This episode offers you the senior consultant of Crowdstrike, Emma Jones, to celebrate National Cybersecurity Awareness Month. Emma shares the unintentional move of her career in cybersecurity. Given that she has no background in the role, the transferable core skills she possessed allowed her to fare pretty well in the space. She enjoyed each moment of her journey and never looked back on her previous career. Like everyone else, Emma faced some challenges along the way in her career, but how did she deal with them? What insights could she offer to anyone thinking of taking the cybersecurity route? Tune in to this episode and learn more.
Listen to the podcast here
National Cybersecurity Awareness Month Special: Navigating The Unconventional Route A Cybersecurity Career With Emma Jones
In this mini-series, to celebrate National Cybersecurity Awareness month, I’m talking to women about their careers in cybersecurity. I’m delighted to be talking to Emma Jones from CrowdStrike. Welcome, Emma. Thank you so much for joining me.
Thanks for having me. It’s a pleasure to be on the show. Thank you.
Emma is a Senior Consultant at CrowdStrike. She’s going to tell us a bit more what that involves. Let’s get started and find out about her career journey. To set it into context, could you start by telling us a little bit more about CrowdStrike and what they do?
CrowdStrike, for those who haven’t heard of them, we are a global cybersecurity technology company. Our mission is ultimately to stop breaches. Essentially, they work with a whole range of products and services and strategies to protect customers and clients from the cyber threat and from the adversity that we face in that space. That’s a little bit about CrowdStrike. My role with them is based in the services part of the business. Essentially, I work with organizations across the UK, Europe, Middle East and Africa on a huge range of cyber incident response and readiness activities to help them prepare for the threat and increase their security posture and readiness.
Tell me how you got started in your IT career.
Overcome the imposter syndrome because otherwise, it would impact you personally and professionally.
Completely unintentional move into IT/cybersecurity. Actually, I went straight into cybersecurity. My previous occupation was in UK Law Enforcement. I was in a National Law Enforcement Organization working on a whole range of crime types, different threats, different teams, non-related to technology or cyber.
What happened was I went through a promotion process and they’re quite huge campaigns, I should say, where you apply for the rank or for the grade or the position rather than a specific role. You go through a campaign, they will assess and determine who’s suitable for that particular level, then at that point they will appoint individuals into the role across the organization and across the UK.
I went through a campaign and was successful in that campaign and was really pleased to hear that. It was at that point, I found out which role I was being posted into. Honestly, I expected it would be a role that I had done before with EMA, or had exposure to a crime type I was more familiar with. No one was as surprised as me to find out that I was posted to the National Cyber Crime Unit. I had a moment where I thought, “What on earth has happened here? There must have been a mistake. Why am I going into cyber? That’s not my background. I don’t have an IT skillset.”
I wondered what had happened in the process, but actually people had recognized transferable skills as being incredibly important in cybersecurity, not least of course because the industry is still fairly new compared to many of the areas of work and disciplines, but actually very fortunately the panel who decided recognized that I had some experience that would benefit the cyber side of the team. I found myself in a position there, which entailed creating and delivering and establishing a brand new unit for all UK Law Enforcement. It was all focused on prepared activities.
I had to start from scratch, learn about the threat, and then develop a team which would do a range of different projects from exercise and through operational learning all focused on cyber incidents. It was completely unexpected, but I’ve never looked back. I enjoy every moment of it. Here I am now in CrowdStrike in the private sector.
I love hearing stories of people who have had an unconventional route into cybersecurity. I think it’s a very positive and powerful message to hear. You mentioned there that your campaign is you’re applying for a rank rather than for a specific role, and that somebody had obviously spotted specific transferable skills that you had. Would you mind sharing a bit more about what you believe those transferable skills were or are?
I would describe them best as core skills. Some people say soft skills, I’m not a huge fan of that. I think it can really imply that you are lesser than or it’s not as important. I like to say core skills. Essentially, I would say there are probably three areas. The first is communication. With that, obviously running a team that had a national unit, you would need to work with people in many different sectors, many different organizations, both public sector and private sector, and at different levels, operational levels, all the way through to senior leaders and strategic forum.
Communication absolutely was the top skill that mattered most in this space, so that you could essentially translate a conversation or a topic and achieve what you needed to achieve in that role. The second skill I would say is probably the leadership skills and strategic thinking. Many conversations I’ve had throughout my career, people have said, “Leaders and leadership skills are saved for the senior roles.” I think anyone can be a leader in your space. If you are developing something, if you were doing something novel or creative, or you have simply taken a step forward to help bring people together, then that absolutely means you are a leader, regardless of your role.
Whilst I was in a management and leadership position, I think those skills were deemed pivotal to be able to take an idea and a vision forward, and get people to understand why you were doing some and what the outcome and benefit for everybody would be in that space. Definitely communication and leadership. Finally, and I suppose it’s an element of communication, but it’s about listening skills and the ability to understand the situation that’s presented to you, and tailor and flex your style and ability and approach.
Obviously, there are many different views and ideas that you can take forward in your space that you need to be tuned in to what the actual requirement may be. Attention to detail and that listening ability, and then translating it into the next project. I certainly think those are some top skills I had to draw upon to my journey in that role specifically.
Comparison is the thief of joy.
As you described, they are definitely core skills that anybody needs in any industry and sector, but I think particularly so in the way that cybersecurity space is evolving at the moment, then those skills are in high demand. Tell us a bit more about what you do on a day-to-day basis in your role at CrowdStrike.
No two days are the same, as cliché as it may be. There are themes and similarities but lots of different conversations. There are a few paths on my role. The first is around working with our organization to enhance the incident response readiness. What I mean by that is getting prepared ahead of an incident to be able to deal and respond to that particular situation that they face. There’s a whole range of benefits in doing that. Not least familiarity and awareness, increase in the effectiveness and the speed of your ability to respond, given that time is always of the essence in these circumstances. That’s a huge focus for me is that preparedness initiative drilling down on some key aspects, whether that’s how you seek support in responding to an incident, what barriers you may potentially face, and how can we overcome them proactively.
The other aspect of my work is more strategic in the sense of supporting organizations in their broader security programs. Working with them to understand what keeps them up at night, what’s the biggest concern, what’s the priority, and how we can help them address those concerns and priorities. Security programs are always changing. They’re always evolving, very dynamic, and you can never do everything all at once.
It’s about having conversations with our clients across this region about what matters to them, and how best we support their effort so that they increase their resilience and readiness in that space. That’s broadly speaking of the day job. I’m really fortunate to have a couple of extra pieces of work that I can do in CrowdStrike relating to inclusion and thought leadership as well, which is fantastic. I’m very fortunate to have the time and opportunity in that perspective.
It sounds like you really enjoy the work that you do, which is brilliant. When you enjoy your work, it makes it so much easier. Since you’ve moved into the IT or the cybersecurity sector, what has been your biggest challenge in your career so far?
I would certainly say it’s around building confidence. We talked about how many people find themselves in cyber in unconventional ways, different routes and paths. I think that contributes to things like Imposter syndrome. Many people, if not everyone, suffer that, and it comes in peaks and troughs, but that was an area that I struggled with to begin with.
What comes hand-in-hand with that is building confidence and having faith and belief in my skillset and my abilities. That was quite difficult to begin with because when you would look around in cyber, it’s still fairly male-dominated. There’s still quite a technical focus rather than a core skill focused certainly at the time that I came into the industry. That sometimes can make you feel like, “I’m not quite like person X, I don’t have that knowledge of person Y, and I wouldn’t take that approach.”
Sometimes, you can then doubt your abilities and whether you’re in the right space and doing the right thing. For me, I had to overcome that because otherwise, you would be impacted both personally and professionally, and suffer in terms of not being able to really do and be who you wanted to be. I had to take the time to reflect and realize that I was in a position I was because of the skills and experience I had. They may have been different for other people, a different perspective, a different mindset or a different approach. I had to remind myself of that on a regular basis.
There’s a quote, “Comparison is the thief of joy.” That’s absolutely true. Remember the skills that you do have, and it’s not necessarily all about certifications. I came into the industry without anything like that. It was about lived experience and ability to apply knowledge. Realizing that position was fundamental to overcome that challenge. Don’t get me wrong, it can still be a challenge now, but it’s much more in check. I also have a wonderful mentor who I met through a Women in Technology program, who supports me create the safe space and has honest conversations, and helps me understand more about my potential and current value as well. That’s certainly been the biggest barrier that I’ve had to overcome.
It’s interesting you talked about a mentor because one of the other women in this mini-series talked about having a mentor as well, and how helpful that had been for her to believe in herself and to apply for the next role and to develop her career. It’s good to hear you talking about that as well. What about your proudest achievement? What’s that been?
If you wait until you feel ready, it’s usually too late.
This is always difficult to talk about. It’s not a question people ask one another so often. For me, I was nominated for a Global Women In Tech Award. That means a lot to me because it focused not just on my work in cyber incident response, but also predominantly about the work I’ve done for inclusion and inclusive practices with incidents.
I would say I’m probably most proud of it because it was the results of the work that I did a few months ago with the forum of incident response and security team. I was selected to speak at their conference. I thought about what we can do to be inclusive with them. For me, a lot of conversations and a lot of narrative, quite rightly, is always about thematic and strategic conversations around diversity and inclusion. Sometimes, those in teams and every individual every day might not feel that relates to them directly.
I wanted to take a moment to speak to those individuals within teams within the global forum to say, “This is what we can do as individuals and actually make it specific real examples, bringing it back and relate for their daily work. That was a fabulous opportunity for me to bring two topics I love together, and a wonderful moment to hear about the nomination as well. That’s where I’m at in terms of proudest achievements.
You’ve done a lot of work around inclusion and representation. What do you see are some of the potential barriers for women working in this sector?
The most prominent barrier at the moment is a lack of representation of women in two areas. The first in senior leadership roles and the second in technical roles. The industry is very vocal and passionate and supportive of having diverse representation, having women in the workforce. There are conversations about how cyber is not just technical, so women in roles that are non-technical and that are outside of the day-to-day hands-on keyboard activity, and they intersect with cyber, was certainly getting there and recognizing that and bringing women into the sector in that regard.
When it does come to senior leadership and technical hands-on keyboard positions, that is where we lack the visibility and representation. It’s important for me because we want to feel like we can have a career path and that we can do something. Everyone likes to see someone role model that opportunity. Without that can make it quite a challenge to showcase and explain to individuals and to women what a great path this career can take you on.
You’re right. There are a lot of organizations that are actively wanting to improve diversity and increase inclusion, but it’s not having those role models at the senior levels and in the technical areas. There’s that quote, “You can’t be what you can’t see.” The more we have those role models, then the more it becomes a snowball effect. Any top tips for anybody who wants to get into cybersecurity via a conventional or an unconventional route?
There are many, and I’m sure you’ll hear some fabulous tips from all of the guests on this mini-series, but I think there are two. The first is to leverage what’s out there to support women. There are amazing networks, free training programs, and I mentioned the Women In Technology mentoring program that I joined a number of years ago. There’s so much out there, so just have a look, make the most of it, choose opportunities that you think will be best for you to support your interests in that area. You don’t need to be in a cyber role to join any of those. You could just be thinking about IT and tech position. Definitely leverage those opportunities. There’s more now than there’s ever been before.
The second tip I would have is there’s no better time than doing it now. Both for those reasons around the opportunities, but also because someone once said to me that if you wait until you feel ready, it’s usually too late. I completely agree with that. Taking a moment to leap into a new opportunity or just signing up to a program or a training course. Even if it doesn’t fully fit with what you’ve got going on right now or if you think, “I need another six months and then I’ll be ready,” just do it because something will always come in the way. That’s my main tip and something which stayed with me for my entire career so far.
I love that piece of advice. I think it’s so true because so often we put off doing things because, “I’m not quite ready or I don’t quite have the right experience yet,” then you can look back later and think, “If only I had done it sooner, if only I’d just taken up that plunge.” Emma, thank you so much for joining me. It has been interesting to hear about your slightly unconventional route into cybersecurity, but I think that’s a very positive thing to hear. I’ve loved the tips that you’ve shared as well. If people want to get in touch with you, I guess LinkedIn is the best place to do that, correct?
Yes, absolutely. Please reach out. I’m always happy to provide pointers and advice on joining the sector and where to leverage those opportunities.
Thank you so much, Emma, for joining me. We’ve been reading about Emma Jones talking about her career as a woman in cybersecurity. If there’s a spot of thought in your mind, let’s talk. Let’s talk about any questions you might have about the work I do in cybersecurity companies on attracting, developing, and retaining your female talent. Just email me at Sherry@SherryBevan.co.uk to book your free consultation call. Thank you, Emma.
Thanks. It’s been a pleasure.
About Emma Jones
Emma is a Senior Consultant with CrowdStrike, who works with organisations across the UK, Europe, Middle East and Africa on a range of cybersecurity incident response and readiness initiatives. Alongside her day job, she is passionate about fostering inclusion and championing diversity, and is involved in multiple associated projects.