Women In Cybersecurity

CGP 24 | National Cybersecurity Awareness Month
Oct 1 2022 0 Comment

National Cybersecurity Awareness Month Special: Cybersecurity Is A Mission, Not A Job With Laura Whitt-Winyard

Podetize HostingPodcast

 

Cybersecurity is a mission, not a job. Today’s guest has 20+ years of experience to prove that. As part of our National Cybersecurity Awareness Month miniseries, we talk to Laura Whitt-Winyard, CISSP, CISM, CISA, CRISC, a Fellow at the Institute for Critical Infrastructure Technology and International Advisory Board Member at HMG Strategy. Laura got herself to cybersecurity through a slightly unconventional route. Now, she is one of the industry’s respected thought leaders and a role model for women in the space. Tune in as she joins Sherry Bevan to talk about her typical day as a CISO, the challenges she had to go through in her career, what she enjoys about her work, and the wisdom she can impart to women working in the sector.

Listen to the podcast here

 

National Cybersecurity Awareness Month Special: Cybersecurity Is A Mission, Not A Job With Laura Whitt-Winyard

In this mini-series, to celebrate National Cybersecurity Awareness month, I’m talking to a range of women about their careers in cybersecurity. In this episode, I’m delighted to be talking to Laura Whitt-Winyard. A very warm welcome to you, Laura.

Thanks, Sherry. Thanks for having me.

Laura has a whole string of letters after her name. She’s got a range of qualifications. She has worked for some leading companies, including Comcast and Bloomberg. Let’s jump right in and find out more about Laura’s career in the cyber world. Laura, could you start by telling us how you started in IT and cybersecurity and how your role has evolved over time?

I have been in cybersecurity for many years. I started in IT, and it was by accident that I went into cybersecurity. One of the companies that I was working for was Allstate Insurance Company. They were doing a lot of business with CNA Insurance Company in Chicago. Having talked with the CISO of a CNA insurance company, it turned out that their security architects had sabotaged their networking.

He asked me if I thought it was something I’d be interested in trying to help him fix, so I did. That’s how I got into cybersecurity. Subsequent to that, I realized that cybersecurity was my passion. It’s always changing. You never get bored. You’re constantly learning. You have the ability to affect positive change. Subsequent to that, I moved from CNA to Bloomberg, where I worked for some amazing people. I went to Comcast and worked for even more amazing people. It was a wonderful experience. It’s always an opportunity to learn.

That was quite a start in cybersecurity, being asked to pick up where somebody else has done some real damage, by the sounds of it.

CGP 24 | National Cybersecurity Awareness Month
National Cybersecurity Awareness Month: Typically, when you start a new company as a female, they assume you understand regulations compliance, and maybe the legal aspect, but definitely not the technical aspect.

 

It was crazy. I had to learn on the fly, which is probably one of the best ways to learn.

It’s interesting that you’ve got a slightly unconventional route into cybersecurity. That seems to be a common theme in this mini-series. Quite a few of the women I’ve interviewed already have not actively looked for a career in cybersecurity but landed in it by chance, almost.

Back in the day, very few people intended to go into cybersecurity. It wasn’t a career route that most people even knew about.

It’s very true. Perhaps you could tell us a bit more about what you do on a day-to-day basis in your role.

On a day-to-day basis, you spend quite a bit of time working on strategy and vision, trying to discern where the company is going, aligning the security strategy with business objectives, as well as staying on top of the latest trends, understanding a couple of years ago nobody thought too much about quantum computing. They thought it was so far off. Now it seems it’s on our doorstep. You spent a lot of time looking at what’s advancing in security and the latest trend and factors, but then taking that and marrying it with your strategy and the company objectives.

That sounds like a lot of thinking power that goes on in that type of role because you are having to look at what’s coming and predict how that might influence or affect operations for your business.

Cybersecurity is always changing. You never get bored, you’re constantly learning and you have the ability to effect positive change.

There’s quite a bit of a prediction, and I would venture to say even guessing. You look at what’s going on and try to ascertain how it could impact your company and its customers. Sometimes you get it right. Sometimes you get it wrong. Sometimes you’re too advanced for the company or are a little bit ahead of the time, and you’re not ready for it. A good example was when I was at Bloomberg. I was exploring anomalous detection back in 2005 and 2006. The cybersecurity world wasn’t ready for it, and neither was Bloomberg. Now, everybody talks about anomaly detection.

That’s one of the interesting things about working in this sector, particularly in technology, because it’s evolving quickly. There have been quite big changes as well over the last couple of years. Nowadays, the general public has more awareness and understanding of cybersecurity in general.

It’s extremely beneficial to a CISO. There’s a saying that says, “Don’t let a breach go unutilized.” The fact that it’s become more prevalent in the news, less and less executives and companies as a whole are saying, “That happens to other people. It doesn’t happen to companies like ours. We’re too small. Nobody knows who we are.” Now they’re realizing that is not accurate.

That general awareness has increased amongst the business itself rather than just being something that IT and the technical people understood. That’s a real positive in some ways.

It helps security leadership be able to explain the ramifications of not doing certain things and the benefits of doing certain things. It makes it much more applicable to the business in their everyday life when they see what can happen to other companies.

Tell me a bit about your career. What’s been the biggest challenge that you’ve had to deal with?

CGP 24 | National Cybersecurity Awareness Month
National Cybersecurity Awareness Month: There’s not one single person in cybersecurity who knows everything. Find your niche, find what you love to do in cybersecurity and focus on it.

 

I would say probably as a female being perceived as not technical. That’s the biggest challenge. Typically, you start a new company, they see you as a female, and they assume you understand regulations, compliance, and maybe the legal aspect, but not the technical aspect. It’s always, in a way, a little bit fun once they realize how extremely technical I am and the shock on their face. That’s one of the biggest challenges.

How do you get around that challenge? What do you that makes that less of a challenge?

It takes time working with the engineers, engineering leaders, and product leaders and being able to make recommendations that aren’t so along the lines of checking a box for compliance to say, “Maybe we can’t do this, but here are some opportunities and options that we could do something else.” Security coverage is typically surprised about the technical record I make, and it takes time being able to explain that to people.

That’s true in any organization, but perhaps more so for a female entering a very technical career, which is a bit frustrating at times. Hopefully, over the next few years, we’ll start to see that changing, and it would be becoming less of an issue. What about the things you’ve been most proud of in your career so far?

Becoming a CISO. I was very excited and proud. I must admit I was a little bit too excited and in disbelief that I had made it to the pinnacle of my career. Some of the other things I’m proud of is coaching some of the folks that have reported to me into other security leadership roles. I still maintain those relationships with them to this day and ensure that they pay it forward, and then also take chances on people who have never even once worked in cybersecurity but have a security mindset. Maybe they do Capture The Flag competitions and win in their free time, but they’ve never worked in cybersecurity or been educated in taking a chance on them and watching them flourish. That is also a very proud moment for me.

That must be a real fuzzy feeling moment for you to see people you have taken a risk with and to see them flourish. In some ways, it is even more rewarding than taking someone on who’s got the experience and the qualifications, and they flourished. Taking someone on where you’ve taken a risk is something extra.

Cybersecurity is not a job. It’s a mission. You’re not just there to protect the company. You’re there to protect their customers and their employees.

I hired a grocery store manager who didn’t have a degree at all, had no cybersecurity certifications, had never worked in cybersecurity, but had a massive server environment in his basement and entered Capture The Flag competitions in his free time. These are hacking competitions and had won several. He did not apply for the job. Someone that was a friend of his said, “You should look at this guy.” In talking to him, I was amazed.

It was the fact that nobody would ever pick a chance on him. He’s now flourishing. He’s doing so well. He’s paying it forward. He’s helping bring new people into the security community, which is half the battle. As you know, we have a skills shortage, and there are not enough cybersecurity people. For him to pay it forward to every person that I help pays it forward is a wonderful thing to see.

Paying it forward is so important, particularly since there is a skills shortage in cyber. The more good people, the more good talent we can bring in. Often they can be the ones who will be perhaps better at persuading others who don’t have that cyber experience. This is a field that you can work in and can flourish. That’s good. What is it that you enjoy about the work that you do? You clearly enjoy developing people, coaching, and watching them grow, but what else is it that you enjoy about the work?

It’s the ability to affect positive change to do good. When you work in cybersecurity, it’s not a job. It’s a mission. You’re not just there to protect the company. You’re there to protect their customers and their employees. It has a ripple effect. If I saved one customer from having a security incident or losing their data, that would affect their livelihood.

That also, in turn, affects their family. That ripple effect is part of why I do this. I also love speaking about cybersecurity. I’m passionate about it. You can ask my husband, who rolls his eyes every time we’re watching a show, and I’m talking about cybersecurity. In the cybersecurity community, this mission that we’re on is much bigger than the individual and the company. It’s a global issue.

What do you see as some of the potential barriers or challenges for women, in particular, starting or getting promoted in cybersecurity?

CGP 24 | National Cybersecurity Awareness Month
National Cybersecurity Awareness Month: Get as much knowledge as you can. Anytime you read something that is not resonating, Google it, research it, YouTube it, learn as much as you can.

 

One of the barriers is that they’re afraid of not knowing something and looking like a fool. One thing I’ve always said is there’s not one single person in cybersecurity who knows everything. It’s impossible. Find your niche. Find what you love to do in cybersecurity and focus on it. Don’t let anyone tell you that you don’t have enough skills or knowledge because you will get it. Not everyone has all of it.

What do you see as being the most important skills for anybody working in cybersecurity?

It’s the ability to translate technical into business. Being bilingual is one of the hardest skills to learn to be able to explain to the business something extremely technical but in a manner in which it relates to them and their business.

It’s that communication piece. That’s true no matter what part of technology you go into, particularly cybersecurity because it has a potential impact on the business itself. You need to be able to explain things in a way that others can understand so that it makes sense to them and that they know what decisions they’re making and what the ramifications are.

I still struggle with that. Many people in cybersecurity are of a different mindset. We’re very technical, logical, literal, and to be able to go into a conversation with varying personalities, if you’re speaking to the board or someone in risk, or development even, and to be able to set aside your technical knowledge and put it into language they understand. I have trouble with it even still to this day.

That’s true, no matter what field you work in. When you’re an expert in what you do and that knowledge is part of who you are, then it’s easy enough to take for granted what other people’s knowledge and understanding are. It’s such a common thing. What are the tips that you might have for women who are thinking about getting into cybersecurity? What would you suggest they do if it’s getting into the sector or want to make progress in the sector?

It’s really important to find out what your passion is within cybersecurity – what interests you, what really drives you. Hone in on that and learn as much as you can.

Read as much as you can. By read, I don’t mean books. By the time a book is released, some of that technology is already legacy. Read cybersecurity news. Set up alerts on your phone about anything cybersecurity. If you read a news article and you’re wondering, “What does this mean?” google it. Learn it. Try and research it. There’s free cybersecurity training out there all over the place. Go to security conferences. The security community nowadays is very different from what it was several years ago.

The security community nowadays is very much a community. Whereas several years ago, it was the most knowledge wins. I’m not sharing my information with you because you’ll be as smart as I am. There are things called BSides. There are tons of security conferences. The one I go to every year is DEF CON. It’s an annual hackers convention where anywhere from 20,000 to 30,000 hackers from around the world attend. It’s a very inexpensive conference compared to the others. Get as much knowledge as you can. Anytime you read something that is not resonating, google it. Research it. YouTube it. Learn as much as you can.

I was talking to somebody on a completely different subject the other day. We’re talking about bike mechanics. I cycle. I remember her saying, “You can learn whatever you need to learn nowadays. You can just YouTube it, and you’ll find out whatever it is you need to know.” The same is true for cybersecurity because so many people now are sharing their knowledge so much more openly on the podcast, YouTube, blogs, and things like that.

How many times have you had something going on at home, like your dishwasher or something, and you go to YouTube for a video on how to fix it? The same is true with cybersecurity. There’s so much to learn. There are so many different aspects of cybersecurity as well. Like I said, it’s important for you to find out, “What is your passion within the cybersecurity arena? What interests you? What drives you?” Hone in on that and learn as much as you can.

Thank you so much for sharing those tips. That knowledge piece is helpful. Often, women tend to have a tendency to think if they don’t know all the answers, therefore, they’re not good enough, expert enough, or don’t have the relevant experience. As you say, you can research so much nowadays online that there’s no reason to feel like that.

That happened to me early on in my career. I would not speak up. I would not say much in meetings for fear of looking like I didn’t know what I was talking about. It’s that insecurity. If I could say something to myself back then, it would be, “Don’t worry about being insecure. Almost everyone at the table is as insecure as you are. Not everybody knows everything.”

CGP 24 | National Cybersecurity Awareness Month
National Cybersecurity Awareness Month: Don’t worry about being insecure. Almost everyone at the table is just as insecure as you are and not everybody knows everything.

 

It’s such a good thing to remember. Thank you so much for your time, Laura. If people want to get in touch with you, is LinkedIn the best place to do that?

LinkedIn or Twitter, either one.

Thank you so much for joining us. I’ve enjoyed hearing about your career in cybersecurity. I love the fact that your start in cybersecurity was less than conventional, but being asked to go in and fix something that had gotten broken. That’s good to hear from that point of view how you got into cybersecurity. It’s clearly an industry that you’re passionate about and love.

Thank you so much for having me. Anyone who would like some free tips, coaching, or any websites I recommend for following the news or free cybersecurity training, can always reach out to me on LinkedIn or Twitter.

Thank you so much. If you’ve enjoyed reading about Laura’s career as a woman in cybersecurity, you can find more episodes at SherryBevan.co.uk. If this has sparked a thought in your mind about how to develop and retain your female talent in cybersecurity, please do get in touch with me, and let’s arrange an exploratory call. Thank you so much, Laura. Thank you to everyone who’s reading. See you next episode.

 

Important Links

 

About Laura Whitt-Winyard

CGP 24 | National Cybersecurity Awareness MonthLaura Whitt-Winyard is a Fellow at the Institute for Critical Infrastructure Technology and an International Advisory Board Member and Women in Technology board member at HMG Strategy. Previously, she was the CISO of Malwarebytes, Global CISO for DLL Group, Director of Security for Billtrust, and held senior leadership positions in security at Comcast and Bloomberg, LP.

CGP 25 | Crisis Management
Oct 1 2022 0 Comment

Interview With Ashley Baich Of Accenture To Celebrate National Cybersecurity Awareness Month

Podetize HostingPodcast

Joining us for another episode of our special National Cybersecurity Awareness Month series is Ashley Baich. Ashley is the Readiness and Crisis Management Security Consultant at Accenture in their Cyber Investigation, Forensics, and Response (CIFR) practice, responsible for helping organizations flex their crisis response capabilities. She chats with host Sherry Bevan about her journey into cybersecurity and why she had her sights set on the field before even graduating. Ashley also speaks on the challenges and possible turnoffs going into such a male-dominated industry, the strides being made to close the gaps, and the opportunities for more women entering the field. Tune into this episode to learn more.

Listen to the podcast here

 

Interview With Ashley Baich Of Accenture To Celebrate National Cybersecurity Awareness Month

In this mini-series, to celebrate National Cybersecurity Awareness Month, I’m talking to several women about their careers in cybersecurity. In this episode, I’m delighted to be talking to Ashley Baich. Welcome, Ashley. Thank you so much for joining me.

Thanks for having me, Sherry.

Ashley is a readiness and crisis management security consultant and has been working for Accenture for the past two years. Let’s jump right in to find out more about Ashley’s career in cybersecurity. Ashley, I know you’re a fairly recent graduate. What did you study before you got started in your consultancy career?

I graduated from the University of North Carolina, Chapel Hill, which is on the East Coast of the United States. I graduated with a BS in Information Science and a BA in Journalism.

Information Science and Journalism are quite an interesting mix. Was there a lot of overlap between the two?

Not overlap, but they complemented each other pretty well. I always knew I wanted to go into cybersecurity in some capacity and use those four years of undergrad to decide what aspect of security I wanted to be a part of. My Journalism degree came from the desire to bridge the communication gap between IT and business. Unfortunately, my university didn’t have a degree in Cybersecurity. Information Science was the closest thing that I could major in that gave me a little glimpse into the cybersecurity world, but I still had a lot to know when I graduated in 2020.

I’m curious because I don’t know many people who go to university thinking they want to get a career in cybersecurity. What is it about cybersecurity that piqued your interest so young?

My father has been in cybersecurity for the past 30 years. It was definitely a topic at the dinner table. That’s definitely where I initially found a spark, but then I was gifted the very unique opportunity in my senior year of high school to write a white paper for a startup. I’ve always been very passionate about writing. I didn’t know what type of writing I necessarily would want to do long-term.

The startup approached me and asked if I would be interested in writing a white paper. That white paper turned into five wonderful years being on their marketing team as an independent contractor as I went through my university years. By the end, I was the longest-standing member of their marketing team. They were acquired by Symantec, which had turned into Broadcom.

It was a great experience, but that was my first exposure to cybersecurity personally, besides hearing about it. I saw the wide variety of opportunities within the field. Even if at the end of the day, I only wanted to write, it was a cool thing to write about. That passion shifted more to the incident response crisis management side of the house, but that’s how I started. It was in my senior year of high school. I was eighteen years old trying to make a little extra money and here I am now.

There’s a wide variety of opportunities within the field.

My father worked for IBM so it was almost a given that I was going to end up in technology in some shape or form, but it certainly wasn’t the career that I had planned on doing. Often, it’s those conversations around the dinner table that spark or ignite a thought of what you might want to do later in life. How did you make the move into the role that you are doing now? Tell us about what you do now.

In between my junior and senior years of college, I realized I probably should get myself an internship. I had a lot of Business major friends who were applying to consulting. I was like, “Interesting.” I didn’t know that much about it. I started looking and saw that cybersecurity is an aspect of consulting. You can consult for cybersecurity. As someone who didn’t have a lot of experience in cybersecurity besides my marketing experience and then my Information Science degree, I was like, “We can do that.”

I had the opportunity to intern for Accenture between my junior and senior years. I worked for Accenture Labs. It was internally facing. I was helping them bridge the communication gap between all the awesome research that our researchers were doing and their ability to communicate that with the consultants to then be able to share with our clients. I still got to use my journalism degree and do that, but get to touch on different aspects of cybersecurity that I didn’t have the opportunity to do on the marketing team.

I then received my return offer going into my senior year of college, which was great. I got to enjoy that senior year knowing that I had a full-time job waiting for me at the end. I joined our technology development program as a security analyst. It’s a soft line to financial services. What was great about that start was I got to touch on a wide variety of cybersecurity projects. I did policy writing, a merger of two large financial institutions, and picking and choosing the best of each security program. I got asked to be part of surge support for nine days for a client who needed more hands and more help. Nine days turned into four months. I enjoyed the crisis management and response work that I had the opportunity to do for that client.

Slowly but surely, I found my way to the CIFR team and officially joined in November of 2021. That was my journey to my current role. As part of the Cyber Investigation, Forensics and Response team, I have the opportunity to help organizations prepare for crises as a readiness consultant, but then I also have the opportunity to go in as part of the crisis management team during actual incident response to help the C-Suite manage the crisis.

That sounds like you’ve crafted your journey into cybersecurity and it sounds like you’ve landed on your feet. I can tell from your enthusiasm that you love what you do, which is always good when you’ve got work that you enjoy. Ashley, clearly you love what you do and you’re very passionate about it. What’s been your biggest challenge working in the cybersecurity world?

I think the biggest challenge that I’ve had to deal with is something that a lot of people have dealt with working through the reality of a huge organization. With Accenture, I think we are at 750,000 employees now. It’s a huge organization and what comes with that is a set of rules and procedures that must be followed. The largest challenge I have seen as it relates to that is when it comes to the promotion cycle. While I wish at the end of the day, it was solely based on performance and what you’re bringing to the cap table and what you’re capable of and the experiences that you’ve had, at the end of the day, there are rules around how long you have to stay at a level before you can be promoted.

CGP 25 | Crisis Management
Crisis Management: At the end of the day, there are rules around how long you have to stay at level before you can be promoted.

 

That can be a frustrating challenge to endure because as part of the crisis management team, I’ve had experiences where I am sitting next to the global CISO of a Fortune 100 company, working with them directly day-to-day, and have made considerable impacts on their crisis response. While that might fall under the roles and responsibilities of someone at a much higher level than myself, I am still under the pay band and roles and responsibilities of a consultant.

It’s a challenge I deal with daily, but one thing that makes it enjoyable still is the team that I work for. Having the opportunity to sit next to the CISO, even with the title of consultant is quite an honor. We run a relatively flat team, which makes me have those opportunities. While it’s still a challenge, I’m able to overcome it by thinking about it that way. At the end of the day, if I’m still able to perform the responsibilities that let’s say a manager would perform, I’m still fulfilled.

What about your proudest achievement?

I would say my proudest achievement to date was the opportunity to set foot on a client site during a major cyber crisis. I walked into their war room and see the absolute dread on some of these C-Suite faces not knowing what the week was going to hold and how they were going to recover from this incident. Sitting beside them for three months over the Christmas holiday and not leaving that project until there were smiles on their faces. We had overcome all of the challenges.

They were in recovery. They were transforming their security posture and had the buy-in from the rest of the C-Suite to do so. They were getting the money they needed from the board of directors to continue to make this transformation into a stronger security team. I can’t put into words how that makes you feel. You go in when they’re at their absolute worst and you don’t leave until they’re in a much better situation.

It gives you that warm fuzzy feeling to know that you’ve gone in when they’re in a crisis and you’ve left when they’ve got those smiles on their faces again.

You can see the impact that you’ve made. I truly feel like I’m making a difference and that’s very rewarding.

What do you see as being the most valuable skills working in this sector?

In my role, I would say that the most valuable skills are oftentimes soft skills. I have a wonderful incident response team that goes in and does the more technical responsibilities when it comes to responding to a crisis like doing the forensics, eDiscovery, and all of that. My role specifically is more soft skill driven. It’s the ability to understand what the incident response team is doing, what the findings are, and drive the business value from that. Also, be able to communicate that with my key stakeholders, but then also help my key stakeholders communicate that to the rest of the organization.

The most valuable skills are oftentimes the soft skills.

In the meantime also, the organization is a huge one. During a crisis, there are a lot of different workstreams going on. There are a lot of cooks in the kitchen and third parties that need to be considered and things of that nature. Helping the C-Suite be able to organize themselves and develop relevant tasks, prioritize those tasks, and assign them to the right individual is extremely valuable. In a high-stress “what’s going on” situation, it takes a lot of organization and the ability to step back, remove yourself from the stress, have an open mind, and think through the strategy of how you’re going to tackle the day, the hour, the next ten minutes, and things of that nature.

Those are the two key skills that have helped me be extremely successful in the crisis setting. In the readiness setting, since I don’t just do crises, those are very high intense and long day situations. When I have the opportunity to take a step back and do readiness work, go into a client and help them enhance their incident response plan or run a crisis simulation and things of that nature, communication is still important. Also, being able to think outside the box and think through the crisis situations that I’ve been a part of. Helping organizations proactively continue to improve their incident response capabilities so that they can respond the best when they do fall victim is another skill that is important in the incident response crisis management world.

Opportunities for women in the sector, I know that there seems to be a skills shortage generally, but what are the opportunities for women in the sector?

They’re endless. I’ve talked to marketing. I’ve talked to communications and the business side of things. There’s a huge technical shortage as well. For me, being a part of that technology development program to start helping me identify what niche I wanted to be a part of, and there are endless niches. You can create your own.

I don’t necessarily think that my career path is going to be just crisis management, but even crisis management as a workstream is something that is still so new. There are not many organizations that have invested in that workstream yet. The beauty of the opportunities is endless. You can have an open mind and create your own. At the end of the day, there are a lot of organizations that would love to invest in women who are interested in developing a skillset, and finding what they want their niche to be.

It’s identifying a current gap in the security program where you can use the skillset you have to provide unparalleled value. That’s a hard question to answer because there are so many different ways that I think you could. For anyone that’s interested in getting involved and doesn’t think that they have the background to make a decision on what niche they want to be a part of, to begin with, I know most organizations these days have that development program. They have the opportunity for you to start and look at cybersecurity as a whole. Pick what aspects you want to be a part of and try them out. That is extremely beneficial and a great approach to getting your feet wet.

CGP 25 | Crisis Management
Crisis Management: There’s a lot of organizations that would love to invest in women who are interested in developing a skill set, finding what they want their niche to be, and identifying a current gap in the security program where you can use the skill set you have to provide unparalleled value.

 

Ashley, you’ve talked about some of the skills that you use, but what do you think puts women off applying to work in cybersecurity?

There are two things and they go hand in hand. I’ll start with the first and that’s job postings being daunting in and of themselves. You look at the skills required or even what the description of the job is. This is not only in the cybersecurity field. Oftentimes, someone may not be super confident in the fact that they are the right fit. Typically, if I look at a job posting and I’m not sure if I’m the right fit, I would still apply and go through the interview process. That’s the whole point. You’re interviewing the company as much as they’re interviewing you so you can see if there is a good fit.

When it comes to cybersecurity and the gender gap that we already see within the field, it can be a turnoff for women. They look at the job posting. They’re unsure. Maybe they do still have the courage to apply, but then every interview that they have from that point on is by a very successful senior male figure. It’s hard for them to imagine themselves in that role as a female, knowing that they’re going into a very male-dominated environment.

It’s hard for women to imagine themselves in that role as a female, knowing that they’re going into a male-dominated environment.

I am the only female that is on the crisis management team, and one of three females on the readiness team at Accenture. I’ve had a great experience. Someone had to point out to me that I was the only female on the team, but I know everyone doesn’t have that experience. It takes a lot of courage to put yourself in those uncomfortable situations to even apply for a job you’re not fully confident in.

You add that to the mix and it can be extremely daunting and a turnoff to many. I think there’s a lot of change in the cybersecurity field these days. People are aware of the fact that it is male-dominated. I will give a shout-out to my male leaders. They pointed out and they have the conversations. They’re trying to make strides to minimize that gap. As women, we also have to apply for them to be able to minimize the gap. I don’t want to forget that part of the equation too.

Finally, what’s your top tip for anybody that wants to get into cybersecurity? What would you suggest they do?

I would go in head first. If I’m being honest, as we’ve talked a lot about here, there are so many different opportunities and skillset that you can leverage to be successful in the field. The way that I was able to find my path was going in head first trying a wide variety of things until I found my niche. I would encourage anyone who has any potential desire to be in cybersecurity to go in and give it a try. We have such a shortage. Everyone is going to be grateful that you’re there.

CGP 25 | Crisis Management
Crisis Management: For anyone who has any potential desire to be in cyber security, just go in and give it a try. We have such a shortage. Everyone’s going to be grateful that you’re there.

 

If you’re on the right team, they’re going to encourage you and teach you along the way. At the end of the day, it’ll be a great learning experience. At the very least, you might find your niche and passion, and years later, be excited to go to work every day and want to have the opportunity to be on shows like this to encourage others. I couldn’t say enough positive things about my experience thus far. I would recommend for anyone that’s potentially interested to go in head first and see how you feel a few months in.

Ashley, thank you so much. I’ve enjoyed hearing about your career, how you got started, and the skills you use. It’s fantastic to hear somebody talking about cybersecurity with such enthusiasm and passion. Thank you very much for joining me in this episode.

Thank you for the opportunity.

If this conversation has sparked or thought in your mind about how you recruit your female talent, let’s have a conversation. To give you the opportunity to ask any questions you have about the work I do with cybersecurity companies on attracting, developing, and retaining more female talent, simply email me at Sherry@SherryBevan.co.uk to book your call. Thank you and I’ll see you in the next episode.

 

Important Links

 

About Ashley Baich

CGP 25 | Crisis ManagementAshley is a security consultant whose work is focused on proactively improving organization’s resiliency to cyber threats and advising organizations through cyber crisis’. A readiness and crisis management consultant at Accenture in their Cyber Investigation, Forensics, and Response (CIFR) practice, she is responsible for helping organization’s flex their crisis response capabilities.

CGP 26 | Profit For Purpose
Oct 1 2022 0 Comment

National Cybersecurity Awareness Month Special: The Profit For Purpose Mission In Cybersecurity With Dr. Jacqui Taylor Of Flying Binary

Podetize HostingPodcast

The cybersecurity career path appeals to women because it is purpose-driven. But most of technological innovation is driven by profit. Dr. Jacqui Taylor believes that the best of both worlds can be combined in what she calls a profit-for-purpose model. As the co-founder and CEO of Flying Binary, Jacqui is on a mission to create an inclusive technological future for everyone, and she believes the profit-for-purpose is the way to do it. In this conversation with Sherry, she explains how she made her way to a cybersecurity career and the massive role she’s now playing in detecting and fighting bad actors, including in what’s widely-considered to be the world’s first cyber-warfare history, which is currently underway in Ukraine. She also explains why the cybersecurity space is especially conducive to inclusion initiatives and how women and other underrepresented sectors can start their career path in the industry.

Listen to the podcast here

 

National Cybersecurity Awareness Month Special: The Profit For Purpose Mission In Cybersecurity With Dr. Jacqui Taylor Of Flying Binary

In this mini-series to celebrate National Cyber Security Awareness Month, I’m talking to a range of women about their careers in cybersecurity. I’m delighted to be talking to Dr. Jacqui Taylor. A very warm welcome to you, Jacqui. Thank you so much for joining me.

It’s great to be here with you, Sherry.

I feel very honored to have Jacqui as a guest and there’s so much I could say about her. She’s been voted one of the most influential women in UK technology. One of the most inspiring women in cyber. She’s been awarded an honorary Doctorate of Science and recognition for her international science work. There’s so much I could say.

In 2016, she pivoted her company FlyingBinary to meet the challenges of Web3, metaverse, and the industrial internet of things with spectacular results. Let’s jump right in to find out more about Jacqui’s career journey in the cyber world. Jacqui, I know you’ve been involved in technology in cybersecurity for a long time, but how did you get started?

I was due to take a management role in the UK’s post office and my mother took very serious ill and ultimately died in a few months. My whole career was upended because I had done an internship at a local aerospace engineering company. They came to me and said, “We can support you. We can support the family.” That was helped by the fact that my father was one of the directors, but they saw what I’d done as an intern and were keen to keep me.

I went into that and that was my start in aerospace engineering. It all went swimmingly well until I qualified. My dissertation was at a new jet engine technology to reduce the noise pollution in our cities and the first aircraft off the production were for a Middle East client. As a female engineer, I was not somebody suitable to run that.

My managing director said, “I wonder what will happen if I put an aerospace engineer into the technology department.” Then the answer was nothing because I was horrified by what I found. The long story short was, effectively, that was the beginning of software engineering for the aerospace industry because we needed to put engineering at the core of what we did because otherwise, planes would fall out of the skies, and it wouldn’t be a good thing. That’s a subtle piece that I did in terms of an industry intervention to solve the noise pollution of our aircraft. It’s something that has been a thread throughout my career.

How did you get started specifically in Cybersecurity then?

As a technologist, it’s something I have been interested in because it’s out there. It’s that societal piece. I have been a white hat for some time and I have worked with many people to do many different things. FlyingBinary’s mission is inclusion, leave no one behind. We firmly believe the future’s female and that the GDP growth that an inclusion agenda drives because I have done the assessment for 60% of the world’s GDP, so it’s a very powerful agenda.

Everything we do for the government across the world has a cyber component. We are a cyber essentials company using the national cybersecurity center accreditation, but that wasn’t our focus. Our focus was building technology for Generation Z or until I spoke at Davos in 2019 Generation Alpha and to unlock their talents for the world. We knew that technology could be leveraged and be an enabler and we were building that deep technology.

The websites that we pioneered that I got the honorary Doctorate for was the foundation of our engineering background because my cofounders are electrical engineers. The combination of that science, pioneering science and the engineering background gave us an offering that hadn’t been seen before and it’s still unique across the industry.

I created the blueprint for Europe. I started my work in 2014 as an independent advisor to Minister Calvin’s office. I had the opportunity to create the blueprint for the future of Europe and for the industrial internet of things. That’s when we are all connected up and humans and robots. The day I did that was a major day in my life. I’d written my second book. I was there to present that work. It was the day that I had to come home to the UK.

I had to be on the last Eurostar train from Brussels and they guaranteed that for me. At 5:00, the doors opened. The men with guns arrived and said, “Which one of you is going to London?” That was the day that Paris was attacked. The reality of it was the technology we’d been building to create that societal intervention was also technology that the criminals didn’t have access to that allowed us to see what they brought to.

I came home on that Eurostar. I did my intervention with the high commissioner of Bangladesh on Saturday in London. We got back on that Eurostar on Sunday. Having pivoted the company to be accounts terrorism company and deploy that technology to safeguard us all against the terrorists, drug traffickers, and people traffickers. The reality of it was we had unlocked the societal piece, but there were those within society that were determined to destroy it.

800 people, 16 companies of what we built up far, down to 200 people, 6 companies that moved in to cancel terrorism agenda. Now up to seven companies because we have added something. That was around changing the way other people looked at technology, which was profit-driven. How do you make money out of this tag? To something that for us was purpose-driven, but it was with profit. It was a profit-for-purpose agenda, and that was the day that began and that caused me to look at everything in the world very differently.

Particularly what cyber was going to mean to us in the future, given the criminal activity that we had uncovered and why that was a key change in our whole industry, and then what we were going to do about it. We have been in that domain ever since. I have been in working in Ukraine since 10th of February, 2022 and we are in our seventh month now and the first ever cyber warfare that the world’s ever known. We will stay here. Our world has gotten more dangerous since that day on the 13th of November, 2015. FlyingBinary’s mission is inclusion but in a cyber safe way.

It’s very interesting that you mention this societal mission, this profit with purpose, because for lots of women, that appeals having a career with purpose. It seems to me that cyber security fits that brief. If you are working in cyber security, in very simplistic terms, it’s the goodies versus the baddies. If you are on the goodies side, then it fits that career with purpose that a lot of women want. I wondered how you feel about that.

It’s very interesting. It’s why I say the future’s female because we are able to look in a wider perspective as females. I want to stress one thing. I might be an engineer and I can spin you up some tech of whatever you need out of the top fifteen influential women in tech. Both Poppy and I can still do that. The rest of the women are guarding that agenda and are moving it forward.

It’s not a technical agenda cyber. It’s a multifaceted industry. Since the 13th of November of 2015, we have changed the way we look at it. When I stood on stage at Davos in January 2019, I articulated that all we needed was one event that we call a Zero-day Exploit in our cyber world. One event that would transform everybody’s view of what our industry was.

At the time, when I was speaking on stage, I was imagining because I knew they were under million children not vaccinated for measles in the US. I was imagining a measles epidemic. That would sweep across America and we would lose our children because we didn’t have a holistic view of what was happening, and that measles, once it’s ripe, as we find in other countries, just sweeps across the country.

I didn’t know that was going to be a Coronavirus. I was using that example because one of my colleagues from NATO in the audience challenged me. It’s so like, “What, Jacqui? What’s this Zero-day you imagine?” That’s what I said. That’s what happened and 1 billion more people came online, which gave us in our industry a new perspective on what cyber looked like.

We could no longer deal with a threat. The threat was there and it was omnipresent, and now we had to look at risk. That was where the delivery of the Empathy Economy technology. Profit-for-purpose is a new business model, but the overarching agenda is the Empathy Economy, which literally takes that original cyber view of saying technology is in the sharing economy. You get a premium model. You get this for free. You got to pay for that.

That has created the leaky bucket that I was talking about at Davos and the Empathy Economy is reimagine technology using deep tech to change the way we look at how we leverage technology. That profit for purpose and I find for many men, it’s not a female agenda, but the fact that what you are doing creates impact. What you do every day, what I do every day and what we all do in our industry is we do the work we do in order to create the world we all want to live in.

We do the work we do in order to create the world we all want to live in.

I’m talking to Sherry now when we are literally talking nuclear war or we are not talking any of that. Let’s say the chief protagonist is talking about that. We are all in our industry working towards a world we want to live in. That profit-for-purpose model has resonated hugely in the sense of that has to be the way technology is leveraged.

It’s not for its own rights. It’s not because it’s geeky. It’s not because it’s technically interesting. It’s all of those things, but what purpose does it have? What does it enable? What can we create with it? That’s where the profit-for-purpose sweet spot is. That’s unusual in our industry. Lots of great debates on it, but the societal approach is the underpinning piece of that, and the fact that we can all create the world we all want to live in. Its impact and purpose-driven.

What I find so fascinating about cybersecurity is when you are talking about Coronavirus, for example, and the way that pandemic spread. What I find quite fascinating about the cybersecurity in industry is that the biggest challenges it’s faced or the biggest is it’s overcome that we don’t hear about them because we’d be too scared if we knew everything that people who are working in information security and cyber security. If we heard everything that you’d tackled and dealt with and shut down. I’m sure we’d all be feeling a bit more anxious and nervous. I find that aspect of it. You are doing something with purpose, but it’s not something you can necessarily go and publicize.

One of the things that we say to our engineers is very much, “You’ll be zero to hero. You’ll be the most famous person that nobody ever knows.” If we are successful at what we do, you won’t hear from us. It’s very interesting. I was running an event about 25 minutes after I’d received the Russian translation about what Vladimir Putin had said. I said to them, “Who’s panicked here?” Everybody said, “No, because we are with you. You are not panicked. We are not panicked.”

CGP 26 | Profit For Purpose
Profit For Purpose: As a cybersecurity engineer, you’ll be zero to hero. You’ll be the most famous person that nobody ever knows because if you’re successful at what you do, no one will ever hear from you.

 

The thing about it is we are susceptible to what we hear. We don’t question the providence of what we hear very much because in the sharing economy. It’s a free resource. I always say the thing about that is that anything that’s free is an opinion and opinion is the lowest form of knowledge, but we consume that on a daily basis. Most of us.

The reality of it is because of that, we are affected by it. That’s because, from a neuroscience point of view, that’s how we work. Our input determines our experience and, therefore, what we create. It’s deliberate that we don’t say that. Not because we are trying to keep secrets from you, but because we want to make sure everybody else can get on with what only they can do.

We do this as cyber specialists, but then we know that enables you all to do what you are doing. For those that join our industry, that’s one of the biggest motivators. We unlock a society that allows people to imagine a completely new future. We are quite happy with that agenda because, in our own world, we are not in it for the ego.

That for-profit approach to this is where perhaps that ego piece has come in. Once you attach purpose to it, then effectively, we are all contributing the key differences. It’s competitive in the sharing economy. In the Empathy Economy, it’s collaborative. We all contribute and between us, we envisage and we build that new future.

To be honest with you, it’s a fascinating place to be and there’s absolutely room for everybody. I’m visually disabled. I’m also neuro-diverse. The world’s a hostile place to me before I start, but then that’s the perfect place to me to be in a hostile world. Dealing with other people who don’t have my learning differences and don’t have my approach in the world. They can’t outrun me because I don’t think the way they do.

I think that’s the thing. Everybody has talents. There’s a place for them in our industry. The first ever cyber warfare since 24th February 2022 means that those opportunities got bigger and interesting because so many people are now saying, “Even if I’m not in the industry, I need to take account of that.” I have got something to give to Sherry as a download because you’ve met me by Sherry. I will give you a download of what we have done in the World Economic Forum. I will tell you about being cyber safe and even if you don’t join our industry, how we are looking after you and also how to keep your home safe. What’s the most attacked device in your home and it’s not what you think?

There is a place for everybody’s talents in the cybersecurity space.

Thank you so much, Jacqui. That’s much appreciated. There is so much that we could talk about in cyber security. It’s one of those all-pervasive topics. It’s everywhere, isn’t it? Cybersecurity now in the same way as technology is everywhere now. We were talking earlier, before we started, how manufacturing companies, for example, are so much more technology-driven than they were decades ago. What do you see as being the real opportunities for people joining the sector, but in particular for women joining the sector is what I’m most interested in?

As an industry, certainly in the UK, we have repositioned during the pandemic because so many people came to join the efforts of what we were doing and we were given advice and were bringing people into our world that caused us to think again about career paths. We are looking for something that we are always going to use technology. That’s only going to be on the increase, but how do we use that inclusively? We need to perhaps take the biases of what we do now and make it a more inclusive agenda.

The thing that I love about it, the young people, I was advising a young lady who’s getting ready to do internships on this. She was saying, “How did you choose?” I said, “Don’t choose. Just start because it’s all laid out for us as women.” As we are purpose-driven and because we have a more holistic view of the world. I would argue more of a societal view because of the roles that we play.

The hardest thing is how to choose, and I always say, “Just start. Just pick the piece.” Perhaps aligns with what you are doing now, and then take it from there. The one thing that’s perhaps different about our cyber world that perhaps you wouldn’t find in any other career path is non-ecstatic. The criminals never tell us what they are going to do tomorrow. What we have to do tomorrow is always different.

CGP 26 | Profit For Purpose
Profit For Purpose: The cybersecurity career path is non-static. The criminals never tell us what they’re going to do tomorrow. So what we have to do tomorrow is always going to be different. And that means you get to make your own career pathway.

 

For that, that means you make your own career pathway. You pretty much can choose and tomorrow is always going to be more interesting than today. Every time we shut something down, understand what they are using, make it inaccessible, they will find something else. Then that means we are the real problem solvers to say, “Now I’m going to evolve what I do.”

The fact that there are no days the same means that any part you fancy doing has a role for you, whether it’s within our sector directly like in FlyingBinary or within like we were talking about manufacturing. The cyber piece is because we move to the industrial internet of things where everything’s connected. The cyber response becomes very different.

There’s unlikely several years from now that anybody reading this won’t be in some way involved. Whether you are in the midst of what we are doing and helping pioneer the next steps, that’s a choice. If you wanted to tell people about what we are thinking about and you wanted to share what’s going forward, then this show is great because effectively, you can share this show and say, “It’s going to be all of us, so do we want to know more?”

We are curious as females. We love the idea what’s that about. I want to understand that a bit better and it’s not scary because everything we all do makes the world a safer place. That’s why I turned that on its head and was interested to hear the pioneers I was talking to. We are not scared because you are here and you are quite calm.

Given the news we have had, I’m quite calm because I know that as a group, community, or as a collaborative force, we won’t be outsmarted. All of you reading may welcome to join us and enhance that purpose. I’m so confident it will be where I am and how exciting that we can design the world we want to live in because the technology allows us to do that, and the cyber response is a wrapper around it all.

CGP 26 | Profit For Purpose
Profit For Purpose: It’s exciting how we can design the world we want to live in because of technology. And the cyber-response is a wrapper around it all.

 

I love that expression. Don’t choose. Just start. That’s perfect for anybody trying to break into the technology or into the cyber security sector. Into any sector that you are trying to break into, just start because then paths will open up for you. Getting started is something I often say to people. Just do it. Just get started. Don’t dither. It’s never too soon. Never too late. Before we finish, Jacqui, I love talking to you and find it fascinating, but what’s your top tip for anybody who wants to know more about cyber security?

There are lots of resources out there, but it’s the people. You’ve got other cyber specialists. I count myself and that around this show. Find out more about what we are all doing. You’ve got, however many people you’ve got in this series. You’ve got immediate connections. We are all very open to talking about what we do. We put resources out. I predominantly put cyber resources out on LinkedIn because that’s where my community of businesses look to consume that, but we are all very approachable. We are all of us quite enthusiastic about what we do and why creating impact with the work we do is so rewarding.

Ping us, interact on a post, ask some questions because we know that effectively, it’s all of our responses that collective. The one thing we can guarantee is community defeats terrorists, drug traffickers, and people traffickers. Being part of that community, connecting with us all, asking questions, and reading the rest of the talks on this series. You are part of us because you are reading this and then you are part of the change we will make across the world. That’s my top tip. We are very approachable and very enthusiastic and just ask.

Community defeats terrorists, drugs traffickers, and people traffickers. And so being part of the community, connecting with cybersecurity professionals, asking questions, and listening to talks makes you part of the change that cybersecurity makes across the world.

Thank you so much to you, Jacqui. I have enjoyed talking to you about your career and your purpose mission. That is absolutely fascinating. I could go on talking for hours, but we won’t. For those of you who’ve been reading, I hope you’ve enjoyed this episode. More episodes on the show at SherryBevan.co.uk. If it sparked a thought in your mind, please do connect and let’s talk and book an exploratory call with me to give you the opportunity to ask any questions you have about the work I do with cybersecurity companies on attracting, developing, and retaining your female talent. Email me at SherryBevan.co.uk to book your call. Thank you so much, Jacqui, for joining me.

It’s been a real pleasure. Thanks for reading, everybody.

 

Important Links

 

About Dr. Jacqui Taylor

CGP 26 | Profit For PurposeAs #15 Most Influential Woman in UK Technology and 21 Most Inspiring Women in Cyber Dr Jacqui Taylor was awarded an Honorary Doctorate of Science in recognition of her international web science work. One of the 250 Founders of the UK’s Digital Economy, in 2016 she pivoted her company FlyingBinary to meet the challenges of Web 3.0, the Metaverse and the Industrial Internet of Things (IIoT) with spectacular results.