secure Communication: I ensure websites use HTTPS, especially when entering sensitive information, to maintain secure communication.
• Data Backup: I back up important data using cloud services, ensuring I can recover information in case of a breach or hardware failure.
• Online Privacy: I’m cautious about the information I share online and have adjusted my social media privacy settings to limit who can see my posts.
• Physical Security: I use physical locks on my devices to prevent unauthorised access.
These measures collectively help me stay secure and protect my digital life.
www.linkedin.com/in/gcwalisile-matse-81364b1a2
Rabeya Basri is currently pursuing her PhD in Cybersecurity at Federation University Australia’s Gippsland Campus. With a robust background in information technology and a keen interest in safeguarding digital environments.
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest? Cybersecurity might surprise you! It’s not just about firewalls and dull lectures. Picture yourself as a digital detective, identifying and fixing weaknesses in computer systems before cybercriminals can exploit them. This field is like an ever-changing puzzle, always presenting new challenges to solve.
What’s truly rewarding is that your skills can make a real impact—protecting people’s privacy, finances, and even vital infrastructure from online threats. As our dependence on technology grows, so does the demand for cybersecurity professionals, offering a wealth of opportunities for learning and advancement. Even if you’re into gaming, there’s a specialised area of cybersecurity focused on safeguarding online gaming environments. If you’re tech-savvy and love a challenge, cybersecurity could be the perfect fit for you.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
Initially, I pictured cybersecurity as a solitary field filled with technical jargon and firewalls. However, I’ve discovered it’s a much more engaging and dynamic mix of skills. While technical expertise is crucial for understanding systems and their vulnerabilities, what truly sets top professionals apart is strategic thinking. It’s about analysing threats, predicting attacker behaviour, and implementing preventative measures.
Collaboration is key here. Cybersecurity isn’t a solo effort; you work closely with IT teams, developers, and management to build strong defences and use ethical hacking techniques. This proactive approach involves attempting to breach systems to identify weaknesses before malicious actors do.
In essence, a cybersecurity professional is a digital guardian, combining technical knowledge, strategic insight, and teamwork to protect our ever-expanding digital world.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
If I could pursue a career in cybersecurity, becoming a Security Analyst focused on Threat Intelligence would be my ideal path. Currently, I am doing my PhD in Cybersecurity at Federation University Australia, where my research centres on detecting cyberattacks in IT networks by measuring IT network trust. This role perfectly aligns with my expertise and interests.
My PhD work involves analysing massive datasets to identify anomalies, particularly within the intricate web of trust relationships in IT networks. I have developed the ability to assess trust metrics and spot vulnerabilities before they escalate into major threats. Additionally, I excel at translating complex technical findings into clear, actionable reports, effectively bridging the gap between security analysts and management.
What truly motivates me is the intellectual challenge of staying ahead of attackers, especially in the
ever-evolving landscape of IoT trust. This dynamic and strategic aspect of threat intelligence is where I believe I can make the most significant impact.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
Earning a PhD abroad hasn’t always been smooth sailing. Despite having a strong background in computer science with a BSc and MS from Bangladesh, my family had their reservations—except for my supportive father and husband. They might have worried about the financial burden or the distance involved. Initially, cybersecurity seemed like a niche field compared to more traditional computer science careers, but my academic supervisor played a crucial role in shaping my research aspirations. His unwavering support and guidance solidified my decision.
Thanks to his encouragement and the steadfast belief of my father and husband, I was able to overcome these initial doubts and confidently pursue this exciting opportunity. Their support has been instrumental in my journey, and it has made all the difference in my academic and professional growth.
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
My journey into cybersecurity took an unexpected turn thanks to the insightful guidance of my current PhD supervisors at Federation University Australia. Initially, my research focused on image processing and computer vision, utilising machine learning and deep learning. However, my supervisors recognized the high demand for cybersecurity professionals and suggested I switch my focus for my PhD. Their foresight resonated deeply with me, and I’m incredibly grateful for their mentorship, which has propelled
me toward this exciting and impactful career path. Their guidance has been invaluable, opening doors to new opportunities and challenges that I am eager to tackle.
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. Starting my PhD in cybersecurity was thrilling, but I soon found myself grappling with doubt. My background was in image processing, so I felt lost when it came to core security concepts, especially trust-based security. The frustration of not understanding how trust applied in cybersecurity almost drained my motivation.
Then, in August 2023, an AI workshop at Federation University’s Mt Helen Campus changed everything. I met an industry professional who mentioned an upcoming project needing cybersecurity engineers skilled in measuring system trust. It was a revelation! Here was a real-world application of the very topic I was struggling with. This chance encounter wasn’t just a spark – it reignited my passion for my research.
Suddenly, I saw the practical impact my work could have. That workshop and the industry professional’s words have since been a guiding force, reminding me of the crucial role trust metrics play in cybersecurity and propelling me forward in my PhD journey.
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
My academic journey isn’t the only place I’ve been building my cybersecurity knowledge. At Federation University Australia’s Gippsland campus, I gained practical understanding of IoT security by setting up an actual network in the IoT lab. This handson experience involved using sensors, LoRa hats, Arduino boards, a gateway, and a server – the very tools that secure communication in the Internet of Things.
While my PhD delves deep into theory, I’ve also sought well-rounded industry experience. I participated in two SummerTech Live programs (2022-2023 and 2023-2024), sponsored by the Victorian Chamber of Commerce and Industry. These internships stretched my technical skills in different directions. In the first, I focused on designing and developing responsive websites that adapt perfectly for both desktops and mobile devices. The second internship took a different turn, allowing me to design a database and build an app using Microsoft Power Apps. This project involved integrating the database to automate the scheduling process for a plastic fabrication company (PFG Group).
Even though these internships weren’t directly in cybersecurity, they equipped me with valuable technical skills that translate well to the field. These experiences have given me a broader perspective on applying technology solutions and have enriched my understanding of how different aspects of IT intersect with cybersecurity.
The cybersecurity industry offers various certifications from different organisations.
Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice?
Earning cybersecurity certifications can significantly boost my career prospects. Given my PhD research on trust metrics in IoT networks, several certifications stand out. The (ISC)² Certified Information Systems Security Professional (CISSP) certification offers a broad knowledge base, which would be invaluable for designing and managing an IoT security program. The (ISC)² Certified Authorization Professional (CAP) certification delves deeper into access control, a critical aspect of trust in IoT systems. Additionally, the GIAC Security Essentials (GSEC) certification would solidify my foundation in core security concepts.
Ultimately, the best choice depends on my specific career goals and current skill set. I plan to do more research, talk to cybersecurity professionals, and possibly start with a foundational certification like CompTIA Security+ before pursuing more advanced options. This approach will help ensure that I build a strong, well-rounded foundation as I advance in the field of cybersecurity.
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
Absolutely, my PhD focus on measuring IoT network trust aligns perfectly with the industry’s landscape of ever-evolving cyber threats. While having a strong foundation in core cybersecurity principles is crucial, my research dives deep into the highly relevant and rapidly growing field of IoT security. By focusing on trust metrics, I’m equipped to tackle some of the most pressing challenges in securing interconnected devices.
The program’s emphasis on research and critical thinking helps me stay updated on the latest attack vectors targeting IoT systems. Additionally, I actively seek out extra resources like industry publications and workshops to keep my knowledge cutting-edge.
This combination of a solid academic foundation, a research focus on a vital area, and continuous self-learning makes me confident that my PhD will prepare me to address the dynamic threats facing the cybersecurity industry.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
Absolutely! While technical expertise is crucial in cybersecurity, success in the field relies on more than just technical skills. Developing strong interpersonal communication and management abilities will be invaluable for my future career.
Imagine presenting complex cybersecurity findings to a non-technical audience. Effective communication skills will allow me to translate technical jargon into clear and concise language, ensuring everyone understands the threats and solutions. Additionally, good interpersonal skills will help foster strong working relationships with colleagues from different departments, leading to more collaborative and effective cybersecurity strategies.
Furthermore, honing my management skills will be beneficial down the line. Cybersecurity threats are constantly evolving, and the ability to manage projects efficiently and delegate tasks effectively will be crucial in leading and motivating security teams. By developing these non-technical skills, I can become a well-rounded cybersecurity professional, confident in not only mastering the technical aspects but also in effectively presenting my expertise, building connections, and taking initiative to secure projects.
linkedin.com/in/rabeya-basri-3854b3207
scholar.google.com/ citations?user=Yn63qloAAAAJ&hl=en
researchgate.net/profile/Rabeya-Basri-2
Archana Chandrababu, who is currently pursuing a Certificate IV in Cybersecurity at Victoria University. Archana’s dedication to understanding and mastering the complexities of cybersecurity exemplifies the passion and drive needed to succeed in this dynamic field.
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cyber security, aiming to spark their interest? Cybersecurity is an exciting field because it involves protecting people's information and keeping our digital world safe. We rely on the internet for everything from banking to social media. Cybersecurity experts are the digital guardians who secure our data and privacy from hackers and cyber threats.
Cybersecurity is fascinating because it's always evolving. Hackers constantly develop new ways to break into systems, so professionals must stay ahead by learning and developing new techniques. It’s like playing a high-stakes game of chess with real-world consequences.
There is a huge demand for cybersecurity experts, offering many job opportunities and the potential for a fulfilling career. It's not just about sitting behind a computer screen; it can involve collaborating with law enforcement and helping shape the future of technology use.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
When I first considered studying cybersecurity, I imagined constant high-stakes battles requiring deep technical skills and relentless focus on stopping cyber attacks.
Reflecting now, I see that while technical skills are important, cybersecurity is broader than I thought. It includes risk management, compliance, policy development, and user education. It’s about building robust systems, understanding regulations, and promoting security awareness.
My experiences have highlighted the importance of soft skills like communication and teamwork. Effective cybersecurity involves explaining technical issues to non-technical people and collaborating across departments. I hadn't fully appreciated this human element at the start. My journey in cybersecurity has been more diverse and multidisciplinary than expected. The field requires technical expertise, strategic thinking, and interpersonal skills, making it challenging and rewarding. This has reinforced my commitment to a career in cybersecurity.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
After completing the course, I’m excited to pursue a career in a Security Operations Center (SOC) or specialise in Identity and Access Management (IAM). I’m drawn to the dynamic SOC environment, where monitoring alerts and responding to incidents in realtime is both challenging and exhilarating.
IAM is crucial for controlling access to resources and safeguarding organisational assets. This role requires technical expertise in authentication methods and access controls, along with soft skills like risk assessment and incident response.
I’m motivated by the chance to enhance an organisation’s security posture, ensure compliance, and protect sensitive information. Cybersecurity's fast pace offers constant learning opportunities, which I find fulfilling. My passion for authentication and authorization fuels my interest in SOC or IAM, where I can make a significant impact.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
When I decided to pursue cybersecurity, my husband's support was invaluable. Balancing studies and being a mom of two was challenging, but his encouragement and practical help made a big difference. He took on extra household tasks and childcare, fully supporting my aspirations.
His involvement extended beyond home, as he engaged in discussions about cybersecurity, offering valuable insights. His emotional and practical support was crucial in helping me achieve my goals and navigate this exciting journey.
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
The most influential factors in shaping my journey in cybersecurity have been my mentor from the Australian Women in Security Network (AWSN) and the incredible support from cybersecurity professionals and women in the IT community.
The most influential factors in my cybersecurity journey have been my AWSN mentor and the support from cybersecurity professionals and women in IT.
My AWSN mentor has provided invaluable guidance and practical insights, helping me navigate cybersecurity complexities and career paths. Their mentorship has been crucial for my personal and professional growth.
Additionally, the cybersecurity and IT women's community has offered immense support, knowledge, and collaboration opportunities. Their encouragement and shared experiences have helped me overcome challenges and pursue my career with confidence.
These influences have fueled my passion for cybersecurity and motivated me to contribute to the field. They have also inspired me to support and empower other women in technology, creating a positive cycle of mentorship and encouragement.
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. The most memorable event in my cybersecurity journey was completing an academic project where we installed and configured an open-source SIEM, firewall rules, and an Intrusion Prevention System (IPS). This project stood out for its technical complexity and the teamwork it required.
We had to bridge the gap between theory and practice, carefully planning, executing, and troubleshooting. Setting up the SIEM involved collecting and analysing security event logs from various sources, showing us the importance of centralised log management.
Configuring firewall rules and an IPS helped us enhance network security by controlling traffic and detecting threats in real-time. This handson experience with network traffic and defence strategies was both challenging and rewarding. What made this project truly memorable was our team’s collaborative effort. Each member brought unique skills, creating a rich learning environment. We tackled challenges together, celebrated successes, and learned from one another.
Reflecting on this experience, it highlighted the power of teamwork in cybersecurity. It showed the value of leveraging collective expertise to solve complex problems and achieve goals. This project underscored the importance of hands-on learning in gaining practical skills and deepening understanding, shaping my approach to professional growth in this field.
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
Beyond my studies, I gained practical cybersecurity experience through a three-month internship at a startup. This was a game-changer, allowing me to apply my knowledge in real-world situations.
During my internship, I identified security gaps and improved the company's security practices. I implemented solutions like Multi-Factor Authentication, Account Lockout Policies, Session Management, and strict Password Criteria, aligned with NIST and ISO 27001 standards.
I also consulted on compliance standards, helping the company navigate regulations and build client trust. Advising on industry best practices and developing compliance strategies was challenging and rewarding.
I took the initiative to redesign the user workflow, integrating security measures into daily operations. I created technical documentation to enhance employee awareness and understanding of security protocols, which became a key training resource.
Overall, my internship was incredibly rewarding. I made significant contributions to the company's security posture and gained invaluable, hands-on experience in cybersecurity.
www.linkedin.com/in/archana-cbabu
Meet Ronke Christiana Olagunju, a dedicated and ambitious student currently honing her skills in Cybersecurity at Tech4Dev in partnership with Cisco Skills
Cybersecurity Student at Tech4Dev in partnership with Cisco Skills
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?
Talking about technology in general and cybersecurity in particular, tech careers have gained immense popularity and recognition for their versatility over the years. A society strong in technology can rapidly evolve in numerous areas. Among the many elements of technology, cybersecurity stands out as one of the most critical. Every individual, organisation, and community deserves to feel secure in the digital realm. This is where cybersecurity professionals step in, ensuring that all sensitive information related to personal and organisational activities remains protected.
The cybersecurity industry is thriving, offering endless growth opportunities. It is an exciting and challenging field, with each day bringing new adventures and learning experiences. Job prospects for cybersecurity professionals are abundant due to the industry’s rapid growth and vital importance. Additionally, the field can pay exceptionally well, reflecting the critical and demanding nature of the work.
Cybersecurity can be quite broad, allowing you to specialise in areas that resonate with your interests. The fulfilment that comes from using your cyber knowledge to make a difference in the world is unparalleled. The key is to love what you do and ensure your work aligns with your passion. Plus, applying your cybersecurity skills to your personal life is a fantastic bonus.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
Before transitioning into cybersecurity, I was well aware that it could be a challenging field. Research and articles had confirmed this reality. However, that didn’t deter me. I remember discussing the potential difficulties with a friend. Instead of feeling doubtful after our conversation, I decided to embrace the challenge. I was intrigued and unafraid, confident in my abilities.
As I embarked on my cybersecurity journey, I found the challenges to be fascinating rather than daunting. This experience has allowed me to apply my soft skills effectively, such as completing tasks efficiently, paying close attention to detail, and learning with patience. So far, I can confidently say that these skills have been instrumental in navigating the complexities of the field.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
There are currently three aspects of cybersecurity that particularly captivate me. While I haven’t yet decided to focus exclusively on one, I may do so soon—or perhaps I’ll navigate through all three with the help of advanced courses. These areas include Digital Forensics and Cyber Threat Intelligence, Governance, Risk, and Compliance (GRC), and Technical Writing.
In this field, I believe I can make excellent use of my problem-solving skills and my passion for actively addressing issues to find solutions. Tackling challenges and resolving them is crucial for keeping organisations safe, even in the face of unauthorised and malicious acts. This area also involves implementing the right policies, regulations, and actions in response to breaches, correcting wrongs, and identifying the causes and perpetrators for proper prosecution.
Governance, Risk, and Compliance (GRC)
What excites me about this field is the opportunity to work closely with organisations, integrating information technology with business goals to help protect their assets and mitigate risks. This role is about aligning IT with business objectives, ensuring organisations are not only compliant but also secure.
This area involves providing and updating information on safety precautions, information protection, cyber-attack prevention, and other critical cybersecurity issues. Effective technical writing can significantly benefit targeted beneficiaries and anyone else who encounters it, allowing me to make a positive impact on society.
Each of these fields offers unique challenges and rewards, and I’m excited to continue exploring them to see where my interests and skills can make the most significant difference.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
Everyone was supportive, and I had the freedom to pursue whatever I wanted. Believing in myself and my abilities, I faced no opposition from anyone. The only potential hurdle was financial. Fortunately, enrolling in Tech4Dev is free. However, taking additional advanced technical courses and applying what I learn can incur some necessary expenses. With God’s grace, I’ve managed to handle the financial needs so far.
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
When it comes to who has motivated me in cybersecurity, several inspiring women have been my guiding lights. Among them are Madam Oladiwura Oladepo of the Women Techsters Initiative and Madam Confidence Staveley of Cyber Safe and CyberGirls Foundation. These remarkable women have dedicated themselves to helping ladies achieve various certifications in technology and cybersecurity. Their work has been incredibly encouraging, providing invaluable opportunities for women to learn and grow in this field. I find their updates insightful, and I’ve learned a lot from their personal experiences and how they navigate both the technology world in general and the cybersecurity sector specifically.
As for what has been the most influential factor in shaping my journey in cybersecurity, it is undoubtedly my passion. My enthusiasm for privacy and sensitivity has always been a driving force. I have a strong desire to protect individuals, businesses, organisations, and society at large. I am highly motivated to contribute to creating a safer digital world. I believe that a robust cybersecurity system promotes trust, fosters growth, and ensures the
retention of individuals and organisations, ultimately leading to a progressive and satisfying society.
What aspect of your cybersecurity studies excites you the most, and why?
Responding to vulnerabilities is something I find deeply satisfying. Learning how to prevent data and information breaches is incredibly rewarding. However, when breaches do occur, it’s crucial to focus on restoring everything to normal and mitigating the consequences of the unwanted activities. My goal is to navigate through the aftermath of these incidents and ensure the correct measures are put in place to prevent future breaches and strengthen overall security.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
Absolutely. Non-cyber skills, especially soft skills are crucial for success in the cybersecurity field. These skills enhance the application of technical knowledge and are essential for anyone aiming to reach great heights in cybersecurity. Soft skills are vital for effective communication, managing tasks under pressure, critical thinking, teamwork, and solving complex problems. They go beyond interpersonal communication and management to include problem-solving, analytical thinking, attention to detail, and team management. Possessing these skills is key to navigating the challenges of the cybersecurity landscape.
What is your preferred source for staying informed about cybersecurity trends and general information?
• Online inquiries and research
• Social media (LinkedIn, X, etc.)
• Newspapers and magazines
• Television programmes
What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?
To stay secure in the ever-evolving cyber landscape, I make it a point to stay updated on the latest cyber news and information. I regularly perform deep scans on my devices and conduct periodic spring cleaning to keep my systems running smoothly. Here are some key cybersecurity practices I follow:
• Using strong, unique passwords
• Enabling two-factor authentication
• Investing in security upgrades
• Backing up important data regularly
• Storing important data in secure locations
• Encrypting sensitive information
• Utilising anti-virus and anti-malware software
• Keeping both hardware and software up to date
• Identifying and avoiding suspicious links
By incorporating these habits into my routine, I ensure that my digital presence remains as safe and secure as possible.
www.linkedin.com/in/ronke-olagunju-148068235
ronkechristianaolagunju@gmail.com
www.instagram.com/ronkechristiana_
twitter.com/ronkechristiana
in
Are you a student passionate about shaping the future of security? Do you have innovative ideas and insights to share with a global audience? Join us in contributing to the Women in Security Magazine and become a voice for the next generation of security leaders!
Gain valuable exposure: Reach over 11000 subscribers globally and showcase your expertise to industry professionals.
Make an impact: Share your experiences, challenges, and aspirations to inspire others and shape the future of security.
Let us know you are interested. We will send you a series of questions of which you can choose which ones you would like to answer. Submit those back to us in an email. We will then edit to be a concise and flowing edited Q&A.
Don't miss this opportunity to be part of a vibrant community of students driving change in the security industry. Contact us today to learn more about how you can contribute to the Women in Security Magazine!
Contact: jane@source2create.com.au
Lauren Vanderwaals, a dedicated and dynamic student pursuing a Bachelor of Security Studies and Commerce with a focus on Cyber Security Governance at Macquarie University in her penultimate year of study.
Macquarie University Security Studies and Commerce Student majoring in Cyber Security Governance.
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest? As technology becomes more integrated into our lives, staying vigilant against potential threats and helping others manage their digital identities has never been more important. I love sharing my experiences and passion for cybersecurity because it lets me connect with others and spread my enthusiasm for the field.
Cybersecurity is crucial for businesses today, creating a high demand for skilled professionals to address evolving threats. This need for expertise spans all industries globally, making it a rewarding field to contribute to. It’s intellectually stimulating and offers the satisfaction of enhancing digital safety and security.
Even though cybersecurity concerns are widespread online, people often underestimate the importance of strong security measures in daily life. With our world becoming more interconnected, cyber threats are more common and affect everyone from individuals to businesses. That’s why understanding the basics
of cybersecurity and implementing protective measures is essential.
In my conversations, I express my passion for cybersecurity through the thrill of solving complex problems and navigating high-stakes scenarios. I also enjoy discussing real-world cybersecurity challenges. These stories highlight how prevalent these issues are and show how much we rely on technology. By talking about both the obstacles and advancements in cybersecurity, I hope to spark meaningful conversations and inspire others to see how their skills can make a difference in this dynamic field.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
When I started my degree, I wasn’t entirely sure where it would lead me or if it would truly fulfil me. There were uncertainties swirling around, but as I delved into the coursework, something clicked. It felt like the path I was meant to take, aligning perfectly with my aspirations for the future. Despite the doubts, my passion for connecting with people and my hunger for overcoming challenges remained steadfast.
At first, my understanding of cybersecurity was quite limited, mainly revolving around the clash between hackers and big corporations. But as I dug deeper, I was amazed by the intricate network of cyber threats that could target anyone, from elaborate scams to unsettling identity theft.
What really caught me off guard about cybersecurity was the sheer breadth of opportunities it offers and the diverse skill set it demands. There’s always something new to learn, whether it’s about emerging threats or cutting-edge technologies. It’s a field that continuously evolves, presenting endless chances for growth, advancement, and making a real impact. And that’s what keeps my excitement alive for cybersecurity.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
Much to the surprise of those closest to me, my decision to embark on a double degree journey in Security Studies and Commerce, specialising in Cyber Security Governance, was quite unexpected. It was actually my high school English teacher who planted the seed of inspiration. Recognising my knack for grasping complex issues swiftly and crafting creative solutions, she encouraged me to explore this unconventional career path.
Admittedly, there was a bit of scepticism from my family when I declared my major. With backgrounds in creative arts and financial services, cybersecurity seemed like uncharted territory for them. It was a field they weren’t familiar with, and understandably, they had their concerns.
However, despite the contrast between my parents’ career paths and mine, their support never wavered. Throughout my academic journey, they’ve been my unwavering cheerleaders, offering guidance and encouragement every step of the way. Their wisdom has been invaluable, especially in navigating the challenges of studying in a male-dominated field. Their advice has not only shaped my academic trajectory but has also been instrumental in helping me overcome obstacles and pursue my passions wholeheartedly.
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
My journey through university has been instrumental in preparing me to navigate the ever-evolving landscape of cybersecurity. The knowledge and insights gained from my studies have provided me with a solid foundation to tackle the challenges of today’s cyber threats.
In particular, my education has honed my critical thinking and problem-solving skills, offering a holistic approach to addressing cybersecurity issues. It’s not just about memorising facts; it’s about understanding the underlying principles and being able to apply them in real-world scenarios.
As the cybersecurity landscape continues to evolve with new threats emerging constantly, I feel a sense of responsibility to stay informed and adaptable. This means seizing every opportunity to acquire industryrelevant skills and staying vigilant in the face of evolving challenges.
While my university education has been invaluable in shaping my understanding of cybersecurity, I also enjoy venturing beyond the traditional academic realm to broaden my knowledge. By seeking out information from diverse sources, I ensure that I’m continuously learning and evolving to meet the demands of cybersecurity’s dynamic threat landscape.
What aspect of your cybersecurity studies excites you the most, and why?
What truly ignites my passion for cybersecurity is the chance to make a tangible difference in safeguarding individuals, organisations, and entire societies from the perils of cyber threats. In our interconnected world, the fallout from a successful cyber-attack can be catastrophic, spanning from financial ruin to breaches of personal privacy, and even endangering critical infrastructure and governmental systems.
As cybercriminals devise increasingly sophisticated methods, the challenges faced by institutions to stay ahead of the curve are intricate and constantly evolving. For me, the thrill lies in unravelling these complexities, investigating, and ultimately finding solutions to protect against these threats.
Within my degree program, the cybersecurity modules have been invaluable in shedding light on how experts work tirelessly to secure the digital future of both individuals and organisations. Among the various aspects covered, I’ve developed a particular fascination with international cybercrimes. This interest has been nurtured through my studies in security, prompting me to delve deeper into this area beyond the confines of my university curriculum. It’s a journey of continuous learning and exploration, driven by a desire to understand and combat the ever-evolving landscape of cyber threats.
Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges?
Navigating the breadth of my degree has presented its own set of challenges, particularly when it comes to zeroing in on a specific cybersecurity risk.
Initially, grappling with the constant changes of the cybersecurity landscape was a tough pill to swallow. Understanding that cybersecurity risks are omnipresent in both personal and professional spheres was a concept that took some getting used to. It was daunting to realise that there’s no foolproof way to eliminate every cyber threat. However, this realisation has empowered me to stay informed about current cybersecurity trends and to remain committed to continuous learning.
The technical intricacies involved in understanding cybersecurity concepts posed another hurdle for me. To overcome this, I’ve found strength in numbers by reaching out to my peers. Collaborating with them allows us to tackle challenges collectively, pushing
each other to think critically and problem-solve effectively. Additionally, this collaborative effort serves as a springboard for building relationships and kick starting my networking journey early on in my career.
I’m eagerly anticipating the transition into the workforce, where I can hone in on my interests and confront real-world security challenges head-on. The prospect of immersing myself in a professional setting, where I can further enrich my knowledge and skills in cybersecurity, fills me with excitement and anticipation.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
Absolutely! I wholeheartedly believe that honing non-cyber skills is just as crucial as mastering technical ones. In today’s world, where challenges are complex and change is constant, being adaptable and innovative is key. Plus, strong interpersonal communication and management skills are like superpowers in any role—they’re essential for success.
I’m a firm believer in the power of diversity. Bringing together people with different backgrounds and perspectives not only enriches the cybersecurity field but also helps us tackle threats from all angles. It’s all about fostering a culture of collaboration and creativity.
And let’s talk about communication! As a cybersecurity expert, breaking down technical jargon into plain language for non-tech folks is a skill in itself. Being able to convey the
importance of cybersecurity measures clearly and convincingly is vital for getting everyone on board.
But it’s not just about talking the talk. Understanding risk management is crucial too. Knowing how to prioritise risks and communicate management strategies effectively ensures we’re proactive in protecting what matters most.
Staying curious and staying updated are nonnegotiables. Learning new skills not only keeps us sharp but also equips us to thrive.
What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?
First off, privacy on social media is a big deal for me. While I value the connectivity it brings, I’m careful about who has access to my content. Managing my privacy settings and limiting access to trusted individuals helps me maintain control over my personal information.
When it comes to passwords, I don’t mess around. Each one is like a little fortress, unique and complex for every account. Being proactive about password protection gives me peace of mind, knowing that even if one account is compromised, the rest stay secure.
Adding an extra layer of defence with multi-factor authentication is another trick up my sleeve. It’s like putting a padlock on top of a vault—it just makes everything that much harder for unauthorised access.
These security measures might seem like a hassle, but they’re totally worth it. They boost my confidence in protecting my digital identity, especially when cyberattacks are making headlines. And I’m not just keeping these tips to myself—I make sure to share them with friends and family, because in today’s digital landscape, we’re all in this together.
Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider?
If I had the chance to time travel, one thing I’d definitely do differently is explore the world of cybersecurity back in high school. Getting a head start in this field would have given me a solid foundation to grasp its complexities much earlier. But hey, no regrets—I’m grateful for the opportunity to continue my education at the tertiary level.
During my time at the University of South Florida, I would’ve loved to connect with cybersecurity experts from different corners of the globe. Experiencing diverse perspectives and scenarios would have been invaluable. Looking back, though, I’m proud of myself for taking the leap to a new university, even without knowing anyone. It’s all about embracing new challenges, right?
Being a part of the Women Entering Business (WEB) society has been a game-changer for me. The support and camaraderie I’ve found there have been incredible. Connecting with such inspiring women has truly enriched my university experience.
Now, here I am, cruising through the penultimate year of my degree, and I couldn’t be happier with how things have turned out. I’ve gained so much insight and resilience along the way, and every challenge I’ve faced has only made the journey more rewarding. Bring on whatever comes next—I’m ready for it.
www.linkedin.com/in/lauren-vanderwaals
Director at Private Wealth Network | Impactful Education & Peer Experiences for Family Office
Olivia and Jack are twins, and the best of friends. They often explore the world together, trying out new basketball tricks as well as learning more about technology, gaming and the internet. They always look forward to being allowed more screen time during the school holidays when they don’t have homework to do. During term time they often discuss what new games and apps they want to try out in the upcoming school holidays.
Olivia and Jack sat in the family room, huddled around their shared computer. The screen blazed with possibilities, and they could not wait to embark on their next adventure. But their cyber smart mother had warned them about the dangers lurking online.
“Remember, my little adventurers,” she had said, “The internet is like a magical library. It holds vast knowledge, but some books are filled with traps. Be cautious when you download anything.”
Olivia and Jack nodded, but did not pay too much attention. They promised their mother they would follow her advice, but curiosity got the better of them. They wanted to explore the digital world beyond their textbooks and school assignments.
One day, while researching a school project, Olivia stumbled upon a website promising free games. The colourful buttons shone bright, and she clicked on one labelled “Super Fun Adventure Game.” The download began, and Olivia’s excitement grew. Jack peered over her shoulder. “Olivia, are you sure this is safe?” Olivia hesitated. “Well, it’s free, and it looks like fun!”
But, just as the game finished downloading, their computer screen flickered, and a malware emoji appeared. “Ah, silly kids!” the malware emoji declared. “You thought you could outwit me. Now your computer is infected. I got you!”
Olivia and Jack screamed “Oh no!” Their beloved computer was acting strangely, slow and glitchy. Their mother rushed into the room and said: “What’s happened to your computer? Have you downloaded something you shouldn’t have?
Downloading without caution is like opening a mysterious treasure chest without checking for traps.”
She guided Olivia and Jack through a process to check and clean their computer.
They learned valuable lessons:
1. Choose wisely. Olivia and Jack realised not all downloads are safe and they should download only from trusted sources, like official app stores or reputable websites. If unsure, best to check with a grown up.
2. Scan for malware. Their mother taught them to use antivirus software to protect their devices. Regular scans would keep the fraudsters away
3. Beware of pop-ups: Pop-up ads often disguised themselves as helpful tips. Olivia and Jack learned to close them without clicking, just like avoiding suspicious strangers in the real world.
4. Password shields. Their mother gave their Wi-Fi a strong password. “Only those who know the secret password can enter,” she said. “And never share it with anyone.”
Olivia and Jack became cyber-safety warriors. They spread their new learnings to their friends, ensuring their friends stayed safe online. They even created a catchy rhyme: “Clickwithcare,Downloadscanbe dangerous,oldandnew.”
And so, Olivia and Jack continued their digital adventures, armed with knowledge and caution. They defeated viruses, outsmarted phishing trolls and protected their devices like superwoman and superman protect their communities.
Remember, dear reader, just like Olivia and Jack, you too can be #cybersmart. Before you download anything, ask yourself: “Is this safe? Is this cybersmart?”
www.linkedin.com/in/lisarothfield-kirschner
howwegotcybersmart.com
How We Got Cyber Smart addresses cyber safety, cyber bullying and online safety for elementary school-aged children.
Lisa has partnered with Cool.Org , and her content is found on the Department of Education website .
1. AMANDA-JANE TURNER
Author of the Demystifying Cybercrime series and Women in Tech books. Conference Speaker and Cybercrime specialist
2. ADESOLA OGUNTIMEHIN
GRC Analyst and Founder of CyberPatron Network
3. TEBOGO NONG
Cyber Security Analyst
4. MARINA AZAR TOAILOA
Security Operations
5. BILJANA ROKSANDIC
Cyber Security Governance, Risk, and Compliance Consultant in Perth, WA
6. INNOCENTIA ANYANWU
Governance, Risk, and Compliance (GRC) Analyst based in Lagos, Nigeria
7. EMA MARGARIDA CORREIA
Cyber Risk-Tech Analyst at Deloitte Portugal
8. ANDRA CIMPEAN
Cyber Security Analyst at the WA Department of the Premier and Cabinet in the Cyber Security Unit - Capability and Uplift
9. DIVYA K
Bangalore Chapter Leader - World Wide Women in Cybersecurity community
10. GERALDINE T MAPFUMO
Former Digital Forensics and Threat Intelligence Analyst at CyberSafe Foundation
11. YETUNDE OLOFINLE
Cybersecurity Resilience and Privacy Expert at PwC
12. ELMARIE BIERMANN
Director at Cyber Security Institute
13. LORI POLANSKY
Security Engineer from New Jersey
14. KRITIKA SHARMA
Junior Security Specialist at LEAP Dev
15. JOELLE NGOUGO
Senior Risk Manager in Data Governance for Westpac
16. NOELLE VAN DER WAAG - COWLING
Cyber Security Consultant and Research Fellow, School for Data and Computational Sciences, Stellenbosch University
17. ALEXIS NGUYEN
Principal Consultant – Cyber, Systra ANZ
18. CRAIG FORD
Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC and Baidam Solutions
19. DIANA JOUARD
Product Manager of Neo at Ping Identity
20. MARISE ALPHONSO
Information Security Professional
21. LISA VENTURA
Founder, Cyber Security Unity
22. VENESSA NINOVIC
Senior Intelligence Analyst – Law Enforcement
23. COLBY PRIOR
Founder of Sunred Security
24. SASENKA ABEYSOORIYA
Program Director and Senior Strategic Adviser at The University of Queensland
25. CRAIG WHYTE
Associate Director at Decipher Bureau
26. JO STEWART-RATTRAY
Oceania Ambassador, ISACA
27. CHANTELLE RALEVSKA
Founder & Director @Psyber
28. CORALYN VEGA
Cybersecurity Advocate / AI & Digital Marketing Maven
29. KAREN STEPHENS
CEO and co-founder of BCyber
30. GCWALISILE MATSE
BSc(Hons) Student in Network Security and Computer Forensics at Botho University
31. RABEYA BASRI
PhD Candidate in Cybersecurity
32. ARCHANA CHANDRABABU
Certificate IV in Cybersecurity Student at Victoria University
33. RONKE CHRISTIANA OLAGUNJU
Cybersecurity Student at Tech4Dev in partnership with Cisco Skills
34. LAUREN VANDERWAALS
Macquarie University Security Studies and Commerce Student majoring in Cyber Security Governance
35. LISA ROTHFIELD-KIRSCHNER
Author of How We Got Cyber Smart | Amazon Bestseller
Discover the core concepts in this free CISSP training. Explore essential topics such as information security, risk management, and asset security, presented in easy-to-follow modules. Prepare thoroughly for the CISSP exam with SkillUp’s curated sample questions and detailed exam overview. Boost your cybersecurity expertise to propel your career with confidence.
VISIT HERE
This course gives you the background needed to understand the basics of Cybersecurity. You will explore information security from its history to a description of various cybercriminals and cybersecurity threats concluding with the tools needed to prevent an attack.
VISIT HERE
This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades.
This course introduces the basics of cyber defense starting with foundational models such as Bell-LaPadula and information flow frameworks. These underlying policy enforcements mechanisms help introduce basic functional protections, starting with authentication methods. Learners will be introduced to a series of different authentication solutions and protocols, including RSA SecureID and Kerberos, in the context of a canonical schema.
VISIT HERE
In this course, you will learn the principles and techniques for digital forensics investigation and the spectrum of available computer forensics tools. You will learn about core forensics procedures to ensure court admissibility of evidence, as well as the legal and ethical implications. You will learn how to perform a forensic investigation on both Unix/Linux and Windows systems with different file systems.
VISIT HERE
If you own an information asset that’s valuable enough to the right adversary, it’s only a matter of time before there’s a breach. Today’s technologies attempt to keep adversaries out, but the sad fact is they will inevitably be defeated. This means a successful cybersecurity professional needs to have an expanded arsenal in their toolkit that extends far beyond technical proficiency.
VISIT HERE
Begin your journey into cybercrime with this cyber crime free course. Explore the various types of cyberattacks faced by organizations today. Understand the intricacies of cybersecurity threats and discover practical preventive measures. Whether you're new to the field or seeking to broaden your knowledge, this course provides essential insights to empower you in defending against cyber threats.
VISIT HERE
This course introduces real-time cyber security techniques and methods in the context of the TCP/IP protocol suites. Explanation of some basic TCP/IP security hacks is used to introduce the need for network security solutions such as stateless and stateful firewalls. Learners will be introduced to the techniques used to design and configure firewall solutions such as packet filters and proxies to protect enterprise assets.
Most organizations plan for routine operations, but what happens when unexpected events overtake the routine? This course examines contingency planning used to prepare for and manage non-normal operations, including cybersecurity incidents – like hacking attempts, web site defacement, denial of service attacks, information disclosures; a well as other natural and man-made cybersecurity disasters.
VISIT HERE
This course introduces you to cybersecurity for the cloud. We'll learn and apply classic security techniques to today’s cloud security problems. We start with a deceptively simple and secure web service and address the problems arising as we improve it. We’ll analyze recent cloud security vulnerabilities using standard, systematic techniques. We’ll build our own web service case studies and construct security solutions for them. Our toolkit contains classic security concepts like Least Privilege and Separation of Duty, as well as more technical cryptographic and access control techniques.
VISIT HERE
Learning how to protect yourself against the hacker’s attacks is an essential thing you have to know since people now have many hacking tools available for free to download and use against others. Security researchers developed these tools to discover the vulnerabilities in a specific system or software.
VISIT HERE
This course should probably be the first to learn about cyber security and understand some of the wrong information about how things are done to be protected, like using the antivirus, meaning you have the complete protection of malware and many other things.
VISIT HERE
FEATURING FREE SECURITY TRAINING RESOURCES THAT ARE AIMED AT INCREASING SECURITY AWARENESS AND HELPING PEOPLE BUILD AND UPSKILL THEIR SECURITY SKILLS.
Learn the basics of secure coding, the OWASP Top Ten 2017, and a secure SDLC in this free, on-demand course from Semgrep Academy!
Big Data for Reliability and Security is a free online cybersecurity course. This intermediate-level course, geared toward Masters and Ph.D. students, recognizes that with the growth and increased reliance on big data come increased risks of attacks and failures in protecting the information.
VISIT HERE
Cyber security is fast becoming a main concern for many organisations. With complex online scams and cyber crime, it’s essential that organisations have an understanding of preventative measures to maintain cyber security, including techniques and security checks needed to store data securely.
VISIT HERE
In offering this free online cybersecurity course titled Cybersecurity Fundamentals, the Rochester Institute of Technology seeks to introduce students to the basic principles of cybersecurity. Students will become familiar with the different areas involved, the tools needed, and the issues that must be faced.
VISIT HERE
With HerHax
HerHax Podcast was founded by a group of women who are passionate about the field of cybersecurity and want to spread the word about everything cyber! From the history of women in cryptography to modern day workplace tips, how to stay safe online or how to pwn your way to the top of the CTF scoreboard, come listen to our podcast and join our Discord Channel!
With Kim Hakim
Cyber security is not only important to everyone, it is critical to the future of every American. Each show details specific points in history and provides guidance and insights of both a technical and societal nature to help you understand and address cyber security issues more effectively.
With Nicole Dove
Each month tune in to discover the stories behind amazing women in cybersecurity and privacy. Hosted by Nicole Dove, each episode features insightful conversations with members of the Women in Security and Privacy (WISP) community making waves in these emerging fields.
With Caitlin Sarian
WHERE ARE THE WOMEN IN CYBER?'The LandscapeIn 2022 the cyber security field still consists of 24% women and only 2.2% LGBTQ minorities. Long-perpetuated gender, age, and demographic biases held by the 'Baby Boomer' and Gen-X groups have led to a severe gap in the representation and advancement of women and minorities in this field. CLICK TO
With Securely HERS
In today's digital age, we are more vulnerable than ever to cyberattacks that can compromise our personal information and security. That's why it's crucial to stay informed and proactive when it comes to cybersecurity.
With Dave Bittner
The CyberWire is a cybersecurityfocused news service, and the CyberWire Daily Podcast delivers a rundown of the top cyber news each day of the week. It requires some baseline industry knowledge, but it’s a great way for security professionals to stay on top of InfoSec current events.
With Mandy Haeburn-Little
The podcast from those wellversed in all things cyber.Mandy Haeburn-Little, Cyber Woman of the Year 2021, in conjunction with the National Cyber Resilience Centre Group (NCRCG), brings listeners access to strategic conversations with industry leaders and figures in the UK's cyber resilience landscape.
With Graham Cluley & Carole Theriault
Cybersecurity topics are usually no laughing matter, but on Smashing Security, the co-hosts bring a sense of levity to the conversation. Each week, the two computer security experts and a variety of guests talk through some of the top cybercrime headlines, taking a humorous, laid-back tone that makes learning about security news more approachable.
With Anthony Hendricks
A podcast about cybersecurity and data privacy viewed through the lens of diverse voices. By educating and encouraging women and people of color to explore careers in the cybersecurity space, we can close the skills gap and reduce our technology and policy blindspots.
With Brené Brown
The greatest barrier to daring leadership is not fear; the greatest barrier is armor, or how we selfprotect when we’re in fear. This is Part 1 of a two-part series where I unpack the most common types of armor, including being a knower versus being a learner, tapping out of hard conversation versus skilling up and leaning in, and using shame and blame to manage others versus using accountability and empathy.
With Jenna Wortham and Wesley Morris
The New York Times’ podcast presence is bigger than just the daily. Hosted by New York Times journalists Jenna Wortham and Wesley Morris, this podcast is both entertaining and educational, and the two discuss topics around race, DEI in the workplace, and key cultural conversations.
With Amy Bernstein
Amy Bernstein, Amy Gallo, and Emily Caulfield of Harvard Business Review host this podcast about the various challenges women face in the workplace. Topics discussed include the wage gap, gender discrimination, productivity, and dealing with workplace stress.
With Shelmina Babai Abji
Still today, if you fill a room with 10 software developers, there’s a good chance that 9 of them will be men. In the technology industry–and in a handful of particular roles inside and outside of tech–women are vastly under-represented. Women of color even moreso.
With Monica Verma
Welcome to The Monica Talks Cyber Podcast Experience: The fastest, easiest and an engaging way to build and grow your career and business in artificial intelligence, leadership and cybersecurity.
With Maddy Adams
Introducing WomenWhoSecure Podcast, a groundbreaking series unveiling captivating career journeys in cybersecurity. Gain professional and personal advice from diverse guests, empowering your path to success.
With Littler Mendelson
We help organizations develop customized diversity and inclusion initiatives that advance strategic objectives within the legal margins. The purpose of Littler's podcasts is to provide helpful information for employers, addressing the latest developments in labor and employment relations. They are not a substitute for experienced legal counsel and do not provide legal advice or attempt to address the numerous factual issues that arise in any employment-related issue.
With Code Switch
If you want to hear stories about intersectionality, NPR’s “Code Switch” is the show for you. This podcast takes a look at how intersectionality impacts every area of people’s lives, from the home to the workplace and everywhere in between. Listen for raw discussions about race and the tough questions that need to be addressed to create an equitable society.
With John Hubbard
Arm yourself with the most valuable and actionable content for advancing cyber de-fense skills. Hear from some truly interesting people changing the game in the blue team-ing field, and ultimately learn actionable ways to take your cyber defense skills to the next level.
Authors // Chris Cochran and Maril Vernon
In a digital world where data is currency and cyber threats lurk in every corner, Skadi, a fierce teenage threat hunter, navigates the vibrant and perilous streets of Cyber City alongside her best friends: intelligence expert Max, and trusty bot Homer. Armed with her trusty keyboard and mouse, she battles malware, hackers, and social awkwardness.
Author // Misty Blowers
This book explores the future of cyber technologies and cyber operations which will influence advances in social media, cyber security, cyber physical systems, ethics, law, media, economics, infrastructure, military operations and other elements of societal interaction in the upcoming decades.
BUY THE BOOK
Authors // Dana Meschiany and Pentera
Mommy is late for dinner again, and Emma and Oliver are frustrated. Daddy comes to the rescue with spaghetti and an enchanting tale of brave knights and mysterious castles, revealing how he and Mommy work tirelessly to protect the people on the internet from bad hackers and other online threats.
Author // Jessica Bennett
Feminist Fight Club includes a lot of research and personal stories about how women and men can work well together and the differences they may come across. Jessica shares lessons she and other colleagues have learnt in the workplace whilst in a male dominated office. In Feminist Fight Club, Jessica gives you reasons as to why your male counterparts may be moving quicker in the workplace than you are. This is why we have pick this book to be in our list of top 10 books for women in tech. By the end of this fun read, it may encourage you to create your own group of supportive women.
BUY THE BOOK
Authors // Nina Bual and Michelle Yao
Travel through Cyberspace to explore the wonders and perils of the online world with READY, GET SET, CONNECT! In your journey to becoming a Cyber Hero, you will learn to face off with dangerous villains and unmask their true intentions, while understanding how to protect personal data with security weapons. Get ready to embark on a wild adventure! Ready, Get Set, Connect!
Author // Emily Rauer
Sarah lives in a town full of superheros, but she has yet to earn her own superhero cape. The tradition is that when you save the day you earn your cape, but how will Sarah ever get a cape when her older brother, Andy, swoops in every time. One fateful day, Andy downloads a malware virus on the family computer - one that infects the whole town! Luckily, a school cyber education program has been teaching Sarah all about cyber safety and how to protect a computer from intruders. Can Sarah use her new cyber skills to shut down the dreaded virus?
BUY THE BOOK
Author // Lois P. Frankel PhD
The New York Times bestseller, is now completely revised and updated. In this edition, internationally recognized executive coach Lois P. Frankel reveals a distinctive set of behaviors--over 130 in all--that women learn in girlhood that ultimately sabotage them as adults. She teaches you how to eliminate these unconscious mistakes that could be holding you back and offers invaluable coaching tips that can easily be incorporated into your social and business skills.
BUY THE BOOK
Author // Kimberly Heath
Thank you to the many moms who helped make this book happen.This book is a guide to safely using the internet. the lessons are taught by funny surfer birds. this is definitely for parents, kids, and animal lovers.Although this book does not talk about pornog-raphy explicitly, you can use this book as a natural seg-way. You can talk about multiple subjects at your discretion, what you find appropriate to your child's age.
BUY THE BOOK
Author // Renee Brown Small
Do you want to be the recruiter who is the envy of your HR department by quickly filling those hard-to-fill cyber security positions? Are you an overwhelmed cyber security recruiter? Are you struggling to find cyber security talent and don't know how? Do you feel like you should know this since you have been recruiting for a while but feel totally stumped?
Author // Madhu Debnath
Ben is a typical kid with a not-so-typical passion for cybersecurity and helping others. His skills are put to the test when his cousin, Ethan, accidentally releases a virus that is set to ruin devices all over town.Can Ben stop the cyberattack in time and prove that he is ready to be a true cyber defender?
BUY THE BOOK
Author // Craig Ford
HAVE YOU EVER DREAMED OF BEING A HACKER? To anyone who meets her, Samantha is just a good-hearted teenager who wants to finish school and go to college.Yet she has a secret life She has spent years living two lives, one as Sam which the world sees most and one as Foresight, who Sam feels is her true self where she is a passionate and gifted hacker.
Author // Jessica Barker
Confident Cyber Security is here to help. This jargon-busting guide will give you a clear overview of the world of cyber security. Exploring everything from the human side to the technical and physical implications, this book takes you through the fundamentals: how to keep secrets safe, how to stop people being manipulated and how to protect people, businesses and countries from those who wish to do harm.
Author // Wendy Goucher
This book takes Nettie, and her friend Webby on her first adventure in Cyberland where she finds not every-thing is cute and fluffy. Using the story of Nettie and Webby we introduce cybersecurity to young chil-dren and start the conversa-tion about going online safely between the child and their adult reader. Relevant links are included at the end of the book to help parents and carers further their un-derstanding of risk and protection on the Internet.
THE BOOK
Author // Sonia Sachar
Why is there a constant underrepresentation of women in STEM professions? Why do women who receive stem degrees, choose not to work in STEM jobs compared to their male counterparts? Is it the lack of female engineering role models? Is it a misconception of what it is like to be an engineer? Or is it the low confidence levels? Why is it stereotyped that men are better at technology compared to women?
Author // Amber DeVilbiss
Sure to be a bedtime favorite, this fun-to-follow book is full of rhymes and whimsical illustrations, making it the perfect introduction to IT Security for children…and even some adults! Going beyond just teaching kids about cyberbullying, this book hits on various topics from servers and networks, to the different types of hackers, and introduces a new category of career possibilities.
Author // Arianna Huffington
In Thrive, Arianna Huffing-ton, the co-founder and editor-in-chief of the Huff-ington Post and one of the most influential women in the world, has written a passionate call to arms, looking to redefine what it means to be successful in today’s world.
By Cheryl Cran
Cheryl Cran is the founder of NextMapping™/NextMapping.com and the CEO of parent company Synthesis at Work Inc. Recognized as the #1 Future of Work influencer by Onalytica, and author of 7 books including NextMapping. Follow her blog for all things related to the future of work. Guest bloggers include CIO's, Behavioral Scientists, CEO's and Data Scientists.
By B. Pasceri
Progressive Women's Leadership is a resource center and community that's empowering, forward-looking and supportive of both women and men who want to change the way women are viewed in the workplace and beyond. Subscribe to get expert guidance to develop leaders among women. READ BLOG
By Holly Reisem Hanna
Holly Reisem Hanna's mission is to help you find legitimate work from home jobs and money-making side gigs that you’re passionate about. Her team researches and tries out a vast number of opportunities to bring you the best and most trusted information online.
By Lolly Daskal
Lolly Daskal is one of the most sought-after executive leadership coaches in the world. As founder and CEO of Lead From Within, her proprietary leadership program is engineered to be a catalyst for leaders who want to enhance performance and make a meaningful difference intheir companies, their lives, and the world.
By Aline Cerdan Verástegui
The Red Shoe Movement is a leading company dedicated to the career and leadership development of women. Diversity & Inclusion is in our DNA. We Provide Career and Leadership Development Programs for your Latina Employees.
By Christine Comaford
We believe every company can forge a culture of safety, belonging and mattering. We help leaders to create this, to see into their blind spots, to expand their vision, and to help themselves and their teams to perform at new levels while fostering deep fulfillment in their work.
By Latterly.org
Latterly is a blog supporting female leaders in everything from how to build leadership skills to how to dress the part. Discover simple, easy and effective methods to balance your work life and holistically advance your career growth.
By Dr. Marcia Reynolds
Dr. Marcia Reynolds, president of Covisioning LLC is the master of teaching others how to engage in powerful conversations that connect, influence, and activate change, even when emotions are strong. Subscribe for tips on Leadership and Communication Strategies based on the latest research.
By Allison Green
Ask A Manager by Allison Green discusses all the usual questions and doubts regarding Work Behaviour, Coordination between Bosses and Co-workers, How to navigate the difficult areas in Corporate, and more insightful stuff for women. Covered topics include internships, Job searches Hiring advice, and Boss-employee relations.
By Madame Noire
We love Madame Noire because it focuses on empowering millennial women of all backgrounds with engaging content that covers topics like health, fashion, beauty, career, parenting, entertainment, and breaking news.
So it's a great way to catch up on multiple ideas at once.
READ BLOG
By The Everygirl Contributors
The Everygirl is a website run by a team of 14 women and it’s not just full of fluff (like some magazinestyle websites can be). The Everygirl is full of in-depth articles with practical and actionable advice to help you get what you want out of life – these women have a lot of insight into what a twentysomething needs (and wants) to know.
By Mamamia Contributors
Mamamia is an Australian news site providing podcasts, videos, and written pieces designed to empower women and girls. Categories include news, parenting advice, relationship tips, career advice, and more.
FULL TIME ISRAEL
Microsoft is on a mis-sion to empower every person and every organization on the planet to achieve more. Our culture is centered on embracing a growth mindset, a theme of inspiring excellence, and encouraging teams and leaders to bring their best each day. In doing so, we create life-changing innovations that impact billions of lives around the world. You can help us to achieve our mission.
FULL TIME UNITED KINGDOM
The Cyber Security Engineer will be crucial in ensuring the secure implementation and maintenance of all systems. They will possess a deep understanding of the cybersecurity threat landscape, SIEM tools, firewalls, and boundary controls, along with exceptional troubleshooting and investigative skills. Their expertise will include thorough knowledge of threat analysis and cyber threat intelligence, the capability to assess complex threats, and proficiency in forensic analysis and related techniques.
FULL TIME NEW ZEALAND
This role is responsible for developing clients’ Microsoft security environments to meet their expectations, adhering to timeframes & project budgets. The ability to manage several client interactions & engagements simultaneously is a key requirement of this position.
APPLY HERE
FULL TIME INDIA
We are seeking a proficient Network Security Engineer with a minimum of 2 years of hands-on experience in deploying and managing various security solutions. The ideal candidate will have expertise in firewall deployment, SASE, NAC, and DLP implementation. The role is based in Kalkaji, Delhi, with a salary offering of up to 10 lakhs per annum.
FULL TIME ISRAEL
We are an innovative startup in the clinical development space, leveraging AI to design smarter and more efficient clinical trials for pharmaceutical companies. We're on a mission to revolutionize the way clinical trials are conducted, making them faster, cheaper, and more effective. What sets us apart is our unique ability to integrate vast amounts of patient data and leverage biological insights within our machine learning models, allowing us to predict clinical trial outcomes with a high degree of accuracy.
FULL TIME
At Emirates, we believe in connecting the world, to and through, our global hub in Dubai and in constantly innovating to ensure our customers ‘Fly Better’. Our Cyber Defence Operations team is looking to urgently hire a dynamic and experienced Lead operational Engineer- Network Security - L3 to join our team.
FULL TIME CANBERRA
Rest easy knowing that whilst you focus on defending and improving Australia’s cyber security posture, e2 Cyber is focused on building trusted and valued relationships across the national cyber community, enabling us to provide our clients with access to the highest calibre cyber talent available, and candidates exposure to the most attractive career opportunities in market.
FULL TIME CHINA
Digitalization will be a true part of BASF’s DNA that creates new exciting customer experiences and business growth as well as drives efficiencies in processes. Global Digital Services is supporting BASF business in Digitalization transformation. Our mission is to drive forward the digital transformation of BASF, providing innovative, global and high-quality digital products and services through a strong agile culture. The Digital Hub Nanjing is one of our global key locations to deliver regional and global solutions for BASF.
APPLY HERE
FULL TIME SOUTH AFRICA
Assist in the enhancing and maintaining the necessary tools and systems to manage the security posture of the organization. Utilize various security tools, processes, and data feeds to detect and respond to security events. This involves working with tools such as privileged access management (PAM), identity management, our SIEM platform and other security tools.
FULL TIME NEW ZEALAND
We have an exciting opportunity for a Cyber Security Operations Analyst to safeguard Tait's corporate IT systems, products, and services from cyber threats. This role involves implementing, managing, and optimizing the Security Information and Event Management (SIEM) solution and other monitoring and security management tools.
FULL TIME PARIS
Ask a member of our team and they’ll answer, “Our people!” We work together to build and innovate best-in-class cybersecurity solutions for our customers; all while creating a culture of belonging, respect, and excellence where we can be our best selves. When you’re part of our #OneTenable team, you can expect to partner with some of the most talented and passionate people in the industry, and have the support and resources you need to do work that truly matters. We deliver results that exceed expectations and we win together!
APPLY HERE
DO YOU WANT YOUR COMPANY'S JOB LISTED IN THE NEXT ISSUE?
Contact us today to find out how we can boost your job listing and help you find the top talent in the security industry.
REACH OUT
INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY (QRS) 2024
In Person Cambridge, UK 1-5 July
VIEW HERE
In Person Paris, France 5 July VIEW HERE
In Person Manchester, UK 24 July
In Person London, UK 4 July PHILSEC In Person Manila, Philippines 2-3 July
INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATION, CYBERSECURITY & AI (C3AI) 2024 In Person London, UK 3-4 July VIEW HERE
THE SKILLS GAP: BUILDING AND RETAINING STRONG CYBER TEAMS In Person London, UK 16 July VIEW HERE BSIDES BRISBANE In Person Brisbane, Australia 13 July VIEW HERE HOPE (HACKERS ON PLANET EARTH) In Person New York, US 12-14 July VIEW HERE
July
VIEW HERE SECURITY CLEARED EXPO MANCHESTER
VIEW HERE
GARTNER SECURITY & RISK MANAGEMENT SUMMIT In Person Tokyo, Japan 24-26 July
INDIAN OCEAN DEFENCE & SECURITY
In Person Perth, Australia 24-26 July VIEW
BLACKHAT USA 2024
In Person Las Vegas, US 3-8 August VIEW
CYBER SECURITY SUMMIT
In Person Jakarta, Indonesia 8 August VIEW HERE DEF CON 32 In Person Las Vegas, US 8-11 August
HACK.LU In Person Luxembourg 15 August
FUTURE OF SECURITY
In Person
Sydney, Australia 20 August
INDOSEC 2024 In Person Jakarta, Indonesia 27-28 August VIEW
