Women in Security Magazine Issue 24 by source2create

FROM THE PUBLISHER

Welcome to the February issue of Women in Security Magazine—a celebration of the strength, vision and courage that drive us forward. As we step into a new season we’re embracing themes that inspire, challenge and empower women at every stage of their leadership journey.

This issue is themed around ‘RECLAIM’ and that word means something different to each of us. For me, it’s about rediscovering my sense of power and agency after a year that has left me drained in so many ways. As I reflect on 2024, I realise just how mentally, physically and emotionally challenging it was. It was a tough year, not just for me personally, but also for my small business—it was a true test of resilience.

But here we are, in 2025, and it’s time to reclaim what’s mine. The first step is embracing Creative Courage—the act of stepping beyond the conventional, pushing boundaries and creating something that reflects who I truly am. This year, I’m shedding the expectations I’ve carried for far too long. I’m going to leave behind the heels, the stereotypes and the moulds I thought I had to fit into. Instead, I’m

diving deep into my creative courage to spark the kind of innovation and transformation that reflects my true potential. I want to redefine what success looks like for me and for all of us.

If I’ve learned anything from 2024 it’s the profound importance of self-love —and that’s something I’m still working on. It’s a difficult concept for me as I’ve spent much of my life leading with compassion and care for others, but often hiding in the shadows myself. It’s my safe place, and it’s been hard to step out and vocalise my own needs, desires and dreams. But to be successful, to truly lead with authenticity, I have to learn to lead with that same compassion towards myself. Self-awareness and self-compassion are the pillars of strong leadership, but they’re often overlooked as we chase the next achievement. This year, I’m committed to prioritising self-care and nurturing the parts of myself I’ve neglected in the hustle.

I believe everyone deserves the space to step into the fullness of their identity without fear, without hesitation. We deserve environments where we can express our ideas, pursue our passions and show up as our authentic selves, unapologetically.

I want this issue to be more than just a collection of articles—it’s a call to action. It’s about Helping You to Be Seen, Be Heard and Be You . I believe everyone deserves the space to step into the fullness of their identity without fear, without hesitation. We deserve environments where we can express our ideas, pursue our passions and show up as our authentic selves, unapologetically. If we can create these spaces together, we won’t just belong; we’ll thrive. Creating Resilient Cultures and building Magnetic Companies requires intentional effort. It’s about embracing diversity, fostering inclusivity and empowering all voices. Companies that stand the test of time are those that celebrate differences, adapt to change and inspire their people to reach their fullest potential. But it’s not just about building companies—it’s about creating communities where every individual can shine.

I’m also calling on each of you to Step Forward in Solidarity. There’s incredible power in unity, and together we are unstoppable. When we align with a

shared purpose and collective intention we create ripples of change that can reshape entire industries and communities. By standing side by side we amplify each other’s strengths and lift one another to greater heights.

Finally, I am challenging myself and all of you to Embrace Resistance. In the face of adversity, resistance is not something to fear; it’s a powerful catalyst for growth, determination and unshakable resolve. It’s in these moments that we discover just how strong we really are. And through it all we should not forget to Ignite Our Lights. Our unique brilliance is the spark the world needs right now, more than ever. Let your light shine—because when you do, you not only illuminate your path but also light the way for others.

Abigail Swabey

This month, let’s embrace our collective strength, celebrate our individuality and continue building a future where everyone is empowered to lead with confidence, courage and purpose.

Let’s move forward together—bold, resilient and unapologetically ourselves.

Abigail Swabey

PUBLISHER, and CEO of Source2Create

www.linkedin.com/in/abigail-swabey-95145312

aby@source2create.com.au

COLUMN

INDUSTRY PERSPECTIVES

Reclaiming space: empowering women to succeed in the cybersecurity industry Are certifications worthwhile?

Reclaiming privacy: addressing the gender gap in tech and privacy leadership

Women in cybersecurity leading with courage and solidarity

From fear to fascination: my journey in cybersecurity

Breaking barriers in cybersecurity: my journey to success

ThankYou TO OUR SUPPORTING ASSOCIATIONS

EMBRACING RESISTANCE: OVERCOMING CHALLENGES AND FINDING STRENGTH IN COMMUNITY

by Abigail Swabey

Resistance comes in many forms. It challenges our beliefs, tests our resilience, and forces us to reevaluate our paths. Here is my courage......

For me, 2024 was a year marked by immense resistance—resistance against support for the Australian and New Zealand Women in Security Awards, resistance in my own business, and resistance in the job market when I tried to pivot. It was a year that nearly broke me, it was absolutely heartbreaking and soul destroying, and I felt so alone. But instead, I have chosen to embrace resistance and turn it into a catalyst for change and innovation.

THE STRUGGLE FOR SUPPORT IN THE SECURITY INDUSTRY

The Australian and New Zealand Women in Security Awards were created to recognize and celebrate the invaluable contributions of women, non-binary individuals, and underrepresented communities

in cybersecurity. Over time, the awards expanded to include Protective and Physical Security and, more recently, AI. However, last year, I encountered overwhelming resistance. Some dismissed the awards as merely a “feel-good event,” while others refused financial support due to our commitment to not sharing registrant details with sponsors. Additionally, some individuals clearly had their own agendas. This resistance was particularly devastating in New Zealand, where I had to make the heartbreaking decision to cancel the awards entirely.

In Australia, we are still fighting to keep the event alive. Every bit of support matters in bringing this essential initiative to the industry. The lack of backing was disheartening, but I refuse to let it define the awards’ future. These events are crucial, not just for recognition but for fostering a culture of inclusivity and visibility for women and underrepresented groups in security.

THE CHALLENGES OF RUNNING A SMALL BUSINESS

The resistance extended beyond the awards—it hit my small business hard. There were moments in 2024 when I genuinely believed it would be my last year as a business owner. Built from sheer hard work, tenacity, and passion, my business has been my life’s work. Yet, setbacks, financial strains, and a lack of industry support pushed me to the brink.

I even explored alternative career paths, applying for various roles in hopes of securing stability. The process was soul-crushing. Many times, I was told I was “too qualified.” Other times, I was simply ghosted—left without responses, even after interviews. The lack of basic professional courtesy was astonishing. Job searching in this industry is a daunting experience, one that many face but few openly discuss.

FINDING STRENGTH THROUGH SOLIDARITY

Despite these challenges, I am still here. I have chosen to embrace resistance—not as an enemy, but as an opportunity for reinvention. I am rethinking how to drive change and innovation in my work, how to rally support for initiatives that matter, and how to navigate this evolving industry.

With 20+ years of experience in IT security, I have worked as a salesperson, publisher, and marketer, dedicated to promoting and advancing the industry. My journey has been fueled by passion and resilience, and while the road has not been easy, I remain committed to making an impact.

However, I cannot do it alone. I need solidarity. I need the support of those who understand the struggle, who have faced rejection, and who have found ways to keep going. More importantly, I wonder about others in the industry—those who have sent out hundreds of applications with no responses, those who have felt abandoned in their career transitions, and those who, despite it all, found their people and their mentors to help them through.

How did you cope? Did you find the support network that reignited your passion? Or are you still searching for it, as I am?

This journey is not just mine—it belongs to all of us who have faced resistance, who have fought through adversity, and who still believe in the power of perseverance. Together, we can turn resistance into strength, rejection into resilience, and uncertainty into opportunity.

AMANDA-JANE TURNER

Cybercrime is big business, thanks to technical advancement and interconnectivity creating more opportunities. This regular column will explore various aspects of cybercrime in an easy-to-understand manner to help everyone become more cyber safe.

COLUMN

Criminals target the grieving

Criminals can exploit any vulnerability or distraction, whether it be an unlocked door, unpatched software or global disasters and events. A current, and prolific, cyber-enabled fraud that not only exploits distracted people but is also appalling in its complete disregard for human suffering is one in which criminals take advantage of grief to defraud people.

Funerals and memorial services are increasingly being livestreamed to allow geographically dispersed family and friends to attend. And they are increasingly being exploited by criminals who use open source intelligence techniques to scour public domain information, online or in print, to gain information for their fraud campaigns. They then create fake online profiles and insinuate themselves into social media groups of family and friends of a deceased loved one, comment on the post of a person who has interacted with a funeral notice, or message the account that has posted the funeral notice.

There are public domain news accounts of legitimate funeral directors being contacted by grieving relatives and friends asking why they had to pay to attend the live stream of a memorial service, or to query the need to add their credit card to the web page so they could participate in the online service.

To steal money from mourners criminals create spurious links to live stream funerals which they then post on social media, send in messages to targeted people, or add to the family and friends group messages they have scammed their way into.

In addition to this type of fraud, criminals are creating pages referencing a funeral notice and claiming to be raising funds for the family, but raising funds only for themselves.

The Australian Government’s National Anti-Scam Centre has noticed an increase in reports of cybercrime exploiting grief since at least the end of 2023. This increase does not indicate this type of crime is new, only that more incidences are now being reported.

In Australia, please use the ReportCyber website to report cybercrime including this type of fraud. If you, or someone you know, has lost money from fraud, contact your financial institution as soon as possible and change any passwords that may have been compromised.

Please stay vigilant and be aware of how criminals exploit people for illicit gains. Stay safe everyone.

www.linkedin.com/in/amandajane1

www.empressbat.com

WHAT’S HER JOURNEY?

Blessing Ezeobioha

Digital forensics and Threat intelligence at TEknowledge

Blessing Ezeobioha never set out to become a cybersecurity professional. Her career began in digital marketing and social media management, where she spent five years helping brands establish their online presence. Her passion in crafting engaging content, driving business growth, and managing brand reputations in their digital space. But as she became more deeper into the world of online marketing, she became increasingly aware of the cybersecurity threats looming over businesses. Data breaches, identity theft, and financial fraud were not abstract risks; they were real and unfolding around her.

Then came the moment that changed everything. A client’s e-commerce business fell victim to a phishing attack that compromised thousands of customers’ sensitive information. The attack was meticulously crafted—an email impersonating a trusted vendor tricked the client into providing login credentials. The fallout was devastating: financial losses, reputational damage, and a broken trust that was nearly impossible to rebuild. That incident was a turning point for Blessing. Crisis communication was

not enough—she wanted to be on the frontlines of defense, ensuring businesses were protected before attacks could happen.

Determined to make the leap into cybersecurity, Blessing embarked on a structured learning journey. She enrolled in the Cisco Skills for All program and later joined the Tech4Dev Women Techsters Fellowship, where she gained hands-on experience in areas like ethical hacking, cryptography, and virtualisation. What made this transition even more remarkable was that she undertook it while three months postpartum. Balancing the demands of a newborn with intensive technical training required immense dedication, resilience, and an unshakable belief in her ability to succeed.

“Every milestone I achieved—whether it was mastering a new cybersecurity tool or completing a challenging certification—was not just a professional win but a personal triumph,” Blessing reflects. Her perseverance paid off, leading her to roles at Cyblack Org and later at TeKnowledge, where she now thrives as a Security Analyst.

Breaking into a male-dominated field was not without its challenges. Proving her technical competence in cybersecurity required continuous learning, hands-on experience, and the determination to push past selfdoubt. She recalls moments of imposter syndrome, questioning whether she could truly thrive in such a fast-paced, technical field. “I overcame those doubts by focusing on incremental learning, breaking down complex concepts into manageable parts, and leaning on my mentors and peers for guidance.”

Working in a 24/7 Security Operations Center (SOC) presents its own challenges. The pressure to analyse security alerts, make rapid decisions, and ensure comprehensive threat detection is relentless. Yet,

Blessing embraces the intensity, knowing that her work has a tangible impact on safeguarding digital environments. “The most fulfilling part of my role is knowing that I help protect businesses from emerging threats. Every incident I mitigate, every vulnerability I uncover—it all contributes to making the digital world a safer place.”

She is also deeply passionate about mentoring and knowledge-sharing, helping newcomers navigate the complexities of cybersecurity. “Seeing others grow and gain confidence in their abilities is incredibly rewarding,” she says.

Looking ahead, Blessing anticipates that AI-driven threat detection, cloud security, and regulatory compliance will shape the future of cybersecurity. Her experience with cloud migrations and security monitoring has positioned her well to contribute to these evolving challenges.

Maintaining a work-life balance has been crucial in her journey, especially as a mother. She credits her husband’s unwavering support for helping her navigate the demanding cybersecurity landscape while ensuring she remains present for her family. “Cybersecurity may be intense, but with the right balance and support, women can excel without compromising their personal lives.”

Her story is one of resilience, transformation, and purpose. From digital marketing to cybersecurity, Blessing Ezeobioha has redefined her career, proving that with determination and passion, new paths can always be forged. “This journey has taught me that growth comes from embracing challenges. Cybersecurity wasn’t my starting point, but it is, without a doubt, my calling.”

www.linkedin.com/in/blessing-ezeobioha-

Mokutima Akpan

GRC

Analyst

Mokutima Akpan’s cybersecurity was anything but conventional. Unlike those who had an early spark for the field, her journey started after her brother introduced her to the concept of tech.That single gesture ignited a curiosity that would eventually lead her to a career in Governance, Risk, and Compliance (GRC) and Open-Source Intelligence (OSINT).

“I didn’t wake up one day knowing cybersecurity was my passion. It was a gradual process,” she recalls. It wasn’t until 2022, during her third year at university, that she officially began exploring the field. Juggling a full-time course load while navigating an entirely new domain was a challenge, but her persistence paid off. The turning point came in her final year when she joined a mentorship program led by a cybersecurity thought leader. That experience not only provided her with direction but also introduced her to GRC—a niche that would define her career.

After completing her studies, Mokutima set her sights on the CyberGirls Fellowship. She didn’t get in on her first attempt, but she didn’t let that deter her.

Instead, she reapplied after graduation, and when she finally earned her place in the program, it became a defining moment. “The fellowship gave me hands-on experience, real-world projects, and the opportunity to collaborate with brilliant minds across Africa.” It was here that she honed her expertise and found her footing in the cybersecurity space.

Despite her growing success, there were moments of doubt. “There were days when I felt overwhelmed and questioned if I had what it took to succeed,” she admits. But she found strength in the CyberGirls mantra: “I am a voracious learner, so nothing is too difficult for me to master.” Those words became her anchor, reminding her that persistence and adaptability were key to overcoming challenges.

As a professional, Mokutima remains keenly aware of the evolving threat landscape, particularly the rise of AI-powered phishing attacks. She points out how artificial intelligence has made phishing scams more sophisticated, removing telltale signs like poor grammar and generic messaging. “We’re seeing phishing campaigns created in minutes with AI, making them nearly indistinguishable from legitimate communication,” she warns. To combat these threats, she emphasizes the need for organizations to leverage AI-driven security solutions, enforce multifactor authentication, and educate employees on evolving cyber threats.

Beyond technical expertise, Mokutima believes that career growth extends beyond remuneration. When considering job opportunities, she prioritizes team dynamics, leadership support, and opportunities

for continuous learning. “A strong support system and professional development opportunities are just as important as a good salary.” For her, work-life balance is also a key factor, ensuring longevity and sustainability in such a demanding industry.

Reflecting on her journey, she acknowledges the pivotal role of mentorship, her brother’s unwavering support, and the CyberGirls community in shaping her career. “The people I’ve met along the way have been just as important as the knowledge I’ve gained. Their encouragement has kept me going even in the toughest times.”

For those transitioning into cybersecurity from other fields, Mokutima’s advice is clear: “Don’t overthink it—just start. Take it one step at a time.” Coming from a background in political science and public

administration, she understands the challenges of breaking into a new industry. She encourages newcomers to stay curious, follow industry leaders, and most importantly, put themselves out there. “Brand yourself, share your journey, and stay authentic. The right opportunities will come when you’re consistent and intentional about growth.”

Her journey is a testament to resilience, continuous learning, and the power of a strong support system.

As she continues to carve her path in cybersecurity, one thing is certain—Mokutima Akpan is just getting started.

www.linkedin.com/in/mokutima-akpan-72a9a0269

x.com/AkpanMokutima

Tomi Olaiya

Cyber Security

Analyst

Tomi Olaiya’s cybersecurity pathway was shaped by curiosity and a eager drive to understand the vulnerabilities hidden within lines of code. What started as an effort to improve her programming skills quickly evolved into a fascination with security.

“The more I read and understood codes written by developers, the more security became a concern to me, and that piqued my interest,” she recalls. Her natural inquisitiveness led her to research vulnerabilities and explore cybersecurity beyond coding. The defining moment in her journey came when she became a beneficiary of the CyberGirls program, which provided her with a structured learning approach and a clearer path into the field.

With a strong foundation built on self-study and formal training, Tomi has remained unwavering in her pursuit of cybersecurity excellence. “I always had a clear vision of a specific role, and I drew a roadmap to get there,” she says. Unlike those who stumble upon cybersecurity organically, her journey has been intentional and meticulously planned. She understands that passion alone isn’t enough—it

must be supported by structure and actionable goals. “Knowing what you want isn’t enough. Setting plans on how to achieve your goals is very crucial,” she emphasises.

The cybersecurity landscape is ever-evolving, and Tomi is well aware of the challenges it presents. She foresees AI-enhanced threats becoming more sophisticated in the coming years. “Currently, there’s a good number of AI-enhanced threats, but I believe they’ll be more impactful in the coming years,” she warns. Staying ahead requires continuous learning, and Tomi is committed to staying updated. She begins her mornings by reading cybersecurity news and listens to podcasts in her free time. “The world is moving fast, and there’s always something new and exciting to learn,” she says.

Beyond technical expertise, Tomi values workplace culture and career development opportunities. When considering a job offer, she looks beyond remuneration. “It’s important that the environment helps my career development, has a clear career progression path, and offers opportunities to work on challenging projects,” she explains. She believes that growth stems from tackling difficult problems and expanding one’s capabilities through meaningful work.

Her journey has been shaped by influential mentors, supportive communities, and her affiliations

“I always had a clear vision of a specific role, and I drew a roadmap to get there.”

with organisations such as WiCyS (Women in Cybersecurity) and the CyberGirls Alumni community. Through these networks, she has gained access to workshops, mentorship, and invaluable networking opportunities. “From these communities, I have gotten access to workshops for professional growth, mentorships, the opportunity to network, and so much more,” she shares.

Despite the demands of cybersecurity, Tomi prioritises maintaining a work-life balance. “I take breaks most weekends to relax and focus on my

hobbies,” she says. Music plays a significant role in her downtime—singing and writing songs help her unwind and recharge.

For those transitioning into cybersecurity from other fields, Tomi offers practical advice: embrace continuous learning, build a structured plan, and remain adaptable. She believes that every background brings a unique perspective and that determination can pave the way for success. With a clear vision, a structured approach, and an unyielding passion for security, Tomi continues to carve out her place in the industry, proving that persistence and preparation are key to thriving in cybersecurity.

“I always had a clear vision of a specific role, and I drew a roadmap to get there.”

www.linkedin.com/in/tomi-olaiya

Ifound purpose in cybersecurity, and I can’t imagine pursuing a different career.”

For Phidlorah Mcharo, the road to becoming a Security Operations Center (SOC) Analyst began in high school, where she was one of only seven students who chose to study computer studies in a girls-only school. While others shied away from the subject, she embraced the challenge, unknowingly setting the foundation for a career in cybersecurity.

Back then, cybersecurity wasn’t offered as a standalone degree in Kenya, so she pursued a Bachelor of Science in Mathematics and Computer Science. Determined to break into the field, she actively sought opportunities that would bridge the gap between her academic background and her passion for cybersecurity.

Her first exposure to IT infrastructure came through a Network & Infrastructure internship at the ICT Authority of Kenya. That experience ignited her curiosity about how systems are secured and led her to enroll in the Women in Cyber mentorship program

at Strathmore University. It was here that she gained a deeper understanding of cybersecurity’s many domains and the role she could play in defending digital assets.

Eager to build hands-on skills, Phidlorah joined the Cybergirls Internship program, where she trained in vulnerability assessment and penetration testing. Her passion for defensive security pushed her to further refine her skills through Cybershujaa’s security analyst training and, later, the Cyblack SOC Academy. Here, she developed practical expertise in monitoring security alerts, fine-tuning SIEM tools, and conducting effective incident response. While still in the SOC Academy, she specialised further in incident response through the HerCyberTracks program, where real-world cyber drills sharpened her ability to mitigate attacks.

Each phase of her journey transformed her from an enthusiastic learner into a skilled professional. “There’s something about protecting digital assets and people from cyber threats that deeply resonates with me,” she says.

Phidlorah Mcharo

Internship at cyblack

“If I could go back and give my high school self advice, I’d say: start early, take every opportunity to learn, and don’t fear failure. The hardest moments often lead to the greatest growth.”

The early stages of her career were pivotal. Mentorship provided direction, while hands-on training solidified her technical foundation. Phidlorah credits initiatives like Women in Cyber, Cybergirls, and Young CISO Network for giving her both the skills and the confidence to excel in a male-dominated industry. Recognising the power of networking and personal branding, she actively shared her insights and experiences online, using LinkedIn to connect with professionals and uncover opportunities.

“If I could go back and give my high school self advice, I’d say: start early, take every opportunity to learn, and don’t fear failure. The hardest moments often lead to the greatest growth.”

Looking ahead, Phidlorah sees artificial intelligence reshaping cybersecurity. AI-driven playbook automation and machine learning models will make security operations more efficient, yet human analysts will remain critical. “AI won’t replace SOC analysts; it will empower them to focus on critical thinking and strategic response.” She also predicts an increase in AI-generated malware, deepfake attacks, and prompt injection threats, which will challenge security professionals in unprecedented ways.

As she continues advancing in her career, Phidlorah is focused on deepening her expertise in threat intelligence, malware analysis, and incident response. She has her sights set on certifications like GCIH, GSOC, CySA+, and BTL1, all of which will strengthen her technical capabilities. For her, career progression is about more than just remuneration. She evaluates opportunities based on alignment with her longterm goals, company culture, mentorship potential,

and work-life balance. “Burnout is real in this field. A workplace that values learning, collaboration, and wellbeing makes all the difference.”

Several individuals have influenced her journey, including Confidence Staveley of Cybersafe Foundation, Dr. Iretioluwa Akerele of Cyblack, and malware researcher Dr. Josh Stroschein. Their mentorship and shared knowledge have shaped her approach to cybersecurity and inspired her to one day give back to the community in the same way.

For those transitioning into cybersecurity, Phidlorah offers candid advice: “This isn’t a get-rich-quick scheme. It takes dedication, patience, and a continuous learning mindset. Cybersecurity is tough, but persistence will take you far.” She emphasises the value of transferable skills, integrity, and ethics, reminding aspiring professionals that their decisions can impact entire organisations.

“Dream big and be intentional with your time. If your dreams don’t scare you, they aren’t big enough.”

With unwavering determination and a passion for securing digital landscapes, Phidlorah Mcharo stands as a testament to the power of perseverance, continuous learning, and the impact of community in wcybersecurity.

www.linkedin.com/in/phidlorah-mcharo-cybersecurity

x.com/Iam_Mcharo

Tracy Goodhue Founder, More Good Solutions

Tracy Goodhue’s spent twenty years managing creative projects, she found herself leading initiatives for a government contractor developing a cybersecurity risk assessment dashboard. The complexity of data protection immediately captivated her. “I was drawn in by the intricate puzzle of data and the challenge of protecting sensitive information,” she reflects. That pivotal moment transformed her career trajectory, pushing her to proactively help organisations manage cybersecurity risks before they materialised.

Determined to deepen her knowledge, Tracy immersed herself in certification courses and connected with groups that champion women in cybersecurity. Initially, she focused on Governance,

"Turning adversity into an opportunity to lead and innovate was a game changer for me."

Risk, and Compliance (GRC), a field she saw as an entry point that allowed her to sidestep the intimidation of technical aspects. However, as her confidence and expertise grew, her interests expanded into cybersecurity architecture— where creative problem-solving and technical challenges intersect.

Tracey took an unexpected turn when she encountered accessibility barriers firsthand due to an employer’s information security policy. Realising she wasn’t alone in this struggle, she founded More Good Solutions, a company dedicated to addressing overlooked accessibility challenges in cybersecurity. “Turning adversity into an opportunity to lead and innovate was a game changer for me,” she says.

In addition to founding More Good Solutions as her side-gig, Tracy unexpected found herself managing an IT department for Hedrick Brothers Constructions. “I was brought in as an IT specialist to deepen my skills in the technical side of IT. However, after the unexpected passing of the department director, I was asked to lean into my project manager skills and lead the department to keep operations running.”

Tracy’s approach to professional growth has always been hands-on. She immersed herself in self-study, attended networking events, and sought guidance from experienced mentors. But above all, she remained open to new opportunities, even those outside her comfort zone. “Saying ‘yes’ to unexpected opportunities has been key to my growth,” she emphasises.

If she could advise her younger self, Tracy would encourage exploring cybersecurity earlier and embracing technical challenges head-on. Though she had an initial interest in computer programming during college, she let it go, only to find herself returning to technology later in life. Yet, she doesn’t view these detours as missteps. “Every twist in my career has given me a unique perspective,” she says. Her diverse experiences have helped her develop the empathy and problem-solving skills that are invaluable in cybersecurity today.

Looking ahead, Tracy sees artificial intelligence (AI) as a transformative force in cybersecurity. While AI offers unprecedented advancements in threat detection and response, she also warns of the risks that come with it. “We need to be thoughtful about its use—AI presents as many challenges as it does opportunities,” she says.

When evaluating career opportunities, Tracy prioritises purpose over paychecks. She seeks roles that offer creative freedom and the chance to make a tangible difference, particularly in addressing accessibility in cybersecurity. “It has to feed my soul,” she says. Even less-than-ideal roles, she believes, can be valuable stepping stones that build problemsolving and leadership skills.

Her commitment to staying at the forefront of cybersecurity is unwavering. Tracy continuously

"Your previous experiences— whether in project management, marketing, or anything else— are assets."

learns through trusted mentors, industry publications, podcasts, and professional training. She is an active member of Women in Cybersecurity (WiCyS) and a founder of the Florida Chapter of Women in Security & Privacy (WISP), where she fosters conversations on inclusivity and accessibility in the industry. “These organisations have expanded my network and deepened my understanding of the field,” she shares.

For those transitioning into cybersecurity from other fields, Tracy offers three key pieces of advice: embrace your unique background, commit to lifelong learning, and be open to unexpected opportunities. “Your previous experiences—whether in project management, marketing, or anything else—are assets,” she says. Her own journey is a testament to the power of adaptability and purpose-driven leadership. Through More Good Solutions, she continues to push for a more inclusive cybersecurity landscape, proving that advocacy and innovation go hand in hand.

“I’m not just managing risk—I’m making the digital world more accessible for everyone.”

www.linkedin.com/in/tracygoodhue

Cybersecurity Analyst, Penetration Tester

There’s nothing you can’t achieve if you set your mind to it. Be bold, put yourself out there, and pursue your dreams with confidence.”

From the streets of Lagos, Nigeria. Blessing Isaiah's cybersecurity began with a deeply personal experience that left a lasting mark on her. A social engineering attack, targeting her when she was urgently trying to buy a laptop, turned into a defining moment. Falling victim to the scam was devastating—she remembers crying and feeling vulnerable. But rather than let that experience defeat her, she made a promise to herself to understand how to stay safe online. That initial spark of curiosity soon evolved into a passion, transforming from a personal need for security to a mission to protect others in the digital world.

“My interest has grown from just wanting to protect myself to wanting to educate others, contribute to cybersecurity research, and inspire more women to join this ever-evolving industry.”

Determined to turn her passion into a professional pursuit, Blessing took pivotal steps that set her on the right path. Joining the Cybersafe Foundation was

a turning point, as it connected her with like-minded individuals and mentors who provided guidance and encouragement. Surrounded by people who shared her aspirations, she was able to transform her interest into a career.

Navigating the cybersecurity industry has not been without its challenges. As a Black woman in a maledominated field, Blessing often feels the pressure to constantly prove herself. “There’s an expectation to always deliver my very best,” she acknowledges. “To navigate this, I focus on continuous learning, building my skills, and demonstrating my value through results.” Instead of letting these challenges deter her, she uses them as motivation to break barriers and pave the way for others.

One of the defining moments in her journey was when she was given a system to hack into. She worked tirelessly through the night but couldn’t figure it out, leaving her frustrated and filled with doubt. For weeks, she questioned whether she belonged in the field. But rather than give up, she changed her approach—she took a step back, conducted more research, and within two hours, successfully broke into the system. “That moment changed everything for me. It taught me the importance of persistence and preparation.”

"I used to believe cybersecurity was meant only for men, but that changed the day I came across Confidence Stavely’s post on Instagram. Her words shifted my mindset and made me realise my dreams are valid.”

From the outset, Blessing was drawn to problemsolving. When she discovered penetration testing, she knew it was the right path for her. “It felt like the perfect fit for my interests and skills, and I’ve been focused on it ever since.” She believes that a strong problem-solving mindset and a willingness to learn are essential foundations for a career in cybersecurity.

Looking ahead, Blessing anticipates that artificial intelligence and cloud computing will significantly impact the cybersecurity landscape. While these advancements bring exciting opportunities, they also introduce new threats. "Phishing will continue to be one of the most widely used attack vectors, and AI will likely become a powerful tool for attackers, refining and executing more attacks." She states the importance of educating users on emerging technologies and their risks. "Anything we share or create online can potentially be used against us."

Beyond technical expertise, Blessing values workplace culture when considering career advancements. “I strongly believe in treating people with respect and understanding. Being in a place where I am valued will always be a priority for me.” Her biggest influence in cybersecurity has been Confidence Stavely. “I used to believe cybersecurity was meant only for men,

but that changed the day I came across Confidence Stavely’s post on Instagram. Her words shifted my mindset and made me realise my dreams are valid.”

Blessing finds fulfillment in penetration testing and cybersecurity research, constantly striving to make her become more expertise. Maintaining work-life balance, particularly in a demanding industry, is crucial. "I prioritise my tasks effectively, ensuring that I dedicate time to both my professional development and personal life."

For those transitioning into cybersecurity from other backgrounds, her advice is clear: “Focus on understanding the problem you’re trying to solve and how your efforts can impact an organisation. Be bold, put yourself out there, and pursue your goals with confidence. The journey won’t be easy, but every effort and time you invest is worth it. Have a positive mindset and enjoy the process.”

www.linkedin.com/in/blessing-isaiahgithub.com/B-isaiah

Ellaina Kriketos

Junior Cyber Security Advisor at RightSec

From an early age, Ellaina Kriketos was captivated by the problem-solving elements of criminal investigation. Preventing harm and empowering people with knowledge about self-protection, particularly online, was a passion that only deepened as she learned more about cybercrime’s potential for destruction. Her fascination grew as she observed the stark differences between organisations with mature cybersecurity frameworks and those without. This realisation ignited her determination to enter the field and play a role in fortifying cyber defenses. Now, as a Junior Cyber Security Advisor, she finds herself in a profession that blends all her interests— helping businesses strengthen their security posture while protecting them from the cunning tactics of cybercriminals.

“I’ve never been more certain of my career path in cybersecurity, and I can confidently say that this is where I belong.”

Ellaina’s journey into cybersecurity was not a linear one. Without a technical background, she initially questioned whether she belonged in an industry

so heavily rooted in technology. Her degrees in marketing and forensics provided her with a foundational understanding of various technologies, but doubts crept in about whether her skills were enough. However, as she delved deeper into the field, she discovered that cybersecurity is vast and diverse, offering avenues for individuals with different skill sets. Governance, risk, and compliance (GRC) became her niche, leveraging her problem-solving abilities, communication skills, and keen attention to detail. Through this realisation, she learned one of the most valuable lessons of her career—success in cybersecurity isn’t about focusing on the skills one lacks, but rather about leveraging the strengths one brings to the table.

“Rather than focusing on the skills I lacked, I needed to shift my perspective and take advantage of the skills I have and all the knowledge I had gained.”

The absence of a predefined career path did not hinder her progress. From the outset, she knew she wanted to help people and organisations operate securely and effectively. Conversations with mentors steered her toward consulting, specifically in GRC. What began as an open-ended interest in cyber threats gradually evolved into a focused pursuit, with business continuity and critical infrastructure security at the heart of her ambitions.

A defining moment in her career was her involvement in the MentorMe program, designed for women in technology. Through this initiative, she was paired with a mentor who exposed her to industry professionals, offering her the opportunity to explore different cybersecurity roles. The program culminated in her speaking at the Women in Digital Awards, where she shared her experiences and insights. These connections proved invaluable, ultimately leading her to her current role at RightSec.

“Your network is your net worth. The connections I built through mentorship and industry events have played a pivotal role in getting me to where I am today.”

Ellaina is particularly invested in understanding how emerging technologies, particularly artificial intelligence, are reshaping the cybersecurity landscape. While AI offers tremendous advancements, it also introduces new threats— especially in critical infrastructure. Through her research in the energy sector, she has observed how interconnected vulnerabilities make this domain an attractive target for cybercriminals. What concerns her most, however, is not just the threat posed by malicious actors but also the lack of awareness among everyday users. Without proper education on safe and ethical AI practices, the risk of unintended security breaches continues to rise.

“Education and awareness, both personally and professionally, are paramount in strengthening our defenses against the risks that come with adopting revolutionary technologies.”

Despite the challenges that come with working in cybersecurity, Ellaina thrives on contributing to her team at RightSec, bringing fresh ideas and perspectives, and seeing her input make a tangible impact. Knowing that her work directly influences organisations’ ability to defend against cyber threats is deeply rewarding. Moreover, the respect and recognition she receives from her peers reaffirms her confidence in the value she brings to the industry.

Looking to the future, Ellaina sees cybersecurity as an evolving field that demands continuous learning. She emphasises that entering the industry sooner rather than later is crucial, especially given the rapid adoption of AI and automation. She is also a strong

“Rather than focusing on the skills I lacked, I needed to shift my perspective and take advantage of the skills I have and all the knowledge I had gained.”

advocate for choosing a specialisation that aligns with one’s passion, as staying engaged and driven is key to long-term success.

“The learning never stops in this field. Choose an area you’re passionate about—it will keep you engaged, motivated, and ahead of the curve.”

For those considering a career in cybersecurity, Ellaina’s advice is clear: Start early, build a strong network, and don’t be afraid to take advantage of mentorship opportunities. Above all, she encourages aspiring professionals to trust in their journey and analyse the unique value they bring to the field. Her own path into cybersecurity was shaped by adaptability, resilience, and the willingness to embrace every learning opportunity that came her way—qualities that continue to guide her as she navigates the future of cybersecurity.

www.linkedin.com/in/ellaina-kriketos

Chisom Obinna

Cyber Security Analyst at cyblack

Chisom Obinna’s cyber security path was not a great start. From an early age, she had a deep curiosity about technology. After completing her West African Senior School Certificate Examination, she took on roles as a computer operator, IT support technician, and computer instructor. These experiences made her problemsolving skills become her passion for technology. Yet, it wasn’t until she recognised the increasing necessity to safeguard digital assets that she pivoted her focus to cybersecurity. "I became increasingly aware of the growing need to protect advancing technology," she reflects. This realisation set her on a path of continuous learning, certifications, and professional growth.

Taking strategic steps to build her career, Chisom applied for internships, scholarships, and training programs specifically designed for women in cybersecurity. One defining moment was securing a full scholarship for the AWS CloudUp-for-Her initiative, allowing her to earn her AWS Certified

Cloud Practitioner certification. “That program was a turning point for me,” she shares. She also immersed herself in professional communities, volunteered, and attended industry conferences and training, seizing every opportunity to expand her knowledge and network.

Like many professionals, Chisom encountered moments of uncertainty. Initially, she explored other tech fields, including mobile app development and data analysis. “I remember paying for a mobile app development course on Udemy and recently uninstalled Power BI from my system,” she laughs. However, a recommendation to take Cisco’s “Introduction to Cybersecurity” course became a pivotal moment. The field’s dynamic nature and demand captured her interest, and with encouragement from role models like Dr. Iretioluwa Akerele and Confidence Staveley, she found the confidence to stay the course.

Early in cyber security learning, Chisom did not have a clear vision of her career path. As she delved deeper, she realised the vast opportunities within cybersecurity—from Security Operations Centers (SOC) to Governance, Risk, and Compliance (GRC). However, as cloud technology continued to evolve, she developed a strong passion for cloud security. "With the growing shift to cloud technology, I decided to focus on this area," she explains.

If given the chance, Chisom would advise her younger self to start with the basics. "Don’t rush or spread your energy too thinly. Understanding networking and how systems work is fundamental before learning how to protect them," she emphasises. This foundational knowledge has been instrumental in her growth, and she encourages aspiring cybersecurity professionals to prioritise networking skills as a stepping stone into the field.

Looking ahead, Chisom aims to obtain the CompTIA Security+ certification, which she views as an essential requirement for cybersecurity professionals. Additionally, she sees great value in cloud security certifications such as AWS Solutions Architect, AWS Security Specialty, and Microsoft Cybersecurity Operations certifications.

As she evaluates the future of cybersecurity, Chisom predicts that emerging threats will become even more interesting. "CEO fraud and deepfakes will be major threats. AI is advancing, and attackers will use it to refine their techniques," she warns. To stay ahead, she remains committed to continuous learning, subscribing to cybersecurity newsletters, listening to industry podcasts, and participating in training programs.

Her affiliations with professional organisations such as the SANS Institute, Nexascale, CyBlack, Tech4Dev, AWS West Africa Cloud User Group, and CybersecHaven have been invaluable. “These

communities provide job recommendations, training, and certifications that have greatly supported my professional growth,” she says.

For those transitioning into cybersecurity from different backgrounds, Chisom offers words of encouragement. “Rome wasn’t built in a day. Success in cybersecurity requires determination, dedication, and trust in the process.” She highlights the importance of both networking in terms of building relationships and understanding networking as a technical skill. “Joining communities, developing strong research skills, and connecting with professionals can make the journey smoother,” she advises. Starting with free online courses is a great way to explore the field, and once interest is confirmed, investing in structured training can provide a deeper understanding.

“Rome wasn’t built in a day. Success in cybersecurity requires determination, dedication, and trust in the process.”

Chisom Obinna’s journey is a testament to perseverance, continuous learning, and the power of community. Her story is not just one of personal growth but also of inspiration for other women looking to break into cybersecurity. “Take one step at a time and focus on building a strong foundation rather than rushing to learn everything at once,” she advises. In an industry that is constantly evolving, her resilience and dedication serve as a beacon for aspiring cybersecurity professionals.

www.linkedin.com/in/chisom-obinna-

Abisola Olorunnishola

Cyber Security Analyst

"CYBERSECURITY BECAME SOMETHING I COULDN’T LET GO OF, NO MATTER WHERE I FOUND MYSELF.”

Abisola Olorunnishola’s first started cyber security when unexpectedly her mother hired a private tutor to teach her. What started as a simple introduction to the field soon became an enduring passion.

As she realised that cybersecurity was more than just a subject to study—it was something she was naturally drawn to. This led her to dedicate herself to continuous learning and hands-on practice, shaping her into the cybersecurity professional she is today.

Recognising that cybersecurity was her calling, Abisola took deliberate steps to transform her interest into a professional pursuit. While her tutor laid the foundation, she took full ownership of her learning, proactively seeking out resources and staying up to date with industry trends. By focusing on building a strong technical foundation, she developed confidence in her abilities and established herself in the field.

“I’VE

LEARNED TO PUT LESS PRESSURE ON MYSELF AND TAKE THINGS ONE STEP AT A TIME.”

One of the biggest challenges Abisola has faced in her career is keeping up with the ever-evolving landscape of cybersecurity. The constant influx of new threats, technologies, and methodologies can be overwhelming. To navigate this, she adopted an approach of steady, consistent growth rather than rushing to keep up with everything at once. By focusing on incremental learning and allowing herself room to grow, she has found a balance that keeps her motivated without leading to burnout.

Despite her deep passion for cybersecurity, Abisola has experienced moments of uncertainty. Her curiosity extends beyond cybersecurity, and there have been times when she considered exploring other career paths. However, each time she stepped back to engage in other interests, she found herself naturally drawn back to cybersecurity. This reaffirmed her belief that she was meant to be in the field.

“I LOVE THE FACT THAT I AM KNOWLEDGEABLE IN MORE THAN ONE AREA AND CAN APPLY MY SKILLS ACROSS DIFFERENT DOMAINS.”

Abisola’s journey in cybersecurity has been dynamic. Interested in penetration testing, she

“I love the fact that I am knowledgeable in more than one area and can apply my skills across different domains.”

later transitioned to blue team operations and is now exploring Governance, Risk, and Compliance (GRC). She appreciates the depth of cybersecurity and enjoys being able to apply her skills across multiple domains. Rather than limiting herself to one specific niche, Abisola embraces the versatility that cybersecurity offers.

Reflecting on her younger self, she has no regrets. However, if she could offer advice, she would remind herself to take things easy and trust the process. Life doesn’t always go as planned, and yet, the unexpected turns have led her to a fulfilling career she never originally imagined for herself.

“HUMANS ARE THE BIGGEST THREAT TO CYBERSECURITY, AND THAT WILL CONTINUE TO EVOLVE OVER THE YEARS.”

Looking ahead, Abisola anticipates that artificial intelligence and cloud computing will continue to reshape the cybersecurity landscape. AI-powered attacks are becoming more sophisticated, posing new challenges for organizations. However, AI also presents defensive opportunities, enhancing threat detection and prevention capabilities. At the same time, social engineering attacks, phishing, and insider threats will remain significant concerns, reinforcing the need for robust cybersecurity awareness and defense strategies.

When evaluating career advancements, Abisola looks beyond salary. She values environments where she feels respected, supported, and provided with opportunities for growth. Company culture,

“I’ve learned to put less pressure on myself and take things one step at a time.”

work-life balance, and professional development opportunities are crucial factors in her decisionmaking process. She seeks roles where she can make a meaningful impact while continuing to evolve as a cybersecurity professional.

“I’M

GRATEFUL FOR THE DAY I MET HIM.”

Throughout her journey, mentorship has played a big role. Abisoye Ogunniyan, a key figure in her professional life, has provided her with insights and lessons that many mentors might not share. His guidance has broadened her perspective on cybersecurity, equipping her with both technical expertise and a deeper understanding of the industry.

Abisola Olorunnishola’s journey implies the power of curiosity, perseverance, and adaptability. From an unexpected introduction to cybersecurity to becoming a dedicated professional, her story highlights the importance of continuous learning and embracing the ever-changing nature of the field. With a passion that keeps her coming back, she is set to leave a lasting mark in the world of cybersecurity.

www.linkedin.com/in/abisolaa

Nike Nsikak-Nelson

Cyber security professional

"Cybersecurity once felt like an illusion to me—something abstract and distant. Today, it’s my passion and profession.”

Nike Nsikak-Nelson never imagined herself in cybersecurity. In fact, she initially dismissed the field entirely. She was more fascinated by physical security and couldn’t grasp the concept of cyber threats or cybercriminals. “It all sounded like a made-up story,” she recalls. But everything changed when she married someone deeply passionate about cybersecurity. Observing his work sparked curiosity in her, and she began to realize how intertwined cybersecurity was with the real world.

Her initial steps into the field weren’t easy. “The concepts were overwhelming, and the technical jargon in books made it even more challenging,” she

admits. Determined to push through, she enrolled in an online boot camp. Getting accepted was a moment of excitement, and from that point on, she dedicated herself entirely to learning. She attended every class, completed every assignment, and asked countless questions—even the ones she feared were too basic. Her commitment paid off, transforming skepticism into a passion that would define her career.

Nike’s transition from interest to profession was a deliberate journey. As she neared the end of her boot camp, she took on multiple internships to gain hands-on experience. “I was fortunate to be accepted into one of the most outstanding programs, though I had to turn down other opportunities to focus entirely on it,” she shares. Over three intense months, she delved into Cyber Threat Intelligence, Cloud Security, Governance, Risk, and Compliance (GRC), Ethical Hacking, and Security Operations.

“One of the most transformative moments for me was realizing that theoretical knowledge alone wasn’t enough—I needed hands-on experience,” she says. She began building labs, testing security tools, and simulating cyber threats. Encouraged by her husband,

she learned to research solutions independently rather than rely solely on guidance. Through relentless effort, she grew more confident and knowledgeable, even stepping into a mentorship role. “At first, I doubted whether I could guide others, but mentoring pushed me to deepen my knowledge further.”

Despite her progress, Nike faced significant challenges. The ever-evolving nature of cyber threats was one of them. “Just recently, I read about a phishing attack where the victim doesn’t even need to open an email to be compromised. It made me pause and reflect on how rapidly cybersecurity threats are advancing.” Staying ahead requires constant monitoring, learning, and adapting. Another challenge was communicating technical risks to non-technical stakeholders. “Technical jargon doesn’t always convey urgency. Learning business communication and stakeholder management has been crucial in bridging that gap.”

Imposter syndrome has also been a recurring challenge. “As I progress, there are moments I question whether I’m good enough. But talking to mentors and peers reassures me that growth comes through perseverance.” Additionally, working with teams that lack motivation can be frustrating, but Nike has developed leadership and communication skills to navigate such situations effectively. “Despite the challenges, I embrace them as opportunities for growth.”

Looking back, Nike acknowledges that her journey unfolded organically. She didn’t start with a clear cybersecurity career path but explored different domains to find her strengths. Initially drawn to Blue Teaming and Threat Intelligence, she later discovered a fascination for GRC. “By keeping an open mind, I naturally found my direction,” she reflects.

If she could advise her younger self, she’d emphasise starting early—learning technology basics, exploring programming, networking, and engaging in cybersecurity communities. “Hands-on practice makes all the difference,” she says. “I’d also stress the

“By keeping an open mind, I naturally found my direction,”

importance of AI in cybersecurity—it’s evolving rapidly and is critical for the future.”

For aspiring cybersecurity professionals in university, Nike highlights key areas: networking, system security, cryptography, cloud security, AI, and programming. “Beyond technical knowledge, handson experience through CTF competitions, internships, and certifications is vital,” she advises. Soft skills like critical thinking and communication are equally important for explaining security issues to nontechnical audiences and making strategic decisions.

“Cybersecurity is an evolving field, and staying updated is essential. Never stop learning, keep exploring, and embrace every opportunity to grow.”

From early on, she understood the importance of defining her own goals and ensuring that every step she took aligned with her aspirations. She has built her career with purpose, balancing personal growth, professional ambition, and a drive to contribute to the industry.

Looking ahead, Nike anticipates a cybersecurity landscape shaped by rapid advancements in AI-driven security solutions. “AI will help security teams identify and mitigate threats in real-time, reducing response times and improving overall defense strategies,” she notes. However, with these advancements come new challenges—particularly in quantum computing risks, which could break current encryption methods. She sees the rise of post-quantum cryptography as an inevitable response to this emerging threat.

The shift toward Zero Trust Architecture is another transformation she believes will be crucial. Organisations are moving beyond perimeter-based security models, implementing continuous verification

for users, devices, and connections. As AI becomes more integrated into security operations, she also foresees stricter regulatory policies and governance frameworks to ensure responsible AI use. “Ultimately, we are moving toward a highly automated, AIpowered, and smarter cybersecurity landscape,” she explains. “While this brings many benefits, it also demands continuous adaptation, regulation, and vigilance.”

However, technology alone is not the only factor shaping cybersecurity. Threat actors are also evolving, leveraging AI for more sophisticated attacks. “AI-powered phishing and deepfake social engineering are becoming major concerns,” Nike warns. Attackers are now able to impersonate executives and employees with near-perfect accuracy, making social engineering attacks more difficult to detect. The rapid evolution of ransomware, exploitation of Zero Trust misconfigurations, and cloud security vulnerabilities further complicate the landscape.

To address these growing threats, Nike stresses the need for proactive strategies. “Organisations must enhance AI-driven threat detection, improve social engineering awareness training, and strengthen multifactor authentication,” she advises. As cybercriminals grow more sophisticated, security professionals must stay ahead through continuous learning and adaptation.

Beyond technical expertise, Nike believes that career advancement in cybersecurity requires careful consideration of multiple factors. “A high salary alone is not enough,” she states. For her, the decision to accept a role extends to career growth opportunities, work-life balance, mentorship, and a company’s ethical reputation. “I prioritize organizations that support employee development, offer a flexible work environment, and align with my cybersecurity interests and goals.”

Nike’s career has been shaped not only by her own determination but also by the support of the cybersecurity community. Becoming a parent was a pivotal moment for her. “Seeing my daughter’s curiosity for technology inspired me to push myself

further,” she reflects. “I want to be a role model for her, to show her that women can thrive in this field.”

She credits the Women in Cybersecurity (WiCyS) community as a key part of her journey, providing networking opportunities, mentorship, and a sense of belonging in an industry where women are still underrepresented. “It’s empowering to connect with others who share similar challenges and aspirations,” she says.

For her future professional growth, Nike has her sights set on certifications that will deepen her expertise in cloud security, risk management, and compliance. She plans to pursue the CRISC (Certified in Risk and Information Systems Control) certification, alongside CISM, CEH, OSCP, and AWS Security. “These certifications will help me specialize in key areas and prepare for leadership roles,” she explains.

At the core of her journey is an unwavering commitment to growth—both personal and professional. Whether through self-reflection, learning from mentors, or seeking out new opportunities, Nike Nsikak-Nelson embodies the spirit of continuous evolution. “Cybersecurity is not just a career for me,” she says. “It’s a journey of learning, adaptation, and making an impact.”

www.linkedin.com/in/nike-nsikak-nelson

“Seeing my daughter’s curiosity for technology inspired me to push myself further. I want to be a role model for her, to show her that women can thrive in this field.”

Sponsor BECOME A

The 2025 Australian Women in Security Awards needs you as a key partner!

Each year, the awards grow in scale and impact, and this year will be no exception. However, as a small business, I rely on valued partners to help bring this event to life.

These awards are more than just a celebration—they are a catalyst for real change in the cybersecurity and protective security sectors. They shine a light on outstanding women, foster industry-wide inclusivity, and inspire the next generation. Your support would play a pivotal role in ensuring we continue this important mission.

Lets discuss how we can collaborate and tailor a partnership that aligns with your organisation’s goals. Reach out to Aby on aby@source2create.com.au or call 0415500580

Nancy Muriithi

Lead Cybersecurity Architect

Nancy Muriithi recalls. That curiosity ignited a career that would see her become a Lead Security Architect at Platcorp Group, securing organisations against evolving cyber threats. Technology fascinated her from an early age, but it was the challenge of uncovering vulnerabilities and understanding how systems could be exploited that truly drew her in. What began as a passion for ethical hacking evolved into a broader mission— building resilient security architectures and ensuring compliance with ever-tightening regulations.

The early years of her career were marked by deliberate efforts to sharpen her skills. She pursued technical certifications, including AWS Solutions Architect, and immersed herself in hands-on penetration testing. But beyond the technical realm, she sought out communities like SheHacks KE, where she trained and mentored aspiring cybersecurity professionals. “This blend of continuous learning, certifications, and industry involvement positioned me as a leader in the field,” she reflects.

As a Lead Security Architect, Nancy faces one of cybersecurity’s most complex challenges: balancing compliance requirements with practical security implementations. “Many organizations struggle with enforcing security policies without disrupting business operations,” she notes. Rather than treating compliance as a burden, she integrates security into business objectives, ensuring it is seen as an enabler rather than a hindrance. By leveraging automation and awareness programs, she has bridged the gap between security and usability, creating a culture where employees actively participate in protecting their organisation’s digital assets.

Like many professionals in fast-evolving industries, she has faced moments of doubt. Cybersecurity is competitive, and imposter syndrome can creep in. But Nancy navigated through these uncertainties by focusing on continuous growth—learning, networking, and surrounding herself with mentors and peers who kept her grounded. “Expertise is built over time,” she emphasises. “Surrounding myself with the right people helped me push past self-doubt.”

“Surrounding myself with the right people helped me push past self - doubt.”

If she could give her younger self advice, it would be simple: “Start early, stay curious, and embrace failure as part of growth.” She stresses that cybersecurity rewards persistence and hands-on learning.

“Certifications are great, but practical experience is invaluable. And never be afraid to challenge the status quo—some of the best professionals in this field are those who think outside the box.”

Looking ahead, Nancy anticipates AI-driven cyber threats and supply chain vulnerabilities will dominate the security landscape. Organisations will need to prioritize Zero Trust architectures, continuous threat monitoring, and compliance more than ever. “As someone deeply involved in Governance, Risk, and Compliance (GRC), I foresee stricter data protection regulations globally. Companies will have to refine their security postures to stay ahead.”

Her commitment to professional growth remains unwavering. Having recently earned her CISSP certification, she now encourages those looking to excel in cybersecurity leadership to pursue certifications like CISM, CISA, and cloud security credentials such as AWS Security Specialty or CCSP. “Cybersecurity leadership demands a mix of governance expertise and technical knowledge,” she advises.

What brings her the most fulfillment in her role?

“Empowering teams through cybersecurity training and awareness,” she says without hesitation. Watching individuals move from viewing security as a burden to actively incorporating it into their daily work is a rewarding experience. Beyond that, designing security strategies that protect businesses while enabling innovation gives her a deep sense of purpose.

Nancy is also acutely aware of the cybersecurity talent gap, particularly in GRC and cloud security. “The industry must rethink cybersecurity—not just as a technical field, but as a business enabler,” she asserts. While penetration testers and SOC analysts remain in demand, the need for professionals who understand compliance frameworks, cloud security, and automation is greater than ever.

“Many organisations underestimate the role of GRC in cybersecurity,” she explains. “Compliance isn’t just about ticking regulatory boxes; it forms the foundation of a strong security program.” With cloud adoption accelerating, she stresses that securing cloud environments is no longer optional. “Misconfigurations, weak API security, and data sovereignty concerns are real risks. Companies need professionals who can secure cloud-native solutions and integrate security into DevSecOps practices.”

Bridging the talent gap requires a multi-faceted approach: encouraging upskilling and certifications, promoting hands-on training through Capture-theFlag (CTF) challenges and bug bounty programs, and fostering diversity in hiring. “Women and underrepresented groups remain a small fraction of the cybersecurity workforce,” she acknowledges. “Initiatives like SheHacks KE and mentorship programs can help change that.”

For Nancy Muriithi, cybersecurity is more than a career—it’s a calling. Her mission is clear: to equip teams with the right skills while ensuring businesses remain resilient against ever-evolving threats. “Organizations that view cybersecurity as merely a compliance requirement are missing the bigger picture,” she states. “A holistic approach that integrates GRC, technical security measures, and a culture of security awareness is key. It’s time we rethink cybersecurity as a true business enabler.”

www.linkedin.com/in/nancy-muriithi

medium.com/@Muriithi_nancy

Valeria Villalobos Martinez

Senior Security Consultant

Valeria Villalobos Martinez’s earliest ambition was to become a chef, drawn to the precision and artistry of the culinary world. While the transition from the kitchen to cybersecurity might seem unexpected, both disciplines require an acute attention to detail, a deep understanding of complex systems, and a relentless drive to ensure safety—whether it’s the safety of diners or the security of critical data. Encouraged by her parents and guided by a desire to enhance communication and safety, she moved into telecommunications and, eventually, cybersecurity.

“I quickly realised the importance of building a strong foundation in networking and computing fundamentals,” she recalls. Self-learning played a crucial role in her early career, with extensive reading and free courses helping her navigate the vast field of cybersecurity. Six months into her first job in business continuity, she was selected for an overseas opportunity to witness a SIEM project implementation firsthand. This pivotal experience demonstrated how security principles come to life in real-world applications and reinforced her belief that practical experience was key to mastering the field.

“Don’t worry about being the best right away—just focus on learning and doing.”

One of the most significant challenges she faced was overcoming the expectation of perfection in cybersecurity. “The industry moves so fast that it’s impossible to know everything,” she explains. Managing client and colleague expectations became an essential skill, and she learned to balance technical expertise with clear communication. By setting realistic expectations and fostering an informed understanding of security complexities, she

successfully navigated high-pressure environments without succumbing to the stress of needing to have all the answers.

Like many in cybersecurity, Valeria has experienced moments of doubt. The field demands constant vigilance, and the pressure to remain on high alert can be exhausting. To manage this, she implemented strict working hours and developed strategies to maintain a healthy work-life balance. “I always prioritise exercise, spending time outside, and making sure I see the sun,” she says, emphasizing the importance of mental and physical well-being in a demanding industry.

Unlike those who enter cybersecurity with a defined career path, Valeria’s journey unfolded organically. She took an exploratory approach, diving into different areas of cybersecurity that piqued her interest. If a particular field intrigued her, she pursued it through self-study and hands-on experience, sometimes even accepting lower salaries in exchange for valuable learning opportunities. This adaptability has been instrumental in her success, allowing her to evolve with the industry’s ever-changing landscape.

For those considering a career in cybersecurity, Valeria advises prioritising curiosity over competition. “Don’t worry about being the best right away— just focus on learning and doing,” she suggests.

Understanding how cybersecurity fits into an organisation’s broader goals is just as important as technical expertise. She emphasises the value of communication skills, which are often overlooked but are critical in bridging the gap between security professionals and non-technical stakeholders.

Looking to the future, she anticipates that artificial intelligence will have a profound impact on cybersecurity, both as a tool for defense and a weapon for attackers. “AI will enhance threat detection and response, but it will also make cyber threats more sophisticated,” she warns.

The challenge lies in ensuring AI is used ethically while staying ahead of adversaries who leverage it for malicious purposes.

Beyond technical skills, Valeria values career growth opportunities, mentorship, and work-life balance when considering new roles. Certifications and qualifications, while useful, are not the sole measure of expertise in her eyes. “Certifications are a good entry point, but they’re not mandatory,” she says, preferring to focus on practical skills and continuous learning.

The most fulfilling aspect of her role? Helping organisations strengthen their security posture and, in turn, protecting their clients and users. “That’s what makes this work so rewarding,” she says. She stays ahead in her field by constantly engaging with new ideas, reading, and, most importantly, talking to others. “Two brains are better than one,” she emphasizes, highlighting the power of collaboration in cybersecurity.

For those transitioning into the field, Valeria recommends evaluating existing skills and mapping them to cybersecurity roles. Many competencies from other industries—problem-solving, critical thinking, or technical skills—are highly transferable. She advises new entrants to embrace learning, be open to entrylevel roles, and actively seek networking opportunities.

With her passion for security, commitment to learning, and unwavering adaptability, Valeria Villalobos Martinez continues to carve her own path in cybersecurity. Her journey is a testament to the idea that expertise is not about knowing everything— it’s about the willingness to learn, adapt, and grow.

www.linkedin.com/in/villalobosv

Banner Ads

Prime placement at the top or middle of key sections for high engagement

• Help sustain a publication that has made a difference in the lives of countless readers

• Amplify your brand’s visibility in the global security industry

• Be a part of our mission to inspire and empower professionals worldwide

Full-Page

Showcase your brand with Listings

Showcase your company in the Women in Security Magazine's exclusive directory—connecting you with industry leaders and innovators.

Audience Snapshot

Bi-Monthly Circulation 5,000+ readers globally

You to HELP Us Lights On

Opportunities

options to suit your needs, including:

Partner Magazine Ownership Opportunity

Align your brand with industry excellence and innovation by partnering with Source2Create. Receive exclusive ownership recognition for Women in Security Magazine, delivered on your behalf as the sole partner of this prestigious publication.

REQUEST A QUOTE

Full-Page Ads

with maximum visibility

Event Promotion

Spotlight your events, webinars, or conferences to a targeted audience

CRAIG FORD

Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC, Baidam Solutions and Ipswich City Council. Member of the Board of Directors – AISA (Australian Information Security Association).

COLUMN

It’s time we started to push back the hordes

I have been in this industry of ours for what seems like forever (I think it is 20+ years). I have seen cybersecurity change from something that was really just part of IT to become an industry in its own right. Back in the day, cybersecurity staff would be hidden away in the basement or the back corner of the office.

Honestly, most people did not know what we did, and many still don’t. They thought we were doing some kind of voodoo magic with systems to protect them from mythical cyber hackers or cyber spies who would seek to harm them. It sounds as if I am talking about some 80s or 90s cyber hacker movie, but it’s what people thought (maybe some still do).

Things have really changed since those early days when hackers where teens just looking to see what they could do. Now, they are professionals looking to protect the businesses they work for. They are no longer hidden figures. They sit on company boards. They are respected members of any large organisation that takes the threats of the digital world seriously.

Companies are getting breached every six to eight minutes. These are serious breaches, ones that can cost companies many millions of dollars. Sometimes they ruin a business completely, causing it to shut down. This can be the result of its inability to recover its systems, its lack of the financial resources needed to survive, or the reputational damage driving customers away. These are real threats, real incidents every day.

Cybercrime is big business because crime groups are making a great deal of money. Before the internet became integral to our lives these groups would have sold you drugs, robbed a bank, or mugged you in the street. (Some still do), putting them at high risk of getting caught. By committing cybercrime they can stay hidden, wreak havoc on their victims and take what they like with almost no real risk of ever spending time behind bars, especially if they live in a country that does not seem to be concerned about these kinds of activities.

COLLABORATION, FOR GOOD AND BAD

This is why cybercrime is growing, creating an avalanche of cyber attacks. The biggest problem is that these bad guys and girls are getting better at working together. They collaborate on attack methods, share tools, platforms, information (all at a cost, but they collaborate nevertheless).

We need to do the same. As an industry we need to come together. We need to reclaim what is rightfully ours. I have talked about this in a previous article (bonus points for anyone who goes back and finds the issue. Maybe I could even throw in a signed copy of one of my books or some unicorn stickers for the first person to tell me which one). Like the soldiers in a Roman legion, we need to lock shields and stand as one. That is the only way we can push back the hordes.

As individuals and stand-alone organisations we might be strong, but no single team can be totally successful. However, if we can come together for the common good, maybe, just maybe, we might become

better. We might learn how to get the foundational things right and reclaim our systems from the thugs who have made us doubt our ability to keep what we hold dear safe from harm.

I know, it will be hard for us to truly stand as one, but it is possible. Go forth and help another team with no expectation of something in return. If we all do this, before we know it, we will be locking shields, marching to the beat of the same drum, pushing back the hordes and reclaiming what is ours.

www.linkedin.com/in/craig-ford-cybersecurity

www.facebook.com/CyberUnicorns

www.instagram.com/cyberunicorns.com.au

x.com/CraigFord_Cyber

www.cyberunicorns.com.au

INDUSTRY PERSPECTIVES

LISA VENTURA

RECLAIMING SPACE: EMPOWERING WOMEN TO SUCCEED IN THE CYBERSECURITY INDUSTRY

by Lisa Ventura MBE , Founder – Cyber Security Unity

The voices, skills and contributions of women have long been underrepresented in cybersecurity with many considering leaving the industry due to gender and unconscious biases. Despite the critical role women have historically played in computing the field has been overwhelmingly male dominated, with lingering stereotypes and systemic barriers stifling diverse talent. However, a powerful wave of change is sweeping through the industry as women reclaim their space, challenge norms and pave the way for a more inclusive and innovative future.

Women are rightfully making great strides in cybersecurity, breaking stereotypes and leading the industry towards a more equitable tomorrow. But, before we start, let’s look at some key stats.

DESPITE IMPROVEMENTS, WOMEN REMAIN UNDERREPRESENTED IN CYBER

The representation of women in cybersecurity has been gradually increasing yet disparities persist, even though we are now at the start of 2025.

Here are some key statistics highlighting the current landscape:

• Global workforce representation: women held 25 percent of cybersecurity jobs globally in 2022, up from 20 percent in 2019 and around 10 percent in 2013. Projections suggest that women will , increasing to 35 percent by 2031.

• Salary disparities: in the United States the average salary for women in cybersecurity is $141,066, compared to $148,035 for men, indicating a gender pay gap of nearly $7,000.

• Educational attainment: women in cybersecurity tend to hold advanced degrees at higher rates than men, with 52 percent of women possessing postgraduate degrees compared to 44 percent of men.

• Leadership roles: women are more represented than men in senior roles within cybersecurity. For example, women hold 28 percent of C-level or executive positions, compared to men with 19 percent.

• Team composition: approximately 11 percent of cybersecurity professionals report having no women on their security teams while only four percent indicate that more than half of their team members are women.

• Job satisfaction and authenticity: while 76 percent of women express satisfaction with their cybersecurity roles, 36 percent feel they cannot be their authentic selves at work, compared to 29 percent of men.

These statistics underscore the progress made in increasing female representation in cybersecurity while also highlighting persistent and ongoing challenges related to pay equity, workplace inclusion and team diversity.

BREAKING THE STEREOTYPES

Historically, the narrative around cybersecurity has often portrayed it as a technical, male-centric domain, alienating women from pursuing careers in the field. However, this perception is increasingly becoming

outdated. Women are stepping forward to dismantle stereotypes and prove that cybersecurity benefits from diverse perspectives.

Take the story of Anne Neuberger, the first woman to hold the role of deputy national security advisor for cyber and emerging technology in the United States. Neuberger’s leadership during pivotal moments, such as countering cyber threats from state actors, showcases the indispensable value women bring to the table. Her success demonstrates that women are not only capable of excelling in cybersecurity but are also instrumental in shaping global strategies.

In Australia, Michelle Price , the former CEO of AustCyber, has been a trailblazer integrating women into the nation’s cybersecurity framework. Under her leadership AustCyber prioritised gender diversity initiatives and emphasised the need to include women in all aspects of the cybersecurity

workforce. Her advocacy for inclusion has catalysed conversations about addressing gender imbalances in the industry.

RECLAIMING SPACE THROUGH LEADERSHIP

Leadership is a vital area where women are reclaiming space in cybersecurity. While female representation in executive roles within the field remains low, the balance is shifting. Programs like the Women in Cyber Security (WiCyS) initiative have been instrumental in empowering women to take up leadership roles. These programs provide mentorship, networking opportunities and resources to prepare women for positions of influence.

An inspiring example is Jaya Baloo, a globally renowned cybersecurity expert and chief information security officer (CISO) at Avast. Baloo has used her platform to advocate for diversity and inclusion while driving innovation in security technologies. Her

leadership not only exemplifies the impact women can have at the helm but also encourages others to follow suit.

In addition, organisations like the Australian Women in Security Network (AWSN) are fostering leadership among Australian women by hosting workshops, conferences and training programs. AWSN’s efforts have led to a tangible increase in the number of women entering leadership roles across Australia’s cybersecurity sector.

REAL-WORLD IMPACT: WOMEN IN CYBER DEFENCE

Women are not only breaking stereotypes—they are actively shaping the future of cybersecurity. Their contributions are evident in various facets of the industry, from threat intelligence to ethical hacking and policymaking.

One notable success story is that of Katie Moussouris, the founder of Luta Security. Moussouris is a

pioneer in vulnerability disclosure programs having helped design Microsoft’s first bug bounty program. Her groundbreaking work has changed how organisations globally approach software security, making systems more resilient against cyber threats.

In Australia, Jacqui Loustau, founder of AWSN, has championed initiatives to encourage more women to pursue careers in cybersecurity. Loustau’s work has empowered countless women to take up roles in ethical hacking, cyber forensics and other specialised areas, proving that women can excel in even the most technically demanding aspects of cybersecurity.

In addition, women are also leading efforts to combat online harassment, which disproportionately affects female users. Researchers like Dr Suelette Dreyfus, based in Australia, have conducted groundbreaking studies on privacy and security, emphasising the role of women in protecting digital rights.

THE ROLE OF EDUCATION AND MENTORSHIP

Education and mentorship are critical tools for empowering women in cybersecurity. Programs aimed at girls and young women are helping to close the gender gap by introducing them to the field early on.

For example, Girls Who Code , an international initiative, has inspired countless young women to consider careers in STEM (science, technology, engineering and mathematics), including cybersecurity. By creating a pipeline of talent such initiatives ensure that the next generation of cybersecurity professionals is more gender diverse.

In Australia, CyberTaipan, a national youth cyber defence competition, has been pivotal in engaging school-aged girls in cybersecurity challenges. By fostering interest and skills at an early stage, CyberTaipan is helping level the playing field and encourage more girls to pursue cybersecurity as a career.

Mentorship also plays a vital role in fostering confidence and career growth. WiCyS Australia

provides a platform for mentorship and networking, pairing seasoned professionals with young women entering the field. This initiative has seen tremendous success in helping mentees overcome barriers, navigate career challenges and build long-lasting professional relationships.

ADDRESSING SYSTEMIC BARRIERS

Despite significant progress, systemic barriers still hinder women from fully claiming their space in cybersecurity. These include pay gaps, unconscious bias and the lack of inclusive workplace cultures. Addressing these challenges requires collective action from industry leaders, organisations and policymakers.

Progressive companies like Cisco and IBM have introduced initiatives to tackle these barriers. Cisco’s Women in Cyber Security Scholars Program, for example, provides scholarships, internships and career development opportunities to women pursuing degrees in cybersecurity. IBM’s CyberDay4Girls program educates girls about cyber threats and promotes awareness of careers in the industry.

In Australia, the government’s Cyber Security Strategy 2020 acknowledges the importance of diversity and includes initiatives to support women in the cyber workforce. By investing in skills training, career development programs and public awareness campaigns the strategy aims to create an inclusive environment where women can thrive.

THE FUTURE: BUILDING AN INCLUSIVE INDUSTRY

The future of cybersecurity depends on creating a truly inclusive industry—one that values and integrates diverse perspectives. Women are uniquely positioned to drive this transformation by bringing fresh approaches to problem-solving and innovation.

Inclusive policies such as flexible work arrangements, equal pay and anti-harassment measures are essential for retaining female talent. Organisations must also actively address unconscious biases in hiring and promotion processes.

Collaboration between industry stakeholders is equally critical. Public-private partnerships can amplify the impact of gender diversity initiatives, creating a ripple effect across the industry. For example, collaborations between educational institutions and tech companies can ensure a steady influx of diverse talent into the cybersecurity workforce.

FINAL THOUGHTS

The journey to claiming space in cybersecurity for women is far from over, but the progress made is undeniable. By breaking stereotypes, fostering leadership and addressing systemic barriers, women are proving their mettle and shaping the future of the industry.

As trailblazers like Anne Neuberger, Michelle Price, Katie Moussouris and Jaya Baloo demonstrate, the contributions of women are vital to the field’s growth and innovation. Through education, mentorship and inclusive policies, the industry can continue to empower women and build a more equitable, resilient digital world.

The reclamation of space in cybersecurity is not just about gender—it’s about harnessing the full spectrum of talent and perspectives to tackle the challenges of an increasingly complex digital landscape. Women are claiming their rightful place, and in doing so, are redefining what’s possible in cybersecurity. Together they are shaping an industry that is stronger, smarter and more inclusive than ever before.

ABOUT LISA VENTURA MBE

Lisa Ventura MBE is an award-winning cybersecurity specialist, published writer/author and keynote speaker. She is the founder of Cyber Security Unity—a global community organisation dedicated to bringing together individuals and organisations who work in cybersecurity to help combat the growing cyber threat—and the founder of Neuro Unity, a non-profit that champions and promotes neuroinclusion for all. As a consultant Lisa also provides cybersecurity awareness and culture change training and works with cybersecurity leadership teams to help them collaborate more effectively. She also provides training to organisations on the benefits of hiring neurodivergent people. She has specialist knowledge in the human factors of cybersecurity, cyberpsychology, neurodiversity and AI in cyber. More information about Lisa can be found on www.lisaventura.co.uk

LISA ON SOCIAL MEDIA

x.com/cybergeekgirl

www.linkedin.com/in/lisasventura

www.facebook.com/lisasventurauk

www.instagram.com/lsventurauk

bsky.app/profile/cybergeekgirl.bsky.social

You can find examples of the her previous talks and of interviews, panel discussions and moderating/ chairing events on her YouTube channel:

www.youtube.com/@CyberSecurityLisa

CYBER SECURITY UNITY'S CHANNELS

www.linkedin.com/company/csunity

x.com/CyberSecUnity

www.facebook.com/CyberSecUnityUK

Let Us Join Your Team Now !!!

"Get skilled support to fill your team’s gaps at the same wage rate.

Source2Create provides a team of professionals across marketing, social media, admin, and content management, ready to enhance productivity without adding strain to your budget."

DO YOU CURRENTLY HAVE ANY OF THE FOLLOWING REMOTE OPEN POSITIONS?

Marketing support

Marketing strategy

Event coordinators/managers

Telemarketers

Linkedin/Instagram managers

Admin support

Canva ad creators

Wordpress content administrator

Admin and Data Entry

SCHEDULE A CALL TODAY OR EMAIL ABY

ABY@SOURCE2CREATE.COM.AU

ARE CERTIFICATIONS WORTHWHILE?

By Annie-Mei Forster , Senior GRC consultant at Securus Consulting Group

A question I get asked often from people looking to move into cybersecurity is: “What certification should I take?” It’s a valid question, given many job advertisements mention cybersecurity certifications relevant to the role. However, this question really leads to the more critical question: “Will this certification get me a job?”

The short answer to the second question is ‘no’. A certification alone won’t land you a job. If a job advert calls for someone with five or more year’s experience for a role and mentions certifications, the successful applicant will always be a person with the right experience. This creates a chicken-and-egg problem for someone looking to break into the industry.

My advice to people wanting a career in cybersecurity is to get your foot in the door and have your employer pay for your certifications. Firstly, certifications are expensive. Some can cost thousands of dollars. That’s a lot of money to fork out, especially if you’re not currently working. How do you even know if you’ll like working in cybersecurity?

Secondly, once you’re in a role, you’ll have a better understanding of what skills and knowledge you will need. You can then choose a certification that will complement your job and helps solidify the knowledge you’ve gained.

However, this does not solve the original problem: landing your first job in cybersecurity. There is no simple solution that fits everyone’s situation. But I like to use the analogy of someone making a New Year resolution to go to the gym four days a week. They sign up for a yearly gym membership and buy a whole new wardrobe, but before January is over, they’ve already stopped going, saying it was too hard.

MINIMISE YOUR INITIAL INVESTMENT

It’s better to dip your toe in the water before diving straight in. Instead of buying a $100 yoga mat, buy a $10 one from Big W. See if you like yoga and if you’re going to turn up to classes. That’s what I did when I first started doing yoga. Now I go to yoga two to three times a week and my $100 yoga mat has been great value for money.

It’s the same for certifications. Instead of spending your life savings on a $10,000 certification that may not be relevant to what you end up doing, why not see what’s available for free? There are so many great resources online. YouTube is a fantastic starting point if you’re looking for projects to do at home.

I recently did a course on DeepLearning.AI, which has many great programs for learning Python and artificial intelligence. The best part? They’re free! Set yourself small goals to start with and see if you can stick to

ANNIE-MEI FORSTER

them. Aim for an hour a day to learn a new skill. What you choose does not have to be cybersecurity related; it’s more about learning to stick to a routine and staying the course.

Once you’ve finished a course or completed a project, it’s time to showcase what you’ve learnt. This can take the form of a blog post, a link to your GitHub account or a video. You can then share this on YouTube or LinkedIn so others can see what you’ve done. Don’t forget to add these achievements to your resume so potential employers can see what you’re capable of. Having a portfolio of work is very valuable.

TAKE THE CLOUD RESUME CHALLENGE

Last year I did the Cloud Resume Challenge, which you can do at home. The premise is simple: choose a cloud service provider (AWS, Google or Azure) and host your resume in its cloud. This project is great because it not only gives you hands-on experience with cloud services but also with using HTML and CSS. I deployed my resume using Terraform, which gave me experience with infrastructure as code. While this isn’t specifically cybersecurityfocused, you do have to think about securing your resume on the internet using cloud services. It may also inspire you to pursue a career in cloud security.

Doing the Cloud Resume Challenge is a free alternative to completing a cloud certification. While you will have to pay a small amount to buy a domain name for your website, all the other cloud services are free if you stay within the free tier of whichever platform you chose.

Another good way to showcase your skills is by thinking of a problem in your day-to-day life that you want to solve. For example, building an automated daily task scheduler using Python. You can even use ChatGPT to provide suggestions if you’re struggling for ideas.

It’s never been easier to build your own projects. You’re limited only by your imagination (and there’s large language models to help with that). Please don’t hesitate to get in touch with me if you want to have a

chat about projects you can build in your spare time. While I can’t guarantee doing so will get a job, it will help you stand out from the crowd.

ABOUT THE AUTHOR

Annie-Mei Forster is a senior GRC consultant at Securus Consulting Group. She is passionate about getting more women into the cybersecurity industry and was a finalist for Best Volunteer in last year’s Australian Women in Security Awards. She is the co-host of the Lost In Cyberia podcast and posts cybersecurity tips on @thecybersecuritygals Instagram account.

www.linkedin.com/in/annie-mei-forster

JO STEWART-RATTRAY

RECLAIMING PRIVACY: ADDRESSING THE GENDER GAP IN TECH AND PRIVACY LEADERSHIP

by Jo Stewart-Rattray , Oceania Ambassador, ISACA

The privacy landscape is increasingly challenging to navigate. According to ISACA’s State of Privacy 2025 survey report, 63 percent of privacy professionals say their roles are more stressful now than five years ago, with nearly half expecting budget cuts and 73 percent struggling to hire expert-level privacy talent. While these statistics are concerning, they also present an opportunity. Put simply, we need more people. Women, who are underrepresented in cybersecurity and privacy roles, are well-positioned to help address these challenges and reshape the future of digital trust.

RECLAIMING AUTHORITY IN PRIVACY LEADERSHIP

For privacy professionals face increasing stressors— from regulatory complexities to resource constraints and shrinking budgets—the demand for skilled leaders has never been greater. A new ISACA Tech Workplace and Culture report, based on responses

from 7,726 tech professionals highlights just how deep gender inequality runs in the sector. The report reveals that 87 percent of IT professionals recognise the lack of gender diversity in the industry, yet only 41 percent of businesses have programs in place to hire more women.

This disparity is compounded by a lack of visible role models—43 percent of female respondents cite the dominance of male leaders as a key reason why women remain underrepresented in tech roles. Additionally, 42 percent of women identify pay inequality as a significant challenge, compared to just 15 percent of men.

Many women already in privacy leadership roles are demonstrating remarkable resilience and strategic foresight. Despite the barriers and inequity they may face, those who have carved out their space in the field have been instrumental in role-modelling this

career. Whether they realise it or not, their presence in a male-dominated industry is inspiring and encourages other women to move forward.

RECLAIMING CONFIDENCE: OVERCOMING INDUSTRY SCEPTICISM

Despite their expertise, many women in security and privacy still encounter biases that undermine their authority. The ISACA Tech Workplace and Culture report indicates that men tend to rate their sense of authority in specific areas of their current role more highly than do women. The gap between men’s and women’s perceptions of authority is particularly pronounced in decision-making related to purchasing (13 percentage points) and influencing company strategy (10 percentage points).

A key responsibility for privacy and security professionals is to shape stronger, more adaptable privacy frameworks. Their leadership is not only about meeting compliance mandates but also

about integrating privacy into the core of business operations to ensure long-term sustainability and trust. Women, in particular, bring a collaborative approach, strong risk-awareness and a deep understanding of ethical considerations—qualities that are invaluable in this role.

WOMEN ROLE MODELS ARE CRITICAL

One path to achieving real change is through mentorship and community engagement. Experienced women in privacy and security can be especially influential as mentors for younger professionals and career changers, particularly as the sector struggles with talent shortages. Encouraging more women to enter the field, equipping them with the necessary skills and providing support networks will help build a stronger, more balanced privacy and tech workforce.

Respondents to ISACA’s Tech Workplace and Culture survey agree, with 52 percent stating that educational institutions can do more to drive gender inclusion

by providing mentors or role models, along with establishing tech clubs and/or organisations for networking for women (42 percent) and hiring more female tech lecturers and professors (31 percent).

AI AND THE FUTURE OF PRIVACY

It is important that women in the sector are at the forefront of conversations about AI and how it may evolve to play a larger role in privacy management. ISACA’s State of Privacy 2025 survey report found the use of AI in privacy-related tasks to be on the rise. This trend introduces ethical considerations— bias, transparency and security vulnerabilities— that require diverse perspectives if they are to be managed effectively.

It is important for women in privacy to have influence in AI-driven privacy strategies. We need to ensure these technologies support, rather than undermine, ethical data practices. By advocating for inclusive, responsible AI development and implementation, women can help shape policies that prioritise security and gender diversity.

RECLAIMING A SUSTAINABLE FUTURE IN PRIVACY

To build a sustainable future in privacy leadership, organisations must go beyond short-term fixes and commit to long-term strategies that build diversity, inclusion and equity.

Leaders across industries must champion mentorship, invest in skills development and challenge outdated norms that continue to hold women back. This way we can create a privacy and security workforce that is not only resilient and innovative, but also reflects the diverse communities it serves.

ABOUT THE AUTHOR

Jo has over 25 years experience in the security sector. She consults in risk and technology issues with a particular emphasis on governance and cybersecurity as a director with BRM Advisory. Jo is the Oceania ambassador for global IT professional association, ISACA and an ISACA Hall of Fame inductee. Jo is vice president, communities of the Australian Computer Society and ambassador of the National Rural Women’s Coalition. She regularly provides strategic advice and consulting to the banking and finance, utilities, healthcare, tertiary education, retail and government sectors.

www.linkedin.com/in/jo-stewart-rattray-gaicd-4991a12

WOMEN IN CYBERSECURITY LEADING WITH COURAGE AND SOLIDARITY

By Olamide Elizabeth Falowo, GRC Analyst/Advocate for Women in Tech.

Cybersecurity is not only about protecting systems; it’s about safeguarding people, ideas and opportunities. For women in this field, it is often about more than digital security, it involves taking up space, challenging biases and shaping the future of technology.

In an industry where women make up less than a quarter of the workforce, reclamation is not only an individual effort; it’s a collective movement. Through courage, solidarity and resilience, women in cybersecurity are breaking barriers, creating inclusive environments and inspiring the next generation to embrace resistance as a form of growth.

This article explores how reclamation plays a vital role in empowering women, fostering resilient professional cultures and reshaping the narrative of what’s possible in cybersecurity.

For decades, cybersecurity has been seen as a maledominated field, but women are steadily reclaiming their space and rewriting the narrative. Reclaiming here means more than just entering the field—it’s about taking leadership roles, shaping security strategies and inspiring others to follow.

Organisations like Women in Cybersecurity (WiCyS) and initiatives such as mentorship programs have paved the way for women to thrive. These programs empower women to reclaim confidence in their technical abilities, challenge gender biases and occupy seats at the decision-making table.

For example, professionals like Parisa Tabriz, Google’s ‘Security Princess,’ have shown how reclaiming unconventional roles can open doors and shatter stereotypes. Reclaiming space means demanding not only visibility, but also influence in a field that defines the future of global security.

OLAMIDE ELIZABETH FALOWO

Old preconceptions that restrict both men and women are the source of statements like “You can’t rock the cradle and rock the boardroom.” Although these notions aim to portray men and women as complementary, they frequently ignore the complexity and potential of people, particularly women, who have repeatedly demonstrated their ability to succeed in both leadership and caregiving roles.

Women in cybersecurity have demonstrated that they are not limited to upkeep or continuance. They play roles that have traditionally been assigned to men: inventors, innovators and guardians. Ada Lovelace, for instance, is credited with being among the first people to program computers. Today, women like Katie Moussouris have led the way in important developments in cybersecurity procedures, such as vulnerability disclosure initiatives.

The idea that women are incapable of “rocking the cradle and the boardroom” minimises their potential. It diminishes the ability of women to balance roles. The truth is, women in cybersecurity are not only maintaining systems; they’re designing and securing

them, pushing boundaries and redefining what leadership looks like in a male-dominated industry.

Reclaiming space in cybersecurity means challenging these stereotypes and showing that women’s contributions are not limited by societal expectations. By doing so we not only empower women to pursue their ambitions but also create a more inclusive and innovative industry.

Resilience in cybersecurity is not only about protecting systems—it’s about cultivating a supportive culture where women can grow, innovate and lead. Women are creating networks of mentorship, peer support and advocacy to help navigate the unique challenges they face.

Consider the power of solidarity. Women who mentor and advocate for each other build resilience not only for themselves but for the entire industry. For instance, when experienced cybersecurity leaders share their journeys, they not only boost the confidence of aspiring professionals, they also foster a culture of shared growth and inclusivity.

Programs like CyberSafe and local cybersecurity meetups for women provide platforms for growth. By creating these spaces, women are ensuring that the next generation does not merely participate in cybersecurity, but thrives in it.

Resistance is often seen as creating an obstacle, but for women in cybersecurity, it’s an opportunity to innovate and lead. Whether resisting workplace biases, breaking free from imposter syndrome, or advocating for inclusivity, courage is a vital part of the journey.

One powerful example is how women have embraced resistance by advocating for diversity in hiring practices and workplace policies. This resistance is not about confrontation; it’s about transformation, changing the industry to make it more equitable and inclusive.

Take, for example, the movement to recognise and address the gender pay gap in cybersecurity. Women have resisted outdated norms by negotiating salaries,

pushing for transparency and mentoring others to do the same.

Embracing resistance is not only an individual act; it’s a call to action for the entire industry to evolve.

Women in cybersecurity are reclaiming their power, one role, one system and one policy at a time. By fostering resilient cultures, demonstrating courage and embracing resistance, they are shaping an industry that thrives on diversity and innovation.

Reclaiming is not only about today, it’s about building a future where every woman in cybersecurity can excel without barriers. To all the women navigating this path: your courage, solidarity and vision are rewriting the rules and inspiring others to follow.

Let’s reclaim, resist and rise together.

www.linkedin.com/in/falowo-olamide

ARE OPEN Nominations

1 ST MARCH 2025

Why Nominate?

To identify rockstars

TIP #1

Authenticity

First and foremost, be authentic. When crafting your nomination, share real stories and concrete examples that highlight the nominee's impact in the cybersecurity & protective security field. The more genuine and specific, the better.

TIP #4

Emphasise Diversity & Inclusion

Share how the nominee has contributed to creating an inclusive environment in the cybersecurity & protective security sector. Highlight initiatives that promote diversity and equal opportunities.

To celebrate ‘hidden’ security superstars

To lift and empower the entire company

To express admiration for fellow co-workers

To pause and express your gratitude

To pay it forward - and give back to the community

HOW TO SUBMIT A WINNING NOMINATION

Highlight Achievements

Whether it’s groundbreaking projects, leadership roles, or innovative solutions, make sure to showcase the nominee’s outstanding contributions to the industry. Numbers and metrics can add that extra punch!

TIP #5

Collaboration is Key

Collaboration is key. If you’re part of a team, gather input and insights from your colleagues. They might have unique perspectives on the nominee’s contributions and can help strengthen your nomination.

Support with Testimonials

Gather testimonials. Reach out to colleagues, mentors, or anyone who can provide additional insight into the nominee’s skills and impact. A well-rounded nomination with testimonials adds credibility and depth.

TIP #2

TIP #3

KAREN STEPHENS

Karen Stephens is the co-founder and CEO of BCyber. After more than 25 years in financial services, Karen moved into SME cybersecurity risk management. She works with SMEs to protect and grow their businesses by demystifying the technical aspects of cybersecurity and helping them to identify and address cybersecurity and governance risk gaps. She was recently named inaugural Female Cyber Leader of the Year at the 2023 CyberSecurity Connect Awards in Canberra.

COLUMN

“Upon the conduct of each depends the fate of all” (Alexander the Great)

Welcome to 2025! Hasn’t the year started with a bang?

We have been greeted with “Australia has become a ‘honeypot’ for bank scammers and the world is laughing.” But wait, if you are scammed: “The chance of you getting your money back …[is] dire.” I have seen the truth of this with my own eyes, and it isn’t pretty. The whole cybersecurity “doom and gloom” theme appears to be centred around “you’re on your own” rather than focussing on what we can do as a collective.

Cybersecurity risk management solidarity needs to become a thing. It needs to become our thing!

There has never been a ‘silver bullet’ for cybersecurity risk management. Nor is it possible to have one person or business fix everything for everyone. Alas, it is unlikely the people who are most vulnerable to a cyber breach are reading this (eg the 4.2 million retirees or the four percent of the population that does not work, or our 4.1m school children. Need I go on? This is where you and your personal network come into play.

By us all making and sharing a few basic changes, our cyber resilience as a community will improve. So, let your cybersecurity risk management solidarity journey start today with three free ‘fixes’ you can pass on to everybody.

1. Go beyond the tech. Accept that cybersecurity is not just a tech problem. While this sounds easy it (unfortunately) is not. It has been my experience that, when a breach occurs, the first thought is “it is a software security fail” when, usually, it is a person who has either been too trusting, too distracted and done something they should not have, or someone who decided to be nefarious. Security software cannot fix those issues. The fix to share: think beyond the security software. Don’t accept unknown calls (that’s what voicemail and number blocking are for) or unexpected emails (that is what the preview is for, quickly followed by blocking and deleting). Don’t engage. EVER!

2. Your trust is valuable - don’t just give it away. In the ‘good old days’ you basically trusted all and sundry from the get-go and if they did something wrong, you blacklisted them, in life

or in cyberspace. Unfortunately, if the rise in cybersecurity breaches has taught us anything, it’s this: you should trust no one immediately. Let them prove themselves worthy of your trust. The fix to share: when you get an email, text or call purporting to be from a trusted source (eg a bank, the ATO, etc) do your own due diligence e.g. Don’t respond to the email/text or answer the call and call them back on a number you know to be correct. Remember, criminals hide in plain sight, and they sound like us.

3. Good cyber hygiene - boring but necessary. Cyber hygiene should start from the very first time a device is put into anyone’s hands, because practice makes perfect. The fix to share: use passwords with 16+ complex characters that are never reused or shared and manually check that the patches of all your devices (phones, iPads, laptops, etc) are up to date. Sometimes ‘auto patch’ is not really automatic.

And now for your homework.

I have done my bit by providing you with some nice easy foundational steps for our cybersecurity risk management solidarity journey. It’s now up to you. Your mission (and there is no refusing it I’m afraid) is to raise these first steps with three people you know. Then have them raise these steps with three people they know, and so on. Who knows, by this time next year cybersecurity risk management solidarity might not be only a thing; it might be a way of life.

www.linkedin.com/in/karen-stephens-bcyber

www.bcyber.com.au x.com/bcyber2

karen@bcyber.com.au youtube.bcyber.com.au/2mux

Source2Create Spotlight

Content

Content allows you to establish, share, and strengthen your brand. It helps build relationships which is why we are shining the light on our content service.

Content strategies don’t just define the goals your content is intended to achieve, but also the procedure, processes and governance required to get there. We can show you how to manage your content effectively .

We can then use that content to attract, acquire and engage your customer and new prospects, deepening your relationships

What are you waiting for? REACH

CAREER PERSPECTIVES

FROM FEAR TO FASCINATION: MY JOURNEY IN CYBERSECURITY

by Madhuri Nandi , Head of Security - Nuvei, and Co-Chair AWSN

The world of cybersecurity can seem intimidating from the outside. For me that feeling was very real during my early days in the field. I still remember stepping into the SOC-IR (Security Operations and Incident Response) lab at my first organisation as a fresh graduate. Coming from an electrical and electronics engineering background, I found myself surrounded by large computers, cybersecurity appliances, switches, firewalls and an atmosphere buzzing with activity. It was a place where seasoned professionals worked tirelessly to secure systems and respond to threats.

For someone without a computer science degree, this environment felt overwhelming. The SOC-IR lab was the beating heart of the organisation’s cyber defence, and I was unsure if I could contribute meaningfully. Yet, despite my initial fear, this experience set the stage for what would become a fulfilling career in cybersecurity.

THE INTIMIDATION OF THE UNKNOWN

As a fresh graduate I was often in awe of the seniors

in my team. They spent hours configuring devices, analysing network traffic and honing their skills in the lab. Watching them tackle complex incident response exercises and conducting intricate malware investigations was inspiring, but also intimidating.

At first I doubted whether I could ever master these technical skills. The tools they used—SIEM (Security Information and Event Management) platforms, firewalls and intrusion detection systems (IDS)—felt like a foreign language. It was hard not to feel out of place. However, observing my peers changed my perspective. Many of them did not come from computer science or IT backgrounds either. Their expertise was the result of determination, curiosity and relentless learning.

FINDING MY WAY THROUGH CURIOSITY

This realisation shifted my mindset. I understood that I did not need to have all the answers on day one. What mattered was my willingness to learn and grow. As weeks turned into months I began to enjoy the work. Troubleshooting became my favourite

MADHURI NANDI

part of the job. Whether it was analysing packet captures (PCAPs), investigating anomalous traffic or responding to SOC alerts, every challenge felt like a puzzle waiting to be solved.

During night shifts I eagerly anticipated alerts. Each one was an opportunity to uncover a potential cyber threat, whether it was a phishing attempt, a DDoS attack or a misconfiguration that exposed vulnerabilities. The more alerts I investigated, the more confident I became of my ability to understand and address cybersecurity issues.

THE ROLE OF COMMUNICATION

One of the most critical factors in my growth was communication. Early in my career I made it a priority to connect with my seniors. I asked questions, sought guidance and learnt from their experiences. These one-on-one conversations were invaluable. They helped demystify complex concepts, from network security protocols to threat hunting techniques.

Cybersecurity is often seen as a highly technical field—and it is. But what many people overlook

is the importance of communication. Whether you’re working in a SOC, responding to incidents or collaborating with cross-functional teams, effective communication is what enables progress. It’s what helps you seek help when you’re stuck, share insights with your peers and articulate technical challenges to non-technical stakeholders.

NAVIGATING THE WORLD OF LEARNING

One of the biggest challenges I faced as a newcomer was figuring out how to learn in an unstructured environment. In college libraries provided a curated selection of resources, and professors or seniors could recommend the best books or authors. In the corporate world, I had to chart my own learning path.

At first the sheer volume of information online felt overwhelming. Unlike college, where resources were finite, the internet offered an endless stream of guides, tutorials and forums. It was hard to know where to begin. Slowly, I found my footing by focusing on trusted resources. I turned to vendor documentation, operating system manuals and product-specific admin guides. I supplemented

these with YouTube channels which offered practical demonstrations of concepts like firewall configurations, malware analysis and incident response workflows.

This phase of self-directed learning taught me an important lesson: cybersecurity is a field of continuous education. Threats evolve, technologies change and best practices are updated regularly. To stay relevant you must embrace the mindset of a lifelong learner.

LESSONS LEARNED IN THE SOC-IR

Working in a SOC-IR lab taught me many valuable lessons that continue to shape my career:

1. Curiosity fuels growth: every alert, anomaly or misconfiguration is an opportunity to learn. Cybersecurity is a field that rewards curiosity and a willingness to dive deep into the unknown.

2. Communication is key: the ability to articulate your findings, ask for help and share knowledge is just as important as technical expertise. It’s the foundation of collaboration and growth.

3. Adaptability is essential: cybersecurity is an ever-changing landscape. New tools, techniques and threats emerge constantly. Staying flexible and open to change is critical to success.

4. Mentorship makes a difference: having mentors who guide and encourage you can make all the difference. Their insights can help you navigate challenges and find your footing.

5. Learning never stops: whether it’s exploring MITRE ATT&CK, staying updated on the OWASP Top 10 or experimenting with new tools, there’s always more to learn.

ENCOURAGEMENT FOR ASPIRING CYBERSECURITY PROFESSIONALS

If you’re considering a career in cybersecurity or are just starting out, know that you do not need to have all the answers right away. Your journey will be filled with challenges, but each one will be an opportunity to grow.

Connect with your network. Learn from others’ experiences. Seek out mentors who can guide you. Most importantly, remember that cybersecurity isn’t just about technology; it’s about people. Communication, collaboration and curiosity are the true cornerstones of success in this field.

A PLACE FOR EVERYONE

The beauty of cybersecurity lies in its inclusivity. Whether you’re interested in threat hunting, cloud security, vulnerability management or incident response, there’s a place for you to contribute and grow. Your background, whether technical or nontechnical, is not a limitation; it’s a unique perspective that can add value.

My journey from fear to fascination is testament to what’s possible when you embrace curiosity, prioritise communication and never stop learning. Cybersecurity has a place for everyone willing to put in the effort. The field needs diverse perspectives and talents to tackle the complex challenges of today and tomorrow.

Your journey is yours to define. Start from where you are, use what you have, and trust that your efforts will lead you to success.

ABOUT MADHURI NANDI

Madhuri Nandi, with close to two decades of experience in cybersecurity, shares her personal journey from fear to fascination in the field. As Head of Security at Nuvei and Co-Chair of the Australian Women in Security Network (AWSN), she has led transformative initiatives, driven continuous learning, and mentored the next generation of cybersecurity professionals. Her story highlights the importance of curiosity, communication, and adaptability in navigating the dynamic world of cybersecurity.

www.linkedin.com/in/madhurinandi

ADVERTISING PACKAGE EXCLUSIVE

For the past four years , Source2Create has proudly delivered Women in Security Magazine to the industry free of charge , championing diversity, inclusion, and the incredible contributions of women in cybersecurity. As we continue to grow, we now need partners to help us sustain and expand this vital platform.

By supporting this package, you’re not just backing us—you’re investing in the magazine, its community, and the future of women in security. To ensure we can keep delivering this high-value publication, we’re introducing a nominal fee for $900 Ex GST, an exceptional package that provides extensive coverage and visibility.

BREAKING BARRIERS IN CYBERSECURITY: MY JOURNEY TO SUCCESS

by Keshani

Bogahawatte , Senior

Executive

in Information Systems Audit with expertise in IT risk governance, cybersecurity, and audit assurance

The world of cybersecurity is ever evolving, offering exciting challenges and endless opportunities to those passionate about safeguarding the digital realm. As someone who has always been drawn to problem-solving and innovation, I knew early on that my path would lead me to this dynamic field. Today, I am honoured to share my journey as a woman in cybersecurity, navigating challenges, celebrating successes and striving to inspire others.

My academic foundation in information technology laid the groundwork for my career. Pursuing my degree was not only about earning a qualification, it was also about pushing boundaries and setting high standards. This commitment culminated in me graduating with first-class honours in cybersecurity from Sri Lanka Institute of Information Technology (SLIIT), an achievement that remains one of my proudest moments. It was not only a testament to my hard work, but a milestone that underscored my belief in perseverance and determination.

Upon completing my studies I embarked on a professional journey that has been as enriching as it has been challenging. My career began with an esteemed global firm, EY Sri Lanka, where I gained invaluable experience as an external information systems auditor. Over 2.5 years I honed my technical skills and cultivated meticulous attention to detail while conducting complex audits across industries. This role taught me the importance of balancing technical expertise with effective communication to address risks and safeguard organisational assets.

SEEKING DIVERSE EXPERIENCES

Eager to diversify my experience, I transitioned to the banking sector, working in information systems auditing. This role gave me insights into a highly regulated and fast-paced environment, further strengthening my adaptability and problem-solving abilities. Afterwards I joined one of Sri Lanka’s leading apparel manufacturers as a senior executive in group information systems auditing. This role

KESHANI BOGAHAWATTE

offered the perfect platform to combine my technical expertise with strategic thinking as I contributed to enhancing the organisation’s IT governance and compliance frameworks.

Beyond my professional responsibilities I have actively sought opportunities to expand my knowledge and skillset. By leveraging advanced tools like Power BI and Co-Pilot I have been able to streamline workflows and deliver data-driven insights that add value to my work. The ever-changing landscape of cybersecurity demands continuous learning and I have embraced this challenge with enthusiasm, staying updated on emerging trends and certifications to remain at the forefront of the field.

While my journey has been rewarding, it has not been without its obstacles. As a woman in a maledominated industry I have faced moments of doubt and resistance. However, these experiences have only strengthened my resolve to succeed and mentor others navigating similar challenges. I firmly believe in the power of representation and actively advocate for greater diversity and inclusion in the tech industry.

KEY LESSONS LEARNT

One of the key lessons I have learnt is the importance of collaboration and support systems. Whether you are in a team whose members are working together to solve a critical issue or have a mentor guiding you through uncharted territory, success in cybersecurity is rarely a solo effort. I am immensely grateful to the mentors and peers who have supported my growth, and I am committed to paying it forward by encouraging more young women to explore careers in technology.

As I look ahead my aspirations remain rooted in making a meaningful impact. Cybersecurity is not just about preventing breaches or protecting data; it’s about fostering trust in a digital world. I aim to contribute to building resilient systems and promoting a culture of proactive security within organisations. Moreover, I hope to continue inspiring others by sharing my story and demonstrating that, with passion, perseverance and purpose, anything is possible.

To those considering a career in cybersecurity, my message is simple: take the leap. The challenges you face will shape your character, and the victories you achieve will redefine your potential. This is a field that rewards curiosity, resilience and innovation—qualities we all possess, if we dare to nurture them.

My journey is far from over, but it is one I am proud of. Through each success and setback I have grown not only as a professional but as an individual determined to make a difference. As we continue to advance in the digital age I am excited to see how the next chapter of this journey unfolds, and I remain committed to breaking barriers and forging new paths in cybersecurity.

www.linkedin.com/in/keshani-arundathi-bogahawatteb0b965147

SIMON CARABETTA

Simon is a former high school Media Studies and English teacher turned Cyber Security Advocate. A proud dad to three young men and a master of Mario Kart

COLUMN

The Coming War on Progress

Diversity, Equity, Inclusion. Diversity, Equity, Inclusion.

Let’s say those words one more time. Diversity, Equity, Inclusion.

I trust that readers of Women in Security Magazine understand what each of these words means and how important they are to our industry. We, as a collective, have worked hard for years now in establishing and maintaining a strong, diverse and inclusive community, bound by the principles that we should all be given a fair go.

Read that last part once more. A fair go.

Isn’t that a very Australian value? Something that you’ll no doubt hear politicians utter in the lead up to our next Commonwealth Government Election set for some time this year.

Why then, is such an Australian value, which has been emphasised far longer than cyber security or even the wider tech industry has been around, suddenly at risk.

I say, at risk, because what we’re noticing slowly creeping into our society, is a pushback on three things that are incredibly important to any industry, particularly security.

Diversity, Equity, Inclusion.

When you say these words, rather than the oft-used acronym, DEI, you can humanise the entire concept. When you break each and every word down bit by bit, you can understand just how incredibly vital they are to the innovation, growth and sustainability of the security industry. Unfortunately, what we’re noticing

now is a culture war that has been declared on these principles that are sustaining the lifeblood of cyber security in Australia.

This is no longer just an attack on words, but an allout war declared in order to undo years of progress established by some amazing organisations, people and public and private sector leaders. The main weapon of the war? Disinformation, and it’s not even being used by our side.

Without naming names, we’re seeing senior politicians, at local, state and federal levels in Australia, take aim with their missiles of “double talk” and “alternative facts” at programs, initiatives and even company policies centred on giving a fair go to all. However, these same politicians, who will exclaim “having a fair go” in their endless campaigns, believe that only a fair go applies for them and other people exactly like them. That list excludes:

• Migrants from non-Western countries

• Australians of an ethnic minority

• Women and people identifying as women

• LGBTQI+ people

• Proponents of Diversity, Equity and Inclusion

Allegedly, these people do not deserve a fair go.

Cyber Security has experienced an identity problem for years, with the industry as a whole being seen as male-heavy and sidelining most women to nonleadership roles and the “softer” side of cyber (that’s the focus of next month’s column).

This column is not being written to condemn the industry, rather it’s sharing how progressive we’ve actually come within our ranks to try and overturn the

general stereotype that we’ve come to be associated with. However, what this piece is definitely aiming to do, is to open a discussion about how we are now at risk of having all of this work undone, simply due to the harsh words of some Australian politicians.

It’s no secret that the return of Donald Trump to the Whitehouse in the US will have broader global implications, not just in these culture wars, but in many other ways. One example is of those in Australia with minority and out-dated viewpoints feel more emboldened, confident and at ease to speak their mind and pushback against any seemingly progressive social and economic initiatives. I don’t need to mention how much disinformation surrounding Climate Change, Vaccinations and Social Welfare has been going on in Australia since even before Trump’s first term in office. However, what we’ll see over the next 12 months is a very systematic dismantling of progressive initiatives towards Diversity within corporate Australia due to the very loud words of the very few.

Now, I’m not defending DEI for DEI’s sake. When it becomes a compliance checkbox exercise, it’s completely meaningless and takes away from the cause completely. When it’s meaningful and is ingrained in the very culture, the very heart of an organisation, from the top right down, then that is true acceptance of diversity. It also helps more people understand what diversity actually means and the many, many different ways in which a diverse team can drive better results and success.

Do we as an industry want all of the progress and hard work we’ve strived for to come to a halt? Do we

want it all broken down bit by bit because of loud politicians who don’t understand just how much our economy, our society, our various industries actually need a true diverse workforce? Do we want those with racial, religious, gender or identity bias to be the ones dictating the strategy and direction of such an important industry in our country?

If the answer you’ve given is a resounding “NO”, then you get it. This is no longer just words being thrown around, this an all-out war against diversity in Cyber Security.

www.linkedin.com/in/simoncarabetta

STUDENT IN SECURITY SPOTLIGHT

Cybersecurity student at the University of Colorado, Denver

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest? The global cybersecurity talent shortage is projected to reach 85 million by 2030, which could result in a staggering $85 trillion in lost revenue each year. This gap is more than just a financial issue for businesses—it impacts all of us, especially when you consider that each individual’s private data and finances are part of that $85 trillion loss. Cybersecurity is about protecting more than just a company’s assets; it’s about safeguarding your personal data, devices, and finances. For example, in the U.S., an individual’s leaked or unprotected data can be worth over $600. By stepping into this field, you’re not just securing others’ data; you’re also making sure you have the skills and knowledge to protect your own. Plus, the opportunities in cybersecurity are endless, and the best part? The learning never stops. It’s a field that keeps evolving, offering dynamic challenges and growth, far beyond the usual 9-to-5.

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

When I first got into cybersecurity, it was partly because the computer science field felt oversaturated, and I wanted to specialise in something that would stand out in the job market. Of course, the salary didn’t hurt either! But after diving into technical coding classes and really getting into the nitty-gritty of cybersecurity, I realised that it’s a constantly evolving field, and staying ahead means always learning and adapting. The biggest lesson I’ve learned is that it’s not just about acing exams or passing classes. You have to be proactive, take ownership of your learning, and be brave enough to teach yourself new things along the way. There’s no shortage of resources out there, so it’s all about being curious and keeping up with the latest in the field.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

After I graduate, I’m planning to pursue a career in application security or security engineering. I’m drawn to these fields because they offer continuous learning opportunities and involve a lot of problemsolving, which I find really rewarding. I’ve thought about roles like penetration testing, but I feel they might not be the best fit for me, as they don’t focus as much on the kind of problem-solving I enjoy. I’m excited to dive deeper into areas that challenge me and allow me to keep growing in the cybersecurity field.

When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

When I decided to pursue a career in cybersecurity, my parents and friends were incredibly supportive and proud of my choice. However, there was a point early on when I considered stepping away from the field because things were a lot more challenging than

TIHUT SOLOMON

Tihut Solomon is a Cybersecurity student at the University of Colorado, Denver, with minors in Leadership and Computer Science.

I expected. Some concepts were completely new to me, and it felt overwhelming at times. But my parents encouraged me not to quit just because things got tough. They reminded me that the real value lies in learning for the sake of learning, not just passing exams. That’s one of the most important lessons I’ve learned—focusing on curiosity and asking questions keeps the passion alive and helps you grow. I also found that using free online resources, YouTube tutorials, and LinkedIn has been a great way to broaden my understanding and stay engaged with the field.

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

I really look up to Caitlin Sarian, also known as “The Cybersecurity Girl” on her social media accounts. With over a million followers on TikTok and Instagram, she’s a huge inspiration to me. What motivates me the most is her perspective on the field and how much she cares about the

community. She emphasizes that cybersecurity isn’t just about hacking or stopping attacks; it’s also about raising awareness and educating people on how to protect their privacy and data. I find it incredibly motivating to be able to help my community in different ways—whether it’s sharing tips on creating secure passwords or raising awareness about online footprints. It’s about making a difference and ensuring that even those who aren’t in the professional cybersecurity space stay informed and protected.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

Outside of my academic studies, I’ve made it a point to get involved in the Cybersecurity club at my school, which hosts both virtual and in-person simulations of real-world scenarios. It’s been a great opportunity to learn directly from industry professionals working in banks and national security. I’ve also taken advantage of free resources like Coursera, Cybrary, edX, and SANS to dive deeper into different areas of cybersecurity and broaden my knowledge of the field. These experiences have really helped me get a clearer picture of the diverse opportunities available in cybersecurity.

The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice?

Right now, I’m taking some free courses on Cybrary and Coursera. Cybrary offers sharable badges upon completion, which is a nice bonus. As for Coursera, I’m working through an IBM course, and at the end, I’ll decide whether to pay for a certificate or not.

In the short term, I’m also planning to pursue the Google Cybersecurity certification. Although some professionals say it’s not a must-have, I believe it will be a solid step forward from my current

TIHUT SOLOMON

knowledge, so I’m definitely going for it. As I continue with my degree, I’m aiming for CompTIA and CISO certifications since many job roles list those as requirements.

Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?

I don’t feel that my academic program alone fully prepares me for success in cybersecurity, which is why I heavily rely on free resources outside of class. Honestly, I’ve learned more from YouTube videos and short online courses than I have from any of my classes. These resources really help bridge the gap and give me the hands-on experience I need to excel in the field.

What aspect of your cybersecurity studies excites you the most, and why?

I’m really drawn to ethical hacking, data restoration, and network and app security because they involve a lot of problem-solving and are constantly evolving. Cyber attackers are always finding new ways to break in, so the challenge of staying ahead of them and continuously learning keeps things exciting. The unique challenges in these areas make the classes both interesting and eye-opening, pushing me to think creatively and adapt quickly.

Conversely, which aspect of your studies do you find least interesting or useful, and how do you navigate through it?

I didn’t enjoy object-oriented programming at first because I didn’t approach it with the right mindset. I treated it like one of my high school classes, where I was more passive about it instead of being curious and actively learning through practice. Looking back, I realize that if I had embraced the subject with more enthusiasm and dedication, I would have had a better experience.

Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?

I really wish there were more policy-related classes alongside the technical ones. It would be helpful to get a better understanding of what an actual company environment looks like, especially how policies and regulations are applied in real-world situations. It would add a lot of value to our technical knowledge and help us see the bigger picture.

www.linkedin.com/in/tihut-solomon-a0a028245

Maria Motter is in her third and final year of studying Cyber Security at the University of Warwick. With a strong passion for digital security and risk management, she has spent her academic journey exploring various aspects of cybersecurity, from ethical hacking to governance and compliance.

Cyber Security student at the University of Warwick

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

When I first thought about studying cybersecurity, I pictured it being all about coding and hacking, the more technical aspects of the field. While those elements are definitely part of it, I’ve grown to appreciate the broader scope of cybersecurity. I’ve found myself especially drawn to studying human behavior, regulations, and the risk management side of things. It’s been fascinating to explore areas like policy, compliance, and how cybersecurity impacts organisations at a strategic level. This broader perspective has really deepened my understanding of the field.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

I’m really interested in pursuing a career in audit and risk assessment, with a particular focus on regulations and compliance. I enjoy diving into risk analysis, understanding different regulatory frameworks, and helping businesses stay aligned with the best security practices. This area feels like

a perfect fit for me because it blends my interest in the social and human side of cybersecurity with my analytical mindset, all while allowing me to make a real impact.

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

The most influential experience for me has been taking part in the Cyber 9/12 Challenge in 2024. It gave me hands-on experience in policy and crisis management, and it really solidified my passion for the governance side of cybersecurity. On top of that, I’m excited to be part of this year’s Cyber Leaders Challenge with my team, ‘Hack to the Future,’ where we’re tackling even more real-world challenges.

What aspect of your cybersecurity studies excites you the most, and why?

What excites me most is the intersection of cybersecurity, human behavior, and compliance. I find it fascinating to understand how people engage with security policies, how regulations evolve, and how organizations navigate risks. It’s a unique space where psychology, law, and technology all come together, and that mix keeps things both engaging and constantly evolving.

Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?

Yes, I’m really active in the cybersecurity community. I’m a member of the CyberWomen Groups C.I.C and also serve as the Vice-President of CyberWomen@ Warwick. Being part of these communities has been incredibly rewarding. They’ve offered me amazing networking opportunities, mentorship, and support from like-minded professionals and students. It’s been such a fulfilling part of my cybersecurity journey.

MARIA MOTTER

What is your preferred source for staying informed about cybersecurity trends and general information?

I stay updated through a variety of sources, like news outlets, cybersecurity blogs, and LinkedIn posts from industry professionals. I also keep an eye on discussions within cybersecurity communities and make sure to participate in events and competitions. These experiences give me a chance to tackle realworld challenges and gain valuable insights from others in the field.

What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?

I take a layered approach to my personal security. I use a password manager to keep my passwords strong and unique, and I always enable multi-factor authentication (MFA) wherever I can. I’m also careful about what I share online and stay alert to phishing attempts. Plus, I make sure to keep myself informed about emerging threats so I can adjust my security practices as needed.

Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?

While my academic program gives me a solid foundation, the cybersecurity field moves so quickly that staying up-to-date takes extra effort. That’s why I get involved in competitions like Cyber 9/12, engage with the community, and continually teach myself through industry resources. It’s a great way to make sure I’m always learning and keeping pace with the field.

www.linkedin.com/in/maria-motter/

Tayyeba Usman is currently pursuing a Bachelor’s in Cybersecurity (BCT) at COMSATS University Islamabad

Cybersecurity student at COMSATS University Islamabad

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest? When I want to spark someone’s interest in cybersecurity, I like to paint a picture they can relate to. I ask them to imagine being a detective—someone who pieces together clues to solve a mystery. Now, instead of physical evidence, imagine tracking cybercriminals who steal data and invade privacy without leaving a trace. It’s like a high-stakes digital chase where every decision matters.

But cybersecurity isn’t just about hackers or cybercrime—it’s woven into everything we do. From businesses and education to social media and even global politics, digital security plays a crucial role. Once people realize how much of our world depends on cybersecurity, they start to see it not just as a career but as a field full of exciting challenges and real-world impact.

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare? When I first thought about studying cybersecurity, I pictured it as a set of rules and best practices— mostly about staying safe online, preventing

data breaches, and following security protocols. I assumed it was more theoretical than hands-on.

But the deeper I got into it, the more I realized how dynamic and problem-solving-driven this field really is. Cybersecurity isn’t just about following guidelines; it’s about thinking critically, uncovering vulnerabilities, and responding to threats in real time. It directly impacts people’s lives by protecting their data, privacy, and even their trust in technology.

With digital spaces expanding rapidly, securing information is more important than ever. At its core, cybersecurity is about getting to the root of a problem and finding creative solutions—ones that not only strengthen security but also improve the overall user experience.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

Since I’m still in the early stages of my cybersecurity journey, I’m exploring different career paths, but offensive security stands out the most. I love experimenting, problem-solving, and thinking creatively—so the idea of being part of a red team excites me.

Penetration testing, in particular, fuels my curiosity. It’s all about simulating real cyberattacks to uncover vulnerabilities before actual attackers can exploit them. What I find most thrilling is that it’s not just about following a checklist—it requires designing unique attack scenarios, thinking like a hacker, and using a variety of tools to expose weaknesses.

For instance, I often use Nmap to scan open ports on networks, and for my final project in my Intro to Cybersecurity class, I created a Windows payload using Metasploit. I also work with Burp Suite for web application testing. The constant challenge of approaching security from an attacker’s perspective

TAYYEBA USMAN

makes this field both intellectually stimulating and incredibly rewarding.

Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. One of the most memorable (and slightly embarrassing) moments in my cybersecurity journey happened during my early semesters. I had lent my USB to a classmate, not thinking much of it, but when I plugged it back into my computer, a VB script ran, triggering a series of dialogue boxes claiming my system had been hacked. At the time, I had very little cybersecurity knowledge, so I panicked, genuinely believing my data was compromised.

It turned out to be a harmless prank, but the experience stuck with me. It was a wake-up call about how small security lapses can be exploited even just plugging in an untrusted device. Beyond the joke, it made me realise how critical cybersecurity is in today’s digital world. In real-life scenarios, such oversights can lead to serious consequences, from data breaches to financial loss and reputational damage. That moment fueled my curiosity and solidified my commitment to understanding cybersecurity on a deeper level. Now, I’m the one making sure systems are secure, no more easy pranks on me!

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

Beyond my academic studies, I’ve been actively involved in Capture The Flag (CTF) competitions and have even helped organise hackathons, both online and on campus. From my first semester, I realized that the best way to truly learn cybersecurity is to push yourself outside the classroom—working with others who are constantly analyzing scripts, breaking codes, and thinking like real-world attackers.

Organizing these events early on gave me firsthand exposure to the strategies and mindset of both ethical and malicious hackers, making the learning experience even more immersive.

Over my summer break, I interned as a penetration tester at OffensioX. Going into it, I had minimal industry exposure and was honestly a bit nervous, especially since it was a remote internship. But it turned out to be incredibly interactive and handson, structured as a series of real-world security challenges. Each task required either creating or exploiting vulnerabilities in software, and I spent time working on Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), and other attack vectors. One of the toughest challenges was executing a serialisation attack—I teamed up with a friend, and we spent three to four days troubleshooting and refining our approach before we finally pulled it off.

For my final project, I developed a Python-based web crawler to identify security flaws across various websites. This experience deepened my

TAYYEBA USMAN

understanding of automated security testing and vulnerability assessments. Looking back, I couldn’t have asked for a better way to spend my first summer break—I threw myself into real-world cybersecurity problems, learned through trial and error, and came out with a much stronger practical skill set.

I see certifications as a crucial part of building a strong foundation in cybersecurity, so I definitely plan to pursue several along my journey. Right now, I’m working on ISC2’s Certified in Cybersecurity (CC), which is a great entry-level certification that covers the core security principles. It’s been a solid starting point for me as I work to strengthen my fundamentals.

Looking ahead, I plan to take on CompTIA Security+, CompTIA CySA+, and EC-Council’s Certified Ethical

Hacker (CEH), since they provide a well-rounded understanding of cybersecurity concepts and ethical hacking techniques. I believe these certifications will not only boost my technical knowledge but also open doors to exciting career opportunities.

For anyone new to cybersecurity, I always recommend starting with smaller, budget-friendly certifications that offer hands-on training in niche areas. There’s so much to learn in this field, and rather than rushing, I want to take a strategic approach—aligning my certifications with my longterm career goals.

To decide which certifications to pursue, I rely on YouTube cybersecurity roadmaps, LinkedIn communities, industry articles, and insights from peers who are also navigating this space. These resources have been incredibly helpful in keeping me updated on trends and making sure I’m choosing certifications that truly add value to my skill set.

Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?

I think our coursework would be even more effective if it included more hands-on cybersecurity projects and specialized courses like Offensive Security and Web Application Security. These areas are crucial in today’s cybersecurity landscape, and having exposure to them early on would help students discover which paths align best with their interests and career goals. Practical projects, in particular, make a huge difference—they bridge the gap between theory and real-world application, allowing us to develop problem-solving skills that are essential in the field.

That being said, there are some courses, like Digital Logic Design and Applied Physics, that feel less relevant to cybersecurity. While I understand

their foundational value, they didn’t seem directly applicable to the work we’ll be doing in the industry. A cybersecurity-focused degree should prioritise core security concepts and hands-on experience over broad theoretical subjects that don’t directly contribute to industry-ready skills.

Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?

I firmly believe that having strong non-technical skills is just as important as technical expertise in cybersecurity. It’s not just about knowing how to secure systems—it’s about effectively communicating risks, working in teams, and handling high-pressure situations. Employers aren’t just looking for technical skills; they want professionals who can collaborate, solve problems, and adapt to challenges.

During my second semester, I took humanities and management courses that really broadened my perspective. My Civics and Community Engagement class, for example, made me think about how I could use my cybersecurity skills to benefit society. Meanwhile, my Professional Practices in Cybersecurity course challenged me to consider the ethical implications of things like ethical hacking and network packet interception. It made me realize that cybersecurity isn’t just about securing systems—it’s also about making responsible decisions.

Entrepreneurial skills are becoming increasingly valuable in tech-driven fields, especially with the rise of startups. Being able to market your skills, pitch ideas, and manage projects can set you apart. In the end, technical skills alone aren’t enough; strong communication, leadership, and adaptability are what truly make a well-rounded cybersecurity professional.

Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences.

When I first started my degree, I noticed there was a noticeable gender gap in my class, with a ratio of about 5:1 men to women. It was a bit discouraging at first, but I quickly realised how helpful and supportive my classmates were, and I felt encouraged by their intelligence and collaborative spirit. It’s no secret that in Pakistan, and even globally, women are underrepresented in tech-related fields.

Personally, I’ve never experienced discrimination as a woman in cybersecurity. I’ve always felt supported by my professors and senior colleagues who were eager to help and share their knowledge. I’m also passionate about inspiring other women to join the field, so I actively encourage my friends in other branches of computer science to explore cybersecurity and its potential.

Last year, I had the opportunity to lead a workshop at my former school for girls in grades 6 to 8, where we discussed cyberbullying, online safety, and the role cybersecurity plays in tackling these issues. Seeing their excitement and curiosity about the topic was incredibly fulfilling.

Although my experience has been positive, I know many women in STEM face challenges. To address this, it’s important to encourage more women to pursue careers in tech, create a supportive community where women can empower one another, and amplify their voices in media and professional spaces. By fostering this kind of environment, we can help close the gender gap and encourage even more women to thrive in fields like cybersecurity.

www.linkedin.com/in/tayyeba-usman-3939652ba/

Piyaasha Sharma is currently pursuing a Bachelor of Computer Applications (BCA) in Cyber Security at Sushant University.

Computer Applications and Cyber Security student at Sushant University

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?

Cybersecurity is like being a digital detective—you’re always uncovering hidden threats, outsmarting attackers, and protecting critical information. What excites me most about this field is how fast-paced and ever-changing it is—there’s always something new to learn, and no two days are ever the same. With technology becoming an inseparable part of our lives, cybersecurity professionals play a vital role in keeping individuals, businesses, and even entire industries safe from cyber threats. Plus, it’s a career with endless opportunities, from working with cutting-edge tech like AI and blockchain to specializing in ethical hacking or digital forensics. If you love problem-solving, thinking on your feet, and staying ahead of challenges, cybersecurity is an incredibly fulfilling and impactful path to pursue.

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

When I first thought about cybersecurity, I pictured it just like in the movies—hackers in hoodies typing furiously, breaking into systems within seconds. I assumed it was all about coding and ethical hacking. But once I started studying the field, I quickly realized

it’s so much more than that. Cybersecurity includes everything from risk management and digital forensics to compliance and network security. It’s not just about technical skills either—critical thinking, strategic problem-solving, and clear communication are just as important. The deeper I dive into this field, the more I appreciate how vast and complex digital security truly is.

When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

At first, my parents were supportive but a little unsure about what cybersecurity actually involved or if it was a stable career choice. They had questions, just like many people do when they hear “cybersecurity” for the first time. On the other hand, my peers and faculty were much more encouraging—they understood how fast the field is growing and the opportunities it offers.

Some people did ask whether I’d face challenges in a male-dominated industry, but rather than discouraging me, it only fueled my determination. I tackled any doubts by diving deeper into research, connecting with professionals, and proving—through my own learning and experiences—that cybersecurity is for anyone with the skills and passion for it. Over time, as my parents saw my dedication and the increasing demand for cybersecurity professionals, they became much more confident in my choice.

I’m planning to earn certifications like Certified Ethical Hacker (CEH) or CompTIA Security+ to build my practical skills and strengthen my credibility in the

PIYAASHA SHARMA

industry. What I love about certifications is that they go beyond theory—they offer hands-on experience and validate real-world expertise, making you stand out in a competitive job market. Since cybersecurity is such a skill-driven field, I see certifications as a great way to gain deeper, more technical knowledge. Right now, I’m exploring which ones align best with my long-term goals, but I know they’ll play a key role in shaping my career.

Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?

Cybersecurity moves fast—new threats, attack techniques, and defense strategies emerge almost daily. While my academic program does a great job of covering the fundamentals, I’ve noticed that university coursework can sometimes lag behind real-world industry advancements. Theoretical

knowledge is important, but in a field this dynamic, hands-on experience is just as crucial. That’s why I make it a priority to supplement my studies with industry resources, certifications, and online courses. I also follow cybersecurity blogs and communities to stay updated. My degree gives me a solid foundation, but staying ahead requires constant learning beyond the classroom.

What aspect of your cybersecurity studies excites you the most, and why?

What excites me most about cybersecurity is the hands-on challenge of ethical hacking and penetration testing. There’s something thrilling about stepping into the mindset of an attacker, uncovering vulnerabilities, and strengthening security before real threats can exploit them—it feels like a highstakes game of chess. I also have a deep interest in digital forensics, where you piece together clues from cyber incidents to track down the source of an

PIYAASHA SHARMA

attack. What makes this field even more meaningful is its real-world impact—every skill I learn contributes to protecting people’s privacy and securing digital spaces. It’s like unlocking a new level in safeguarding the online world.

Conversely, which aspect of your studies do you find least interesting or useful, and how do you navigate through it?

I find compliance and policy-related topics the least exciting because they tend to focus more on regulations and documentation rather than hands-on problem-solving. While I understand their importance in governance and legal frameworks, I personally enjoy the more technical and interactive aspects of cybersecurity. That said, I know these areas are essential for ensuring security measures are properly implemented and enforced, so I make an effort to stay informed—even if it’s not my favorite part of the field.

Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences.

I haven’t faced outright discrimination, but I have noticed the gender gap in cybersecurity, especially in discussions and events. Occasionally, I’ve felt that some people assume I might not be as technically skilled just because I’m a woman, which can be frustrating. Instead of letting it discourage me, I focus on proving my abilities through hands-on projects and continuous learning. Fortunately, I’ve also connected with many supportive professionals who value skill over stereotypes. It’s encouraging to see more companies actively promoting diversity and creating opportunities for women in cybersecurity.

What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?

I take my personal security seriously by using strong, unique passwords and enabling two-factor authentication (2FA) on all my accounts. A password manager helps me keep track without the temptation to reuse passwords. I’m also mindful of where and how I connect online—I avoid public Wi-Fi for anything sensitive and always use a VPN when necessary. Keeping my software updated is a habit, as it helps patch vulnerabilities before they can be exploited. Plus, I stay alert for phishing attempts, double-checking links and emails before clicking or downloading anything suspicious.

www.linkedin.com/in/piyaasha-sharma-84366019a

BY AUSTRALIAN AUTHOR CRAIG FORD

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?

Cybersecurity feels like being a digital detective— you’re always piecing together clues and protecting people from cyber threats. What I love about it is that no two days are alike. One day, you’re thinking like a hacker, and the next, you’re building defenses to stay one step ahead. With everything moving online, there’s a growing need for cybersecurity professionals, making it an exciting and rewarding career path to explore!

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

When I first got into cybersecurity, I thought it was all about hacking into systems and uncovering vulnerabilities. While that’s definitely part of it, I soon discovered that the field is so much more. It involves areas like threat intelligence, digital forensics, and incident response. Now, as a Security Engineer Intern, I get to see how cybersecurity brings together technical skills, problem-solving, and teamwork to keep systems safe. It’s been an eye-opening experience, and I’m excited to keep learning and growing in this field!

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

I am aiming to become a Cyber Threat Intelligence Analyst or a Security Operations Center (SOC) Analyst. What excites me the most is investigating cyber threats, analyzing attack patterns, and responding to security incidents. There’s something incredibly rewarding about staying one step ahead of cybercriminals and helping organizations stay secure. It’s a field that keeps me on my toes, and I’m excited about the challenges it brings!

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

Platforms like ‘Let’s Defend’ and hands-on labs from ‘HackTheBox’ have been huge in helping me build my skills. I’ve also learned a lot from industry professionals sharing their experiences on LinkedIn and Medium, which has encouraged me to explore various areas within cybersecurity. My current internship at Toyota Tsusho Systems India has been a game-changer, giving me real-world insights into security operations and deepening my understanding of how things work in the field. My two friends Sahil and Shaurya, also my classmates have helped me throughout my journey.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

I recently started my journey as a Security Engineer Intern at Toyota Tsusho Systems India, where I’m getting hands-on experience with security operations. I’ve also worked on projects related to malware analysis, SOC research, and threat intelligence. One project I’m particularly proud of involved developing a malware detection tool, allowing me to apply my knowledge in a real-world setting.

The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue

VIDHI PATEL

Vidhi Patel is currently pursuing her M.Sc. in Cyber Security at National Forensics Sciences University.

Cyber Security student at National Forensics Sciences University

any of these certifications? If so, which ones, and what factors influenced your choice?

I’ve completed certifications like the Blue Team Junior Analyst, Incident Handler, and SC-200, which have helped me build a solid foundation in threat detection and response. Looking ahead, I’m excited to pursue GIAC certifications and CISSP to deepen my technical expertise and continue growing in the field.

Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?

My program at the National Forensic Sciences University gives me a strong foundation, but since cybersecurity is always changing, I make sure to stay up-to-date by diving into real-world threat intelligence reports, participating in CTFs, and checking out security research from platforms like Cisco Talos and Malware Bazaar.

What aspect of your cybersecurity studies excites you the most, and why?

Threat intelligence and malware analysis excite me the most. Understanding attacker tactics and dissecting malware samples feels like solving a highstakes puzzle. It’s thrilling to uncover hidden threats and help organizations build stronger defenses.

Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges? Reverse engineering and advanced cryptography can be tough, but I tackle these challenges by taking structured online courses, joining CTFs, and applying what I learn to real-world scenarios whenever I can. This helps me better understand and master these complex topics.

Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?

Absolutely! Communication and management skills are key in cybersecurity, especially when you need to explain technical details to non-technical people. I’m always working on improving my report writing and presentation skills to make sure I can effectively communicate my findings and bridge that gap.

Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?

Yes, I’m actively involved in the ‘Let’s Defend’ platform, participate in cybersecurity forums, and write security blogs on Medium. Being part of these communities allows me to stay current with the latest trends, share insights, and connect with other professionals in the field. It’s a great way to keep learning and growing!

What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?

I make sure to use multi-factor authentication (MFA), rely on a password manager to keep my credentials safe, and regularly update my software to patch any vulnerabilities. I’m also mindful of my online presence and take steps to limit my digital footprint, especially when it comes to sharing personal information.

Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?

Yes, I’ve applied for several cybersecurity roles, including my current position as a Security Engineer Intern at Toyota Tsusho Systems India. During the interview process, I quickly realised that technical skills are important, but so are soft skills like problem-solving and effective communication. It was a great reminder of how well-rounded you need to be in this field.

www.linkedin.com/in/vidhi-patel-197474220

medium.com/@patelvidhi4288

Vema Oluoch is currently pursuing an MSc in Information Systems Security at Strathmore University.

Information Systems Security student at Strathmore University

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

When I first thought about cybersecurity, I pictured it as a world of coding and battling hackers in dark rooms filled with glowing screens—just like in the movies! But once I got into it, I realised it’s so much more than that. While the technical side is important, cybersecurity is also about strategy, problem-solving, and teamwork. It’s not just about fixing vulnerabilities; it’s about anticipating threats, protecting people, and constantly learning. What surprised me the most is how much I enjoy the human side of it—mentoring others, raising awareness, and collaborating to build stronger defenses. It’s turned out to be even more exciting and rewarding than I expected!

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

I see myself thriving in blue team roles like Security Operations Center (SOC) Analyst, Incident Response Analyst, or Threat Intelligence Analyst because I love the challenge of defending systems, detecting threats, and responding to incidents in real time. I’m also interested in roles like IT Risk Officer and Information Systems Auditor, where I can help organizations identify vulnerabilities, manage risks, and ensure compliance with security standards.

Beyond that, the investigative side of cybersecurity fascinates me, which is why Fraud/Forensics Analyst roles appeal to me—I enjoy uncovering digital evidence and piecing together cybercrime cases. On the other hand, the idea of embedding security directly into the development process makes DevSecOps Engineering another exciting path. What ties all of these interests together is my passion for solving complex problems, protecting critical assets, and making a real impact in securing the digital world. I’m excited to see where my skills and curiosity lead me!

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

My cybersecurity journey has been shaped by incredible mentors and hands-on experiences. David Omasete has been a guiding force, always pushing me to sharpen my technical skills and introducing me to valuable learning opportunities. Brencil Kaimba, through her company Scratch and Script, has connected me with industry professionals, giving me a broader perspective on the field and expanding my network in ways I never expected.

Beyond technical knowledge, their mentorship has taught me the importance of collaboration, continuous learning, and paying it forward by helping others. Through initiatives like Cybershujaa, I’ve been able to apply what I’ve learned in real-world scenarios, reinforcing my passion for cybersecurity. Their support has solidified my commitment to protecting systems, tackling emerging threats, and contributing to a more secure digital world.

VEMA OLUOCH

I’ve always believed that cybersecurity is a field where continuous learning is key, so I’ve pursued several certifications to strengthen my expertise. Earning my Certified Ethical Hacker (CEH) certification gave me valuable insight into how attackers think, which has helped me build stronger defenses. The ISO/IEC 27001:2022 Lead Implementer certification provided me with a solid foundation in security management systems, allowing me to understand how organizations can develop and maintain robust security frameworks. Additionally, my Data Protection certification aligned with my passion for safeguarding sensitive information—something that’s more important than ever in today’s data-driven world.

Looking ahead, I plan to pursue CompTIA Security+, Computer Hacking Forensic Investigator (CHFI), CISA, CRISC, and CISSP to further expand my knowledge and open up new opportunities in cybersecurity. Each certification has been a stepping stone, equipping me with the practical skills needed to navigate real-world security challenges and stay ahead in this fast-evolving industry.

Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?

My academic program at Strathmore University has given me a strong foundation in cybersecurity, covering key areas like risk management, network security, and cryptography. However, cybersecurity is a field that evolves rapidly, often outpacing traditional academic curricula. That’s why I’ve made it a priority to continuously learn beyond the classroom.

To stay ahead, I’ve pursued certifications like CEH and ISO/IEC 27001:2022, worked

on Vulnerability Assessment and Penetration Testing (VAPT) projects, and actively followed industry trends through blogs, webinars, and professional networks. This combination of formal education and hands-on experience has helped me bridge the gap between theory and real-world challenges, ensuring I’m always growing and adapting in this ever-changing field.

Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?

I think cybersecurity education could benefit from a stronger focus on hands-on, real-world training. While foundational knowledge is important, more emphasis on incident response, threat hunting, and cloud security would better prepare students for the challenges they’ll face in the industry.

At the same time, governance and compliance frameworks like GDPR and NIST are becoming increasingly important in today’s regulatory landscape, yet they don’t always get the attention they deserve in traditional coursework. On the other hand, some theoretical topics—especially those covering outdated technologies—could be

streamlined to make room for more relevant content, such as AI-driven cyber threats and IoT security risks. Striking the right balance between theory and handson learning would ensure students graduate with both the knowledge and the practical skills needed to thrive in the field.

Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?

I truly believe that non-technical skills—like communication, leadership, and project management—are just as vital as technical expertise in cybersecurity. This field isn’t just about solving security challenges; it’s also about working with diverse teams, explaining complex concepts to nontechnical stakeholders, and driving security initiatives within organizations.

Effective communication helps build trust and ensures that cybersecurity is seen as a shared responsibility, not just an IT issue. Leadership and management skills are equally important, whether it’s mentoring junior professionals, managing security projects, or aligning security strategies with business objectives.

I’ve been actively developing these skills through mentorship programs like Mobigirlz and collaborative projects at iLab Africa, and I plan to invest in further training in leadership and conflict resolution. My goal is to not just secure systems but also to inspire teams and create a culture of cybersecurity awareness wherever I go.

www.linkedin.com/in/vemaoluoch

VEMA OLUOCH

How We Got Cyber Smart addresses cyber safety, cyber bullying and online safety for elementary school-aged children.

Lisa has partnered with Cool.Org , and her content is found on the Department of Education website .

LISA ROTHFIELD-KIRSCHNER

Author of

How We Got

Cyber Smart | Amazon Bestseller

Olivia and Jack navigate security platforms

(Thisstoryisrecommendedfor10+)

Olivia and Jack enjoyed playing online games, watching MeTube videos and chatting with their friends on InstaChat. However, Olivia’s and Jack’s mother and father were very concerned about online safety and the dangers of cyberbullying. To protect them, their parents set up parental controls on Olivia’s and Jack’s devices. This meant Olivia and Jack were not always able to play the games they heard about from their friends at school.

Olivia and Jack had just started a new term at school and there was a lot of talk about a new game called ‘FishAttack’ that had an age recommendation of 15+. They both knew the parental control platforms their parents had installed on their devices would not allow them to download the game.

They wondered if they could use a trick they had heard about from their cousin Charlie to bypass the parental controls. Olivia said “Jack, let’s give it a try! I REALLY want to have a go at the game!”

Jack exclaimed, “We’ll get into trouble!” but Olivia wasn’t going to budge and said “Don’t worry, I’ll just say it was my idea.”

Reluctantly, Jack agreed. “I guess we can try…” Jack was curious to see what the new game was all about. Olivia shrieked “Yippee, I’ve heard its awesome!”

They then used their sleuthing skills to learn about VPNs, proxy servers and other tricks that could help them access restricted games and content. A little while later they had managed to bypass the parental controls and download ‘FishAttack’.

“I can’t believe we did it!” Olivia whispered, feeling very satisfied with herself.

Not long after they had set up a profile on the new game they started getting threatening messages and inappropriate content from strangers. They both started feeling uncomfortable and scared. The strangers were asking them for photos of themselves and their home address. Olivia and Jack knew this was wrong and dangerous.

That evening after dinner Olivia and Jack confessed to their parents what they had been up to in the afternoon. “Mum, Dad, we need to tell you that we did something very wrong, and we broke our family tech agreement,” sobbed Olivia.

Their parents listened attentively as Olivia and Jack explained how they had bypassed the parental controls to see what the new game was all about, and how they had been asked for photos and their home address.

“We understand why you set up the parental controls now,” Jack admitted. “We thought it would be fun to bypass them, but it wasn’t. We saw things we didn’t want to see and got messages that scared us.”

Their parents gave them a hug and responded: “We’re glad you told us. The internet can be a wonderful place to gather knowledge and connect with our friends and family, but it can also be dangerous. That’s why we set up the parental controls: to keep you both safe. It’s important to have boundaries to protect you from cyberbullying, inappropriate content and other dangers. We want you to enjoy the internet, safely.”

Olivia and Jack soon realised the parental rules were there for a good reason: to try and protect them, not limit their fun.

Their parents then added: “We are going to update the parental controls and use stronger passwords. We’ll also have regular check-ins to talk about your online experiences and any concerns you might have.”

Their mother added, “And remember, if you ever feel uncomfortable, or see something

that bothers you online, come to us right away. We’re always here to help you.”

Olivia and Jack respected the parental controls and appreciated the safety they provided. They still enjoyed their online adventures and felt more secure knowing their parents were looking out for them.

And so Olivia and Jack learnt the importance of online safety and the value of their parents’ guidance. They continued to explore the internet, but with a newfound understanding of the need for balance and protection.

Ihopeyouenjoyedthisstory!Doyouthink thiscautionarytalewillhelpthechildren inyourlifeunderstandwhywehave parental controls?

www.linkedin.com/in/lisarothfield-kirschner

howwegotcybersmart.com

WOMEN IN SECURITY MAGAZINE CONTRIBUTORS

1. AMANDA-JANE TURNER

Author of the Demystifying Cybercrime series and Women in Tech books. Conference Speaker and Cybercrime specialist

2. BLESSING EZEOBIOHA

Digital forensics and Threat intelligence at TEknowledge

3. ELLAINA KRIKETOS

Junior Cyber Security Advisor at RightSec

4. PHIDLORAH MCHARO

Internship at cyblack

5. MOKUTIMA AKPAN

GRC Analyst

6. CHISOM OBINNA

Cybersecurity Analyst at cyblack

7. TRACY GOODHUE Founder, More Good Solutions

8. BLESSING ISAIAH

Cybersecurity Analyst, Penetration Tester

9. TOMI OLAIYA

Cyber Security Analyst

10. NIKE NSIKAK-NELSON

Cyber security professional

11. NANCY MURIITHI

Lead Cybersecurity Architect

12. VALERIA VILLALOBOS MARTINEZ

Senior Security Consultant

13. ABISOLA OLORUNNISHOLA Cyber Security Analyst

14. CRAIG FORD

15. LISA VENTURA Founder, Cyber Security Unity

16. ANNIE-MEI FORSTER

Senior GRC consultant at Securus Consulting Group

17. JO STEWART-RATTRAY

Oceania Ambassador, ISACA

18. OLAMIDE ELIZABETH FALOWO

GRC Analyst/Advocate for Women in Tech.

19. KAREN STEPHENS

CEO and co-founder of BCyber

20. MADHURI NANDI

Head of Security - Nuvei Co-Chair AWSN

21. KESHANI BOGAHAWATTE

Senior Executive in Information Systems Audit with expertise in IT risk governance, cybersecurity, and audit assurance

22. SIMON CARABETTA

Simon is a former high school Media Studies and English teacher turned Cyber Security Advocate.

23. TIHUT SOLOMON

Cybersecurity student at the University of Colorado, Denver

24. MARIA MOTTER

Cyber Security student at the University of Warwick

25. TAYYEBA USMAN

Cybersecurity student at COMSATS University Islamabad

26. PIYAASHA SHARMA

Computer Applications and Cyber Security student at Sushant University

27. VIDHI PATEL

Cyber Security student at National Forensics Sciences University

28. VEMA OLUOCH

Information Systems Security student at Strathmore University

29. LISA ROTHFIELD-KIRSCHNER

Author of How We Got Cyber Smart | Amazon Bestseller

THE LEARNING HUB

CYBER WARDENS LEVEL ONE

The course comes with an interactive Reflections notebook that provides an opportunity to make notes about cyber safety measures that can be implemented to keep the business cyber safe. VISIT HERE

INTRODUCTION TO INFORMATION SECURITY

In this free CISSP course, you'll grasp the fundamentals of CISSP. You'll start by understanding information security, where you'll learn to safeguard data and systems. Then, you'll explore risk management, mastering the art of identifying and mitigating security risks. Next, you'll delve into asset security, discovering ways to protect valuable assets.

VISIT HERE

INTRODUCTION TO CYBER ATTACKS

This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades. VISIT HERE

CYBERSECURITY BASICS

Cyberattacks have surged by 71% and are predicted to continue increasing. This alarming statistic highlights the continued demand for cybersecurity professionals. Jumpstart your cybersecurity career with this introductory IBM course, which introduces you to fundamental cybersecurity concepts, threats, and preventive measures. VISIT HERE

COMPUTER FORENSICS

In this course, you will learn the principles and techniques for digital forensics investigation and the spectrum of available computer forensics tools. You will learn about core forensics procedures to ensure court admissibility of evidence, as well as the legal and ethical implications. You will learn how to perform a forensic investigation on both Unix/Linux and Windows systems with different file systems. You will also be guided through forensic procedures and review and analyze forensics reports.

VISIT HERE

MANAGING CYBERSECURITY INCIDENTS AND DISASTERS

Most organizations plan for routine operations, but what happens when unexpected events overtake the routine? This course examines contingency planning used to prepare for and manage non-normal operations, including cybersecurity incidents – like hacking attempts, web site defacement, denial of service attacks, information disclosures; a well as other natural and man-made cybersecurity disasters.

VISIT HERE

NIST - CYBER SECURITY FRAMEWORK (CSF) FOUNDATION

The National Institute of Standards and Technology (NIST) is a physical sciences laboratory and a non-regulatory agency of the US Department of Commerce. In this free online course, you will learn about NIST’s Cybersecurity Framework (CSF) and understand its impact on the industry. You will also study NIST’s SP 800-53, a catalogue of security and privacy controls for all US federal information systems outside national security.

VISIT HERE

IT FUNDAMENTALS

This module covers the essential building blocks of IT, providing a solid foundation for cybersecurity. You will explore key topics such as computer hardware, operating systems, and basic networking concepts that are critical to understanding how modern IT systems function. This knowledge forms the basis for further cybersecurity learning.

VISIT HERE

THE LEARNING HUB

ENTRY-LEVEL CYBERSECURITY TRAINING + CERTIFICATION EXAM

ISC2, the leading membership association within the cybersecurity industry, provides ongoing training and certifications, and live events, for its members and those who are interested in carving their career in the industry. One recent initiative is their Certified in Cybersecurity training and exam, which is free of charge for a limited time, and is part of their goal to get one million professionals into cybersecurity.

VISIT HERE

CYBERSECURITY FOR BUSINESSES – THE FUNDAMENTAL EDITION

This course is designed to give you the tools you need to begin with the task of protecting your business or company. Understanding these key concepts is the foundation for protecting businesses of all shapes and sizes. In the first section, we will cover the differences between Small and Medium Businesses and why it is important to mitigate the risk. Lastly, we will address what is the problem and why small businesses are the target of hackers.

HERE

GOOGLE CYBERSECURITY PROFESSIONAL CERTIFICATE

Prepare for a new career in the high-growth field of cybersecurity, no degree or experience required. Get professional training designed and delivered by subject matter experts at Google and have the opportunity to connect with top employers.Organizations must continuously protect themselves and the people they serve from cyber-related threats, like fraud and phishing. They rely on cybersecurity to maintain the confidentiality, integrity, and availability of their internal systems and information.

VISIT HERE

SECURITY OPERATIONS FUNDAMENTALS

These courses cover the daily life of a SecOps analyst, the six elements of security operations, and how SOAR technology simplifies cybersecurity response and prevention. They introduce endpoint protection with the Cortex XDR agent, which combines behavioral protection and AI-based analysis to stop advanced attacks.

HERE

VISIT

FUTURE WOMEN LEADERSHIP SERIES

With Helen McCabe

Leadership takes courage and resilience. Host and founder of Future Women, Helen McCabe shares insights from some of the most influential women on the sometimes complex challenges faced by women on the path to senior leadership.

THE COURAGEMAKERS PODCAST

With Meg Kissack

Couragemakers is a weekly podcast for creative and passionate,mission-driven doers, makers and world-shakers designed to inspire and encourage fellow couragemakers, and spark a movement of women who are choosing themselves.

JOURNEY INTO CYBERSECURITY

With Cathy Olieslaeger

Put yourself in the shoes of a cybersecurity professional starting with when they were just a little kid and had no clue what cybersecurity even was. Meander with them along their journey and learn from their experience how to become a cybersecurity professional.

CYBER SECURITY INSIDE

With Camille Morhardt

Cyber Security is no longer a topic that is addressed only by programmers and coders. CISOs and their executive peers need to think about 'Cyber Security' differently. In this podcast, Tom Garrison, Vice President and GM of Client Security Strategy and Initiatives, will discuss relevant topics in clear, easy to understand language.

SECURITY UNFILTERED

With Joe South

Cyber Security can be a difficult field to not only understand but to also navigate. Derrick and Joe are here to help with over 20 years of combined experience. With this podcast we hope to help more people get into IT and Cyber Security as well as discussing modern day Cyber Security topics you may find in the daily news. Come join us as we learn and grow together!

RECORDED FUTURE

With Click Here

The podcast that tells true stories about the people making and breaking our digital world. We take listeners into the world of cyber and intelligence without all the techie jargon. Every Tuesday and Friday, former NPR investigations correspondent Dina TempleRaston and the team draw back the curtain on ransomware attacks, mysterious hackers, and the people who are trying to stop them.

KBKAST THE VOICE OF CYBER

With Karissa Breen

The Voice of CyberKBKast brings you interviews, discussions, and presentations from global leaders across information security and emerging technology. We spend time understanding what they do, and unpacking their thoughts on the constantly evolving technology and people elements in the security industry as they pertain to an executive audience.

CLICK TO LISTEN

THE CYBER SECURITY TRANSFORMATION PODCAST

With Jean Christophe Gaillard

C Gaillard and his guests share their views on both the interesting cybersecurity news stories of the week and their own experiences. Now entering its fourth series with a stronger focus on cyber security leadership, governance and related board-level matters. Released every Thursday.

SECURITY, SPOKEN

With Lauren Goode, Michael Calore and Leah Feiger

Get in-depth coverage of current and future trends in technology, and how they are shaping business, entertainment, communications, science, politics, and society.

CYBER SECURITY TALKS

With Laurens Jagt

The interview podcast for cyber security professionals and for those who aspire to become one. We interview industry experts to get to know the latest trends, real life war stories and everything you need to know about this exciting industry. CLICK

CLICK

CYBERSECURITY SIMPLIFIED

With Susanna Song

Cybersecurity Simplified aims to demystify cybersecurity and make it understandable to business people and managed services providers who aren't security experts. We explore the latest cybersecurity trends, threats and news with the insight and perspective of CTO David Barton of Overwatch Managed Security by High Wire Networks.

NO PASSWORD REQUIRED

With Cyber Florida

The No Password Required Podcast connects with the cybersecurity industry's most interesting professionals and shares their stories. No Password Required covers a variety of tech topics, from the cyber-related challenges facing law enforcement to the advent of quantum computing, this podcast explores the people and topics at the forefront of the field.

CLICK TO LISTEN

CONFIDENT CYBER SECURITY

Author // Jessica Barker

Confident Cyber Security is here to help. This jargon-busting guide will give you a clear overview of the world of cyber security. Exploring everything from the human side to the technical and physical implications, this book takes you through the fundamentals: how to keep secrets safe, how to stop people being manipulated and how to protect people, businesses and countries from those who wish to do harm.

BUY THE BOOK

KINGDOM OF LIES: UNNERVING ADVENTURES IN THE WORLD OF CYBERCRIME

Author // Kate Fazzini

Kingdom of Lies follows the intertwined stories of cybercriminals and ethical hackers as they jump from criminal trend to criminal trend, crisis to crisis. A cybersecurity professional turned journalist, Kate Fazzini illuminates the many lies companies and governments tell us about our security, the lies criminals tell to get ahead, and the lies security leaders tell to make us think they are better at their jobs than they are.

BUY THE BOOK

CYBER SMART: PROTECT YOURSELF ONLINE

Author // Madhuri Nandi

The internet is full of exciting adventures—but also risks. From social media pitfalls to online scams, kids need the right skills to stay safe. Enter Manas, the Cyber Champion!More than just a character, Manas represents a mindset—one of awareness, responsibility, and cyber smarts. This engaging book helps kids (ages 5-16) navigate the digital world with confidence. What’s Inside? Cyberbullying Defense—Recognize and respond to online bullying. Social Media Safety – Protect personal info and post wisely. Gaming Security—Stay safe from online scams and predators. Click Wisely!— Avoid phishing and malware traps. Digital Peer Pressure Shield – Make smart choices online. With fun stories, expert tips, and interactive activities, this book equips kids with essential cybersecurity skills—turning them into true Cyber Champions!

BUY THE BOOK

TRIBE OF HACKERS: CYBERSECURITY ADVICE FROM THE BEST HACKERS IN THE WORLD

Authors // Marcus J. Carey and Jennifer Jin

Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World is your guide to joining the ranks of hundreds of thousands of cybersecurity professionals around the world. Whether you’re just joining the industry, climbing the corporate ladder, or considering consulting.

BUY THE BOOK

QUIET: THE POWER OF INTROVERTS IN A WORLD THAT CAN'T STOP TALKING

Author // Susan Cain

In Quiet, Susan Cain argues that we dramatically undervalue introverts and shows how much we lose in doing so. She charts the rise of the Extrovert Ideal throughout the twentieth century and explores how deeply it has come to permeate our culture.

BUY THE BOOK

RESILIENCE: A STORY OF COURAGE, LOVE, HOPE AND FAITH

Author // Lucia Mare

Step into the remarkable journey of Lucia, a woman whose unyielding spirit carried her through immense challenges and profound triumphs. Born in communist Romania, Lucia’s story spans continents, hardships, and heartwarming connections, reminding us that resilience can transform even the darkest moments into opportunities for growth and hope.

BUY THE BOOK

THE

COURAGE TO BE CREATIVE: HOW TO BELIEVE IN YOURSELF, YOUR DREAMS AND IDEAS, AND YOUR CREATIVE CAREER PATH

Author // Doreen Virtue

You were born creative. If you don’t feel creative or your creative pursuits haven’t worked out, Doreen Virtue’s newest book can help. Doreen, the best-selling author of more than 100 books, card decks, and audio programs, shows you how to gain 10 forms of courage that lead to creativity, including the courage to be yourself.

BUY THE BOOK

IGNITE YOUR LIGHT: A SUNRISE-TO-MOONLIGHT GUIDE TO FEELING JOYFUL, RESILIENT, AND LIT FROM WITHIN

Author // Jolene Hart

Each page of this book is packed with inspiration and insights on the central role of energy in the way you look, feel, and experience life. Ignite Your Light guides you to seek more of what lights you up, to grow the resilience of your mind, body, emotions, and spirit, and to refresh your routine from sunrise to moonlight.

BUY THE BOOK

THE CYBER EFFECT

Author // Mary Aiken

Dr. Mary Aiken’s book, “The Cyber Effect,” builds on her experience as a forensic cyberpsychologist to develop an honest pioneering book on how cyberspace influences how humans feel, think, and behave. You’re in for a treat if you’re interested in learning about the mental process that goes into the conceptualisation of technology.

BUY THE BOOK

TIMMY'S TECHNOLOGY ADVENTURE: THE SECRET OF CYBERSECURITY SEA

Author // Professor Pixel

In "The Secret of Cybersecurity Sea," the second installment of "Timmy's Technology Adventure," our brave young explorers Timmy, Max, and Lily set sail on a digital ocean to unravel the mysteries of online safety and cybersecurity. Guided by the magical Tech Stone, they embark on an enlightening voyage across the vast and turbulent Cybersecurity Sea.

BUY THE BOOK

AVA & THE MYSTERY TABLET: FUN CYBERSECURITY FOR KIDS

Author // Dino Bytes

Join Ava on her epic adventure in a jurassic park themed ancient land as she teams up with her dinosaur friends to uncover the secrets of the mysterious tablet. Ava & The Mystery Tablet is the perfect blend of excitement and education, making complex topics like online safety easy and fun for young and curious minds.

BUY THE BOOK

SEE YOURSELF IN CYBERSECURITY: A BOOK ABOUT CAREERS IN CYBERSECURITY FOR THE NEXT GENERATION

Author // Zinet Kemal

As a cybersecurity professional, YOU can play the role of a superhero who fights against hackers and cybercriminals to keep information, systems, networks, and applications safe from harm. It's a fulfilling career that requires you to stay one step ahead of the "bad guys" and help protect the digital world.

BUY THE BOOK

WHAT IS ADVANCED THREAT PROTECTION?

By Hacker combat

Hacker Combat is another good place to get comprehensive cybersecurity news, reviews, and analysis. The range of topics highlighted is wide: ransomware protection, antivirus software, blockchain technologies in security, and much more.

READ BLOG

HACKING VISION

By Hacking Vision

Hacking Vision is a cybersecurity blog with a vision to bring a community of white hat security experts together to learn and gain knowledge. In this blog, you can find detailed info about ransomware protection, wireless security, and much more. HackingVision has a great focus on technology and modern cybersecurity trends.

READ BLOG

TECH DAY

By Security Brief Australia

SecurityBrief Australia is focused on cybersecurity and cyberattack news. Its readers include business and enterprise security decisionmakers. Security Brief Australia is a purely digital publisher that aspires to be the leading source of technology news globally. We run an extensive network of technology news websites throughout the globe, with sites in Asia, Australia and New Zealand.

READ BLOG

SECURITY AND PRIVACY CONCERNS

CHALLENGE PUBLIC

SECTOR’S EFFORTS TO

MODERNIZE

By Help Net Security

Help Net Security is another great place to read about cybersecurity. More than a hundred new articles with industry news are published each week. Here you can find recent cybersecurity news, analytics, and useful cybersecurity tips.

READ BLOG

BRIDGING THE CYBER SKILLS GAP

By Code First Girls

To bridge the cyber skills gap, companies need alternative pathways. Building pipelines through boot camps and targeted upskilling can help. This blog will explore how cybersecurity training tackles the skills gap while strengthening workforce diversity and resilience.

READ BLOG

CYBERSECURITY OPERATIONS

By Dark Reading

DarkReading is one of the most well-known sites, dedicated to cybersecurity. Here you can find security-related news on many topics: Apps, IoT, Cloud, and much more. DarkReading Twitter account has more than 200k followers, a very solid number for the cybersecurity industry. The blog is constantly updated, with more than 30 new posts published every week.

READ BLOG

YOU DESERVE TO BE SEEN AND HEARD

By Bernadette Wagner

Prime Time for Women, a nonprofit that promotes healthy aging through research-based programs that foster positive social connections and healthy lifestyles, believes every woman deserves to be seen and heard…and when they are, they inspire others.

THE SOCIAL ENGINEER BLOG

By Security Through Education

Security Through Education is one of the best information security blogs. The main focus here is the social side of data loss. This blog educates about social engineering attacks and ways to prevent them.

SECURINGTOMORROW

By McAfee

SecuringTomorrow is a blog by McAfee, one of the biggest security software providers. The blog often provides original research or statistics, dedicated to cyber threats and protection from them. The blog has sections for both individual and business users.

HOW WE KEPT THE GOOGLE PLAY & ANDROID APP ECOSYSTEMS SAFE IN 2024

By Google Security Blog

Don’t get tricked with the simple design of Google Online Security Blog. Here you can find the cybersecurity news and in-depth insights from Google. Usually, there are 2 or 3 new posts each month. Some of them are dedicated to general cybersecurity topics, while others cover specific ones, like Android mobile platform security.

READ BLOG

THE GROWING NEED FOR CYBER SECURITY SERVICES

By Misbah Habib

Can small businesses afford enterprise-level protection? Yes, small businesses can access enterprise-grade cybersecurity solutions at affordable prices. Many providers offer scalable, subscription-based services designed to fit the budget and needs of smaller businesses, providing comprehensive protection without the high costs typically associated with large-scale security measures.

EXPOSING THE HIDDEN RISKS OF BROWSER EXTENSIONS: CYBERHAVEN’S BREACH UNVEILED

By Spinbackup Blog

Yep, that’s the blog you are reading now. Spinbackup is a San Francisco-based cybersecurity and cloud-to-cloud backup solutions provider for SaaS data.in our blog, you can read about cybersecurity threats and ways to protect your data from them. Also, we provide Office 365 and G Suite admin guides, analysis, and other helpful information for IT professionals.

READ BLOG

READ BLOG

JOB BOARD

HEAD OF WEB APPLICATION SECURITY & PROTECTION | HSBC

FULL

TIME

HYBRID CHINA

PRINCIPAL RESPONSIBILITIES

Our Technology teams work closely with HSBC’s Global Businesses and Markets to design, build and run digital services that allow millions of our customers around the world to bank quickly, simply and securely. We run and manage Technology infrastructure, datacentres and core banking systems that power the world’s leading international bank, with one of the largest technology estates in the industry. We are looking for a Cybersecurity leader to join us to shape our long-term strategy, and turbo-charge delivery, as the accountable owner for Web Application Security & Protection (WASP) across the bank. This senior role reports directly to the Global Head of Network Security.

• Strategy: Define and maintain our global strategy for WASP, supported by engineers, platform owners, architects and Control Owners, enabling business success, meeting regulatory expectation and best practise, whilst responding to current and likely threat actor evolution.

• Delivery: Own the investment roadmap for WASP and its successful delivery across multiple partners.

CYBER SECURITY SPECIALIST | CYBERR

FULL TIME CANADA

ROLE OVERVIEW:

We are seeking a highly motivated Cyber Security Specialist to help strengthen our clients' security posture and ensure the confidentiality, integrity, and availability of their critical information systems. In this role, you will be responsible for implementing and managing security measures, analyzing security risks, and responding to security incidents. You will work closely with other teams within the organization to provide guidance on security best practices and to ensure a proactive defense against cyber threats.

KEY RESPONSIBILITIES:

• Implement, configure, and manage security tools and technologies (e.g., firewalls, intrusion detection/ prevention systems, endpoint protection).

Ensure the transparent prioritisation of a common backlog to drive risk reduction, simplification and wider strategic needs. Ensure risk-risk trade-offs are managed, particularly risk mitigation and operational needs.

• Innovation: Empower HSBC to successfully navigate cyber risk with innovative, responsive and frictionless technologies and services, both those delivered in-house and from external partners. Foster and empower a culture of innovation, experimentation, and continuous improvement.

• Partnership: Develop with colleagues throughout technology and the business innovative technical solutions that meet both current and future business needs, ensuring the bank’s infrastructure remains scalable and resilient. Drive the shift-left of WASP in partnership with DevOps. Partner with external technology providers and security specialists to integrate best practice and leverage or build cuttingedge tooling.

• Monitor and analyze network traffic, logs, and alerts to detect and mitigate potential security threats. Conduct regular vulnerability assessments, penetration testing, and risk assessments to identify weaknesses and recommend improvements.

• Respond to and investigate security incidents, ensuring proper documentation and escalation of critical issues.

• Collaborate with IT, development, and operations teams to implement secure systems, applications, and networks.

• Stay up-to-date with the latest cybersecurity trends, threat intelligence, and emerging attack techniques.

APPLY

CYBER SECURITY MANAGER | NBCUNIVERSAL

FULL TIME REMOTE UNITED KINGDOM

ABOUT THE ROLE

We are looking for a Cyber Security Manager to be part of our NBCU Consumer Product Security team. This CSM will partner with Global Streaming Technology and Cyber Security organizations to build and deploy internal services that enhance our organizations security posture through data driven approaches and align with Cyber Security and Enterprise Technology strategies. The successful candidate will be joining NBCUniversal at an exciting time as we evolve our process and services.

The Cyber Security Manager will build strong relationships with the Global Streaming leadership and supporting teams. These relationships will enable the successful candidate to assess business practices, identify gaps in security controls and lead development and execution of cyber security strategies. Additionally, a successful candidate is expected to interact effectively and strategically with Cyber Security leadership, Global Streaming teams, internal audit, clients and regulators. A successful candidate is expected to understand and articulate business operational processes and risks while leveraging existing internal and external business and technology resources to provide program and project related insight. Clear and concise oral and written communication are required.

RESPONSIBILITIES

• Lead operational engagement and own supporting metrics for measuring Cyber Security maturity

• Communicate and coordinate NBC Universal’s Cyber Security strategy, programs and services with a diverse group of business stakeholders

• Inform and influence business strategy and decisions, aligned with the Cyber Security strategy and roadmap

• Support Cyber Security leadership in the identification and communication of relevant Cyber Security-related issues, risks and events, with business teams across the organization

• Track and coordinate Cyber Security involvement in business-driven technology projects

• Coordinate and advocate for business program and project security needs with Cyber Security architects, engineers and analysts

• Lead business-engaged risk exercises to identify and measure risk and develop mitigation strategies

• Actively engage and support security incident response team in resolution and close of investigations of incidents with ownership of post mortem and remediation plans

CYBER PRODUCT LEAD | QBE INSURANCE

FULL TIME NEW ZEALAND

YOUR NEW ROLE

Cyber liability is highly specialised and constantly adapting to new threats—it requires a dedicated expert to stay ahead of the market and grow the portfolio. As our dedicated Cyber expert, you will:

• Build and maintain strong relationships with broker partners, promoting cyber liability solutions.

• Underwrite cyber risks with a deep understanding of IT protections, system security, and risk mitigation strategies.

• Drive portfolio growth while ensuring compliance with local legal and regulatory requirements.

• Develop and refine policy wordings and endorsements to strengthen our offerings.

• Innovate new processes and products to enhance efficiency and profitability.

• Lead from the front, selling cyber security solutions and proactively addressing emerging threats.

More details and the full job profile will be shared with candidates during the interview process. Happy to talk flexible working

JOB BOARD

CYBER SECURITY GOVERNANCE SPECIALIST | NEXI ITALY

FULL TIME REMOTE ITALY

ABOUT YOUR FUTURE ROLE

The position is with the Group Cyber Security Governance team within the CISO division of Nexi. The CISO area consists of an international team of about +110 people working with different aspects of cyber security within the NEXI Group and among our partners, customers, and vendors. You will support the Cybersecurity Stakeholder Management team, managing relationships and communication with key cyber security stakeholders, supporting customers issues and audits management, developing and delivering security training, awareness and communication programs.

YOUR KEY RESPONSIBILITIES IN THIS ROLE WILL BE

• Assist in maintaining relationships and communication with internal stakeholders, including employees and business units.

• Contribute to relationships and communication with external cybersecurity stakeholders, such as customers, authorities, providers, and suppliers.

• Assist in reviewing Requests for Proposals (RFPs), contracts, and security clauses to ensure compliance with Nexi's Security Standards and regulatory requirements.

• Assist in interactions with supervisory authorities and with customers during inspections, audit and security assessments, by supporting in evidence collection, and discussions related to security findings.

FULL TIME HYBRID RUSSIA

WHAT YOU’LL BE DOING:

• One-man show and hands-on position

• Plan, design, build, and execute Investing.com’s security operations

• Implement best security practices to protect infrastructure and code

• Identify security threats by conducting continuous monitoring, vulnerability assessments, log and audit analysis

• Work and implement security measures for cloudnative environments-GCP using cloud tools

• Deploy and manage IAM, RBAC, and other access control mechanisms

• Apply security configurations in Kubernetes, containers, and serverless architectures

• Take an active role in reviewing and guiding other DevOps engineers on all aspects of security, providing mentorship, and ensuring that security best practices are followed across the team

• Perform incident triage and handling by determining scope, urgency, and potential impact thereafter identifying the specific vulnerability while recommending actions for quick remediation

WHAT YOU’LL BRING:

• At least 4-5 years of hands-on experience in DevSecOps, cybersecurity, or related fields

• Proficiency with CI/CD tools and integrating security solutions

• Familiarity with cloud-native security tools (e.g., Cloudflare WAF, GCP Security Center, Cloud Armor, etc. Strong understanding of application security, including OWASP principles

• Familiarity with Infrastructure as Code (IaC) tools like Terraform and Ansible

• Hands-on experience with scripting languages (e.g., Python, Bash) for automation

• A collaborative mindset with excellent problemsolving abilities

APPLY HERE

CLOUD SECURITY ENGINEER | SKYWARDOPS

FULL TIME REMOTE NIGERIA

JOB SUMMARY

As a Security Engineer, you’ll be responsible for supporting our Security Engineering toolset. You’ll develop, improve, modify, and assess security architecture in a cloud-based environment.

RESPONSIBILITIES

• Design, implement, and manage scalable security solutions that meet customer requirements leveraging both cloud-agnostic and cloud-native security tools.

• Lead collaborative design and implementation of solutions to meet remediation requirements for audits, security reviews, security incidents, and other activities.

• Design and implement automated security processes and controls to increase operational effectiveness and reduce manual processes.

• Implement and help manage and respond to security monitoring tools including Managed Detection and Response solution.

• Apply an organization's goals and objectives to develop and maintain architecture.

• Update, and/or maintain standard operating procedures.

• Apply cybersecurity principles to organizational requirements.

• Conduct routine vulnerability, configuration, and compliance assessments, and work with customers to prioritize and manage the resulting findings.

APPLY HERE

TEACHING ASSISTANT: CYBERSECURITY | CORRELATION ONE

PART TIME REMOTE LATIN AMERICA

ABOUT THE ROLE

• Management And Support (During Program)

• Join us for our program launches, which will take place on the first day of the program.

• Attend all LIVE lectures, for the training program

• Provide one hour of “Drop - In Office Hours” per week (1 hour per week)

• Attend the TA Weekly Meeting (1 hour each week)

• If you are unable to attend the TA Weekly meeting please anticipate that you will need to offer an additional Drop In Office Hour for program participants.

• Be available for 1:1 office hour requests with assigned learners based on availability. You may set these hours within our parameters, for your convenience. (up to max 2 hours per week)

• Complete grading of Fellow’s deliverables (3 hours each week)

• Work with fellow instructors/TAs and the Correlation One team on ways to improve learner experience (Note: you will be paired with a fellow TA to support a cohort of learners)

WHO YOU ARE

• Data Analytics professional with exceptional leadership, communication, collaboration, and organizational skills.

• Empathy, flexibility, patience; passion for working with diverse learners who are new to data analytics content.

• Experience operating in a fully virtual environment.

• Excellent written and spoken English language skills.

• Working experience with the following technical skills platforms.

APPLY HERE

JOB BOARD

CYBERSECURITY / AI SECURITY EXPERTS | BRAINTRUST

PART TIME REMOTE

ABOUT THE ROLE

Generative AI models are improving very quickly, and one of our goals is to make them capable of addressing specialized questions and achieving complex reasoning skills.

In this role, you will use your skills to train AI systems to identify and exploit security weaknesses in a controlled and ethical manner.

Your role will involve designing and executing a code injection attack to identify vulnerabilities in an AIpowered computer agent. You'll receive an onboarding session and sample documentation to guide you through the process. In practice, this means working with Docker containers, writing Bash and Python scripts, modifying HTML files, crafting malicious Linux commands, etc.

DATA SECURITY ANALYST | ALORICA

FULL TIME PHILIPPINES

ABOUT THE ROLE

As an IT Security L1 Analyst for Identity and Access Management, you will be responsible for the daily IAM operational activities, including managing tickets, timely Onboarding, Offboarding and Cross boarding of domains and email accounts. You will ensure that IAM service levels are closely monitored and maintained and will conduct scheduled access reviews as required. You possess strong analysis skillsets, attention to detail, and precise documentation skills, with clear communication and ability to prioritize workloads.

RESPONSIBILITIES

• Manage all user and system accounts account lifecycle, including provisioning, entitlement changes, deactivation, and deletion in accordance with the established service levels.

REQUIRED QUALIFICATIONS:

• Strong Linux administration and automation skills (Bash, Python, PowerShell).

• Experience with web security (HTTP, API security, web scraping, DOM manipulation).

• Knowledge of AI security risks, including prompt injection, adversarial attacks, and AI red teaming.

• Deep understanding of networking protocols, OS security, and web application security.

• Cloud security expertise (AWS, Azure, Kubernetes, Terraform, CI/CD security).

• Proficiency in English: advanced (C1) or above.

• Excellent analytical and problem-solving skills.

• Strong communication skills for reporting findings and collaborating with teams.

• Our freelance role is fully remote so, you just need a laptop, internet connection, time available and enthusiasm to take on a challenge.

• Work closely with IT, security, and business teams to manage user access, permissions, and IAM-related projects.

• Manage daily IAM operations by providing support to employees regarding access requests, password resets, and IAM-related issues through ServiceNow ticketing system.

• Perform access and entitlement reviews in accordance with established process and timelines.

• Manage identity and access management related technologies for account lifecycle management, privileged access management, SSO and multifactor authentication.

APPLY HERE

PRINCIPAL CYBER THREAT INTELLIGENCE | NSW DEPARTMENT OF CUSTOMER SERVICE

FULL TIME AUSTRALIA

ABOUT THE ROLE

The Cyber Threat Intelligence team are tasked with leading the provision of strategic, operational and tactical cyber threat intelligence to pre-emptively prevent cyber attacks and reduce the likelihood and consequences of cyber attacks on the department by through the application of the intelligence process to support the fortification of defenses, safeguarding of sensitive data, and protection of government services that are delivered by government divisions and agencies within DCS.

We are looking to recruit a Principal Cyber Intelligence Strategist to join the Cyber Threat Intelligence team. This role will focus on leading the development of strategic mitigations of cyber security threats and risks for DCS by leveraging advanced cyber intelligence and technical proficiencies and fostering collaboration with stakeholders, to improve cyber security response and processes in an evolving threat environment.

RESPONSIBILITIES INCLUDE:

• Actively contribute to the implementation and maintenance of the NSW Government cyber security posture through provision of expert technical advice and direction.

• Perform technical assessments of information and cyber security controls and threats to produce compliance reports and recommended actions to internal teams and relevant stakeholders.

• Provide expert information on cyber security risks, threat and vulnerability reports, penetration test reports, solution architecture designs.

• Alert stakeholders to cyber security issues and threats including breaches and potential intrusion incidents.

• Investigate and assess security breaches within a defined area of responsibility to maintain the compliance with whole-of-government cyber security policies and standards.

• Provide cyber intelligence expertise during operations and incidents to lead whole-of-government responses to cyber security threats.

• Contribute technical expertise and knowledge to reporting on current and emerging cyber security risks and trends.

SECURITY EVENTS

GARTNER SECURITY & RISK MANAGEMENT SUMMIT

3-4 March | In Person | Sydney, Australia | ICC Sydney

Our organizations have grand ambitions and know they can’t ignore cybersecurity. But in our fast-paced environment, we are endangered by the extremes of unbridled technology optimism and excessive preoccupation with risk. Hype, whether driven by AI, emerging technologies or the latest headline-grabbing cyber attack, threatens to derail strategic objectives and the partnership between cybersecurity and the rest of the business. This keynote will help cybersecurity leaders exploit the power of hype to drive an innovative and adaptive cybersecurity program.

APRES-CYBER SLOPES SUMMIT

6-7 March | In Person | Park City, Utah | Blair Education Center

The Apres-Cyber Slopes Summit is a unique cybersecurity conference event set in the scenic Canyons Village at Park City, Utah, which is the largest ski resort in the USA. This event is specifically designed for cybersecurity leaders such as CISOs, CTOs, CIOs, CEOs, Directors, Managers, and Innovators, including those specializing in Artificial Intelligence (AI) and Cloud Security Architecture.

CYBERCON AUSTRALIAN CYBER CONFERENCE

17-19 March | In Person | Canberra, Australia | National Convention Centre

In an era where digital frontiers are continuously expanding and evolving, the Australian Cyber Conference 2025 embraces the pivotal theme: Transform to Evolve. This theme underscores the imperative for cyber security practices to adapt and innovate in response to the rapidly changing digital landscape. Our aim is to start a profound transformation in the way cyber security is perceived, practiced, and implemented, fostering a resilient and dynamic cyber security ecosystem.

AFRICA CISO SUMMIT

19-20 March | In Person | Nairobi, Kenya | Radisson Blu Hotel, Nairobi Upper Hill

The Africa CISO Summit 2025 is a unique gathering that convenes over 200 of the continent's foremost cybersecurity leaders, decisionmakers, and innovators. This March, Nairobi will host an exclusive forum designed to address the pressing challenges faced by the region while highlighting the opportunities presented by emerging technologies and investment trends.

MARCH

& APRIL 2025

MINORITIES IN CYBERSECURITY ANNUAL CONFERENCE

23-27 March | In Person | Dallas, Texas |

The Minorities in Cybersecurity (MiC) Annual Conference provides cybersecurity leaders with an opportunity to share industry challenges and career aspirations. Attendees also discuss plans for supporting people of color and women in the field and share insights into climbing the corporate ladder. Registration is limited to 150 attendees. VIEW HERE

GARTNER IDENTITY & ACCESS MANAGEMENT SUMMIT 2025 UK

24-25 March | In Person | London, UK | Intercontinental London

In a world where the traditional corporate network perimeter has become obsolete — the identity infrastructure has become the new battleground for bad actors. Identity and access management (IAM) models that rely on legacy approaches to manage identities of users and machines across growing lists of applications and environments have become complex and ill-equipped to adapt to changing needs of business and technological advancements.

20TH INTERNATIONAL CONFERENCE ON CYBER WARFARE AND SECURITY

28-29 March | In Person | Williamsburg, Virginia | William & Mary Law School, USA

The 20th International Conference on Cyber Warfare and Security (ICCWS) is an event focused on cyber warfare and cybersecurity. The conference allows cybersecurity professionals to present academic research to peers in the industry.

WICYS 2025

2-5 April | In Person | Dallas, Texas | Gaylord Texan Resort & Convention Center

The Women in Cybersecurity (WiCyS) 2025 Conference provides an opportunity for security leaders to recruit and promote women in cybersecurity positions. This includes resume workshop events, networking sessions and mock interviews.

SECURITY EVENTS

INNOVATE CYBERSECURITY SUMMIT –NASHVILLE 2025

6-8 April | In Person | Nashville, Tennessee | Grand Hyatt Nashville

Innovate Cybersecurity Summit is a highly anticipated summit that brings together Cybersecurity Executives and CISOs from all corners of the country for three days of exclusive, invite-only discussion and learning.

SANS 2025

13-18 April | In Person | Orlando, Florida | Hyatt Regency Orlando

Unlock the full potential of your cybersecurity career at SANS 2025 in Orlando, FL (April 13-18, ET), the SANS flagship event of the year. Guided by world-renowned instructors at the forefront of the field, this event provides exclusive access to live industry experts, ensuring you stay ahead of the curve.

CYBER SECURITY ASIA 2025

21-22 April | In Person | Kuala Lumpur, Malaysia | Sheraton Imperial Hotel Kuala Lumpur

The Cyber Security Asia 2025 conference provides senior-level cybersecurity professionals in the APAC region and beyond with a chance to network. There will be over 35 speakers with over 85% of participants at the senior manager, director level or above.

RSA CONFERENCE

28 April – 1 May | In Person | San Francisco, California | Moscone Center

RSA Conference attendees will network with other cybersecurity leaders and vendors. Speakers include industry leaders from major corporations and government organizations.

Women in Security Magazine Issue 24

FROM THE PUBLISHER

Abigail Swabey

COLUMN

INDUSTRY PERSPECTIVES

ThankYou TO OUR SUPPORTING ASSOCIATIONS

EMBRACING RESISTANCE: OVERCOMING CHALLENGES AND FINDING STRENGTH IN COMMUNITY

THE STRUGGLE FOR SUPPORT IN THE SECURITY INDUSTRY

THE CHALLENGES OF RUNNING A SMALL BUSINESS

FINDING STRENGTH THROUGH SOLIDARITY

AMANDA-JANE TURNER

COLUMN

Criminals target the grieving

WHAT’S HER JOURNEY?

Blessing Ezeobioha

GRC

Cyber Security

Ellaina Kriketos

Chisom Obinna

Abisola Olorunnishola

Cyber Security Analyst

GRATEFUL FOR THE DAY I MET HIM.”

Nike Nsikak-Nelson

Sponsor BECOME A

Nancy Muriithi

Lead Cybersecurity Architect

Valeria Villalobos Martinez

Senior Security Consultant

Banner Ads

Full-Page

Audience Snapshot

You to HELP Us Lights On

Opportunities

Partner Magazine Ownership Opportunity

Event Promotion

Sponsored Articles

CRAIG FORD

COLUMN

It’s time we started to push back the hordes

INDUSTRY PERSPECTIVES

RECLAIMING SPACE: EMPOWERING WOMEN TO SUCCEED IN THE CYBERSECURITY INDUSTRY

BREAKING THE STEREOTYPES

RECLAIMING SPACE THROUGH LEADERSHIP

REAL-WORLD IMPACT: WOMEN IN CYBER DEFENCE

THE ROLE OF EDUCATION AND MENTORSHIP

ADDRESSING SYSTEMIC BARRIERS

THE FUTURE: BUILDING AN INCLUSIVE INDUSTRY

FINAL THOUGHTS

ABOUT LISA VENTURA MBE

ARE CERTIFICATIONS WORTHWHILE?

MINIMISE YOUR INITIAL INVESTMENT

TAKE THE CLOUD RESUME CHALLENGE

ABOUT THE AUTHOR

RECLAIMING PRIVACY: ADDRESSING THE GENDER GAP IN TECH AND PRIVACY LEADERSHIP

RECLAIMING AUTHORITY IN PRIVACY LEADERSHIP

RECLAIMING CONFIDENCE: OVERCOMING INDUSTRY SCEPTICISM

WOMEN ROLE MODELS ARE CRITICAL

AI AND THE FUTURE OF PRIVACY

RECLAIMING A SUSTAINABLE FUTURE IN PRIVACY

ABOUT THE AUTHOR

WOMEN IN CYBERSECURITY LEADING WITH COURAGE AND SOLIDARITY

ARE OPEN Nominations

1 ST MARCH 2025

Why Nominate?

Authenticity

Emphasise Diversity & Inclusion

HOW TO SUBMIT A WINNING NOMINATION

Highlight Achievements

Collaboration is Key

Support with Testimonials

KAREN STEPHENS

COLUMN

“Upon the conduct of each depends the fate of all” (Alexander the Great)

Source2Create Spotlight

Content

CAREER PERSPECTIVES

FROM FEAR TO FASCINATION: MY JOURNEY IN CYBERSECURITY

THE ROLE OF COMMUNICATION

NAVIGATING THE WORLD OF LEARNING

LESSONS LEARNED IN THE SOC-IR