Women Shaping the Cyber Security Industry
Whilst the demand for cyber security expertise has never been so high amongst organisations, there is a significant skills shortage within the industry. What is also alarming is that the percentage of those roles which are occupied by women is so small.
In 2013, research firm Frost and Sullivan found that women made up just 11% of the global cyber security workforce, however new research from Cybersecurity Ventures predicts that women will represent more than 20% of the global cyber security workforce by the end of 2019.
While this shows that progress is being made, we’ve still got a long way to go when it comes to improving diversity. We would like to take a look at some of the women role models within the sector leading the way for a change.
Melanie Oldham, Founder and CEO of Bob’s Business
Melanie’s journey began back in 2007 when she was tasked with supporting the IT team at the Mid Yorkshire Chamber of Commerce to develop a method of translating cyber security into a format that staff would easily understand.
11 years later Melanie has become a reputable and well-respected force in the infosec sphere, dedicating herself to raising cyber security awareness within organisations and breaking down the barriers between IT teams and their staff.
Carolyn McKenna, Senior Information Security Compliance Officer at Smart DCC
Having worked in the telecoms sector for over 20 years, Carolyn’s interest in security and risk management and fraud prevention was sparked when she was given the opportunity to work on an innovative real-time fraud analysis project at Martin Dawes Systems.
She then moved across to the compliance team where she successfully implemented an information security management system to gaining ISO 27001 certification for the company. Along the way Carolyn has gained qualifications in ISO 27001 Implementation and Audit, and Business Continuity Management Systems as well as experience of PCI-DSS and regulatory controls.
Harvinder Notey, Compliance Manager at Intechnology PLC
In April 2014, having never worked with ISO 27001 and ISO 9001, Harvinder took the role as Compliance Officer at Intechnology PLC where she was given a month to get the business ready for their annual 27001 audit which they successfully passed and was promoted to Compliance Manager.
Harvinder has also gained qualifications as Lead Auditor and Implementer in both ISO 27001 and ISO 9001 and ISO 31000 Application of Risk to Management Systems. Harvinder is a team of one and has implemented ISO 9001 and ISO 27001 and various other certifications across the business in a short period of time before going on maternity in early 2017. Harvinder now works part-time and manages the company’s ISO 27001 and ISO 9001 certifications.
Cathryn Rogers, Online Security and Support Manager at Cornerstones Education
When Cathryn graduated from the University of Huddersfield in 2014 with a degree in music, she had no idea what she wanted to do with her career. She took an office administration job at Cornerstones Education, who was just about to launch their first online platform. Cathryn helped populate the platform with content and users, and built an effective customer journey.
The big challenge came when schools started asking security-based questions of their system, especially with the introduction of the GDPR, so Cathryn and the team decided to go all out and implement ISO 27001 across the business.
Caroline Kaye, MD and Principal Consultant at CRK Consulting Limited
Caroline is a working mum, running her own consultancy business, CRK Consulting Limited, delivering ISO 27001, ISO 9001, GDPR and Cyber Essentials to businesses across the UK.
Educated to degree level in IT and working in numerous IT roles, cyber security seemed the natural way forward for Caroline. The first opportunity to implement an Information Security Management System came about as a requirement to win some new business for an IT company. She took to it like a duck to water and enjoyed every minute of the work and volunteered for more of the same challenges. Fast-forward to today, Caroline is running her own company and has never looked back.
We asked them all a series of questions about their achievements, the state of the industry and what they think the future holds for women in cyber security.
What are your greatest achievements within the cyber security industry?
“Helping IT & compliance teams break through the communication barriers that exist between them and end users. Getting everyone to really understand the benefits that exist from adopting good cyber security practices and how a subject that creates so much resistance can really be made simple.”
“Organically growing a project that was a passion into an award-winning, internationally recognised business that provides employment and stability to a diverse hugely talented team of individuals.”
“I am really proud to work for Smart DCC, the secure national infrastructure that underpins the roll-out of smart meters across Great Britain. We have a great security team spread across three offices in the UK ensuring the total system meets the strict regulatory security controls our licence requires.”
“My greatest achievement has been to enter this industry having had no prior experience in it and excelling at it. It has allowed me to develop skills I never knew I had. There is lots of interaction with others especially key stakeholders.”
“I now have the curiosity to keep learning things and to ask the right questions and enough self-awareness to understand what I do and don’t know. This industry is really about managing risk and it’s very risky to believe you know everything when you don’t!”
“When Cornerstones planned to implement ISO 27001 in January 2018, I was promoted to Online Security and Support Manager, given the standard, and given four months until the certification audit to get things in place.”
“With the help of my fantastic team, Cornerstones are now fully certified, and is successfully monitoring and maintaining their Information Security Management System.”
“When my clients have that light bulb moment, when it all falls into place and makes sense, this gives me a warm fuzzy feeling inside knowing that I will be able to walk away from the company and they no longer need my services. They have the skills and confidence to manage their own systems and risks. That’s a job well done.”
What advice would you give to women looking to pursue a career within cyber security?
“I think it’s essential to acknowledging bad things are going to happen, but what’s important is how quickly you dust yourself off and rise to the challenge. Accepting this has helped me develop a resilience that keeps me going when curve balls come bounding in and knock me off my feet!”
“It’s tough when your kids say ‘Mummy I hate your work, I want you to stay with me today!’ But it makes me smile when they say ‘My mum teaches people to stay safe and not be silly online’. Knowing that I am helping secure their future makes it all worth it and I have made it my personal mission to make the online world a safer place”.
“I would encourage women to look at security career options, it’s a fast-paced environment and one in which you should never be bored!”
“Outside of work I am a married mum of one. Juggling home and work life can be difficult at times so having a supportive partner is so important to a successful career in security – luckily I have one.”
“I’ve worked in this industry for 5 years now and thoroughly enjoy it! I find it fascinating the way the industry continuously grows and changes so there’s always something new to learn.”
“There are lots of different careers available so first be open-minded about the type of role you start with. There is also a huge shortage of skills in the industry. So take a chance regardless of what you think your core strengths are – there will be a role for you!”
“It’s an exciting time to join the industry as the world of technology is evolving rapidly so it’s never straight forward! There’s a wealth of information, networks and support so you’re never alone.”
“I landed in this role completely out of my depth and I’m learning something new every day. Make friends, network, and don’t be afraid to challenge people and speak out.”
“Go for it, find what area of cyber security best suits you, technical or governance for example, seek new challenges and opportunities, accept that you will make mistakes, this is the best way to learn. Lean on other experts in the area, the people I have come across in this industry are so helpful and willing to share knowledge. Don’t be afraid to ask for help.”
“There are so many ways of learning, information and contacts are at your fingertips. Don’t be a know it all, sit back listen to people’s opinions, if you don’t agree, be constructive and work together – no-one knows everything.”
What is it like to be a successful woman in an industry predominantly made up of men?
“Initially, I found it quite awkward but now love the fact that I am able to inspire and energise an audience of IT professionals, that historically I was intimidated by. Knowing they really appreciate and respect my views and experiences is fantastic.”
“I was the first team member to be employed at our north-west office, and the first – still only – woman working in a security role at Smart DCC. We have a wide variety of skills within the department and we ensure we meet as a team regularly to share information and keep abreast of new developments.”
“Here at Smart DCC we promote diversity and inclusion within the workplace, and are looking for the best people for the job, regardless of gender, age or any other demographic characteristic.”
“Rewarding! I’m in a unique position in that I work very closely alongside other successful women in the industry who have brought a wealth of experience to help us as we enter into the world of cyber security. Despite the challenges we’ve faced along the way, the rewards have definitely been worth the effort.”
Outside of the workplace I conduct a brass band and come up against similar challenges because of my age and gender, so I feel confident that I won’t have any problem standing my ground as my career in the cyber security industry progresses.”
“Liberating. One of my line managers (male) told me that I would never be a success after having children and choosing to work part-time, from that point he constantly ‘kept me in my place’ and told me that I wasn’t good enough. Looking back, I realise he was threatened by my skills and knowledge, and eventually made me stronger and more determined. Since running my own business, I don’t see or have experienced any gender inequalities or even notice anymore that I’m the only female in the room, as my presence and input is valued, based on my experiences and knowledge gained over the years.”
“When I do take a step back and reflect, it makes me proud that I can run a successful business in a male-dominated environment, what a great message and role model for my daughter – my aim has been achieved.”