MIND THE PAY GAP: REPRESENTATIVE TALENT PIPELINES ARE MORE IMPORTANT THAN EVER
I’ve always been a strong believer that if you work hard you will make your own fortune, and that you can achieve real change by creating the life you want to feel and experience for yourself, and for others.
You remember Dorothy in the Wizard of Oz? She travelled across strange lands in an unsafe environment, stepping out of her comfort zone and ultimately facing her fears – before discovering that she didn’t need the wizard to get home, but that she had had the power in herself all along.
All she had to do was to tap her heels together 3 times and say ‘there’s no place like home’.
When it comes to diversity, equity and inclusion (DEI) programs, maybe there is – or should be – a bit of Dorothy in all of us.
We already know that equality is a necessity that every individual must enjoy. It is unacceptable to be treated unfairly based on who you are, where you’re from, or what you look like. And we already know that it’s even worse to be the one treating people that way.
But if you want to create a workplace that espouses these values, it’s not going to happen on its own. You need a charter – a set of guiding principles –to serve as a North star for your DEI efforts.
Whether in our schools, our workforce or during the hiring process for employment, delivering on the ideals of this charter is a challenge that everybody is facing in their own way.
This issue of the magazine is all about embracing that charter in whatever way best suits your own corporate culture. Here are a few ways you might be able to do so:
• Expand opportunities by creating cyber experiences
• Create a directory of organisations supporting cybersecurity education by offering internships, pairing new cyber security hires with mentors
• Implement proactive policies to build a workforce that reflects the diversity of the community at large
• Measure and fix your gender pay gap so that no group of employees feels disadvantaged by inadequate DEI policies
• Plan and implement outreach policies to engage the next generation of workers earlier on: instead of demanding they bring experience into your organisation, attract them early and give them clear career pathways so they can build that experience on the job
• Foster an inclusive workplace culture so that your employees can see you truly want to drive real change, and that your organisation wants to be part of a better world
There are as many DEI charters out there as there are individual organisations – and every company’s journey will be different.
Indeed, those charters are like the company’s Yellow Brick Road – the guiding path that takes you from where you are now, to where you want to be.
The road to equality is long and hard –but there’s just no place like home. Embrace a DEI charter to find your organisation’s own path to equality
Etymologically, the word ‘charter’ comes from the Latin word meaning ‘map’. Keep this in mind as you plan your DEI journey.
Like Dorothy travelling along her own Yellow Brick Road, there will be bumps along the way. There will be straw men and wicked witches, fields of poppies that lull change advocates into a stupor; lionhearted allies and malevolent flying monkeys that variously help and hinder your efforts.
Charters help in this journey by creating spaces that foster respectful, inclusive, and equitable communication practices across the organisation, all the while normalising proactive and equitable engagement as well as a universal sense of belonging.
With the right approach, you can get to your Emerald City too – but it will take perseverance, hard work, a bit of luck, and ultimately belief in your own ability to change.
Tap those heels together three times. Use a charter as a map. Look inside your organisation, and inside yourself. You are likely to be pleasantly surprised by what you find there – and when you’re ready to plant your ruby slippers on the road to equality, your own Yellow Brick Road will be there waiting for you.
Abigail SwabeyPUBLISHER, and CEO of Source2Create
www.linkedin.com/in/abigail-swabey-95145312
aby@source2create.com.au
Abigail Swabey
No job is too big or too small.
We look after your marketing & content needs so you can get on with what you do best. GET CONNECTED AND TAKE CONTROL OF YOUR BUSINESS SUCCESS TODAY!
A W S N i s p l e a s e d t o l a u n c h t h e 2 0 2 3
A u s t r a l i a n W o m e n i n S e c u r i t y
N e t w o r k M e n t o r i n g P r o g r a m
L o o k i n g f o r w a y s t o g i v e b a c k ? W e n e e d y o u
L e a r n m o r e a t a w s n . o r g . a u / i n i t i a t i v e s / m e n t o r i n g /
Sponsored by Powered by
by David Braue
Recent revisions to the UK Athena Swan (Scientific Women’s Academic Network) Charter – an extensive framework to help educational institutions embrace diversity, equity and inclusion (DEI) – recognised the complexity of DEI initiatives and provided practical guidance to help educational institutions formally commit to ideals of equity.
Revised in 2021 as a ‘transformed Charter’ with the guidance of educational practitioners, DEI champions and the charter’s governance committee, the charter provides formal guidelines for DEI compliance as well as self assessment, accreditation and other mechanisms to encourage and reward diversity initiatives at signatory institutions.
Those mechanisms include eight key goals:
• Adopting “robust, transparent and accountable processes” to guide gender equality work, including embedding DEI in the university’s culture, decision making and partnerships, undertaking evidence based self assessment processes and distributing and recognising DEI work.
• Addressing structural inequalities and social injustices that create “differential experiences and outcomes” for staff and students.
• Tackling behaviours and cultures that detract from safety and collegiality in work and study environments.
• Understanding and addressing “intersectional inequalities” with multiple causes.
• Explicit acknowledgement of issues faced by transgender and non-binary people.
• Examining gendered occupational segregation and elevating the status, voice and career opportunities of “under-valued and at-risk groups”.
• Mitigating the gendered impact of caring responsibilities and career breaks, with a focus on work/life balance.
• Mitigating the gendered impact of short‑term and casual contracts for staff seeking sustainable careers.
The transformed charter’s breadth and depth, as well as its maintenance by global higher education charity Advance HE, have positioned it as a model for rallying industry wide change across educational institutions around the world.
Its benefits include not only the encapsulation of DEI best practice, but the provision of detailed, sector relevant guidance and evaluative instruments that save member universities from having to develop their own DEI initiatives from scratch. These instruments include a newly developed culture survey that helps departments evaluate their culture and identify key gender equality challenges.
“In the sector we have made good progress on raising awareness of how important to student and university success gender equality is, and we have made good strides in tackling underrepresentation and addressing many barriers,” said Sarah Guerra, director of equality, diversity and inclusion at Kings College London, which was a bronze charter member of the Athena Swan Charter and has doubled down on its commitment with further accreditation.
“I want us to do even more to recognise and tackle systemic and structural issues that prevent gender equality,” Guerra added, “and to do more to recognise how gender and race inequality aspects are hidden or reinforced by research and teaching methodologies.”
Continuous improvement of the charter will go a long way towards supporting that objective, she said: “removing some of the unnecessary burden and administration [of DEI programs] should mean that more institutions are willing and able to participate,” she explained, “and that we see faster and deeper progress on tackling gender equality.”
The Athena Swan approach has spread worldwide, with Australian universities similarly joining forces to muster sector‑wide support under the banner of Science in Australia Gender Equity (SAGE) –an Athena Swan-affiliated program of reform and awareness that counts 31 universities, seven medical research institutions and five publicly-funded research agencies amongst its membership.
“Working in the STEM fields, and in research more generally, can be extremely demanding,” said Professor Birgit Lohmann, former senior deputy vice chancellor at the University of the Sunshine Coast after that institution joined the growing SAGE membership in 2016.
“The SAGE program is about looking at what we can do as an institution to support gender equity and remove barriers, particularly around senior and leadership positions,” she said. “I think it’s likely that the SAGE process will result in changes that will benefit everyone.”
Despite some improvement, women continue to be underrepresented at senior levels within Australia: 2019 figures, the latest available, show the percentage of women in IT related roles peaking just after completion of postgraduate qualifications, and declining rapidly with seniority. The figures for all STEM roles show a similar peak, albeit a slower
“Studies show that systemic barriers have a negative effect on the attraction, retention and progression of women in academic and research careers,” SAGE notes.
“The loss of such expertise is a waste of knowledge, skills and investment, and impacts our nation’s research performance and productivity. To ensure we benefit from our top-quality academic and research talent, we need to ensure gender balance and diversity throughout the academic pipeline.”
However, the need for diversity does not stop with universities. Companies starved of security skills and desperate to lock in graduates with security skills need to recognise the importance of gender balance. It is also important for organisations to actively engage with efforts to bring security education to members of a diverse student body both in their younger years and as they progress through their private-sector careers.
Many organisations have accomplished this by actively supporting cybersecurity education in primary and high schools, offering internships to those potentially interested in the field, and pairing new security workers with mentors who can help them navigate what are often complex diversity minefields.
A number of organisations are taking advantage of innovative education programs that create new opportunities to bring a broader range of candidates into the security industry. These include the Girls’ Programming Network coding workshops, MassCyberCenter’s Cybersecurity Mentorship Program, youth education programs like CyberPatriot and Norwich University’s Cyber Corps: Scholarship for Service program, which provides government funded cybersecurity scholarships in exchange for several years’ US Government service after graduation.
“Cyber is often considered a challenging subject,” said Dr Huw Read, director of the Norwich University Center for Cybersecurity Forensics Education and Research (CyFER), which among other events hosts a Pi Making Contest that encourages students to build security tools on Raspberry Pi devices.
“These novel hands on projects with our Scholarship for Service mentors let school students explore new areas of computing, chat with those who are already in the specialisation, and create something they can be proud of and reuse in the future,” Read said.
Whatever the programs, education is the key in all of these cases and, by channelling the spirit of the Athena Swan Charter, institutions providing security education can ensure new recruitment and engagement programs are not only novel, but diverse.
“The focus is shifting from equality – this presumption about everybody needing the same thing and treating people equally – to equity, which is about recognising that we’re all very different,” Jennifer Izekor, a cultural intelligence trainer and executive director of UK-based Above Difference, told a recent panel discussion
“Equality is not enough,” she continued. “Just treating everybody the same doesn’t actually give us the results we want, because people are starting from different points – and we have to be really cognizant of what this means.”
Ikezor likened the issue to a tall person who can see over a fence but forgets that shorter peers simply cannot, saying leaders need to remember that every person faces different challenges in their everyday engagements, and that leaders must not let those people be defined by their intrinsic characteristics.
“It’s not enough that we provide bricks for people to stand on,” she said. “We have to begin to take down the fences altogether. And that means really having a perspective of what those fences are; involving women much more in thinking about what an alternative world looks like, and having a real, shared vision of what the world would look like if the fence wasn’t there anymore.”
“The SAGE program is about looking at what we can do as an institution to support gender equity and remove barriers, particularly around senior and leadership positions,” she said. “I think it’s likely that the SAGE process will result in changes that will benefit everyone.”
-Professor Birgit Lohmann
HOW TO UNLOCK THE POTENTIAL OF OUR NETWORK
Marina Azar Toailoa
Client Executive at EGroup Protective Services Group Pty Ltd
Many women who have shared their career journeys on these pages have transitioned into cybersecurity from different — often very different — careers. Marina Azar Toailoa’s journey has been somewhat different. She had been working in a variety of protective security roles while, over seven years, studying for a bachelor’s degree in cybersecurity from Macquarie University, which she gained in 2022.
“I asked myself which field was growing and which I could see myself working in for a long time, and that was the cybersecurity field,” she says.
However, over those seven years she had gained considerable experience in other areas of security and decided protective security rather than cybersecurity was where she wanted to be.
“Starting my career in protective security showed me this was exactly what I want to pursue and continue growing in,” she says. “I had some exposure to cybersecurity workplaces which I felt my heart was not into and it was different from what I imagined myself doing.
“I was very fortunate to have had the opportunity to work with the NSW Police Force mental health intervention team. I then moved on to work in the Department of immigration and Corrective Services which revealed to me how passionate I felt about providing a service of the highest level to provide safety and security.
“Working in these areas made me realise I did not want to pursue cybersecurity and my heart was leaning towards a career in protective security. Working in the correctional centre environment made me realise how passionate I am about overall security and safety.”
After four years with the NSW Police Force and a brief stint in industry, Marina Toailoa took a role at the sharp end of physical security: in a maximum security correctional centre, until impending motherhood brought about an epiphany.
“When I was pregnant, I had a lot of time to reflect and think about what type of mum I wanted to be and what example I wanted to set for my son when he’s older,” she says.
“I decided it was time for me to move on and into a field that suited my work/life balance while still pursuing a career in protective security. I needed to work somewhere that supported my family commitments and also supported me to grow into a leadership role.”
She applied for, and gained a security management role in a retail environment, which she says was “the best decision and move I made for myself and my family to pursue a path in protective security.”
It was also an unexpectedly early fulfilment of Marina Toailoa’s career goals: she did not expect to become a security manager leading a team while still in her 20s.
“I was conditioned to hearing people say to me ‘you need this many years’ experience before you can become a security manager’,” she says. “I never thought I would reach my long term career goal at this age. So, I am incredibly grateful. I was given advice by my amazing friend and mentor, Mina Zaki [Associate Director Cyber Security Alliances with KPMG Australia] that age should never be a barrier to my goals. Hearing this made me realise I was the only one slowing myself down, and to grab the opportunities as they came.”
Also looming large in Marina Toailoa’s career trajectory is her brother, Angelo Azar, Chief Operating Officer at Honey Insurance, who she describes as the biggest influence on her career. “The way he demonstrates leadership with a high level of integrity and respect, and his ability to maintain composure when dealing with challenges are qualities I always look up to and I try to model. When asked what type of leader I want to be, it is one like my brother.”
As a leader Marina Toailoa says the most rewarding aspect of her role is empowering others “to grow their career in the security industry by educating them and enabling them to realise their capabilities while also ensuring the client receives the best level of service we can offer.”
She adds: “I would love to one day provide security consulting services and/or training services to help grow the security industry with high calibre individuals.”
To this end she is planning to gain a Certificate IV in training and assessment. (She is at present completing a master’s in emergency management course), and she says there is much she wants to do to grow in the industry.
“I feel as though the entire security industry is experiencing a shortage. It does become challenging trying to attract and maintain top talent when the ultimate goal is to provide high quality security services consistently across sectors. Following the pandemic, bringing people back into the field of protective security was a slow process.”
And to encourage anyone contemplating a career in the industry, she says: “The great thing about the protective security industry is that the skills require a common sense approach that is inherent to many individuals. If someone has the mindset to learn and be alert, they are more than capable to transition into the job.
“The security industry is constantly growing with so many exciting opportunities and there is an abundance of knowledge to gain. Every day I am excited to go to work. The challenges that arise are worth dealing with when you are passionate about what you are doing and when you are surrounded by an incredible team.
“Some people I have managed to enter the industry came with an element of self doubt, which hindered their progression. So I needed to remind them the job can be mastered once they put their mind to it and are willing to learn new skills.”
www.linkedin.com/in/marina-azar-toailoa-66259511a
At age 16, Hong Kong native Jasmin Yip left home and her parents for New Zealand to complete her high school education at Wellington Girl’s College where she enrolled in Year 11, on the recommendations of a cousin living in Wellington.
That was the first step on a journey that will soon take her to the University of Southern California in Los Angeles to study computer science at the USC Viterbi School of Engineering, thanks to her gaining a Presidential scholarship worth $US33,320 per year — an award given to only 200 students each year — and a place in the McCarthy Honors Residential College where she will live with a vibrant, closely knit community of scholars.
“I owe a huge thank you to my parents, who, despite not being able to be with me physically during the application process, supported me unconditionally at every step,” Yip says. “I would also like to thank Maria Walker, the international director at Wellington Girls' College, who went above and beyond to help me navigate the arduous US college application process, and my teachers at my alma mater who have supported me through my studies and extracurricular activities.”
Yip will be a ‘Trojan’ at USC. She says this means she will strive for academic excellence, personal growth and social responsibility. “As a Trojan, I take pride in being associated with the university's values and long-standing traditions. In particular, as a Trojan in the USC Viterbi School of Engineering, I am part of a community dedicated to building innovative solutions aimed at tackling tomorrow's greatest challenges head on.”
Yip was admitted into the computer science course but says she plans to take advantage of the offerings in the Information Technology Program (ITP) and pursue a minor in either cybersecurity or artificial intelligence applications.
“Given the dual nature of AI and its rapid proliferation, I am eager to make tangible contributions to the development of AI technologies that improve human life, be it healthcare or education, while also addressing ethical considerations such as bias, discrimination and privacy concerns.
“Viterbi offers a wealth of resources and programs to help me achieve this goal. For instance, I hope to participate in the USC Center for AI in Society Student
Prospective software developer and 2022 GirlBoss Award WinnerBranch (CAIS++), a group that is actively promoting the use of AI to address social problems such as education inequality, health disparities and climate change through research projects.”
When she completes her undergraduate education, Yip is contemplating joining the workforce or pursuing further study. “I have been exploring USC's Progressive Degree Program (PDP), an accelerated path that would allow me to earn both a bachelor's and master's degree in five years instead of six years,” she says.
A career in IT was not top of mind for Yip in her last year of schooling in Hong Kong. While it was compulsory in the equivalent of Year 10, in the following year Yip was pursuing other interests.
“My interest in ICT waned when it came to electives selection in Form 4 because I was primarily focused on pursuing a career in nutrition, which emphasised the natural sciences such as chemistry and biology,” she says.
It was the constraints of lockdown in New Zealand that led her to rediscover her interest in IT. “I stumbled upon a Web development course on Udemy and decided to give it a try,” she recalls. “Engrossed in the course, I lost all track of time and completed the entire course in two days. I built my very first website — a Wiki page for the Minions.
“What really piqued my interest in coding was the swift transition from conceptualising an idea to its execution. As an inquiry-based learner, I loved how I was able to play around with different concepts through tweaking a few lines of code and witnessing immediate results. Moreover, as a creative mind, I love the freedom and flexibility in web design, as it allows me to experiment with different design elements, and find innovative ways to enhance user experiences.”
Had Yip stayed in Hong Kong she would have been in the equivalent of Year 12, but was advised to drop a year when she came to New Zealand. “While I was initially apprehensive about being a year behind, it turned out to be the perfect path for me,” she says.
“This additional year enabled me to bridge any knowledge gaps and acclimatise myself to the new language, culture and curriculum with less stress.”
She faced many challenges in her new country with a different education system and a different culture. Greatest of them was her home-away-from-home environment.
Like many teenagers in Hong Kong, I was raised in a sheltered and pampering household. As a result, moving to a homestay and adjusting to the house etiquette and guidelines was challenging, occasionally leading to conflicts with my host parents. While better communication on my part might have eased the tension, I couldn’t help but wish for a more forgiving and accommodating homestay during the daunting transition period of leaving my home for the very first time.
“I remember moments of sitting on the staircase outside the house, tearfully calling my mother and begging her to apply for the guardian visa and stay with me. In hindsight, I am glad she did not. It was during tough times like these that I learned to stand up for myself and cope with adversity.”
Fortunately, Yip managed to find a supportive group of international friends at school, giving her some respite from her homestay challenges. Then, after three months, she secured a transfer to a homestay with a Malaysian family, just before the onset of lockdown. “Being welcomed into a family that shared
my Cantonese cultural and linguistic background brought a sense of acceptance and resonance I had longed for,” she says.
Another homestay host family had a big impact. “They went above and beyond to make me feel included, whether it was taking me on hikes, Zumba dancing classes, or my host sisters’ hockey training,” Yip says. “In many ways, they acted as my surrogate family when my real family couldn’t be by my side.
“My six month stay under their roof was one of the few growth spurts I had during my time in New Zealand. I evolved from a spoiled Hong Kong kid to a slightly more grounded and sensible young adult. As a family of athletes, their lifestyle transitioned me from a rather unfit workaholic to an active, natureloving person. Not to mention my host sisters who introduced me to a multitude of extracurricular opportunities, like the Duke of Edinburgh Program. My host mum even once woke up early in the morning to drive me to the campsite in Upper Hutt for my holiday tramps.”
On top of an unfitting initial homestay, Yip was grappling with the challenges of adapting to a new school environment and language while feeling uneasy due to the looming pandemic and her fear of potential discrimination.
“It took me a while to get my head around the NCEA system [New Zealand's National Certificates of Educational Achievement] and grasping intricacies of terms such as ‘internals’, ‘externals’, and ‘endorsement’,” she says. “However, thanks to the attentive guidance of our teachers, it didn’t take long for me to fully assimilate into the new school environment and education system.”
In many ways, Yip found the New Zealand education system to suit her better than that in Hong Kong. “The more laid-back school culture at WGC was beneficial to my self-esteem. In contrast, my previous school used rankings and a ‘tracking system’ that placed unneccessary pressure on students to surpass their peers and gain entry into the ‘elite classes’. Although this atmosphere fuelled academic excellence, it also fostered an unhealthy perspective regarding the purpose of education. Conversely, at WGC, the learning environment is notably more collaborative, and I was encouraged to progress myself rather than competing with others.”
In addition to adaption to an alien culture, overcoming accommodation challenges, adapting to a new school system and gaining a prestigious scholarship, Yip become involved in numerous facets of New Zealand life, and garnered some media attention. She has been reported as a volunteer at the Mary Potter Hospice, at Conservation Volunteers New Zealand and the Student Volunteer Army (SVA) where she won an award for clocking up more than 250 volunteer hours working to meet the UN Sustainable Development Goals.
She was also reported to have reinvigorated the International Club at her school, to have been a key player in the establishment of the Wellington
International Students’ Association, and represented her school in the National Ambassador program.
The Wellington International Students’ Association was founded only in 2020 and having left school, Yip is no longer actively involved, but still keeps close contact with the current executive team, which she describes as “a mix of domestic and international students who are eager to play a role in crafting an unforgettable studying aboard experience for international students.”
However, she has left the organisation with a set of potential intiatives.
“We hope to cultivate a stronger sense of community among international students via more consistent gatherings, be it study workshops, monthly potluck dinners, or festive holiday celebrations” Yip says. “In addition, we hope to establish an alumni network that fosters connections, provides mentorship opportunities and encourages alumni to contribute back to the association through guest speaker events, career panels, or mentorship programmes, whether they are at university or in the workforce.
“Once we have developed a sustainable and well structured framework, we hope to establish chapters in outlying suburbs and cities. It will open up exciting possibilities for international students, offering them access to exchange programmes and outdoor excursions. By venturing beyond Wellington, international students will have the opportunity to explore different parts of the country while forging new connections.”
With all these activities, it is hardly surprising that Yip confesses to being “a bit of a workaholic” who find fulfilment in being productive. “As a morning person, I like to get work done in a café before school. I tend to undergo bursts of productivity where I power through a lot of work in a short span of time without distractions. As a result, I am able to allocate time for my whānau [community] and myself in the evenings and on weekends.”
However her ‘me time’ seems to be just as frenetic. “I do what brings me joy and relaxation. These things include working out at the gym, painting, thrifting, bouldering, cooking, binge-watching Netflix, meditating at night, and going on tramps and hikes during term breaks mother nature is the best stress reliever for me!”
She says one of her volunteer roles — in an op shop — helped with her personal development and to adjust to the New Zealand culture.
“The people I volunteered with played a huge role in boosting my confidence and self-esteem. I had the pleasure of meeting some of the loveliest co volunteers, many of whom I still keep in touch with to this day. They created a supportive environment where I felt comfortable making mistakes, learning from them, and growing my skills and confidence. One of the great benefits of volunteering is that they welcome individuals from all walks of life, regardless of their experience level. This inclusivity provided an excellent starting point for someone like me who had limited prior work experience.”
“Over the course of two years, I not only gained valuable retail skills, but also developed my social skills, found a sense of purpose, and familiarised myself with the Kiwi work culture. These are all essential qualities that have driven me to become more engaged and proactive in other commitments.”
www.linkedin.com/in/jasmine-yyy
Kate Nilon has a security job most people probably do not even know exists, and if made aware of it, probably have a completely wrong first impression. She provides security and risk management services for sports teams at international events.
A challenging role, you might think, but she says her biggest challenge is not security per se, but “attempting to change people’s perception and understanding of what the role actually is and what specific skill sets are required to be successful in this position.”
She explains: “The main misconception is that this position is essentially a bodyguard role and therefore the best person for the job would be the biggest and strongest person in the room.
“Due to this frequent misconception, women operators are frequently overlooked, and their skills underestimated, because people believe we would not be as physically capable as a male operator and therefore we are disregarded as an option.
“In reality, physical intervention is a very infrequent occurrence, whereas utilising effective
communication in order to deescalate situations and successfully identifying potential risks whilst carrying out thorough risk assessments are some of the more essential skills required on a daily basis.”
In reality her role is extremely varied and good people skills are essential. “Communication is a vital tool in my role: conducting briefings on potential risks or threats is extremely important,” Nilon says. “I communicate daily with local law enforcement and other Government agencies to discuss any perceived threats or issues that may increase the clients risk profile.
“When I am not working away, a normal day will include communicating with sporting bodies and other clients about upcoming assignments and discussing their specific needs so I can allocate the appropriate resources and operators to the tasks. Another priority is maintaining regular contact with our operators based domestically and internationally, to ensure communication lines are always open. This allows me to remain informed of any changing risk profiles in the locations that may impact our clients events and respond accordingly.
“When working away, my day can consist of a wide range of things including conducting venue inspections, site familiarisation exercises and completing visual risk assessments prior to the team’s or individuals arrival. I will frequently review the security overlay at stadiums and hotels, consult with stakeholders and implement changes if necessary.
“The role also demands remaining up to date with countries’ risk profiles and government advice about where our clients are travelling to. This allows me to provide security and risk assessment reports to our clients, to ensure they are fully versed and up to date with any perceived risk or concerns I have identified.”
Nilon is Director of Security & Risk Management for Women’s International Sport at Eastern Star International (ESI), a company that provides security services around the world for high-profile individuals, corporate groups and professional sporting teams. She has been with the company, on and off, since 2008. Back then women in similar roles were almost non existent, which created further challenges: sexism, ageism and outdated views on females in security roles.
“Early on there were definitely times where I felt I was pursuing a career in an industry that didn’t have a place for me or other women for that matter,” she says. “I even took time out of the role to pursue other avenues, including completing my Bachelor of Criminology and Criminal Justice and working for the Department of Corrections in Australia and New Zealand for a period of time.”
Despite these career detours, Nilon says she always felt security and risk management in sport was where she wanted to be, and says staying with it has strengthened her resilience and proven to be the right decision.
“I realised if I was going to be successful in the industry I was going to have to push to create my own opportunities. Fortunately, with the passage of time, my perception has changed. I consider myself
extremely fortunate to have been in this role since its conception. It has given me the opportunity to see first-hand the positive changes being made to support growth in both security and professional sporting industries to become more inclusive and for women.”
It was family models that first drew Nilon to the role: male members working in sport security and risk management with professional sporting teams. “I always found their roles really interesting,” she says. “They were travelling the world to different countries, each one presenting its own unique safety risks and security challenges to be assessed, addressed or solved. I was drawn to the variety and problem-solving nature of the role from the start, and quickly wanted to find out how I could get involved.”
She adds: “The place for women within my type of role continues to evolve, the perception continues to change along with early stages of acceptance that women are well and truly capable of undertaking these roles.”
“I knew there were so many other women out there like myself who had transferable skills and knowledge from other career backgrounds but might not know this part of the industry exists or how to get into it. I continue to strive to make the role more widely known and accepted, and I am passionate about trying to create opportunities to commence a career in sport security and risk management more accessible for women.”
And changing that perception is a priority for Nilon. She wants to educate clients, potential clients and others in the industry, about the different perspective and skill set a female operator can contribute, and the positive impact they will have. She also wants to get more women into the role.
“I knew there were so many other women out there like myself who had transferable skills and knowledge from other career backgrounds but might not know this part of the industry exists or how to get into it,” she says. “I continue to strive to make the role more widely known and accepted, and I am passionate about trying to create opportunities to commence a career in sport security and risk management more accessible for women.”
According to Nilon, awareness rather than the skills shortage represents the biggest barrier to getting women into the role. “I find many people that come from other security related backgrounds where they have built their skills and ability to conduct risk assessments, engage in de escalation techniques, use direct communication or security training/ experience etc, usually have the solid foundations required to build on for roles similar to mine.”
However, with overseas assignments that can last up to three months, she acknowledges the role can present some particular challenges for women with young children, or even when they have significant family events. “This continues to be an area I am
focused on improving and finding better ways to facilitate work/life balance for female operators.”
Potential sports security women are also likely to face other challenges. “It won’t always be an easy path in the industry, there are some fantastic people involved but not everyone will want you there,” Nilon warns.
“A lot of people can’t imagine you sitting at the table and won’t offer you a spot. Despite that, never underestimate yourself and what you have to offer. Have the confidence to back yourself, to build your own chair, and create your own place at the table instead.”
For Nilon, having a good employer made all the difference. She cites ESI’s owner, Reg Dickason, as her biggest influence and supporter.
“His shared appreciation of how important it is to create opportunities and promote industry growth, and his continued support of my goal to move away from what this role traditionally looked like have been extremely helpful.
“He has embraced my passion for creating roles for more females in the industry, as evident when we were the first company ever to provide female operators for the 2020 ICC Women's T20 World Cup in Australia. It is this type of ongoing support from within the industry that will allow myself and others to continue to evolve the role, and therefore the industry, in a positive way.”
www.linkedin.com/in/kate-nilon
Cyber response expert at Ever Nimble
When Felicity C decided to get into cybersecurity, she did not do things by halves. In 2021 she commenced a course for a bachelor’s degree in IT and cybersecurity at RMIT University and got a job with Perth based managed services provider Ever Nimble where she is now a cyber response expert.
Then she applied for, and was accepted into, the 2022 cohort for the Australian Defence Force’s Cyber Gap program, a 12-month online program designed to enhance participants’ skills and employability in cybersecurity. It was started in 2020 as part of a cyber resilience and workforce package to bolster the nation’s sovereign cyber workforce capability. To qualify participants must be enrolled in a cyber qualification at university or TAFE.
Felicity did well to be accepted: only some 250 places were available and there were 1300 applicants. “I’m not too sure why exactly I was selected,” she says. “Through the selection process I was just very honest
about my knowledge, experience, goals and career aspirations in cyber. I believe honesty and passion can take you far in life. I was also quite confident in my knowledge on the current state of cyber in Australia and defence, but at the same time very inquisitive for its future state.”
So, Felicity was balancing the 12-month online Cyber Gap program, a Part time job and full time university study, but has no regrets. “The Cyber Gap program was definitely rewarding, and I am very glad I did it,” she says. “To manage, I just had to make sure I was on top of all my uni work and stay organised with times I would study. From doing this, I definitely developed strong skills in organisation.
“Apart from the cut off time, there was no due date for the study content, and it was all self-paced. This meant I could do most of it during uni breaks or when assignments died down. Throughout this program I also had a mentor who helped me with creating a study plan and balancing my commitments. I’m very grateful for him as this was a big help.”
Felicity says the biggest benefit she gained from Cyber Gap was an understanding of where she wants to take her career. “Cybersecurity is a field with endless possibilities. It can often be difficult to have a set path you want to take since the field is relatively new and intertwined with many sectors. At the end, I set several career goals for after university. I also now know what to focus on in my studies, where my strengths are and where I need to upskill.
“I recommend this course to anyone with even the slightest interest in cyber. The program was not specific to any specialisations. People involved ranged from those with several years’ experience in cyber to people making their first steps in learning about it.
“Aside from the training content, I enjoyed meeting people and interacting with my mentor group. All participants in this course were lovely, intelligent people. It was great to hear their backgrounds and aspirations, especially since everyone’s backgrounds and aspirations were so different.”
In 2022 The Cyber Gap program was run in partnership with Australian cybersecurity company Cybermerc which provided the program’s online cyber skills modules and online cyber skills challenges.
The program included a week long conference in Canberra at which Cybermerc also presented, along with others from the ADF, Government and the private sector. “It was an amazing opportunity to meet my mentor group in person, as well as likeminded people who have strong interests in cyber,” Felicity says.
“From it I made connections, gained insight on the direction of cybersecurity: what is needed in the field, problems that need greater attention. Overall had a really fun time.” www.linkedin.com/in/felicity-c
Jaya De Silva is bid manager for Sekuro, a Sydney based cyber security and digital resiliency solutions provider. It offers services in governance, risk and compliance, technology and platforms, offensive security and managed security.
She joined the company after almost two decades in contract and bid management roles with various companies. Sekuro is her first in the cybersecurity industry. She says she was drawn to cybersecurity after seeing the impact of large scale attacks such as WannaCry and Stuxnet. “I could see this was the next phase of global threats and the new age of war. This was a threat that would affect every single person in society.”
In addition she credits her previous managers as being major influences on her career trajectory, for “in some way, shape or form, having given me advice, a learning experience or a challenge that has made me realise my strengths in what I do and how I do it.”
With a double degree in law and marketing De Silva initially planned to become a lawyer but, after working in the profession for three years at various levels, she “realised it wasn’t dynamic enough for me.” So she embarked on a career in business, which was “not something I would have envisaged when I started out.” However, it led to her current role. Lacking any technical knowledge of cybersecurity, she had some doubts about the decision, but overcame them.
“What has helped is understanding the critical role I play in the company and in serving our customers,” she says. “My role is essentially to be the nontechnical person in the room to bring it back to why we do what we do for our customers and community.”
Sekuro was created in October 2021 by the merger of four Australian companies: Solista, CXO Security, Privasec and Naviro. De Silva joined in March 2022 and says bringing the contract bidding function of the four companies together has been both insightful and challenging. “I knew I wanted to work for a company that was ever-changing and always innovating. This is what keeps it fun and keeps you learning.”
She describes her role as being a mix of marketing, governance and process. “You need to know a lot at a high level about every facet of your business and your customer’s business and vertical. It helps you to understand what your customers need and why, where they are moving to next and how you're going to help them get there. It also helps you to know who to bring in and when.”
She finds the most rewarding part of her role to be watching the bid process unfold. “I’m part of the action of shaping our capabilities and solutions and mapping these back to how that will help deliver outcomes for our customers. Then, fast forward a few phases and I get to hear the positive customer feedback on how we have successfully delivered on this.”
De Silva’s next career move is to gain some formal leadership qualifications. She is starting the Emerging Leader Program at the Australian Graduate School of Management and hopes to gain a Graduate Certificate in Leadership. Then she plans to study environmental and social issues in the context of corporate governance, saying it is now mandatory for companies to focus on these issues.
www.linkedin.com/in/jaya-de-silva-08987b20
With an affordable annual fee, AWSN members will have access to discounts on programs and industry events, the membership Slack space, post or share job opportunities, and receive our monthly and any special edition newsletters
Sometimes small and seemingly insignificant events can change a career. Thus, it was with Blessing Usoro, studying for a bachelor’s degree in telecommunications engineering at the Kharkiv National University of Radioelectronics in Ukraine.
“An old friend mentioned that he had just enrolled in security training and asked if I was interested,” she recalls. “I was always intrigued by the movies and how hackers could extract information in seconds. But, most importantly, I wanted to understand data transfer and its protection.
“It was during the summer, so I said, ‘why not?’ I had some money, so I paid for the summer training. It was on ethical hacking; information gathering, reconnaissance and social engineering. I had a very interesting summer, learning about security, how to gather information from a person or organisation and how to exploit them using the information acquired. This led me to building skills in ethical penetration testing and email harvesting.”
By the time Blessing had finished her bachelor’s degree (she graduated with first class honours) she
knew she wanted a career in cybersecurity, so she enrolled for a Master of Engineering in Information and Network Security at the University of Limerick, in Ireland.
Today, Blessing is based in Dublin where she is Senior Information Security Manager at a private investment firm with offices across Europe and the US.
However, her career journey encountered a few bumps on the road. Blessing says she had no second thoughts about pursuing a cybersecurity career until her third year in the industry. “I had a difficult manager who made comments about how I may be better in a pre-sales role than an engineering role,” she says.
This was not the first time aspersions had been cast on Blessing’s engineering abilities, first class honours degree and security qualifications notwithstanding.
“During my master’s in 2016, my class was scheduled to meet with a potential employer from the US,” Blessing says. “The employer’s rep had a 15-minute schedule per student, and with each student that came out of the room, their faces looked sad and downcast. I went in had my own interview.
“I was asked when I first used a computer. When I answered, the interviewer said, ‘my mates started much younger’. He also said maybe engineering wasn’t for me, and he could be wrong, but would advise me to look for something else ‘It doesn’t have to be security’.
“This was a funny statement because at that time, I was a certified ethical and professional hacker. So, I smiled and left the room. I didn’t have second thoughts, but I was worried about the environment I was getting into, one where women are made to feel less, or not good enough, to deserve a seat at the table.”
She adds: “I think the industry isn’t kind to people who are transitioning into cyber from other roles. I have observed and experienced how difficult it is for those people. While there are various programs to support them, as well as initiatives for women, I have seen companies delay or renege on their promise to give people a chance.
“We have seen surveys and reports that say there will be millions of jobs left unfilled in the next five years. And we have a lot of people working tirelessly to gain the skills required to get into the industry, but the lack of a bachelor’s degree or master’s in cybersecurity or an IT related course poses as a hindrance to them.”
To try and address this problem, Blessing founded Cyber for Schoolgirls an organisation in Ireland which aims to tell secondary school girls about cybersecurity as a career path.
“We are trying to do our best to close the gender gap in the industry,” she says. “I still have hopes that the industry will be more accepting of people from non technical backgrounds or non-IT/cyber backgrounds. There’s room for more diverse backgrounds.”
Blessing herself has held five different cybersecurity roles: security analyst, security engineer, security consultant, information security manager, head of security, and her current role as senior information security manager. The latter, she says is “preparing
me for a chief information security officer (CISO) position in the future.”
Blessing describes her first role as “strategic positioning for my career.” While studying for her master’s degree in information and network security she wrote a thesis on one of the critical responsibilities of a security analyst: monitoring of attacks and configuring intrusion detection systems.
“When I was job hunting for security analyst roles, I would submit my thesis to show the employer I understood the role I was applying for,” she says. “This helped get me in the door.”
To further prepare herself for a future CISO role, Blessing is now studying for an executive master’s degree in cybersecurity management at the Solvay Brussels School of Economics and Management.
She says this is an important qualification for her, “because, unlike my first master’s degree which was in information and network security, this teaches me how to play the role of a senior executive within a company: how to liaise with CEOs, CFOs, CROs and board level members, and support business initiatives.”
She adds: “I believe it is important for security leaders, or the head of the department, to understand the business needs and how to grow the company. Security is not a profit centre for the company, but a mature security department within the company saves the company a lot of money. If implemented right, breaches can be prevented and, when they happen, the business can continue to operate.”
Blessing also undertakes continuous learning to stay up to date on emerging threats, technologies and best practices in information security. She has obtained relevant certifications including Certified Information Security Manager (CISM) and Certified Information Systems Auditor (CISA) and says she also speaks at industry conferences and events to gain insights into the latest trends and practices.
“I regularly follow reputable security blogs, podcasts and websites such as Smashing Security, SANS Institute, KrebsOnSecurity, Dark Reading and Threatpost, among others. These sources provide timely updates, analysis and research on emerging threats, vulnerabilities and best practices.
“I actively participate in professional networks and organisations such as ISACA, CISO network, the European Cyber Security Organisation (ECSO), Ireland CISO network and the VigiTrust [a provider of SaaS governance risk compliance solutions] advisory board. I believe in the power of collaboration and information sharing. Engaging in knowledge sharing forums, online communities and social media groups allows me to learn from peers, discuss current issues and gain insights from diverse perspectives.”
In line with her own broad, and growing, education background Blessing has a long list of subjects she advices aspiring cybersecurity professionals to study: a bachelor’s degree in cybersecurity or a related subject; computing skills; information systems, security systems, cyber defence, ethics, law, policy, data communications, networking, digital forensics, penetration testing and ethical hacking.
“You do not need to be an expert in any of these topics, you just need enough information to get you through the door,” she says. “Cybersecurity professionals also need to have a range of soft skills to be successful. These include communication, problem solving, networking and being a lifelong learner. Everyone in cybersecurity is learning on the job, even people with 20 years of experience. And, in addition to formal education, you should also
have a detail oriented, analytical, collaborative and improvisational mindset.”
Security professionals will have a great need to learn on the job and will need a wide range of attributes if they are deal with the growing threats Blessing sees emerging in the next couple of years.
“Cybercriminals are continually improving their techniques and tools, making cyber attacks more sophisticated,” she says. “Advanced persistent threats (APTs) are becoming more prevalent, with attackers using stealthy tactics to infiltrate networks, remain undetected for extended periods and steal valuable data.
“This trend is likely to continue, posing a significant challenge for organisations. Ransomware attacks have been on the rise in recent years. Attackers are increasingly targeting high value targets such as critical infrastructure, healthcare systems and government agencies.
“With the proliferation of emerging technologies like the Internet of Things (IoT), artificial intelligence (AI) and cloud computing, new attack vectors will emerge. IoT devices, for example, often lack adequate security measures, making them attractive targets for attackers seeking to exploit vulnerabilities. As these technologies become more prevalent in various sectors such as healthcare, transportation and smart cities, securing them against cyber threats will be critical.
“AI driven deepfake technology enables the manipulation of audio and video content to create highly realistic forgeries. Cybercriminals can use this technology to impersonate trusted individuals, such as executives or colleagues, and deceive targets into disclosing sensitive information or performing actions that can be exploited. Deepfakes can amplify the effectiveness of social engineering attacks, making it harder to detect fraudulent communications.”
www.linkedin.com/in/blessingausoro
Global CISO at Secure Meters Limited
Mini Sharma is Global CISO of Indian multination Secure Meters, a company supplying metering products and services for all kinds of energy at all stages of the value chain: from production to consumer consumption. It has more than 6500 employees and facilities in nine countries.
“We are a metering company with expertise spread over the entire energy stream, from the generation of electricity, gas and heat to their final consumption, adding value at every point,” says Mini. “We provide solutions and services that help in energy saving opportunities at various points in the energy stream and address them by combining technology, innovation and a customer centric approach.
“Our focus is to help users of energy in homes and workplaces reduce energy waste revenue management, power quality and energy efficiency and enable users to save money, reduce energy consumption and facilitate comfortable living.”
Mini describes her journey into cybersecurity as being “quite unconventional.” She has been with the company for almost 20 years but prior to taking on her current role had no security experience – she came from a software engineering background and had ambitions to be a dancer, a career for which she trained for 18 years.
She says she had doubts initially about her ability to fulfil the requirements of her cybersecurity role. “I was vaguely aware about the importance of application security and compliance, but the concept of cybersecurity was new to me. The more I got into it, the more fascinated I became about cybersecurity, and my curiosity developed into interest, and interest became a passion.
“What sparked my interest was reading stories about how cybersecurity professionals were working towards helping organisations combat cyber crimes. Today I feel honoured that the organisation chose and trusted me to take up such an important role, where there is a lot to contribute; from fostering a security culture to driving initiatives to integrate security with people, process, technology and business operations.”
After taking on her role Mini says she went on a three month self learning spree to read through the digital resources available across various platforms. “This included basic to advanced level self-certification courses, videos, presentations audio books. This helped me gain a conceptual understanding of the subject along with practical applications in the industry and put in place a 100-day action plan.
“I read a few books recommended by some expert CISOs that further enriched my understanding of the subject and broadened my perspectives on cybersecurity. Spam Nation by Brian Krebs is one of my most recommended books. It dives deep into the history and evolution of cyber crimes and unmasks the criminal masterminds of hackers and spammers.”
Mini says taking on a senior cybersecurity role in an organisation where she already worked was a mixed blessing. “It offered a lot of benefits in terms of operating in a familiar turf, and reduced the challenges. But I also realised that, having worked for more than a decade and a half in the same organisation, it was important to come across as a seasoned cybersecurity professional rather than a beginner.”
Mini was inevitably somewhat apprehensive about stepping out of her comfort zone and taking on a role that directly impacted the business and one in which she would be constantly in a line of fire.
“I had a fear of the unknown considering that this is such a new subject and much of what I had done and learnt was about to change. But as Mandy Hale [New York Times bestselling author and speaker and the creator of the social media movement The Single Woman] said, ‘change can be scary, but you know what’s scarier? Allowing fear to stop you from growing, evolving and progressing’.
“I decided to join a few CISO communities to gain knowledge from experts and understand how they operate. This was extremely helpful as it offered me a platform to collaborate, share and understand how various industries are fighting the cybersecurity threats and how to anticipate challenges.”
Today Mini says her greatest challenge is juggling priorities, striking a right balance between security, cost and business, by understanding where the greatest risks lie.
“Implementing security has a cost and requires time. When you recognise a warning sign, the business sometimes has a conflicting view on the necessity of implementing the controls, considering the cost, effort and cultural change that has to be made to address systemic issues.
“These issues could be harbingers of potential security issues, pointing towards a problem that is
simmering until it causes a breach or cyber security incident and puts the organisation into a crisis mode.
“It is challenging to make business leaders see the value of investing time and resources when they already have multiple competing initiatives required for solving underlying business issues.”
However, as she grew into the role and gained a deep understanding of the relationship of security to the business, there was no looking back. “Today, seeing the value that cybersecurity delivers to business there is no doubt that this was one of the best things to happen for my career.
“The fact that I am accountable for building a cyber culture is what I find the most rewarding part of the role. Building a culture-driven approach to security with the right balance between policies, values and trust is key. Being accountable to ensure that there are no weak points in the system — through education, technology and process — to build a cyber savvy, cyber smart and cyber secure ecosystem is what brings immense satisfaction to me.”
She says security is of paramount importance, not only for the company’s operations, but for the products and services it provides.
“It is not only a national security concern but also to protect valuable personal data and a host of value added services that protect revenue and are important for day to day utility operations to provide electricity and power to the consumers.
“The evolution of disruptive cyber crimes and digitalisation along with the changing geo political situation have made the energy industry one of the most critical components of national infrastructure, needing the highest possible grade of security.”
Mini says she starts each workday with “energetic discussions on security risk assessments, governance meetings, incident analysis, policy and process formulation discussions with
teams. There are often changes in priorities and interruptions triggered through compliance and regulatory requirements.”
And she expects the threat landscape to evolve significantly in the near future, with the attack surfaces and attack vectors becoming increasingly complex.
“We have to accept that security will always be breached at some point or other, and there is no single security solution that offers 100 percent protection. Hence it is important to transition from a culture of building fortresses to building resilience. The next two years are expected to see a change in threat landscape with supply chain threats. These are the easiest entry point for threat actors.”
Mini says organisations face growing supply chain threats as a result of their inability to control how those operate.
“Open source components, third party components with possible malicious content are emerging as some of the most threatening scenarios. And the cascading nature of supply chain attacks makes it difficult to assess the full extent of the damage or implication caused. A recent example is the 3CX attack which was traced to an employer’s PC. The ripple effects are sometimes unknown.”
Cybersecurity firm Mandiant, which investigated that attack on VoIP company 3CX, said the supply‑chain attack had originated with another, prior supply-chain attack.
With the constantly evolving threat landscape and the continuously changing cybersecurity expectations of customers and governments, Mini says it sometimes becomes difficult to decouple and switch off from the job.
“But I have been lucky in managing to strike a right balance between my profession and self care by staying relevant and up to date, by attending conferences and knowledge sharing sessions, and through reading and researching to keep up with industry trends.”
And to decouple and switch off, Mini draws on her 18 years of dance training. “Staying physically fit is a commitment to myself which I do through my regular running challenges and dance routines.”
Mini sees artificial intelligence playing an increasingly important role in cybersecurity defence and offences.
“AI based tools offer significant benefits to the cybersecurity industry in helping with real time detection, reducing the time to respond to cyber threats and providing continuous improvement through pattern-based analysis of historical data.
“AI is also used for offensive cyber strategies. The threat actors leverage AI to build new malware and plan and execute cyberattacks that are sometimes unimaginable.
“With cyber attacks becoming more sophisticated and complex it is become increasingly difficult to implement quick resolutions through manual interventions. This is where AI plays a significant role in strengthening digital protection by helping to analyse large amounts of data in real time, and helping to quickly detect patterns and user behaviours, which it is not feasible to do manually. While AI is not a replacement for human expertise, it is emerging as one of the most powerful aids to combat cyber-crime.”
www.linkedin.com/in/mini-sharma-6b273787
Persia Navidi is on the legal side of the cybersecurity industry. She is lawyer with Hicksons Lawyers in Sydney working on legal matters relating to cyber, insurance and climate risk.
So, it is perhaps not surprising she sees developments in Australia’s legislation and regulation as the source of the most significant developments in cybersecurity over the next two years. She says these changes will reshape cybersecurity, privacy rights and data retention in Australia, adding: “It’s not a moment too soon because the cyber risks in our modern, digital world have outpaced our laws and regulations.”
First cab of the rank, Navidi says, is likely to be a significant change to the Privacy Act 1988 (Cth) (Privacy Act). “The Privacy Act Review Report, released in February 2023, makes 116 proposed changes to the Privacy Act, including: potential removal of the small business exemption, increased enforcement powers for breaches, amendments to the notifiable data breaches scheme, new requirements around security, retention and destruction of personal information, the introduction of a ‘fair and reasonable’ test, increased rights to the individual, including a direct right of action to individuals to apply to the courts for interference with privacy, and the introduction of a statutory tort for serious invasions of privacy.”
She says these changes would impact ordinary Australians and businesses. “Removing the small business exemption, for example, will result in millions of Australian businesses being required to comply with the Privacy Act, which they have not been required to do in the past, and the increased enforcement powers can be expected to result in more fines and penalties being issued against organisations.”
She expects these developments to boost cyber security across all organisations as they assess the need to hold data and how to appropriately de identify or destroy data once it is no longer required. She also expects them to boost the insurance industry, through an increase in claims and an increase in the demand for cyber insurance policies.
“The increased rights of the individual will lead to more third party claims against businesses and corporations — something that organisations and their insurers will no doubt be watching closely. As a result, I believe there will be a greater focus on cyber insurance. After the major breaches of 2022, many organisations have reassessed both their cybersecurity and their overall risk management frameworks. Cyber insurance is an important method of risk transfer and a key aspect of an organisation’s overall management of cyber risk.”
Navidi also expects the changes to the Privacy Act to impact the cyber insurance industry. Most claims today are made by insured business for the cost incurred in responding to a cyber incident. With the greater enforcement powers proposed for the Privacy Act, she expects to see more third-party claims: fines, penalties and compensation payable to third parties.
“It will be interesting to see how Australian businesses and the cyber insurance market responds to this.”
Navidi holds a Bachelor or Laws degree from the University of Sydney and says she came to cyber law as a result of working in insurance law, primarily financial lines (specialising in directors’ and officers’ liability insurance), an area in which she still works. She says the transition to cyber law was a natural progression “because boards, directors and their executives often face liability risks following cyber breaches.”
Navidi describes cyber law as “an exciting fast developing area of law” in need of more lawyers. “We need passionate people with a genuine interest in the area who want to be part of the solution. There is no shortage of work to do in this space as we bolster our cybersecurity as a nation, so if you are thinking about transitioning into cyber – go for it.”
She adds: “Having worked in this area for a number of years and assisted clients through complex cyber issues, it’s extraordinarily rewarding and a privilege to be able to mentor the next generation of cyber lawyers as they enter the profession, and I truly value this aspect of my role.”
Navidi says the fast-paced, constantly evolving nature of cybersecurity first drew her to the industry. “Every day, there is a new development in cyber. Right now, Australia is in the eye of the storm from a cybersecurity and cyber risk perspective, with the development of laws and regulation in response to the local and global challenges.”
She was also heavily influenced as a millennial observing and being impacted by the rapid changes in technology that took place in the early years of this century.
“I witnessed first-hand the transition from children submitting handwritten school assignments and only using a computer fortnightly — usually a big colourful Apple desktop — while attending dedicated ‘computer’
classes, to a world where computers fit into the palm of your hand and are embedded in schools, homes and workplaces.
“Being part of this transition has influenced my desire to pursue a career in cyber risk, and I am grateful to be part of the solution, assisting clients in managing and mitigating the cyber risks that impact their organisations, responding to cyber incidents and guiding clients on their compliance obligations with the ever-changing legal and regulatory landscape.”
Navidi also shares her knowledge through participation in several industry bodies: the Australian Information Security Association (AISA), the Australian Professional Indemnity Group (APIG) and the Australian Women in Security Network.
“Being associated with various industry organisations has enabled me to not only meet some outstanding experts in cyber, but to also add value to the community and industry by sharing my knowledge and insights,” she says. “Collaboration is key in cyber, and I find value in being able to share stories and insights with peers and fellow cyber professionals.
“As an active member of the AISA, I am able to learn from industry experts, while simultaneously sharing my legal expertise. I’ve greatly enjoyed being a panellist at their events and presenting at their annual Cyber Conferences in Melbourne and Canberra on topics including the reforms to the Security of Critical Infrastructure Act 2018 (Cth) (and what that means for business), How Directors can Mitigate their Cyber Risk, and Cyber, Privacy and the Boardroom.”
Navidi is an elected committee member of APIG, a role that enables her to collaborate with fellow committee and industry members to organise industry wide events on relevant cyber and insurance issues.
www.linkedin.com/in/persia-navidi
"When women work together, they become a force to be reckoned with. Be part of a force for good in the security industry, by joining the AWSN Explorers program today!"
S t u d y i n g o r a n E a r l y C a r e e r P r o f e s s i o n a l i n i n f o r m a t i o n s e c u r i t y ?
L e a r n m o r e a t . a w s n . o r g . a u / i n i t i a t i v e s / a w s ne x p l o r e r s /
- Liz B, Co-Founder
Cyber Enthusiast, Ethical Hacker, Author of A hacker I am vol1 & vol2, Male Champion of Change, Special Recognition award winner at 2021 Australian Women in Security Awards
I have been in this industry for what feels like a lifetime: more than 20 years in both ICT and cybersecurity roles. I think my history makes me a dinosaur in the tech world: a member of the old guard. I have seen the change, how the digital world has merged with the real world. I think in years to come it will be harder to tell which is the real world and which the digital world. That idea gets my creative side humming: I come up with potential scenarios I could write about in one of my future books (a thought for another time maybe).
I started my career back in the very early 2000s with a traineeship at my local IT shop. I was naturally skilled in anything electronic. Given time I could figure out how something worked. I was stubborn and would keep digging until I understood it. Well, understand it well enough to know what it did or how I could at least get it to do something I wanted it to do. (This made me a good candidate for pentesting back then. I probably would have hired myself).
I had already completed a Certificate 3 and Certificate 4 in IT at my local TAFE after finishing school and while working as a security guard and bouncer at local night clubs (This was not something I wanted to do as a career but a means to an end). When I approached the store all those years ago, I was not concerned that I did not already have five years of experience. I did not think about needing qualifications like CISSP, CISM, OSCP or multiple degrees. I was just a young man who liked tech and wanted a job doing something I loved. Life seemed much simpler back then.
I had a hunger to learn new things and I just needed a start, someone who would take a chance on me, let me learn and even make a few mistakes. That someone was called Andrew. He was the man who
gave me my first shot and allowed me to prove myself. It was a gift that instilled in me the desire to do the same for others: to take a chance on the next generation, to put in extra work so they could learn, make mistakes and ultimately figure out if this industry I love was the place for them.
I hear the excuse all the time from my peers in the industry: we don’t have time to teach people. We need someone who already knows how to do the job. I get that. We are all busy people. I certainly am, with all the different hats I wear. But let me put something to you: can we afford not to take the time to teach?
If, as an industry, we do not embrace the equity charter across education, employment and the workforce in general we will remain stuck in the loop we have been in for years. No one is bringing in much new talent. All we old guards in the industry are getting tired. Some are already leaving and the salary expectation of anyone with an ounce of skill or experience is massive.
To fix this we need to return to the days when I got my first shot. We need to create a cybersecurity traineeship program. We need to be like the building trade or the electrical trade. We need to hire people and put them through a TAFE or university course as part of the first one to two years of being employed. Now, this will not be easy. It will likely be the opposite. Cybersecurity is a difficult industry to work in. We will get many people failing in the initial phase. That is okay. It is a feature of the industry, and we have no need to apologise for it.
However, we do need to create opportunities for people to start a career in cybersecurity or we will continue to see many amazing people who could have been spectacular contributors walk away
because they hit too many roadblocks trying to get their start. That is a serious matter, and we cannot complain about a skills or experience shortage when we as an industry are doing nothing to fix it.
The responsibility does not lie only with the industry. New entrants need a reset on expectations. They cannot expect to gain a Certificate 4 in cybersecurity and then start work on a $100k annual salary. That is not reality. Yes, the industry pays well, and everyone deserves to make a good income, but new entrants need to earn their stripes, not be handed them on a silver platter.
When I first started I was on $20k a year, or maybe less. It was horrible money for a tough gig, but I worked hard, built my skills and quickly worked my way up from trainee to become the lead technician for the business. That was a long time ago (showing my age a little) and I am not saying starting wages should be that low, but I am saying let's not be silly about this, let's be fair to both sides, pay early career workers a wage appropriate for the skills and experience
they have and give them a pathway to earn more as they grow.
Let us stop blaming everyone else, embrace the need to educate and support the next generation of cyber professionals and set fair expectations for what someone should be paid in the first phase of their career.
Let’s change the way we see the industry. Let’s be more open to new ideas and let's just give people the opportunities many of us were given.
www.linkedin.com/in/craig-ford-cybersecurity
www.amazon.com/Craig-Ford/e/B07XNMMV8R
www.facebook.com/AHackerIam
twitter.com/CraigFord_Cyber
RICKI BURKE
In the rapid changing world of cyber security we're always hunting for fresh perspectives, new solutions and innovation. These fresh perspectives are not just nice-to-haves; they're the lifeblood of progress. The diverse population of our society holds the key to this necessary innovation, and among this population, neurodiverse people are an untapped gold mine.
According to the National Symposium on Neurodiversity, up to one in seven people are neurodiverse, along what is known as the 'neurodiversity spectrum'. This spectrum spans Autism Spectrum Disorder (ASD), Attention Deficit Hyperactivity Disorder (ADHD), Dyslexia, Tourette Syndrome and other conditions. Yet, despite their prevalence, employment rates for neurodiverse individuals are staggeringly low. The National Autistic Society in the UK, for example, states that only 22 percent of autistic adults are in any kind of employment. This, to put it plainly, is a huge waste of potential.
Last year, at the AISA Australia Cyber Conference in Melbourne, I had the privilege of running a careers village. One session that struck a chord with attendees was a panel on neurodiversity in cyber security. This was the last session of the day yet the most attended of the career village. The panel was open and engaging and provided a platform for participants to share their experiences. There was a definite buzz suggesting that, not only do roles in the industry play to the strengths of neurodiverse folk, but we absolutely need their unique viewpoints.
CYBER SECURITY NEEDS NEURODIVERSITY
Why is neurodiversity important for cyber security? Well, these conditions, often seen as impairments, can also give those affected by them a unique lens through which to view the world, thereby bringing novel ideas to the table. People with ADHD, for example, often display exceptional creativity and 'out of the box' thinking — skills that are invaluable when trying to anticipate cyber threats. Similarly, individuals
with ASD can have outstanding attention to detail and a high tolerance for repetitive tasks, making them excellent candidates for roles requiring deep dive analysis or extensive coding.
However, acknowledging the value of neurodiverse talent is not sufficient. As an industry we need to make cyber security an inviting place for these individuals. Creating a truly inclusive workplace requires more than just acknowledging diversity or making room for it. It requires conscious effort and initiative to make neurodiverse individuals feel welcomed, accepted and valued for their unique contributions.
Acceptance of neurodiversity needs to start with recruitment. Unfortunately, traditional recruitment practices are often unsuitable for neurodiverse individuals who might struggle with a requirement to submit a formatted CV and with formal interviews, or feel discouraged by the mere thought of disclosing their condition. The problem is not their ability or potential; it's how we have structured our recruitment processes. Thus, we must redesign these to be more accommodating and less intimidating. For example, we could consider skills based tests or trial periods instead of traditional interviews.
But inclusion does not stop with recruitment. Employers should also aim to provide neurodiverse employees with a comfortable working environment. This could mean offering flexible working hours, allowing remote work, providing noise cancelling headphones or creating quiet zones within the office. Furthermore, fostering a culture of acceptance and understanding among all employees is crucial to ensure everyone feels valued and respected.
Companies need to be more open about their efforts to create supportive environments. It is all well and good to have these measures in place, but if they need to be communicated internally, how will potential neurodiverse candidates know their organisation is a safe space for them?
Neurodiversity is not a limitation but a reservoir of untapped potential. With thoughtful changes to our recruitment and work practices we can create a more inclusive and diverse cyber security industry thereby reaping the benefits of these unique perspectives. It is time we recognised the power of neurodiversity. Not only would such recognition significantly boost our cyber security arsenal, it would also pave the way for more inclusive practices across other sectors.
Recognising the power of neurodiversity would also foster a workplace culture that includes and cherishes neurodiverse individuals. We would build a workforce that genuinely reflects the diversity of our community and contributes to our future resilience and success. A concerted effort from all stakeholders — industry, academia and the community — is needed to bridge the gap between rhetoric and reality to make cyber security a truly welcoming field for all.
It is important not only to safeguard our systems well but also to value each individual contributing to that security. By integrating neurodiverse talent into our ranks, we are not only doing the right thing, we are doing the smart thing. www.linkedin.com/in/cybersecricki
NOMINATIONS ARE STILL OPEN UNTIL 30 TH JULY SO
NOMINATE YOUR CHAMPION TODAY
GET YOURS QUICKLY
BEFORE WE GET BOOKED OUT
John Taylor MedHealth
Matt Tett AWSN
David Gee Macquarie
Carla Coslovich Crown Melbourne Jacinta Carroll
Timothy McKay OKRDY
Duncan Alderson PwC
Dune Sookloll Horizon Power
Laura Lees Citi
Danielle Pentony Australian Digital Health Agency
Lisa Nunn BHP
Kay Messina JLL
Tannya Follington PwC
Maxine Harrison Transport for NSW
Elrich Engel AMP
Audrey Hanson Bluescope Steel
Kylie McDevitt InfoSect
Tom Gregory Westpac
Celeste Lowe Nine
Alexis Ewing Centitex
Mark Cross Boeing
Signing onto formal diversity, equality and inclusion (DEI) charters has become a popular way for corporations to differentiate themselves in the eyes of employees, managers and potential recruits alike. Yet, recent statistics suggest many industries are still struggling to convert theoretical support for diversity into real change, despite the promise of DEI charters to drive the creation of a diverse workforce.
For example, 16 percent of women surveyed in the recent World Federation of Advertisers (WFA) 2023 Global DEI Census said they were likely to leave the marketing industry due to the impact of working in DEI-deficient workplaces.
The figures from the survey – which included nearly 13,000 workers in 91 countries – were even worse for other groups, with 17 percent of LGBQ+ workers, 22 percent of respondents from ethnic minorities and 24 percent of disabled respondents expressing their
dissatisfaction with the current DEI climate in their organisation.
Despite the expectation of cultural improvement resulting from high adoption of DEI initiatives, survey respondents said the overall level of inclusion in their organisation had not changed appreciably since the previous survey two years earlier.
Age, gender and family status were flagged as the most common forms of discrimination across the board, with 41 percent of women saying family responsibilities still hindered their careers. Ans while there were improvements in overall metrics in New Zealand, South Africa and Ireland, respondents also noted declining DEI experiences in Hong Kong, the Gulf states and the Netherlands.
“There’s not a lack of people recognising the importance of DEI in the industry,” said Jason Mander, chief research officer with Global Web Index (GWI), who noted that, despite widespread enthusiasm for
Meeting diversity best practice is not always easy, but your workforce will benefit
DEI, the real issue remains “the level of action needed to really impact change.”
“This is something we see as a trend in global data with important topics people clearly care deeply about, such as DEI and climate change,” he said. “What’s challenging is converting that concern into the work and change needed across the industry and beyond to make a difference. And this includes each and every one of us adapting and being willing to take part in that change.”
Formal DEI charters are often driven by individual companies or industry bodies and range in depth, complexity and usefulness. The UK’s Athena Swan Charter offers a broad range of resources and connections for universities in that country. The Law Council of Australia’s Diversity and Equality Charter includes just three bullet points – binding its signatories to treat all people with respect and dignity to create and foster equality through a “supportive
and understanding environment”, and to promote a diversity of views within the legal profession.
Whatever words are used in the charters their overall goals are remarkably consistent: to improve workforce culture and help companies tap the benefits of diversity – which are, as one recent major research effort affirmed, significant enough that mixed-gender research teams are 9.1 percent more likely than same gender teams to produce a novel research paper, and 14.6 percent more likely to produce a highly cited paper.
Retrospective analysis may easily surface such compelling data points, but companies shaping individual DEI policies from a morass of potential diversity models often find the going much harder, which is why the European Commission has spent years promoting a more consistent approach based on 26 national diversity charters that formalise expectations around DEI support within each European country at a national level.
By creating consistent national diversity targets these charters have become centres of gravity for corporate DEI initiatives. Sweden’s charter, for example, was founded in 2010 and has attracted formal support from the likes of Volvo Cars, IBM, Ericsson and 3M. Greece’s charter, in contrast, was introduced only in 2019 and already has over 150 private enterprises as signatories.
Cybersecurity and IT firms have been proactive in embracing diversity charters, with Vodafone leaning on the EU Diversity Charter to improve ethnic diversity, ESET adopting the Slovak Republic Diversity Charter, Cloudflare embracing the German Diversity Charter, and Prosegur a long time supporter of the EU Diversity Charter.
“As a technology company, a central tenet of diversity and CSR [corporate social responsibility] activities is strengthening the representation of women and girls in IT, not only for the company itself but for the entire sector as a whole,” ESET CSR manager Lucia Marková said when the company signed onto the Slovak Republic Diversity Charter.
“We work hard at creating a respectful environment in which all our employees feel welcome, without distinction. … We mainly focus on a receptive and individual approach, not on statistics.”
Many charters are driven by groups of industry partners who have recognised the value of embracing a consistent approach to particular business problems, and hence recognised the value of charters’ consistency of messaging in driving industry wide outcomes.
The charter approach has been invaluable for industrial giant Siemens, which launched its Charter of Trust in 2018 and which has since signed nearly two dozen major business partners to its proclamation of 17 concrete baseline requirements designed to improve the security of the company’s entire supply chain.
The consistency of messaging provided by charters makes them valuable tools for organisations to track their progress when pursuing DEI objectives – both in tracing their progress over time and in benchmarking themselves against their peers.
“We have been making progress” towards workplace gender equality, but it has stalled,” noted Mary Wooldridge, CEO of the Australian government backed Workplace Gender Equality Agency (WGEA), a statutory body that promotes diversity and, among other activities, certifies companies as having appropriate gender diversity policies in place.
“is quite a significant hurdle and challenge to be successful,” Wooldridge said when recently introducing the latest cohort of 11 businesses joining more than 115 other companies – representing over 500,000 employees – that had previously attained the certification.
There are signs the program is working: holders of EOCGE citations have, on average, gender pay gaps that are six percentage points smaller than those that do not have the citation, Wooldridge said, with higher take up of parental leave, zero tolerance policies towards issues like sexual harassment and discrimination, and “a genuine commitment and environment where gender equality is supported for all employees.”
Getting to that point is not always easy, however: media giant Seven West Media, for one, needed three tries before it was able to secure EOCGE certification – and the process, chief executive James Warburton explained, “led to us being focused on [DEI] for managers and certain areas of the business.”
After two attempts in which the company failed because its DEI policies “weren’t clear or we hadn’t done enough,” he said, the company finally met expectations.
“Each time, it drives a huge array of continuous improvement in the business,” he said, “just by putting metrics into your scorecard, having KPIs set for leadership positions, and having that focus across the whole range of area.”
Ultimately, therein lies the value of charters and the standards they provide for companies that have struggled to drive significant DEI transformations on their own.
Citation holders “recognise that this is part of the journey, not the end of the journey,” Wooldridge said. “One of the most common points we hear is that they wish they had gotten onto these issues earlier and been more proactive in terms of their work improving gender equality.
“They aren’t perfect. They can continue to improve, but they’ve got a commitment and a leadership to it.”
FULL TIME AUCKLAND NEW ZEALAND
ABOUT THE ROLE
We have a new job opening for a Data Privacy and Compliance Analyst based in Australia or New Zealand! You will be involved with E6's global privacy and data protection initiatives, but your primary focus will be the Asia Pacific region.
RESPONSIBILITIES
• Maintaining up-to-date maps of personal data flows and data protection impact assessments
• Coordinating with data mapping service provider on integrations and customization
• Maintaining internal company information resources on regulatory compliance and notification requirements
• Monitoring and briefing on relevant regulatory developments in Asia Pacific countries
• Managing data protection notifications in Asia Pacific countries where E6 does business
• Delivering privacy and data protection training to APAC team members
• Maintaining a regulatory calendar of key deadlines, and monitoring and reporting on progress towards meeting them
• Reviewing vendors' agreements and due diligence information for compliance with relevant data protection obligations, and flagging issues for legal review
• Assisting with internal audit of information systems for compliance with data privacy policies
• Assisting clients in preparing files in response to data subject access requests or regulator inquiries
• Assisting sales team and solutions architects with regulatory background information on requirements for client projects in APAC countries
• Assisting with drafting data protection policy and procedure updates, with a particular focus on APAC regulatory requirements
FULL TIME MID-SENIOR LEVEL REMOTE MALAYSIA
One of the largest professional services firms globally with a vast network of offices and professionals across more than 150 countries. This global presence allows to provide clients access to a diverse range of expertise and resources, ensuring comprehensive solutions to complex business challenges.
• Lead and manage cybersecurity engagements and projects for clients.
• Conduct security risk and controls assessments to identify potential threats, vulnerabilities, and security issues.
• Perform penetration testing to evaluate the effectiveness of existing controls.
• Analyze the impact and risks associated with identified vulnerabilities and provide recommendations for remediation.
• Assist clients in evaluating, enhancing, or developing their cybersecurity management programs, including technology controls, process controls, governance, risk, and compliance elements.
• Evaluate and enhance clients' Business Continuity and Disaster Recovery Management programs.
• Help clients in evaluating, enhancing, or developing their Data Protection and Privacy management programs.
• Support clients in establishing and managing Threat and Vulnerability Management programs.
• Assist clients in developing and managing Security Incident Detection and Response management programs.
• Provide guidance and expertise in evaluating, enhancing, or developing Identity and Access Management programs.
ABOUT THE ROLE
As part of the continued focus on cyber security as a catalyst for growth we are seeking a Customer Delivery Advisor to join the team. We are looking for an expert in the field of cyber security, who can demonstrate the ability to engage at Snr levels, have a solid grasp of key security and compliance frameworks such as NIST, MITRE, ISO, GDPR, and NIS2 and can then translate that to a services-led solution.
• Evangelize innovative point of views on how digital technology transforms the way business is conducted.
• Leverage Cisco expertise and industry best practices to connect business objectives with IT priorities while driving security architecture alignment/maturity and delivering valuable outcomes.
• Identify customer value maximization opportunities, positioning Cisco as an E2E partner to co-create and deliver.
• Benchmark customer security capabilities against competitors and peers in similar industries / markets and also globally.
• Build and support the execution of a pragmatic digitization roadmap and program by identifying quick wins and prioritizing initiatives, to govern and de-risk the implementation of technology strategies.
• Collaborate with commercial teams (portfolio sales, services sales, specialist sales, pre sales and channel sales)to craft and articulate proposals and develop the financial justification of programs and associated technology spend
• Improve the adoption of Cisco Security technologies and services through the delivery and governance of innovative operating models to make sure customer organizations are ready to more quickly consume new capabilities.
• Identify areas for expansion, particularly of Cisco’s recurring revenue solutions along the technology roadmap, supporting the delivery, sales and business development teams to build the associated business requirement.
ABOUT THE ROLE
xIoTz sales team is looking for a highly motivated and energetic sales representative who can lead end to end sales. The role involves prospecting and qualifying potential customers, presenting and demonstrating the eXtended Operation Centre (XOC), negotiating and closing deals, and maintaining strong customer relationships. The Sales Representative will be responsible for achieving sales targets and contributing to the growth of xIoTz Cyber Assurance Platform.
RESPONSIBILITIES
• Closing the lead end to end, starting from qualifying potential customers , negotiating and closing sales contracts, including pricing and terms and conditions.
• Developing and executing sales plans and strategies for our client's Cyber Assurance Platform.
• Identifying, prospecting and qualifying sales opportunities through research, cold calling, networking, and referrals.
• Developing and delivering presentations and proposals that effectively communicate the value of the Unified Cyber Assurance Platform.
• Collaborating with the technical team to ensure that proposed solutions are technically feasible and aligned with customer requirements.
• Developing and maintaining strong relationships with key customers and partners to drive revenue growth.
• Working closely with internal teams, including marketing, engineering, and customer support, to ensure successful delivery of products and services.
GABORONE BOTSWANA REMOTE FULL TIME
ABOUT THE ROLE
Our job offerings are temporarily remote from your home country, but then we will help you migrate to a fantastic country, Sweden! We will provide you with a work permit and an exciting job opportunity. As vehicles become increasingly connected and autonomous, with more advanced features and connectivity options, robust cybersecurity measures are crucial to ensure the vehicle's and its occupants' safety and integrity.
RESPONSIBILITIES
• Develop security and privacy solutions around the vehicle.
For our Danish office, we are looking for a financial assistant for a part time position to help with the day to-day financial operations. Truesec A/S just turned one year and we need you to come in and build a strong foundation within our administrative and financial processes, and by doing so you will put the team in a better place to prevent even more cyber breaches.
You will work close to our leaders by being our CEO’s right hand, supporting and influencing how we build Truesec A/S going forward. The responsibilities of this role will evolve over time as we grow and mature and this means lots of opportunities for your professional and personal development. The tasks can be setting up administrative or financial processes, invoicing, building reports, administration between different systems and much more. The role will have to be flexible because as we grow, new situations will occur. In return we strive to give you the same type of flexibility when it comes to working hours and ways of working, but also a fair compensation and good pension savings.
Your background could be in many different areas,
• Responsible for identifying and fixing problems with the electronic systems and software applications they develop.
• Coordinate with the different areas of R&D, product development, and vehicle manufacturers.
• Work with internal and external customer teams to create and review the technical specifications and define the software architecture and project plans.
• Defining cybersecurity specifications and discovering weaknesses, and performing vulnerability analysis.
• Develop Cybersecurity system/architecture requirements. APPLY
perhaps you have worked within a “CFO as a service" function, worked as a financial assistant previously, or are currently enrolled in a higher education and looking for a part time job. Also depending on your profile, this might be a steppingstone into a full time position in the future.
Whatever your background stems within, we are guessing that you have professional experience from financial or administrative positions, either internally or as a consultant.
As a person we think that you enjoy a challenge and that you like working proactively and have the ability to autonomously prioritize your time. You like to be in an environment in rapid growth and change with all the quirks and benefits which might follow
Due to the sensitivity in our assignments, we require Danish citizenship, citizenship in an EU country, or a Danish work permit and also fluency in Danish, both written and spoken. You must also be able to obtain a security clearance.
FINLAND TAMPERE FULL TIME HYBRID
ABOUT THE ROLE
As our Technical Specialist you will work closely with our product teams. We will make sure you will have a varied role, so you have a chance to challenge yourself and learn something new, as e health services and integrations between different systems are developing at a rapid pace.
If this sounds interesting to you, join our team in Tampere or Oulu, Finland!
• Configure application features and install new versions
• Support customers in service desk
• Develop services in cooperation with product development
• Develop customer environments in collaboration with customers
• Be responsible for the customer system environment documentation and maintenance
DUBLIN IRELAND FULL TIME HYBRID
ABOUT THE ROLE
VikingCloud provides end-to-end security and compliance solutions to businesses throughout the world, offering the latest in cloud based solutions to secure networks and maintain compliance. Almost 5 million businesses use its award-winning platform, and the company maintains partnerships with many of the world’s leading acquirers and payment service providers. VikingCloud also works with the world’s largest brands helping them proactively mitigate evolving cyber threats and business risk. VikingCloud’s Asgard Platform™ processes billions of security events daily, providing real time intelligence access to an organization’s cyber risk landscape. Headquartered in Dublin, Ireland, with operations in the United States, Australia, India, Philippines, Poland, Sweden, South Africa and the United Kingdom, VikingCloud has clients in more than 100 countries and a global team of more than 1,000 employees.
We have vacancies for Contact Centre Agent. These positions offer the right candidates the opportunity for career progression within a dynamic international growth focused company.
Customer Engagement:
• Provide excellent Security and/or Compliance support via multiple customer engagement channels, including;
• Voice, web-chat, email and SMS.
Customer Experience:
• Provide excellent customer experiences at every customer touchpoint whilst being aware of your average handling time to optimize experience and productivity. You’ll be assessed using our industry leading quality program and;
• Receive regular feedback, coaching and support to ensure success.
Educate
• Educate customers on the relevance and importance of industry security and compliance standards.
• Utilizing Sysnet technology – you’ll assist and/or manage customer profiles to determine their Security and
• Compliance requirements and complete/maintain the subsequent security assessments to determine security and compliance status.
Product Awareness
• Identify opportunities to promote and upsell additional security and compliance products when supporting customers based on their customer profile.
Karen is CEO and co-founder of BCyber, an agile, innovative group that works with SMEs to protect and grow their businesses by demystifying the technical and helping them to identify and address cybersecurity and governance risks. In 2021 Karen graduated from the Tech Ready Woman Academy’s Accelerator and the Cyber Leadership Institute’s CLP programs.
Equality comes in many shapes, sizes and forms. You have gender, cultural background, education and location, to name but a few. What unites them all? Regardless of type, is knowledge. The more you have, the better off you are, or to quote Sir Francis Bacon, “knowledge is power.”
With 95 percent (1) of cybersecurity incidents the result of human error, imagine what could be done if we increased cybersecurity awareness across the “forgotten groups” of the population. If hardening our country’s cybersecurity resilience is important, perhaps we should be doing more with groups that account for well over 50 percent of the population.
• SMEs. Why bother? Well, they are the backbone of the Australian economy, accounting for 99.8 percent of all enterprises and employing more than 7.6 million people(2). Traditionally, SMEs have been left behind when it comes to cybersecurity. They are unable to afford the measures or staff available to big businesses. But they are the gatekeepers of the prime target of the cybercriminal: personally identifiable information (3) To raise the profile of existing programs perhaps the SME associations could start profiling these in their conferences and discussion groups. Perhaps we in the cyber industry just need to let them know what is out there (in plain English and not “Tech Talk”!
• School children. Why bother? Australia has over four million enrolled(4) school students. If every school regardless of type or location had access to basic cybersecurity awareness programs imagine the difference it would make. If formal programs are beyond reach of a school’s finances, what about volunteering your time to talk to the students. Why not go wild and include the staff and families. We need to arm our digital natives as much as we can and as soon as we can.
• Retirees. Why bother? There are more than 3.9 million(5) of them and they are generally the most vulnerable to cyber scams. Once again, it comes down to knowledge accessibility and availability. It is all very well for the government to provide “online assistance,” but if you are not a digital native then you may not know which websites are trustworthy and which are not, or even know how to go about learning. Resorting to the old business adage of “it’s not what you know, it’s who you know,” perhaps the fix is having cyber community members volunteer, for example by talking to retiree groups. This could also entail putting together formal (or informal) programs that government or relevant associations could rollout. However, these could require the cybersecurity community participants to committing time and money, luxuries some l retirees do not have. I do not know the answer, but I do know doing something is better than not doing anything at all.
Cybersecurity awareness should not be for the lucky few. Working together as an industry we can “spread the word” and we might just save a few more people from the cyber criminals.
(1) World Economic Forum finds that 95% of cybersecurity incidents occur due to human error | Cybernews
(2) 3. Australia | Financing SMEs and Entrepreneurs 2022 : An OECD Scoreboard | OECD iLibrary (oecd-ilibrary.org)
(3) What is personal information? | OAIC (4) Schools, 2022 | Australian Bureau of Statistics (abs.gov.au) (5) Retirement and Retirement Intentions, Australia, 2018-19 financial year | Australian Bureau of Statistics (abs.gov.au)
www.linkedin.com/in/karen-stephens-bcyber
www.bcyber.com.au twitter.com/bcyber2
karen@bcyber.com.au
People on the neurodiversity spectrum can become superb assets to your organisation.
Some of their talents include:
• being exceptionally good at focusing
• flawless attention to detail
• boundless creativity
• original ideas.
Keeping that in mind, there are certain challenges they will need your support to overcome, such as misunderstanding social rules, sensory difficulties, and appearing chaotic and indecisive.
Neurodiversity can boost a company’s ability to innovate and problem solve, yet many employees with neurodevelopmental differences have had less than ideal experiences getting hired, being supported at work and growing in their careers.
The term neurodiversity refers to the neurological differences that result from normal variations in the human genome. Some forms of neurodivergence include autism, dyslexia, dyspraxia, attention-deficit/ hyperactivity disorder (ADHD), attention deficit disorder (ADD), obsessive compulsive disorder (OCD), Asperger’s syndrome and Tourette syndrome. There is a wide spectrum, so the associated characteristics displayed vary from person to person.
Recognising that neurodivergence is the result of genetics challenges the previously prevailing view that neurological diversity is pathological (ie the manifestation of some kind of disease). This recognition encourages us to respect and value neurological differences, as we do differences in gender, ethnicity or sexual orientation. It creates an opportunity for organisations to discover the benefits of embracing a neurodiverse culture. Doing so will help them tackle the current global talent shortages and obtain a competitive edge.
Studying the neuroscience of leadership has changed my world. Firstly, it helped me with raising my dyslexic son who had struggled to fit into the school education system. Then it helped me change the world for my clients and friends in my community. It enabled me to understand how different brains work, knowing no two brains are the same even when there are commonalities and similar experiences. Today I coach clients with all types of different learning requirements. My life experiences and studies have led me to share some of my knowledge, passion and insights with others.
Life is an obstacle course, but one with many rich learnings, possibilities and opportunities to grow, including reviewing our biases and how we perceive others who think, act and communicate differently. Some of the most talented people I have met and worked with have a neurodiverse superpower and I would not change them for the world.
An Australian leader I admire is Booktopia founder Tony Nash who shared valuable insights into the benefits of his superpower and how he harnessed ADHD to create a successful business that has won many business awards.
Another inspiring story is that of Elaine Halligan, a TEDx speaker on Neurodiversity is a superpower, not a problem. Elaine explained her journey raising her neurodiverse son and the obstacles she faced. She says all behaviour is a form of communication.
All behaviour has a cause. Communicating differently by acknowledging the small steps of improvement, progress, attitude improvement and effort as opposed to the end result improved her son’s confidence and self-esteem. When your self‑esteem is strong only then can you start working with your strengths and accept those weaknesses without lowering your self-worth.
Leaders from the top tier of your organisation down to the frontline of your organisation will require education if you are to create a culture accepting of neurodiversity. They need to know how to effectively lead and embrace people who think differently. They need to have a clear view of the desired outcome, and understand the benefits they will gain.
Dealing with biases that may be holding leaders back can require an adjustment to how teams have collaborated and handled behavioural differences in the past. Leveraging the knowledge and experience of experts like consultants, not for-profits and associations can provide valuable insights. Identify the cultural pillars and values that underpin a new way of thinking on how you assess performance, productivity, engagement to gain the desired outcomes.
Creating a diverse culture will require new approaches to engagement, assessing performance and measuring productivity. The foundation of these will be the organisation’s cultural pillars and values. So these must be clearly identified and understood.
Explore the full range of people’s abilities – those of current team members and potential new hires. Do not let someone’s neurodivergence blind you to the unique things they may have to offer. Rather than searching for skills gaps, appreciative enquiry lets you consider what people do well. You can then find ways to apply these strengths to other parts of their job and ultimately to your organisation.
Once you have the right mix on your team, focus on these strengths. Neurodivergent team members may find parts of their role trickier or easier than their colleagues. To allow everyone to perform to their strengths, be flexible with roles and focus areas. Continue to invest in learning and development of their strengths to the next level in alignment with the future direction of the organisation, and leverage technology advantages.
Understand each of your people’s preferences for receiving communication and the best way to prioritise what is most important. Communication considerations include the right mix of visual, auditory and written communication. It is important to avoid language that makes people feel threatened and to use language they perceive as rewarding. It is also important to be aware of the triggers that cause distress. Communicating where people’s strengths fit within the organisation makes a difference because most people want to contribute and feel a part of the company culture.
Make sure you check in regularly with your employees. This has become more important than ever with remote or hybrid working. Starting and continuing conversations with people about how they are coping will help them to overcome challenges and feel supported.
Remember to check with individuals on the ways and the frequency with which they prefer to be contacted, i.e. by phone, web chat or video call. One-to-one sessions with employees are used to support them. Avoid spontaneous calls and meetings because these can catch people unprepared and raise their anxiety levels. Perhaps text or email first to see if it is convenient to talk, and state the topic you want to cover to avoid making them feel threatened.
For decades, work was mostly undertaken in an office and between 9am and 5pm. Then COVID-19 forced us to work remotely and many people discovered they could be more productive outside traditional work hours. Others noticed they were most efficient working in small increments of time. There is an optimal way to work, however this is different for each person.
• Know when and where your people do their best work i.e. morning, afternoon, evening or a combination. Identify strategies together to
protect deep thinking time from internal and external distractions.
• Recognise the importance of brain breaks between tasks to re energise the brain and increase oxygen levels and help reset the brain’s ability to perform at its best throughout the day and week.
• Know when and where to have team meetings and know in advance what information each team member requires so they are prepared and able to contribute.
• Build in time each day to deal with known and unknown obstacles around key priorities. Often, we fill our days full of tasks and then when obstacles arise, we feel we do not have the capacity to deal with them. Then, our emotions can get the better of us and we feel frustrated, overwhelmed and fatigued.
Neurodiversity is an opportunity to make organisations and ourselves as leaders more successful. By empowering people who think differently through understanding we enable them to better contribute to the organisation they work for and to society as a whole.
Self-confidence has an impact on how we interact and connect with people around us (both at work
and personally). From experience, being a successful leader requires more than wielding authority, it requires finding ways to get people working together — leveraging their collective intelligence to serve the goals of the organisation.
Vannessa McCamley is a leadership and performance expert specialising in neuroscience practices that help individuals, teams and businesses grow in meaningful ways whilst delivering measurable results in healthy ways. She has a passion for helping people and businesses to overcome obstacles and enabling them to reach their strategic goals. She brings a strong background in IT security and more than 20 years of business experience to collaborating with individuals at all levels and from several industries. She is the author of Rewire for Success, an easy guide to using neuroscience to improve choices for work, life and wellbeing.
linksuccess.com.au/rewire-for-success
www.linkedin.com/in/vannessa-mccamley
linksuccess.com.au/contact-us
We have seen increasing numbers of women entering and being part of the risk and security space, but from my observations at a recent cybersecurity conference, there still a significant gender imbalance in the industry.
Only five of the 17 speakers that day were women. Every speaker was interesting and engaging, posing questions that required further exploration. However, it was challenging as a female attendee to hear the host ask one of the female panellists if her job was as sexy as her description suggested. Not once were any of the male panellists asked whether their esteemed titles were associated with a role that was sexy, or otherwise.
I could see a shift in this panelist when she was asked this question. It was a demeaning question for any woman to be asked in a gathering dominated by male industry members.
As a woman working in risk I have had the pleasure of being guided by exceptional female leaders and have grown my professional capabilities significantly as a result. Their ability to see problems as process and procedure issues over people issues and to find highly functional solutions has produced incredibly inspired and effective teams.
I believe a woman still feels the need to go above and beyond her male counterparts to be deemed worthy of her position. I believe the incident I described above reflects the challenges women still face to gain the respect and advancement they deserve in male dominated fields.
That incident reminded me of my first office job, as a receptionist in an engineering firm. I had been a reliable and high-performing employee. I was motivated to learn and to take on more tasks
than I had been hired for. In my annual review my manager asked me where I would like to move within the company. With little expectation of a positive response, I said I saw a role for myself in project management.
I had spoken to the project managers and engineers. I knew the project managers had no engineering experience and were focussed solely on managing projects. One of the project managers I spoke to frequently knew I would be able to easily learn the role and even encouraged me to move into the area. But I was also acutely aware of the boy’s club mentality that prevailed in the office.
At that performance review I got the response I expected from my manager when he heard about my career aspirations. He told me I would need engineering knowledge and suggested a role in accounts payable and receivable as my future. This was where the only other two women in the company worked.
Things have changed since then. Today there is a push for women to receive the respect they deserve and to pursue whatever roles their capabilities and aspirations lead to. But why are we still asking a woman if her career is as sexy as it sounds yet not asking the same question of men? Why is such a question still acceptable, especially in an industry with a significant gender imbalance? Why are we still being told our sex appeal is important in a leadership position?
I have found good female leaders engender loyalty, dedication and a desire to excel, especially in the women they manage, and I would love to see the number of female leaders grow until we achieve a gender balance. I look forward to a future where my daughter’s success is dictated only by her capacity to do the job.
www.linkedin.com/in/lauren-ibbotson-9a636796
The forecast by the United Nations secretary-general, António Guterres, reveals a potential loss of $1 trillion in global GDP due to the lack of women in IT, and an extended timeline for achieving gender parity. Despite substantial efforts, progress towards gender equity remains sluggish. There are many reasons for this lack of progress, but inclusive workplace cultures play a key role in getting women into the workforce, and keeping them there.
Most organisations are committed to creating gender balanced and diverse workforces to harness innovation. However, the effectiveness of their diversity, equity and inclusion (DE&I) initiatives hinges on an inclusive workplace culture. Although the Workplace Gender Equality Act 2012 implemented by the Australian government aimed to drive progress, the 2023 Status of Women Report Card from the Department of Prime Minister and Cabinet found “evidence that in a number of areas progress is slowing or stalled.” This shows a disconnect between the growth of DE&I focused initiatives and the progress they are achieving.
There are many barriers impeding progress, including unconscious bias, lack of diverse role models and lack of mentoring and training. However, a significant roadblock to fostering more inclusive workplace cultures is the mistaken notion that increasing diversity is synonymous with increasing inclusion. In reality, diversity and inclusion are two distinct concepts.
While organisations may have well established DE&I initiatives they often lack a culture of inclusion. To be truly inclusive, under represented groups need to feel a sense of belonging, have their voices heard and acknowledged, and be able to express themselves freely. Only then can an inclusive workplace culture be achieved, along with increased productivity, efficiency and business growth.
In cybersecurity, an industry with significant potential for advancing gender equity and diversity, two compelling factors foster optimism.
1. Alignment of traits: Cybersecurity professionals naturally possess characteristics such as
curiosity, empathy, problem solving skills, humility and a growth mindset. Recognising and leveraging these traits is integral to cybersecurity recruitment strategies. And remarkably, these traits align with those exhibited by leaders who cultivate inclusive workplaces.
2. Opportunity for expansion: The global shortage of cybersecurity professionals creates a valuable opportunity to enhance diversity and foster inclusivity. The sector is expanding rapidly and new entrants are being hired in substantial numbers. Prioritising inclusive traits when candidates are selected for employment could help create a workforce that is more accepting of different genders and backgrounds. Furthermore, as time passes and those recruits take increasingly senior positions, their influence in shaping culture and promoting inclusivity will grow.
Organisations can also prioritise hiring leaders from under represented groups, including females and those from different cultural and ethnic backgrounds, who could naturally foster inclusive workplaces.
In this environment, DE&I policies will transcend superficial compliance and be manifested in the attitudes and actions of the workforce. The prospect of the cybersecurity industry leading the charge in closing the gender and diversity gap, and fostering true inclusion, is inspiring and, if realised, has the potential to be transformative.
To achieve meaningful progress in gender equity and a diverse workforce, it is imperative to foster more inclusive workplace cultures. The cybersecurity industry, with its inherent inclusivity traits and opportunities for growth, stands as a beacon of hope for increasing the diversity and gender balance of the workforce. By prioritising DE&I, we can cultivate a workforce that is more inclusive and that thrives on diversity.
I feel remarkably fortunate to have grown up in Australia, a country exceedingly well resourced and wealthy. However, this wealth is not equitably distributed.
I grew up mostly in what was, by Australian standards, a low income household and I recall how tight money could be, even before a cost of living crisis engulfed us. What I remember most vividly was how central conversations about money were in our home, and how our lack of income created chronic stress for the entire family. I also remember the shame and stigma that came with being thought of as poor by our peers.
Growing up in a low income household was one of the most defining experiences of my life: it left me with many dragons to vanquish, but also oodles of compassion for those treading similar paths. Yet, household income, and socio economic status (SES) more broadly, are not yet baked into the diversity and inclusion discussions taking place in many organisations in the cybersecurity industry. To be truly representative of the make up of our communities we should be ready to put SES on the radar as one
of many facets of a person that contribute to the diversity of thought they can bring to the table.
However, this aspiration is not without its own set of challenges. Creating welcoming recruitment and employment experiences for people from low SES backgrounds requires an understanding of some of the challenges faced by this group. People’s experiences vary widely. Here are just some of barriers they might face.
• Reduced access to tertiary education such as university, TAFE, and bootcamps. In Australia course fees are often not the primary challenge, but the cost of taking time out of the workforce to study can be prohibitive.
• Having less time to dedicate to self-study, passion projects, and lengthy recruitment processes. For students and career changers from low income backgrounds, paid work frequently needs to take priority over professional development or unpaid internships. This might place some people at a substantial disadvantage compared to others
who can commit to a lengthy technical challenge required for a hiring process.
• Implicit bias around markers of class like accent or straight teeth can be a factor in recruitment and career progression. For example, people may assume that someone with a ‘bogan’ accent lacks intelligence.
• A lack of knowledge regarding career options. Someone may not have a network of professionals to gather ideas from in their social and family circles. This can be a particular issue for students who are ‘first in the family’ to go to university.
• Poor availability of quality, local tuition in certain subjects such as mathematics and computer science. This might be especially pronounced in some regional/remote locations.
• Being stigmatised for welfare dependence, such as living in housing commission properties. This might present as comments about ‘dole bludgers’ which fail to account for the nuances of personal circumstances.
• The broader impacts of chronic stress and anxiety due to precarious access to housing and other life essentials.
• An inability resulting from financial constraints to participate in activities that might help to build cultural capital, such as music lessons or some types of sports.
Of course, it is in our power to recruit and support people who come from low income or low SES backgrounds. We can discuss socio-economic status as an explicit aspect of developing diverse and inclusive workplaces. We also need to understand the lived experience of people from low income households and address some of the stigma around relative poverty. Where possible, we can hire on cultural fit and pay people a living wage while they train. This will make it more likely that people from low income backgrounds can commit fully to being active members of the cyber workforce. We can avoid imposing time intensive recruitment processes on candidates to limit the risk of introducing unintentional bias in the recruiting process. Finally, we can consider outreach programs to teach job
seekers and young people about opportunities in cybersecurity.
• Living in a basement with no windows. Life in a 12-person share house during Australia’s rental crisis
• Poverty in Australia 2022: A snapshot
A 2022 report published by the Australian Council Of Social Services (ACOSS) and the University of New South Wales determined that as many as 3.3 million people live on, or less than, 50 percent of the Australian median income. This includes approximately one in six children. That means less than $489 for a single person and $1027 for a family of two adults and two children. A single adult living on this income might pay between 40 percent and 70 percent of their pre-tax income on rent, depending on locality.
This illustrates a relative poverty scenario, where income is markedly lower than some normative value (i.e. the national median income in the above instance). Relative poverty differs from absolute poverty which is defined by the World Bank as applying to those living on a daily income of less than US$1.90 and is associated with extreme deprivation. While there is plenty to be done to alleviate absolute poverty, relative poverty, as addressed in this article, is nonetheless harmful. Relative poverty imposes conditions that prevent people from engaging in activities that are a normal part of life in their communities and in society more broadly. Poverty of any kind negatively impacts human health, productivity and childhood development.
www.linkedin.com/in/danielle-rosenfeld-lovell
Diversity may mean different things in different countries, but all countries seem to share a lack of diverse candidates in their cybersecurity workforce. Initiatives to make access to education more equitable and build diversity within the cyber industry will reshape the workforce pipeline.
The exclusion of people from the workforce is something that occurs not only when they are seeking employment. Exclusion by gender, race, culture, etc often begins at birth through societal structures — economics, geography, history, government, etc — and continues through elementary school, secondary school and college into the workforce. At each of these life stages, the pool of people accessing opportunities narrows, culminating in exclusion from the workforce.
Because exclusion pervades all facets of society there is not one approach or one entity able to counter the practice. No one can do everything to build equity in education, socioeconomics, employment and the myriad other areas in which it occurs. A widespread, constantly evolving collaborative approach is needed.
Many commercial and other organisations are collaborating to support inclusion in education and the workplace. They see early investment providing a strong return: it will boost the pipeline of talent needed for future roles.
At ISACA we determined that our One In Tech (OIT) foundation’s efforts could best be focused on the college and early career stages to build pathways for students who come from under-represented populations.
OIT uses scholarships and workforce training programs in collaboration with academia, ISACA chapters, corporations and other non-profit groups to build the cybersecurity pipeline through inclusion and access. In addition to funding tuition, OIT provides career‑building resources to all our scholarship awardees. These include free certificate trainings, mentorship, professional membership, conference registration and networking. We also have another program, SheLeadsTech, which is designed to support women in accelerating their career progression into leadership roles.
As the need for cybersecurity professionals continues to grow and as cyber criminals become more prolific and advanced, there is hope for the future. That hope stems from our current students. Every applicant I see gives me hope, a sentiment shared with the 200+ security professionals who volunteered to review the scholarship applications. One volunteer said, “There were so many great candidates. I really got a lot of insight about the applicants and the kind of passion they have to excel in cybersecurity even though they have limited resources. I wish all the best to the candidates in their journeys.”
The judges saw the challenges many exceptional applicants with limited access to education and resources face. Despite these challenges they are hungry to learn, an important trait in this industry.
They are also eager to give back. Our 2022 ISACA Auckland Chapter Scholarship awardee, Danielle Domingo, said: “This scholarship means a lot to me as it gives me the opportunity to be mentored and it gives me hope. I hope to encourage women like me, who are trying to change their careers, that they can do it too!”
One In Tech has a scholarship in September 2023 for students in Australia pursuing a cybersecurity degree. Please reach out to students you know and encourage them to apply, and keep an eye out for the awardees to connect with afterwards.
These students may not know everything, but we must take a chance on them. They have the attitude and ability to learn, and we can support them with scholarship, mentorship, apprenticeship and internship programs.
These scholarships are made possible with support from many corporations. If your company is not already participating, reach out to us or one that is. I promise it will not be a waste of you or your company’s time. A conversation is all it takes to start a diversity-building initiative in your region. Together we can take a chance on tomorrow’s talent.
www.linkedin.com/in/chloermiller
There were just four minutes remaining on the clock. I looked over to both of my co-commentators and could sense their anticipation and excitement. The three of us had been speaking on and off for the past five hours, keeping tabs on the leader board the entire time, and ensuring our audience remained connected to what was happening between 54 laptops across Asia Pacific. Three minutes to go, and our hearts were jackhammers. As much as we wanted a neck-and-neck race to the finish, that desired narrative was looking increasingly unachievable. The tension in the hotel from which we were livestreaming was palpable. without the excited commentary from my team, you would have heard a pin drop.
Just two minutes left on the clock now, and I looked over at the two roundtables set up in the room — one for each of the Malaysian in-person teams whose members preferred to attend the event physically. Both teams had resigned themselves to knowing they were no longer in contention for first place, even though I and the other commentators had decided to stop sharing the leader board more than 30 minutes prior. One minute to go, and only a handful of audience members remained in the room. The excitement, action and intensity of the packed crowd of spectators at the beginning of the competition had been superseded by fatigue, sore heads and boredom. I watched minutes reduce to seconds and could not believe we had finally arrived at this point.
Flashback to only two months prior. I am attending an after work function for Australian cybersecurity company ES2 when I receive a message from my good friend and industry colleague, Daisy Sinclair
“Yo Simon. What are you doing on the 19th – 20th May?”
“Not sure, how come?”
“Can I take you to Borneo to be a commentator for the Asia Pacific Cyber Attack Challenge?”
“Borneo!”
Now, I have to admit, this is not the first place that comes to mind when I think of cybersecurity, let alone some kind of cyber attack competition.
So, I ask her to continue, then give her a call and it all becomes clear. This was happening, and her home region of Sarawak, Malaysia, was hosting its first ever cybersecurity conference, APSec 2023. Sarawak is a region of Malaysia located on the island of Borneo. Malaysia shares the island with Indonesia and Brunei. The city in which APSec was to be hosted was Kuching, the largest city and the capital of Sarawak. It is a stunning city, situated on the Sarawak River and surrounded by greenery, mountains and lush jungle.
Looking into the conference a little more, I could see three other Australian presenters had been invited, along with a host of experts from across the Asia Pacific region. I was looking forward to some good networking as well as the Challenge itself.
Now, for those of you who are not familiar with Daisy, not only is she the CEO and founder of Cyber8Lab, WA’s foremost cyber attack response drill company, she is also a bundle of energy, accomplishing work in mere days that would take others weeks. I found out very early on that she had taken on full responsibility for organising the entire Challenge herself – from developing each task that teams would need to accomplish, to registering teams, getting sponsors on board, organising the production and live stream and pretty much everything in between, such as trophies, prizes and marketing collateral. Just typing the list of what she was responsible for has worn me out!
Over the month leading up to the event there were a number of meetings where copious cups of coffee were procured and their contents ingested. We would discuss each of the scenarios in the Challenge and the real world implications, including examples to which we could relate. Sadly, there were far too many recent case studies and far, far too many close to home, such as the Optus and Medibank data breaches. However, such events help boost
our security capabilities by providing students and professionals alike with hands-on experience.
Before too long I was on a plane early one Tuesday morning bound for Kuala Lumpur. Daisy had arrived the day before and was already waiting for me at Kuala Lumpur International Airport Terminal 2, ready for another flight to Kuching. We get in, I check into my room and I crash on the bed after spending a couple of hours going over my own notes for each scenario. The nervousness I felt about being part of the commentary team was growing and I really needed to get it under control. Fatigue helped.
I awoke the next morning and was surprised and happy to see the weather was far more pleasant than predicted by the forecast put out the day before. I was expecting an entire week of tropical thunderstorms, but instead I was greeted with sunshine. I planned to go for a short walk just after breakfast. Having to work remotely, prepare for the Challenge and wanting to sightsee, I would have to manage my time very well. Realistically, work is always the priority, and I spent a good amount of time in my hotel room
in meetings, responding to emails and managing projects. Alas, I had no time for any tourist activities, apart from eating some really nice local food.
After what felt like two very long days couped up in my hotel room, sitting at my laptop with my Radiohead playlist in the background to kill the silence (with one little break to cheekily bring my laptop into the hotel’s cigar room and enjoy a nice Cuban while responding to emails), I finally emerged on Friday morning to attend the first satellite event of the conference, the business matching forum at the Sarawak Museum. This is an incredibly welldesigned building which I would have liked more time to explore, but after lunch it was back to the hotel to meet the rest of the team and set up for the big event next day: the Asia Pacific Cyber Attack Challenge.
The Challenge itself was monumental: 27 unique scenarios with varying degrees of difficulty requiring either hacking or investigative skills. My thanks go to the amazing team at Cybexer Technologies, based in Estonia, for providing the Cyber Range to deliver the Challenge. We had 18 teams, with 54 competitors from six countries competing. So we knew it was going to be big. We also understood how challenging it would be to commentate for five hours, let alone stay in touch with the leader board, monitor the teams, help them respond to tickets
(lag was definitely a factor) and ensure the live stream was both entertaining and informative for our entire audience.
Armed with the best television sports caster voice I could muster, I had more fun than I should have, and as exhausting and energy sapping as five hours of being ‘switched on’ and engaging can be, it was still nothing compared to my teaching days. I had a good time bantering with my commentary team, cracking jokes every now and then, and ensuring the excitement of what was happening on the screens in front of us was translated correctly for everybody watching.
Much like other Capture the Flag competitions, teams were awarded points for the various scenarios they were able to solve. What surprised me was how many teams preferred to complete the hacking challenges rather than the investigative ones. Looking at the teams who ended in the top four, it was easy to see why they did so well: it was simply that they had a mix of forensic and hacking skills in their teams, because approximately equal numbers of both types of challenges were attempted and successfully solved.
In the end, the team crowned champion had been in the top three throughout the competition. The team hailed from Kuala Lumpur and its name, Trailblazers,
gave me inspiration for many puns and plays on word throughout the day. Its members gained my great respect when they gained their final 400 points in the last moments of the Challenge, putting their team well head of every other. That said, I also had great respect for every other team and every single competitor in the Challenge. To stay focused for five hours, sticking with the task until the end was an incredible accomplishment, and I commend them all for it.
I would also like to give a big thank you first of all to my employer, ES2, for allowing me to fly to Borneo to pursue this event and take part in bringing it to a live audience. It was a challenge in itself to work remotely for so long and I am deeply appreciative. A massive shout out also to the organisers of the conference, the Institute of Management Sarawak and Malaysian IT company SAINS, as well as the Pullman Hotel in Kuching for hosting such a large contingent (over 500 attendees).
Last, but certainly not least, I would like to thank Daisy for not only believing in me and giving me this amazing opportunity, but for all of her support and mentoring throughout. I really feel I have learnt a great deal these past months, and especially during my time in Borneo.
Selamat tinggal!www.linkedin.com/in/simoncarabetta
After years of collective effort to close stubborn gender pay gaps, new data confirms that companies embracing coherent diversity, equity and inclusion (DEI) policies are closing the gap faster than those that are not. Yet many organisations still do not understand how to integrate diversity into their charter of corporate values.
Analysis of companies that have been certified as complying with the Employer of Choice for Gender Equality (EOCGE) framework of Australia’s Workplace Gender Equality Agency (WGEA) found the average gender pay gap to be 17.4 percent, compared to 43.4 percent for employers that had not attained certification.
Certified companies showed better outcomes across the range of WGEA metrics, including having more
women on governing bodies – 37.2 percent compared to 31 percent – and providing more employer funded parental leave, an average of 16.7 weeks compared to 10.2 weeks.
Men were also almost twice as likely to take primary carer’s leave in EOCGE-certified companies than their counterparts in non-certified businesses.
The correlation of pay gap statistics – which WGEA will be legally required to publish from early 2024, thanks to the recent passage of the Workplace Gender Equality Amendment (Closing the Gender Pay Gap) Bill 2023 – with the adoption of formal standardised guidelines confirms that certification programs can be powerful tools for improving employment dynamics.
The results “show that with intentional leadership and a commitment to gender equality, an employer
Pay gaps are not the only problem facing companies with inadequate DEI commitments
can reduce their gender pay gap for the benefit of all their employees,” WGEA director Mary Wooldridge said, noting that the framework “continues to expose [CEOs’] blind spots and challenges, drives them to continually improve, and keeps them focussed on their gender equality objectives.”
Certified employers, she added, “are delivering an approach that results in better support structures in place for working families; stronger actions to address pay inequalities; and strategic recruitment, promotion and retention practices that encourage the full participation of women at work.”
Yet for all the improvements some companies have seen, entrenched pay gaps continue to plague even the best-intentioned organisations. Grattan Institute CEO Danielle Wood said during an IWD 2023 webinar that efforts to “decompose” the gap often hint at “a big unexplained component.”
“Some people put it down to discrimination, but we can’t say for certain what’s going on,” she said. “But one thing that always shows up is industry or occupational segregation.
“One thing we do know about the gender pay gap,” she added, “is that when firms and industries embrace policies, structures and processes to address it, they are more successful in reducing the gap – and industries that are more likely to embrace good
practice, such as professional and scientific services, finance and public administration, have seen more progress in closing the gap compared to sectors where they’re less likely to embrace those things.”
The consequences of such practices are writ large in diversity statistics that continue to highlight just how far off the mark many firms still are.
A 2021 Aspen Institute analysis identified yawning demographic gaps in the US cybersecurity market, where – apart from the lingering challenges that see women comprising just 24 percent of the cybersecurity workforce – Black workers comprise just nine percent of the workforce compared with 13 percent of the population.
The gap is even larger for Hispanic workers who comprise just four percent of the cybersecurity workforce but 19 percent of the population. Meanwhile, Asian cybersecurity representation is higher than the proportion of the general population.
After workshopping how to fix this, a panel of recruitment experts recommended three key steps to improve diversity in the recruitment and hiring process. These included collecting and sharing anonymous data about the characteristics that prove useful for successful hiring, establishing a group of experts to help cybersecurity employers rewrite job descriptions without jargon, and reviewing background check processes to ensure they are “appropriate, fair and equitable”.
Back in the mid-80s, when I was in grade 10 at high school, I recall learning about the ‘Internet Superhighway’ during my business studies class. I recall imagining a truck driving down a highway, not quite comprehending what on earth the ‘Internet’ was. None of my friends had computers, no one owned a mobile phone, and car navigation relied on the ‘Gregory’s’ street directory. At that age, pressure was mounting to start considering my future career options, but cyber breaches and cybersecurity were in their infancy, and no one had enough experience to build a curriculum to offer cybersecurity education.
The first major cybercrime that gained widespread media attention was back in 1988, famously known as the ‘Morris Worm’, a self-replicating computer program coded by Robert Morris, a student at Cornell University. So, realistically, anyone over the age of 30 in the workplace today is unlikely to have grown up with an option to study and learn about cybersecurity.
Fast forward to today and cybercrime is exploding. It includes cyber bullying, human trafficking, cyber stalking, identity theft, fraud, phishing: the list goes on. The important question that must be asked
is, if everyone is a target and cybercrime does not discriminate, why do we see such a discrepancy between men and women leading the charge against cybercrime?
When we consider themes around equality and equity, I immediately recall and focus on the under representation of women in cybersecurity. In the last Australian Census published in 2021, Australia recorded just under half a million people qualified in information technology. Globally, Statista estimates the number of cybersecurity professionals to be 4.6 million with women holding roughly 25 percent of roles, an encouraging increase from 11 percent in 2017
The 2021 Census found only one in five ICT professionals and ICT managers were female. However, women under 30 accounted for one in three ICT managers and ICT business and systems analysts. This spike demonstrates that the industry is attracting new talent. There is no doubt the emergence of STEM programs has attracted women to careers in the technology sector.
So, overall, it looks like we are making progress. However, the gap is so wide that it will take decades of persistence and education: not only to attract women into the technology sector, but into cybersecurity.
A challenge on everyone’s mind is: how do we continue to close the gap and attract women into the tech sector and into a niche like cybersecurity? The answer is we need initiatives that go beyond offering STEM programs that contribute to gender equality in the workforce. We need to ensure we provide equal access to education and to pathways into cybersecurity.
The Australian Government’s 2022 workplace gender equality statistics show women making up 47.9 percent of employed persons in Australia, 26.3 percent of all women working full-time and 21.6 percent part-time. When you break down what roles women are in, they are child carers, receptionists, healthcare workers, office managers, teachers, hospitality workers, sales assistants and accountants. Many of those careers could be bridges into the technology sector.
But how do we create those bridges, particularly for women over 35 who did not grow up with an option to study cybersecurity? Many of these women have not been part of the STEM program movements that have opened doors for new talent, and they
have already established their careers. We have to build bridges where women have equitable access to career options in cybersecurity and showcase the new opportunities available in the sector should they be enticed to leave their careers for the adventure.
First and foremost, we need to stop assuming all the bridges need to lead to technical roles. In fact, creating bridges to bring women closer to careers in the technology sector is the best step forward. From there, the next step is a bridge into a technical role for women so inclined. For example, accounting roles are a natural bridge to a career in penetration testing. Sales assistant roles can evolve into security marketing, lead generation or business development.
A few ways for women to get their foot in the door, and which should be more widely circulated, include short courses and mentoring programs where women can participate and get a taste of what a role in tech and cybersecurity could look like.
My advice to women wanting to dip their toes into cybersecurity would be to attend technology events and introduce themselves to the sponsors at the cybersecurity stands. These can offer visibility of different career options and pathways. They should listen to women in tech speaking publicly about their experiences building their careers and becoming industry leaders. At Cloudflare we have run a Women in Cybersecurity breakfast each year and would happily host a session to support women from other sectors wanting information on the topic. There are also many associations women can sign up for, and of course, this magazine is also a great source for learning.
www.linkedin.com/in/wendykomadina/
www.linkedin.com/company/cloudflare/
Mobile phones have become an integral part of our daily lives, and the lives of our children.
While some parents believe allowing their children to take the mobile phones to school can enhance their safety and facilitate communication, others are concerned about the potential distractions and negative effects on learning. There are advantages and disadvantages to children having their mobile phones at school.
One of the advantages of is that children can contact their parents or guardians in case of an emergency. This can give parents peace of mind, knowing they can be reached at any time. Of course, long before there were mobile phones, if there was a problem at school, the school office would contact parents. Probably the most useful feature of mobile phones is the convenience they provide for coordinating pick up times or alerting parents of changes to school schedules.
Another advantage of children having mobile phones at school is that they can be used to access educational resources. For example, children can use their phones to research information for school projects or to access educational apps that can enhance their learning. Mobile phones can also be used to take notes or record lectures, making it easier for students to review and study the material later.
Having said that, most schools now have a bring your own device (BYOD) policy, or provide a device such as an iPad or laptop. So there really is no reason why a child should require their own personal mobile phone in the classroom to perform research work.
There are also several disadvantages to children having mobile phones at school. One of the main concerns is that mobile phones can be a distraction. Teachers make no secret of the battle they have on their hands when children are using their phones in the classroom. Children may be tempted to check their phones during class or to use them to text their friends instead of paying attention to the teacher.
This can lead to a decrease in academic performance and can negatively impact their learning.
Another disadvantage of children having mobile phones at school is that they can be used for cyberbullying. With the anonymity mobile phones provide, children may feel emboldened to send hurtful messages or to post negative comments on social media. This can be particularly damaging for children who are already struggling with self-esteem issues. With mobile phones at school, there is no respite from 24/7 cyberbullying.
In addition, mobile phones can also be a source of temptation for children to engage in inappropriate or illegal activities. For example, they may use their phones to access inappropriate content or to cheat in exams. Worse still, they may share inappropriate content with children who would not otherwise be able to access such, thanks to the controls their parents have set up.
In conclusion, there are both advantages and disadvantages to children having their mobile phones at school. While mobile phones can enhance communication and facilitate learning, they can also be a major distraction and a source of negative behaviour. Some states have banned mobile phones at school completely. Some schools have rules in place, for example, mobile phones must be switched off and kept in a locker during the day. Some schools have rules they do not enforce and others, seemingly no rules at all.
www.linkedin.com/in/nicolle-embra-804259122
www.linkedin.com/company/the-cyber-safety-tech-mum
Kristina Nicole P. was born in eastern Europe but moved to Canberra when still very young. She has obtained a Graduate Certificate in Cybercrime from Griffith University and plans to shortly commence study there for a Master of Cyber Security Analysis. She works as a Policy Officer in the Australian Public Service (APS).
Graduate Certificate in Cybercrime at Griffith University
What cybersecurity role would you most like to be hired into when you graduate, and why?
I am still exploring! They say ‘the devil is in the detail’ and this is true for me because I am more of a detail person. I also have an innate curiosity and I believe this will lead me to keep learning. It has enabled me to pick up new skills quickly and to think critically about different problems. I would like to transition into an analyst or advisor role in the APS.
The threat landscape in cybersecurity is constantly changing, so you need to have a desire to learn and to keep on learning. But there are many different cybersecurity career paths I can take. I believe technical skills can be taught (if you are determined and have the right coach/convenor who can communicate clearly) and there are numerous subdisciplines within the technical side, but many non technical people already possess many of the transferable skills.
Finding a way to navigate through those transferrable skills and apply them to cybersecurity can be challenging, especially for me with no prior experience in the field. However, with the right guidance and dedication and by focusing on areas that really interest me, I believe it to be possible. My primary interests are in foreign affairs, defence, intelligence and national security. My current priorities are job security and flexible working arrangements.
What do you see has been the most memorable and/or significant event in your cybersecurity journey to date, and why?
I participated in the Australian Defence Force Cyber Gap Program, delivered in partnership with Digital Profession — an arm of APS for employees starting or growing their digital career or wanting to lead in a digital role — Cybermerc and the Australian Computer Society. It was a most enjoyable experience for me and gave me the opportunity to learn more about the vital roles operators play in defending Australia’s national security.
I had access to online cyber skills modules and cyber skills challenges which were fun and challenging! I gained hands on experience and developed skills in attack and defence approaches. The program helped me develop a better understanding of the cybersecurity industry and the challenges it faces.
I learned a lot over the 12 months. I made good connections with like-minded individuals. Overall, I was very impressed with the way the organisers and the administrative staff made everything run smoothly, efficiently and professionally. The program opened a world of possibilities for me and I believe it will have a positive impact on my career.
Recently, I have been selected to participant in the Purple Team Australia Program. I am sure this experience will be another great opportunity to gain valuable skills and knowledge. Excited to start.
The cybersecurity industry abounds with certifications from multiple organisations. Have you gained, or do you plan to gain any of these, if so which ones, and why?
At this point in time, no. I would consider some certifications in the future as I become more comfortable and find my interests. Open-source intelligence or computer forensics are skills I am interested in that could be a starting point.
What aspect of your studies excites you the most?
Having the knowledge to help people who are vulnerable. Even a little information can really make difference.
What aspect do you find least interesting or useful?
Exams are the least interesting! Yes, I did pass mine…phew! But I find exams are not appropriate for all courses and should not be used in all assessments. They should be replaced with
work-ready assessments such as briefing reports and presentations. An alternative could be take-home exams. I think universities should rethink the design and purpose of their exams. For example, universities should partner with internationally recognised cybersecurity associations such as (ISC)² and provide credit for some of their courses, which are just too expensive.
Is there any aspect of your studies you find particularly difficult or challenging, if so what, and why?
For me, it was understanding the technical aspects and having these explained in a clear and simple way. My digital forensics course covered the techniques and procedures that can be used in a court of law to investigate, detect and prevent digital crimes.
The course covered a lot of information such as data acquisition/validation, evidence collection and preservation, investigating operating systems and file systems, network forensics, mobile device forensics, and email/web forensics. There was a lot to wrap my head around about which I did not have any prior knowledge.
We used Linux. I struggled at first with the code and how it all worked together. However, I had a great digital forensics course convenor who was able to translate something so complex into easy to understand terms. He was also able to provide the class with practical examples which helped me to apply the knowledge in real-life scenarios. This made it easier to grasp the concepts and understand the technical details.
Cybersecurity requires a multidisciplinary approach that involves not only technology but also an understanding of human behaviour, law, policy and the ethics that govern cyber space. Gaining insights into both the technical side and the world of crime and our justice system was a great learning experience.
Do you see the need for, or plan to undertake, additional training in non-cyber skills to better equip you for a future role, eg interpersonal communications or management?
I am not interested at the moment because I do have a really good mix of soft skills but maybe in the future, I would consider a MBA course focusing on cyber management, leadership and people management, and strategic organisationalmanagement.
Are you involved in the wider cybersecurity community, eg AWSN, if so, how and what has been your experience?
Yes, I am involved in the wider cybersecurity community. There is no shortage of professional associations to join that aim to serve the needs of, and promote, women in the workplace.
I recently joined Australian Women in Security Network (AWSN). My experience so far has been positive. I have been able to connect and share with like minded individuals who empower women to succeed in cybersecurity roles.
AWSN provides a one-stop shop for women who are interested in cybersecurity. There is a wide variety of programs available to help women gain a competitive edge in a male-dominated industry. In addition to offering workshops, networking opportunities and job posting boards, AWSN offers insights into technical and non technical cyber roles and into the industry as a whole, which can be a tremendous help preparing women for industry certifications.
www.linkedin.com/in/kristinanp
Melika Khani was born and grew up in Iran. Today she lives in Montreal where she is in the second year of study for a master’s degree in information systems security at Concordia University.
Masters in Information Systems Security Student at Concordia University
Suppose you met an old friend from your last year at school who, knowing nothing about cybersecurity or what you do, asks you what you are doing. How do you answer them to ‘sell’ them on the idea of a career in cybersecurity?
It’s important to protect your personal information, like your bank account details or your social media accounts. In cybersecurity we work to protect all kinds of information, from people’s personal data to large companies’ confidential information.
In simple words, cybersecurity is all about making sure information is kept safe from hackers and other cyber criminals who might try to steal it, corrupt it or use it for their own purposes. It’s a really important job because, as our world becomes more digital, the threats to our information security are constantly increasing. By working as a cybersecurity specialist you get to use your skills and knowledge to help keep people and companies safe from these threats.
It can be really exciting work because you get to be part of a team working to protect important information and prevent potentially disastrous cyber attacks. Moreover, cybersecurity is a growing field with many job opportunities and room for advancement. As companies realise how important it is to protect their data, the need for skilled cybersecurity professionals is only going to keep increasing. So, if you’re interested in technology, problem solving and making a real difference in the world, a career in cybersecurity might be a great fit for you.
How does the reality of cybersecurity as you experience it today align with your understanding when you first thought about studying it?
The reality of cybersecurity is much more complex and diverse than I expected. At first, I pictured cybersecurity professionals using cutting edge
technology such as advanced encryption algorithms and sophisticated computer software to protect against cyber threats.
Today, based on what I know, cybersecurity is a vital field that includes everything from securing personal devices and online accounts to protecting entire networks and critical infrastructure. It involves not only technical skills like programming and network management, but also knowledge of legal and ethical issues, risk management, and even psychology.
The reality of cybersecurity is that it is a constantly changing landscape with new threats and vulnerabilities emerging all the time. This means that cybersecurity professionals need to be constantly learning and adapting in order to stay ahead of the curve and keep their organisations safe. At the same time, cybersecurity can be an incredibly rewarding field.
Knowing you are helping to protect people and organisations from potentially devastating cyber attacks can be a real source of pride and satisfaction. Plus, with the demand for cybersecurity professionals on the rise, there are plenty of job opportunities and room for growth and advancement in the field.
What cybersecurity role would you most like to be hired into when you graduate, and why?
The choice of which cybersecurity role to pursue after graduation usually depends on the individual’s interests, skills and career goals. It is important to research each role and gain a solid understanding of what each entails as well as the opportunities and challenges associated with each role.
Personally, I would like to be a security engineer who designs and implements security solutions for an organisation’s IT systems and networks, because I believe this role to be suitable for me and more relatable to my background. Also, I would like to be
able to work closely with other IT professionals to ensure security is integrated into all aspects of an organisation’s technology infrastructure.
We hear all the time that the world of cybersecurity is changing rapidly, particularly with the rate of threat evolution. Do you feel your course is doing a good job of being current?
My cybersecurity course does a good job of staying up to date by incorporating the latest trends and technologies into its curriculum. Concordia University offers internships or apprenticeships and provide opportunities for students to participate in cybersecurity competitions or projects.
More important is the fact that my professors are educated with up to date knowledge and try their best to challenge us with examples of real world threats and attacks to help us learn. However, it is important to note that no course or program can cover everything in the rapidly changing field of cybersecurity. It is up to students to take an active role in their own education and continue learning beyond the classroom. This may involve staying current with industry news and trends, seeking out professional development opportunities and gaining hands on experience through internships or other practical learning opportunities.
Overall, while cybersecurity courses can provide a solid foundation of knowledge, it is important for students to supplement their education with ongoing learning and development in order to stay current and succeed in this rapidly evolving field.
What aspect of your studies excites you the most?
Cybersecurity is a diverse field with a wide range of subdisciplines each requiring different skills, knowledge and interests. I am passionate about the technical aspects of cybersecurity such as network
security, cryptography and vulnerability assessment. I enjoy exploring the latest technologies and tools, experimenting with different security measures and finding creative solutions to complex problems.
Regardless of individual interests, the field of cybersecurity offers many opportunities for innovation, problem solving and making a positive impact in the world. Cybersecurity professionals play a critical role in protecting sensitive data, ensuring the integrity and availability of critical systems and safeguarding against cyber threats that can have far-reaching consequences. With the ever-increasing reliance on technology in today’s world, cybersecurity has become a vital aspect of business and government operations making it a field with a wide range of career opportunities and potential for growth.
Is there any aspect of your studies you find particularly difficult or challenging, if so what, and why?
Of course. This field has its own challenges like many professions. It is important for cybersecurity professionals to stay up to date with the latest trends and technologies, work collaboratively with experts from different disciplines and maintain a constant focus on the evolving threat landscape to be effective in their roles.
However, there might be other factors. Firstly, the cybersecurity threat landscape is constantly evolving with new threats and attack techniques emerging all the time. Keeping up with these changes can be a daunting task because it requires a deep understanding of the latest trends and technologies as well as the ability to adapt quickly to new threats.
Secondly, cybersecurity professionals need to be well versed in a wide range of technologies, from network infrastructure and operating systems to cloud platforms and mobile devices. Each of these technologies has its own unique security challenges
and vulnerabilities, and staying up to date with the latest best practices and security measures can be a challenging task.
Also, cybersecurity is an interdisciplinary field that requires expertise in multiple areas, including computer science, information technology, mathematics, psychology and law. It can be difficult to develop a comprehensive understanding of all these areas, and cybersecurity professionals need to work collaboratively with experts from different disciplines to address complex security challenges.
Finally, cybersecurity professionals need to strike a balance between security and usability, ensuring that systems and applications are secure without impeding productivity or user experience. This can be a delicate balancing act: security measures can sometimes be perceived as hindering usability, and vice versa.
Is there any aspect of cybersecurity that you think should be given greater focus in your course, or any aspect you think should be given less focus?
The focus of a cybersecurity course can depend on the specific goals and objectives of the program as well as the needs and demands of the industry. I think topics that could be given greater emphasis might include emerging threats and trends in the industry such as cloud security, IoT security or AI based attacks.
Additionally, some students may benefit from courses or training that focuses on specific industries or sectors, such as healthcare or finance. On the other hand, some topics may be given less focus if they are less relevant to current or emerging threats in the industry, or if they are covered extensively in other courses or training programs. Ultimately, the focus of a cybersecurity course or program should be driven by the needs and demands of the industry, as well as the goals and interests of the students.
Do you see the need for, or plan to undertake, additional training in non-cyber skills to better equip you for a future role, eg interpersonal communications or management?
In cybersecurity it is increasingly important for professionals to have not only technical skills but also non cyber skills such as interpersonal communication, management and leadership. This is because cybersecurity is not only a technical issue but also involves working with people and managing risks in a business context. As such, many professionals in the field may choose to pursue additional training or certifications in areas such as project management, risk management or leadership to better equip themselves for their future roles and advance in their careers.
I think I might need to take additional training to be skilled in many ways. So, as I go through my career I will try my best to learn and upgrade my skills to be more successful.
What is your favourite source of general information about cybersecurity?
I mostly study a lot of technical papers and research articles on Google Scholar because it is a reliable source of information for a lot of people. Meanwhile, I like KrebsOnSecurity, the popular cybersecurity blog run by Brian Krebs. I like it because it covers a variety of topics related to cybersecurity, including data breaches, malware and cybercrime investigations. My second favourite source is the Cybersecurity and Infrastructure Security Agency (CISA). This US Government agency provides resources and information on cybersecurity threats, vulnerabilities and best practices. It also offers cybersecurity training and workshops for individuals and organisations.
www.linkedin.com/in/melika-khani130998
a professional marketing, strategy and implementation agency that is dedicated, responsive, professional, dedicated, creative, innovative, hardworking, and really cares about your business outcomes?
REACH OUT TODAY FOR AN INSTANT QUOTE.
With:
The team at Source2Create has all the necessary skills to get the job done for you, so your time can be reserved to focus on other things aby@source2create
Patricia Ysabelle Trinidad Manayao was born in Baliuag, a small town in the Philippines province of Bulacan. She came to Australia in 2008 and now lives in Western Sydney. She is in the final year of a Bachelor of Cyber Security course at Macquarie University.
Bachelor of Cyber Security Student at Macquarie University
Suppose you met an old friend from your last year at school who, knowing nothing about cybersecurity or what you do, asks you what you are doing. How do you answer them to ‘sell’ them on the idea of a career in cybersecurity?
I would highlight the benefits of pursuing cybersecurity:
• It is an exciting field. Cybersecurity is a captivating and ever changing industry, offering constant challenges and opportunities.
• It has promising growth. The demand for skilled cybersecurity professionals is increasing, providing excellent prospects for career advancement.
• It offers a variety of roles. There are diverse job opportunities in cybersecurity across various sectors, allowing flexibility and the chance to explore different roles.
• It offers a stable career. With the continuous presence of cyber threats, cybersecurity offers a secure and reliable career path.
• It offers continuous learning. Cybersecurity requires staying up to date with the latest techniques, ensuring ongoing professional development.
• It creates real-life impact. By protecting information and systems, cybersecurity professionals contribute to safeguarding individuals, organisations and even nations.
How does your understanding of cybersecurity when you first thought about studying it compare with the reality of cybersecurity as you experience it today?
When I began my coursework in cybersecurity I had the perception the field was quite specific, mainly centred around identifying system vulnerabilities. However, as I progressed through my university degree I gained comprehensive knowledge of
fundamental areas such as computing, networking and cybersecurity governance. What I find particularly appealing about cybersecurity is the wide range of options it offers, allowing individuals to choose a career path that genuinely resonates with their interests and aspirations.
What cybersecurity role would you most like to be hired into when you graduate, and why?
The cybersecurity role that aligns well with my skills and interests is cybersecurity governance and management. I am particularly enthusiastic about the chance to contribute to establishing robust practices and management strategies that ensure the protection of a company’s digital assets. I have a deep interest in network security and architecture and I can see myself thriving in a role where I assess and analyse networks to mitigate risks. It is an opportunity I am eager to embrace.
Who, or what, would you say has had the biggest influence on your cybersecurity career journey to date, and why?
My father has been my greatest inspiration in my cybersecurity career journey. He not only introduced me to the world of information technology but also provided unwavering support for my pursuits in cybersecurity. I am deeply grateful to have such an incredible and respected role model in my life. My father continues to inspire me and serves as a constant source of motivation within the industry. My aspiration is to acquire the same level of knowledge and expertise in the field as he possesses.
What aspect of your studies excites you the most?
One aspect of my studies that truly excites me is delving into the realms of data communications and networks, as well as cybersecurity management governance. I am particularly grateful for the continuous support I receive from my peers and the
dedicated computing staff at Macquarie University. The inclusive social events, insightful workshops and the wonderful people I have encountered along the way fill me with joy and excitement for my career in cybersecurity.
Do you see the need for, or plan to undertake, additional training in non-cyber skills to better equip you for a future role, e.g. interpersonal communications or management?
I am absolutely determined to pursue additional training in non cyber skills that will further equip me for the future. I deeply understand the importance of building interpersonal connections and find great joy in cultivating leadership and management skills. Embracing these aspects allows me to thrive personally and professionally as a woman in cybersecurity.
What is your favourite source of general information about cybersecurity?
I find great value in diverse sources of information. News articles, podcasts and forums are among my favourite go to resources for gathering general insights. They provide me with a broad understanding of the latest developments in the field. Additionally, engaging in conversations with my peers at university brings me great joy because we exchange ideas and perspectives, further enhancing my knowledge in cybersecurity.
What measures do you have in place for your personal cybersecurity?
I have implemented several measures to ensure my personal cybersecurity. One of the key steps I take is using a password manager, which not only generates strong and unique passwords but also helps me keep track of my credentials securely. In addition, I rely on a comprehensive endpoint protection product which offers a range of features including antimalware, web and application control, device control and more,
providing me with enhanced protection. Furthermore, I adopt a healthy level of scepticism when it comes to receiving data online, exercising caution and scrutinising any suspicious or unfamiliar sources. These combined efforts contribute to maintaining a robust level of personal cybersecurity.
Have you already sought employment in cybersecurity, if so, what has been your experience of applications and interviews?
As an aspiring cybersecurity professional actively seeking roles in offensive security, GCR, digital forensics and management, the journey of seeking employment in this field has been both rewarding and invigorating. I thoroughly enjoy networking and establishing connections with individuals who share my passion for cybersecurity. Although I have not yet secured a position, the application and interview process has provided valuable experiences allowing me to grow both personally and professionally. I am filled with enthusiasm and excitement for the opportunity to contribute my skills, knowledge and passion to the field and make lasting connections with fellow professionals.
www.linkedin.com/in/pysa-manayao
Terra Tormey grew up in the hinterland of Queensland’s Sunshine Coast and now lives in Perth where she is studying for a Master of IT at the University of Western Australia.
Master of IT Student at the University of Western Australia
Suppose you met an old friend from your last year at school who, knowing nothing about cybersecurity or what you do, asks you what you are doing. How do you answer them to ‘sell’ them on the idea of a career in cybersecurity?
The cybersecurity industry is an exciting and rapidly evolving field that I’ve become passionate about. It’s a sector that’s growing at a staggering pace as a result of our increasingly digital world. The truth is, everyone needs robust security measures, whether it be businesses protecting their data or individuals safeguarding their online identity. And with technology advancements moving so fast, cybersecurity must keep up, making it a dynamic field.
What is even more inspiring for me is the push for diversity within the industry. There are fantastic opportunities for women in cybersecurity, which is why I’d recommend considering it as a career path. It’s an empowering environment where your contributions can have a significant impact on people’s lives and businesses. So, in essence, I get to work on something I love, while also knowing I’m making a real difference — it’s a great feeling!
How does the reality of cybersecurity as you experience it today fit with your understanding when you first thought about studying it?
When I first began studying IT, cybersecurity was not on my radar. At the time, most people I spoke to assumed I would naturally gravitate towards cybersecurity because it’s often discussed in the media, while other IT disciplines are not as highly publicised. I initially perceived cybersecurity to be a highly technical field, dominated by red or blue teaming activities and requiring a deep interest in these areas.
That perception, while not entirely incorrect, was quite reductive. There are indeed very technical
aspects to cybersecurity, but the field is much broader and multidimensional. As I delved deeper into my studies and began to explore cybersecurity in earnest, I realised it has many facets, from policy and management to education and awareness, and extends well beyond technical hacking skills.
Now, as I continue to progress in my cybersecurity journey, I see a wealth of opportunities that align with my unique blend of skills and interests. It’s exciting to realise there are so many paths within cybersecurity, each offering different ways to make a meaningful impact. The reality of cybersecurity is far more diverse and vibrant than I had initially thought, and I’m eager to continue exploring the breadth of this exciting field.
Who, or what would you say has had the biggest influence on your cybersecurity career journey to date, and why?
The biggest influence on my cybersecurity career journey to date has undoubtedly been my initial academic exposure to the field during my masters. I was profoundly impacted by my first cybersecurity unit, Introduction to Cybersecurity, which offered an engaging and practical approach to the subject matter through capture-the-flag labs and projects. This immersive learning experience, coupled with the sense of achievement upon solving challenges, deeply resonated with me.
In addition, the mentorship provided by my encouraging lecturer and tutor during this unit played a pivotal role. Their ability to make complex concepts enjoyable, provide room for growth through internships, and cultivate a learning environment that extended beyond the classroom all made a lasting impact. Their influence did not end with the conclusion of the unit; I continue to interact with them and have even assumed the role of a tutor for the same unit.
Finally, the welcoming and supportive cybersecurity community has been instrumental in shaping my journey. The encouragement received from industry professionals has highlighted that, despite the field appearing daunting from the outside, there is a place for everyone willing to learn and contribute.
The cybersecurity industry abounds with certifications from multiple organisations. Have you gained, or do you plan to gain any of these, if so which ones, and why?
Absolutely, I do plan to gain further certifications in cybersecurity after my graduation. It’s an industry where continuous learning is not only a preference, but a necessity, and I thrive in such environments. However, at present I am still exploring the different sub-fields within cybersecurity to determine where my interests and talents could best be used.
There are numerous reputable certifications available, each tailored towards different areas of expertise, such as Certified Information Systems Security Professional (CISSP) and ISO/IEC 27001. While I am yet to decide which ones to pursue, I am committed to expanding my knowledge and skill set.
The choice of certification will ultimately depend on my chosen path within cybersecurity, because I wish to make sure it aligns well with my career aspirations. The goal is not simply to gather certifications, but to ensure they provide a valuable contribution to my skill set and career trajectory.
What aspect of your studies excites you the most?
What excites me the most is the breadth and flexibility of my degree. It offers a perfect balance of technical and managerial skills that can be applied in any number of fields in addition to cybersecurity. This versatility opens up a wealth of career opportunities, which is both empowering and thrilling.
Moreover, I appreciate the accessibility of the course. Despite my background in marketing, I did not need any prerequisites to embark on this new educational journey. This significantly reduced the barriers to entry, making it feasible for me to transition into the field without the need for an entirely new undergraduate degree.
Undeniably the transition presented a steep learning curve, but the challenge has been rewarding. The whole process was a testament to the adaptability and resiliency that lifelong learning requires. The fact that I could dive straight into a master’s program, take on this challenge and succeed is a source of pride and excitement for me. It’s a reminder of my capacity to learn, adapt and excel, no matter the field.
Are you involved in the wider cybersecurity community, eg AWSN, if so, how and what has been your experience?
Yes, I recently became a part of the Australian Women in Security Network (AWSN). My experience to date has been truly enriching. AWSN is a vibrant and welcoming community that significantly champions and supports women in cybersecurity. It has provided me with a unique platform to connect with diverse professionals, exchange ideas and grow personally and professionally.
I also had the privilege of attending the CyberWest Summit, thanks to Cecily Rawlinson and Cairo Malet. Celebrating my birthday at the Summit was an interesting twist! The event served as an eyeopener, providing me with invaluable insights direct from industry professionals. It allowed me to gain a deeper understanding of the practical aspects of cybersecurity, beyond academic learnings. I was particularly intrigued by the panels on cybersecurity and space. What a cool and critical area to be involved in!
Being part of AWSN and engaging with the broader cybersecurity community has indeed underscored the dynamic and inclusive nature of this field, and I look forward to continually contributing and learning from this vibrant community.
What measures do you have in place for your personal cybersecurity?
Personal cybersecurity is an area of keen interest and importance to me, and I am always seeking ways to further enhance my protective measures. At present I use Bitwarden as a password manager and I use Authy for two-factor authentication.
One aspect of personal cybersecurity I am passionate about, but I believe to be often overlooked, is planning for digital legacy. Given the level of security measures I have implemented, it would be challenging for my loved ones to access my accounts should anything happen to me. Therefore, I am interested in establishing a secure process that could safely and responsibly guide them through the necessary steps to access my important accounts in the event of my passing. This is a delicate balance between security and accessibility I am currently exploring to ensure my digital footprint is properly managed in all circumstances.
With the benefit of hindsight would you change your career trajectory to date, and if so now?
Looking back, while my career trajectory might seem unconventional, transitioning from digital marketing to IT, I would not change a thing. My past experience has provided me with a plethora of invaluable skills and lessons, not to mention the strong support I received from my previous employer who played a crucial role in my professional development.
The journey from marketing to cybersecurity has placed me in a unique position, allowing me to
bridge two seemingly disparate fields. I can bring my communication, strategic thinking and creative problem solving skills honed in marketing to the realm of cybersecurity, thus providing a distinctive perspective. I view these experiences not as divergent paths, but as complementary facets of my career that enrich each other and broaden my professional capabilities.
In the end, every step in my career has been instrumental in shaping who I am today, and I am excited to leverage this unique blend of skills in my future roles in the cybersecurity industry.
www.linkedin.com/in/terratormey
Content allows you to establish, share, and strengthen your brand. It helps build relationships which is why we are shining the light on our content service.
Content strategies don’t just define the goals your content is intended to achieve, but also the procedure, processes and governance required to get there. We can show you how to manage your content effectively .
We can then use that content to attract, acquire and engage your customer and new prospects, deepening your relationships
What are you waiting for?
REACH OUT TODAY
Michelle Welch grew up in Cologne, Germany and now lives in Perth where she is in the second year of study for a Bachelor of Science in Cyber Security at Edith Cowan University.
Bachelor of Science in Cyber Security Student at Edith Cowan University
Suppose you met an old friend from your last year at school who, knowing nothing about cybersecurity or what you do, asks you what you are doing. How do you answer them to ‘sell’ them on the idea of a career in cybersecurity?
There is more to security these days than simply locking your front door and keeping your wallet and phone safe. In today’s digital world cyber threats are not only real but also evolving rapidly. That’s where my role as a cybersecurity professional comes in. Cybersecurity professionals make the world a safer place by defending against these threats and protecting individuals’ life and work.
What excites me the most is that every day brings new challenges and opportunities. Furthermore, the demand for cybersecurity professionals is incredibly high, which means job prospects and room for career growth are a given. And knowing my work has a significant impact on individuals is truly rewarding.
One of the great things about a career in cybersecurity is the diverse range of paths you can pursue. Examples are engineering, administration, analysis, forensics, consulting and much, much more.
In this field continuous learning is essential because the continually evolving nature of cybersecurity means there are always new technologies, threats and defence strategies to keep up to date with. I embrace these learning opportunities because they not only keep me on top of my game but also allow me to continually expand my knowledge and skills.
What makes my work even more meaningful is the breadth of responsibilities I have in safeguarding a wide range of critical assets. These include protecting infrastructure, data, information, systems, credentials and much more.
What cybersecurity role would you most like to be hired into when you graduate, and why?
I am aspiring to become an analyst after my graduation, because the analyst role provides a strong foundation of knowledge and skills in cybersecurity.
Analysts typically work with a wide range of security technologies, tools and methodologies. This exposure will help me gain a comprehensive understanding of the fundamental principles and practices in the field. Moreover, the hands on experience and involvement I will gain in monitoring systems, analysing security events, investigating incidents and implementing security measures is very tempting.
Furthermore, analysts are at the front line of defence, constantly monitoring and analysing security events, detections and incidents. They gain exposure to a wide range of threats, attack vectors and vulnerabilities. Lastly, analysts have many opportunities.
In addition to your studies, what employment experience do you have in cybersecurity?
I made a drastic career change from nursing to cybersecurity and have not yet gained a lot of experience. In mid-February this year I had the opportunity to start an internship at CrowdStrike. This was an exceptionally valuable experience for me.
During my time as an intern I was fortunate to be a part of the frontline team, working alongside the associate analysts and analysts of the Australian team. I was exposed to real-world cybersecurity challenges. This allows me to put my studies into practice. This hands-on experience was nothing short of amazing. I had the opportunity to apply my knowledge in a professional setting and gain valuable insights into the day to day operations of a cybersecurity team.
While my employment experience is still relatively limited, my time at CrowdStrike provided a great foundation for my future career and I am eager to continue my experience.
What aspect of your studies excites you the most?
Cybersecurity is a constantly evolving field with new threats, vulnerabilities and techniques emerging frequently. Studying cybersecurity allows me to stay at the forefront of these developments and be part of the ongoing battle against cyber threats, which makes it most exciting. Because our studies often involve hands on practical exercises and real world case studies they allow me to directly apply my knowledge and skills to real-world scenarios.
Is there any aspect of cybersecurity that you think should be given greater focus in your course, or any aspect you think should be given less focus?
I believe the “human side” of cybersecurity should be given greater focus in my university course: human behaviour, psychology and the social dynamics surrounding security practices.
For example, social engineering attacks such as phishing rely on manipulating human behaviour rather than exploiting technical vulnerabilities. While university courses can cover different types of social engineering attacks, their techniques and mitigation strategies, understanding how human psychology is exploited can help future cybersecurity professionals recognise and respond to these attacks more effectively.
The more we learn about the technical side of cybersecurity, the more we tend to forget that humans are sitting behind their devices. We must remember we are in the profession to protect these individuals, their lives and their work.
Do you see the need for, or plan to undertake, additional training in non-cyber skills to better equip you for a future role, eg interpersonal communications or management?
In the cybersecurity world it is important to recognise that technical skills alone may not be sufficient for a successful career. Non-cyber skills such as teamwork and interpersonal communication are crucial in cybersecurity, or any professional setting.
All cybersecurity professionals work in teams within their own company, across multiple teams within the same organisation and even with external stakeholders. Because cyber threats are constantly evolving and becoming more sophisticated, it is important to address these challenges with collaborative efforts that draw upon the expertise and perspectives of individuals with different skill sets and backgrounds.
Furthermore, cybersecurity threats often involve multiple systems, networks and applications. By working as a team, professionals can monitor and analyse various aspects of an organisation’s digital environment simultaneously. This collaborative approach enhances situational awareness, allowing for a more comprehensive understanding of potential risks and enabling proactive defence measures.
Lastly, teamwork fosters a culture of continuous learning and growth within cybersecurity. Collaborating with others allows professionals to learn from different experiences, share capabilities and stay up to date with evolving technologies and techniques. Teamwork goes hand in hand with interpersonal communication, which I believe is another skill crucial to equipping me for a future role. Working in a large team includes working with a large variety of colleagues and clients from diverse backgrounds as well as with individuals with varying levels of technical knowledge.
Strong interpersonal communication skills will assist me in my professional career to effectively collaborate with others. They will help me avoid misunderstandings and enhance my ability to work in a team. Moreover, I may encounter conflicts or disagreements. Strong communication skills will help me to resolve conflicts, find common ground and reach mutually beneficial outcomes.
What is your favourite source of general information about cybersecurity?
In general I keep up to date through LinkedIn, my peers and, of course, my employer. Since working for CrowdStrike I have come to appreciate its blogs and threat reports which keep me up to date with current threats, vulnerabilities and ways to keep environments safe.
With the benefit of hindsight would you change your career trajectory to date, and if so now?
My career trajectory might be slightly different to those of my peers and fellow students. With a background in nursing, I made the decision to change careers a couple of years ago. While my transition into cybersecurity may seem unconventional, I firmly believe my nursing background made me better at what I do now.
In the cybersecurity world it is easy to get caught up in the technical aspects and overlook the human factor. However, I have found my background in nursing enables me to bring a unique perspective to the table. It has helped me gain empathy and a deep understanding of the importance of human interactions and communication.
Cybersecurity is not just about technology; it is about protecting individuals and organisations from the impact of cyber threats. Having worked closely with patients in nursing I am able to
approach cybersecurity with a heightened awareness of the impact breaches and attacks can have on people’s lives. This empathy pushes me to ensure I am not only protecting data and systems but also the individuals who use them. In a field that can sometimes seem impersonal, my nursing background reminds me to consider the human aspect.
www.linkedin.com/in/michellewelchcybersecurity
How We Got Cyber Smart addresses cyber safety, cyber bullying and online safety for elementary school-aged children. READ NOW
Author of How We Got Cyber Smart | Amazon Bestseller
Twins Olivia and Jack recently celebrated their birthday. Usually, they receive lots of presents and have fun anticipating what they will receive before tearing off all the wrapping paper and screaming with excitement. However, this year they asked for people to give them birthday money instead of gifts so they could each buy one big Lego set: something they have been looking forward to all year.
They plan to buy the Lego sets online but are concerned about the dangers of online shopping after watching a segment on the children’s news program at school. The segment reported many people online try to trick unsuspecting shoppers into parting with their money or personal information through different types of scams. Scammers do this in a variety of ways including phishing, fake websites, fake email, and fake social media accounts.
Phishing scams occur when someone tries to trick you into giving away your personal information such as your name, address, phone number or credit card number. They might send you an email or a message that looks like it is from a legitimate company or organisation. Once they have your information, they can pretend to be you when contacting your bank, or use your identity to take out a loan in your name.
Fake websites look like those of legitimate organisations but are actually imitations controlled by a scammer. They might have the same logo or design as the real website, but they will ask you for your personal information or credit card number. For example, someone could set up a fake website pretending to sell Lego. Once you place the order, they charge your credit card and take the money but you never receive the goods.
Fake emails look as if they are from a legitimate company or organisation but are sent my scammers or cybercriminals. They might ask you to click on a link or download an attachment that will infect your computer or device with a virus or malware so they can take control of it. Once they have control, they can demand you pay a ransom to regain control.
Fake social media accounts emulate those of legitimate companies or organisations. They might ask you to click on a link that will send you to a fake website.
Olivia and Jack searched online for their special Lego sets and found a website selling the exact sets they wanted for half price. They eagerly clicked on the shopping site’s link and were about to place their orders when their mum noticed something was wrong. The website's URL did not start with "https" and it did not have a lock symbol in the address bar. She said, “this means the communication between us and the website is not encrypted so scammers can see what information is sent to the website over the internet, such as names and credit card numbers, so it’s not secure.”
Olivia and Jack were disappointed but knew if they gave their details to that website the Lego would never come and they would likely lose their money. They agreed the website was not safe to use, so they quickly closed the tab. After this online shopping experience, Olivia and Jack learnt some valuable lessons. They sat down with their parents to discuss their experiences and compiled a list of the top tips for parents when letting their children do online shopping.
• Teach children about online scams. Educate your children about the different types of scams they might encounter while shopping online.
• Supervise and guide. You should always be involved when your children are shopping online. You should help them navigate through websites and make sure they understand the potential risks.
• Teach scepticism. Teach your children to be sceptical of deals that seem too good to be true. Encourage them to research the product or seller and read reviews from trusted sources before making a purchase. Warn them about counterfeit products and overly attractive deals that might be scams.
• Keep personal information private. Instruct your children never to share personal information such as their address or phone number, unless a trusted adult is present and approves.
• Check for secure websites. Teach your children to look for the lock icon in the address bar and the https:// prefix
before entering any personal or payment information.
• Beware of phishing attempts. Instruct your children never to click on suspicious pop-ups or provide personal information to unknown sources. Remind them that legitimate companies will never ask for sensitive details through unsolicited emails
• Stay vigilant. Encourage your children to stay vigilant and to involve an adult if they encounter anything suspicious. Teach them the importance of reporting scams and suspicious activities to parents or guardians.
Armed with this knowledge, Olivia and Jack felt empowered to protect themselves. They learnt to be cautious of suspicious emails and to never share personal information online. They also learnt to look for secure websites with a lock icon in the address bar before purchasing.
www.linkedin.com/company/how-we-got-cyber-smart
facebook.com/howwegotcybersmart twitter.com/howwegotcybers1
1. MARINA AZAR TOAILOA Client Executive at EGroup Protective Services Group Pty Ltd
2. JASMINE YIP Prospective software developer and 2022 GirlBoss Award Winner
3. KATE NILON Director at Eastern Star International
4. FELICITY C Cyber response expert at Ever Nimble
5. JAYA DE SILVA Head of Strategic Bids at Sekuro
6. BLESSING USORO Founder of Cyber For School Girls
7. MINI SHARMA Global CISO at Secure Meters Limited
8. PERSIA NAVIDI Partner at Hicksons Lawyers
9. CRAIG FORD Cyber Enthusiast, Ethical Hacker, Author of A Hacker I Am vol1 & vol2, Male Champion of Change Special Recognition award winner at 2021 Australian Women in Security Awards
10. RICKI BURKE Founder at CyberSec People
11. KAREN STEPHENS CEO and co-founder of BCyber
12. VANNESSA MCCAMLEY Leadership and Performance Consultant, Coach, Facilitator, Author and Keynote Speaker
13. LAUREN IBBOTSON Financial Crime – SME at Australian Military Bank Ltd
14. JAY HIRA Founder and Executive Director at MakeCyberSimple
15. DANIELLE ROSENFIELD-LOVELL Security Consultant at CyberCX
16. CHLOE MILLER One In Tech Program Manager, ISACA
17. SIMON CARABETTA Project Coordinator at ES2
18. WENDY KOMADINA Head of Channel APJC, Cloudflare
19. NICOLLE EMBRA Cyber Safety Expert, The Cyber Safety Tech Mum
21. MELIKA KHANI Masters in Information Systems Security Student at Concordia University
22. PATRICIA YSABELLE MANAYAO Bachelor of Cyber Security Student at Macquarie University
23. TERRA TORMEY Master of IT Student at the University of Western Australia
24. MICHELLE WELCH Bachelor of Science in Cyber Security Student at Edith Cowan University
Want to start a career in programming but lack the skills and experience? The ICT30120 – Certificate III in Information Technology – Focus on Programming is a perfect starter course for those wanting to learn some of the core aspects of the ICT industry, as well as some foundational programming skills. Learn the fundamental skills required to start your journey in software development. In this course you’ll learn the key skills around the software product development cycle and the technologies and languages that can be deployed to build the next “app” of tomorrow.
Understand key technologies driving modern businesses and have meaningful conversations around Cloud, Data and AI, and related buzzwords. Describe Artificial Intelligence, Machine Learning, Deep Learning, Neural Networks, their impact on society, and our future in an AI enabled world. Gain Foundational Knowledge of Cloud Computing, Public/Private/Hybrid Clouds, IaaS/PaaS/SaaS, VMs, Cloud Storage & Cloud Native practices like DevOps. Outline what is Data Science, tasks that a Data Scientist performs, and how Data Science is revolutionizing virtually all industries and businesses.
This course will offer you the know-how to create programs that will help you provide safe and secure online experiences. You'll have the option to select from either the Management and Leadership specialisation or Security Engineering specialisation within this program to further develop your expertise and diversify your career options.Created and led by academics who are at the forefront of the industry, this course will give students a comprehensive understanding of both the current state of, and future directions of cyber security. Designed with the busy individual in mind, this 100% online course allows you to learn each subject in eight-week blocks, allowing you to accelerate your studies and graduate in two years.
Our Certified Cybersecurity Professional course will prepare you for a career in an industry with 0% unemployment. This interactive online course will take you from zero industry experience to a job ready, front line Cybersecurity Analyst in less than six months.The course includes three certifications from CompTIA, certifications which are accredited by the International Organisation for Standardisation and the American National Standards Institute (ISO/ANSI). The combination of accreditation and through consultation with our Advisory Board of industry leaders, AIICT ensures that the course prepares you for the latest roles in cybersecurity.
Do you have an aptitude for technology and are looking for a future-proof career but don't know where to start? This flexible, 100% online ICT30120 Certificate III in Information Technology qualification from the MCI Institute will give you all the basic skills and knowledge to embark on a rewarding career in IT.This course is designed for people looking to get their start in this growing and exciting industry. Aside from all the IT basics, this course focuses on cyber security skills which will make your qualification much more valuable and give you access to roles involved in keeping data safe and businesses compliant with privacy laws. You will learn essential skills such as how to securely manage personally identifiable information and workplace information, how to identify IP, ethics, and privacy policies in ICT environments, how to apply introductory programming techniques and how to identify and report online security threats.This qualification will ensure that on completion you are fully prepared to tackle all issues involved in entry-level IT positions, as well as giving you ability to improve your skills by engaging in further study.
Cyber security is one of the most pressing issues facing us now and into the future, and the demand for experts has never been higher. Build valuable skills that'll see you in a leadership role when you study the Master of Cyber Security from the University of Adelaide.Study 100% online and receive full access to course material with just a click of a button. With approximately 20 to 25 hours of coursework required per week, the program covers all the technical and managerial skills you'll need to forge your own career path as a senior cyber security specialist.In this course you'll learn how to apply, evaluate and use the principles of cyber security within real-world contexts; critically seek, analyse and evaluate data, materials, and technology to construct professional advice relating to the technical practice, management and policy of cyber security; use highly effective interpersonal skills to enable empathetic and effective communication with a range of audiences plus more. This qualification will equip you with much-needed skills to apply in professional security roles anywhere around the world. Enquire now if you're interested in playing a part to secure our digital future.
You're a natural problem-solver with a knack for new technology. Now, turn your interests into a dynamic career with this online Graduate Certificate in Cyber Security course from RMIT Online.Designed for students with no prior industry experience, this postgraduate course offers the foundation concepts, skills and capabilities required to work in the growing and highly valued field of cyber safety. The Australian Cyber Security Centre estimates that cyber security incidents cost Australian businesses $29 billion each year. With the skills developed in this course, you'll be well-prepared to help businesses protect themselves and their customers against dangerous and expensive cyber threats. This Graduate Certificate in Cyber Security is comprised of four courses. See our Subject section for more info or enquire for a course brochure. Delivered by industry-connected experts and validated by professionals, this qualification helps students rapidly build the sought-after skills needed to succeed in this sector. You'll develop programming skills, solid knowledge of cyber security fundamentals, and a strong understanding of the ethical considerations required in making complex decisions.
"Fight crimes using cyber forensics. The 100% online Master of Cyber Security and Forensics at the UniSC consists of 14 courses you can complete within two years.You’ll analyse case studies and real-world data and gain insider knowledge as you learn more about digital and network forensics, programming, cyber laws, cryptocurrency, research and more.As part of the program, you’ll graduate with your master’s AND the industry certifications employers look for beyond a degree. These 3rdparty certifications are globally recognised. They demonstrate your experience level and knowledge and put you ahead of graduates with the same degree. Microsoft (Security, Compliance, Identity Fundamentals) ITS Python"
VISIT HERE
This course will help you build essential industry skills that are transferable across different sectors – including critical thinking, problem solving, presenting and customer service. You will learn how to support a range of technologies, processes, policies and clients.The ICT30120 Certificate III in Information Technology will prepare you for roles in a range of ICT disciplines including Help Desk Officer, ICT Operations Support, Network Support Officer, ICT Technician and Web Development.If you want to become an advanced ICT user, or if you want to progress to higher level IT qualifications, this accredited and nationallyrecognised course could be what you’re looking for.
An advanced practical skillset in defeating all online threats - advanced hackers, trackers, malware and all Internet nastiness including mitigating government spying and mass. Explore the threat landscape - Darknets, dark markets, zero day vulnerabilities, exploit kits, malware, phishing and much more. Go in-depth into security through physical and virtual isolation and compartmentalization. Covering sandboxes, application isolation, virtual machines, A certificate of completion is available signed by the instructor Nathan House so CPE credits can be claimed. We cover operating system security, privacy, and patching - On Windows 7, Windows 8, Windows 10, MacOS and Linux.You will master encryption in an easy to follow crash course. You will learn about nation state secret tracking and hacking infrastructure.
Understand the importance of cybersecurity practices and their impact for organizations.Protect networks, devices, people, and data from unauthorized access and cyberattacks using Security Information and Event Management (SIEM) tools.Identify common risks, threats, and vulnerabilities, as well as techniques to mitigate them.Gain hands-on experience with Python, Linux, and SQL.
With Steve Gibson and Leo Laporte
Beginning in 2005, Security Now has been providing weekly episodes to keep you up to date on the latest breaches, exploits, and other technical developments in the world of cybersecurity. Hosts Steve Gibson and Leo Laporte cover a wide variety of cybersecurity topics including malware, data privacy, device security, and so much more – without getting too bogged down in jargon.
With Maril Vernon, Erika Eakins, and Nathalie Baker
Inspiring Gen-Z women and LGBTQ minorities to seize their place in cyber and the success the field has to offer.
With Samantha Bee
We make a lot of choices, every single day. Some explode, some implode, most we barely remember. Each week on Choice Words, Samantha Bee sits down with people she admires to examine the biggest choices they’ve made in their lives and the ripple effects those decisions have had.
With Julia Louis-Dreyfus
Julia Louis-Dreyfus wants to know why the hell we don’t hear more from older women, so she’s sitting down with Jane Fonda, Carol Burnett, Amy Tan, Diane von Furstenberg, Isabel Allende and Fran Lebowitz (and more!) to get schooled in how to live a full and meaningful life. Each week Julia has funny, touching, personal conversations with women who are always WISER THAN ME™.
With Glennon Doyle & Cadence13
I’m Glennon Doyle, author of Untamed, the book that was released at the very start of the pandemic and became a lifeline for millions. I watched in awe while this simple phrase from Untamed – WE CAN DO HARD THINGS – the mantra that saved my life twenty years ago, became a worldwide rally cry.
With Lala Kent
Every day is a brand-new beginning for Lala Kent. Get to know the actress, singer, TV personality and entrepreneur, as she dives deep into relationships, sex, betrayal, mental health, personal life, and business. Lala’s top priority is to make her listeners feel heard, understood, and inspired. To give them honesty. Give them motivation. To Give Them Lala.
With Nancy Novak
Breaking Glass is a video podcast series focused on women, and the unique issues they face, in the high tech industry. Hosted by Compass Datacenters39; Chief Innovation Officer Nancy Novak, each episode will feature a prominent woman in the technology industry discussing her personal experiences in the workforce. The series is co-sponsored by Infrastructure Masons.
With Inspiring Israeli Women in Tech and Beyond
A series focused on inspiring Israeli women in tech and beyond - describing their career trajectory, their perception of diversity in the Israeli tech sector and what supports have made a difference as they reach for their goals.
With Chatting with Christine
Highlighting young women and tech professionals on their journeys and careers! Made by and made for the young working professional. On the side, we also like to talk about issues, problems, and observations we see from our generation as well! Get inspired or learn something along the way.
With Parul Goel
On Unseen Battles, you will hear raw, honest conversations with women leaders about an unseen battle in their careers - working with a difficult manager, receiving critical feedback, hesitating to negotiate - issues we all face in some form. We will go deep into their motivations and fears. Tune in for you bi-weekly dose of hope and inspiration.
Author
// Susan CainIn Quiet, Susan Cain argues that we dramatically undervalue introverts and shows how much we lose in doing so. She charts the rise of the Extrovert Ideal throughout the twentieth century and explores how deeply it has come to permeate our culture. She also introduces us to successful introverts—from a witty, high-octane public speaker who recharges in solitude after his talks, to a record-breaking salesman who quietly taps into the power of questions. Passionately argued, superbly researched, and filled with indelible stories of real people, Quiet has the power to permanently change how we see introverts and, equally important, how they see themselves.
Author
// Carol S. DweckAfter decades of research, worldrenowned Stanford University psychologist Carol S. Dweck, Ph.D., discovered a simple but groundbreaking idea: the power of mindset. In this brilliant book, she shows how success in school, work, sports, the arts, and almost every area of human endeavor can be dramatically influenced by how we think about our talents and abilities. People with a fixed mindset — those who believe that abilities are fixed — are less likely to flourish than those with a growth mindset — those who believe that abilities can be developed. Mindset reveals how great parents, teachers, managers, and athletes can put this idea to use to foster outstanding accomplishment.
Author
// Kathleen Hall JamiesonThe question of how Donald Trump won the 2016 election looms over his presidency. In particular, were the 78,000 voters who gave him an Electoral College victory affected by the Russian trolls and hackers? Trump has denied it. So has Vladimir Putin. Others cast the answer as unknowable. In Cyberwar, Kathleen Hall Jamieson marshals the troll posts, unique polling data, analyses of how the press used hacked content, and a synthesis of half a century of media effects literature to argue that, although not certain, it is probable that the Russians helped elect the 45th president of the US.
Author // Rebecca Skloot
Her name was Henrietta Lacks, but scientists know her as HeLa. She was a poor Southern tobacco farmer who worked the same land as her enslaved ancestors, yet her cells—taken without her knowledge—became one of the most important tools in medicine. The first “immortal” human cells grown in culture, they are still alive today, though she has been dead for more than sixty years. If you could pile all HeLa cells ever grown onto a scale, they’d weigh more than 50 million metric tons—as much as a hundred Empire State Buildings. HeLa cells were vital for developing the polio vaccine; uncovered secrets of cancer, viruses, and the atom bomb’s effects; helped lead to important advances like in vitro fertilization, cloning, and gene mapping; and have been bought and sold by the billions.
Author // Ariel Evans
In Enterprise Cybersecurity in Digital Business, you will learn about cyber-risk from a business rather than technical standpoint. Learn how to set goals, create new roles to fill cybersecurity gaps and include everyone in your business. This book is geared toward CEOs, chief information security officers, data protection officers and compliance managers.
Author // Kim Zetter
Countdown to Zero Day is an informative look at the start of digital warfare, deep-diving into the release of Stuxnet and how it came to impact a nuclear facility in Natanz, Iran. This is one of those must-read cyber security books for experts and non-technical people alike to gain an insight into the power and impact of modern cyber tools and attacks.
Author // Anne Kohnke, Dan Shoemaker and Ken E. Sigler
The Complete Guide to Cybersecurity Risks and Controls is a formative book that takes a practical approach to control and governance of information and communication technologies (ICT). Unlike other books, the authors view the topic through a lens of ICT operations being less of a technical issue than one of strategic governance.
Author // Angela Duckworth
In this must-read book for anyone striving to succeed, pioneering psychologist Angela Duckworth shows parents, educators, students, and business people both seasoned and new that the secret to outstanding achievement is not talent but a focused persistence called grit.
Author // Allison Cerra
Alright… last but certainly not least on our list of the best cybersecurity books is The Cybersecurity Playbook. This one is all about helping employees at all levels of an organization identify weaknesses and assess threats. It also drives home the importance of having effective policies in place to help protect organizations against vulnerabilities associated with the human factor: their employees.
Author // Sherry Turkle
"Renowned media scholar Sherry Turkle investigates how a flight from conversation undermines our relationships, creativity, and productivity—and why reclaiming face-to-face conversation can help us regain lost ground.
We live in a technological universe in which we are always communicating. And yet we have sacrificed conversation for mere connection."
Author // Amanda-Jane Turner
"Do you use computers, smart phones and the internet? If you do, please read this book and help protect yourself from cybercrime.There is no solely technical solution to fight cybercrime and neither is there a solely human solution. That is why everyone who uses technology and the internet need to have at least a basic understanding of what they can do to help protect themselves in cyberspace.
The stereotype that cybercrime is committed by mysterious hoody-wearing hackers is harmful. It encourages a feeling of hopelessness about how to protect ourselves and our information. How can we fight these mysterious hidden figures? This book provides easy to understand information to demystify cybercrime and make cyber security more understandable and accessible to all.
As technology has evolved exponentially since the advent of the Internet, and because each subsequent generation does not know a time without being connected via smart phones, social media and emails, this book also provides a brief history of computing and the Internet, hacking, social engineering and cybercrime."
Author // Sarah Chayes
The world is blowing up. Every day a new blaze seems to ignite: the bloody implosion of Iraq and Syria; the East-West standoff in Ukraine; abducted schoolgirls in Nigeria. Is there some thread tying these frightening international security crises together? In a riveting account that weaves history with fast-moving reportage and insider accounts from the Afghanistan war, Sarah Chayes identifies the unexpected link: corruption.
Author // Jenny Radcliffe
A burglar for hire, con-artist and expert in deception and physical infiltration – Jenny Radcliffe is a professional people hacker. After being schooled in the art of breaking and entering by her family, she became an expert social engineer, doing an insider’s job to exploit the flaws and weaknesses in top-grade security operations.In People Hacker, Jenny reveals how she uses her inimitable blend of psychology, stagecraft and charm to gain access to top-grade private and commercial properties. From the back streets of Liverpool to the City of London's Square Mile, across rooftops, cellars and staircases in Europe to the mansions of gangsters in the Far East, Jenny has risked it all to earn the title ‘People Hacker’.
Author // Jessica Barker
Confident Cyber Security is here to help. This jargon-busting guide will give you a clear overview of the world of cyber security. Exploring everything from the human side to the technical and physical implications, this book takes you through the fundamentals: how to keep secrets safe, how to stop people being manipulated and how to protect people, businesses and countries from those who wish to do harm.Featuring real-world case studies from Disney, the NHS, Taylor Swift and Frank Abagnale, as well as social media influencers and the entertainment and other industries, this book is packed with clear explanations, sound advice and practical exercises to help you understand and apply the principles of cyber security. Let Confident Cyber Security give you that cuttingedge career boost you seek.
It’s clear by now that social and environmental forces contribute to the differences in earning potential for women and minorities, and that these forces also hold the same people back from careers in STEM (Science, Technology, Engineering, and Math). What needs to be done? Let’s take a look at how to debug the diversity gap.
READ BLOG
By Vladimir Unterfingher
Marked by significant geopolitical shifts and unrest, 2022 has galvanized the cybersecurity landscape as well; war-profiteering fueled by endless media disputes has allowed the threat actors not only to operate unhindered but also to find safe harbor with states that choose to turn blind eye to cyber-criminal activity. 2023 will most likely be just as challenging as the previous few years, but I’m confident that the cybersecurity market has the right tools to deal with the constantly shifting cybercrime landscape and new/ consolidated threats, whether we’re talking about supply chain attacks, ransomware, deepfakes or cyber espionage.
Many people were disappointed when Google, Inc. released its demographics data in May, showing that only 30 percent of its employees are women and just 21 percent of its people in leadership roles are female. Google isn’t alone, however. The National Center for Women and Information Technology (NCWIT) reported early this year that women hold only 26 percent of all professional IT-related jobs in the U.S., up just 1 percent from 2010 and far below the 57 percent of professional jobs that women hold in the U.S.
READ BLOG
Employees using AI in the workplace experienced heightened levels of loneliness, insomnia, and alcohol consumption, according to a global study.
Staying informed about trends in the ever-evolving job market can assist you in planning your future career moves. For example, factors such as salary and profitability are important when picking a new company to work for.
Big data and analytics are now providing a personal approach in the battle against cancer.
READ BLOG
An evolving set of credential phishing activity targeting Microsoft Office 365 credentials has been observed reaching enterprise email inboxes. This activity is categorized by several key components that make it stand out from other campaigns.
By Kian Buckley Maher
The Cofense Phishing Defense Center (PDC) has noted an increase in the number of malicious emails utilising this attack vector. In an attempt to bypass traditional file and text detection software, QR codes provide threat actors with a different tactic to encode malicious URLs.
READ BLOG
The job market has taken many new shapes and forms during the past three years since the COVID-19 pandemic transformed how we work. Now as companies push for return-to-office initiatives, generative AI shakes up the hiring market, and more young people enter the workforce, employers are looking for different qualities in employees than in the past.
READ BLOG
We’ve rounded up 15 must-read books, blogs, and more for women in tech. Add these to your reading list (or blog feed) for a dose of tech news, opinions, career and leadership advice, and solidarity from women like you.
