PHOENIX RISING: A PERSONAL TALE OF RESILIENCE AND RENEWAL P10
RISING LIKE A PHOENIX IN THE FACE OF CYBERSECURITY ADVERSITY P40
RESILIENCE AND INNOVATION: WOMEN’S RISING INFLUENCE IN CYBERSECURITY
P46
FROM THE PUBLISHER
Phoenix rising: A tale of resilience and renewal in women’s cybersecurity
Welcome back to another issue of the Women in Security magazine whose theme is phoenix rising, which symbolises for me resilience and renewal in women’s cybersecurity.
Many individuals in the industry have incredible stories of resilience and renewal, including myself. It's what we do best. It's why we never give up, even when it seems we should. It's why we fight for our dreams and the dreams of our children. For me, and for many others, giving up is never an option. We face challenges head-on and continue to push forward, ensuring a brighter future for all.
I live by this quote:
“Even on rough days when you feel like you can’t take any more, remind yourself that your track record for surviving a shit storm is 100 percent.”
THE JOURNEY OF RESILIENCE
Cybersecurity threats evolve every second and every minute of the day. The resilience and renewal of women in cybersecurity stand as a testament to the power of diversity and innovation: power beautifully embodied by the leaders and rising stars who navigate and shape the cybersecurity landscape.
As I write this during the Olympic season, it's fitting to draw parallels between the resilience seen in sports and the perseverance required in cybersecurity. Consider European medal-winning track athlete and award-winning cybersecurity expert Georgia Bell. Her story, much like that of many women in the field, is a powerful example of resilience. Her
journey, whether as an Olympic competitor or as a role model in cybersecurity, illustrates her tenacity and determination.
Georgia Bell's story is one of someone who became a 'comeback queen' against all the odds. After a college injury, she quit running before reaching her full potential. Mentally and physically exhausted, Bell redirected her focus to cybersecurity. Five years later her passion for running was rekindled. With the help of her former coach and champion of change, Trevor Painter, she began combining rigorous training twice a day with her full-time job in cybersecurity.
"I can get it done even when things are going wrong," Bell told BBC.com.
Like many women in cybersecurity, she has had to continually prove her expertise by pushing against gender biases and stereotypes. Despite the challenges, she never gave up and never lost sight of her dreams. Georgia Bell's journey is a shining example of resilience that inspires women in both athletics and cybersecurity to persist and thrive against all the odds.
Each year my team and I run the Australian Women in Security Awards to celebrate such stories of resilience and excellence. These awards highlight women who have made significant contributions to the cybersecurity field, recognise their relentless pursuit of innovation and their role in protecting our digital world.
EMBRACING RENEWAL
An ability to embrace, and successfully navigate, a process of renewal is essential for women working in cybersecurity. As the cybersecurity landscape
changes, so do the roles and opportunities for women. The Australian Women in Security Network (AWSN) plays a pivotal role in this renewal process. By fostering a supportive community, AWSN helps women at all career stages find mentorship, resources and opportunities to grow.
Globally, similar networks and initiatives are springing up, creating fertile ground for renewal and growth. Organisations like Women in CyberSecurity (WiCyS) and the Women’s Security Society (WSS) are leading the charge, providing platforms for women to thrive and lead in cybersecurity.
THE ROLE OF GOVERNMENT AND INDUSTRY
Government initiatives are also key to driving change. In Australia the government has been proactive in promoting gender diversity in cybersecurity. For example, the Cyber Security Strategy 2020 emphasised the importance of a diverse workforce and promised funding to increase the participation of women in cybersecurity.
Similarly, companies across the globe are recognising the value of diversity. By implementing policies that promote gender equality and by providing opportunities for women to excel, these organisations are not only fostering a more inclusive work environment but also driving innovation and effectiveness in their cybersecurity measures.
CELEBRATING ACHIEVEMENTS
The resilience and renewal of women in cybersecurity are not just about overcoming challenges; they are about celebrating achievements and paving the way for future generations. The Australian Women in Security Awards, for example, not only honour individual excellence, they also inspire young women to consider careers in cybersecurity. In 2025 my team and I plan to expand these awards internationally, so stay tuned—we may be coming to a country near you sooner than you think!
Abigail Swabey
Following my passion, like Georgia Bell, I aim to travel the world, elevating and celebrating women in security. There is much work to be done in this area, and awards like these can help shape the future and highlight those who are truly making our world a safer place.
LOOKING AHEAD
The future of women in cybersecurity continues to be one of resilience and renewal. With ongoing support from networks, government initiatives and industry leaders, the opportunities for women in this field are limitless. By embracing diversity and fostering an inclusive environment, we can ensure the cybersecurity landscape remains not only secure, but also vibrant and dynamic.
We must remember to be kind and always offer mentoring, advice and career help whenever and wherever we can. It's crucial to elevate those who contribute to initiatives and programs, to celebrate a team's achievements, not just the leader's. Acceptance and support are essential for everyone to thrive. By working together and uplifting one another we can create a more inclusive and empowered future for women in cybersecurity.
The phoenix of women’s cybersecurity is rising, and its future is brighter than ever.
Abigail Swabey PUBLISHER, and CEO of Source2Create
www.linkedin.com/in/abigail-swabey-95145312
aby@source2create.com.au
ThankYou TO OUR SUPPORTING ASSOCIATIONS
If you're part of an organisation dedicated to promoting diversity and inclusion, we'd love to discuss our 2025 Awards packages with you.
These packages are designed to further our shared mission of recruiting, retaining, and advancing women in the cybersecurity workforce.
By becoming a sponsor and supporting our event, you'll visibly demonstrate your commitment to celebrating diversity and recognising accomplishments within the security industry.
PHOENIX RISING:
by Abigail Swabey
Life is a journey defined by resilience and renewal. Each phase—childhood, adulthood, and everything in between—comes with its unique set of challenges. Yet, what binds us all is the power of perseverance, the unstoppable force that keeps us moving forward, even when the path ahead seems uncertain.
For me, perseverance has been the cornerstone of my personal and professional life. It’s not just a word—it’s the driving force behind everything I do, particularly the Australian Women in Security Awards. Every year, as the awards grow, so too does the criticism. People question the way the awards are run, why we don’t have our original partner, who is recognised, and whether we profit from them. But anyone who’s ever organised large-scale events knows how much goes into it, and financial gain is rarely part of the equation. Yet, despite the scepticism, I keep going. Why? Because the positive impact the awards have on so many women in security far outweighs the negativity. The stories we celebrate, the connections we make, and the doors we open for others—these are the reasons I persevere, year after year.
Perseverance doesn’t stop there, though. It’s the driving force behind running my own business, a daily test of strength and determination. There are days when we have more work than a small team can
handle, and months when I worry if we’ll even make it through. It’s hard. It’s draining. But I persist because the alternative is to give up, and I’ve never been one to take the easy way out. The challenges have only made me stronger and more resourceful.
Adversity, however, is where resilience truly shows its power. My personal turning point came when I found myself pregnant at a young age, without the support of a partner, and in a Christian family where such circumstances were anything but expected, even though they were very supportive, the fact I had disappointed them was too heavy to bear. It was a pivotal moment in my life. I made the choice to have my daughter and raise her on my own, and that decision changed the course of everything. The early years were some of the hardest—moving from place to place, working around the clock just to make ends meet, navigating the challenges of single motherhood while barely having time to be a young adult myself. But through all the chaos, my daughter was my guiding light. She gave me purpose and kept me grounded. I discovered a strength within me I didn’t know existed, and it shaped me into the person I am today.
Adversity doesn’t stop at a single moment in life—it’s an ongoing test. One of the toughest lessons I’ve
learned was when I went into business with a friend, and that venture nearly cost me everything. I could have been consumed by the failure, but instead, I saw it as an opportunity. I learned more from that setback than from any success I’ve ever had. It forced me to rebuild from the ashes, stronger and wiser, just like a phoenix rising after being burned to the ground. I realised that failure isn’t a dead end—it’s a stepping stone on the path to greater things.
Perseverance is rarely about smooth sailing. It’s about embracing failure, using it to fuel future success, and understanding that setbacks are part of the process. It’s about finding the strength to rise again, no matter how many times you fall. Every stumble has taught me to view challenges not as roadblocks but as opportunities to grow. As my father once told me, “Mountains are climbed one step at a time.” I see this truth reflected every year as I read through the nominations for the awards. The women we honor have all faced their own incredible obstacles, and their stories remind me why this work is so important. I’m here to celebrate their resilience, to amplify their voices, and to lift them up so they can inspire others.
Resilience, though, isn’t just about pushing through every challenge. It’s also about knowing when to pause, to reflect, and to heal. Even the phoenix takes time before it rises again. For me, that time comes during my morning walks along the beach. Since moving two years ago, these walks have become a sacred part of my day. They give me space to breathe, to process, and to find clarity amid the constant whirlwind of life. I’m not sure how I managed without that time for myself before, but now, it’s essential. It’s where I reconnect with my purpose and remind myself why I keep going, even on the hardest days.
This personal journey of resilience and perseverance is not mine alone. It’s something we all experience, in different forms and at different times. Every one of us has our own battles, our own moments where we’re tested to our limits. —our stories of rising from the ashes are what connect us. We are all phoenixes in our own way, transforming through the trials we face, emerging stronger, more determined, and more capable of soaring to new heights.
As I reflect on my own journey, I’m reminded of the many times I’ve had to rise again. I’ve faced my share of challenges—overcoming bullying in school, navigating toxic workplaces, surviving abusive relationships, managing chronic pain, and enduring the physical toll of back surgeries. I’ve dealt with personal heartbreak and business setbacks that could have broken my spirit. Yet, each of these trials has left me stronger, with a deeper sense of purpose and resilience, prepared to face whatever comes next. I know I’m not alone in this—there are countless others walking their own paths, overcoming their own battles, and finding the strength to rise, time and again.
You see, we are all phoenixes. We rise. We transform. We become stronger and more resilient with every challenge we face. And as we rise, we lead—not just ourselves, but those around us—toward a future where resilience is celebrated, and renewal is always possible. Through every trial and triumph, we continue to soar, reaching for new heights, and inspiring others to do the same.
AMANDA-JANE TURNER
Cybercrime is big business, thanks to technical advancement and interconnectivity creating more opportunities. This regular column will explore various aspects of cybercrime in an easy-to-understand manner to help everyone become more cyber safe.
COLUMN
Resurgent adversaries challenge cybersecurity
Ever wonder why working in cybersecurity leads many to burnout? It is the never-ending pursuit of extremely resilient and robust cybercriminals and their affiliates and nation state threat actors Cybersecurity professionals are always on watch. Cybercrime does not stop. Despite major international cross-jurisdiction law enforcement initiatives that aim to disrupt their activities, these criminals keep coming back.
Those investigating cybersecurity threats and defending against them need to remain resilient to successfully fight cybercrime. But the same qualities can be found in cyber-criminals and nation state threat actors who stay resilient and keep bouncing back. Their operations may be temporarily disrupted by law enforcement, but they regroup and renew their efforts. Like that multiheaded monster of Greek mythology, the Hydra, as soon as one threat is neutralised another emerges.
An example is the ransomware-as-a-service (RaaS) business model in which cybercriminals sell LockBit ransomware. LockBit and its iterations and affiliates have been, and continue to be, responsible for a large number of ransomware campaigns. LockBit, like many ransomware activities these days, tends to use a double extortion strategy under which the victim’s data is both encrypted and exfiltrated. The criminals hope that, even if a victim will not pay to restore their files, they will pay to prevent their data being exposed.
In early 2024 a law enforcement taskforce disrupted the computer infrastructure used by LockBit. Reports from the taskforce said its operation had taken down at least 32 servers owned by LockBit holding
cryptocurrency addresses, the affiliate panel and stolen data.
Less than a week later the RaaS group that operates LockBit was back. The group confirmed its systems had been compromised, but said only servers running PHP had been touched and it had multiple backups that remained unscathed.
The group admitted responsibility for a lapse in its security that had enabled disruption by law enforcement. It went into damage control mode, reassuring its customers and affiliates that it was tightening up security and was back in business.
Other cyber-criminal groups, including nation state sponsored threat actors that have been disrupted by law enforcement, may form new groups and collaborate with other groups, emerging stronger than before.
These criminal groups are resilient; a setback in their activities is met with a strategic renewal from which they emerge stronger than before. As cybersecurity professionals we also need to be resilient, to keep going, keep renewing, and stay as strong as we can be against cyber-based threats.
www.linkedin.com/in/amandajane1
www.empressbat.com
WHAT’S HER JOURNEY?
Naomi Emma Ekwealor
Cybersecurity Analyst in Nigeria
Naomi Emma Ekwealor’s journey into the world of cybersecurity was not a conventional one. Growing up, she didn’t have a concrete vision of what she wanted to become, but she always knew she wanted to protect people—especially those who couldn’t fight for themselves. Initially, she had aspirations of going into law, driven by a passion for justice. But as life would have it, after university, when she couldn’t complete law school, she found herself on a different path. “I was determined to make a positive impact on society,” Naomi recalls. It was at that pivotal moment that she stumbled upon cybersecurity.
For Naomi, cybersecurity and law shared a common goal: protection. The allure of using technology to build multi-layered defences, outsmart malicious actors, and reduce risks drew her in. Her drive wasn’t just fueled by the technical aspects; it was also about making a difference. “It’s about continuous learning, sharing knowledge, and having a sense of purpose,” she explains. Her enthusiasm for learning propelled her to delve into IT systems, networking, and the complex world of cyber threats and vulnerabilities.
Working as a Governance, Risk, and Compliance (GRC) analyst today, Naomi faces the constant challenge of keeping up with the ever-evolving threat landscape. “Every day brings new vulnerabilities, attack vectors, and malicious actors,” she says. Artificial intelligence, in particular, poses a unique challenge. Naomi admits that it can be overwhelming to stay ahead of these developments, but her solution is rooted in continuous learning. Drawing inspiration from the words of Henry Ford—“Anyone who stops learning is old, whether at twenty or eighty”—she remains steadfast in expanding her knowledge. She actively participates in cybersecurity communities and stays connected with organisations like ISACA, sharing insights and collaborating with others to stay informed on emerging threats.
Naomi’s career path in cybersecurity wasn’t always straightforward. While she didn’t experience moments of doubt, transitioning from a non-STEM background was far from easy. “I had to learn everything from scratch,” she reflects, pointing out the steep learning curve she faced when she first started. But she found clarity through faith, mentorship, and the invaluable support of her “Cyber Sisters,” a group of women
on a similar path in the CyberLearners community. “I sought guidance and help from God and my mentors,” she explains, noting how this support system helped her overcome challenges and navigate unfamiliar waters.
Starting in cybersecurity without a clear vision, Naomi had to figure out her path step by step. “I was confused when I first started,” she admits, but through reading about industry leaders and devouring free resources like YouTube tutorials, she began to find her footing. Now, as she reflects on her journey, she encourages aspiring professionals to focus on their passion, as it serves as an energy source that keeps them going during moments of doubt.
Looking ahead, Naomi is particularly concerned about emerging trends like the weaponization of AI and machine learning by cybercriminals. She predicts a rise in AI-based attacks and an increase in social engineering threats, which already account for 70% of successful cyber incidents. This awareness fuels her dedication to staying ahead of the curve, keeping up with new technologies, and strengthening her defences.
When considering a career advancement, Naomi doesn’t just focus on remuneration. She believes it’s essential to evaluate the organisation’s culture and values. “Does it align with your personal values? Where do you see yourself in five years?” she asks, highlighting the importance of opportunities for learning and growth. For her, these factors weigh just as heavily as salary when making career decisions.
Naomi credits much of her success to the support and guidance she’s received along the way. She speaks fondly of her mother and sister, who encouraged her not to give up, as well as mentors like Confidence Stavely, Mrs. Ireti Akerele, and others, who played crucial roles in shaping her career. “Having a mentor brings immeasurable benefits,” Naomi says.
"Remember
your Ikigai— your reason for being."
These individuals offered invaluable advice, shared their experiences, and helped her navigate the field with confidence.
Her involvement in professional organisations like ISACA and the Google Developers Group has also played a significant role in her growth. “Joining a professional organisation opens up opportunities to expand your network,” she observes, noting how these affiliations gave her access to mentors and global talent pools. She advises others to find local professional organisations that align with their personal and career goals, emphasising how valuable these connections can be.
For those transitioning into cybersecurity from other fields, Naomi has simple but powerful advice: focus on your passion, develop your soft skills, and don’t overlook the basics. She stresses the importance of celebrating small wins along the way, as they boost morale and fuel further success. Naomi’s journey may have started without a clear direction, but today, she is a shining example of what determination, learning, and mentorship can achieve in the ever-evolving world of cybersecurity.
“Remember your Ikigai—your reason for being,” she says, as she continues to inspire the next generation of cybersecurity professionals in Nigeria and beyond.
www.linkedin.com/in/ekwealornaomi
x.com/afrotechiee
Moni-Ayo Saka Founder, CYFORTE
Moni-Ayo Saka’s cybersecurity path began with a simple but powerful statement: “Every system has a vulnerability waiting to be exploited.”
While these weren’t the exact words she read in an article, they captured the concept that sparked her curiosity and ignited a passion that would define her career. Fascinated by the idea, Moni-Ayo delved into research, which led her to explore key concepts like hacking, cybersecurity, and information security. This curiosity, gave her eagerness with a hunger for knowledge, set her on a path to become not just a cybersecurity expert but a mentor and leader in the field.
Her entry into the world of cybersecurity was somewhat serendipitous. “Someone offered to share free materials on cybersecurity through his WhatsApp status,” she recalls. From there, Moni-Ayo made a daily habit of studying these resources and gradually building a routine that matched her productivity patterns. She found that her early morning study sessions were the most effective. To push herself even further on days when motivation warned, she would challenge herself with TryHackMe rooms—an
online platform where users can learn and practise cybersecurity skills.
What started as a search for vulnerabilities soon transformed into a broader vision. “My interest has evolved from searching for vulnerabilities to training people in this field and helping them secure jobs,” Moni-Ayo says. Today, she’s driven by the desire to prevent people from becoming trapped in endless learning phases or remaining unemployed despite acquiring certifications. Her mission now is to guide others in breaking into the cybersecurity industry, making it clear that this field is about more than just filling roles; it’s about securing systems and fostering growth.
Looking back at the early stages of her career, MoniAyo attributes her success to one crucial factor: mentorship. “At every stage, there was someone guiding me,” she explains. Whether it was sharing materials, providing internship opportunities, or sending words of encouragement after she reached a milestone, mentors played a pivotal role in her development. Writing and passing the ISC² “Introduction to Cybersecurity” certification was a key
turning point for Moni-Ayo. “Passing it assured me that I was ready and capable of handling professional tasks,” she reflects. Coupled with practical experience from solving challenges on Hack the Box and internships at organisations like Zuri, VTF, and CyberGirls, Moni-Ayo felt confident in her skills and her ability to contribute meaningfully to the field.
Despite her growing expertise, the road to success hasn’t been without its challenges. One of the most significant obstacles has been navigating the complexities of different work environments. When contemplating new roles or career advancements, Moni-Ayo evaluates several factors beyond remuneration. “The work environment is critical,” she emphasises. “I want to know if the company fosters growth, values mental health, and offers professional development opportunities.” Flexibility in workload is also important to her, as she’s seen colleagues burn out or leave jobs due to unreasonable demands. Maintaining a healthy work-life balance, she believes, is essential for long-term success.
“The most substantial influence on my career has been consistency and resilience,” Moni-Ayo says, reflecting on her professional journey. “I show up every day, without excuses, and believe that there’s time for everything.” Whether it’s managing power outages, poor internet connectivity, or hardware issues, Moni-Ayo remains steadfast in her determination to succeed. She recognizes that setbacks are part of the process and stays focused on the “bright light” at the end of each challenge.
In her current role, Moni-Ayo finds the greatest fulfilment in helping others succeed. “The opportunity to train individuals and watch them grow into professionals is the most rewarding aspect of my work,” she says. The satisfaction of seeing her trainees break into the industry and thrive is a testament to her impact. For Moni-Ayo, it’s not just about securing systems; it’s about empowering people to secure their futures.
Moni-Ayo is also a firm believer in continuous learning and staying current in an ever-evolving field. She
"My interest has evolved from searching for vulnerabilities to training people in this field and helping them secure jobs."
actively participates in cybersecurity communities, such as the ISACA Abuja Chapter, Diary of Hackers, and The Village. These affiliations provide her with valuable resources, learning opportunities, and connections to like-minded professionals. “These connections have been important in my growth, and I’m grateful for the support and opportunities they’ve brought my way,” she notes.
For those transitioning into cybersecurity from other fields, Moni-Ayo offers practical advice: “Your previous profession isn’t irrelevant. Find a connection between both and use that to determine where you’ll excel in cybersecurity.” She encourages individuals to embrace their backgrounds, ensuring that their transition is both meaningful and successful. Furthermore, she stresses the importance of showcasing skills on social media and optimising CVs to reflect their true potential.
As Moni-Ayo looks ahead, she anticipates that the next two years will bring both challenges and opportunities in the cybersecurity landscape. However, her commitment to training the next generation of professionals and securing systems remains unwavering. Moni-Ayo Saka’s journey is a testament to the power of curiosity, resilience, and mentorship in shaping a career that not only protects the digital world but also empowers those who step into it.
www.linkedin.com/in/moniayosaka/ x.com/Megami__uno
Thulasi Uppu
Identity Access Management Analyst at City of Gold Coast
Thulasi Uppu, an Identity Access Management Analyst at the City of Gold Coast, has forged a remarkable path in the cybersecurity field, driven by her passion for technology and a commitment to continuous learning. Her journey began with a strong foundation; she earned an IAM administration certification, which set her on the right course. Thulasi immersed herself in a wealth of knowledge, devouring articles and enrolling in courses related to Identity and Access Management (IAM). This dedication ensured she stayed ahead of industry trends and best practices.
As she stepped into her current role, Thulasi encountered challenges that tested her skills. One notable hurdle was an IAM tool implementation project. “Finding resources related to development and customization was a significant challenge,” she recalls. However, rather than be daunted, Thulasi took the initiative to seek additional learning opportunities. By attending relevant courses and collaborating with peers, she enhanced her understanding of the tool’s functionalities, allowing her to address the unique needs of the implementation.
Thulasi often reflects on the advice she would give her younger self, highlighting the importance of early engagement in cybersecurity. “I would encourage attending cybersecurity-related sessions and courses to build foundational knowledge,” she emphasises. She believes that actively participating in networking events and pursuing relevant certifications are crucial steps for anyone looking to make their mark in this field. For her, gaining practical, hands-on experience through traineeships or internships is invaluable.
Looking to the future, Thulasi is acutely aware of the evolving landscape of cybersecurity threats. “Identity theft and unauthorised access will remain major threats,” she warns, noting that attackers are increasingly targeting personal and corporate identities. With the rise of cloud services and remote work, the importance of robust security measures, such as multi-factor authentication and strong identity verification, cannot be overstated. “Weak authentication methods will exacerbate these risks, making it critical to secure data against unauthorised access,” she adds.
As she contemplates career advancement, Thulasi considers various factors beyond salary. “I evaluate opportunities for skill development and certifications, the company’s security culture, and the technology stack used in the role,” she explains. Team dynamics and the potential for long-term career progression are equally important to her, ensuring she thrives in a collaborative environment.
Thulasi is committed to her professional growth, with plans to pursue advanced certifications in IAM. “These certifications will not only validate my current skills but also enhance my knowledge in emerging technologies,” she shares, expressing her desire to boost her confidence and open up new opportunities in the IAM space.
Maintaining a work-life balance is crucial for Thulasi, especially in the demanding realm of cybersecurity. “I set clear boundaries between work and personal time,” she says, highlighting her prioritisation of tasks and the importance of regular breaks. By focusing on organisation and efficiency, she manages her workload effectively while making time for hobbies and family, ensuring her overall well-being.
For those considering a transition into cybersecurity from other fields, Thulasi has a clear message: “Explore the various specialisations within the field and choose a path that aligns with your interests.” She values attending cybersecurity events and leveraging government-funded programs for knowledge and networking opportunities. “Pursuing certifications specific to your chosen path will build credibility and enhance your learning journey,” she advises.
Thulasi’s insights not only inspire those aspiring to enter the field but also remind us that with determination and the right resources, a successful career in cybersecurity is well within reach. Through her dedication and passion, Thulasi is not just navigating her own path but also paving the way for others in this vital industry.
www.linkedin.com/in/thulasi-uppu
Serena Pillay
Senior Learning & Design Manager at Phriendly Phishing
Serena Pillay’s entry into cybersecurity wasn’t conventional, but her journey has been guided by a clear sense of purpose and a passion for understanding human behaviour. “In the vast world of cybersecurity, what interested me the most was the influence of psychology and behavioural science,” Serena shares, explaining how her background in organisational psychology naturally evolved into a career in cybersecurity awareness. By integrating human behaviour into security strategies, Serena is shaping solutions that focus on the human element in cyber defence.
Serena’s path, however, wasn’t without its challenges. She recalls the feelings of inadequacy and lack of confidence when she first entered the field, which was dominated by tech specialists. She also grappled with the unspoken hierarchy that placed her support role as less significant. But her determination and survival instincts took precedence. “I was new to Australia, so my goal to survive overshadowed my insecurities,” she reflects. The more she immersed herself in learning, the more confidence she gained, eventually solidifying her place in the cybersecurity world.
Although Serena had some clarity at the beginning of her career, her path unfolded organically. She initially studied organisational psychology with the goal of joining the initiative to support the transformation of post-apartheid South Africa’s workforce, but her dreams also included living in Australia at some point. After years in the corporate learning sector in South Africa, she made the leap, moving across the globe. It was during this time that Damian Grace, the founder of Phriendly Phishing, took a chance on her. “7 years later, and I am so grateful to be a part of this industry,” she says.
For Serena, working in cybersecurity has been about understanding the power of adaptability. “Do not get bound to the ideal version of yourself,” she would tell her high school self. Her advice emphasises kindness, curiosity, and the belief in one’s uniqueness. “As you believe so you become. The power of your thoughts and your belief in yourself shapes your reality.”
Looking forward, Serena anticipates a shift towards human-centric security and a growing emphasis on behavioural analytics in cybersecurity. “Despite advances in AI, human actions and decisions play
a critical role in cybersecurity,” she notes. This emphasis on human behaviour, both in preventing insider threats and enhancing security awareness, is key to the future of cyber.
Serena’s career has been shaped by several key figures, including Damian Grace and Karina Mansfield, the Managing Director at Phriendly Phishing. “Karina instilled in me the importance of confidence,” Serena says, noting how her mentors encouraged her to express her opinions and challenged her creatively. Additionally, her learning team inspires her daily with their passion and dedication, driving her motivation to deliver exceptional outcomes.
The most fulfilling aspect of her role comes from the impact her work has on learners and clients. “The work we do is not just work; it is a passion that drives us forward,” she says, describing how she and her team create learning experiences that resonate deeply with their clients. Whether it’s the older learner
who feels more confident about cybersecurity or the tech-savvy individual who appreciates the simplicity of their training, these stories give Serena purpose.
Her advice for those transitioning into cybersecurity? “Chances are you have already ventured outside your comfort zone,” Serena encourages, reminding others to amplify their purpose louder than their fears. As the cybersecurity industry grows, Serena believes it is essential to stay focused on goals, despite the inevitable challenges. “May your choices reflect your hopes, not your fears,” she concludes, echoing the wisdom of Nelson Mandela.
Serena’s journey, from psychology to cybersecurity, is a testament to the power of resilience, purpose, and a deep understanding of human behaviour in shaping the future of cyber.
www.linkedin.com/in/serena-pillay-554473a6
Nadja El Fertasi Founder of Thrive with EQ
Nadja El Fertasi stands at the forefront of a transformative approach to cybersecurity through her consultancy, Thrive with EQ. Her journey into this vital field began during her tenure with the NATO Communications and Information Agency, where she served from its inception in 2012 until 2019. “Cybersecurity became one of our main responsibilities,” she explains, reflecting on her role as a customer relationship manager and strategic partnership lead. Working closely with cyber experts, Nadja found herself captivated by the intersection of technology and human behaviour, especially in the high-stakes environment of classified information. “That’s when the spark was lit for me,” she recalls.
As her career progressed, Nadja recognised the need to integrate emotional intelligence and resilience into the cybersecurity landscape. “When I started my consultancy just before the pandemic, the focus was on security challenges based on my NATO experience,” she shares. However, as the pandemic triggered a 600% spike in social engineering attacks, she realised the necessity of equipping individuals with the emotional skills to counter such threats.
This pivotal moment led to the creation of her innovative concept, Emotional Firewalls. “Security is no longer just about protecting systems; it’s about helping people develop a shield against emotional manipulation,” she notes.
Despite her groundbreaking vision, Nadja faced significant challenges in educating others about her unique approach. “The most challenging aspect is the educational component,” she admits. Traditional perceptions of cybersecurity often overlook the vital role of emotional intelligence. To address this, Nadja employs creative teaching methods, making complex topics relatable by connecting them to individuals’ values and perspectives. “When you speak their language, the relevance of cybersecurity becomes apparent,” she explains, emphasising that it’s about protecting our “nervous system in the digital age.”
Throughout her journey, moments of uncertainty have tested her resolve. “I faced a lot of resistance, ridicule, and closed doors,” she recalls. Yet, Nadja’s unwavering belief in her vision fueled her perseverance. “I kept going because I felt motivated to leave the world a bit better than I found it,” she shares. Over time, her efforts have gained recognition, especially as the need for a human-centred approach to security has become more widely acknowledged.
While her path has been fraught with challenges, Nadja believes in the importance of growth through
failure. “I had a strong feeling I was meant to birth something groundbreaking,” she says, reflecting on the lessons learned along the way. “Life is about climbing mountains—when we reach the top of one, we’re at the bottom of another.” This perspective has shaped her understanding that the journey itself is as significant as the destination.
Looking back, Nadja offers poignant advice to her younger self. “You are enough as you are; don’t feel the need to prove yourself to anyone,” she emphasises. Her reminders encourage authenticity, continuous learning, and kindness—qualities she believes the cybersecurity field desperately needs.
As she gazes into the future, Nadja anticipates significant developments in cybersecurity, particularly the impact of generative AI and quantum computing. “These technologies will revolutionise our approach but also introduce new vulnerabilities,” she notes. She stresses the importance of fostering a balanced
relationship with technology, ensuring that humanity does not become overly dependent on it.
Nadja’s commitment to empowering others is evident in her role as a mentor for the Women4Cyber foundation. “Giving back to the community is an integral part of my fulfilment,” she states, highlighting the importance of lifting others as one ascends.
Ultimately, Nadja El Fertasi’s is a testament to the power of resilience, creativity, and emotional intelligence in a rapidly evolving field. Her innovative approach serves as a beacon for aspiring cybersecurity professionals, showcasing that the heart of cybersecurity lies not only in technology but also in understanding and nurturing the human spirit. As she aptly puts it, “Cybersecurity is about protecting our nervous system in the digital age.”
www.linkedin.com/in/nadja-elfertasi
Anmol Agarwal
Senior Security Researcher
Anmol Agarwal’s world of cybersecurity began during her university days, where she first discovered her passion for the field while studying computer science and software engineering. “I enjoyed the cybersecurity field,” she recalls, pointing to courses in digital forensics, cloud security, and data and application security that sparked her curiosity. Networking with like-minded peers and joining student groups fueled her interest. It was through these interactions that she realised cybersecurity was her calling.
Her career transformation started with building a cybersecurity portfolio, showcasing academic and side projects. Attending conferences played a critical role in connecting her with industry professionals and exposing her to cutting-edge research. One of Anmol pivotal moments came during the IEEE Symposium on Security & Privacy, where she was introduced to adversarial machine learning—a field that blended her passion for AI and cybersecurity. This laid the foundation for her current role, where she focuses on AI security and the protection of wireless communication networks like 5G and 6G.
Despite the evolving nature of her career, Anmol admits that her path was not entirely clear from the beginning. “The cybersecurity field has so many different career paths,” she notes, highlighting how opportunities unfolded organically. Today, her role as a senior security researcher allows her to engage in cutting-edge work that blends AI with cybersecurity. “I enjoy brainstorming sessions with my colleagues,” she shares, emphasising how these collaborative efforts often lead to groundbreaking research papers and patents.
Anmol’s advice to her younger self and to those just entering the field is simple: “Follow what interests you.” She believes that passion should guide one’s career choices, not external pressures or trends. Her focus on staying true to what excites her is a recurring theme, one that has shaped both her professional and personal growth.
Looking ahead, Anmol sees the future of cybersecurity heavily influenced by emerging technologies like AI and quantum-resistant cryptographic algorithms. She anticipates significant developments in data privacy, especially as AI continues to require massive datasets for model training. “There is a hesitation to share data due to privacy concerns,” she observes, suggesting that this area will become increasingly important over the next few years.
Anmol is also passionate about mentoring and helping individuals transition into cybersecurity from other fields. She acknowledges the fears many face
about not being “technical” enough but reminds them that the cybersecurity field requires diverse skill sets. “Cybersecurity needs people from all different backgrounds because it’s useful to have different perspectives on solving problems,” she says. Her mentoring philosophy is centred on the belief that technical skills, like coding and scripting, can be learned with practice and should not deter anyone from pursuing the field.
Reflecting on her own growth, Anmol cites consistency and curiosity as driving forces. Her commitment to staying updated with the latest developments in cybersecurity is key to her success.
“I regularly keep up to date with what is happening by checking the news, being involved in cybersecurity groups, and reading the latest research articles,” she explains. For aspiring cybersecurity professionals, she recommends joining communities and attending conferences to stay connected with peers and thought leaders.
The most fulfilling aspect of her career? “Working with team members to create new ideas,” she says with enthusiasm. Whether it’s proposing methods to secure wireless communications or brainstorming the next innovation in AI security, Anmol finds immense satisfaction in collaborative research efforts. This intellectual camaraderie fuels her passion for discovery and her drive to make meaningful contributions to the field.
Anmol sees her career evolving alongside the rapid advancements in technology. With a focus on AI security and wireless communication networks, she is poised to remain at the forefront of cybersecurity research.In Anmol’s words, “We are all different, and it’s important to follow our own career journeys.”
www.linkedin.com/in/anmolsagarwal
x.com/anmolspeaker
Sailakshmi Metikota
Cyber Security Engineer at Synapxe
Sailakshmi Metikota’s path to becoming a cybersecurity engineer in Singapore began with a curiosity that quickly grew into a passion for protecting the digital world. “My interest in cybersecurity began with a fascination for how technology could be both empowering and vulnerable,” she reflects. As digital threats became more sophisticated, she was drawn to the challenge of safeguarding data and systems. Over time, her focus evolved from a defensive stance to building resilient infrastructures and educating others on the importance of cybersecurity.
The early stages of Sailakshmi’s career were pivotal in shaping her professional journey. Determined to transition her interest into a career, she immersed herself in technical certifications and real-time training scenarios. “Networking with industry professionals and continuously learning about emerging threats were key steps in turning my interest into a professional path,” she notes. These efforts paid off, helping her build a strong foundation in an ever-changing field.
Like many in the industry, Sailakshmi has faced moments of doubt, particularly when confronted with the rapid evolution of cyber threats. But her passion for the field and the impact of her work kept her grounded. “I reminded myself why I was passionate about cybersecurity—protecting people and businesses.” She credits a strong network of peers and mentors for helping her stay motivated during challenging times, noting that these relationships were essential in guiding her through moments of uncertainty.
As her career progressed, Sailakshmi’s role unfolded organically, allowing her to explore different areas within cybersecurity. “When I started, I didn’t have a clear vision of specific roles. My path unfolded as I explored various aspects of the field, discovering what excited me most.” This open-minded approach led her to roles that combined both technical expertise and strategic thinking, where she found immense satisfaction in solving complex security challenges and mentoring junior colleagues.
“The most fulfilling part of my role is knowing that my work helps safeguard individuals and businesses from cyber threats,” she says. Collaboration, teamwork, and mentoring have been central to her experience, and she finds great joy in contributing to a culture of proactive security.
Sailakshmi’s foresight into the future of cybersecurity highlights the complexities that lie ahead. She anticipates the rise of artificial intelligence and machine learning as both a boon and a challenge for the industry. “AI will enhance threat detection but will also introduce new risks as attackers leverage these technologies.” The shift to remote work will also continue to strain traditional security models, pushing organisations toward zero-trust architecture. Furthermore, increasing regulatory scrutiny will compel businesses to prioritise robust security measures.
In her current role, Sailakshmi is all too familiar with the unpredictable nature of cyber threats. “One of the biggest challenges is the unpredictability of new cyber threats,” she acknowledges. Her solution is to foster a proactive security culture, focusing on ongoing training, threat intelligence, and maintaining flexibility to adapt to new risks. This emphasis on innovation and preparedness ensures her team remains resilient in an ever-evolving landscape.
Looking to the future, Sailakshmi plans to continue her professional development with advanced certifications such as CISSP (Certified Information Systems Security Professional) and CCSP (Certified Cloud Security Professional). “These certifications will deepen my expertise and prepare me for the increasing reliance on cloud infrastructure,” she explains. In a field that demands constant growth, Sailakshmi is committed to staying ahead
"The field of cybersecurity is constantly evolving, and staying curious is the key to success"
through continuous learning and embracing emerging technologies.
Her journey offers valuable advice to those transitioning into cybersecurity from other fields. “Leverage your existing skills and be open to continuous learning,” she advises. Transferable skills such as problem-solving, analytical thinking, and communication are highly valued in the industry. She encourages practical experience and seeking mentorship, as hands-on learning is crucial in a field as dynamic as cybersecurity.
Sailakshmi Metikota’s story is one of passion, perseverance, and adaptability. From an initial fascination with technology’s vulnerabilities to becoming a leader in the field, her journey illustrates the importance of continuous learning, collaboration, and a proactive approach to the ever-evolving world of cybersecurity. As she continues to shape her path, Sailakshmi remains dedicated to safeguarding the digital future while inspiring others to do the same.
“The field of cybersecurity is constantly evolving, and staying curious is the key to success,” Sailakshmi concludes, a testament to her lifelong commitment to growth and resilience in the face of cyber threats.
www.linkedin.com/in/sailakshmim
Blessing Duru
Cybersecurity Consultant
Blessing Duru is a skilled Cybersecurity Consultant with certifications including CompTIA Security+, PECB LPT, and ISC2 Certified in Cybersecurity (CC). Specialising in PCI DSS compliance, penetration testing, vulnerability assessments, and delivering information security awareness programs, across multiple sectors, particularly in financial institutions, Blessing excels at ensuring organisations remain secure and compliant.
In the bustling city of Lagos, Nigeria, Blessing Duru is carving a remarkable path as a cybersecurity consultant. Her journey into this dynamic field began unexpectedly during a university class. When a speaker promoting the Cybergirls Fellowship arrived in a lecture where the lecturer was absent, she couldn’t have known the impact this moment would have on her life. “I spent two weeks researching what cybersecurity was all about before deciding to apply,” she recalls, her curiosity ignited by the possibilities ahead.
The Cybergirls Fellowship was a turning point, designed to empower young women with the skills
needed for careers in cybersecurity. Through this program, Blessing not only found a supportive community but also a launchpad for her professional aspirations. “After landing my first job through the program, I found the field to be incredibly rewarding,” she reflects. The initial thrill of working in cybersecurity was matched only by the joy of continuous learning. “I love how cybersecurity is constantly evolving, pushing me to stay updated with technological advancements,” she says, a spark in her voice.
In those early stages, Blessing immersed herself in learning. She turned to platforms like TryHackMe and Coursera, diving deep into resources that would build her knowledge and confidence. “I practically lived on YouTube while preparing for interviews,” she chuckles, recalling how essential it was to understand the material thoroughly. “There’s a certain assurance you gain when you really understand what you’re talking about,” she adds, emphasising the importance of preparation in overcoming challenges.
As her career progressed, Blessing encountered the complexities of working in a field that often requires collaboration across diverse teams. “The most challenging aspect of my work is dealing with people,” she admits. Navigating interpersonal dynamics has become a crucial skill. “People can be unpredictable, and it’s important to build high-quality relationships,” she explains. This commitment to maintaining connections reflects her understanding that relationships are key to success in any profession.
Like many professionals, Blessing has faced moments of uncertainty. Imposter syndrome loomed large in her early days in cybersecurity, leading her to doubt her skills and accomplishments. “Even when I had small wins, I didn’t celebrate them,” she shares, reflecting on the struggles she faced. Over time, however, she learned the value of recognizing every achievement, no matter how small. “In five years, you’ll be amazed at what you’ve accomplished,” she encourages others, reminding them of the importance of self-recognition.
Looking back on her journey, Blessing sees the value of organic growth. “I would say dive into research, build connections, and expand your network,” she advises young women considering a career in cybersecurity. The influence of strong mentors has been pivotal in her life. Mrs. Confidence Staveley, the founder of the Cybergirls program, stands out as a transformative figure. “Her vision for Cybergirls transformed my life,” Blessing affirms, alongside the impact of mentors like Dr. Iretioluwa Akerele and Simbiat Sadiq, who continue to inspire her.
As she gazes into the future, Blessing is eager to further her expertise. Certifications like CEH, CISA, and CISM are on her radar, tools she believes will
equip her for advanced roles in cybersecurity. Balancing the demands of her profession with personal well-being is also a priority. “You have to be intentional about making time for the things you love,” she stresses. For her, that includes enjoying movies and unwinding with novels.
To stay current in such a fast-paced industry, Blessing dedicates herself to ongoing learning, participating in courses, workshops, and webinars. “I read industry publications and blogs to stay informed and updated,” she explains, underscoring her commitment to professional growth.
Blessing Duru’s journey is a testament to the power of perseverance, mentorship, and community in breaking barriers. Her story is not just about personal success; it is a beacon for other women in cybersecurity, showcasing that challenges can be stepping stones to greatness. “Celebrate every win,” she concludes, embodying a spirit of progress and resilience that continues to propel her forward in her dynamic career.
www.linkedin.com/in/blessing-duru-b77b23219/
x.com/the_MunaDuru
Leila Assadi
Associate Director –Technology risk and cybersecurity
Leila Assadi’s path into cybersecurity has been shaped by a natural curiosity for technology and a problem-solving mindset. From the beginning, her fascination with understanding technological risks drew her into the field. “I think I have always been fascinated by technology, especially in understanding the associated risks,” she recalls. This interest, combined with her instincts to resolve complex challenges, set the foundation for a rewarding career in cybersecurity.
Leila’s careers moment came while working at a financial institution during the company’s initial migration to cloud technology. Leila joined a team tasked with securing the organisation’s cloud services—a role that solidified her future in cybersecurity. “Crafting cloud access policies that balanced security and user needs was both challenging and rewarding. That experience was the turning point in my career,” she explains. Her commitment to ensuring that security measures met evolving standards while also supporting users deepened her passion for the field.
Like many professionals, Leila’s journey was not without its doubts. Early on, there were moments when she questioned if cybersecurity was the right fit. But she pushed through, staying focused on her mission of securing technologies and understanding how critical cybersecurity is to modern life.
“Cybersecurity is as crucial as physical security in today’s world. If we aren’t aware of how to protect our information, the consequences can be severe,” Leila says, reflecting on the broader impact of the work she does.
As an Associate Director in Technology Risk and Cybersecurity, Leila finds that working with diverse clients and industries brings a deep sense of fulfilment. “The most satisfying part of my role is achieving client satisfaction while gaining new knowledge with each project. This continuous learning keeps me motivated,” she shares. With new engagement come new challenges, but for Leila, they are opportunities to grow and refine her expertise.
Looking ahead, Leila anticipates significant shifts in the cybersecurity landscape. She believes that the emergence of new threats, particularly in Artificial Intelligence (AI) and cloud security, will be a critical focus in the coming years. To prepare for these changes, she stays updated on trends and regulations, using a combination of internal resources, research papers, and mentorship. “Having a mentor who provides guidance based on their experiences has been invaluable,” she notes, emphasising the importance of ongoing learning.
Leila also strives to maintain a work-life balance, a challenge many in her field face. “Working in cybersecurity can be demanding, but I make sure to prioritise exercise, yoga, and meditation to stay balanced,” she says, recognizing the importance of well-being amidst a high-pressure environment.
For those considering a career in cybersecurity, Leila’s advice is clear: start early, build a strong foundation, and stay curious. “Explore your interests, follow the
trends, and don’t hesitate to pursue formal education if cybersecurity excites you. The learning curve may be steep, but if you’re passionate about it, the rewards are worth the effort.”
In contemplating her future, Leila looks forward to expanding her qualifications with certifications like the Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP). As she continues her journey, her focus remains on contributing to the growth of the cybersecurity field and supporting the next generation of professionals—especially women—through mentorship and leadership.
“There’s always more to learn, and I’m excited to see how the field evolves. The future of cybersecurity is dynamic, and I’m ready to take on whatever challenges come my way.”
www.linkedin.com/in/leilaassadi
KAREN STEPHENS
Karen Stephens is the co-founder and CEO of BCyber. After more than 25 years in financial services, Karen moved into SME cybersecurity risk management. She works with SMEs to protect and grow their businesses by demystifying the technical aspects of cybersecurity and helping them to identify and address cybersecurity and governance risk gaps. She was recently named inaugural Female Cyber Leader of the Year at the 2023 CyberSecurity Connect Awards in Canberra.
COLUMN
Rising phoenix a tale of resilience and renewal
Don’t we all wish we had a phoenix, like the one in the Harry Potter books. Because, like Harry Potter, we sometimes need someone to swoop in and save us. Sadly, there are no such magic fixes. And, if I have learnt anything since moving into cybersecurity, it is that you need to build your own fortress to save yourself.
Regular readers may remember that, after spending more than two decades in the financial services industry at some of Australia’s largest firms, I transitioned into cybersecurity risk management, where I find I am often the phoenix for others: those entertaining the idea of moving into cybersecurity and/or startups and who want to bake-in cybersecurity from the get-go.
What would your personal phoenix say to a newly minted cybersecurity risk management person?
• Skills audit. The skills acquired in your business or university life can be easily transferred to new industries. In my case the exciting world of cybersecurity was the industry calling my name. The ability to talk to people and make the highly technical language of cyber palatable and understandable for clients is a much needed and rather rare skill set. Tech can be taught. Client service skills are much, much harder if not nigh on impossible to teach.
• Cyber is not just tech. Yes, there are lots of highly technical roles. We are all familiar with ‘sexy’ threat hunter roles (please refer to almost
any movie referencing cyber), but cybersecurity should not be about tech alone, it should be about the transference of knowledge. Within a business those holding the proverbial cheque book are not usually the heads of technology. Their ranks are more likely to include the CEO or head of risk: people who find themselves having to meet regulatory and legislative responsibilities that can have significant downsides if unmet. These are the key staff who need to understand that cybersecurity is a business risk with an immense downside if ignored or glossed over.
• Be a translator. A sad but true fact is that technical jargon does not always carry over seamlessly between industries. For example, in cybersecurity ATO stands for Account Take Over and in financial services for the Australian Taxation Office. Both can strike fear into the hearts of a business, but for different reasons. So make sure you know your client’s language as well as you do your cybersecurity language, and when in doubt spell it out!
• It takes a village. Finding community support was vital during my transition into cybersecurity risk management. I engaged mentors and joined groups like AWSN whose members have been incredibly generous with their time and insights. The challenge lies in seeking assistance when needed.
As I find myself settling into this amazing industry I want to pay it forward, and that is why I am always up for a cybersecurity coffee chat and for (trying) to be a personal phoenix where I can.
www.linkedin.com/in/karen-stephens-bcyber
www.bcyber.com.au x.com/bcyber2
karen@bcyber.com.au youtube.bcyber.com.au/2mux
INDUSTRY PERSPECTIVES
INFORMATION SECURITYRESILIENCE AND RENEWAL
by Marise Alphonso , Information Security Professional
The theme for this issue is the phoenix, an immortal bird in Greek mythology that is reborn from the ashes of its own funeral pyre. Just as the phoenix is resilient and capable of renewal, so too must be an organisational information security posture. This article focuses on what organisations should do to build and maintain security programs that embody the attributes of resilience and renewal to support business objectives.
RESILIENCE
Resilience is defined as the quality of being able to withstand hardships or recover quickly from difficulties. It requires a multidimensional approach in the information security realm. Such an approach must have breadth and depth and encompass strategic and operational aspects of governing and managing information security.
One approach to ensuring that resilience is built into an information security program is to adopt and align with industry best practice standards. The National Institute of Standards and Technology’s (NIST)
Cyber Security Framework v2.0, the International Organization for Standardization’s ISO/IEC 27001 and the Secure Control Framework Council’s Secure Controls Framework incorporate the aforementioned multidimensional approaches to security controls across multiple categories (managerial, operational, technical, physical) and types (directive, detective, deterrent, corrective, preventive).
MARISE ALPHONSO
Implementing varied controls to counter information security risks facilitates a resilient information security program that enables the core principles of confidentiality, integrity and availability to be upheld. Indeed, ‘defence-in-depth’ as a guiding principle for information security embodies the concept of resilience, where controls serve to strengthen posture or to act as compensating controls where others fail.
RENEWAL
When one thinks of the word ‘renewal’ in security, perhaps renewal of consultancy services, outsourced information security services or cyber insurance come to mind. While these may all be important to the maintenance of an acceptable security risk posture and an effective organisational information security program, ‘renewal’ is synonymous with ‘continuation’ or ‘re-establishment’. Through the lens of ISO/IEC 27001 (The international standard for information security, cybersecurity and privacy protection) those definitions are akin to continual improvement, which is key to maintaining a robust information security management system.
Foundational ways to uphold the principle of renewal or improvement in information security and continue the journey of protecting and defending the organisations that comprise our economy include:
• Celebration of successes: the world of information/cybersecurity is filled with security incidents and data breach stories. Company X was compromised. Customers of product/service Y were impacted. Data was stolen creating the potential for identity theft and other data breach issues for company X. Sound familiar? The reality is, if things are going well, we don’t hear about information security. Information security teams must focus on and celebrate the small wins that happen on a regular basis. Positive audit findings demonstrating adherence to security policies, remediation of vulnerabilities identified by penetration testing, successful tabletop incident response exercises, improvements in information security awareness scores produced by employee training. All these deserve kudos and celebration.
• Bringing the outside in: organisational information security teams must keep across innovation-driven developments in information security practices. The industry is currently abuzz with references to artificial intelligence (AI) changing the cybersecurity landscape in both a positive and negative sense from the perspective of the defender, whether through advances in network monitoring, the improved quality of personalised phishing emails or deep fakes and malicious code creation. An understanding of the shifts in security practices resulting from technology advances, changes in the cyber threat landscape or in regulatory requirements is essential to understanding how these shifts can improve an organisation’s security posture.
• Fostering a learning culture: When organisations adopt a learning culture as opposed to a blame culture a sense of ‘we’re all in this together’ is built into the fabric of the organisational ethos. This mindset is necessary to cultivate required security behaviours and grow security champions outside of the core security team. Executives and senior leaders play a key role in setting the tone and adopting organisational values that embody the necessary security behaviours. Rewards and recognition can also encourage desired behaviours across the employee base.
• Resource replenishment: The organisational budget must include allocation for the continuity of the information security program, including funding for employee roles, security tooling and consultancy or outsourced services that supplement the organisational security program. The amount of funds allocated will depend upon the industry in which the organisation operates and internal requirements such as market positioning and competitive advantage, or external requirements such as compliance obligations.
Resilience and renewal are key concepts in a successful information security program that supports and enables organisational objectives enabling organisations to secure their operations and the data they hold.
www. linkedin.com/in/marisealphonso
VIRAJ GANDHI
RISING PHOENIX: A TALE OF RESILIENCE AND RENEWAL
by Viraj Gandhi , Product Security Leader
Maintaining a robust AppSec program can seem daunting in the face of budget cuts and economic downturns. However, organisations can survive and thrive with resilience and a commitment to renewal.
Here’s a tale of continuous progress and maturation in AppSec in challenging times.
A thriving mid-size tech company had recently established an AppSec program, which was running successfully. The team, led by a visionary female security practitioner, had established a robust security posture which had been recognised as an industry benchmark. Then, faced with an economic downturn, the company implemented significant budget cuts. The AppSec team was reduced and resources dwindled. The once thriving program was on the brink of collapse, but the head of AppSec refused to give up. She called on her team’s resilience and rallied team members around a new strategy. “Pivot, don’t pause,” she declared.
First, her team re-evaluated priorities, focusing on high-impact activities that drove the greatest value. They leveraged automation and implemented costeffective tools that streamlined processes. Next, they upskilled and reskilled team members, ensuring they could take on additional responsibilities. Collaboration with other teams intensified: knowledge and resources were shared. The team leader established a metrics-driven approach, tracking progress and communicating the value of AppSec initiatives to stakeholders. She embraced open source solutions and fostered innovation and community engagement.
Through continuous improvement the AppSec program adapted and matured. The company’s security posture remained robust, even in the face of adversity. As the economy recovered, the company emerged stronger with a renewed AppSec program that had not only survived, but had thrived. The team’s resilience and the team head’s leadership had turned a potential setback into a remarkable tale of renewal.
This story serves as a beacon for organisations facing similar challenges. Pivoting and strategizing can enable AppSec programs to progress and mature, even in the darkest of times. Remember, resilience and renewal are the keys to unlocking a brighter future.
www.linkedin.com/in/virajg
ABOUT THE AUTHOR
Viraj Gandhi, a visionary Product Security Leader, has pioneered transformative 'Shift-to-left' initiatives, revolutionizing security programs to address open-source software and application security challenges at leading companies like ServiceNow and SailPoint, with a solid academic foundation in computer science (Masters and Bachelors) and numerous professional certifications. Her thought leadership is evident in her contribution to the esteemed book "97 Things Every Application Security Professional Should Know" (Oreilly). As a dedicated advocate for workplace equity, Viraj actively promotes diversity and inclusion in cybersecurity through her involvement in various communities and initiatives, empowering women to succeed in the industry.
LISA VENTURA
RISING LIKE A PHOENIX IN THE FACE OF CYBERSECURITY ADVERSITY
by Lisa Ventura MBE , Founder – Cyber Security Unity
In mythology the phoenix is a symbol of rebirth, regeneration and immortality. There are variations of the myth in many culture: Greek, Egyptian, Persian.
THE PHOENIX: A SYMBOL OF REBIRTH AND RENEWAL
The mythical phoenix is a majestic bird, radiant and beautiful, with a fiery aura. According to the myths, the phoenix lives for several hundred years before burning itself on a pyre of its own making. From the ashes, a new phoenix emerges, reborn and renewed, continuing the cycle of life, death and rebirth.
The symbolism of the phoenix is rich and profound, representing themes of resurrection, immortality and the eternal cycle of life and death. It embodies the idea that from destruction comes new life, strength and vitality. This imagery has resonated throughout history, influencing art, literature and modern thought. It is often invoked as a metaphor for overcoming great challenges or disasters and emerging stronger: something an organisation must do if it has been impacted by a cyber-attack or data breach.
Just as this mythical bird rises from the ashes, organisations today must often undergo similar regenerations to overcome cybersecurity challenges, especially if they have been hit by a cyber attack or data breach. Resilience and renewal in cybersecurity represent more than the ability to recover from cyber attacks. They demonstrate the enduring strength of human ingenuity, strategic foresight and the relentless pursuit of better defences.
THE FALL: CYBER SECURITY ATTACKS AND THEIR CONSEQUENCES
Cyber attacks are becoming increasingly sophisticated and frequent, targeting organisations of all sizes and in all sectors. These attacks can range from data breaches, ransomware and phishing to advanced persistent threats (APTs) and zero-day exploits. The consequences are often severe. They can include financial loss, reputational damage, regulatory penalties and erosion of customer trust.
Take the ransomware attack that struck several major hospitals in London in June 2024, creating
widespread disruption across the city’s healthcare services. The attack primarily targeted Synnovis, a pathology service provider partnering with facilities like Guy’s, St Thomas’, King’s College and other hospitals. This attack was declared a ‘critical incident,’ as it severely impacted clinical operations, particularly blood transfusions and pathology services.
It forced hospitals to cancel or postpone numerous elective procedures and outpatient appointments as they struggled to access vital medical data and laboratory results. The disruption was substantial, with over 6,000 outpatient appointments and nearly 1,500 elective procedures postponed within the first month. This also put additional pressure on emergency services, which remained operational but under strain due to increased reliance on universal blood types like O Negative and O Positive.
The incident highlighted vulnerabilities within the UK healthcare sector’s IT infrastructure and the critical need for strong cybersecurity measures. Despite prior investments in security, Synnovis and its partners found themselves grappling with the aftermath of the attack,. They worked closely with the National Cyber Security Centre and other cyber operations teams to mitigate the damage and restore services. This cyber
attack on London’s hospitals serves as a reminder of the growing cyber threats facing healthcare systems worldwide.
THE ASHES: UNDERSTANDING THE DAMAGE AND ROOT CAUSES
Recovery from a cyber attack requires a clear understanding of the incident’s impact and the factors that led to the breach. This involves a thorough investigation to identify how the attack occurred, what vulnerabilities were exploited, and the extent of the damage. It is essential to assess both the technical aspects (such as compromised systems and stolen data) and the broader organisational impacts (such as disrupted operations and shaken stakeholder confidence).
A critical component of this phase is conducting a post-mortem analysis. This involves not just identifying technical failures, but also examining procedural and organisational shortcomings that may have contributed to the breach. Was there a lack of adequate security training? Were critical patches not applied in time? Did the organisation have an appropriate incident response plan? Addressing these questions helps to form a comprehensive picture of the incident and lays the groundwork for recovery.
THE REBIRTH: BUILDING RESILIENCE
Resilience in cybersecurity is about more than just recovery; it’s about emerging stronger and better prepared for future challenges. This process involves several key steps:
1. Strengthening defence mechanisms: post incident, organisations should reassess and enhance their security infrastructure. This includes deploying advanced threat detection and prevention systems, strengthening network defences and implementing robust encryption protocols. Regular security audits and penetration testing are also crucial to identify and rectify vulnerabilities before they can be exploited.
2. Implementing proactive monitoring: continuous monitoring is vital to detect and respond to threats in real-time. This involves using security information and event management (SIEM) systems which aggregate and analyse data from various sources to provide a comprehensive view of the organisation’s security posture. By identifying anomalous activities early organisations can mitigate potential breaches before they escalate.
3. Fostering a culture of security: cybersecurity is not solely the responsibility of the IT department; it requires a holistic organisational approach. This means cultivating a culture where security is prioritised at all levels. Regular training and awareness programs can equip employees
with the knowledge and tools to recognise and respond to security threats. Additionally, clear communication and policies regarding data protection and incident reporting are essential.
4. Enhancing incident response capabilities: an effective incident response plan is critical for minimising the impact of cyber incidents. This plan should include predefined procedures for different types of attacks, roles and responsibilities, communication strategies and steps for containment and recovery. Regular drills and simulations can help ensure the response team is well-prepared to handle real incidents swiftly and efficiently.
THE ASCENDANCY: RENEWAL AND INNOVATION
Phoenix-like rebirth in the cybersecurity industry is not just about recovery; it’s about transformation and innovation. Organisations must not only rebuild: they must also innovate to stay ahead of evolving threats. This involves:
1. Adopting emerging technologies: new technologies such as artificial intelligence (AI) and machine learning can significantly enhance cybersecurity defences. These technologies can help in predicting and identifying threats faster, automating responses and even anticipating potential vulnerabilities based on patterns and trends.
2. Investing in research and development: continuous investment in research and development is crucial for staying ahead of cyber threats. Organisations should invest in exploring new security technologies, developing advanced encryption methods and improving data protection techniques. Collaboration with academia, industry consortia and security researchers can also provide valuable insights and innovations.
3. Promoting cybersecurity governance: establishing robust cybersecurity governance structures is vital for ensuring security practices are aligned with business objectives. This includes defining clear policies, standards and controls as well as regularly reviewing and updating them to keep pace with the changing threat landscape. Additionally, involving senior leadership in cybersecurity decision-making can help ensure security considerations are integrated into all aspects of the business.
4. Engaging with the cybersecurity community: Collaboration is a key aspect of resilience and renewal. Engaging with the wider cybersecurity community through information sharing, partnerships and participation in threat intelligence networks can provide valuable insights and enhance an organisation’s ability to respond to threats. Collective defence strategies and shared knowledge can significantly improve the overall security posture.
PHOENIX RISING FROM THE ASHES: A METAPHOR IN CYBERSECURITY
The concept of the phoenix rising from the ashes serves as a powerful metaphor for resilience and recovery following a cyber incident. Cybersecurity threats, such as hacking, data breaches, ransomware attacks and other malicious activities, can severely impact organisations. These incidents often result in significant data loss, financial damage and a massive amount of reputational harm, akin to the metaphorical ‘death’ faced by the phoenix.
A cyber attack can be a cataclysmic event for the affected organisation. Critical systems may be compromised, sensitive data stolen or corrupted and
normal business operations severely disrupted. This phase represents the ‘burning’ aspect of the phoenix myth, where the organisation undergoes a destructive experience, much like the phoenix engulfed in flames.
RISING FROM THE ASHES: RECOVERY AND RESILIENCE
Just as the phoenix rises anew, organisations can recover and rebuild themselves after a cyber attack. This process is not merely about restoring systems to their former state but involves learning from the incident to strengthen cyber defences against future threats. The key aspects of this recovery and resilience in cybersecurity include:
1. Assessment and analysis: after a breach organisations should launch a thorough investigation to understand the root causes and the extent of the damage. This assessment is essential for identifying vulnerabilities and preventing future incidents. It mirrors the introspection and learning process that follows the phoenix’s death, leading to a renewed sense of purpose and strength.
2. Rebuilding and strengthening: in the aftermath of a cyber attack, companies often need to overhaul their cybersecurity measures. This may involve updating software, improving network defences, implementing stronger encryption methods and enhancing monitoring systems. The rebuilding process is akin to the phoenix’s rebirth, where the organisation emerges stronger and more secure.
3. Developing an incident response plan: just as the phoenix prepares for its cycle of rebirth, organisations should develop and refine their incident response plans. These plans ensure that, in the event of a future attack, there is a clear, efficient and effective response to minimise damage and facilitate swift recovery.
4. Promoting a strong culture of security: cyber resilience is not just about technical defences but also about fostering a culture of security awareness and vigilance within the organisation. Training employees, promoting best practices and creating a security-conscious environment are all necessary for preventing incidents and ensuring a quick response when they do occur.
THE ETERNAL CYCLE: CONTINUOUS IMPROVEMENT
The concept of the phoenix’s cycle of death and rebirth emphasises the importance of continuous renewal and improvement. In cybersecurity this translates to an ongoing commitment to enhancing security measures, staying informed about new threats and adapting strategies accordingly. As the threat landscape evolves, so too must the defences and strategies employed by organisations.
Just as the phoenix is reborn stronger and wiser, organisations can use the lessons learned from cyber incidents to build more robust systems and processes. This continuous improvement cycle is essential in an environment where cyber threats are constantly changing and becoming more sophisticated.
FINAL THOUGHTS
In cybersecurity an ongoing cycle of assessment, adaptation and innovation mirrors the death and rebirth of the phoenix. As threats evolve the strategies and technologies designed to combat them should also evolve. Organisations that embrace resilience and renewal not only recover from setbacks but also emerge stronger, more agile and better equipped to face future challenges. Just as the phoenix rises from its ashes, so too can organisations hit by cyber attacks.
ABOUT LISA VENTURA MBE
Lisa Ventura MBE is an award-winning cybersecurity specialist, published writer/ author and keynote speaker. She is the founder of Cyber Security Unity, a global community organisation dedicated to bringing together individuals and organisations who actively work in cybersecurity to help combat the growing cyber threat. As a consultant Lisa also works with cybersecurity leadership teams to help them work together more effectively. She provides cybersecurity awareness and culture training and training on the benefits of hiring those who are neurodiverse. She has specialist knowledge in the human factors of cybersecurity, cyberpsychology, neurodiversity and AI in cyber, and is also a cofounder of International Imposter Syndrome Awareness Day. More information about Lisa can be found on www.lisaventura.co.uk or www.csu.org.uk
LISA ON SOCIAL MEDIA
x.com/cybergeekgirl
www.linkedin.com/in/lisasventura
www.facebook.com/lisasventurauk
www.instagram.com/lsventurauk
www.youtube.com/@CyberSecurityLisa
CYBER SECURITY UNITY'S CHANNELS
www.linkedin.com/company/csunity
x.com/CyberSecUnity
www.facebook.com/CyberSecUnityUK
JO STEWART-RATTRAY
RESILIENCE AND INNOVATION: WOMEN’S RISING INFLUENCE IN CYBERSECURITY
by Jo Stewart-Rattray , Oceania Ambassador, ISACA
Cybersecurity presents both challenges and opportunities for women. No doubt gender bias still exists. No doubt women remain under-represented and under-paid. No doubt women in the industry find it hard to return to work after maternity leave, experiencing various barriers to re-entry.
But there are positives to build upon. There are insufficient workers globally, and organisations are increasingly realising the advantages women bring to cybersecurity. These include diverse problemsolving skills, a strong sense of ethics, innovation and enhanced team dynamics. And there are financial rewards to be gained by having more women in the workforce. We know that companies where women occupy 30 percent or more of executive roles are seeing a 15 percent boost in profitability.
I am witnessing examples where the determination of women is slowly but surely reshaping cybersecurity.
What I find most inspiring is that these stories of persistence are not just about personal achievements, but also about the push for greater equality in a field long dominated by men. As more women break into cybersecurity they are also breaking down barriers, not only for themselves but for future generations of women in tech. I am witnessing a collective effort to bring about change.
RESILIENCE IN ACTION
The journeys of women in cybersecurity are filled with examples of resilience that inspire others and drive change. At the 2023 United Nations Commission on the Status of Women I hosted a conversation circle with the National Rural Women’s Coalition in which 12 countries were represented. We discussed the affordability and accessibility of technology. What struck me most was the innovation displayed by these incredible women; innovation driven by necessity.
A female IT leader in Ghana shared her struggles to gain internet access in some of the more remote villages she had to travel to for work. Her solution came from a child who—from the top of a tree—saw her frustration and told her that sometimes he was able to get internet coverage when at the highest point of the tree! So, to report back to head office, she typed her message and sent the willing young boy back up the tree with her phone to hit send. Now, she is a welcome visitor to these villages, reimbursing the children for helping her gain internet access!
In Nigeria we learnt that mobile phones are a status symbol, and people would rather give up necessities like a meal or transportation than give up their phones.
Closer to home, women in cybersecurity and technology encounter daily obstacles and manage the demands of their roles while navigating biases and gender stereotypes along with societal expectations. While their challenges may differ from those of their peers in Ghana or Nigeria, they share a common thread of resilience and innovation in difficult situations.
Whether it’s being overlooked for promotions, earning less than their male counterparts or needing to send a phone up a tree for a signal, these women consistently demonstrate resourcefulness. Their perseverance is gradually driving progress and setting a powerful example for others in the field.
SUPPORT NETWORKS AND MENTORSHIP
In my own career I’ve frequently been the only woman in the boardroom or at client meetings where I have learnt how crucial it is to build strong networks, both locally and globally, to drive lasting change.
Initiatives like ISACA’s SheLeadsTech program are not only critical in addressing the issues facing women in cybersecurity, they also provide a central hub for those with a shared mission. They offer more than just educational resources, fostering a sense of community and mentorship that’s crucial for career growth.
At the heart of SheLeadsTech is a commitment to building a supportive network where women can connect, share experiences and support each other. Having strong female mentors and role models not only helps women break into the tech industry but also empowers them to excel. This kind of support creates a culture of belonging, where women are equipped with the skills, confidence and resources to thrive in any role they pursue.
Every woman who overcomes obstacles and succeeds in cybersecurity is not only achieving her own goals, she is creating a pathway for future generations. This growing legacy of leadership is inspiring more women to see cybersecurity not only as a career, but as a more inclusive and forwardthinking industry in which they can lead and excel.
ABOUT THE AUTHOR
Jo Stewart-Rattray has over 25 years’ experience in the security industry. She consults on risk and technology issues with a particular emphasis on governance and IT security in businesses as a director with BRM Advisory. She regularly provides strategic advice and consulting to the banking and finance, utilities, healthcare, manufacturing, tertiary education, retail and government sectors.
www.linkedin.com/in/jo-stewart-rattray-4991a12
ETHICAL HACKING: IT’S A MAN’S WORLD
by Stuart Corner
In Australia, women account of about 17 percent the cybersecurity workforce. Globally, the figure is somewhere between 20 and 25 percent, according to ICS2. But there is one important sector of cybersecurity that has failed to achieve anywhere near this level of participation by women: ethical hacking, where female representation is a mere four percent.
Ethical hackers are cybersecurity experts who, without being given any inside information, are engaged to try and find weak points in organisations’ cybersecurity defences. They are rewarded with a ‘bug bounty’ for each vulnerability they discover, with payment based on the severity of that vulnerability. Many operate through companies that match ethical hackers with clients and manage payments to them.
One such company, Bugcrowd (founded in Australia in 2012 but since 20128 headquartered in the US), has been surveying the global ethical hacker community annually since 2017 and publishing its findings. Of the 1300 members of the global ethical hacking community it surveyed for its latest report, Inside the Mind of a Hacker 2024, only four percent identified as female, and 94 percent as male.
Sajeeb Lohani, Bugcrowd’s global technical information security officer and senior director cyber, says getting more women into cybersecurity is crucial not only for promoting gender equality but also for improving the overall performance of cybersecurity teams. “Diverse groups bring a wider range of perspectives, which can enhance problemsolving and innovation, which is why I believe security teams are required to embrace people from different walks of life. If they do not, they will not be able to cater for the various types of business units within a company, and will follow the traditional standards of cybersecurity teams being a ‘No’ shop.”
Lohani—who mentors women through the Australian Women in Security Network—told AWSM, “A significant factor is the pervasive cultural stereotype that depicts cybersecurity as a male-dominated, highrisk and technical domain, discouraging many women from considering it as a viable career option.”
He also volunteers with Kids SecuriDay, an organisation that runs events for students around the world, and says such initiatives aimed at young individuals in general can help by offering early engagement in STEM and mentorship programs,
STUART CORNER
teaching these individuals how to appropriately celebrate their wins and providing more inclusive future work environments.
WHAT IT TAKES TO BE AN ETHICAL HACKER
If you are a woman with any personal aspirations to address the underrepresentation of women in the ethical hacking community by becoming an ethical hacker yourself, there’s a few things you should know: apart from being male, ethical hackers demonstrate a fairly narrow range of personal attributes. Seventy five percent speak at least two languages, and 17 percent more than three. Seventy eight percent are aged between 18 and 34 years, and 56 percent between 18 and 24 years.
That aside, there seem to few barriers to being an ethical hacker if you are so minded. According to the report: “Hackers have a striking preference for selfdirected learning, with 87 percent of hackers crediting online resources for their skills, it says.
“But the learning doesn’t stop at online tutorials. A remarkable 78 percent of hackers proudly wear the badge of being self-taught, showcasing a DIY spirit that’s deeply ingrained in hacker culture. This self-
starter mentality is complemented by peer-to-peer learning, with 35 percent of hackers citing friends or mentors as key to their educational journeys.”
Not that ethical hackers lack formal education. “Almost three-quarters boast college degrees or higher, reflecting a level of academic achievement rivalling many traditional professional fields,” the report says.
It also dispels the oft-cited classic stereotype of the hacker as an isolated individual, forever hunched over a keyboard. Almost half of those surveyed spent less than 10 hours a week hacking and only 23 percent spent more than 30 hours a week. The rest, the report says: “They’re your coworkers, neighbours and maybe even your barista!”
And ethical hackers display many attributes likely to make the role attractive to women. “Today’s hackers are active community members working toward the common good,” the report says. “A significant 82 percent are committed to building lasting relationships with companies and bug bounty program owners, creating a sustained defence. Knowledge sharing is at the heart of this community,
with 85 percent of hackers dedicated to educating others. The spirit of mentorship is strong too. Instead of gatekeeping, hackers are inviting others in, with 81 percent involved in guiding and working with peers.”
THE ETHICAL HACKER PERSPECTIVE ON CYBERSECURITY
Profiling the ethical hacker community is only one aspect of the report. It also reflects their views on important aspects of cybersecurity. Ethical hackers are at the sharp end of cybersecurity: they are likely to be first to see new attack techniques, and be early adopters of threat detection techniques and countermeasures.
And there is nothing making a bigger impact on cybersecurity today, for good and ill, than artificial intelligence. Its use for good has risen dramatically. In Bugcrowd’s 2023 ethical hacker survey only 23 percent of respondents believed AI technologies could enhance the value of ethical hacking. In the 2024 survey that figure was 71 percent.
Eighty six percent of respondents said AI had fundamentally changed their approach to hacking, for better or worse. However the figures for those who believe AI technologies will outperform the abilities of hackers have barely changed since 2023, from 21 percent to 22 percent, as have the figures for those who believe AI technologies will eventually replicate the human creativity of hackers, (28 percent to 30 percent).
The report contends that the hackers surveyed “are security experts on the cutting edge of an ever-evolving threat landscape.” If this is so, other security experts should be deeply concerned about ethical hackers’ views on AI. A significant majority, 78 percent, believe the risks associated with AI outweigh its potential, 82 percent believe the AI threat landscape is evolving too rapidly to adequately secure against, and 93 percent believe companies using AI tools have introduced a new attack vector for threat actors to exploit.
The, relatively, good news is that 73 percent of respondents were confident that their abilities as a hacker would enable them to uncover vulnerabilities in new AI-powered apps.
And their abilities, as identified in the report, align well with the abilities women bring to cybersecurity: a level of creativity that AI lacks; the ability to ‘think outside of the box’, which gives advantage over ML models and predictive AI; the ability to think of new attacks that AI cannot predict because AI relies on known information.
WHAT IT TAKES BE AN ETHICAL HACKER?
If this article has inspired you to contemplate making your own contribution to addressing the miniscule representation of women in the ethical hacking community, there’s a useful blog, The Shocking Truth You May Not Know About Being A Full-Time Bug Hunter, written by Bugcrowd’s VP of operations, Michael Skelton.
WHY CONTINUOUS SECURITY IMPROVEMENT FOR DEVELOPERS IS THE KEY TO RENEWED RESILIENCE IN THE MODERN SECURITY PROGRAM
by Fatemah Beydoun , Chief Customer Officer, Secure Code Warrior
We live in a time of great flux and, true to form, the cybersecurity industry keeps growing in complexity and scope. The AI revolution of the past 18 months has seen many enterprises scrambling to equip security leaders with the tools required to combat an increasingly borderless attack surface, not to mention responding to growing governance and regulatory requirements demanding significant attention.
Few would envy CISOs faced with these circumstances. Still, while change can be challenging to navigate, the current security climate feels like the perfect time to embrace measures that will improve software quality and reduce risk for years to come.
I work with some of the most talented and resilient security professionals on the planet. Many of them are reinforcing their security programs to in response
to the contemporary threat landscape, positioning their development cohorts for risk reduction and vulnerability elimination. Here is what they do differently, time and time again.
DEVELOPERS HAVE PRECISION GUIDANCE AND THE RIGHT TOOLS TO PRIORITISE SECURITY
One aspect of cybersecurity rarely discussed in depth is the fact that code-level vulnerabilities are, at their core, a human-driven issue. These vulnerabilities are often perpetuated by poor coding patterns and bad habits that developers have picked up throughout their careers, and these can have devastating consequences. Make no mistake, the blame does not lie with individual development teams. It lies with the industry as a whole, and our lack of suitable response to developers’ needs for upskilling.
FATEMAH BEYDOUN
Bug bounties and security champion programs do go some way towards creating security culture pillars within an enterprise, but these alone are rarely sufficient. Every day I work with CISOs who are rising above the status quo. They prioritise an approach that takes developers on the security journey, typically with executive buy-in for these internal programs. Their developers thrive in an environment where just-in-time, relevant learning pathways are emphasised, as are tools complementary to their tech stacks. These strategies help break down the significant barriers developers face when trying to contribute meaningfully to organisational security goals. They also pave the way for fair security-related KPI outcomes.
DEVELOPERS ARE ASSESSED ON SECURITY READINESS AND INCENTIVISED TO IMPROVE
It is rather alarming that, today, we live in a world that is essentially powered by software. The recent CrowdStrike outage proved just how easily a bug can bring critical infrastructure to its knees. Despite this, developers do not have formal security certification or verification processes that clear them to work on these vital and often precarious systems; processes akin to those applying to architects or mechanical engineers.
Security leaders within organisations committed to a high standard of software security resilience are taking steps not only to upskill the development cohort but to routinely assess their security readiness. Perhaps a Java developer has proven themselves security-confident, but they want to be deployed on a Ruby-on-Rails project to which their skills may not necessarily apply. A modern security program would assess the individual, identify knowledge gaps and provide that developer with the upskilling required for them to be successful. This would enable them to expand their career horizons on the job, increase their job satisfaction and deliver better security outcomes.
We must get to a place where data-driven insights inform rapid, high-impact company decisions. After all, the cybersecurity industry does not sleep, and threat actors already have an unfair advantage over security leaders struggling with everything from
the skills shortage to code monoliths that are an increasing burden within the codebase.
THERE IS AN ORGANISATION-WIDE FOCUS ON SOFTWARE SECURITY AND QUALITY
One of the biggest pushes towards higher software security standards has come from the US Government’s Cybersecurity & Infrastructure Security Agency’s (CISA) Secure-by-Design guidelines. These are the result of a joint initiative from multiple national governments, including those of the United States, United Kingdom, Australia, Canada and Germany.
These guidelines promote the importance of shipping secure software from the start. They seek to establish ultimate ownership of security with software vendors, as opposed to their end-users. This is a significant break from the status quo, but, if executed well, will assist in reducing cyber risk across the board.
The best security leaders are heeding this call, and pledging their commitment to higher software standards. For most enterprises, success will require a cultural shift that prioritises role-based security awareness along with ongoing, hands-on support for the development cohort. However, there is no better time than now to get serious about uplifting internal security programs, and the sooner we do so the sooner we will be able to point to meaningful improvements.
www.linkedin.com/in/fatemah-beydoun-b6555bb1
CYBERSECURITY AND HARRY POTTER: A PHOENIX RISING FROM THE ASHES
By Marcus Lavalle-Smith , Principal Consultant at Decipher Bureau (Cyber Security Recruitment). Harry Potter fan.
What similarities can we draw between cybersecurity and Fawkes, the highly intelligent male phoenix and companion of Aldus Dumbledore in the Harry Potter movies? Fawkes was able to disappear at will and reappear in a flash of fire.
The theme for this issue leads me to draw a strong correlation between cybersecurity and the Harry Potter stories. Just as Harry and his friends are fighting against dark forces of evil that we mere Muggles cannot see, so too are cybersecurity professionals.
HARRY POTTER – THE CHOSEN ONE (CYBERSECURITY PROFESSIONAL)
Cybersecurity teams defend us all against threats through a variety of means: they are ready to protect us and our networks and assets at all costs.
THREATS
Phishing: just as Barty Crouch Junior disguised himself as Alastor ‘Mad-Eye’ Moody using Polyjuice Potion in the Goblet of Fire to get up to no good, cyber criminals disguise themselves as someone you can trust. They trick you to reveal information that should be kept confidential and use that information for malevolent purposes.
Social engineering: similar to phishing, this is where a cybercriminal will pretend to be someone else to get information or to gain access to systems and data.
Insider threat: Severus Snape became a double agent, pretending to be a Death Eater and one of Voldemort’s lieutenants while secretly working for and reporting back to Dumbledore.
MARCUS LAVALLE-SMITH
The enemy: Like the nefarious black hats constantly seeking to cause chaos and hurt people, the Dark Lord (Voldemort) represents the embodiment of evil, always working to breach defences, steal data (wands), and take hostages for ransom. Like Voldemort’s Death Eaters, black hats often have a team of other bad actors backing them up.
The tools: the invisibility cloak. One guess what this one is about: encryption. Our hero’s trusty invisibility cloak lets him move around unseen. Similarly, encryption makes data invisible from those who should not/do not need to see it.
The sorting hat: identity and access management has been such a hot topic this year it would be remiss of me to not include it in this article. In cybersecurity, your access control system performs a similar role to the sorting hat by assigning permissions (houses) to users based on their role/background and what they do.
The Patronus Charm: the Patronus is a powerful charm that forms a shield for the spellcaster to protect against Dementors, evil creatures that drain happiness and hope from people. (I’m sure we all know a ‘Dementor’ in our lives). In our world, antivirus and anti-malware software act like a Patronus Charm, protecting systems and companies.
CONCLUSION
While there is no doubt 2024 is proving to be a challenging year for all in cybersecurity, I firmly believe we can all take a flaming feather out of Fawkes’ book and, like a phoenix rising from the ashes, become smarter and stronger than ever.
www.linkedin.com/in/marcuslavalle-smith
MAXIMISING YOUR MOMENT
by Shinesa Cambric , Principal Product Manager at Microsoft
“And the day came when the risk to remain tight in a bud was more painful than the risk it took to blossom”
– Anais Nin
Technology has been evolving faster than ever and that evolution shows no signs of slowing down. In the days ahead, we will all have the opportunity to adapt and drive innovation through technology, but I believe a bigger opportunity will be how we innovate ourselves.
With the growth of readily available AI and machine learning technology access to knowledge will no longer be a barrier to innovation. Key to innovation will be how we learn to pivot and embrace the art of the possible. As women in technology we all have stories of resilience, of how we faced challenges and overcame them, despite difficulties.
Resilience for us is nothing new. However, what I’d like to challenge each of us to think about is how we combine that resilience with a sense of renewal
and personal growth that empowers us to inspire those around us who may be watching our journeys for encouragement.
My own story of resilience and renewal led me to spend time analysing how to be more intentional about my personal brand and what I wanted out of my career, determining the legacy I wanted to leave and how I needed to stretch myself to achieve my goals.
Two pivotal conversations sparked my personal resilience and renewal journey. The first was having a leader share with me that I would never advance further because no one knew who I was. The second was a mentor who shared a story with me about fingerprints.
If you know anything about small children, you know they touch everything and leave their fingerprints behind. You know where they’ve been. My mentor asked me about when my journey ends, how others would know I had “been there.” What were the fingerprints I wanted to leave behind?
In the book Securing Our Future: Embracing the Resilience and Brilliance of Black Women in Cyber, written by The Black Women in Cyber Collective, I share my story and my motivation to challenge myself to move beyond being a quiet introvert, to
SHINESA CAMBRIC
dare to be different and to use that difference to, hopefully, inspire others to recognise possibilities and strive to achieve. In my case those achievements were becoming a bestselling author (twice), a public speaker and a mentor and advocate for others within cyber.
I’ve learnt that excitement in life comes from allowing challenging moments to build something new in us, from creating new dimensions to who we are and insights into all we are capable of. I would like to share some general tips on how to move beyond where you are and grow into who you want to be.
First, you must learn to recognise opportunities for growth, because sometimes they come wearing a
disguise. If I had simply listened to the leader who told me I would never rise beyond where I was, and had used that as an excuse to shrink back, I would have missed a wonderful opportunity to move towards the legacy I want to leave. I would have missed the opportunity to have my children and those around me know that, just because others want to place limits on you does not mean you have to allow yourself to be defined by them.
Second, be willing to take some risks. In the Broadway play Hamilton, there is a song with the chorus: “I am not throwing away my shot.” Don’t allow fear to cause you to throw away your shot. Growth comes through doing new things, and starting new things will be uncomfortable.
Third, ignore your critics. Your journey and what comes out of it are none of their business. Think about what YOU want to be known for. Last, and most important, you will need to continue to be resilient and to reflect on how far you’ve come, to share your success with others who need encouragement, and celebrate your journey and accomplishments along the way.
www.linkedin.com/in/shinesa-cambric
ABOUT THE AUTHOR
Shinesa Cambric (CCSP, CISSP, CISM) is an award-winning cybersecurity innovator with two patents pending and expertise on the intersection of GRC, IT and application security. At Microsoft she leads a team combining AI and machine learning to identify and respond to emerging threats against digital identities. She is lead developer of the ISACA GCP audit program, certification advisor for the Cloud Security Alliance and CompTIA, lead author of the bestselling book Cloud Auditing Best Practices, and contributing author to the bestseller Securing Our Future: Embracing the Resilience and Brilliance of Black Women in Cyber
DOING IT WITH PASSION AND HONOURING MY FATHER: FROM ENGINEERING GRADUATE TO SENIOR CYBERSECURITY EXECUTIVE
By Meriam El Ouazzani, Regional Sales Director, Middle East, Turkey and Africa at SentinelOne
My late father’s encouragement to dive into something challenging helped set me on the path to professional fulfilment and success in the IT world.
Female engineers were few and far between in Morocco when I began pondering my career options. It’s often said that you cannot be what you cannot see, and perhaps that’s why, in common with many women of my generation, I did not view IT as a potential career path, despite my natural aptitude for STEM subjects.
Fortunately, I had a farsighted father who believed in me and knew how far my perseverance and
passion could take me. He pushed me to pursue my ambitions. And, if it was something unusual and challenging, all the better.
My father’s support and guidance were the fuel that propelled me to join the minority of women enrolled in computer engineering studies in my homeland and, after graduation, move to Dubai.
My first job, selling servers for HP, brought me into contact with another fantastic male mentor; a senior executive with the firm who, like my father, formed the view that an oversized challenge would help bring out the best in me. With his support I moved into a
MERIAM EL OUAZZANI
role which required me to understand the technology we were promoting and to use the technical expertise gained to engage with customers. I had great people around me, guiding me and providing me with a great chance to learn about the technology.
Good effort brings great results. A few years into the role I was noticed by Cisco and offered a job in its sales team. Thanks to that transition, I was able to start learning more about network security, an indemand technology at that time.
I joined a talented team and, because of the rapid evolution of the industry, often had to learn the hard way. With a never-lose mentality, I was able to prove myself and climb the career ladder. I moved from sales manager to product specialist sales and discovered along the way where my passion lay.
Security was the field I wanted to grow in. It was what customers wanted to hear about and what I personally felt most inclined to help customers with: being part of customers’ security strategy and helping them execute on their security plans.
Knowledge opens doors, especially if it’s gained when a developing technology is in the early stages of the Hype Cycle. The insights I acquired at HP and the skills I developed allowed me to segue into a more senior role with Cisco. The busy years I spent at Cisco, in both generalist and specialist sales roles, deepened my understanding of networking and security. I was further inspired to pursue security when I moved into a product sales specialist role where I focused on wireless technology and wireless security.
While I had amazing leaders supporting and mentoring me, and helping my growth, I realised that what I needed was focus. I knew with certainty I wanted that focus to be on cybersecurity.
I was approached by VMware to join its Middle East, Turkey and Africa (META) team focusing on its security solution, NSX. I came on board with a remit to set up a partner ecosystem for the business in the META region. It was another assignment which necessitated me throwing myself in at the deep end and learning the technology in order to help our partners develop strategies to sell and deploy our technology at scale, with ease.
Then, I was tasked with building a security practice from scratch at VMware after the company acquired a new solution that needed to be integrated into our existing portfolio. My challenges was to position the product to appeal to a different set of buyers. This required me to ensure the VMware teams developed new technical capabilities for both selling and deploying the solution, in the face of intense competition, particularly from Cisco. I focused on building a strong go-to-market strategy. I chose to collaborate with colleagues who brought essential market knowledge and I engaged technical teams across the META region.
Once again, security was an essential element of the offering, and my time spent in this role cemented my resolve to continue developing my cyber knowledge and capabilities, and to seek out opportunities with companies delivering compelling value to customers in this space.
That resolve led me to accept a role with SentinelOne four years ago to build its channel ecosystem. I was hired initially as a regional channel manager for the Middle East, Turkey and Africa, where I enjoyed building the channel from scratch and fighting to get the best partners onboard. Subsequently, I was promoted to regional sales director in mid-2023.
All up, it’s been quite a journey! I’ve enjoyed every minute of the ride and I’m grateful to the people who believed in me, backed me and celebrated my successes with me: a family who stood by me every second and every step of the way; my father, whose pride in his boundary-pushing daughter was unparalleled; the equally supportive colleagues who urged, coached and mentored me to develop the capabilities and qualities I needed to secure roles involving greater responsibility and challenge.
These days I’m paying it forward, encouraging growing talent in the industry and in my own young adult children to set their sights high and map out career plans that will help them get where they want to be, and to push themselves out of their comfort zones in the process. I have been fortunate to have a network of people to guide me, support me and encourage me. Today, I look at returning their favours and trying to be the best support to my team and the people in my surroundings.
Although things have changed considerably since I entered higher education and the corporate world, we still have a responsibility to support those in our communities, particularly young individuals whose interests and aptitude lean towards STEM-related fields, where but they are significantly underrepresented.
The impact of support can be profound. If we are committed to helping the next generation reach its full potential and to addressing the imbalances in the security field and the IT sector as a whole, we must all support the young people following us into the industry. There’s no better time than now to make this commitment.
www.linkedin.com/in/meriam-el-ouazzani-2a75a727b
BY AUSTRALIAN AUTHOR CRAIG FORD
Source2Create Spotlight
Content
Content allows you to establish, share, and strengthen your brand. It helps build relationships which is why we are shining the light on our content service.
Content strategies don’t just define the goals your content is intended to achieve, but also the procedure, processes and governance required to get there. We can show you how to manage your content effectively .
We can then use that content to attract, acquire and engage your customer and new prospects, deepening your relationships
What are you waiting for? REACH
CAREER PERSPECTIVES
CYBER ACCREDITATIONS - WHAT DOES AUSTRALIA REALLY NEED?
by Ken Hendrie , CEO and founder of Cyconsol
IT’S NOT NEW NEWS
People in our industry are not providing essential, credible, reliable cybersecurity advice. Misleading and incorrect recommendations are giving the industry a bad name. (Shock, horror!)
Australian companies want professional, high quality cybersecurity guidance from people who know their subject matter deeply and how it can be applied to a business, be it a large organisation or a small one.
FINDING THE RIGHT CYBER EDUCATION
In the scramble to meet the significant shortage of skilled cybersecurity professionals a host of learning institutions have developed a multitude of courses and certifications. With the abundance of cybersecurity training courses on offer it can be difficult to identify those with highly competent trainers and good quality courseware. Testing for comprehension and required skillsets is increasingly done online.
Today, there are more certifications available in the industry than I’ve had breakfasts. The market has grown in line with the profits that can be made by learning institutions. But not all cyber training organisations are created equal. Some have low integrity. For example, their certification could be gained through nefarious means, such as having someone else sit the exam, or the system itself might be insecure and open to manipulation. Course content might be loosely spun together and the validation of the practical exercises in the curriculum could be dubious.
New career entrants find it challenging to navigate the range of accredited cyber training courses and determine which certifications employers value. They can often waste money and time getting a certification that does not add to their credibility or build relevant skills.
KEN HENDRIE
How do we shift the cybersecurity training industry from the Wild West, where anything goes, to a reputable, reliable industry with knowledgeable practitioners who have their skills independently authenticated and operate in an ethical and expert manner?
CAN THE AUSTRALIAN GOVERNMENT SOLVE THIS CHALLENGE?
Many in the industry are encouraging the Australian Government to develop a framework and a process for validation of certifications that would ensure cyber specialists to deliver high quality, independent and pragmatic advice. The premise proposed is that specific roles should require specific certifications.
Setting a framework for cybersecurity accreditation is no small task. Often, frameworks are created for roles which are not relevant, or simply do not exist in the Australian context. At the same time, the selection of accredited courses cannot be too restrictive, making it too difficult or too expensive to gain needed certifications.
The UK’s National Cyber Security Centre has built the NCSC Certified Training scheme to provide a benchmark for cybersecurity training by assuring the quality of both the content and its delivery. Courses are rigorously assessed by an independent certification body, APMG International, which has been appointed to independently manage and maintain the required high standards of assessment.
Locally, the Australian Signals Directorate (ASD) has supported higher standards for security assessments and training through the enhanced Infosec Registered Assessor Program (IRAP). The IRAP policy and training have been co-designed by ASD with government and industry representatives through a series of consultative forums to improve the culture and governance of the program. The IRAP endorsement requires the individual to have experience and a recognised top tier qualification in each of two separate categories. It is important to note there remains room for improvement within the current iteration of the IRAP program, but it is
a good example of how industry certifications can be inherited to provide a degree of assurance over individual assessors.
ESSENTIALS OF A GOVERNMENT ENDORSED SCHEME
Here are the key attributes of the cyber training accreditation program Australia needs:
• Tiered learning – Remove the barrier of entry for people at the beginning of their career, enabling them to access progressively more specialised training in an area. It should not be ominously expensive to get started.
• High integrity courses – Only accredited course providers should be put forward. Their courseware, trainers’ skill and delivery and exam processes should be assessed for quality and relevance to our market.
• Oversight by an independent body – It cannot be a course provider itself. The body provided with oversight responsibility, existing or new, should not be strategically aligned to any one certification vendor. Independent assessment of each course is essential to provide a level playing field for all course vendors.
• Ongoing learning – Continuing professional development is a key component. Because the industry is rapidly changing as a result of new developments and better solutions, maintaining knowledge is essential. This can be inherited from the certifications themselves.
ANGELA DUGGAN
HOMING IN ON THE CUSTOMER: FROM FINANCIAL UX CONSULTANT TO CYBER UX SPECIALIST
by Angela Duggan , VP of User Experience at BeyondTrust
My determination to work in a sector where I could make a real difference saw me carve out a leadership role with a leading security vendor.
Pursuit of an engaging and well-compensated career is common for new graduates the world over, and I was lucky enough to embark on such a journey shortly after completing my studies in 2003. I spent eight years working as a user experience consultant to a Fortune 500 financial services organisation, where I learned a lot, earnt a lot and made a lot of friends.
But, as I gained knowledge and experience I came to the realisation I wanted to do more than simply continue in the financial sector, contributing to enhancing the wealth of the already wealthy. I needed to feel I was part of something more meaningful and that my day-to-day dedication contributed to the greater good. As a result, I began exploring
various employment options in the healthcare and cybersecurity industries.
Luckily, my hometown of Halifax Nova Scotia, in addition to being a financial services hub and home to the regional headquarters of some of Canada’s largest banks, is also a small city with a big IT presence. Hence, former colleagues from my employer were able to facilitate an introduction to BeyondTrust, an identity and access management vendor that had earned a stellar reputation in the financial services, utilities and government sectors.
UX NEWBIES
While BeyondTrust’s product offerings had very few peers technologically, the user experience of its applications had taken a backseat up to that point (a common tale when a company is a pioneering developer in the vanguard of high-technology). However, innovative IT companies inevitably attract
competitors and, as all focus on solving the same problems and doing things better and more simply, delivering an excellent user experience becomes a more compelling priority.
BeyondTrust’s head of engineering recognised this. While he was no authority on UX, he knew a piece of the puzzle was missing and he was keen to find someone who could help him fill that gap, despite receiving somewhat tepid support from senior leadership.
Fortunately for me, I was that someone. Upon joining the company in 2015 as its inaugural UX professional I set about eliciting insights and opinions from the people creating, marketing and selling its flagship products. Conducting the same exercise with customers gave me a good idea of what was working, what wasn’t and where improvements might best be made.
FOCUS ON THE USER
While, on the surface, financial services and cybersecurity seem to have little in common, I noticed significant similarities between the two sectors on the UX front during this initial fact finding tour.
For example, internal apps used by traders need to be ultra-responsive and easy to use, because, when you’re operating in that environment where the stakes are high, milliseconds count.
It’s the same story at the sharp end of cybersecurity: an unfolding incident creates extraordinary stress for security admins. Being able to find, absorb and use data quickly and easily is paramount.
A great deal of the change I effected in those early months and years was cultural; encouraging our teams to focus not only on the technical challenges they identified, but also on the humans using our applications.
RISING UP THE RANKS
In September 2018 Bomgar, a developer of secure remote support software, acquired BeyondTrust and
took on its name. Bomgar had earlier that year been acquired by private equity firm Francisco Partners. These deals saw BeyondTrust acquire two additional UX specialists and a CEO who needed no convincing of the contribution our discipline could make to product development and customer success.
At that point, I put my hand up for a director role and was asked to provide a roadmap for expanding the team and the scope of our operations. Fast forward six years and we’ve done both with a vengeance. I’m proud to lead a high performing team of 28 UX professionals and even prouder of the value they continue to generate for BeyondTrust and its customers.
I’m also grateful for the support I’ve received, not only from the senior leadership team but from internal and external female mentors. They encouraged me to strongly advocate for the changes I recognised were necessary at BeyondTrust and they helped me turn my debut almost a decade earlier into a challenging and fulfilling leadership role.
Today, I’m delighted to be doing the same for other young women via the company’s mentoring program. I’m also committed to boosting gender diversity in my team and in our industry as a whole. Cybersecurity continues to offer opportunities aplenty for motivated female candidates who want to work in a sector where they can make a meaningful contribution.
www.linkedin.com/in/angeladuggan
CRAIG FORD
RISING PHOENIX: REINVENTING WHO YOU ARE
by Craig Ford , Cofounder and Executive Director, Cyber Unicorns
If you were to look at my social media or even one of my two websites (company and author sites) you would likely sit there and think “Wow, Craig is pretty successful.”
I have won quite a few awards. I have published six books, given multiple keynote speeches at events around the country and have an international speech locked in for later this year. I’ve even had my face on the cover of a couple of magazines.
I founded Cyber Unicorns to drive change in this industry, which I am extremely passionate about. It looks like I am doing pretty well, right?
Yes, I guess I am, but what you see on people’s public-facing social media or websites is not the full picture. These do not show you the bumps in the road, the challenges they have faced, or if they are as successful as they make themselves appear to the outside world.
It’s human nature. We don’t want to be too vulnerable. We want people to think we are successful, so we hide our mistakes, We can’t admit failure, which would make us appear weak.
Do you think that is true?
I think in our society we have been conditioned to believe so, but I don’t think that is what we should do. I think we should show our warts and all: show the world the real story, not just the glossy version of it.
That’s easier said than done, right? Yes, it probably is, but let me be brave. Let’s look at the bumps in my road to becoming who I am today: the parts of my story you might not be familiar with.
IN THE BEGINNING
Let’s go right back to my childhood. When I was three or four years old my parents split up, later divorcing. I lived with my father and a couple of my sisters. When I started school, I was a really bad reader. I really could not read. I had to have special lessons in my first years in school to teach me how to read, because my dad’s priority had been feeding and clothing me, not teaching me to read or write. This is something I don’t often share, but I think it’s an important part of who I am, especially when I am an Australian bestselling author of six books.
MY FIRST ROLE IN CYBER
As many of you would probably know, getting a first role in cybersecurity is not very easy. I had more than 10 years in ICT technical support and system administrator roles. I had been doing general security work before it was called security, but I was repeatedly rejected for roles in cybersecurity.
I had even obtained my first master of information technology management degree, in digital forensics, and had almost completed a masters of information systems security. I had experience and qualifications, but no one was interested in giving me a shot.
When I finally did crack that first role as a senior ICT security engineer, I worked hard, pushing myself to excel, expanding my skills in pentesting and incident response. I thrived for some three plus years.
Then there was COVID.
The company I worked for was an MSP looking after many pubs and clubs.
Do you remember what happened with pubs and clubs? They all shut down and went into a kind of hibernation. That essentially took away the need
for more than half the staff at the MSP. I was one of them. It went back to a barebones team and cut costs, as did so many other businesses.
I was made redundant and, honestly, I don’t hold a grudge for this. I still get along amazingly well with the owner. They had to look after their business, their family and the staff they could keep. A lot of tough choices were made during that time.
NO JOB, FEW OPPORTUNITIES. NOT A GREAT SPOT TO BE IN
I had already started my writing journey at that time, contributing to CSO online, and my first book, A Hacker I Am, was a couple of months old. So, I doubled down on the writing and created the second book, A Hacker I Am Volume 2, while also pivoting to take on a teaching opportunity at Western Sydney University for a couple of sessions, along with some other ad hoc writing opportunities to keep food on the table.
I pivoted and reinvented myself. I didn’t sit still. I pushed forward, finding my own path. It was a bumpy ride and a little uncomfortable at times. But who did not feel that way through COVID?
BACK ON THE TOOLS
Part way through COVID I bounced back, gaining a contract with a big government agency, working hard to keep moving forward with my career but never letting go of the new path I had taken with my writing. I have been growing both parts of my career since and I am proud of what I have been able to achieve.
THE RISE OF CYBER UNICORNS
Cyber Unicorns is the creation of passion, something I had been talking about for years: educating everyone on how to be safer in this digital world we live in. COVID taught me one thing; you need to be brave and not put a hold on the things you want to achieve. We need to take a moment to calm ourselves and then just get on with the task and stop talking about what needs to be done.
Just stand up and do it.
Like a phoenix rising from the ashes, reborn in its true beauty, you can do the same. Life gives us knocks sometimes; some small, some leaving permanent
marks on who we are, but if we truly believe, we can achieve our dreams, or at least give absolutely everything we have in trying.
So, I have shown some of the bumps in my path. There are probably more, and I am more than happy to chat about them with any of you who would like to know more about my journey, but why don’t we all be a little braver and show it is okay to fail, to show some vulnerability. Then we can all rise from the ashes like the phoenix.
Just don’t give up.
www.linkedin.com/in/craig-ford-cybersecurity
www.facebook.com/profile.php?id=61552330571786
www.instagram.com/cyberunicorns.com.au
x.com/CraigFord_Cyber
www.cyberunicorns.com.au
STUDENT IN SECURITY SPOTLIGHT
Pranidhi
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
My interest in cybersecurity started with movies and TV shows where hackers would use their skills to save lives. I was fascinated by the idea of good hackers (White Hat) going up against malicious ones (Black Hat), and I was determined to become an ethical hacker. I threw myself into learning as much as I could, doing LinkedIn courses, YouTube tutorials, and practising in labs like TryHackMe and HackTheBox. I even went on to get my EC-Council Certified Ethical Hacker certification.
But as I gained more experience, my view of cybersecurity evolved. I came to see that it’s not just about hacking—it’s about protecting information, which is incredibly valuable in today’s world. Information really is the new gold, and cybersecurity is about keeping it safe.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
After I graduate, I’m really hoping to work as a cybersecurity consultant. As I mentioned before, information is the new gold—whether it’s personal,
financial, medical, or intellectual property—and it needs to be protected the right way. I believe prevention is always better than trying to fix things after the fact, and that’s what I love about cybersecurity.
During my internship at PwC Sri Lanka, I discovered that I’m more interested in the GRC (Governance, Risk, and Compliance) side of things than the technical side. I enjoy meeting new people, learning something new every day, and sharing what I know. I already find myself advising friends and family on how to stay safe from cyber threats, and I love that aspect of it. Consulting, to me, is about problem-solving, and with the ever-evolving threat landscape, it requires creativity. I really enjoy digging into threats, gathering intel, and figuring out how to prevent future attacks.
One thing I love about my current job as an F&B attendant is the teamwork and the daily challenges that come with working with different people. I think that’s why I’m drawn to consulting—there’s so much collaboration involved. I’ll get to work with a diverse team of IT professionals, legal experts, and business leaders, and that excites me. I’ve already experienced how rewarding it is to work with people from all kinds of backgrounds, and I know it’s something I’ll thrive in as a consultant. And let’s be honest—the work-life balance is also a huge plus!
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
When I decided to pursue a career in cybersecurity, my first step was to study it because, honestly, I had little to no background in IT or cybersecurity. Before that, I was on a completely different path—I was studying biomedical science, aiming to become a doctor, a dream heavily influenced by my family. But after two years of studying, I realised it wasn’t
PRANIDHI HANDAPANGODA
Handapangoda is a dedicated and passionate student currently pursuing her Master of Cyber Security at Griffith University for her Final Year
Student at Griffith University
for me. I started researching other fields and found cybersecurity, which really excited me. At the same time, I was terrified about how to tell my parents I no longer wanted to pursue biomedical science, especially since they had invested so much in my education.
Convincing them wasn’t easy. They had already spent a lot of money on my medical studies, and cybersecurity was a completely unfamiliar field to them. Plus, at the time, only two places in Sri Lanka offered a degree in cybersecurity, and it was quite expensive. But I knew it was what I wanted, so I made a real effort to explain how important cybersecurity would be in the future, even in sectors like healthcare, and eventually, they agreed to support me.
From my first year in the program, my parents were impressed with my dedication and results. Looking back, I’m really proud of myself for being brave enough to make that switch from biomedical science to cybersecurity. In 2022, I graduated top of my class at Edith Cowan University’s Sri Lanka campus with a gold medal in Cybersecurity, and my parents couldn’t be prouder. It feels amazing to be doing something I truly love.”
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. The most memorable part of my cybersecurity journey is how it all began. No one I knew was familiar with IT security or cybersecurity at the time, so I had to do my own research just to discover what it was. It was an emerging field back then, and all I had were a few vague ideas to start my search. Once I found out about cybersecurity, I dove in and started teaching myself.
While studying for my diploma in networking and systems, I fell in love with the story of Unix and Linux. I even preferred Linux’s interface over Microsoft.
Since I was new to the field, I had to start from scratch—learning about virtual machines, different operating systems, open-source software, and so much more. A lot of it was self-taught in the beginning. I remember deciding to install Linux on my laptop, starting with Kali Linux through a virtual machine by following YouTube tutorials. I liked Kali but quickly realised it wasn’t very user-friendly. So, I began experimenting with different Linux flavours, constantly formatting and rebooting my laptop. I took a lot of risks with that one laptop! Eventually, I settled on using Ubuntu as my main OS for two years just to master Linux in a more user-friendly environment.
Later, I had to switch back to Windows for certain software I needed for my degree. Throughout all this, I was researching cybersecurity pathways, certifications, and areas like Open-Source Intelligence (OSINT). By the time I started my degree after my diploma, I already knew so much, thanks to my curiosity and passion. That’s when I realised, if you truly love something, even if it’s brand new to you, you can get really good at it.
PRANIDHI HANDAPANGODA
The knowledge and experience I gained from selflearning left a lasting impression on me. It played a huge role in helping me successfully complete my bachelor’s degree. When it came time to choose my master’s, that same drive guided me in selecting areas I was passionate about. I specifically chose Griffith University for my Master of Cyber Security because they offered unique subjects like Global Security, Critical Infrastructure Security, and Financial Security, which matched my interests perfectly.
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
Working on my degree, I knew I wanted to gain realworld experience before graduating, even though it wasn’t a requirement. So, I decided to take on both a final-year project and an internship to give myself a head start. I applied for an IT support intern position at PricewaterhouseCoopers (PwC) Sri Lanka. It didn’t take long for me to realise that what I truly wanted was to dive into cybersecurity, not just general IT.
To make that shift, I earned the EC-Council Certified Ethical Hacker certification, which helped me transition into PwC’s cybersecurity division. As a cyber analyst intern, I got hands-on experience in web application penetration testing, vulnerability assessments, and penetration testing (VAPT). I was introduced to key concepts like the OWASP Top 10, GDPR audits, and ISO 27001 audits, and worked with tools like Burp Suite and Nessus. I also had the chance to create cybersecurity awareness training programs. That internship gave me a solid foundation and real-world insight into the field I wanted to build my career in.
What aspect of your cybersecurity studies excites you the most, and why?
I’m genuinely excited about everything I’m learning in cybersecurity. I’ve always loved discovering new things, and studying this field is a constant source
of fresh information, even after completing my bachelor’s degree. However, one subject stands out to me the most: cybersecurity of critical infrastructure. It’s fascinating to dive into areas like automobile security, water tank system security, and OT security protocols—things that are part of our daily lives.
It feels really exciting to understand how to secure the very things we use every day, like our cars. I also had a fantastic experience at the Realms of Cyber conference in 2024. It was incredibly informative and easy to grasp, and I loved every moment of it. Events like that truly inspire me and deepen my passion for the field.”
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
I believe that interpersonal communication is essential in cybersecurity. In this field, we often work with people who have little to no background in cybersecurity—like managers, CEOs, and other employees. It’s our job to help them understand the importance of cybersecurity for the organisation and how we can tackle cyber threats together.
We need to explain in straightforward terms why it’s crucial for leaders and managers to invest in the right assets to protect the company from future cyber threats. Being able to communicate effectively ensures that everyone is on the same page and understands the value of cybersecurity, which ultimately helps strengthen the organisation as a whole.
Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?
I am a member of the Australian Women in Security Network (AWSN), and I can’t tell you how excited I was to discover a community in Australia dedicated to women in cybersecurity. I joined the network last October, and it’s been an incredible experience since then. Thanks to AWSN, I’ve learned so much, met fascinating people, and gained valuable insights along the way.
Most importantly, I truly enjoy being part of AWSN. I make it a point to attend almost every event they organise. The atmosphere is so welcoming and encouraging, and it really feels like a supportive community where we can all grow together.”
What is your preferred source for staying informed about cybersecurity trends and general information?
I love staying informed by participating in cybersecurity events. There are so many great ones in Australia, and AWSN events are definitely one of my main sources for keeping up to date. These gatherings not only help me learn but also give me the chance to connect with some amazing people in the industry.
I also attend other events like BSides conferences, SeckTalks, and tabletop exercises. The most recent one I went to was the Realms of Cyber conference, which focused on critical infrastructure security across land, air, sea, space, cognitive, and biological areas. It really opened my eyes to a whole new dimension of cybersecurity that I hadn’t considered before!
Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?
Yes, I’m actively looking for cybersecurity job opportunities, but it hasn’t been the easiest experience. As an international student, I’ve found that many interview processes stall after I mention my visa conditions, even though I meet all the educational and experience requirements for entrylevel positions.
I can do internships, but almost all of them require either permanent residency or citizenship. It’s frustrating because I really want to break into the cybersecurity field, but these visa restrictions make it challenging to find employment opportunities. I’m staying positive and hopeful that the right opportunity will come along!
www.linkedin.com/in/pranidhi-handapangoda
Venuri Wicramasingha is currently pursuing a Master of Cyber Security (Professional) at Deakin University, Australia On 1st semester.
Master of Cyber Security student at Deakin University
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?
Imagine a world where everything is connected to the internet—your phone, your bank account, even your home. While this connectivity offers incredible convenience, it also opens the door for criminals to steal personal information, disrupt services, or cause real harm. That’s where cybersecurity steps in. Think of it as being a digital detective or superhero, always on the lookout for threats and working tirelessly to keep people and their information safe.
A career in cybersecurity is not just exciting; it’s a thrilling adventure that never stands still. As technology evolves, so do the tactics of hackers, making every day a new challenge. You’ll constantly encounter fresh puzzles to solve, ensuring you’ll never experience a dull moment. Plus, you get to make a genuine impact by protecting individuals, businesses, and even nations from cyber threats. It’s an opportunity to flex your problem-solving skills, outsmart criminals, and create secure systems, all while helping people trust the technology they rely on every day.
And the cherry on top? There’s a massive demand for cybersecurity professionals right now. This field is brimming with job opportunities and the potential
for impressive salaries. Whether your interests lie in technology, law enforcement, or even psychology, there’s a place for you in cybersecurity. It’s a career path where you can continuously learn, grow, and truly make a difference in the world.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
When I first thought about studying cybersecurity, I pictured it as a high-tech game of cat and mouse, mainly focused on protecting computers from hackers. I imagined a lot of coding, setting up firewalls, and battling viruses.
But after diving into the cybersecurity field and now pursuing my master’s, I’ve discovered it’s so much more than I ever expected. It’s not just about technical skills; it’s about grasping how networks work, understanding the psychology behind social engineering, and developing strategies to manage security risks on a larger scale. It’s fascinating to explore the motivations of attackers, anticipate emerging threats, and adapt to new technologies and vulnerabilities.
What really took me by surprise is how dynamic and interconnected everything is. Cybersecurity goes beyond just fending off attacks; it’s about building resilient systems that can withstand them, preparing for incidents, and thinking through the legal and ethical implications of our security measures. The diversity within the field is incredible, covering areas like cryptography, ethical hacking, governance, risk management, and incident response. It’s this variety that makes the journey so exciting and challenging.
Overall, my experience has taught me that cybersecurity is not just a technical discipline; it’s also a strategic one that requires a mix of technical know-how, critical thinking, and creativity. It’s definitely more complex than I initially thought, but that complexity is what makes it truly interesting and rewarding.
VENURI WICRAMASINGHA
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
After graduation, I’m excited to pursue a role as a GRC (Governance, Risk, and Compliance) analyst. This path really resonates with me because of my previous experience and comfort with various security frameworks.
What I love about GRC is the analytical and strategic side of it. I get to apply my knowledge of different security standards and regulations to help organisations identify and manage risks effectively. I find it both challenging and fulfilling to ensure that a company’s cybersecurity practices are in line with their internal policies and external regulatory requirements.
Another aspect I appreciate about GRC roles is the opportunity to use my communication and collaboration skills. I enjoy working with different teams throughout the organisation to create a strong security posture. This role not only plays to my strengths but also allows me to make a real impact by helping organisations operate securely and responsibly in today’s digital landscape.
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
The biggest influence on my journey in cybersecurity has been the hands-on experience I’ve gained in the field. From internships to full-time roles, each experience has deepened my understanding of the challenges, frameworks, and solutions in cybersecurity.
My practical experience as a Cyber Security Analyst and vCISO intern has been invaluable. These roles gave me the chance to take my theoretical knowledge and apply it to real-world problems, whether it was performing gap assessments or developing security policies. This hands-on work not only strengthened my grasp of cybersecurity
concepts but also highlighted the importance of compliance and risk management, which has shaped my goal of focusing on GRC (Governance, Risk, and Compliance).
I’ve also been fortunate to receive support and guidance from mentors and industry professionals along the way. Their insights and encouragement have been crucial in helping me navigate challenges, spot opportunities, and fine-tune my career aspirations.
My academic journey, including my Bachelor of Science in Cybersecurity and now my Master of Cybersecurity (Professional), has played a significant role in shaping my career path. The assignments and project work have laid a solid foundation and guided me toward GRC roles. These educational experiences have helped align my goals with my strengths and interests in the field.
In summary, the blend of practical experience, mentorship, and continuous learning has been key in shaping my career trajectory. It has reinforced my commitment to cybersecurity and directed my focus toward GRC roles, where I hope to make a real difference.
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
Beyond my academic studies, I’ve been fortunate to gain practical experience in cybersecurity through both jobs and internships. I worked as a Cyber Security Analyst at Scybers from May 2023 to June 2024, where I had a range of responsibilities that really helped me grow in the field. My role included:
• Conducting readiness assessments for clients aiming for ISO27001 and SOC2 Type 1 & Type 2 certifications.
• Performing gap assessments to identify areas for improvement and assisting in remediation efforts.
• Managing Information Security Management
System (ISMS) documents to ensure compliance with standards.
• Conducting Third Party Risk Assessments to evaluate vendor security.
• Developing policies, procedures, and guidelines that align with security standards.
In addition to that, I interned as a vCISO from December 2022 to April 2023. This role allowed me to assist in vCISO assessments based on the NIST Cybersecurity Framework. I also helped clients refine their security policies and procedures, created strategic cybersecurity roadmaps, and supported them with Compliance as a Service (COaaS) practices.
These experiences have been invaluable in helping me apply what I learned in the classroom to real-world situations. They’ve deepened my understanding of cybersecurity frameworks and highlighted the crucial role of compliance and governance in protecting organisational assets.
The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice? Absolutely! I plan to pursue the ISO27001 Lead Implementer certification. It’s a perfect fit for my experience and passion for Governance, Risk, and Compliance (GRC). Having worked with ISO27001 standards in my previous roles, I believe that obtaining this certification will really deepen my understanding of how to implement and manage an Information Security Management System (ISMS) according to these standards.
I chose this path because I want to strengthen my skills in managing and improving information security frameworks within organisations. Ensuring compliance with international standards is important to me, and I see this certification as a great way to enhance my qualifications for a career in cybersecurity governance.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
I see a real need for additional training in noncyber skills like interpersonal communication, management, and strategic thinking. In cybersecurity, especially in GRC (Governance, Risk, and Compliance) or leadership roles, being able to communicate effectively with both technical and non-technical stakeholders is essential. It’s all about translating complex cybersecurity concepts into clear, understandable language for executives, clients, and team members so everyone is on the same page about the risks and how to mitigate them.
Management skills are equally important. They help in coordinating teams, managing projects, and aligning cybersecurity goals with the broader business objectives. Strong management and leadership abilities allow you to motivate your team, make informed decisions, and handle challenges or crises effectively.
On top of that, strategic thinking and problemsolving skills are crucial for anticipating future threats, planning long-term security strategies, and continuously improving an organisation’s security posture.
Overall, developing these non-cyber skills will help me become a more well-rounded professional. It’ll enable me to navigate the complexities of the cybersecurity field and make a meaningful contribution to my organisation’s success.
Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?
I’m actively involved in the broader cybersecurity community, and it’s really enriched my experience and professional growth. Here’s how I’ve been participating:
VENURI WICRAMASINGHA
Industry Events and Conferences: I make it a point to attend cybersecurity conferences, webinars, and workshops to stay on top of the latest trends, technologies, and best practices. These events not only offer valuable insights from industry experts but also provide fantastic networking opportunities.
Professional Associations: I’m a member of the Australian Computer Society (ACS) and several local cybersecurity groups. Being part of these organisations gives me access to a wealth of resources, certifications, and the latest industry news.
Mentorship and Networking: I actively seek out mentors and network with other professionals in the field. Building relationships with experienced individuals has been incredibly beneficial, providing me with guidance, support, and fresh perspectives on my career journey.
Contributing to Knowledge Sharing: I love contributing to knowledge-sharing initiatives, whether it’s writing articles or sharing posts. By sharing my experiences and insights, I not only stay engaged but also give back to the community.
Being involved in the cybersecurity community has really broadened my perspective on the field. It’s enhanced my skills and opened up new opportunities for collaboration and professional development. Plus, it helps me stay current with industry advancements and trends, which is essential in such a rapidly evolving field like cybersecurity.
What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?
To enhance my personal cybersecurity in today’s digital landscape, I take several proactive measures:
Strong, Unique Passwords: I always use strong, unique passwords for each of my accounts. Whenever I can, I rely on a password manager to securely store and generate those passwords, which
makes my life a lot easier!
Two-Factor Authentication (2FA): I make it a point to enable 2FA on all accounts that support it. It’s an extra step, but it adds a layer of security that makes me feel much safer knowing that even if someone gets my password, they still need that second form of verification.
Regular Software Updates: I keep all my devices, from operating systems to applications, updated with the latest security patches. It’s a bit of a hassle sometimes, but it’s worth it to stay protected.
Secure Connections: When I’m on public Wi-Fi or just need an extra layer of privacy, I use a VPN (Virtual Private Network). I also make sure that any websites I visit are using HTTPS, which adds an extra layer of security.
Antivirus and Anti-Malware: I’ve got reliable antivirus and anti-malware software installed, and I regularly run scans to catch any potential threats before they become a problem.
Backup Data: I back up my important data regularly and store it securely in the cloud. That way, I know I can recover my information if anything goes wrong.
Be Cautious with Emails and Links: I’m always on the lookout for phishing attempts. I avoid clicking on suspicious links or opening attachments from unknown or untrusted sources because it’s just not worth the risk.
Privacy Settings: I take the time to review and adjust my privacy settings on social media and other online accounts to limit how much personal information I share publicly. It’s all about keeping my information as private as possible.
Education and Awareness: I stay informed about the latest cybersecurity threats and best practices through industry news, courses, and other resources. I believe that continuous learning is key to improving my personal security practices.
By implementing these measures, I aim to protect my personal information and maintain a secure online presence. It’s all about being proactive and staying one step ahead!
www.linkedin.com/in/venuri-wicramasingha
A passionate cybersecurity professional with a strong commitment to protecting the digital world.
Sithumi Abeywardhana, a dedicated student currently pursuing her Master of Cyber Security at Griffith University on the Gold Coast as final trimester.
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest? For me, cybersecurity feels like being part of a digital defence team dedicated to protecting people, businesses, and even entire nations from online threats. I can imagine the thrill of being on the front lines, using cutting-edge technology to outsmart hackers and keep everyone safe. That’s what makes this field so exciting!
What really draws me in is how fast things change in cybersecurity. There’s always something new to learn, and you have to stay ahead of the curve to tackle the latest threats. Every day brings a fresh challenge, whether it’s fighting off ransomware attacks or securing vital infrastructure. It’s like a puzzle that keeps evolving, and you have to think like the bad guys to defend against them.
But it’s not just about the tech; it’s also about the impact. There’s a real sense of purpose in knowing that the work I do helps protect data, privacy, and people’s livelihoods. With the growing need for skilled cybersecurity professionals, I feel like I could have a meaningful and rewarding career ahead of me.
When I talk to people already in the field, they share incredible stories about identifying new threats and saving the day. It makes me think of them as modern-day heroes, doing vital work to shield the digital world from those with harmful intentions.
If you’re someone who loves problem-solving, keeping up with new tech, and wants a career that’s both challenging and meaningful, cybersecurity has so much to offer. It’s a field full of opportunities and excitement, where no two days are the same. I can’t wait to dive in!
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
I used to think cybersecurity was just a hands-on technical field, like software engineering. Sure, roles like ethical hacking, penetration testing, and digital forensics do require some serious technical skills. But I’ve come to realise that there are so many other paths in cybersecurity that focus on different skill sets, like governance, risk and compliance, cybersecurity training, threat intelligence, and even open-source intelligence.
At first, I worried that specialising in a niche area might make it tougher to find jobs and opportunities. But I’ve been pleasantly surprised to learn that it’s really not niche at all! It feels like there’s a spot for everyone in cybersecurity. I’ve met people entering the field from all sorts of unrelated backgrounds, bringing diverse skills that are incredibly valuable. It’s eye-opening to see how different perspectives can enrich the field. The reality is so much broader and more welcoming than I initially thought!
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
I found it really challenging to choose a specific area of cybersecurity to focus on because there are just so many fascinating options! I wasn’t entirely sure
SITHUMI ABEYWARDHANA
what I’d be best at, even though I typically excel in technical subjects. I also appreciate having a bit of a human element in my work to keep me motivated. I’m naturally a defensive person, and I find a lot of satisfaction in protecting others and helping them stay safe from online threats.
To help guide my decision, I took a cyber skills assessment called CyberGen.IQ by Haystack Solutions. It involved a series of tests that evaluated my skills and suggested areas in cybersecurity where I might thrive. I was excited to find that I scored highest in analysis and forensics, and I learned that I have a knack for spotting anomalies. This experience was really insightful and helped me reflect on my strengths and weaknesses.
As a result, I’ve narrowed down my interests to roles like Security Operations Centre (SOC) analyst, Threat Analyst, Digital Forensics Investigator, and Incident Response (DFIR) analyst. It feels great to have a clearer direction now!
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
The most influential person in my cybersecurity journey has definitely been Paula, whom I met through the Australian Women in Security Network (AWSN). From the moment I joined the community, her warm welcome helped me overcome my initial fears and self-doubt about stepping into a field filled with experts. Hearing her share her own experiences of struggling to navigate industry conversations early on made me realise that persistence and continuous learning are essential for success in this field.
Paula didn’t just offer technical advice; she also encouraged me to connect with others when I felt a bit reserved and needed a little nudge. She emphasised how important networking is in cybersecurity, and thanks to her, I’ve built a strong network and developed a deeper connection to the
cyber community. This experience has truly fueled my desire to contribute meaningfully, protect others, and find purpose in the work I do. I can honestly say that without her influence, my approach to this field would be vastly different.
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
I believe that my academic program at Griffith University is keeping up with the fast-changing world of cybersecurity. This year, they’ve updated the structure of the degree, and I know there are more changes on the horizon to reflect the dynamic nature of the industry. I feel lucky to be part of the first cohort to take the Cybersecurity of Critical Infrastructure course!
This course is especially relevant because critical infrastructure includes essential services like transportation, food, water, electricity, and communication systems. These services used to be pretty isolated and secure, but with technology advancing, they’ve become integrated with IT networks, making them more vulnerable to cyberattacks. It’s alarming how attractive these systems can be to malicious actors since disrupting them can have far-reaching effects on society.
To tackle these emerging threats, governments and cybersecurity organisations are putting a spotlight on protecting critical infrastructure. They recognize the need for a more resilient and secure framework, and that focus aligns perfectly with what we’re learning at Griffith. I feel like the program is really preparing us for the complexities of cybersecurity in today’s interconnected world. The way it adapts to industry trends shows that it’s staying relevant and equipping us with the skills we need to face modern cybersecurity challenges head-on.
Considering the holistic requirements of a future role, do you see the need for
additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
Absolutely! I truly believe that honing interpersonal communication and management skills is essential. Effective communication is crucial in cybersecurity, especially when it comes to explaining technical concepts to non-technical stakeholders, collaborating with cross-functional teams, or delivering security awareness training. During my internship at Cyber Audit Team, I was tasked with preparing scripts for cybersecurity training, and I quickly realised how important it is to present information in a way that someone with no background in cybersecurity can easily grasp. That’s when I understood that truly strengthening an organisation’s human firewall starts with clear communication.
Management skills are equally important for leading projects, responding to security incidents, and overseeing teams. From what I’ve observed in the industry, no two days in cybersecurity are ever the same! Continuous learning and the ability to adapt to an ever-changing threat landscape are absolutely necessary. I think having a growth mindset, along with persistence and resilience, is key to thriving in this field. There are definitely tough days, like when a data breach occurs, and having the emotional intelligence to navigate those scenarios and keep moving forward is vital.
Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?
I’m really active in the cybersecurity community, and it’s something I genuinely enjoy. I’m a proud member of the Australian Women in Security Network (AWSN) and make it a point to attend most of their events in Gold Coast and Brisbane, along with SecTalks. This year has been particularly exciting—I had the privilege of attending three amazing security conferences: CrikeyCon, Bsides Brisbane, and Realms of Cyber.
Each one has been a fantastic opportunity for learning and connecting with industry professionals.
One highlight for me was participating in the National Missing Persons Hackathon in September. The goal was to gather digital information on real missing person cases in Australia to aid police investigations. This event felt especially meaningful and gave me a deeper sense of purpose. I’m also looking forward to the chance to take part in an Incident Response Competition organised by AWSN!
Recently, I volunteered at an ACS Foundation event at Griffith University, where high school students learned about opportunities in STEM. It was wonderful to give back to the community and hopefully inspire the next generation. All these experiences have really helped me feel more connected and engaged in the industry.
What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?
Working in cybersecurity has really opened my eyes to just how exposed we can be online. When I started learning about Open-Source Intelligence (OSINT)—which is all about gathering publicly available information to create actionable intelligence—I couldn’t help but reflect on my own digital footprint. I found myself asking, “What information about me is already out there? How could someone use that against me, maybe in a scam?”
SITHUMI ABEYWARDHANA
It’s a bit unsettling to know that Australia consistently ranks among the top 10 countries for scam victims, which just highlights the importance of strong personal cybersecurity. That realisation really motivated me to take steps to protect my online presence.
One of the first things I did was clean up my social media. I removed contacts I didn’t know personally and encouraged my family to do the same. I locked down our profiles and took out personal details like my birth date, schools, and past addresses. It hit me that this kind of information could be a goldmine for phishing attacks or identity theft.
Looking back on my teenage years, I now see how unwise it was to share personal stories on public platforms. While I’ve managed to shut down my old profiles, some bits of that information are still floating around online. It’s a tough lesson: once something is out there, it can be nearly impossible to erase your digital footprint completely.
Besides cleaning up my social media, I also tackled my bad habit of reusing passwords across different platforms. Now, I use longer, unique passwords and rely on a password manager to keep them secure. Whenever I can, I enable Multi-Factor Authentication (MFA) for that extra layer of protection.
I make sure to keep my software updated, too, to minimise the risk of vulnerabilities being exploited. I also try to avoid using public Wi-Fi unless I absolutely have to, and even then, I take extra precautions.
There’s a lot more I do to reduce my digital footprint and boost my personal security, but these steps have been particularly important for me. I’ve learned firsthand how hard it is to take something back once it’s out there on the internet. These proactive measures are my way of staying safe in today’s digital world.
Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?
I’m getting close to graduating, and I’ve been actively applying for graduate and junior roles in cybersecurity. I did face a setback when I got rejected from an initial online assessment that was automated, but I’m keeping my spirits up and making progress with some other applications. I’m hopeful that I’ll land a role soon!
Tailoring my resume and cover letter for each application feels like a full-time job in itself, but I’ve come to realise it’s absolutely necessary. Most of the time, the initial screening is done by an applicant tracking system rather than a person, so if my resume isn’t formatted in a way that the system can read, it’s hard to get through that first hurdle. I’ve also completed a couple of recorded video interviews. At first, I didn’t think much of them, but I later learned how important it is to prepare well and really stand out.
I’ve noticed that some companies receive hundreds of applications, so it’s crucial to differentiate myself from the crowd. Being part of the cybersecurity community through AWSN has shown me how important it is to go the extra mile in my job search.
As an international student, it’s particularly challenging since many roles require security clearance that I just can’t obtain. It’s frustrating, but I understand the reasoning behind it when it comes to security. It would be great if job sites had better filters for these roles. Thankfully, some of them do, which saves us from wasting time applying for jobs we have no chance of getting.
www.linkedin.com/in/sithumi-abeywardhana
Charlotte is currently studying at the University of Chester. Her research is on tailoring cybersecurity training based on an individual’s cybersecurity job role, using the Cyber Security Body of Knowledge (CyBOK) Knowledge Areas (KAs) as the basis for assessment. Her interest in cybersecurity was sparked during her Master’s studies at Liverpool John Moores University.
Charlotte Baines, a dedicated student currently pursuing her postgraduate research program in Cybersecurity at the University of Chester.
deeply personal. I believe that having an awareness of how to stay safe online empowers us to protect those we care about—our children, grandparents, parents, and friends.
I often think about the different attitudes toward cybersecurity in the workplace. Many people seem indifferent about keeping their organisation safe, but they are passionate about protecting their families. That’s where my interest lies: how can I help my loved ones navigate this digital landscape? This is the message I try to convey to encourage others to engage with cybersecurity—it’s not just about corporate safety; it’s about safeguarding those we love.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest? My journey into cybersecurity has been anything but traditional. Initially, I set out to become a solicitor, earning a BA in Law. However, I quickly realised that working in that field wasn’t quite my passion. I then pivoted to study an MSc in Maritime Operations Management, inspired by my interest in shipping law that developed during my time studying law. It was during this program that I had the opportunity to write my dissertation on cybersecurity in the maritime industry. An assignment on the Internet of Things really ignited my curiosity about cybersecurity—not from a technical standpoint, but from the perspective of training and awareness.
When I discovered the postgraduate program at the University of Chester, it felt like the perfect fit, and I couldn’t resist applying. For me, cybersecurity is
I am really passionate about getting involved in research, particularly focusing on the human side of cybersecurity. It excites me to think about the potential positive impact we can make in this field. I want to explore ways to help individuals not only keep themselves safe online but also protect their loved ones. It’s all about empowering people with the knowledge and tools they need to navigate the digital world confidently. Making a difference in this area feels both rewarding and essential to me.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
My family, especially my husband and parents, have been incredibly supportive throughout my journey. Even though they didn’t fully understand my interest in cybersecurity, they encouraged me to pursue my PhD because they knew it was something I had always dreamed of. If you had told me ten years ago that I’d be diving into the world of cybersecurity, I would have never believed you! It’s funny how life
CHARLOTTE BAINES
takes unexpected turns, and I’m so grateful to have their unwavering support as I navigate this path.
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
Dr. Henry Collier has been a game changer for me in my academic journey. As the Executive Director for the Institute for Cybersecurity at Marshall University, he’s taken me under his wing, allowing me to collaborate with him on two papers. This experience has been invaluable, not just for getting my name out there but also for building my confidence. He’s genuinely kind and has a way of making me feel that I truly belong in this field, even though my path has been anything but conventional. I’m so grateful for his support and mentorship as I find my way in this exciting industry.
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. The most impactful moment for me was definitely attending and volunteering at the ECCWS 2021
conference at my university. It was my first real chance to engage with academics in the cybersecurity field, and I could feel the excitement in the air. Everyone there, whether they were from a technical or non-technical background, shared a genuine passion for cybersecurity, which was incredibly inspiring.
That’s where I met Dr. Henry Collier. We had a great conversation after his presentation, and because I took the initiative to connect, I ended up co-authoring two papers with him. I can’t stress enough how stepping out of my comfort zone that day opened doors for me in my academic journey. It was a wonderful reminder of the power of networking and the opportunities that can arise when you put yourself out there.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
I truly believe that non-technical and non-security skills are crucial in the cybersecurity landscape. Throughout my research, I’ve come across several papers emphasising the importance of Knowledge, Skills, and Abilities (KSA). Cybersecurity is rarely a solo endeavour; it thrives on teamwork. Skills like communication and collaboration are vital for bringing technical and non-technical staff together.
For me, it’s all about explaining why certain practices matter. When everyone, from the CEO to the customer service representative, understands the rationale behind a simple thing like why a strong password is essential, it can transform their approach. It’s easy to overlook security when you’re busy with daily tasks, but when people grasp the bigger picture, it fosters a positive security culture. Suddenly, security isn’t just a checkbox; it becomes part of the fabric of everyday work life. That kind of understanding can make all the difference in
how seriously security practices are taken across the organisation.
What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?
I make it a point to keep my privacy settings on social media as tight as possible. Trusting my intuition is key—if something feels off, whether it’s a friend request, a call, or an email attachment, I just don’t engage. I also try to use biometrics whenever I can; it feels like an extra layer of protection.
Whenever an app or account prompts me to update or enable two-factor authentication (2FA) or multifactor authentication (MFA), I jump on it. I’ve also subscribed to newsletters that keep me updated on the latest in cybersecurity. One resource I really appreciate is The Cyber Helpline; their online guides have been super helpful for reviewing my security practices. It’s all about being proactive and staying informed!
www.linkedin.com/in/charlotte-morton-22992584
CHARLOTTE BAINES
Mridula Sharavanan is a dedicated MSc Cyber Security student at the University of Birmingham, where she is honing her skills in a rapidly evolving field.
MSc Cyber Security student at the University of Birmingham
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?
When I was 16, my computer was hit by a ransomware attack, and that really changed everything for me. It sparked a curiosity that led me to explore how these attacks work and dive into the world of cybersecurity. I became fascinated by hacking—not just the act itself, but also the challenge of understanding and stopping it.
Today, cybersecurity is more important than ever. Almost everything we do online, from shopping to banking to healthcare, makes us vulnerable to threats. I find it thrilling to be part of this field where every day feels like unravelling a mystery as I work to identify different types of attacks.
Privacy concerns are also at the forefront of our digital lives, and I’m excited to play a role in protecting people’s personal data from misuse.
For anyone feeling like they don’t have the right skills yet, I want to say: don’t worry! There are plenty of resources available online to help you learn cybersecurity from scratch. Just take that first step, and you’ll be on your way.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
When I first considered studying cybersecurity, I was really intrigued by the idea of hacking. The thought of breaking into systems to find vulnerabilities was what initially grabbed my attention. But as I started my studies, I realised that cybersecurity is so much broader than just that. There are areas like software security, hardware security, and security auditing, which I hadn’t even thought about before.
I was especially surprised by hardware security; it was something I never considered, and it was a bit challenging at first. But as I learned more, I started to enjoy it. Security auditing was another unexpected area that caught my interest. I didn’t know it existed, but I found it fascinating, even if it’s more theoretical than hands-on.
One thing I’ve come to understand is that cybersecurity is a field where you have to keep learning all the time. New threats and technologies are always emerging, and staying updated is crucial. The fast-paced nature of this field is even more exciting than I expected, and that’s what makes it so rewarding for me.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
After I graduate, I’m aiming to become an SOC (Security Operations Centre) Analyst. The idea of monitoring and responding to security threats in real time really excites me. I love the thought of using threat intelligence and security analytics, along with digital forensic tools, to dig into cyberattacks. It feels like a perfect fit for what I’ve been learning and what I enjoy about cybersecurity.
What draws me to this role is the challenge. The fast-paced environment of quickly identifying and reporting threats is both urgent and motivating. Plus,
MRIDULA SHARAVANAN
I appreciate that there’s always something new to learn, with fresh threats and technologies emerging all the time. I thrive in that dynamic atmosphere and can’t wait to keep building my skills in this field.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition,and if so, how did you navigate those challenges?
When I decided to go into cybersecurity, my parents and friends were super supportive, which really helped. But my parents were a bit worried since I had no background in IT. They encouraged me, but there were definitely concerns about how I’d break into such a technical field.
To address that, I decided to pursue a master’s degree in cybersecurity after finishing my bachelor’s. The toughest part for me was being young and inexperienced, but I didn’t let that stop me. I started diving into cybersecurity on my own and picked up some beginner certifications to build my skills and confidence. It was a challenge, but those steps helped me push through my doubts and really commit to this path.
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
The biggest influence on my journey in cybersecurity has definitely been my own curiosity. When my PC was hit by ransomware, it really opened my eyes and made me want to understand how these attacks work and how to prevent them. That moment sparked a deep interest in cybersecurity, leading me to explore everything from hacking to software security and threat detection.
My curiosity has been a driving force for me, pushing me to learn more, pick up new skills, and stay on top of the latest developments in the
field. It’s shaped my career aspirations and keeps me motivated to keep improving and growing in this exciting area.
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
Beyond my academic studies, I’m currently working in threat detection and analysis, where I get to use AI-powered tools to identify and tackle threats quickly and effectively. This hands-on experience has been invaluable for me, as it lets me apply what I’ve learned in class to real-world situations.
In my role, I evaluate how different AI tools perform in various attack scenarios, which ties directly into my dissertation. This practical work has really deepened my understanding of how these tools function in real environments and has given me insights that complement my research. Overall, this experience has greatly shaped my career goals, reinforcing my passion for exploring advanced cybersecurity solutions and their practical applications.
MRIDULA SHARAVANAN
The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice? I recently completed the Certified in Cybersecurity certification from ISC2, which really helped me build a solid foundation in cybersecurity principles. Looking ahead, I’m eager to pursue the Certified SOC Analyst and Certified Ethical Hacker certifications from EC-Council. These fit perfectly with my interests in threat detection and analysis and ethical hacking.
I’m motivated to earn these certifications because they align with my career goals and the growing demand in the field. The Certified SOC Analyst will give me specialised skills in security operations, while the Certified Ethical Hacker will deepen my understanding of identifying and fixing security vulnerabilities. I believe these certifications will not only advance my career but also keep me updated with the latest industry standards.
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
My academic program includes some really interesting modules, like Secure Software and Hardware Systems, which focus on how to protect both software and hardware in our fast-changing tech landscape. I love that these courses are designed to keep up with the challenges in the industry and offer hands-on experience through lab classes.
That said, I’ve noticed that sometimes the program doesn’t fully capture the rapid changes in cybersecurity. To stay on top of things, I make an effort to network and engage with different cybersecurity communities. This helps me compliment my academic learning with real-time insights and practices from the industry, making sure I’m always in the loop.
What aspect of your cybersecurity studies excites you the most, and why?
What excites me most about my cybersecurity studies are threat detection and security policy. I’m particularly drawn to the technical side of identifying and addressing security threats, along with the challenge of developing and implementing policies to safeguard against potential risks.
I find the technical challenges of threat detection— like analysing data and responding to complex attacks—absolutely fascinating. At the same time, crafting effective security policies that meet both organisational needs and regulatory requirements is both challenging and fulfilling. These areas not only keep me engaged but also align perfectly with my career aspirations of making a real impact in security and policy development. My passion for these topics drives me to stay updated on the latest advancements and continually refine my skills, which I know will be essential for reaching my career goals.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
Absolutely, I believe that training in non-cyber skills, like interpersonal communication and project management, is crucial for a future role in cybersecurity. While technical skills are definitely important, being able to communicate effectively and manage projects is just as vital for presenting findings, collaborating with teammates, and leading initiatives.
I’ve seen how strong communication skills can make a difference, especially when explaining complex technical concepts to stakeholders or clients who might not have a tech background. Plus, good project management skills help in organising tasks, managing resources, and ensuring that projects stay on track.
To develop these skills, I plan to look for workshops and training programs focused on project management and communication. I also want to gain practical experience by taking on leadership roles in group projects or participating in team activities. By enhancing these skills, I’ll be in a better position to contribute to my team and advance in my cybersecurity career.
Are you actively engaged in the broader cybersecurity community? If so,what has been your involvement, and how has it enriched your experience?
Yes, I’m actively involved in the broader cybersecurity community, and attending conferences has been a key part of my journey. These events have been incredibly valuable for me, as they keep me informed about the latest trends and advancements in the field.
I’ve learned so much from industry experts and fellow attendees, which has really expanded my understanding of emerging threats and technologies. Plus, these conferences have given me the chance to connect with professionals in the cybersecurity space. Building these relationships has been great for networking and exploring new opportunities. Overall, being part of this community has enriched my experience and motivated me even more in my cybersecurity career.
What is your preferred source for staying informed about cybersecurity trends and general information?
To stay informed about cybersecurity trends, I primarily rely on LinkedIn, various websites, and blogs. These platforms give me timely updates and deeper insights into what’s happening in the field. I also follow “The Cyber Mentor” on YouTube, which has been a fantastic resource for learning about new techniques and trends.
I’m also involved with the Cyber Security Forum Initiative (CSFI), which offers great discussions and insights on the latest in cybersecurity. Together,
these sources help me keep up with emerging threats, technological advancements, and best practices in the industry. Staying connected this way really fuels my passion for cybersecurity and helps me stay ahead of the curve.
Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so,please share your experiences.
I’m really thankful that I haven’t faced any situations where being a woman in cybersecurity has made me feel disadvantaged or discriminated against. I feel lucky to be surrounded by supportive people who genuinely value my contributions and respect me for my skills and knowledge.
Being in an inclusive environment has allowed me to focus on my work and personal growth without dealing with any gender-related barriers. It’s highlighted for me how important it is to foster a positive and welcoming culture in our field, and I’m grateful to be part of a community where everyone is treated fairly.
What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?
To boost my personal cybersecurity, I make it a point to use multi-factor authentication (MFA) whenever I can, and I always password-protect my important accounts. I also regularly review my account permissions to ensure I’m only giving access where it’s truly needed. Keeping my devices secure is a priority, so I’m diligent about performing software updates.
I stay informed about the latest personal cybersecurity best practices through various sources, which helps me adjust my security measures as needed. It feels good to know I’m taking steps to protect myself online!
MRIDULA SHARAVANAN
Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider?
Looking back, I wish I had started working on certifications a bit earlier in my journey. I’ve developed a real interest in the audit side of cybersecurity, and it would have been great to explore that sooner.
While I’m happy with the path I’ve taken, I definitely would have made some adjustments. For instance, realising the importance of various certifications earlier on could have given me an edge in my career. Overall, I’m learning from these reflections and am excited about where I’m headed next!
Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?
I’m actively applying for jobs and internships in the cybersecurity field, but as a fresher, I’m finding it a bit challenging to land a position. The interview process can be pretty tough, but I know it’s manageable with the right preparation.
There are times when I feel well-prepared and my skills align with the job requirements, yet I still get caught off guard by unexpected questions or challenges during interviews. One important lesson I’ve learned is to stay persistent; good things really do take time. I remind myself not to give up easily, and I’m determined to keep pushing forward!
www.linkedin.com/in/mridula2407
in
Are you a student passionate about shaping the future of security? Do you have innovative ideas and insights to share with a global audience? Join us in contributing to the Women in Security Magazine and become a voice for the next generation of security leaders!
Why contribute?
Gain valuable exposure: Reach over 11000 subscribers globally and showcase your expertise to industry professionals.
Make an impact: Share your experiences, challenges, and aspirations to inspire others and shape the future of security.
How to get involved
Let us know you are interested. We will send you a series of questions of which you can choose which ones you would like to answer. Submit those back to us in an email. We will then edit to be a concise and flowing edited Q&A.
Don't miss this opportunity to be part of a vibrant community of students driving change in the security industry. Contact us today to learn more about how you can contribute to the Women in Security Magazine!
Contact: jane@source2create.com.au
LISA ROTHFIELD-KIRSCHNER
Director at Private Wealth Network | Impactful Education & Peer Experiences for Family Office
Olivia, Jack help Cousin Charlie show resilience
This story is about Olivia (she/her), Jack (he/ him) and Cousin Charlie (they/them). It continues the story Yourdigitalfootprintandhowit canimpactyourlife in issue 17 of Women in SecurityMagazine.
Cousin Charlie was looking forward to joining their cousins Olivia and Jack at the school holiday chess camp. However, Felix, the chess camp director had informed Charlie’s parents that, because of issues with Charlie’s digital footprint that gave a negative impression of Charlie’s character, Charlie would not be allowed to join the camp. This disappointed Olivia and Jack immensely. However, they were determined to enjoy the chess camp despite their cousin not being there.
Following the chess camp, Oliva and Jack returned home with many stories about their fun adventures. That weekend, at a family dinner and cousins’ sleepover at their house, they shared some of these fun stories with Charlie.
When Charlie heard the stories, they became upset and started crying. They shared with Olivia and Jack the real reason why they had a bad digital footprint. It turned out Charlie had been bullied for being non-binary. Some of the children at school had been calling Charlie ‘weird’ and saying horrible things. Charlie was too embarrassed to tell their parents. Charlie said that one day, in physical education class, the teacher, Mr Ben, had noticed Charlie was not participating and had asked if Charlie wanted to have a quiet chat. Charlie really liked Mr Ben and said yes. That lunch time Charlie shared with Mr Ben how some of the children from the other class were bullying them and sending nasty messages online. Charlie had decided that, instead of screen shotting and reporting the bullies they would retaliate by jumping onto social media, bullying those children and calling them nasty names.
The situation had spiralled out of control. Charlie had created a negative digital footprint which had not only barred them from participation in chess camp, but had affected Charlie’s reputation with their teachers at school. Charlie explained how embarrassing it felt. Mr Ben offered to help Charlie explain the situation to their parents. This was a huge relief to Charlie. They explained this to Olivia and Jack who came up with a great suggestion: “Why don’t you ask your mum to help you improve your digital footprint and also speak with the chess camp director about what you can do to be allowed to attend chess camp in future.” Charlie then started removing the rude videos and photos from social media sites and closing down and deleting unnecessary accounts.
Charlie needed more help with learning how to protect their privacy and security online. Because Charlie had gained a reputation for bad behaviour, it was very important to create a new online identity that showed Charlie as positive, friendly and polite, a reflection of who they really were. Charlie was also learning how to deal with people who were not polite by screen shotting and reporting bad behaviour, then blocking those people rather than getting involved in negative communication. It was not always easy. Charlie was learning to be resilient and to focus on being let back into chess camp while regaining the trust of parents, teachers and the community. Mr Ben showed how important a trusted grownup is to help deal with these issues, and Olivia and Jack continued to be great friends and support their cousin Charlie.
www.linkedin.com/in/lisarothfield-kirschner
howwegotcybersmart.com
How We Got Cyber Smart addresses cyber safety, cyber bullying and online safety for elementary school-aged children.
Lisa has partnered with Cool.Org , and her content is found on the Department of Education website .
WOMEN IN SECURITY MAGAZINE CONTRIBUTORS
1. AMANDA-JANE TURNER
Author of the Demystifying Cybercrime series and Women in Tech books. Conference Speaker and Cybercrime specialist
2. NAOMI EMMA EKWEALOR
Cybersecurity Analyst in Nigeria
3. MONI-AYO SAKA Founder, CYFORTE
4. THULASI UPPU
Identity Access Management Analyst at City of Gold Coast
5. SERENA PILLAY
Senior Learning & Design Manager at Phriendly Phishing
6. NADJA EL FERTASI
Founder of Thrive with EQ
7. ANMOL AGARWAL
Senior Security Researcher
8. SAILAKSHMI METIKOTA
Cyber Security Engineer at Synapxe
9. BLESSING DURU
Cybersecurity Consultant
10. LEILA ASSADI
Associate Director –Technology risk and cybersecurity
11. KAREN STEPHENS
CEO and co-founder of BCyber
12. MARISE ALPHONSO
Information Security Professional
13. VIRAJ GANDHI Product Security Leader
14. LISA VENTURA
Founder, Cyber Security Unity
15. JO STEWART-RATTRAY
Oceania Ambassador, ISACA
16. FATEMAH BEYDOUN
Chief Customer Officer, Secure Code Warrior
17. MARCUS LAVALLE-SMITH
Principal Consultant at Decipher Bureau (Cyber Security Recruitment). Harry Potter fan.
18. SHINESA CAMBRIC
Principal Product Manager at Microsoft
19. MERIAM EL OUAZZANI
Regional Sales Director, Middle East, Turkey and Africa at SentinelOne
20. KEN HENDRIE
CEO and founder of Cyconsol
21. ANGELA DUGGAN
VP of User Experience at BeyondTrust
22. CRAIG FORD
Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC and Baidam Solutions
23. PRANIDHI HANDAPANGODA
Student at Griffith University
24. VENURI WICRAMASINGHA
Master of Cyber Security student at Deakin University
25. SITHUMI ABEYWARDHANA
Master of Cyber Security at Griffith University
26. CHARLOTTE BAINES
Postgraduate Cybersecurity student at the University of Chester
27. MRIDULA SHARAVANAN
MSc Cyber Security student at the University of Birmingham
28. LISA ROTHFIELD-KIRSCHNER
Author of How We Got Cyber Smart | Amazon Bestseller
SAYFTY BLOG
By Subuhi Safvi
Sayfty's blog is the zone where contributors share ideas on women's safety, women in media, society, law, feminism, & health.
REFLECTING ON ONE VERY, VERY STRANGE YEAR AT UBER
By Susan Fowler
A blog post that caused quite a stir in the tech community, Susan J. Fowler chronicles her struggles as a female engineer at Uber. Prepare to be taken aback.
KNOWING WHAT YOU'RE LOOKING AT
By Lindsey
I have a confession to make. While I have been a professional web developer for over 6 years, I didn’t feel comfortable with JavaScript until a year and a half ago. I still don’t feel like I know a lot of things. There’s a lot that still confuses me.
ENGAGING YOUNG MINDS IN CYBER SECURITY
By Kidsafe
Training children in cyber security is as important in today’s digital world as training them to always look both ways before crossing the street. yet how can we captivate young brains with such an important yet complicated subject? Here are a few creative and entertaining ways to teach kids about cyber security.
REMINDER: ONE OF THE FIRST COMPUTER PROGRAMMERS WAS A WOMAN
By Damon Beres
In her notes, Ada described how codes could be created for the device to handle letters and symbols along with numbers. She also theorized a method for the engine to repeat a series of instructions, a process known as looping that computer programs use today.
REASONS TO HIRE WOMEN OVER 40 AT YOUR TECH STARTUP
By theBoardlist
Much has been said about the tendency of tech companies to hire primarily young workers. There’s also the tired stereotype that older people are not “hip to new technology” to deal with. Like other hiring biases in tech, this issue seems to hit women in tech harder.
READ BLOG
EMPOWERING WOMEN IN CYBERSECURITY
By Medium blog
In March, we come together to celebrate Women’s History Month, a time dedicated to honoring the remarkable historical, cultural, political, and technical contributions made by women worldwide.
CYBER TRAILBLAZERS UNITE
By Lekshmi
Lekshmi, the founding member and President of WiCyS India, highlighted the stark reality of women’s underrepresentation in tech and leadership roles. She emphasized how WiCyS is working to address this issue, providing mentorship, training, and networking opportunities.
ANGIEJONES.TECH
By Angie Jones
With a mix of test automation strategies, coding recipes, & tutorials on Java, this blog is perfect for QAs, Java enthusiasts, and developers interested in testing.Angie is not only an amazing tech blogger; she is also a Java Champion and Principal Developer Advocate at Appitools.
UNSUPERVISED LEARNING
By Daniel Miessler
An experienced cybersecurity expert, consultant and writer, Miessler takes a personal approach on his blog with an “about me” page that not only details his professional interests but also his hobbies, interests and political views.
HACKERNOON
The cyber security section of the Hacker Noon blog provides an array of technical "How-To" articles, insights, and guides related to security practices, tools, and trends.Hacker Noon is a platform where articles on various topics, such as software development, blockchain, artificial intelligence, and cyber security, are shared.The blog discusses security best practices and awareness topics, avoiding scams, practical guides, and technical hacking tutorials.
TRELLIX BLOG
Trellix is a security company that provides various solutions and services. The blog provides technical analysis of new malware strains, vulnerabilities, and tactics, engaging in discussions on topics like endpoint security, network defense, threat intelligence, and data protection. It aims to keep CISOs, security analysts, and IT teams informed on emerging security issues.
THE LEARNING HUB
CISSP® INTRODUCTION TO INFORMATION SECURITY
In this free CISSP course, you'll grasp the fundamentals of CISSP. You'll start by understanding information security, where you'll learn to safeguard data and systems. Then, you'll explore risk management, mastering the art of identifying and mitigating security risks. Next, you'll delve into asset security, discovering ways to protect valuable assets.
VISIT HERE
CYBERSECURITY BASICS
Cyberattacks have surged by 71% and are predicted to continue increasing. This alarming statistic highlights the continued demand for cybersecurity professionals. Jumpstart your cybersecurity career with this introductory IBM course, which introduces you to fundamental cybersecurity concepts, threats, and preventive measures.
VISIT HERE
ENTERPRISE AND INFRASTRUCTURE SECURITY
This course introduces a series of advanced and current topics in cyber security, many of which are especially relevant in modern enterprise and infrastructure settings. The basics of enterprise compliance frameworks are provided with introduction to NIST and PCI. Hybrid cloud architectures are shown to provide an opportunity to fix many of the security weaknesses in modern perimeter local area networks.
VISIT HERE
COMPUTER FORENSICS
Learners in this class study digital forensics fundamentals, including the four-step procedure concept. The course then moves into Unix/Linux fundamentals and Windows forensics and investigations. This course makes up part of NYU's five graduate-level course sequence leading to the MicroMasters® program in cybersecurity.
VISIT HERE
GOOGLE CYBERSECURITY PROFESSIONAL CERTIFICATE
Get on the fast track to a career in cybersecurity. In this certificate program, you'll learn in-demand skills, and get AI training from Google experts. Learn at your own pace, no degree or experience required. Additionally, when you enroll today, you’ll get access to Google AI Essentials at no cost. Offer ends 11/30*
VISIT HERE
CYBERSECURITY
Primarily aimed at individuals in managerial positions in an organization, this program covers the key concepts about how managers can contribute to maintaining the cybersecurity of the company. Begin by understanding the types of possible threats and list up the priorities accordingly. Build improved defenses and cultivate a culture of ethics and cybersecurity in the workplace. By the end of the lessons, you will be aware of how to handle risks and threats and come up with a robust action plan.
VISIT HERE
PROFESSIONAL CERTIFICATE IN CYBERSECURITY EXECUTIVE EDUCATION PROGRAM
This professional certification program is designed to advance your career as a cybersecurity engineer in any organization. Registering for this program will enable you to gain advanced technical skills required to defend mission-critical computer systems, networks, cloud applications, and more against cyberattacks.
VISIT HERE
A PRACTICAL INTRODUCTION TO CLOUD COMPUTING
The 2nd top hit for 'Cloud Computing' on Google says, 'Cloud computing is a general term for the delivery of hosted services over the internet.' Unfortunately, that definition is completely wrong. This course is designed to clear up the many misunderstandings about Cloud Computing and to give you a crystal clear and easy-to-understand explanation of exactly what it is.
VISIT HERE
THE LEARNING HUB
INTRODUCTION TO INFORMATION TECHNOLOGY FOR MANAGERS
This free online information technology course for managers will introduce you to the characteristics and uses of IT systems. Effective management and implementation of IT resources have now become routine tasks for many middle and senior managers. This means that a solid understanding of Information Technology is of vital importance for any manager in the modern workplace. Start this free online course today to grow your management skills today.
CYBERSECURITY FOR EVERYONE
Cybersecurity affects everyone, including in the delivery of basic products and services. If you or your organization want to better understand how to address your cybersecurity, this is the course for you and your colleagues to take -- from seasoned professionals to your nontechnical colleagues.
VISIT HERE
VISIT HERE
CYBER CAREERS AND COFFEE
With Jessie Bolton
Tune in to learn from Jessie and special guests on what it takes to develop and lead today's workforce, stay ahead of industry trends, gain insights for innovative cybersecurity solutions, and strategic career advice.
SMASHING SECURITY
With Graham Cluley and Carole Theriault
A helpful and hilarious take on the week's tech SNAFUs. Cybersecurity industry veterans Graham Cluley and Carole Theriault chat with guests about cybercrime, hacking, and online privacy. It's not your typical cybersecurity podcast.
2B BOLDER PODCAST
With Mary Killelea
On the 2BBolder Podcast, you will hear inspiring stories of how successful women in business and tech have worked hard to build great careers. Learn about their passions, their journey, their challenges, and their advice to the next generation of women. The 2B Bolder Podcast is designed to provide you first-hand access to some amazing women.
TO LISTEN
CAREER QUEENS PODCAST
With Teti Lekalake
Career conversations with millennial women in tech that are making moves and figuring out their career journeys, one step at a time. From salary negotiations to career pivots. This podcast is hosted by Teti Lekalake, an MBA candidate at INSEAD and former marketer at Meta.
UNSEEN BATTLES
With Parul Goel
On Unseen Battles, you will hear raw, honest conversations with women leaders about an unseen battle in their careers - working with a difficult manager, receiving critical feedback, hesitating to negotiate - issues we all face in some form. We will go deep into their motivations and fears. Tune in for your bi-weekly dose of hope and inspiration.
LADYBUG PODCAST
With Kelly Vaughn
We published our first episode on July 1, 2019 and have since published over 80 episodes on tech, career, and code.as we embark on our new season after a 2-year hiatus, we’re thrilled to elevate the conversation by dedicating a season to all things engineering leadership.
AFTERNOON CYBER TEA
With Ann Johnson
Ann Johnson, Corporate Vice President, Business Development, Security, Compliance & Identity at Microsoft, talks with cybersecurity thought leaders and influential industry experts about the trends shaping the cyber landscape and what should be top-of-mind for the C-suite and other key decision makers.
SECURING BRIDGES
With Alyssa Miller
As a hacker, Alyssa Miller has a passion for security which she evangelizes to business leaders and industry audiences both through her work as a cyber security professional and through her various public speaking engagements.
DISCARDED
With Selena Larson
Tales from the Threat Research Trenches is a podcast for security practitioners, intelligence analysts, and threat hunters looking to learn more about the threat behaviors and attack patterns.
THE CYBER QUEENS PODCAST
With Maril Vernon, Erika Eakins and Amber Devilbiss
WHERE ARE THE WOMEN IN CYBER?'The LandscapeIn 2022 the cybersecurity field still consists of 24% women and only 2.2% LGBTQ minorities. Long-perpetuated gender, age, and demographic biases held by the 'Baby Boomer' and Gen-X groups have led to a severe gap in the representation and advancement of women and minorities in this field.
NOTHING ABOUT YOU SAYS COMPUTER TECHNOLOGY
With Anthony Hendricks
A podcast about cybersecurity and data privacy viewed through the lens of diverse voices. By educating and encouraging women and people of color to explore careers in the cybersecurity space, we can close the skills gap and reduce our technology and policy blindspots.
CYBERVERSED
With Mandy Haeburn-Little
The podcast from those wellversed in all things cyber.Mandy Haeburn-Little, Cyber Woman of the Year 2021, in conjunction with the National Cyber Resilience Centre Group (NCRCG), brings listeners access to strategic conversations with industry leaders and figures in the UK's cyber resilience landscape.
JOB BOARD
NETWORK SECURITY ADMINISTRATOR | FUJITSU
FULL TIME ON-SITE AUSTRALIA
RESPONSIBILITIES AND ACCOUNTABILITIES:
• Perform root cause analysis and triage network/ computer issues for clients, servers, and network equipment.
• Work with both Windows and Linux/UNIX environments.
• Maintain the configuration, documentation, and procedures of the Gateway environments. Proactively maintain effective working relationships with peer group and key internal stakeholders and manage key external stakeholders relevant to the achievement of business objectives, where relevant.
• Plan own workload to achieve deliverables in required timeframes.
• Contribute to the effectiveness of the work team through positive and productive personal behaviours.
• Provide advice and demonstrate initiative in an area of functional expertise, where appropriate.
• Display a high standard of personal and professional integrity in all business dealings and develop own capability for current and future roles.
REQUIREMENTS:
• AGSVA Security Clearance - NV2 preferred but willing to look at NV1 happy to uplift to NV2
• Proven ability and knowledge of working in an IT environment
• Experience and knowledge using diverse operating systems
• Strong written and oral communication skills
• Ability to troubleshoot and perform root cause analysis on network/computer issues on clients, servers, and network equipment
• Understanding of commands and concepts along with the ability to setup, configure, and maintain servers, desirable.
• Demonstrated experience and/or knowledge in communication/networking, and programming using scripting languages, desirable.
• Experience in a gateway environment including mail and web applications, desirable.
• Willing to work a 24x7 shift roster
APPLY HERE
CYBER SECURITY INCIDENT MANAGER | CAPITA
FULL TIME SCOTLAND
WHAT YOU’LL BE DOING:
• Support the development of tools to support the implementation e.g. RACI, Service Catalogues etc.
• Provide SME support to assist the business and in meeting Cyber Security policies and standards.
• Deliver and support scenario exercising and assessment to identify opportunities for improvement / strengthening.
• Partner with the business to identify and manage cyber security resilience risks, providing support on risk mitigation solutions and plans.
• Review existing capabilities and identify opportunities for improvement.
• Create cyber security major incident management post-incident reviews (PIR) and identify opportunities for improvement.
• Provide cyber security Incident support where necessary - this may entail out of core business hours support.
• Partner with SMEs and provide resilience support and oversight to acquisitions, bids, and disposals to ensure they are managed appropriately and in a timely manner.
DESIRED SKILLS/EXPERIENCE:
• Industry-recognized certifications such as CISSP, CISM, or CISA.
• Experience with incident response platforms and tools.
• Familiarity with cloud security and modern IT environments.
• Knowledge of threat intelligence and threat hunting techniques.
• Experience in managing security incidents in a managed services provider (MSP) environment.
• Project management skills.
APPLY
IT SECURITY ASSISTANT MANAGER | SANDS CHINA
FULL TIME ON-SITE HONG KONG
Required: Diploma or above in IT or IT Security
Responsible for maintaining, supporting and deploying security devices and solutions (Firewall, IDS/IPS, Remote Access, Multi-factor Authentication, Log aggregation platform, etc.) related daily operations, projects and administration.
• Maintain detailed notes and produce professional investigative reports
• Configure, implement, maintain and troubleshoot a wide variety of information security devices
• Tune, patch and upgrade information security tools for optimum performance and platform security
• Respond to events/incidents with knowledge, efficiency, and professionalism
• Create, develop, and maintain detailed design documentation
• Prepare, document, and maintain standard operating procedures and protocols
• Collaborate with team members and business teams to troubleshoot system
• Submit and respond to tickets from an automated ticketing system
• Prepare change management items and participate in the Change Approval Board (CAB) meetings
• Must be able to respond to calls as needed (24/7)
APPLY HERE
CYBER SECURITY SOC MANAGER | ZODIAC SOLUTIONS, INC
FULL TIME REMOTE UNITED STATES
QUALIFICATIONS :
• Bachelor's degree in Computer Science, Information Security, or a related field; equivalent experience will be considered.
• Minimum of 5-7 years of experience in cybersecurity, with at least 2-3 years in a SOC environment and 1-2 years in a leadership role.
• Strong knowledge of SOC operations, security monitoring, incident response, and SIEM technologies.
• Experience with security technologies and tools, such as EDR, IDS / IPS, firewalls, and cloud security solutions.
• Industry-recognized certifications, such as CISSP, CISM, GIAC, or CEH, are preferred.
• Excellent leadership, communication, and problemsolving skills.
• Ability thandle high-stress situations with a calm and methodical approach.
KEY RESPONSIBILITIES :
SOC LEADERSHIP AND MANAGEMENT :
• Manage the SOC team, including scheduling, training, mentoring, and performance evaluation.
• Define and implement SOC processes, procedures, and playbooks tensure efficient security operations and incident response.
• Maintain a shift schedule tprovide 24 / 7 / 365 coverage, ensuring optimal staffing levels for the SOC.
SECURITY MONITORING AND INCIDENT RESPONSE :
• Oversee the monitoring and analysis of security events and alerts from various sources, such as SIEM, IDS / IPS, endpoint protection, and cloud platforms.
• Coordinate with internal and external stakeholders tcontain and remediate incidents effectively.
• Conduct post-incident analysis tidentify root causes and drive improvements in incident response processes.
SOC STRATEGY AND DEVELOPMENT :
• Develop and implement SOC performance metrics and reporting mechanisms.
• Continuously evaluate the effectiveness of SOC operations and recommend improvements in technology, processes, and staffing.
• Stay current with emerging security threats, attack techniques, and industry best practices tensure the SOC remains effective.
TEAM COLLABORATION AND COMMUNICATION :
• Communicate SOC activities and incident response progress tsenior management and stakeholders.
• Collaborate with other cybersecurity teams, such as CSIRT, Threat Hunt, Threat Intelligence, and Vulnerability Management, tenhance overall security posture.
APPLY HERE
JOB BOARD
SECURITY OPERATIONS CENTER - ANALYST | INNSPARK
FULL TIME ON-SITE INDIA
JOB RESPONSIBILITIES
1) Continuously monitor and analyze security alerts and logs to identify potential incidents.
2) Analyze network traffic patterns to detect anomalies and identify potential security breaches.
3) Establish correlation rules and mitigation playbooks as per requirements. Continuously update and suggest new rules and playbooks based on the evolving attack vectors. Leverage insights from public articles and cybersecurity reports to sharpen threat hunting strategies.
4) Use security compliance and scanning solutions to conduct assessments and validate the effectiveness of security controls and policies. Suggest improvements to enhance the overall security posture.
5) Utilize deception security solutions to deceive and detect potential attackers within the network.
6) Leverage deep expertise in networking, system architecture, operating systems, virtual machines
(VMs), servers, and applications to enhance cybersecurity operations.
7) Work effectively with cross-functional teams to implement and maintain robust security measures. Conduct thorough forensic analysis of security incidents to determine root causes and impact.
8) Assist with all phases of incident response. Develop and refine incident response strategies and procedures to address emerging cyber threats.
9) Perform digital forensics to understand attack vectors and impact. Swiftly respond to and mitigate security threats, ensuring the integrity and security of organizational systems and data.
10) Professionally communicate and report technical findings, security incidents, and mitigation recommendations to clients.
APPLY HERE
SENIOR SECURITY ENGINEER (RED TEAM) | ATLASSIAN
FULL TIME NEW ZEALAND AUSTRALIA
RESPONSIBILITIES
• Carry out complex operations from concept to postoperation with a high degree of skill and work ethic
• Translate real-world threat actor behaviours into relevant attacks on Atlassian
• Continuously probe, test and exercise Atlassian’s defences
• Keep detailed records of operational activity for deconfliction and later uses
• Produce detailed and meaningful post-operation reports
• Collaborate with other groups to multiply our impact
• Work on other projects as required
• Continuously improve your skillset and increase your impact
QUALIFICATIONS
• Senior-level offensive security operator skills in a broad range of tactics and techniques
• An adversarial mindset and the ability to think like an attacker
• Very good problem-solving, analytical, and critical thinking skills.
• Good understanding of ethical hacking methodologies, cybersecurity frameworks, and risk management strategies
• Fundamental information technology skills in systems, networking and IAAS
• Proficiency in one or more programming languages
• Very Good verbal and written communication skills
• A mature outlook and understanding of a Red Team’s business value
• Self-driven with the ability to adapt in a fast-paced, changing environment and work on multiple projects simultaneously
• Relevant academic and professional qualifications
APPLY HERE
AWS CHINA RESPONSE SECURITY ENGINEER, AWS SECURITY OPERATIONS, AWS SECURITY | AMAZON WEB SERVICES
FULL TIME CHINA
KEY JOB RESPONSIBILITIES
• Supply oversight of in-flight security issues.
• Triage new incoming issues to determine the level of risk they present to AWS, and then accordingly prioritise its remediation in conjunction with the impacted service team.
• Communicate the state of these issues to various audiences, both technical and non-technical, at various levels of seniority (up to and including AWS’ Chief Information Security Officer).
• Escalate issues to senior AWS leadership if you feel your issues are not being treated at the correct pace due to their impact to ensure that we are putting customers first.
• Explore building and improving our tooling to make your own life easier, and at the same time, sharing that benefit with all our engineers globally.
BASIC QUALIFICATIONS
• Bachelor's degree in computer science or equivalent
• 3+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
APPLY HERE
IT MANAGER – CYBERSECURITY | CYBERKNIGHT
FULL TIME ON-SITE UNITED ARAB EMIRATES
KEY RESPONSIBILITIES:
• Develop and execute IT strategies, policies, and protocols to align with the organization's cybersecurity goals.
• Oversee the management and upkeep of the company's IT infrastructure, including networks, servers, security systems, and Office 365.
• Address and troubleshoot IT technical issues as they arise.
• Monitor and assess the organization's IT security posture, proactively identifying and addressing potential risks and vulnerabilities.
• Stay informed about the latest cybersecurity threats, technologies, and best practices, and implement suitable measures to safeguard against them.
• Collaborate with various departments to effectively integrate security measures into business processes and applications.
• Conduct routine security assessments and audits to ensure compliance with industry standards and regulations.
• Promptly respond to and investigate security incidents and breaches, taking remedial actions as required.
• Develop and uphold disaster recovery and business continuity plans to ensure the resilience of IT systems and operations.
• Manage project coordination, resources, and timelines with different stakeholders.
• Coordinate with external vendors and service providers to procure and manage IT hardware, software, and services, including Office 365.
• Handle all IT-related projects for the Company.
APPLY HERE
JOB BOARD
CYBERSECURITY TEAM LEADER | SIRISOFT PUBLIC COMPANY LIMITED FULL TIME THAILAND
KEY RESPONSIBILITIES:
• Technical Implementation: Lead develop, and design comprehensive security solutions based on the organization's needs and industry best practices. Implement and configure security technologies, including firewalls, IDS/IPS, DLP, encryption solutions, and access control systems. Diagnose and resolve security-related issues, ensuring the effective operation of security systems.
• Team Management: Lead and manage the cybersecurity team, delegating tasks effectively and ensuring team members possess the requisite skills and resources to deliver outputs that directly contribute to the organization's strategic objectives.
• Financial Industry Compliance: Ensure that all network and security solutions adhere to the strict regulatory and compliance requirements of the financial industry. Implement industry-specific security measures to protect sensitive financial data and ensure compliance with standards such as PCI-DSS, SOX, and others.
• Presales Support: Collaborate with the sales team to provide technical expertise during the presales process. Participate in client meetings, design customized network and security solutions for financial clients, and develop technical proposals that meet their specific needs.
• IT Risk Management: Proactively identify, assess, and mitigate network and security risks specific to organization and clients. Implement and oversee robust security measures, including intrusion detection/prevention systems, secure access controls, encryption strategies, and comprehensive IT risk management frameworks. Stay abreast of emerging security threats and opportunities, ensuring the organization remains resilient and proactive in safeguarding its assets.
• Project Management: Lead network and security projects for financial clients from inception to completion, ensuring they are delivered on time, within scope, and to a high standard. Manage project resources, timelines, and client expectations, coordinating closely with vendors and internal teams.
• Resource Management: Oversee resource allocation within the cybersecurity team. Mentor and guide junior engineers, ensuring they are effectively utilized and continuously developing their skills.
• Client Engagement: Serve as a trusted advisor to financial clients, offering strategic guidance on network architecture, security best practices, and
regulatory compliance. Build and maintain strong client relationships to ensure satisfaction and support ongoing business growth.
• Log Analysis and Monitoring: Implement and manage advanced monitoring systems and log analysis tools to ensure continuous oversight of network performance and security, especially for financial clients. Proactively identify and resolve issues through effective log analysis and monitoring practices.
• Security Practices: Enforce security best practices, conduct regular audits and vulnerability assessments, and ensure compliance with industry standards. Maintain up-to-date security protocols to protect financial data and ensure compliance.
• Incident Response: Lead the response to network and security incidents, ensuring quick resolution with minimal disruption to client operations. Conduct postincident reviews to enhance security measures and prevent future occurrences.
• Technical Documentation: Develop and maintain comprehensive technical documentation, including network diagrams, security configurations, load balancing setups, digital certification processes, encryption practices, and log analysis/monitoring procedures, with a focus on financial industry standards.
QUALIFICATIONS:
• Education: Bachelor’s degree in Information Technology, Computer Science, Network Engineering, or a related field. Advanced certifications (e.g., CISSP, CEH, Security+, CCNP, CCNA) are highly desirable.
• Experience: 5+ years of experience in solution security engineering, with significant hands-on experience in technical design, implementation, and support within the financial industry or a similarly regulated environment. Experience working in a Systems Integrator (SI) environment is strongly preferred
• Technical Skills: Expertise in network technologies (e.g., Cisco, Juniper), security protocols (e.g., VPN, firewalls, encryption), load balancing, digital certification, log analysis, and monitoring tools (e.g., IDS/IPS, SIEM, SOAR, UEBA). Experience with financial industry compliance and cloud-based network and security solutions is a plus. Deep understanding of cybersecurity frameworks and standards (e.g., NIST CSF, ISO 27001).
CYBER SECURITY RESEARCHER AND PENETRATION TESTER | ENERGY JOBLINE
FULL TIME MEXICO
AS A CYBER SECURITY RESEARCHER, YOU WILL BE RESPONSIBLE FOR:
• Performing security research to identify threat vectors and potential vulnerabilities.
• Using tools and security assessment techniques to identify vulnerabilities in the product, platform, and scoped environment and provide recommendations on vulnerability remediation.
• Testing of a network, computer systems, applications, or other digital environment to identify vulnerabilities and/or configuration issues that could be used and exploited by attackers
• Developing new solutions under guidance and/or in a team setting or based upon precedents in the organizations.
• Working together with business leadership at SPB and EB level. Specifies needs, communicates about project approach and presents outcomes of research done.
• Delivering products as part of a team. Works on cross functional teams. Alternatively: Leads analytical
and design activities using proven technologies and vested approaches and methods.
TO BE SUCCESSFUL IN THIS ROLE YOU WILL:
• Have a Bachelor's degree from an accredited university or college with at least 3 years of experience in Cyber Security Research/Offensive Security.
• Have Strong oral and written communication skills. Have Strong interpersonal and leadership skills. Ability to influence others and lead small teams
• Lead initiatives of moderate scope and impact. Ability to coordinate several projects simultaneously.
• Have Effective problem identification and solution skills. Proven analytical and organizational ability.
• OSCP Certification
• OSEP Certification
• OSED/OSCE3 Certification
• Fluent written and verbal english
TOOLS AND WEAPONS: THE PROMISE AND THE PERIL OF THE DIGITAL AGE
Authors // Brad Smith and Carol Ann Browne
Microsoft President Brad Smith operates by a simple core When your technology changes the world, you bear a responsibility to help address the world you have helped create. This might seem uncontroversial, but it flies in the face of a tech sector long obsessed with rapid growth and sometimes on disruption as an end in itself.
BUY THE BOOK
QUIET: THE POWER OF INTROVERTS IN A WORLD THAT CAN'T STOP TALKING
Author // Susan Cain
At least one-third of the people we know are introverts. They are the ones who prefer listening to speaking; who innovate and create but dislike self-promotion.
BUY THE BOOK
STRONGER TOGETHER: WOMEN IN CYBERSECURITY
Authors // David Meece and Emily Zakkak
This book throws open the doors to the world of IT and Cybersecurity, celebrating over 100 accomplished women who have carved their own paths in these dynamic fields. It's not just a chronical of their achievements.
BUY THE BOOK
HACKING GENDER BARRIERS: EUROPE'S TOP CYBER WOMEN
Author // ECSO
This new publication written by the Women4Cyber Foundation gives voice to over 100 untold stories from women working in cybersecurity and aims at inspiring more female (but also male) professionals to take up a career in one of today’s most requested professional fields.
BUY THE BOOK
UNCANNY VALLEY: A MEMOIR
Author // Anna Wiener
Part coming-of-age-story, part portrait of an already-bygone era, Anna Wiener’s memoir is a rare first-person glimpse into high-flying, reckless startup culture at a time of unchecked ambition, unregulated surveillance, wild fortune, and accelerating political power.
BUY THE BOOK
CLOSE TO THE MACHINE: TECHNOPHILIA AND ITS DISCONTENTS
Author // Ellen Ullman
In 1997, the computer was still a relatively new tool—a sleek and unforgiving machine that was beyond the grasp of most users.
BUY THE BOOK
BROAD BAND: THE UNTOLD STORY OF THE WOMEN WHO MADE THE INTERNET
Author // Claire L. Evans
Join the ranks of the pioneers who defied social convention to become database poets, information-wranglers, hypertext dreamers, and glass ceiling-shattering dot comera entrepreneurs.
BUY THE BOOK
THE WOMAN THEY COULD NOT SILENCE
Author // Kate Moore
The Woman They Could Not Silence,’ is about Elizabeth Packard, an unintentional mental health rights advocate. Kate does an amazing job of profiling historical figures who advocate for those without a voice and learn to make systems not designed for them succeed in their cause.”
BUY THE BOOK
GOOGLE CYBERSECURITY EXPERT PARISA TABRIZ (STEM TRAILBLAZER BIOS)
Author // Domenica Di Piazza
Do you like to compete against other people? So did cybersecurity engineer Parisa Tabriz. She turned her toughness and her competitive spirit into a job as Google's top security expert.
BUY THE BOOK
CHICHI'S CYBERSECURITY ADVENTURES: THE SECRET OF SECURE SERVERS
Author // Grace Fejokwu
Chichi is a curious and tech-savvy girl living in Lagos, Nigeria who loves to learn about cybersecurity. She has just started boarding school at TeleAcademy Preparatory School and she is excited to learn even more!
BUY THE BOOK
CYBERAMA
Author // Arthi Vasudevan
Help your kids be safe on the internet and start talking cybersecurity with this actionpacked video game-like middle-grade adventure book!Are you worried about your child's digital safety-but don't know where to begin?
BUY THE BOOK
SEE YOURSELF IN CYBERSECURITY: A BOOK ABOUT CAREERS IN CYBERSECURITY FOR THE NEXT GENERATION
Author // Zinet Kemal
As a cybersecurity professional, YOU can play the role of a superhero who fights against hackers and cybercriminals to keep information, systems, networks, and applications safe from harm. It's a fulfilling career that requires you to stay one step ahead of the "bad guys" and help protect the digital world.
BUY THE BOOK
CELEBRATING EXCELLENCE: THE 2024 AUSTRALIAN WOMEN IN SECURITY AWARDS
The buzz was electric at the 2024 Australian Women in Security Awards, and it was an emotional experience for me. I felt a deep sense of pride reflecting on how far my team and I have come in building a vibrant community dedicated to celebrating the achievements of others. As I stood there, captivated by the enchanting performance of fire drummers and aerialists, accompanied by my key violinist—a phoenix—alongside an eight-piece orchestra, I couldn’t help but feel overwhelmed. This year marked my sixth awards ceremony, and I rode an emotional rollercoaster, uncertain if we’d even make it to the opening evening. But thanks to my amazing sponsors, both old and new, we did!
These awards wouldn’t have come to life without the support of our incredible sponsors, some of whom have been with us for years while others joined us for the first time. Their contributions were vital in making the evening a spectacular and unforgettable celebration. A heartfelt thank you to NAB, Bupa, AUSCERT, Sekuro, Stone & Chalk, TAL Australia, Australian Signals Directorate, Fujitsu Asia Pacific, Convergint, CyberCX, Equifax, Netskope, Macquarie Group, Decipher Bureau, Gridware, SheLeadsTech Melbourne by ISACA, Zerto, and Cyber Unicorns. Your support makes these awards possible.
In my speech, I reflected on the resilience we all share:
“Like the courageous firebird, we rise from our own experiences, renewed, empowered, and transformed. This is not just a story of survival; it is a story of thriving—of taking the lessons learned from our challenges and using them to fuel our future success.”
The winners of all 18 categories embodied this spirit, and you could feel the emotion in the room as they shared their heartfelt stories.
This year’s judges had their work cut out for them, sifting through hundreds of nominations across 18 categories to select our winners, highly commended recipients, and those deserving special recognition. I was honored to have such an esteemed panel: John Taylor, Maxine Harrison, Daniel Grzelak, Saleshni Sharma, Nadia Taggart, Anafrid Bennet, Laura Whelan, Jackie Montado, Leanne Fry, Clive Reeves, Stephen Bennett, Yaso Arumugam, Sarah Luscombe,
Paul Clarke, Nikki Peever, Roxanne Pashaei, Craig Ford, Jason Murrell, Dan Maslin, Lynwen Connick, Tamsin Jowett, and Janice Law.
The 2024 Australian Women in Security Awards were created and produced by Source2Create, and we look forward to continuing this journey for many years to come. We’ll be heading to New Zealand for the 2025 New Zealand Women in Security Awards in April, and with support from sponsors and government bodies, we hope to launch in Tasmania and Hong Kong in the New Year.
Now, let’s celebrate this year’s incredible winners!
MVP OF THE IT SECURITY INDUSTRY
(Proudly sponsored by Source2Create)
Winner: Bek Cheb
BEST VOLUNTEER
(Proudly sponsored by Source2Create)
Winner: Donna Buckley
Highly Commended: Natalie Perez
THE ONE TO WATCH IN PROTECTIVE SECURITY
(Proudly sponsored by Sekuro)
Winner: Venessa Ninovic
Highly Commended: Anastasia Grivas
BEST SECURE CODER
(Proudly sponsored by CyberCX)
Winner: Anisa Taj
THE BEST PROGRAM FOR YOUNG INDIVIDUALS IN SECURITY
(Proudly sponsored by Australian Signals Directorate)
Winner: The Cyber Academy program by Deloitte
Highly Commended: Kids Securiday
BEST SECURITY STUDENT
(Proudly sponsored by AusCERT)
Winner: Felicity Le
Highly Commended: Adriana Jones
Special Recognition: Eve Black
MOST INNOVATIVE EDUCATOR IN CYBERSECURITY
(Proudly sponsored by Source2Create)
Winner: Emma Kirby
Highly Commended: The Cybermarvel program by NSW Department of Education
CHAMPION OF CHANGE
Winner: Peter Gigengack
(Proudly sponsored by Source2Create)
Highly Commended: Jakub Zverina
UNSUNG HERO
(Proudly sponsored by TAL Australia)
Winner: Shyvone Forster
Highly Commended: Nikola Orgill
Special Recognition: Karen Sullivan
BEST INDUSTRY INITIATIVE FOR DIVERSITY, INCLUSION, AND EQUALITY
(Proudly sponsored by Stone & Chalk)
Winner: Women in Security Emerging Leaders Program by AWSN and Aya Leadership
Highly Commended: Cyber Skills Enrichment Program
BEST IN QUANTUM CYBER CHAMPION
(Proudly sponsored by Source2Create)
Winner: Dr. Farina Riaz
Highly Commended: Julie Gleeson
BEST PLACE TO WORK IN SECURITY
(Proudly sponsored by Source2Create)
Winner: CyberCX Women in Cyber
Highly Commended: Phronesis Security
Special Recognition: TAL Australia
PROTECTIVE SECURITY CHAMPION
(Proudly sponsored by Source2Create)
Winner: Nadia Hammoud
CONVERGED SECURITY RESILIENCE CHAMPION
(Proudly sponsored by Convergint)
Winner: Meg Tapia
Highly Commended: Sandy Ortmanns
BEST SECURITY MENTOR
(Proudly sponsored by Fujitsu)
Winner: Paula Sillars
CYBERSECURITY CHAMPION
(Proudly sponsored by Source2Create)
Winner: Vannessa Van Beek
Highly Commended: Jana Dekanovska
NEURODIVERSITY IN CYBERSECURITY EXCELLENCE CHAMPION
(Proudly sponsored by Source2Create)
Winner: Cayley Wright
AUSTRALIA’S MOST OUTSTANDING IN PROTECTIVE SECURITY
(Proudly sponsored by Source2Create)
Winner: Rachaell Saunders
AUSTRALIA’S MOST OUTSTANDING IN IT SECURITY
(Proudly sponsored by Convergint)
Winner: Kate Healy
Highly Commended: Shannon Jurkovic
Special Recognition: Joanne Cooper
As we reflect on this remarkable evening, it’s clear that the 2024 Australian Women in Security Awards embody the spirit of resilience and transformation. Each winner’s story is a testament to the strength and determination that fuels our community. Just as the phoenix rises from the ashes, so too do these exceptional women rise from their experiences— renewed, empowered, and ready to lead. Together, we celebrate not only the achievements of these trailblazers but also the vibrant future they inspire. Let us carry this momentum forward, embracing our challenges as catalysts for growth, and fostering an inclusive environment where every woman can soar to new heights. The journey continues, and with each year, we reaffirm our commitment to lifting each other up, ensuring that the fire of inspiration burns bright in the hearts of future leaders.
Become a Sponsor Today
If you're part of an organisation dedicated to promoting diversity and inclusion, we'd love to discuss our 2025 Awards packages with you.
These packages are designed to further our shared mission of recruiting, retaining, and advancing women in the cybersecurity workforce.
By becoming a sponsor and supporting our event, you'll visibly demonstrate your commitment to celebrating diversity and recognising accomplishments within the security industry.
Get in touch for more information on the 2025 Awards and to register your interest
aby@source2create.com.au
BEST SECURE CODER
Winner Proudly Sponsored by
Anisa Taj NRMA
For her outstanding leadership and technical expertise in secure coding, they have driven significant improvements across her organisation. Her commitment to safeguarding user data and fostering innovation through secure coding distinguishes them in the field of DevSecOps. Anisa efforts have greatly reduced vulnerabilities, enhanced team competency, and strengthened trust in the organisation’s products. Her intrinsic motivation, dedication to safety, and intellectual curiosity make her a standout leader in secure coding.
FINALISTS NOMINEES
Mahrita Harahap
Microsoft
Anisa Taj
NRMA
Emma Rigelsford
PwC
Antra Saxena
Deloitte
Natasha Liang
Bupa
Emma Rigelsford
Anisa Taj
Heena Sahare
Sophie Barton
Antra Saxena
Sonal Agrawal
Natasha Liang
Medha Mishra
Priya Eluru
Mahrita Harahap
Niki Patel
ANISA TAJ: A BEACON OF EXCELLENCE IN SECURE CODING
Anisa Taj, the esteemed winner of the Best Secure Coder award proudly sponsored by CyberCX, exemplifies what it means to be a leader in the critical field of secure coding. In a world increasingly dependent on technology, her remarkable contributions to the NRMA team have not only elevated the organisation’s security posture but also inspired her colleagues and set a new standard in secure coding practices.
Anisa has played a pivotal role in enhancing secure coding practices at NRMA through her unwavering commitment to leadership and education. By spearheading the development and implementation of comprehensive secure coding guidelines, she ensured that the team adhered to industry standards such as OWASP and CERT. This foundational work has fortified NRMA’s secure coding practices, making them more robust and reliable.
Her impact extends beyond policy development; Anisa has actively organised workshops and training sessions that empower her team to elevate their secure coding knowledge. By facilitating regular code reviews and security audits, she has fostered a culture of vigilance and accountability, making security a shared responsibility within the team.
As a hands-on coder, Anisa has consistently demonstrated her ability to identify and rectify security flaws through thorough manual inspections and automated tools. Her commitment to secure coding principles—such as input validation, proper error handling, and secure data storage—has been instrumental in improving the quality and security of NRMA’s software applications. Moreover, her integration of static and dynamic analysis tools
into the development pipeline has automated vulnerability detection, significantly enhancing the organisation’s security measures. Thanks to her efforts, NRMA has seen a substantial reduction in security vulnerabilities, thereby improving user trust and confidence in their products.
Throughout her projects, Anisa has faced numerous challenges, from managing a complex codebase to addressing varying levels of expertise within her team. She skillfully navigated these obstacles by implementing automated security tools for continuous scanning and establishing a modular approach for easier security assessments. Anisa also created a peer mentorship program that has empowered team members of all skill levels, ensuring that secure coding practices are consistently applied across the board. Her innovative strategies for integrating security measures into development processes without hindering productivity demonstrate her keen understanding of the balance between security and functionality. By emphasising a risk-based approach and fostering cross-functional collaboration, Anisa has seamlessly woven security into the fabric of NRMA’s development lifecycle.
Anisa’s passion for secure coding is driven by a deep commitment to user safety and ethical responsibility. She finds motivation in the intellectual challenges of cybersecurity and the tangible impact her work has on quality and trust. The rapid advancements in technology and the collaborative spirit of the cybersecurity community fuel her desire to stay updated and continuously improve her skillset. Her ethical imperative to protect users from harm, combined with her commitment to personal growth, exemplifies what it means to be a leader in the security industry. Anisa’s dedication to sharing her knowledge and uplifting her peers speaks volumes about her character and commitment to building a strong security culture.
Looking ahead, Anisa’s contributions have laid the groundwork for NRMA’s future initiatives, including advanced automation, comprehensive security training programs, and a Security Champions program to embed security advocates within each development team. Her vision for a security-first culture and holistic security framework will continue to inspire the organisation as it strives for excellence in secure coding practices.
Anisa Taj stands out as a shining example of what it means to be an exceptional secure coder. Her hard work, leadership, and unwavering dedication to excellence have inspired those around her and made a lasting impact on NRMA. Having narrowly missed winning this award in 2023, Anisa’s journey showcases resilience and a steadfast commitment to her craft. She embodies the essence of “see her be her,” proving that with passion and determination, one can make a difference in the world of cybersecurity. Anisa is not just deserving of the Excellence in Secure Coding Award; she is a beacon of hope and inspiration for future generations in the cybersecurity landscape. Congratulations, Anisa, on this welldeserved recognition!
BEST IN QUANTUM IN CYBER CHAMPION
Proudly Sponsored by
Winner
HighlyCommended
Dr Farina Riaz
CSIRO
She is transforming quantum cybersecurity with groundbreaking research, advanced AI security, and collaboration between the quantum and cybersecurity fields. Her work on defensive models, quantum-safe cryptography, and the impact of quantum computing on AI has greatly strengthened resilience against attacks. Her efforts have been vital in raising awareness about quantum computing’s impact on cybersecurity.
Julie Gleeson
Deloitte
For her outstanding advocacy of quantum readiness in cybersecurity, his 25 years of experience have left a lasting impact. By leading seminars, writing influential pieces such as "The Quantum Countdown," and creating practical solutions for quantum resilience, Julie has made remarkable advancements in the field. Her innovative strategies and thought leadership have significantly shaped the cybersecurity landscape, helping organisations prepare for the quantum era.
FINALISTS NOMINEES
Dr Farina Riaz
CSIRO
Rita Gatt
Deloitte
Saba Bagheri
Julie Gleeson
Deloitte
Yasaman Samadi
RMIT University
Tara Lie
Department Of Water And Environmental Regulation (DWER), WA State Government
Rita Gatt
Saba Bagheri
Tara Lie
Yasaman Samadi
Julie Gleeson
Dr Farina Riaz
DR FARINA RIAZ: QUANTUM CYBERSECURITY TRAILBLAZER
“Winning the “Best in Quantum in Cyber Champion” award is a tremendous honour for me and a reflection of my work at CSIRO and CSIRO Data61. This recognition highlights my dedication to advancing both quantum technologies and AI-driven solutions within the cybersecurity space. By combining the strengths of quantum computing with artificial intelligence, I’ve been able to develop innovative approaches that enhance the security of digital systems. This award inspires me to continue exploring how these groundbreaking technologies can work together to build stronger, more resilient defences against ever-evolving cyber threats. I’m proud to bring this achievement back to CSIRO, where our commitment to innovation continues to push the boundaries of what’s possible.”
Dr. Farina Riaz, the recipient of the Best in Quantum in Cyber award, has established herself as a visionary at the intersection of quantum computing and cybersecurity. Her work at CSIRO reflects a pioneering commitment to exploring the potential threats and opportunities that quantum technology brings to cybersecurity. Through her innovative research and collaborations, Farina is reshaping how we think about defending AI systems in an increasingly complex digital landscape.
At the heart of Farina’s work is a groundbreaking project focused on protecting artificial intelligence from the emerging risks posed by quantum computing. In an era where quantum computers
could potentially disrupt traditional encryption and security models, Farina has been working diligently to understand how quantum-enabled attacks might affect AI systems. Her primary focus has been on image data, an area ripe for exploitation by adversaries. Farina’s research explores the ways in which quantum capabilities could amplify cyberattacks, such as data manipulation and hacking, and their potential to undermine the integrity of AI outcomes.
What sets Farina apart is her dual approach: not only is she identifying the ways in which quantum computing could be leveraged for malicious purposes, but she’s also developing robust defense
mechanisms to counteract these threats. She has been working on innovative quantum AI security models that address the vulnerabilities inherent in machine learning systems. By devising next-level strategies, she aims to safeguard AI applications from both human and machine adversaries in the quantum era.
Farina’s contributions to quantum cybersecurity extend beyond theoretical work. Her cuttingedge application of generative AI, particularly
through the use of Variational Autoencoders (VAE), represents a significant leap forward in the defense of AI systems against quantum attacks. After experimenting with various quantum circuit designs and testing different parameters, she discovered new methods to generate highly accurate quantum images. These models hold immense potential for countering future quantum-powered cyber threats, pushing the boundaries of how we defend against adversarial attacks.
Throughout her career, Farina has actively fostered collaboration between the cybersecurity and quantum computing communities. She has played a key role in building partnerships and initiating joint research projects that bridge the gap between these two fields. Her efforts include organising workshops and seminars at CSIRO, where experts from both domains come together to exchange ideas and tackle the unique challenges posed by quantum computing. These events have become vital platforms for knowledge-sharing, driving interdisciplinary approaches to solving cybersecurity problems with quantum principles.
Beyond her work on AI and quantum defence strategies, Farina is laying the groundwork for future explorations into quantum-safe cryptography. While her current research focuses on identifying potential adversaries and crafting countermeasures, she is poised to expand her efforts into cryptographic practices that can withstand the power of quantum computing. As the field evolves, her insights will likely contribute to a stronger, more resilient cybersecurity framework, ensuring sensitive information remains secure even in a quantum-enabled world.
Farina’s impact on the cybersecurity landscape is already evident through measurable improvements in the resilience of AI systems. Her quantum initiatives have enhanced defences against adversarial attacks, particularly those targeting image data. By identifying key vulnerabilities in AI generative systems and developing effective countermeasures, Farina has bolstered cybersecurity protections in critical sectors such as smart cities, where quantum threats could
disrupt everything from autonomous vehicles to anomaly detection systems.
In addition to her research, Farina has been instrumental in raising awareness about the convergence of quantum computing and cybersecurity. Whether she’s speaking at industry conferences or engaging directly with students as a guest lecturer, her passion for educating the next generation of cybersecurity professionals is clear. She thrives on sparking conversations about the challenges and opportunities that quantum computing presents, ensuring that both current and future cybersecurity leaders are equipped to tackle the quantum revolution head-on.
Farina’s work is not confined to the lab or the lecture hall. She brings her expertise into everyday life, seamlessly weaving discussions of quantum
breakthroughs and cybersecurity threats into casual conversations with colleagues, friends, and peers. This approach reflects her deep belief in the importance of continuous learning and dialogue as we enter an era where quantum computing will redefine the boundaries of cybersecurity.
Dr. Farina Riaz’s journey in quantum cybersecurity is a testament to her dedication, innovation, and foresight. By exploring the untapped potential of quantum technologies and developing new ways to defend AI systems, she is shaping the future of cybersecurity in a rapidly evolving technological landscape. As quantum computing continues to advance, Farina’s work will undoubtedly remain at the forefront of efforts to protect our most critical digital infrastructures.
BEST PLACE TO WORK IN SECURITY
Proudly Sponsored by
Winner
CyberCX Women in Cyber
At CyberCX, she leads the way in promoting gender inclusion with her “Women in Cyber: Strength in Equality” plan and innovative practices. Her efforts have greatly boosted female representation and demonstrate a strong commitment to building a diverse and inclusive workplace. CyberCX sets the standard for gender inclusion and diversity, creating a workforce that thrives on varied perspectives and backgrounds, highlighting her dedication to fostering an innovative and supportive environment in the cybersecurity sector.
HighlyCommended Phronesis Security
Phronesis Security exceeds industry standards by implementing government recommendations for gender balance, offering paid internships, and providing flexible work arrangements. Its Employee Share Options Program and generous training allowances further enhance staff career development. By fostering a culture of empowerment, inclusivity, and growth, the organisation demonstrates a clear commitment to progressive policies and practices that champion gender equality and professional development.
SpecialRecognition TAL Australia
FINALISTS
TAL leads the way in inclusivity in cybersecurity with its pioneering approach to gender parity and extensive support for diverse talent. With over 50% of its cybersecurity team, including leadership positions, comprised of women, it has achieved gender parity in a traditionally male-dominated field. Ongoing recognition as an Employer of Choice for Gender Equality, along with proactive diversity initiatives such as gender-neutral communication and LGBTI+ support, underscores its commitment to creating an inclusive and innovative security workplace.
NOMINEES
Grant
CYBERCX: LEADING THE WAY FOR WOMEN AND NON - BINARY INDIVIDUALS IN SECURITY, BEST PLACE TO WORK 2024
CyberCX was delighted to be recognised as Best Place to Work in Security at the 2024 Australian Women in Security Awards for their Women in Cyber program.
Accepting the award on behalf of CyberCX, Chief People Officer S nezana Bakalovski said, "Celebrating the achievements of women in the industry, and those who support women in the industry, is so critical as we continue to strive to attract more women to the interesting, highly skilled and rewarding careers in security."
"At CyberCX we believe our teams need to be as diverse as the communities we secure –built on a foundation of gender diversity, inclusion, equity and belonging,” she continued.
“Accepting the award of Best Place to Work in Security for our Women in Cyber Program was the ultimate recognition after five years of relentless pursuit and focus on being the best in the industry.”
CyberCX has been awarded the prestigious Best Place to Work in Security, and it’s easy to see why. The company’s commitment to fostering a diverse, inclusive, and supportive environment is second to none, particularly when it comes to uplifting women and non-binary individuals in cybersecurity roles. This vision is more than just words; it’s backed by concrete programs, policies, and an inclusive culture that makes CyberCX stand out in the security industry.
Since its inception in 2020, CyberCX has made impressive strides in gender diversity. Starting with 18% female representation, the organization now boasts 28% women in its workforce, a significant leap above the Australian industry average of 21%. This includes 30% of female leaders overseeing critical security domains like Cyber Intelligence, Identity Access & Management, and Cyber Capability, as well as 44% of industry specialists and 50% of the Cyber Intelligence Analyst team. While representation
of non-binary individuals remains low at less than 1%, the company is actively committed to improving this.
Women at CyberCX are leading from the front, managing key security operations such as Federal PROTECTED Security Operations Centres, Identity & Access Management Projects, and Governance Risk & Compliance Teams. In fact, women occupy 30% of the Executive Leadership roles in Cyber Security Practices and Domains, and nearly half of them are in Director or Executive Director positions. This isn’t just a statistic but a testament to CyberCX’s focus on empowerment and career progression for women in high-stakes, technical positions.
What truly sets CyberCX apart are its comprehensive initiatives to ensure women and non-binary individuals can thrive. The company’s flagship program, Women in Cyber (WIC), provides mentoring, skills development, and regular networking events. It
actively connects women to role models and industry opportunities, helping them build their careers while fostering a sense of belonging. CyberCX also launched an All Women’s Cohort within its CyberCX Academy, equipping women with the technical skills they need to excel in cyber roles.
Flexibility and work-life balance are essential for employees’ well-being, and CyberCX ensures that all employees, especially those with caregiving responsibilities, have the support they need.
Flexible work arrangements, paid parental leave, and additional mental wellness leave are just a few examples of how CyberCX supports its team. Importantly, 96% of women and 94% of men report that they feel supported when utilizing these flexible working options.
In addition to its focus on gender diversity, CyberCX has a clear strategy to tackle unconscious bias and
discrimination. From screening job ads for gendered language to ensuring women are included on all interview panels for female candidates, CyberCX is making strides to ensure recruitment and promotion practices are free from bias. This commitment is reflected in the fact that 35% of new hires in the past 12 months have been women, outpacing the overall female workforce representation of 28%.
The company’s leadership is equally committed to these efforts. CyberCX has strong governance in place to ensure gender equality outcomes are achieved, with clear leadership accountability and regular monitoring of progress through employee surveys and engagement metrics. CyberCX’s Women in Cyber: Strength in Equality initiative exemplifies its dedication to improving gender equality across the board, including efforts to achieve gender pay parity.
Today’s enterprise risks are constantly evolving.
Beyond internal efforts, CyberCX is a visible champion for women in the broader industry, sponsoring key events such as the Women in Security Awards Australia and celebrating occasions like International Women’s Day and International Day of Women in Cyber. These initiatives are part of CyberCX’s larger strategy to advocate for gender diversity and elevate women and non-binary individuals in the cybersecurity field.
Ultimately, CyberCX deserves the Excellence in Security Workplace Award not just for its commitment to inclusivity and equality, but for the measurable impact it is having on its employees and the industry at large. With progressive policies, a nurturing culture, and leadership that truly cares, CyberCX is not only securing communities—it’s creating a workplace where everyone can belong and excel.
MVP OF THE SECURITY INDUSTRY
Proudly Sponsored by
Winner
Bek Cheb
AusCERT
She is an exceptional individual who embodies the qualities of an unsung hero, volunteer, cybersecurity champion, and mentor. Her remarkable dedication and significant contributions to cybersecurity include transforming the AusCERT annual conference, leading mental health initiatives, and creating environments where people thrive. Her advocacy for diversity, equity, and inclusion, along with her inspiring public speaking and leadership, have educated thousands on online safety and data privacy. Her calm, diplomatic approach and unwavering support for newcomers showcase a collaborative spirit and deep commitment to the industry.
CELEBRATING BEK CHEB: MVP OF THE IT SECURITY INDUSTRY AT THE 2024 AUSTRALIAN WOMEN IN SECURITY AWARDS
Bek Cheb has been honored with the prestigious MVP In the IT Security Industry Award at the 2024 Australian Women in Security Awards, sponsored by Source2Create.
CEO of Source2Create, Abigail Swabey, expressed her admiration, stating, "We are delighted to announce that Bek Cheb has been honored with an Appreciation Award for the MVP Of the security industry Award 2024. This prestigious accolade is a testament to Bek’s unwavering dedication, extraordinary efforts, and remarkable contributions to the cybersecurity industry."
As the Business Manager at AusCERT, Bek’s visionary leadership has not only ensured the seamless operation of this essential organisation but has also transformed its annual conference into a standout event marked by excellence, collaboration, and community spirit. Her meticulous attention to detail and ability to innovate have positioned AusCERT as a cornerstone of the Australian cybersecurity landscape.
Bek’s influence reaches beyond operational excellence. She is a fierce advocate for mental health and wellbeing, recognising the intense pressures faced by cybersecurity professionals. Through initiatives like offering free counselling sessions and introducing a beloved “puppy pit” at conferences, Bek has prioritised holistic support, creating safe spaces for individuals to recharge both mentally and emotionally.
While Bek’s efforts often occur behind the scenes, her impact is undeniable. She has played a pivotal role in member services, training programs, and financial management at AusCERT, ensuring the continued success of the organisation as a notfor-profit dedicated to the greater good of the cybersecurity community.
Bek is also a passionate champion of diversity, equity, and inclusion (DEI). She has spearheaded numerous initiatives that celebrate and advance these values, including the creation of awards recognising contributions to DEI within the cybersecurity community. Her dedication to listening, supporting, and uplifting others has fostered deep and enduring connections across the industry.
Most recently, Bek has courageously stepped into the spotlight, taking on public speaking roles and demonstrating her inspiring journey from behind-thescenes to a recognised leader. Her growth, combined with her compassionate leadership, highlights why she is so highly respected in the field.
Bek Cheb’s tireless efforts, steadfast dedication, and compassionate approach make her a truly deserving recipient of the 2024 MVP of the Security Industry Award. The cybersecurity community celebrates Bek’s outstanding achievements and looks forward to her continued positive influence in the industry.
BEST SECURITY MENTOR
Proudly Sponsored by
Winner
Paula Sillars
Cyber Audit Team
For her dedication as a mentor, she has significantly reshaped the Gold Coast cyber community. Her profound impact on mentees— through confidence-building, fostering growth, and facilitating career advancements—along with her active support and inspiration at various events, underscores her exceptional contribution to the cybersecurity industry. Her selfless dedication and passion for community-building have enriched the industry and made a tangible difference in many lives.
FINALISTS NOMINEES
Peter Gigengack
WA Department of the Premier and Cabinet
Gai Brodtmann
Australian Strategic Policy Institute
Paula Sillars
Cyber Audit Team
Skye Davis AWSN
Colin Twist
South Cyber West
Paula Sillars
Barbara Lima
Abhijit maity
Sonakshi Arora
Monika
Tarnavetchi
Grace Aulakh
Colin Twist
Monika
Tarnavetchi
Gai Brodtmann
Catherine Buhler
Emily MajorGoldsmith
Skye Davis
Emily Edgeley
Darlene
Winston
Peter Gigengack
Mina Zaki
Samuel Kelly
Helena Lim
Smita
Mylavarapu
Asou
Aminnezhad
Dr Claire Lentz
Mahrita
Harahap
Niru Verma
Jasmin Krapf
Puneet Tikoo
Tas Ahmed
Michael Reinhardt
Justin Lisle
Catherine Kimonides
Siddiqua
Shaheen
Heather Tsui
Mark Navarrete
Pratima
Kushwaha
Saleshni
Sharma
Justin Sacilotto
PAULA SILLARS: A BEACON OF MENTORSHIP IN CYBERSECURITY
“I'm deeply passionate about mentoring and supporting the next generation of cybersecurity professionals through my work with the Australian Women in Security Network and the Cyber Skills Enrichment Program. These experiences, along with other mentoring opportunities within my broader network, have shown me how practical guidance and a willingness to challenge traditional perceptions can unlock incredible talent. I believe in looking beyond résumés to recognise the true potential of each individual. Receiving this award reinforces the importance of mentorship, and I’m excited to continue empowering others and helping them build confidence on their cybersecurity journeys.”
Paula Sillars stands as a prominent figure in the cybersecurity industry, not just for her technical acumen but for her unwavering dedication to mentorship and community building. As a Cyber Security Engineer for a Managed Security Service Provider (MSSP) based in South East Queensland, Paula leads a team responsible for hardening clients’ systems and manages the configuration of security tools. She also oversees an intern program within the Cyber Audit Team, where she has developed comprehensive training content and managed the delivery of a rigorous 12-week Cyber Skills Enrichment Program.
But Paula’s influence extends far beyond her formal role. She is a pillar of support and guidance in the
security sector, particularly for those at the beginning of their careers. Her involvement with the Australian Women in Security Network (AWSN) as a Gold Coast chapter lead and her significant role in SecTalks Gold Coast highlight her commitment to nurturing new talent. Paula’s mentorship is both formal and informal, reaching mentees through AWSN and her direct interactions via SecTalks and LinkedIn.
What sets Paula apart as an exceptional mentor is her practical and individualized approach. She takes the time to understand each mentee’s unique aspirations and challenges. Paula excels at connecting mentees with others who share similar goals or can offer valuable insights, leveraging her extensive network to foster growth. Her commitment
is evident in her generous allocation of time, expertise, and resources, aimed at empowering the next generation of cybersecurity professionals.
Paula’s mentorship has led to notable success stories. One of her mentees, initially new to cybersecurity and struggling with confidence, overcame imposter syndrome with Paula’s support and recently secured her first role as a threat hunter at BOQ. Another mentee, transitioning from a different career, found clarity and landed a job at Lotteries Corp thanks to Paula’s guidance. Additionally, Paula assisted a longtime IT professional, disheartened by a toxic work environment, in making a successful transition to cybersecurity where he is now flourishing.
Paula’s inspiration to mentor stems from a deep commitment to ensuring diverse representation in the industry. As an immigrant woman with hearing loss, she understands the challenges of being a minority in cybersecurity. Her visibility and success serve as a beacon of possibility for
others, reinforcing the message that everyone has a place in this field. The joy she finds in witnessing her mentees’ achievements fuels her dedication to creating a more inclusive and supportive community.
On the Gold Coast, Paula’s impact is profound. Her efforts in building and nurturing the local cyber community are commendable. Through her roles as a mentor, AWSN chapter lead, and SecTalks coordinator, Paula has helped shape a vibrant and supportive network. Her work has not only fostered individual growth but also contributed significantly to the development of a strong, interconnected cybersecurity community.
Paula Sillars embodies the essence of a true mentor: someone who inspires, supports, and elevates others while contributing to the broader growth of their field. Her dedication to mentorship and community building makes her a deserving recipient of the Best Security Mentor award, reflecting her profound impact on the cybersecurity industry and the lives she has touched.
Learn more
“At Fujitsu Cyber Security Services, we empower every individual to reach their full potential, fostering an environment where every voice is heard, and every contribution valued. We are committed to a place where diversity is our strength and equality is the standard, ensuring that our collective efforts lead to exceptional outcomes for all.”
Laura O’Neill Head of Fujitsu Cyber Security Services
www.fujitsu.com/au/services/security
THE BEST PROGRAM FOR YOUNG INDIVIDUALS IN SECURITY
Proudly Sponsored by
Winner
HighlyCommended
The Cyber Academy
Deloitte
For the program's innovative 'earn-as-you-learn' model that bridges the cybersecurity skills gap while boosting gender diversity, it has achieved a 93% retention rate and significant increases in female participation. The Academy excels in creating equitable career pathways and aligning educational outcomes with industry needs.
Kids SecuriDay
For shaping the next generation of cybersecurity professionals with a strong emphasis on inclusivity and practical learning, Kids SecuriDay sparks excitement and prepares young women and nonbinary individuals for careers in cybersecurity.
FINALISTS NOMINEES
CyberCX Academy
CyberCX
Kids SecuriDay
Monash University Student
Incubator Program
The Cyber Academy
Deloitte
Cyber Skills Enrichment Program
Cyber Audit Team And Griffith University
Monash University
Cyber Skills Enrichment Program
Kids SecuriDay
The Cyber Academy by Deloitte
CyberCX Academy
She Leads Tech
IBL Program by ANZ
Rheinmetall Defence Australia
Cyber Security Internship
EMPOWERING THE FUTURE OF CYBERSECURITY: THE CYBER ACADEMY’S ROLE IN BRIDGING
GENDER GAPS AND FOSTERING TALENT
The Cyber Academy, a groundbreaking collaboration between Deloitte, the University of Wollongong, Swinburne University of Technology, TAFE NSW, and the Department of Education, has won the Best Program for Young Individuals in Security. The Academy was created to close the cybersecurity skills gap by combining education, industry, and government efforts into a unique “earn-as-you-learn” model. This approach allows students to work while pursuing their education, earning a salary that removes financial barriers and opens doors to a cybersecurity career.
Launched after five years of careful co-design with key stakeholders, the first cohort began in January 2023 with a retention rate of 93%. Over the two cohorts, the Academy has supported 26 women and non-binary participants, making up 35% of the student body—double the industry average for gender diversity. Women have also been instrumental in the Academy’s development and success, with over 75 women actively involved in its creation and 57% of the Cyber Academy team being female.
The Academy aims to tackle the well-known gender gap in cybersecurity. Through workshops and school outreach programs, the Academy encourages high school girls to consider cybersecurity as a career, showing them that it’s not only viable but also an exciting path. Mentorship is key to this, connecting students with industry role models who help guide their careers and offer support. Inclusive recruitment practices ensure that women are represented at every stage of the process, from applications to classroom participation.
Many women have already had life-changing experiences thanks to the Cyber Academy. Nora, for example, transitioned from a career in early childhood education into cybersecurity. She credits the program for opening doors she never thought possible. “I had no idea cybersecurity could be my path until I found the Academy. Now, I’ve had opportunities like joining CISCO’s Dream Team for the 2023 FIFA Women’s World Cup—something I could never have imagined,” she said.
Sachita, another student, used the Academy as her pathway back to work after taking time off for family responsibilities. “I was nervous about returning to
the workforce, but the Cyber Academy gave me the skills, confidence, and support I needed to re-enter the industry,” she shared. Charlotte, who discovered the program through a high school career fair, found her passion for cybersecurity during her first year in the Academy. “I never thought I’d be interested in cybersecurity, but the Academy made it so accessible. Now, I can’t wait to see where this journey takes me.”
The Cyber Academy is creating meaningful opportunities for students, particularly women and non-binary individuals, to thrive in cybersecurity. The program offers real-world work experience, mentorship, and a supportive learning environment that ensures participants are set up for long-term success. With its focus on diversity, inclusivity, and breaking down financial barriers, the Academy is not only closing the skills gap but also reshaping the future of cybersecurity in Australia.
As Nora put it, “The Cyber Academy gave me a fresh start in a field I’m passionate about, and I know I’m not the only one. It’s opening up a world of possibilities for so many of us.”
You’ll be at the forefront of cyber security and part of a diverse team at ASD.
An exceptional career awaits at ASD.gov.au/careers
BEST VOLUNTEER
Proudly Sponsored by
Winner
HighlyCommended
FINALISTS
Annie-Mei Forster
SheLeadsTech
Donna Buckley
John Curtin College
WiCys
Linda Cavanagh AWSN
Natalie Perez
ISACA and IAG
Jasmine McCrudden
Decipher Bureau
Donna Buckley
John Curtin College
For her outstanding work in advancing cybersecurity education,she has created workshops, integrated cybersecurity into school curricula, and connected students with industry professionals through mentorship programs. Donna's efforts have not only heightened awareness but also sparked genuine interest in cybersecurity among young people, demonstrating that they are an invaluable asset to the industry.
Natalie Perez
ISACA and IAG
Natalie Perez's unwavering dedication to volunteering, driving impactful sessions, and fostering collaborations that advance cybersecurity education and support women in the field, she has gone above and beyond. Her efforts in establishing diverse volunteer committees, leading mentorship programs, and working with key organisations have empowered women in cybersecurity.
NOMINEES
Donna Buckley
Kelli Dienhoff
Linda Cavan
Annie-Mei Forster
Puneet Tikoo
Sabine Bourdin
Amelia Edge
Jasmine Mccrudden
Natalie Perez
Andra Cimpean
Baby Nagayo
Anjali Varghese
Heidi Winter
Chaital Vasta
Pooya Khanmohamadi
Yogini Patil
Mary Yu
Roma Singh
Sandra Weng
WiCys Australia
DONNA BUCKLEY: TRANSFORMING CYBERSECURITY EDUCATION FOR THE FUTURE
It is such an unexpected honour to be awarded the Best Volunteer at the Australian Women in Security Awards. Listening to the breeze has led my on an adventure that I never would have imagined when I started my mathematics teaching career. A love of cryptography, puzzles and people has sailed me on a journey into the cybersecurity industry. To be recognised with this award makes me confident that the work I do supporting young people and teachers to develop their own portfolio of cybersecurity skills is helping to create a more secure Australia."
Donna Buckley, winner of the Best Volunteer award has made extraordinary contributions to cybersecurity education, bridging the gap between secondary schooling and the rapidly evolving cyber industry. Her dedication to empowering the next generation of cybersecurity professionals is reshaping the educational landscape in Australia, particularly in the realm of vocational training for high school students.
Donna’s journey in cybersecurity education began with a profound passion for mathematics and a love of puzzles. Initially a mathematics teacher, she utilised cryptographic applications from history to help students connect pure mathematics with the real-world applications of cybersecurity. In 2018, she recognised the urgent demand for future cyber experts through her volunteer work as a Day of STEM/Life Journey teacher champion. Inspired to meet this need, Donna retrained, earning a Cert IV in Training and Assessment and a Cert IV in Cybersecurity, enabling her to deliver a vocational cyber course for her students.
In 2021, Donna’s pioneering efforts culminated in the development of Australia’s first accredited cybersecurity industry-aligned Cert II course for Year 11 and 12 students. This groundbreaking initiative provides students with future-ready cybersecurity skills and creates an innovative vocational pathway that reinvents how students engage with technical education. Her approach opens doors for dual exceptional and creative students to expand their skill sets beyond the traditional curriculum, setting the foundation for future careers in the cyber field.
EDUCATING AND ENGAGING COMMUNITIES
Donna’s commitment to cybersecurity goes beyond the classroom. She is passionate about raising awareness of cybersecurity risks and best practices
within her school and the broader Western Australian community. Her “champions creating champions” methodology empowers her students to lead cybersecurity initiatives. Her cyber students regularly conduct activities such as Safer Internet Day events, assembly presentations on digital reputation, and educational incursions for younger students, educating peers, teachers, and parents alike.
Her influence extends far beyond the school gates. Donna’s students have taught online safety to community groups, including the Meerilinga Family Group, shared their experiences in the Cyber Taipan competition, and presented at DigiTech teacher conferences. These initiatives foster a cybersecurityconscious culture, reinforcing the importance of digital safety in everyday life.
Through her active involvement in the broader cybersecurity community, Donna engages with industry and public sector leaders to address the need for practical education in the field. She regularly hosts industry experts and tertiary educators to speak at her school, ensuring her students are exposed to the latest trends and technologies in cybersecurity. Additionally, she collaborates with the WA Office of Digital Government, advising on cybersecurity education pathways for secondary students.
PROMOTING BEST PRACTICES AND SHAPING FUTURE LEADERS
As an advocate for cybersecurity education, Donna continuously promotes best practices by aligning her teaching with the guidelines of the Australian Cyber Security Centre (ACSC), eSafety Commissioner, and Australian Signals Directorate (ASD). Her efforts to demystify cybersecurity have earned her numerous accolades, including the prestigious 2023 Prime Minister’s Prize for Science Teaching in Secondary Schools and the WiTWA Tech + Award. These honours underscore her commitment to developing a pipeline of future cyber professionals equipped with the skills necessary to navigate the complexities of the industry.
Beyond her teaching role, Donna has actively engaged with programs and competitions that nurture technical talent. She volunteers with the Girls Programming Network (GPN Perth Node), where she leads beginner programming sessions and ensures young girls receive the support they need to thrive in technical fields. As a driving force behind the PECAN+ CTF (Capture the Flag) competition, Donna has inspired students to develop critical problem-solving skills essential in cybersecurity. Her long-standing involvement with the CSIRO Cyber Taipan competition further highlights her dedication to creating engaging, hands-on experiences for her students.
LOOKING TO THE FUTURE
Donna’s plans for the future center around continuing to innovate and expand cybersecurity education. With the recent conclusion of the Cyber Taipan Donna has seamlessly adapted her resources to align with the PECAN+ competition, ensuring her students continue to receive high-quality, practical cybersecurity training.
Her newest initiative, the Cyber [+] Teacher focuses on building teacher capacity to deliver vocational courses aligned with future-focused technical industries, particularly in the context of cybersecurity. By developing comprehensive teacher resources and professional learning modules for Year 11 and 12 students, this project aims to provide educators with the tools they need to teach essential digital and cybersecurity skills. This initiative will not only benefit students by equipping them with the skills necessary for future employment but will also enhance teachers’ understanding of the intersection between business, digital technologies, and cybersecurity.
Donna Buckley’s contributions to cybersecurity education are shaping a future in which students are equipped with the knowledge and skills to protect Australia’s digital landscape. Her passion for fostering the next generation of cyber leaders ensures that her legacy will continue to inspire and guide educators and students for years to come.
Build the future of
We are not-for-profit, purpose-driven and sustainable, and are committed to diversity and inclusivity across our community. Enhancing the growth, recognition and impact of these professionals. Meet our 2024 Stone & Chalk x AWSN Scholarship Program recipients: DID YOU KNOW?
Christina Jane Arcane
BEST INDUSTRY INITIATIVE FOR DIVERSITY, INCLUSION, AND EQUALITY
Proudly Sponsored by Winner
Women
in
Security Emerging Leaders Program
HighlyCommended
AWSN and AYA LEADERSHIP
For significantly advancing female leadership in Australia’s security sector through the Women in Security Emerging Leaders program, they have supported numerous women across multiple organisations with tailored workshops and coaching. This initiative has led to increased promotions and leadership roles, fostering resilience, diversity, and confidence within the industry, and empowering women with the edge to lead.
Cyber Skills Enrichment Program
Cyber Audit Team and Griffith University
Cyber Skills Enrichment Program excels in bridging the cybersecurity talent gap with free training and paid placements. It prioritises inclusivity, with 40% of placements awarded to women and 20% to neurodiverse individuals. Graduates have landed roles at top organisations, proving the program's effectiveness. The program is impactful and innovative.
FINALISTS NOMINEES
WINSPIRE
ANU’s National Security College and The Australian Strategic Policy Institute
Women In Security Emerging Leaders Program
AWSN and AYA LEADERSHIP
Kids SecuriDay
Cyber Career Starter Program
Kirra Services
Cyber Skills
Enrichment Program
Cyber Audit Team and Griffith University
Women In Security Leadership Development Program
AYA LEADERSHIP
Cyber Skills Enrichment Program
Ilead Talent Exchange
Women In Security Emerging Leaders Program by AWSN And AYA LEADERSHIP
Project Friedman, produced by Louisa Partridge and Louisa Vogelenzang
WINSPIRE by National Security College, Australian National University and Australian Strategic Policy Institute (ASPI)
Cyber Uplift Step Program SA
Identifly Cyber Security Graduate Program by Identifly
Cyber Career Starter Program By Kirra Services
Kids SecuriDay
Women In Security Mentoring Network by AWSN, ASD, and OK RDY
Isaca Foundation
SheLeadsTech Melbourne
EMPOWERING FUTURE LEADERS: THE WOMEN IN SECURITY EMERGING LEADERS PROGRAM—PROUD WINNERS OF THE 2024 BEST INDUSTRY INITIATIVE FOR DIVERSITY, INCLUSION, AND EQUALITY
AWSN and Aya Leadership are proud of the impact the Women in Security Emerging Leaders Program is having across the security industry – supporting women, advancing female leadership, and expanding diversity. Winning this award highlights the important role of leadership development to creating sustainable diversity, inclusivity and equity in the sector. With 140 women having now progressed through the program over the past three years, it acknowledges the essential support required for early-career female professionals, to help them overcome systemic barriers and position them for leadership roles. It also reflects how well-placed Australia’s security sector is to invest in the development and promotion of women as a leading strategy to drive gender equity and increase the representation of women at all levels, especially as leaders.
The Women in Security Emerging Leaders Program is a groundbreaking initiative by the Australian Women in Security Network (AWSN), in collaboration with Aya Leadership. Launched in 2022, this program aims to elevate emerging female leaders in the security sector, addressing barriers that have traditionally hindered women’s progression in this maledominated field.
Dr. Susan McGinty, founder and CEO of Aya Leadership, leads this initiative with a wealth of experience in STEM and National Security. Her commitment to fostering gender diversity informs the program’s design, which creates a supportive environment for women to learn, grow, and collaborate. By offering tailored leadership development, the program helps participants
navigate their unique challenges and equips them with the tools necessary for leadership success.
Despite women making up less than 25% of the security workforce in Australia—and only 17% in cybersecurity—the Emerging Leaders Program focuses on increasing retention and promotion of women in these sectors. It aims to provide essential support to early-career professionals, helping them overcome systemic barriers and positioning them for leadership roles. This initiative tackles issues like toxic organisational cultures and the scarcity of role models and mentors, paving the way for a new generation of confident female leaders.
The program operates on four key pillars: enhancing leadership skills, increasing the number of female leaders, positioning participants as role models, and transforming organisational cultures. In 2023, it successfully developed the leadership capabilities of 33 women, contributing to a total of 94 participants from over 40 organisations since its inception. Many participants have reported significant growth in their leadership skills and have even secured promotions shortly after completing the program.
Designed for women and female-identifying individuals across various security sectors—including cyber, IT, physical security, and national security—the program accommodates those new to leadership or in their first roles. By connecting participants with peers and helping them define their leadership aspirations, it fosters a thriving community where women can succeed.
What sets this program apart is its research-driven content, rooted in the experiences of its design and delivery team, which has over 25 years of combined experience in the STEM and security sectors. The program has also responded proactively to findings from the 2023 RMIT/AWSN Gender Dimensions of the Australian Cyber Security Report, highlighting the need for increased gender representation in leadership roles within cybersecurity.
Participants benefit from a holistic learning experience that includes workshops on essential topics like emotional intelligence and effective communication, combined with coaching and peer mentoring. Each session is designed to cater to individual needs, ensuring that participants can integrate new strategies into their daily practices.
The positive feedback from participants reflects the program’s effectiveness, with many recommending it to colleagues and expressing appreciation for the strong sense of community it fosters. Organisations like CyberCX have also recognized its value, sending over 14 women through the program since it began.
The Women in Security Emerging Leaders Program is more than just a leadership initiative; it’s a transformative approach to diversity and inclusion in the security sector. By empowering women and focusing on their leadership development, it reshapes the landscape of the industry, setting a precedent for inclusivity and equity. As it continues to grow and adapt, this program is paving the way for a more diverse and collaborative future in security leadership.
Maturity Assessment Service
BEST SECURITY STUDENT AWARD
Proudly Sponsored by
Winner
HighlyCommended
SpecialRecognition
Felicity Le Risk & Security Management
A truly dedicated recent graduate making impactful strides in national security, she is poised to become a leader and role model for women in the industry. Despite facing challenges, she has won awards, published research, and co-developed the Emerging Leaders Program. As an AIPIO Board member, she clearly demonstrates a commitment to leadership and serves as a role model for women in security, all while balancing career dedication with mental health.
Adriana Jones NIB
A dedicated cybersecurity professional, she is passionate about protecting societal values and empowering others. Her work enhancing digital services at NIB and overcoming challenges as one of only eight women in Engineering School in Guatemala showcases her resilience. With achievements including a prestigious scholarship, a microcredential, and mentoring women in cybersecurity, her commitment to safeguarding societal values is evident.
Eve Black SA Power Networks
Eve black has demonstrated that leadership in cybersecurity is achievable without the need for advanced degrees by harnessing her neurodivergent strengths and unwavering determination. Excelling in her TAFE studies and stepping into leadership roles as a teacher's assistant, she sets an inspiring example for others. By turning challenges into opportunities, she proves that leadership in cybersecurity is driven by passion and perseverance, not just traditional qualifications.
BEST SECURITY STUDENT AWARD
Proudly Sponsored by
FINALISTS NOMINEES
Adriana Jones
NIB
Linet Momposhi
Western Sydney University
Felicity Le
Risk & Security Management
Eve Black
SA Power Networks
Paola Palamo
Orro Group
Rofina Suraj
Pronto Software
Courtney Jones CyberCX
Zahlia Hamer
Macquarie University
Rofina Suraj
Samantha Barr
Courtney Jones
Shakira Memorey
Zahlia Hamer
Aliah Al-Shabib
Linet Momposhi
Yasaman Samadi
Anushka Ravalji
Nyalok Gatwech
Hayley Eaton
Eve Black
Greeshma Dantla
Amy Curtis
Amy Nguyen
Jess McInally
Marwah Alharbi
Georgia Elias
Didi Fletcher
Katrina Steen
Sherley Pidakala
Tania Sadhani
Dishti Kapoor
Paola Palomo
Claudia Nave
Felicity Le
Ishika Bhatra
Katie Perry
Cindy Liu
Adriana Jones
Chantelle Vivian
Pallavi Singh
Jessica Austin
Shurui Lian
Dracy Ma
Cindy Liu
Julie McKenna
Jingjing Zhang
FELICITY LE: BEST SECURITY STUDENT AWARD WINNER
" This award means everything to me. As a child of first generation immigrant parents, my family did not have much when I was growing up. Even so, we were grateful for everything we had and they worked hard to ensure a brighter future for my siblings and I. This gratitude is precisely what drew me in to the security profession, particularly national security. It's my way of saying thank you to my parents and to my home - I want to protect our homes for future generations."
in the mercantile industry. Her passion for national security, international law, and the ethics of war has driven her to build a robust foundation in intelligence and security while still completing her degree. Felicity’s commitment to these fields is evident, as she aims to transition into government intelligence, with aspirations of protecting Australia’s national interests.
Felicity Le’s journey to winning the Best Security Student Award is a testament to her remarkable achievements, resilience, and dedication to both her studies and her career in the security and intelligence fields. A recent graduate of Queensland University of Technology, Felicity holds a double degree in Law (Honours) and Justice. Throughout her academic career, she has simultaneously worked as an intelligence professional in the private investigations sector, gaining hands-on experience
Felicity’s path to success has not been without challenges. Raised in an ethnic minority household by first-generation immigrant parents, she experienced the effects of generational trauma and financial hardship firsthand. Her parents worked tirelessly in their small business to provide for their family, and as she grew older, Felicity took on a dual role— supporting her family’s business while advancing her own education and career. This balancing act often led to sleepless nights and impacted her wellbeing, but Felicity’s determination never wavered. Despite these obstacles, she excelled in her studies, publishing a research paper in the Australian Institute of Professional Intelligence Journal and winning the Emerging Intelligence Professional Award in 2022.
In the past year, Felicity has demonstrated her potential for leadership through a series of significant accomplishments. She has mentored and supervised
an intern as part of the Australian Institute of Professional Intelligence Officers (AIPIO) program, co-developed the Emerging Leaders Program with Aya Leadership, and played an integral role in planning the AIPIO National Conference in 2023. Her leadership in these areas, particularly in shaping programs tailored to emerging professionals in the intelligence community, underscores her ability to inspire and guide the next generation of security professionals.
Beyond her primary responsibilities, Felicity has been actively involved in AIPIO since 2019, where she initially completed an internship and now serves as a Board member. In this role, she advises on matters relevant to emerging intelligence professionals, attends networking events, and contributes to the development of the intelligence community. Her involvement in AIPIO’s Security Intelligence Community of Practice showcases her commitment to advancing discussions around national security, defence, and policing, ensuring that the perspectives of newer professionals are well represented.
Felicity’s passion for leadership is also evident in her plans to develop a marketing and communications strategy for AIPIO’s Emerging Intelligence Professionals Community of Practice. This initiative, the first of its kind, will streamline communications between the Board, regional representatives, and community convenors, helping to better serve the needs of intelligence professionals across Australia. Undertaking this project independently, Felicity is driven by her deep passion for the intelligence sector and her desire to foster stronger connections within the community.
For Felicity, working in security is about more than just protecting systems and information—it’s about giving back to her country and ensuring a future where others don’t face the struggles her family endured. Her personal experiences growing up in an immigrant household, along with her dedication to Australia’s national security, have shaped her worldview. She believes that the pursuit of peace
and security is a lifelong journey, and one that requires not only resilience but also a deep sense of responsibility. It is this unwavering commitment to making a difference that motivates Felicity to continue her work in the security industry, ensuring the safety of future generations.
Felicity Le is a shining example of what it means to be a leader in security, and her contributions thus far highlight the significant impact she will continue to have on the intelligence and security fields in the years to come.
AUSTRALIA’S MOST OUTSTANDING IN IT SECURITY
Winner
Proudly Sponsored by Kate Healy
HighlyCommended
Empowered Cyber
As a pioneering IT security leader, she is renowned for her exceptional leadership and innovation, elevating both the industry and smaller companies through her dedication and expertise. Her trailblazing roles and commitment to mentoring highlight her significant impact on the industry. By transforming personal fears into strengths and focusing on enhancing security for smaller, economically vital companies, she demonstrates an unwavering commitment to her core values. Her leadership and innovation make her truly deserving of this award.
Shannon Jurkovic
SpecialRecognition
Australian Retirement Trust
She is a standout leader in cybersecurity, recognized for her transformative impact, inclusive approach, and dedication to advancing industry standards and education. By building a robust team and shifting to a holistic strategy, she revolutionised her organisation’s approach to cybersecurity. Her inclusive leadership has fostered greater awareness in the field and led to pivotal partnerships that enhance customer authentication. With a proven track record in the sector, she excels in fostering collaboration, developing her team, and engaging with the industry.
Joanne Cooper World Data Exchange
She is a pioneering leader in data security and eHealth, recognized for her innovative approach, global teamwork, and adept navigation of regulatory challenges. Her exceptional management skills are evident in her leadership of a global team and her promotion of collaboration. Her commitment to driving innovation is showcased through her impressive achievements and accolades, while her ability to navigate complex regulatory landscapes while pushing technological boundaries marks her as a true trailblazer in the industry.
AUSTRALIA’S MOST OUTSTANDING IN IT SECURITY
Proudly Sponsored by
FINALISTS NOMINEES
Fiona Long Assuredly
Kate Healy
Empowered Cyber
Shannon Jurkovic
Australian Retirement Trust
Daniela Fernandez Palacios
Joanne Cooper World Data Exchange
Laura O’Neill
Fujitsu
Caity Randall
Bahar Fardaran
Joanne Cooper
Nikki Peever
Liz Gomez
Sharin Yeoh
Bat-Ami Naim
Fiona Long
Jessica Gomes
Dian Erliasari
Laura O’Neill
Sarah McAvoy
Daniela Fernandez
Palacios
Roseline
Christopher Pranali
Mandewalkar
Anya Avinash
Jacqueline Ryder
Kate Healy
Shyvone Forster
Deanna Gibbs
Nora Fusiyao
Shannon Jurkovic
Shameela Gonzalez
Louise Hanna
Serena Pillay
Simi Das Adara Campbell
Leila Assadi
Jalpa Bhavsar
Laura Hartley-Quinn
Jana Dekanovska
Vanessa Gale
Katherine Downing
Naima Hassen
KATE HEALY: PIONEERING EXCELLENCE AND INSPIRING LEADERSHIP IN IT SECURITY
My favourite part of the awards night was being in a room full of so many amazing Women and advocates. Accepting the award in front of so many peers who had incredible stories and triumphs is something I will never forget.
I am deeply honoured and humbled to have won. Working in IT Security is not always easy and there was a point in my career I wanted to walk away, but I came to realise that the work we do is important. If I can help protect an organisation, I’m not just protecting the organisation, but also their customers including everyday Australians, and it’s that philosophy that drives me. It is wonderful to be recognised amongst my peers, but the most meaningful part of the award for me is the acknowledgement that the work I do has impact and that I am contributing to our community in a meaningful way.
Kate Healy’s recognition as Australia’s Most Outstanding in IT Security at the recent 2024 Australian Women in Security Awards is a fitting tribute to her exceptional career and unwavering dedication to the field. Her journey through IT security is nothing short of remarkable, marked by groundbreaking roles and pioneering contributions that have set new benchmarks in the industry.
Kate’s career began with a trailblazing role in 2008 when she became one of the banking industry’s first Business Information Security Officers (BISO) at Standard Chartered Bank. This position, which took her to Singapore, set the stage for her future achievements. By 2014, Kate had further solidified her status as a pioneer by becoming Australia’s first Cyber Security Risk Manager at CBA, where she expertly managed a $300 million multi-year Cyber Security program.
Her innovative spirit continued to shine in 2020 when she joined Google Cloud as their first Australian cyber security hire, taking on the role of Head of Security for Google Cloud Australia and New Zealand. And most recently Kate served as the interim CISO for The Lottery Corporation, an ASX Top 50 company, where she oversaw a comprehensive multi-year cyber security program.
Kate’s leadership extends well beyond her formal roles. Her commitment to fostering collaboration and supporting others in the IT security community is evident through her various efforts. She has provided invaluable mentorship, both formally through the NSW Cyber Business program and informally, helping numerous professionals navigate their careers and develop crucial skills. Her dedication to building a supportive network is further demonstrated by her voluntary hosting of the Sydney Day of the Month Club. This meetup for cyber professionals thrives under her engagement, creating valuable opportunities for networking and collaboration.
In her role as a Non-Executive Director for HANZA, Kate has actively contributed to reviewing and aligning the organisation’s cyber security strategy, enhancing its technological resilience and mission. Her contributions have had a profound impact on both individuals and the broader IT security community.
Kate’s journey has not been without its challenges. One significant obstacle she faced was her initial fear of public speaking. Recognizing the importance of clear communication for effective leadership, Kate committed herself to overcoming this fear through practice and training. This transformation enabled her to become a sought-after keynote speaker, sharing her insights on various topics, including container security and cyber risk culture. Her dedication to public speaking is driven by a desire to inspire the next generation of cyber security professionals, bridge knowledge gaps, and support women in the industry.
Kate also encountered challenges in balancing her corporate career with her passion for addressing the “Knowledge Gap” in Cyber Security. This led her to found Empowered Cyber, a consultancy offering accessible and affordable cyber security expertise to individuals and start-ups. Her choice to prioritize this mission over financial convenience highlights her dedication to making a meaningful impact.
Her contributions have been widely recognized, underscoring her influence and leadership in the
field. In 2019, Kate was honored as one of the first Fellows (FAISA) by the Australian Information Security Association (AISA), acknowledging her leadership and commitment. Her influence was further highlighted in 2020 when she was shortlisted for NSW Woman of the Year by the University of Wollongong, celebrating her trailblazing efforts.
Kate’s passion for IT security is deeply rooted in her understanding of its broader impact. She embraces the philosophy that her work not only protects organizations but also their customers and contributes to national security. This sense of purpose drives her to inspire others and foster a culture of security excellence.
Kate Healy’s recognition as Australia’s Most Outstanding in IT Security is a testament to her significant contributions and unwavering dedication. Her career is a testament to what it means to be a trailblazer and leader in IT security. Kate’s unique blend of expertise, leadership, and passion sets her apart, and her impact will continue to inspire and shape the future of the industry.
AUSTRALIA'S MOST OUTSTANDING IN PROTECTIVE SECURITY
Proudly Sponsored by
Winner
HighlyCommended
Rachaell Saunders
National Protectives Services
She is an exemplary leader in protective security, having transformed NPS into a national leader over nearly 40 years. From pioneering patrol officer to CEO, her journey showcases resilience and innovation. Her commitment to overcoming gender biases, navigating business challenges, and supporting disadvantaged individuals highlights her exceptional leadership and dedication to the industry.
Jodi Finn
Eva’s Ridge Enterprises
For her exceptional leadership and innovative security management at the ASEAN-Australia 50th Anniversary Special Summit, she ensured the safety of world leaders and thousands of attendees. Her strategic expertise, adeptness in high-pressure situations, and commitment to mental health advocacy distinguish her as a trailblazer in the field.
FINALISTS NOMINEES
Jodi Finn
Eva’s Ridge Enterprises
Kate Nilon Eastern Star International
Rebecca Townsend NAB
Lacey Shields
NDIS Quality And Safeguards Commission
Rachaell Saunders National Protectives Services
Nidhi Joshi NAB
Anna Dart Westpac
Marina Toailoa
Niamh
Cunningham
Rebecca Townsend
Nidhi Joshi
Rachaell Saunders
Kate Nilon
Sonya Stephens
Jasmin Krapf
Jodi Finn
Louise Hanna
Christina Rose
Victoria Callaghan
Rimplejit Kapil
Jeevitha
Vijayakumar
Fariha Uddin
Anna Dart
Lacey Shields
Sermin Cesur
RACHAELL SAUNDERS: AUSTRALIA’S EXEMPLARY LEADER IN PROTECTIVE SECURITY
“Winning the Most Outstanding in Protective Security Industry award at the Women in Security Awards is a true honour, and it’s a testament to the hard work and dedication of both myself and my team. Having been in the industry for 40 years, I’ve experienced a wide range of challenges and had the privilege of protecting a diverse array of clients with unique needs. This recognition reflects not just my personal journey but the collective expertise and commitment of my team to consistently deliver outstanding results.
The award has reinforced our reputation in the industry, enhancing opportunities for collaboration and growth. It has inspired my team and me to continue innovating in protective security, ensuring we remain at the forefront of the industry.
Source2Create’s Women in Security Awards are crucial for recognizing the contributions of women in this field. By highlighting our achievements, these awards help empower future generations and showcase the diverse roles women play in driving the security sector forward.”
Rachaell’s journey into the security industry began out of necessity at the age of 18 when she took up what was meant to be just a job to pay the bills. However, this quickly turned into a career of unparalleled achievement. Early in her career, she faced significant pushback when pursuing a patrol officer role, as her company had never had a woman in that position. Despite this, Rachaell persevered and eventually acquired a patrol franchise covering
half of Melbourne, managing a team of eight officers—a remarkable accomplishment in a maledominated field.
In 1988, at just 20 years old, after undergoing training in defensive tactics and firearms in the USA, Rachaell founded National Protective Services. Though her expertise was initially in protective services, she recognised the need to diversify her company’s
offerings. She expanded into electronic security and secured transport, turning her small business into a comprehensive security provider. Under her leadership, National Protective Services grew into a nationwide operation with hundreds of employees, serving high-profile clients like the City of Melbourne, Telstra, Cabrini Hospitals, and the Victorian Department of Treasury and Finance.
Rachaell’s leadership goes beyond business expansion. She consistently strives to improve her expertise, earning multiple qualifications, including a Master’s in Marketing from Monash University, Certified Protection Professional (CPP), and Cybersecurity credentials from HarvardX. Her commitment to personal growth and industry knowledge is a testament to her drive for excellence.
One of the most notable aspects of Rachaell’s career is her dedication to giving back to the security industry. She has served as Secretary of the ASIS Victorian Chapter and made history as the first female Board member of the Australian Security Industry Association Limited (ASIAL), where she currently serves as Vice President. Her work with ASIAL and as a Board member of the Portable
Long Service Leave Authority (PLSA) highlights her commitment to shaping the future of the security industry and supporting her peers.
She has long been an advocate for fostering collaboration and maintaining strong client relationships, which has been a cornerstone of her business’s success. Her partnership approach is evident in the long-term relationships she has built with clients, such as the City of Port Phillip, which has worked with her for over 36 years. She has become more than just a service provider—she’s a trusted advisor and partner.
Throughout her career, Rachaell has encountered numerous barriers, from facing discrimination as a young woman in a male-dominated industry to dealing with challenging business circumstances like union action and employee theft. However, she has navigated these obstacles with resilience, learning valuable lessons along the way. She emphasises the importance of maintaining financial reserves, increasing the risk of detection to prevent theft, and ensuring proper risk management.
During the COVID-19 pandemic, Rachaell’s leadership was put to the test. National Protective Services was tasked with providing large-scale security services for the Department of Health and Human Services (DHHS), quickly ramping up from 30 to 1,500 security officers to support public housing, hotel quarantine, and emergency response. Despite the immense pressure, Rachaell remained focused on the well-being of her staff and clients, providing clear communication and stability during an uncertain time.
Rachaell’s passion for supporting disadvantaged communities is another defining feature of her leadership. She developed a program in partnership with the Salvation Army and Juno to provide employment opportunities for victims of domestic violence, covering the costs of their security training and licensure. This program not only offers flexible employment but also provides a pathway for survivors to rebuild their lives. This initiative has
been praised for its positive social impact, with the Salvation Army and Juno acknowledging Rachaell’s deep commitment to social procurement.
Rachaell’s accolades are numerous. She was a finalist in the Ernst & Young Entrepreneur of the Year Awards, has been featured in national marketing campaigns, and her company, National Protective Services, has won multiple awards for customer service, ethics, and training. The company is also a certified Women’s Business Enterprise through WEConnect, further demonstrating Rachaell’s commitment to diversity and inclusion.
Rachaell’s leadership style is grounded in her operational mindset and her ability to recognise and nurture talent within her team. Many of her employees have worked their way up through the
business, and she has a long-standing commitment to providing opportunities for those from disadvantaged backgrounds.
Rachaell’s impact on the protective security industry is undeniable. She is not only a trailblazer but also a mentor, collaborator, and advocate for change. Her contributions to ASIAL and her leadership in National Protective Services have set new standards for excellence in the security field. Her resilience in overcoming challenges and her commitment to giving back to both the industry and her community make her a standout leader deserving of Australia’s Exemplary Leader in Protective Security Award. Rachaell continues to lead by example, proving that success comes not just from professional achievement but also from lifting others along the way.
CHAMPION OF CHANGE
Proudly Sponsored by
Winner
HighlyCommended
Peter Gigengack
WA Department of the Premier and Cabinet, Office of Digital Government
He has made great strides in advancing gender equality in cybersecurity. Through mentorship, involvement with AWSN, and dedication to DEI, he has boosted women’s confidence and fostered an inclusive environment. His efforts set a high standard for diversity, making her a true Champion of Change.
Jakub Zverina CyberCX
For your relentless efforts in empowering women and advancing gender equality in cybersecurity, he has led transformative events such as the Protective Security workshop and AWSN career sessions, significantly increasing female participation and fostering lasting change. His mentorship and initiatives have enhanced women’s skills, confidence, and helped create inclusive environments in the industry. His dedication to diversity continues to drive meaningful progress.
FINALISTS NOMINEES
Sam Brazier-Hollins
Fujitsu
Peter Gigengack
WA Department of the Premier and Cabinet, Office of Digital Government
Ben Doyle Thales
John Yates
Scentre Group
Jay Hira
KPMG
Jakub Zverina CyberCX
David Geber
David Cowan
Kolya Miller
Jay Hira
John Yates Pooya
Khanmohamadi
Toby Amodio
Edward Farrell
Joda Walter
Peter
Gigengack
John Penn
Raymond Schippers
Mark Jones
Jakub Zverina
Ben Doyle
Tom Gregory
Chathura Abeydeera
Mike Holm
Sam BrazierHollins
Dan Goldberg
Jeremy Somers
PETER GIGENGACK: A TRAILBLAZER IN CYBER SECURITY MENTORING AND ADVOCACY
"Being recognised as a champion of change strengthens my determination to understand what’s next and how do we achieve a broader positive impact. I love being able to serve and contribute to the community within cyber security. The AWSN and their mentoring program has provided me with opportunities to channel my energy into building others in such a focused manner. I underestimated what a series of (what appeared to be) small actions and investments into the women in the program would make. It has been rewarding to see the amazing, talented and determined women within the program navigate and succeed in the male dominated security industry.
Two things I’m passionate about being part of mentoring programs such as the AWSN Mentoring program; One, it unlocks mentoring to people at almost any stage in their journeyoften I’ve seen mentoring programs that are exclusive for more senior leadership. This model creates an inclusive experience and remains accessible due to it being built on the generosity of volunteers; Secondly, I am grateful to not only be able to support growing the future cyber talent and leadership, but also ensure we build an industry that brings together diverse individuals and broad experiences to solve the challenges within cyber. I feel like I’m only just warming up!”
Peter Gigengack, Director of Cyber Security at Western Australia’s Department of the Premier and Cabinet, Office of Digital Government, is a prominent figure in the cyber security landscape with over two decades of experience. In his role, Peter spearheads strategic cyber security initiatives and uplift programs across the Western Australian public sector, guiding efforts to enhance the region’s cyber resilience. His extensive career in IT and cyber
security has solidified his reputation as a leader and innovator in the field.
Peter’s commitment to mentoring and fostering diversity extends beyond his formal role. Within the Australian Women in Security Network (AWSN), he has become a pivotal mentor, guiding numerous women across Australia to advance their careers in cyber security. His dedication to supporting women
in the industry earned him the prestigious title of Mentor of the Year in 2023. This accolade reflects his unwavering commitment to advocating for diversity, equity, and inclusion, and his role as a true Male Champion of Change.
Peter’s mentorship is characterised by his proactive and impactful approach. He has mentored 14 women through the AWSN program over the past year and currently supports 11 active mentees. His efforts have had a profound impact, exemplified by his participation in high-profile events and initiatives. Peter has been a panellist at several key industry events, including the Perth Chapter AWSN International Women’s Day event and the AWSN Mentoring 2024 launch. His engagement extends to contributing to discussions at the “Mentoring Matters” event in Canberra and presenting at AISA Cybercon 2024, where he highlighted the power of mentoring within the AWSN community.
One of Peter’s most significant contributions is his commitment to creating a supportive and inclusive environment for neurodiverse and LGBTQIA+ individuals. His mentorship approach is rooted in empathy and adaptation, ensuring that all individuals,
regardless of their background, receive the support they need. This inclusive mindset has led Peter to join ADHD WA as a Board Member, where he advocates for better integration of neurodiverse individuals into the workforce and aims to enhance workplace practices to support this group effectively.
Peter’s initiatives have resulted in tangible and sustainable changes. Within his organisation, his advocacy for mentoring has led to increased adoption of the AWSN Mentoring Program, with more mentors and mentees benefiting from the program’s resources. His leadership has inspired others to participate in mentoring, contributing to a broader culture of support and development within the cyber security industry. Peter’s influence extends beyond his immediate environment, promoting a more inclusive and supportive industry-wide culture.
The success of Peter’s efforts is evident in the positive outcomes experienced by his mentees. Many have gained confidence and advanced their careers through his guidance. For instance, his support has enabled several introverted and shy individuals to attend networking events, leading to job opportunities and career growth. His coaching has also facilitated career advancements and provided valuable insights into government recruitment processes.
Peter’s motivation to champion change is deeply rooted in his passion for seeing others grow and succeed. His dedication to creating meaningful relationships and fostering an inclusive environment drives his ongoing commitment to mentoring and advocacy. Peter believes in the transformative power of mentoring and strives to model this approach, inspiring others to follow suit and contribute to a more diverse and innovative cyber security sector.
Peter’s role as a mentor and advocate in the cyber security industry exemplifies the impact of dedicated leadership and support. His initiatives have not only uplifted individual careers but have also contributed to a broader culture of diversity and inclusion within the field. His achievements highlight the significant difference one individual can make in fostering an equitable and supportive professional environment.
Enabling Fearless Innovation
Fostering female talent in cyber security and business resilience – from today’s cyber threats to tomorrow’s opportunities
THE ONE TO WATCH IN PROTECTIVE SECURITY
Proudly Sponsored by
Winner
HighlyCommended
Venessa Ninovic
NSW Police Force
From criminology to intelligence, she has made strategic contributions to law enforcement in cybersecurity. Her award-winning work, published in international journals and presented at major conferences, highlights her influence in protective security. Despite beginning outside the cybersecurity field, Venessa’s perseverance and innovative contributions, including work on drone security, set her apart as an emerging leader with ambitions to further shape the industry.
Anastasia Grivas
Paramount
A rising star in cybersecurity, she is recognized for her expertise in cryptocurrency tracing and played a pivotal role in AFP Operation Nebulae. She secured a prestigious secondment with CyberCX’s Cyber Intelligence team, where she represented the JPC3 and fostered critical collaborations in the fight against cybercrime. Her contributions mark her as a clear "One to Watch" in protective security.
FINALISTS NOMINEES
Felicity Le
Risk & Security Management
Anastasia Grivas
Paramount
Amber Spence
Insignia Financial
Venessa Ninovic
NSW Police Force
Andra Cimpean
The Department of the Premier and Cabinet of WA
Ayesha Qureshi
NSW Department Of Communities and Justice
Tian Sang
Ciara Crimmins
Maryam Shoraka
Laurie Ruymaekers
Amber Spence
Venessa Ninovic
Anjali Varghese
Alexandra Cocks
Ayesha Qureshi
Paravathy
Balachandran
Urvu Janani
Lyan Aljomeidi
Kessia Packbiers
Medha Mishra
Shantelle
Patturajan
Bec Caldwell
Sandhya Gawali
Nievedha
Karthikeyan
Andra Cimpean
Kirsty Van Den Berg
Taylor Parsons
Emily MajorGoldsmith
Felicity Le
Aleen Jumaa
Denise Stojceski
Nirja Mehta
Anastasia Grivas
Amber Flynn
Renae Schilg
Nadiya Zacharia
Geet Hira
Ellen Brookes
Carmen Chang
Beverly Almeida
Helen Huban
VENESSA NINOVIC: THE ONE TO WATCH IN PROTECTIVE SECURITY
“Being awarded the ‘One to Watch in Protective Security’ at the Australian Women in Security Awards 2024 means so much to me. It is an honour to have been nominated alongside distinguished women in the industry. Having my efforts in the intelligence space recognised, encourages me to continue working hard to achieve my goals. From presenting at conferences, to blogging and creating courses, if one person has learnt something new from my teachings, then all the effort is worth it and I am happy.“
In just a few short years, Venessa has skyrocketed from her criminology roots into the realm of intelligence, making her mark as a standout figure in protective security. While her current role involves making strategic recommendations to law enforcement on cybersecurity and online digital threats, it’s her efforts outside the office that have truly propelled her within the industry. Her commitment to giving back by sharing her knowledge and experiences has earned her recognition within
the intelligence world, and it’s clear that her impact is only just beginning to extend into the broader protective and cybersecurity sectors.
In 2022, Venessa was awarded the prestigious AIPIO Emerging Intelligence Professional of the Year award—an accolade highly regarded in intelligence circles. But her contributions to the OSINT (Open Source Intelligence) community suggest that this recognition should also encompass protective and cybersecurity. Venessa has established herself as a thought leader through her Medium blog, where she regularly shares insights with her growing community on LinkedIn and Twitter. Her work has been published in the International Journal of Contemporary Intelligence Issues, and she has spoken at several key industry events, including AIPIO, BSides Sydney, AWSN Sydney, the OSINT Symposium, and the SANS OSINT Summit. Adding to her accomplishments, Venessa developed and published a highly acclaimed course on Drone Security and OSINT with DroneSec, which has received stellar reviews from intelligence practitioners in Australia, the United States, and Europe.
Despite these significant achievements, Venessa’s journey is only just beginning. Her future career plans and aspirations point to even greater accomplishments ahead, and it’s clear she is
poised to become a key figure in protective security and beyond.
Venessa’s rise to prominence didn’t come without its challenges. She began her career in criminology, working as a Court Officer in the NSW Court system, far removed from the cybersecurity and intelligence world. However, a chance encounter with cybersecurity through an online Capture the Flag event sparked a new passion. She threw herself into learning about OSINT, its techniques, and the broader world of intelligence. Despite not having a traditional background in cybersecurity, Venessa’s persistence and willingness to step outside her comfort zone have been instrumental in her success. She actively sought guidance from industry professionals and embraced networking events, overcoming her initial introverted tendencies to build meaningful connections. This determination has paid off, propelling her from a beginner to a thriving intelligence analyst in a demanding field.
Venessa’s influence on the protective security landscape extends well beyond her immediate professional responsibilities. Through her blog posts, presentations, and published course, she has fostered global discussions on emerging intelligence techniques, tools, and insights. Her work on detecting and analysing deepfakes—particularly the methods she has developed for scrutinising audio, video, and image-based fakes—has been a notable contribution to the protective security industry. This expertise has been shared not only through her blog and podcasts but also at conferences where she has sparked critical discussions on the future of cyber threats.
Venessa continues to demonstrate excellence and drive innovation in the protective security sector. She regularly shares trends and insights with her team, discussing new cyber threats such as phishing tactics, deepfakes, and emerging tools like the Flipper Zero. These conversations are vital to keeping her peers and the broader cybersecurity
community informed about the latest developments in the threat landscape. But it’s her work outside the office that truly showcases her dedication. Venessa goes above and beyond to share her research with the wider security community, recently contributing to our last issue of the magazine with an article targeted at parents, providing practical advice on safeguarding children’s digital futures. This act highlights her genuine commitment to making the online world safer for everyone, not just for personal career advancement.
Looking ahead, Venessa’s aspirations are focused on transitioning fully into the cybersecurity industry as a cyber threat intelligence analyst. With her current skills and experience in intelligence analysis across both law enforcement and the private sector, she is well on her way to achieving this goal. She has already mapped out her educational path, engaging in self-study through platforms like BlueTeamLabs and planning to pursue certifications from institutions like SANS. True to her collaborative nature, Venessa intends to document her career growth and share her knowledge with others who wish to make a similar transition. Her goal is to inspire and guide those looking to break into the cybersecurity field, just as she has done.
Beyond her personal career ambitions, Venessa is also eager to expand her contributions to the protective security industry by creating new educational resources. She aims to develop courses tailored to Australian intelligence practitioners, filling gaps in local knowledge that she has identified. By offering tools and techniques specific to the Australian market, Venessa hopes to equip her community with the skills they need to stay ahead in an ever-evolving security landscape.
Venessa is undoubtedly a rising star in protective security, and with her relentless drive and forwardthinking approach, she is well on her way to shaping the future of the industry.
CONVERGED SECURITY RESILIENCE CHAMPION
Proudly Sponsored by
Winner HighlyCommended
Meg Tapia Novexus
She exemplifies exceptional leadership in converged security by bridging cyber and physical disciplines, enhancing resilience against disinformation threats. Her expertise fosters collaboration, strengthens defences, and advances security convergence globally through proactive education and strategic insights.
Sandy Ortmanns
University of South Australia
For her outstanding leadership in integrating Governance, Personnel, Physical, and Cyber Security at UniSA, her work in developing security training, managing a defence facility, and addressing Foreign Interference and Influence has greatly strengthened UniSA's security culture and resilience. Recognized by key security bodies, her holistic approach ensures continuity and resilience, marking her as a true Converged Security Resilience Champion.
FINALISTS NOMINEES
Roseline Christopher
Sekuro
Sandy Ortmanns
University of South Australia
Meg Tapia
Novexus
Sammie Yuan
Australian Army
Meg Tapia
Sam Moody
Mandy Stanbridge
Sandy Ortmanns
Frances Bouzo
Roseline Christopher
Sammie Yuan
CHAMPIONING CONVERGENCE: MEG TAPIA'S VISION FOR INTEGRATED SECURITY IN AN INTERCONNECTED WORLD
Meg Tapia, the Managing Director of Novexus, is on a mission to reshape how organisations think about security in our interconnected world. Recently recognised with the Converged Security Resilience Champion award, she’s been making waves in the field by integrating digital and physical security in innovative ways. With a background in foreign policy and national security, Meg leads a boutique advisory company that helps clients navigate the ever-changing landscape of national security threats, especially the complex issues surrounding disinformation.
What sets Meg apart is her passion for raising awareness about the connections between cyber and physical security. Through engaging speaker sessions and information-sharing events, she’s been tirelessly working to help both corporate and government audiences understand that threats in the digital realm can have serious, realworld consequences. Meg often points out how manipulated narratives can spark violence or
compromise the safety of critical infrastructure. It’s all about helping people grasp that the boundaries between online activities and physical security are more blurred than ever.
One of the biggest hurdles she faces is breaking down the siloed thinking that often separates cyber and physical security functions. Many organisations still struggle to understand the physical-digital nexus, which can lead to fragmented approaches to security. Meg has been proactive in tackling this challenge head-on, investing significant effort into communication and education. Thanks to her dedication, she’s seen real changes: executives are starting to identify disinformation as a risk that needs to be on their corporate radar, and analysts are getting better at spotting and responding to disinformation threats.
Collaboration is at the heart of Meg’s approach. She’s made it a priority to bring together teams from both the cyber and physical security domains. By
w w w . c o n v e r g i n t . c o m / a u
Be part of a dynamic, cutting-edge team in the Security & AV ecosystem.
W S T A R T S H E R E ! Y O U R N E X T C A R E E R M O V E
P P L
N
CYBERSECURITY CHAMPION
Proudly Sponsored by
Winner
HighlyCommended
FINALISTS
Nivedita Newar
UNSW
Vannessa Van Beek Avanade
Kate Glasson
The Lottery Corporation
Asou Aminnezhad
Microsoft
Jana Dekanovska
Crowdstrike
Karley Donnelly
SA Power Networks
Vannessa Van Beek
Avanade
Her unparalleled mentorship and advocacy for diversity have not only transformed cybersecurity teams but also set new benchmarks for leadership and empowerment in the industry. Through her leadership and advocacy, she has made significant strides in cybersecurity, driving innovation and increasing female representation across various organisations. Her unwavering dedication to promoting diversity and enhancing cybersecurity practices underscores her exemplary role in the industry.
Jana Dekanovska
Crowdstrike
As a trailblazer in cybersecurity, she has become a key voice in cyber threat intelligence. Her dedication to advancing the field through education and mentorship has made her a role model, especially for young women. Through impactful public speaking, she has inspired many and showcased cybersecurity as a rewarding career. Her passion and commitment to empowering others truly exemplify what it means to be a Cybersecurity Champion.
NOMINEES
Minya Vasili
Hadar Warshitzky
Kristina Blazevska
Lissette Star
Chantelle Ralevska
Vannessa
Van Beek
Zian Fernandes
Gabriela
Guiu-Sorsa
Laura Christie
Shammi Shah
Deanne Hoare
Vidhu Bhardwaj
Anna Furlong
Mandy Stanbridge
Vicky Sharp
Asou Aminnezhad
Samantha
Van Stokrom
Naima Hassen
Kirstie Lemmon
Jana Dekanovska
Kate Glasson
Karley Donnelly
Rashmi Bisl
Kelsy Zalfelds
Kat Loaiza
Del Pozo
Tiana Inman
Amber Wu
Stephanie Owen
Cathy Jenkins
Jennifer Thomas
Brianna Marlow
Rujuta Kulkarni
Nivedita Newar
Annie-Mei Forster
Dibya Sinha
Harriet Farlow
Salma Hamad
Eimear Leyne
Belinda Noel
Shirin Jacobs
VANNESSA VAN BEEK: CYBERSECURITY CHAMPION AND ADVOCATE FOR WOMEN IN TECH
“Hearing my name was a whirlwind of emotions. The moment of hearing my name called felt like time stood still. Like the phoenix, I’ve faced challenges and setbacks, each time rising stronger. The award felt like a celebration—not just of my work, but of the entire cybersecurity community and the people who have supported me along the way. It’s a moment I’ll carry with me, a reminder of the power of perseverance, growth, and the ability to rise."
Vannessa Van Beek’s advocacy for gender diversity in cybersecurity has led to a transformative shift at the ASIA PerthSec conference, resulting in a marked increase in women speakers. Her impactful talks and publications explore the intersection of psychology, wellness, AI security, and cybersecurity, enriching the industry’s understanding of how these elements intertwine. Through her efforts, Vannessa has demonstrated the importance of representation
and the power of collective action in building a more inclusive and diverse cybersecurity field.
Her dedication to transforming security operations is evident in her leadership and initiatives. Vannessa managed a Security Operations environment protecting 20 Australian organisations for three years post-COVID, witnessing firsthand the toll chronic stress takes on professionals in this high-pressure field. From a colleague who worked 700 hours over two months during a cyber incident to security professionals grappling with health issues like migraines, sleep deprivation, and even life-altering diagnoses, Vannessa saw the hidden human stories behind cybersecurity. These experiences shaped her mission to prioritise the mental and physical wellbeing of those working in the field.
To combat this, Vannessa has championed the use of AI and automation in Security Operations Centers (SOCs), creating environments that are both effective and sustainable. Her work in maturing threat detection capabilities reduced the corporate risk profile of over 20 critical operations organisations across Australia, serving sectors like law enforcement, education, and healthcare. By
testing rules, addressing gaps in the Mitre ATT&CK framework, and implementing additional global rules, her team improved threat protection coverage by 40%, a significant advancement given the wave of cyberattacks during that period.
Beyond threat detection, Vannessa amplified security awareness by leading her team to publish over 100 advisories for Security Operations customers, ensuring these were actioned by on-site teams. Her belief that “security is everyone’s business”
led to engaging over 1,400 IT professionals, fostering a culture where security was prioritised across organisations.
Vannessa’s influence extends into securing the design of technological solutions. She led a change program at Avanade Australia, ensuring that security was integrated into every solution delivered across domains like modern work, cloud, ERP, and AI. By embedding baseline controls, secure coding practices, and rigorous testing into every application, Vannessa ensured that these solutions were built to withstand cyber threats from the ground up. Her involvement in deal reviews and direct leadership with solution architects solidified security’s role early in the design and build process, an approach that has become a model for security-first thinking in the industry.
One of Vannessa’s most forward-thinking contributions has been her work in integrating AI and automation into security operations. As part of Microsoft’s early access program for Copilot for Security, she designed a Minimal Viable Product offer that integrates generative AI into SOC workflows. By modernising the top three runbooks used in incident response, she reduced execution time from three hours to six minutes, demonstrating the power of AI in easing the burden on security professionals. The pilot program, which Vannessa helped shape, is set to expand globally, offering transformative capabilities to SOCs worldwide. Her leadership in this area highlights the potential of AI to not only enhance security defences but also improve the quality of life for those working on the front lines of cybersecurity.
Despite these successes, Vannessa has faced significant personal and professional challenges. Feelings of imposter syndrome, unconscious bias, and the tragedy of losing two family members to violence shaped her journey. As the only woman in many security risk discussions, she has encountered microaggressions, such as being excluded from informal networks or interrupted during meetings. Yet, Vannessa has transformed these experiences into opportunities for advocacy and mentorship.
She is known for her “Assume she is technical and capable of breathing fire” T-shirts, which empower her female technical leads and challenge stereotypes with humor and passion. By nurturing others and building inclusive environments, she has become a leader who champions underrepresented voices and ensures that all team members feel valued.
Vannessa’s leadership style is grounded in empathy, resilience, and empowerment. Her integration of Brene Brown’s “Dare to Lead” principles has shaped a team culture where individuals are encouraged to take on challenges, grow in their roles, and pursue their career aspirations. Through mentorship programs like the Microsoft Women Rising initiative, Vannessa has guided over 50 women, many of whom have achieved significant career advancements under her leadership.
Her impact on the cybersecurity industry is undeniable. From her technical expertise in maturing threat detection and integrating security into every facet of operations to her innovative approach in using AI to transform security workflows, Vannessa is a trailblazer in her field. Her ability to balance technical excellence with a focus on people— mentoring the next generation of cybersecurity leaders, advocating for mental health, and fostering inclusive work environments—sets her apart as a visionary leader.
In a field often defined by the relentless pace of change, Vannessa Van Beek stands out for her commitment to sustainability, diversity, and innovation. Her work is not only about improving security systems; it’s about building a future where the people behind those systems can thrive.
MOST INNOVATIVE EDUCATOR IN CYBERSECURITY
Proudly Sponsored by
Winner
HighlyCommended
Emma Kirby
Macquarie Group
She has transformed cybersecurity education, emerging as a thought leader with persona-based training and large-scale events engaging over 6,000 staff members. Her initiatives, including partnerships with digital education programs, have reduced phishing click rates and boosted reporting. By using AI for personalised learning and expanding cyber awareness, she ensures education remains inclusive and adaptable to evolving threats. She is truly an innovative educator.
Cybermarvel
NSW Department of Education
Cybermarvel program is leading the way in online safety and cybersecurity education in primary schools across Australia while inspiring high school students through career initiatives that address the cyber skills shortage early on. Through diverse resources, virtual classrooms, lesson plans, and teacher training for Safer Internet Day and Cyber Security Awareness Month, Cybermarvel is making a significant impact in raising cybersecurity awareness among students, staff, and parents.
FINALISTS NOMINEES
Reema Roche
Cloud Security Alliance
Hannah Gately
Cyber Security
NSW
Laura Christie
Bupa
Linda Li
Tesserent
Cybermarvel
NSW Department of Education
Emma Kirby
Macquarie Group
Caitriona Forde
Cait Cyber Safe
Melanie Youngson
CyberCX
Dr Sarah Bennett
Reema Roche
Cybermarvel from
NSW Department of Education
David Lee
Abed Hamdan
Nivedita Newar
Laura Christie
Linda Li
Hannah Gately
Phriendly Phishing
Chantelle Ralevska
Emma Kirby
Caitriona Forde
Solange Fecci
Melanie Youngson
EMMA KIRBY: TRANSFORMING CYBERSECURITY EDUCATION WITH INNOVATION AND IMPACT
"I’m honoured to have won the award for “Most Innovative Educator in Cybersecurity”. I’m very thankful for all the support I’ve received throughout my career, from my incredible female role models to the male champions of change. I’m also really proud to work at Macquarie Group who is truly committed to diversity, equity and inclusion."
Emma Kirby’s recognition as the Most Innovative Educator in Cybersecurity at the Australian Women in Security Awards is well-deserved. As the leader of the Cyber Strategy & Culture team at Macquarie Group, Emma has consistently pushed the boundaries of what cybersecurity education can be, both within her organisation and in the wider community. Her forward-thinking approach has transformed how cybersecurity awareness is delivered, combining her passion for inclusion and education with cuttingedge technologies and initiatives.
Over her three years at Macquarie, Emma has taken a holistic approach to cyber education, integrating innovative learning programs tailored to her
audience. She doesn’t just focus on formal training but incorporates hands-on, practical experience that staff can apply in their daily roles. One standout example is the customised persona-based training which personalises education based on individual needs. This level of customisation, informed by a PhD research study, ensures that each team member—from interns to directors—gets the specific cybersecurity knowledge they require.
Emma is a firm believer in making cybersecurity accessible to all, and her efforts in outreach reflect that. From educating not-for-profit organisations to sponsoring university programs, Emma has been pivotal in raising cybersecurity awareness and fostering new talent. One of her proudest achievements is her involvement in Macquarie’s sponsorship of ySafe’s Digital Experts Academy, which has reached 133 schools and over 3,600 students, equipping young people with essential digital safety skills.
Emma has also spearheaded the growth of Macquarie’s annual CyberSafe Week, a global event open to its 20,000 staff. She has expanded participation with a range of external experts and thought leaders, engaging staff on emerging threats and helping colleagues learn something new about
cybersecurity - a testament to Emma’s ability to make complex topics engaging and accessible.
Emma's educational efforts are designed for a diverse range of audiences, from specialists to the general public. She has delivered cyber safety sessions for parents and carers, equipping them with tools to help their children navigate the online world safely. She’s also engaged with universities, and ran a Capture the Flag competition, helping students explore careers in cybersecurity in an interactive and rewarding way.
Collaboration is at the heart of Emma’s work. She has formed partnerships with organisations like the Cyber Leadership Institute and the Australian Women in Security Network to create professional development opportunities for emerging talent. Emma also supports not-for-profits by holding cyber safety sessions, helping them build in-house awareness programs to mitigate risk.
Looking ahead, Emma is focused on continuing to push boundaries in cybersecurity education. She sees the growth of AI as a significant opportunity to further personalise training, offering tailored, real-time feedback to employees to keep their skills sharp. She’s also passionate about expanding cybersecurity knowledge beyond traditional corporate environments, believing that a more informed society will ultimately lead to safer communities.
In every way, Emma’s work embodies the innovative spirit that earned her this prestigious award. She’s not just educating; she’s transforming how people think about and engage with cybersecurity, ensuring that knowledge is shared broadly and inclusively across the industry and community. As the landscape of cyber threats evolves, Emma’s agile and creative approach will no doubt continue to inspire and protect.
“Starting
Jillian Lum Senior Manager, Cybersecurity
UNSUNG HERO AWARD
Proudly Sponsored by
Winner
HighlyCommended
Shyvone Forster Department of Home Affairs
For her extraordinary contributions to cybersecurity through her leadership in designing and managing security operations centres and pioneering key initiatives. Her proactive and innovative approach has greatly strengthened critical infrastructure. Her dedication to mentoring, commitment to diversity, and resilience in a demanding industry set her apart as a true leader. Beyond enhancing security measures, her influence has nurtured the growth of many young professionals, leaving a lasting impact on the cybersecurity field.
Nikola Orgill Deloitte
As a former professional footballer turned cybersecurity leader, she stands out for her innovative problem-solving skills, commitment to mental health and work-life balance, and advocacy for gender diversity in tech. His impactful transition into cybersecurity, leadership in Crisis and Resilience, and dedication to fostering a supportive work environment highlight his status as an Unsung Hero.
Karen Sullivan Northern Beaches Council
For her exceptional work in IT infrastructure, including proactive security measures, mentoring her team, and advocating for diversity and inclusion, she has made significant contributions to the cybersecurity field. Her efforts in reducing incidents and enhancing security highlight her impactful role in the industry.
UNSUNG HERO AWARD
Proudly Sponsored by
FINALISTS NOMINEES
Danielle Rosenfeld-Lovell
Telstra
Nikola Orgill
Deloitte
Julie Priest
Solis
Shyvone Forster
Department Of Home Affairs
Sheavy Kaur
Royal Air Force Association
Karen Sullivan
Northern Beaches Council
Bharathi Anagha Coles Group
Alison Gunn
Nicole Murdoch
Nicole Stephensen
Danielle
Rosenfield-Lovell
Sheavy Kaur
Tenille Verrier
Pranali
Mandewalkar
Sulata
Bhattacharjee
Karen Sullivan
Radha Ramadev
Michelle Gatsi
Ellie Samadzadeh
Daniela Koulikov
Emily Borgo
Saleshni Sharma
Mary Tokic
Julie Priest
Tanu Bains
Angie Murray
Abby Taleppadi
Reshmi Devi
Christelle De Lavigne Ambiy
Rajeswariamma
Kate Buskes
Margaret Ornsby
Bharathi Anagha
Natasha Steele
Naima Hassen
Shyvone Forster
Kate Ellis
Juliana Bachtold
Irene Robinson
Angela Champion
Urvi Janani
Nitharsha
Vanatheva
Nikola Orgill
SHYVONE FORSTER: THE UNSUNG HERO OF CYBERSECURITY
Receiving the Unsung Hero award is deeply meaningful after more than 20 years in cybersecurity, often as the only woman in the room. This recognition reflects not just my personal journey, but also the privilege of mentoring others and watching their passion for cybersecurity grow. It symbolizes resilience, progress, and the joy of helping shape the next generation in this field I love. I am truly honoured and humbled by this recognition."
Shyvone Forster is a true trailblazer in the world of cybersecurity. Her journey through the IT security industry, and its evolution into the cybersecurity sector as we know it today, is marked by her relentless drive to challenge the status quo and reshape the way the industry approaches security. From spearheading the transformation of “Trusted Access” models to the innovative “Zero Trust” framework, Shyvone has been at the forefront of revolutionary change. Her work in establishing Cyber Security Operations Centres in two of Australia’s most respected federal agencies, as well as her efforts in positioning cybersecurity policy and advisory teams as key centres of influence, has left a
lasting impact on government departments and the broader security sector.
What sets Shyvone apart is her genuine passion for understanding complex challenges and forging ahead with a clear vision and a courageous mindset. Her communication style—clear, warm, and engaging—has inspired countless others along the way. Whether she’s rallying her team behind a shared vision or guiding individuals through tough times, Shyvone has a unique talent for bringing out the best in those around her. She has consistently demonstrated her commitment to fostering a supportive, energised team environment, where everyone feels empowered to stretch, grow, and challenge themselves. Her leadership is grounded in a thoughtful balance of calculated risk, sound business judgement, and technical expertise, making her a standout figure in the industry.
Shyvone’s ability to lead through collaboration is one of her most defining traits. She regularly leads workshops, engages with vendors, and participates in cybersecurity promotional events, all while advocating for increased training and employment opportunities in the sector. Her commitment to nurturing the growth of her team and colleagues is unwavering. She has become a popular mentor, particularly to cadets, graduates, and new starters, due to her skill in breaking down complex concepts
and translating them into actionable plans. Her mentorship has left a lasting impact on those she’s worked with, from young professionals to seasoned veterans.
Of course, no journey to success is without its challenges, and Shyvone has faced her share of obstacles. Whether it’s managing conflict, competing for limited resources, or influencing key decisionmakers, she has always navigated these hurdles with integrity and resilience. In a fast-paced, competitive industry where resources and recognition are highly sought after, Shyvone has remained steadfast in her values. She has shown remarkable strength of character, staying true to her principles while driving difficult projects to completion. Her ability to balance the demands of a competitive environment while maintaining harmony within her teams has been instrumental in her continued success.
Shyvone’s achievements have not gone unnoticed. She is widely recogniSed as an early leader in identifying emerging cybersecurity technologies and approaches, setting up and managing Cyber Security Operations Centres, policy and governance frameworks, and digital forensic investigative capabilities in several of Australia’s most respected federal government agencies. Beyond her work in these technical areas, Shyvone has become a respected voice in the cybersecurity community, regularly speaking at industry events and career roadshows, where she advocates for cybersecurity career pathways and employment opportunities. Her dedication to sharing her knowledge and promoting the industry is just another example of her passion for fostering growth and innovation.
For Shyvone, cybersecurity is not just a career— it’s a calling. Her passion for the field is evident in everything she does. It’s fueled by her deep curiosity, her desire to explore uncharted territories, and her determination to break new ground. She is never deterred by challenges or the fear of trying something new. In fact, it’s this willingness to take bold steps that has defined much of her career. Drawing on her diverse background in engineering,
law, and business management, Shyvone brings a unique and well-rounded perspective to her leadership in cybersecurity. Her ability to integrate knowledge from these various fields into her work makes her a truly innovative leader.
Ultimately, it is Shyvone’s authenticity, adaptability, and forward-thinking leadership that sets her apart from others in the industry. Over the past 15 years, she has led transformative changes that have had a profound impact on both government operations and the cybersecurity sector as a whole. Her ability to navigate change, inspire others, and maintain a clear focus on achieving successful outcomes has made her an indispensable leader. Shyvone’s tenacity, positive outlook, and unwavering commitment to her team and her work have made her a deserving recipient of this year’s Unsung Hero Award. Her contributions to the field of cybersecurity are nothing short of remarkable, and her legacy of excellence continues to inspire all who have had the privilege of working with her.
NEURODIVERSITY IN CYBERSECURITY EXCELLENCE CHAMPION
Proudly Sponsored by
Winner
Cayley Wright
Deloitte
Her advocacy for neurodiversity in cybersecurity drives inclusion and equity within her organisation and beyond. She champions equitable practices and leads initiatives like the cadet program, opening doors for neurodivergent individuals. Her advocacy, public speaking, and mentoring efforts have fostered a more inclusive environment, empowering others to thrive. Through her leadership, she has successfully integrated neurodivergent talent and inspired change, making her a very deserving recipient of this award.
FINALISTS NOMINEES
Angela Champion
White Rook Cyber
Claudia Foley
Tesserent Cyber Solutions By Thales
Cayley Wright
Deloitte
Mina Zaki
KPMG
Mina Zaki
Angela Champion
Cayley Wright
Claudia Foley
CHAMPIONING INCLUSION: CAYLEY'S IMPACT ON NEURODIVERSITY IN CYBERSECURITY
The inaugural Neurodivergent in Cyber Champion Award couldn’t have found a more fitting recipient than Cayley, whose tireless advocacy and handson initiatives have created a lasting impact both within her organisation and the wider cybersecurity community. Cayley is not just a leader in name; she actively embodies the principles of inclusion and equity, particularly for neurodivergent individuals. Her work has revolutionised the way Deloitte approaches diversity, ensuring that everyone, regardless of cognitive differences, has the opportunity to thrive and succeed.
Cayley leads by example, fostering understanding and acceptance in every environment she touches. Whether it’s through her public speaking
engagements, panel discussions, or day-to-day interactions, Cayley shares personal stories that resonate deeply with her audience. Her openness about her own neurodivergence encourages others to acknowledge their challenges and seek the support they need. One particularly poignant story involves a colleague who felt overwhelmed by his inability to start tasks. Cayley, drawing on her experience with ADHD, offered practical advice that shifted his mindset and gave him the tools to manage his work more effectively. This is just one example of how Cayley makes a difference, not only by offering solutions but by showing that success is possible, even in the face of cognitive hurdles.
As an Inclusion and Diversity Talent Officer, Cayley has championed neurodivergent-friendly policies and practices within Deloitte. She has been instrumental in shaping the company’s recruitment and hiring processes, making them more equitable for all. Her work in this area ensures that Deloitte’s approach to talent acquisition is inclusive, giving neurodivergent individuals a fair shot at success. She has also led the cadet program, which opens doors for neurodivergent individuals to enter the cybersecurity field, a sector that can often feel daunting and exclusive. Under Cayley’s leadership, this program
has not only provided valuable career opportunities but also highlighted the unique strengths that neurodivergent individuals bring to the table.
Cayley’s influence extends beyond policy; her mentorship is equally transformative. She provides one-on-one mentoring to neurodivergent individuals, ensuring they feel valued and supported in their roles. Her approach creates a safe space where people can discuss their needs without fear of judgement, which fosters an environment where everyone feels they belong. This level of care and attention has been particularly impactful in fields like cybersecurity, which can be fast-paced and demanding. Cayley’s mentees, many of whom have transitioned into permanent roles, often credit her with giving them the confidence and tools they needed to excel.
Her leadership goes even further with her innovative ‘ways of working’ discussions. At the start of every project, Cayley ensures that team members are given the opportunity to express their preferred working styles. This simple but effective initiative has allowed neurodivergent employees to work in ways that best suit their needs, whether that means flexible hours, remote work, or accommodations that help them perform at their best. Her approach is a testament to her understanding of the diverse ways in which neurodivergent individuals operate, and her commitment to fostering a supportive and inclusive work environment.
Cayley’s work has had tangible outcomes. Neurodivergent individuals who have gone through Deloitte’s cadet program and benefited from her mentorship have flourished, not only in their roles but also as contributors to the cybersecurity industry. They bring fresh perspectives and unique problemsolving abilities, enriching their teams and the projects they work on. The success stories that have emerged from these programs are a direct result of Cayley’s dedication to inclusion and her belief that everyone deserves the chance to shine, regardless of their cognitive differences.
Her impact reaches beyond Deloitte as well. Cayley regularly participates in industry events, speaking on
panels and sharing her insights on neurodivergence. Her contributions have helped raise awareness about the challenges and opportunities neurodivergent individuals face, furthering the dialogue on inclusivity in cybersecurity and beyond. Through these engagements, she is not only advocating for systemic change but also educating others, ensuring that neurodivergent individuals are recognized and valued for their contributions.
What makes Cayley truly deserving of this award is the scale and difficulty of what she has achieved. Changing entrenched practices and attitudes within an organisation, especially in an industry as fastpaced and demanding as cybersecurity, is no small feat. Yet, Cayley has done just that, paving the way for neurodivergent individuals to feel included and empowered. Her leadership, innovation, and unwavering commitment to equity have created a ripple effect that will continue to influence Deloitte and the broader industry for years to come.
There is no slowing down for Caley, she remains deeply committed to fostering a more inclusive future for neurodivergent individuals. Her advocacy, mentorship, and leadership are a testament to her belief that everyone, regardless of their cognitive differences, deserves a place at the table. For these reasons, Cayley is not just a deserving recipient of the Neurodivergent in Cyber Champion Award—she is an inspiration to all who strive to create a more inclusive and equitable world.
PROTECTIVE SECURITY CHAMPION
Proudly Sponsored by
Winner
Nadia Hammoud
NBN Co
For her leadership in advancing gender equality and enhancing safety in protective security, her innovations, including a welfare check app and a domestic violence policy, highlight her dedication to empowering women and non-binary individuals. Her resilience and impactful leadership exemplify the positive change she brings to the field, establishing her as a remarkable leader whose approach should be emulated across the industry.
FINALISTS NOMINEES
Asou Aminnezhad
Microsoft
Nadia Hammoud
NBN Co
Anonymous
Westpac Group
Priya Eluru
Avanade
Anonymous (Westpac Group)
Priya Eluru
Asou Aminnezhad
Nadia Hammoud
EMPOWERING CHANGE: NADIA HAMMOUD'S JOURNEY AS A PROTECTIVE SECURITY CHAMPION
Nadia Hammoud is not just a name in the protective security industry; she’s a force for change. As the winner of the Protective Security Champion award, Nadia has made it her mission to support and empower women and non-binary individuals in an industry that has often struggled with diversity and inclusion. Her dedication and passion shine through her work and the initiatives she champions.
Nadia currently links the crucial roles of cyber and operations in a converged security function, which integrates physical, personnel, and IT security under a shared accountability to the Chief Security Officer. Her career has been marked by a commitment to creating pathways for others, particularly those who face systemic barriers.
One pivotal moment in her journey came when she decided to channel the bias and discrimination she encountered into actionable change. After experiencing challenges in her career, she became involved with the Victorian Equal Opportunity and Human Rights Commission (VEOHRC) to address gender equality at Victoria Police. As the Chair of the committee overseeing the VEOHRC review recommendations, Nadia took ownership of the process and budget. She collaborated closely with
the Assistant Commissioner of Police to develop a mentoring program for women in policing. This initiative promoted not only career development and upskilling but also created events that catered to women’s needs.
Nadia’s impact extends beyond formal programs. She actively engages with women in policing, eager to listen to their stories and provide support. She particularly enjoys helping those who are considering a transition from policing to corporate roles, offering assistance with resume building and job interview techniques. For Nadia, it’s about making the journey smoother for those who follow in her footsteps.
One of her most innovative contributions is the development of an app designed to enhance the safety and well-being of field engineers at nbn. Traditionally, these engineers would receive multiple welfare check calls throughout their shifts, often concluding with a late-night call to confirm their safe arrival home. This process was not only disruptive but could lead to delays in communication. Nadia’s app allows engineers to log off securely and notify the security team that they made it home safely, without the need for a late-night phone call. One engineer even called the program an “absolute
lifesaver,” highlighting how practical solutions can significantly impact employees’ lives.
Nadia’s work doesn’t stop there. She has been instrumental in developing a domestic violence policy for women and non-binary staff at nbn. Following a distressing incident involving a female field worker, she conducted a detailed Security Risk Assessment and pushed for a personal duress alarm system. This initiative is currently being trialed, demonstrating her commitment to creating a supportive environment for all employees.
What drives Nadia is a deep-rooted belief in being a “power for good.” She reflects on her career and emphasises the importance of not accepting the status quo. Instead, she advocates for positive change, ensuring that the barriers she faced do not hinder others. Even after leaving the police force, her legacy lives on through the continued success of her programs, which empower countless women and promote a more inclusive environment.
Throughout her journey, Nadia has faced her share of challenges, including racism and discrimination. She recalls an instance during her career when a colleague made a derogatory joke about her ethnicity, but rather than allowing that to define her, she transformed her anger into advocacy for change. Her resilience and determination to make a difference set her apart as a true change champion.
As she continues her work at nbn, Nadia remains passionate about the future of diversity in the protective security industry. She envisions a landscape where diverse voices are not only welcomed but celebrated, ensuring that everyone can reach their full potential.
Through her tireless efforts and unwavering commitment, Nadia Hammoud is not just breaking down barriers—she’s paving the way for a brighter, more inclusive future in the protective security sector. Her journey is a powerful reminder that change is possible when we dare to speak up and take action.
9 OCT 2025
