Women in Security Magazine Issue 25 by source2create

FROM THE PUBLISHER

More than a seat at the table

For decades we’ve fought for a seat at the table, asking for space, proving our worth and demonstrating time and time again that hard work does not have a gender. But now, the conversation is shifting. It is no longer enough to simply have a seat. We must push forward, transforming what was once a dream into reality. In our last issue, we spoke about the power of being bold. Be BOLD, Be YOU. Now, we must take it a step further. We must move beyond contentment with mere presence; it’s time to build a bigger table. One that welcomes those who have been overlooked, underestimated or unheard.

The traditional structures of power were never built with inclusivity in mind. They were designed to keep a select few at the helm, reinforcing barriers that silence diverse voices. But times are changing. Women, non-binary individuals and purpose-driven leaders are no longer waiting for permission: they are redefining success, leading industries and creating new paradigms that challenge outdated norms.

BREAKING THE SYSTEM, NOT JUST THE CEILING

Issue 25 is about more than representation, it’s about revolution. It’s about dismantling the systems that have long held entrepreneurs, innovators and leaders back. It’s about ensuring that women, non-binary individuals and purpose-driven leaders have not only a place but the resources, support and community to thrive. Because, when we amplify women everywhere, we don’t just change boardrooms and businesses; we transform industries, economies and futures.

Yet, we find ourselves caught in the crossfire. Social media is buzzing, political rhetoric is growing louder and some voices are calling for an end to DEI (Diversity, Equity, and Inclusion) initiatives. The

push to dismantle these efforts sends a dangerous message: that we don’t matter. DEI programs are not only corporate checkboxes; they are integral to business strategies that foster innovation, creativity and resilience. Yet, their mere mention has pitted politicians and powerful executives against the leaders who implement them.

True change requires more than symbolic gestures; it demands systemic transformation. We must scrutinise hiring practices, investment trends and leadership pipelines that continue to favour the same voices. We must move beyond performative diversity efforts and instead create environments that genuinely nurture diverse talent. Equity is not only about numbers; it’s about fostering cultures that uplift, mentor and sustain women and non-binary leaders at every level. We must act now before the opportunity for change is lost, before the environment grows even more hostile.

BUILDING A FUTURE WHERE EVERYONE THRIVES

We are here to inspire, educate, empower and encourage. To foster collaborative cultures that do not just open doors but tear down walls. This is a call to action for those who believe in more than inclusion: it’s for those who believe in reinvention.

Imagine a world where women entrepreneurs receive equal funding, where leadership roles reflect the true diversity of talent, where success is not dictated by privilege but by passion and perseverance. This is not a distant dream; it is an achievable reality when we work together. The change we seek is already happening in pockets of innovation, in communities that refuse to be silenced, and in the relentless efforts of those who refuse to accept the status quo.

This issue is dedicated to the trailblazers: the women rewriting the rules, the non-binary leaders challenging convention, and the allies who understand that equality benefits us all. It’s about the collective effort to build something bigger than any one individual; a legacy of opportunity, access and empowerment.

IT’S NOT ONLY A SEAT, IT’S A MOVEMENT We’re not just taking a seat; we’re building something

Abigail Swabey

WELCOME TO ISSUE 25.

I hope you find inspiration in the many talented and powerful voices featured in this issue.

Abigail Swabey

PUBLISHER, and CEO of Source2Create

Women

More than a seat at the table: My insights

Women in Security: A conversation with The Paragon Alliance co-founders Meg Tapia and Annie Haggar

ThankYou TO OUR SUPPORTING ASSOCIATIONS

AMANDA-JANE TURNER

Cybercrime is big business, thanks to technical advancement and interconnectivity creating more opportunities. This regular column will explore various aspects of cybercrime in an easy-to-understand manner to help everyone become more cyber safe.

COLUMN

Cybercrime for sale

When reporting on large-scale cybercrime campaigns, some media outlets still insist on using an image of a lone hooded hacker lurking in the dark behind a keyboard. With advances in technology and with an increasing number of criminal enterprises selling malware, this is just not accurate. Consider for example criminal enterprises specialising in selling products and services related to conducting cybercrime campaigns. These are not lone hooded hackers, these are large-scale sophisticated financially driven enterprises.

Cybercrime as a service (CaaS)—often run as a large business enterprise—allows threat actors to pay for malware, phishing kits, DDoS tools, ransomware and credentials without having to do any coding or invest in infrastructure themselves. Some of these enterprising entities also offer 24/7 help desk and other support to customers needing help with a phishing kit or ransomware they have purchased. This makes attribution challenging, because the same malware, server or phishing kit could be used by a multitude of different people in many different campaigns. It also means that cybercrime is more accessible to a larger cohort: they need only pay for the services.

Many CaaS models focus on the provisioning of malware, exploits and infrastructure for cybercrime to sell to other criminals rather than for their own use. These enterprises can be sophisticated with hierarchical employment structures, advertisers, help desk staff, linguists and managers. The lone hoodywearing evil genius hacker is far from the reality.

A subset of CaaS is ransomware as a service (RaaS) where, under a fee-based or affiliate model, threat actors can launch widescale ransomware campaigns against their targets without the need to code the

malware, own the infrastructure or engineer the malware’s ingress. Sophisticated RaaS providers have online portals through which their customers can manage a ransomware campaign, so there is no need for customers to understand networks, coding or exfiltration techniques; they just have to access the interface in the portal to launch and control their ransomware activities. As a result of this affiliate model, ransomware becomes more affordable and available to a larger cohort. It is not only rich criminals, nation state sponsored threat actors or the most technical who use ransomware; it can be obtained from its creator via a RaaS enterprise.

That is not to say there are not lone opportunists, hacktivists or disgruntled people out there committing cybercrimes. However, they are also able to use a CaaS provider to support their threat campaigns. The ongoing success of these criminal enterprises, and the countless resources available to them, mean more will crop up. So, the fight against cybercrime continues.

Stay safe everyone.

www.linkedin.com/in/amandajane1

www.empressbat.com

WHAT’S HER JOURNEY?

Manahil Hasan

Senior Cyber Security Analyst Engineer

Manahil Hasan’s fascination with technology started early. Even in school, she had an intuitive grasp of computers, effortlessly picking up complex concepts while her friends predicted she’d end up in an IT-related career. At the time, she didn’t think much of it, but looking back, the path to cybersecurity now feels almost inevitable.

“I found computers easy to work with, but I never thought I’d end up here. It just sort of happened naturally.”

It wasn’t until her first year of studying Computer Science that she found her true calling. A particularly influential programming professor introduced her to Kali Linux, sparking an interest in hacking that led her down a self-taught path in cybersecurity. Installing Kali on her old Asus laptop, she quickly realised she had a steep learning curve ahead—Linux commands, system navigation, and understanding networks were foreign at first. But the challenge excited her, and soon enough, she was hooked.

Over time, her curiosity transformed into a deep commitment to the field. Her professor’s belief that

“anything built by humans can be broken” reshaped the way she saw technology. The evolving nature of cybersecurity—where new threats and defenses emerge constantly—continues to fuel her drive today.

“I love how it’s always changing. There’s always something new to learn, and that challenge keeps me going.”

Working in cybersecurity, especially in a startup environment, comes with its challenges. Fast-paced, constantly shifting priorities and urgent requests mean long hours and the need to adapt quickly. Finding balance within this demanding landscape hasn’t been easy, but Manahil has developed strategies to manage it effectively.

“I wouldn’t say I’ve overcome all the challenges, but I’ve learned to work with them. I create structured to-do lists and build flexibility into my day. You have to accept that meaningful change takes time and effort.”

Her journey hasn’t been without moments of doubt. As an introvert, she initially found it difficult to navigate professional interactions, especially in a workplace where she was the only woman. But

over time, she learned to push herself beyond her comfort zone, engaging in conversations and building confidence in her voice.

“The first step is the hardest, but once you take it, everything else gets easier. Most of the barriers we face are the ones we create in our minds.”

Her early aspirations leaned toward offensive security—Red Team operations, penetration testing, and malware analysis. She dove into these areas, acquiring skills in reverse engineering and vulnerability research. But rather than sticking to a rigid career path, she remained open to opportunities, recognising that adaptability was just as important as expertise.

“I didn’t have a clear-cut plan. I just wanted to learn as much as I could and make an impact. That approach has served me well.”

Looking back, there’s a lot she would tell her younger self. Above all, she’d emphasise patience, perseverance, and purpose. Cybersecurity isn’t just about technical skills; it’s about resilience. The field is ever-changing, and staying relevant requires commitment beyond just chasing trends or seeking external validation.

“Don’t do it for the title or the recognition. Do it because you love it. The results will come naturally.”

Manahil is also an advocate for practical learning. While she acknowledges the value of formal education, she believes core concepts like networking fundamentals, command-line proficiency, and Python programming are crucial—whether learned in a classroom or through self-study.

“It’s not about collecting certifications; it’s about truly understanding how things work. You need hands-on experience to build a solid foundation.”

As for the future of cybersecurity, she sees AI playing a significant role—both as a tool for defense and as a weapon for attackers. Zero Trust models, quantum computing risks, and the expansion of cloud and

IoT security will reshape the industry over the next few years, requiring professionals to remain vigilant and proactive.

“The attack surface is only getting bigger. If we’re not innovating, we’re falling behind.”

When evaluating career opportunities, she prioritizes growth over compensation. Skill development, leadership potential, work environment, and work-life balance are all key considerations.

“I want to be somewhere that challenges me, but also values its people. A good team makes all the difference.”

That sense of fulfillment is what makes her current role so rewarding. She thrives in an environment where collaboration is encouraged, learning is continuous, and contributions—no matter how small— are recognised.

“My team is what makes this job so satisfying. Everyone supports each other, and that kind of culture is invaluable.”

Outside of work, maintaining balance is a priority. To avoid burnout, she immerses herself in creative hobbies like painting and cooking, along with regular exercise. These activities help her disconnect from the digital world and return with a fresh perspective.

“It’s important to step away sometimes. When I do, I come back feeling more focused and ready to tackle new challenges.”

From a curious student experimenting with Kali Linux to a Senior Security Analyst making an impact in the field, Manahil’s journey is a testament to passion, perseverance, and the power of continuous learning. Her story is an inspiration for those looking to carve out their own path in cybersecurity—one that doesn’t always follow a conventional route but is no less impactful.

www.linkedin.com/in/manh001

Omonivie Cynthia Jatto

Cybersecurity Specialist

Omonivie Cynthia Jatto’s journey into cybersecurity was sparked by a deep sense of justice and a desire to protect those around her. Growing up, she witnessed firsthand how online scams devastated members of her community, stripping them of their hard-earned money due to a lack of awareness. But beyond the victims of cybercrime, she also saw young girls being pushed into societal norms that limited their aspirations.

Many were encouraged to seek financial stability through relationships with internet fraudsters rather than pursuing their own careers. Jatto refused to accept this narrative. She was determined to change the status quo and empower young girls to strive for independence.

“I sought to change this narrative, empowering young girls to strive for sustainability and independence,” she reflects.

Cybersecurity wasn’t straightforward. With a background in political science, she faced an uphill

battle transitioning into the tech-heavy field. However, her unwavering passion led her to a mentor who introduced her to cybersecurity. With no formal technical training, Jatto embarked on a self-taught journey, devouring introductory materials, online courses, and boot camps. Financial constraints didn’t deter her—she saved up during her national youth service in 2023 to buy a second-hand laptop, marking the beginning of her hands-on learning experience. A year later, her relentless effort paid off when she secured her first cybersecurity role.

Like many women entering a traditionally maledominated industry, Jatto faced moments of doubt. The technical nature of cybersecurity and discouraging comments from others made her question her ability to succeed. To combat this, she drew inspiration from successful women in the field and reinforced her own knowledge by teaching friends what she learned. “That helped me build confidence and reassure myself that I could excel in this field,” she says.

Despite not having a clear-cut plan at the outset, her natural curiosity and problem-solving skills led her towards penetration testing, a specialty she now thrives in. The ever-evolving nature of cybersecurity excites her, and she anticipates major developments in the next two years, particularly with AI-driven security measures and the expansion of IoT devices. “My recent studies on IoT security have left me concerned about the potential risks associated with the expansion of IoT devices,” she notes.

For Jatto, career advancement isn’t just about financial compensation. “It’s about finding a place where I can truly grow, thrive, and make a meaningful impact,” she emphasizes. Being in an environment that aligns with her professional aspirations and allows her to develop her skills is just as important as the paycheck.

One of the most fulfilling aspects of her career is the ability to protect organizations from cyber threats while continuously learning and evolving. “Being able to use my skills to make a positive impact and protect others from cyber threats is truly rewarding,” she shares. However, balancing this demanding career with personal well-being remains a work in progress. To avoid burnout, she prioritises activities she enjoys, such as writing, taking walks, and playing games, while maintaining connections with loved ones. “It’s a work in progress, but I’m learning to prioritise my well-being.”

To stay at the forefront of her field, Jatto relies on a mix of research, industry news, and networking with fellow cybersecurity professionals. She believes that learning never stops and encourages those transitioning from non-technical backgrounds to take ownership of their learning journey. “When faced with challenges, your passion will be what drives you forward,” she advises. “Dedicate time to learning, and you’ll be surprised at how far you can go.”

From a political science graduate to a cybersecurity specialist, Omonivie Cynthia Jatto’s journey is a testament to resilience, passion, and the power of self-belief. By breaking barriers and challenging societal norms, she is not only securing digital landscapes but also paving the way for the next generation of women in cybersecurity.

www.linkedin.com/in/jatto-cynthia

Ranee Bray

Senior Director, Cybersecurity

@ Cloudflare

For Ranee Bray, a career in cybersecurity was not something she initially sought out, but rather a natural evolution of her passion for leading transformative change. Throughout her career, she has been driven by a results-oriented mindset and a relentless thirst for learning. Her introduction to cybersecurity came over a decade ago when she was tasked with building and delivering cybersecurity remediation projects. What struck her most was the vast disconnect between business leaders and cybersecurity professionals—understanding the ‘why’ and articulating business value was often a challenge. As she worked to bridge this gap, she realised cybersecurity was a field where she could make a lasting impact while continuously learning.

“Cybersecurity changes so rapidly—I found myself diving deeper into each domain, and in doing so, I discovered the best career I could ask for.”

Despite her success, Bray has faced challenges along the way, particularly as a woman in tech. She recalls being the only woman in meetings and on business trips, frequently assumed to be the notetaker—even as the most senior leader in the room.

While she never let these assumptions deter her, she acknowledges that navigating unconscious bias can be difficult. “Technology is easy. People are hard,” she says. Rather than letting these experiences hinder her, she has learned to be patient and let her actions build credibility over time.

Like many in cybersecurity, she has experienced moments of self-doubt, especially when confronted with the ambiguity of the field. “Cyber leaders are typically mission-driven, always striving to stay one step ahead of threats. But the uncertainty can lead to imposter syndrome,” she admits. The key, she believes, is confidence—while remaining humble and open to learning. “You will never know everything in this field, and that’s okay. Your job is not to know all things, but to build the right team and deliver value.”

Bray’s journey into cybersecurity leadership was both intentional and serendipitous. She always had a clear vision of becoming a strategic change leader, but the cybersecurity component unfolded organically when she was invited to serve as Chief of Staff to a CISO. With no prior experience in the role, she saw it as an opportunity to gain insights into each security domain while learning how to lead a large cybersecurity organisation. “It was the best career decision I ever made. If you want to be in leadership and solve largescale problems, this type of role is an accelerator.”

Looking ahead, Bray sees artificial intelligence reshaping the cybersecurity landscape in profound ways. While some fear AI may reduce the demand for cybersecurity professionals, she believes it will instead enable teams to scale and focus on more advanced analytical work. “The way we protect organisations in three years will not look the same as it does today. If you’re not learning how to adapt, you risk being left behind.”

When considering career advancement, Bray prioritises more than just financial compensation. “I’ve turned down many opportunities because the culture wasn’t the right fit,” she shares. “Finding an organisation that aligns with your values, offers growth opportunities, and sets you up for success is key. I’ve made tough choices, sometimes giving up higher-level opportunities to stay on my cybersecurity leadership path, but the right fit always pays off in the long run.”

With cybersecurity burnout being a prevalent issue, she emphasizes the importance of setting boundaries. “For me, it’s family dinners and weekends. But I also recognise when work is critical, and a surge is necessary. Understanding the difference is key to finding balance.”

Bray is also keenly aware of the cybersecurity talent shortage and has led organisations that successfully

attract top talent. She believes skilled professionals seek innovative work and forward-thinking projects. “When you offer opportunities to work on cuttingedge cybersecurity solutions, you naturally attract self-learners who are always ahead of the curve.” However, she acknowledges that some roles, like Red Team and application security experts, remain particularly difficult to fill. Her solution? Be open to remote talent and leverage employee networks to find strong candidates.

For those transitioning into cybersecurity from other fields, Bray’s advice is straightforward: “You don’t need to fit a specific mold. Cybersecurity is diverse—find your passion, excel at it, and apply the cyber lens. If you commit to continuous learning, you will find your place in this field.”

www.linkedin.com/in/raneebray

Jordan Watson

Senior Cyber Security Consultant

Jordan Watson didn’t follow the usual route into cybersecurity. Her journey began not in a lecture hall or at a coding bootcamp, but in front of the TV. As a teenager, captivated by action-packed heist films, it wasn’t the car chases or explosions that caught her attention—it was the hackers. “I remember watching Fast & Furious 7 and being completely captivated when the hacker character was a woman,” she recalls. That cinematic spark lit the fuse for a career she never could’ve fully imagined at the time.

Already interested in IT and tech, that scene opened up new possibilities for Jordan. What started as fascination with fictional cyber operatives evolved into a deep, real-world passion for networks, threat intelligence, and security architecture. “What I love most is that cybersecurity is never static; it’s constantly evolving, and so am I,” she says.

But like many in the field, Jordan’s path hasn’t been without uncertainty. Breaking into the industry— particularly into the competitive London job market— wasn’t easy. “There were points where I questioned whether all the effort was worth it,” she admits.

Despite the setbacks, her answer always circled back to one thing: her love for the work. It was that unwavering passion that saw her through the toughest moments.

Initially, Jordan envisioned herself as the archetypal hoodie-wearing pentester, surrounded by glowing monitors. But as she delved deeper, her path began to shift. “I found myself gravitating toward the business-focused side of things,” she explains. Today, as a Senior Cyber Security Consultant, she thrives on translating technical detail into strategic, business-aligned solutions. “I really enjoy being that bridge… where I feel most energised and able to contribute meaningfully.”

Looking ahead, Jordan sees the dual rise of artificial intelligence and regulatory scrutiny as defining forces in cybersecurity. While AI brings potential for automation and smarter threat detection, she warns that it also empowers adversaries to launch more sophisticated social engineering campaigns. “We’re going to need to keep evolving not just our technical defences, but also our awareness and training efforts to stay ahead.”

She also flags the mounting risks posed by supply chain attacks and the increased need for security to be embedded from the start. “Reactive security won’t be enough,” she says. “We’ll need to be proactive, collaborative, and strategic.”

That same balance of technical expertise and strategic vision is what guides her professional development. Jordan is currently pursuing her CISA certification, with plans to follow it up with CISM and possibly CRISC or ISO 27001 Lead Implementer.

“The best certifications are the ones that support both technical credibility and business fluency,” she notes—particularly for professionals aiming to bridge the gap between cybersecurity and broader organisational strategy.

Her values, though, extend far beyond titles and qualifications. Work-life balance, trust, and psychological safety are non-negotiables. “I thrive in an environment where people can talk openly, support each other, and build genuine camaraderie,” she says. And when it comes to unwinding, Jordan finds joy in everything from running and pottery to mixology. “I actually came first place in a Giffard Liqueurs cocktail competition recently,” she shares with a grin. It’s a reminder that creativity and precision exist well beyond code.

For those considering a pivot into the field, Jordan’s advice is candid and encouraging. “Don’t expect the transition into cybersecurity to be easy, but if you’re committed to putting in the work, it’s absolutely worth it.” Whether it’s hands-on platforms like HackTheBox or community workshops, she emphasises the importance of showing curiosity and commitment.

“Cybersecurity isn’t just about what you know; it’s about showing that you’re always willing to learn, adapt, and get stuck in.”

From a childhood movie fascination to a thriving consultancy career, Jordan Watson’s journey is proof that inspiration can strike anywhere—and that with resilience, adaptability, and passion, it can evolve into something powerful.

www.linkedin.com/in/jordan-watson-100334138

Kelly Johnson

General

Manager ANZ, Acronis

Kelly Johnson, the US born general manager of cybersecurity company

Acronis’ Australian and New Zealand business, identifies 1992 as the year she first encountered cybersecurity: buying Symantec antivirus software for IT distributor Ingram Micro. “This was when we were buying boxes of floppy discs and stacking them in the warehouse, and then shipping them out to retail stores,” she says.

However, that was not the start of her career in cybersecurity; nor her first job in a male-dominated sphere: that first job was carrying clubs for golfers during her school years.

“They had a position called cart boy. They turned it into cart person after I joined,” she says. She became “hooked on golf” and much more than a caddy person. “I had a lot of exposure to golf during my high school career. I played on the school team, and I ended up getting a golf scholarship to the University of Oregon,” she recalls.

FRENCH AND GOLF

That scholarship was gained by Johnson becoming the first woman to receive an Evans Scholarship, a full housing and tuition college scholarship awarded to golf caddies with limited financial means.

At university Johnson studied international business and French, after spending a year in France as an exchange student. “I was with a family that had never had an exchange student before, so really was full immersion, and I came back speaking fluent French,” she says.

After graduating Johnson got a role that, through a series of company acquisitions led to a 30 year career with Ingram Micro.

To people in the IT industry, the name Ingram Micro is associated with IT distribution. However that business started life as an arm of US based Ingram Industries. The company has gone through several changes of ownership, including being listed for a time on the NYSE, a position to which it returned in October 2024.

Johnson joined Ingram through a connection with its book distribution business. “My mother owned a bookstore. She bought her books from Ingram Book, and she became really good friends with the CEO of Ingram at the time,” Johnson says. Ingram had just bought a software distributor in Brussels and the CEO offered her an internship there. She worked in Brussels for two summers, and got her start in the IT industry.

HELPING REVIVE APPLE COMPUTER

Johnson’s 30 year career with Ingram Micro spanned the US and New Zealand and saw her play a key

role in the resurgence of Apple following the return of cofounder Steve Jobs: she was engaged as a consultant to redesign Apple’s supply chain.

At the time, the late 90s, Johnson was the director of the Mac division at Ingram Micro in the US, and had built the division into a global organisation. Jobs had left Apple in 1985. He returned in 1997, when, according to Wikipedia, Apple was only weeks away from bankruptcy.

“We sat down with Steve Jobs one day and he said, ‘We’re really good at building cool products. We’re really good at marketing. We’re crap at getting products to our customers, because that’s not what we do. We don’t do logistics. That’s what Ingram does, right? So I need you to fix it,’” Johnson says.

“So I moved from product management into logistics and project managed a team of people to open warehouse operations in Ingram Micro distribution centres in three locations in the US to help Apple expand, because Steve knew what he was going to be creating, and he needed scalability in capacity.”

FROM SEATLE TO NELSON, NZ

After another couple of years working in logistics with Ingram Micro, Johnson’s career took a major shift: she, her husband and two-year-old twins upped sticks and moved to New Zealand.

“My husband was an economist doing a lot of fundraising for startup companies, and he said, ‘we’re in trouble economically in the US. We need to go somewhere else for a while.’

“I wanted to raise my kids closer to nature. We were in Seattle and there were gun issues already in the US. I didn’t want the kids to go through a metal detector to go to school, and I wanted to raise them closer to nature. We moved to New Zealand, to Nelson, and then to Auckland.”

After a hiatus precipitated by the Global Financial Crisis, Johnson rejoined Ingram Micro and built its NZ Apple business, specifically its Apple accessory business.

“I think cybersecurity is a is a wonderful career for women, because women are very observant, and they tend to have a nurturing, protective nature that allows them to see things in different ways."

“No one makes money selling Apple, except Apple, because the margins are nothing if you’re in the channel,” she says. “So I had to go out and find third party accessory product for Apple. That was when the apps were just being developed, the App Store was coming alive for the iPhone, and the iPad had just been launched. I was able to get a lot of accessory products in and build a business that was very sound for the channel, and for our reseller partners.”

Then Johnson made her first real foray into cybersecurity: staring a cybersecurity division for Ingram Micro, in 2017 after leaving New Zealand for Australia. Vendors she represented included her current employer, Acronis, but Johnson’s next step was to join ESET, a provider of end user security software in 2020, as country manager for Australia.

This role also marked Johnson’s, and ESET’s entry into the wider security community. “I launched a program where we gave away a scholarship for women in security that they continue today. They give away $5,000 a year to a female student studying cybersecurity. And we also had a big focus around kids. ESET has a really good program called Safe for Kids Online. We worked with Next Media on their children’s magazine, K-Zone.”

GETTING CYBERSECURITY TRAINING

In 2023 Johnson joined the Australia arm of NYSE listed Arrow Electronics as director of sales for ANZ. Security is just one of a range of IT services the company offers. She left after less than a year

to take on her current role with Acronis in February 2024, and decided it was time to get some technical knowledge of cybersecurity. She has just completed the LinkedIn Learning course Cert Prep: ISC2 Certified in Cybersecurity in which, according to its webpage “instructor Mike Chapple shares all the cybersecurity knowledge you need to know to pass the [ICS2] exam.”

Johnson explains her reasons saying: “I initiated a self-assessment of how much I really knew about security. I had a guy ask me questions, and I had no idea. I realised I needed to deepen my skills and deepen my knowledge.

“You’re never too old to get your skillset elevated, right? It took me three days right before New Year, and that was fine, because it’s a quiet time of the year. I’ll get certified later this year and take that to another level.”

Johnson is a promotor of women in IT and cybersecurity, both informally and through her role as a member of the executive council ANZ and cybersecurity lead of the Global Technology Industry Association (GTIA), which claims to be “the only vendor-neutral, non-profit membership community connecting and representing the worldwide IT channel.”

GTIA, formed in January 2025, was formerly the CompTIA Community, an arm of the Computing Technology Industry Association (CTIA). CompTIA is now a for profit company operating the former CompTIA’s training and certification business.

CHAMPIONING WOMEN IN CYBERSECURITY

At the GTIA Johnson will be helping with its Women in the Channel program, its mentoring program and, informally, she champions the cause of women in IT.

“When I have meetings at distributors or resellers I ask, ‘how do you find women to apply for roles?’ We have to write advertisements that are open enough to say to women, ‘please apply.’ We have to use words like flexible hours, hybrid role; words that make it easier for women who either have family obligations or are caring for older parents to know that there’s flexibility and support.”

She adds: “The other thing is that I find women tend to read a job description and go, ‘I only hit 80 percent of that qualification, so there’s no way I’m applying for that role,’ whereas men just fake it till they make it.”

She also encourages women with zero IT experience to consider cybersecurity. “Some of the best people I’ve hired have come from different industries, real estate, for example. They know what hard work is. They’re up at six in the morning on a Sunday, putting signs out on the streets and getting stuff done and writing adverts. That’s a hard job. They’re not afraid of hard work.”

She adds: “I think cybersecurity is a is a wonderful career for women, because women are very observant, and they tend to have a nurturing, protective nature that allows them to see things in different ways.

“This is what the future is going to be. AI is only going to be able to do so much. You have a way of looking at things and saying, ‘that pattern doesn’t look normal to me, I need to investigate.’ That is what we need to protect the country, and protect people from the bad actors.”

And for women trying unsuccessfully to break into the industry, Johnson offers one final piece of advice: persist.

www.linkedin.com/in/kellyjohnsonau

Sponsor BECOME A

The 2025 Australian Women in Security Awards needs you as a key partner!

Each year, the awards grow in scale and impact, and this year will be no exception. However, as a small business, I rely on valued partners to help bring this event to life.

These awards are more than just a celebration—they are a catalyst for real change in the cybersecurity and protective security sectors. They shine a light on outstanding women, foster industry-wide inclusivity, and inspire the next generation. Your support would play a pivotal role in ensuring we continue this important mission.

Lets discuss how we can collaborate and tailor a partnership that aligns with your organisation’s goals. Reach out to Aby on aby@source2create.com.au or call 0415500580

Theresa McCluskey Head of Global Enablement

Ijust spoke at my teen’s high school actually on this topic,” Theresa McCluskey reflects, describing her experience of sharing career wisdom on a recent career day. “I shared with them that you don’t have to choose one thing… one field, one career. You can reinvent yourself at any time, any age, you just have to be willing to be uncomfortable.”

For Theresa, now the Head of Global Enablement in a leading cybersecurity firm, the road into the world of cyber was anything but linear. With a 15-year career spanning transportation and healthcare, she had never imagined she’d end up passionate about operational technology (OT) security. Her entry into the cybersecurity space came candidly—through a recruitment opportunity with Deloitte & Touche. There, she became part of a team charged with building a Managed Services Practice, focusing on enabling global teams in Cyber and Strategic Risk.

Over the last decade, Theresa has been at the forefront of various strategic initiatives. But it’s

her current role—where cybersecurity intersects with enablement—that has sparked a deep-rooted passion, particularly for OT. “I love where I’m at and have a passion for cyber,” she says. “But I don’t have a background in OT Security… This was a challenge when I joined but not an obstacle that cannot be overcome.”

Adopting what she calls a “student mindset,” Theresa took the challenge as a personal mission. Studying OT, absorbing the intricacies of her company’s solutions, and immersing herself in technical conversations became her new normal. “It’s required a lot of focus,” she admits, “but the lightbulb moments are worth it.”

Theresa embodies the idea that real growth begins where comfort ends. “The only time you are actually growing is when you are uncomfortable,” she says, quoting psychotherapist Amy Morin. Her transition from consulting into a global role in OT was a leap of faith—one she took with humility and grit.

Her work is now deeply intertwined with the success of cybersecurity professionals around the globe. “I lead enablement,” she explains. “My team is responsible for ensuring that what our organisation brings to market is digestible for our partners and our professionals to bring to our customers.” From tools to training to value-based storytelling, her focus is on simplicity and measurable impact—supported by a global team she built from scratch.

“I have the privilege of working with incredibly talented OT experts… they are insightful, patient and answer my many questions,” she shares. That sense of collaboration and community is central to her fulfillment. “It’s incredibly satisfying.”

Despite the fast pace and global demands of her role, Theresa has also carved out a space for balance—a feat many in the industry strive for. As a mother of four, she’s candid about the challenges. “I’m not going to say it’s easy. But I block my time. I have healthy habits. I create office hours and family time—and these are non-negotiable.” This boundary-setting wasn’t always her default, but after 20 years, she proudly claims she’s “there.”

Her dedication to staying current is also marked by intentionality. She listens—deeply and often. “I try to listen and learn from the talent within my company,” she says. She subscribes to key publications, follows industry leaders on LinkedIn, and carves out scheduled time to stay informed. Without that structure, she notes, “the day gets away from me.”

Looking ahead, Theresa sees artificial intelligence and regulatory shifts as the most transformative forces in cybersecurity. “AI-driven attacks are becoming more sophisticated,” she says, underscoring the dual

"The only time you are actually growing is when you are uncomfortable."

nature of technology as both threat and solution. She also predicts a convergence of IT and OT security, breaking long-standing silos to achieve unified, risk-informed strategies—especially critical in industrial sectors.

Theresa’s story is one of adaptability, empathy, and leadership. For those contemplating a shift into cybersecurity from other industries, she offers enthusiastic encouragement. “Do it! The field is exciting, the people are authentic and sharp as hell, and the work is energizing.”

She’s living proof that passion can be discovered in the second, third—or even fourth—chapter of a career. And that in cybersecurity, there’s a place for everyone willing to listen, learn, and lead with purpose.

www.linkedin.com/in/theresamccluskey

SIMON CARABETTA

Simon is a former high school Media Studies and English teacher turned Cyber Security Advocate. A proud dad to three young men and a master of Mario Kart

COLUMN

How I fell into cybersecurity

There was no plan. There was no strategy in place.

I didn’t bother listening to influencer recruiters or other vendors of snake oil and, when I did hear their messages, it was cringe beyond belief.

I didn’t have to read a book or sign up for a course. And even if I had to do so, I certainly didn’t want to.

Did I know what I was doing?

Hell, no!

Did I care?

Hell, no!

I knew where I wanted to be, and I had my own ideas about how I was going to take a roundabout way to get there.

I’m talking about the time I transitioned from high school media studies teacher to cybersecurity awareness officer.

I’m not going to lie. It was pretty seamless. There was no special sauce or magic juice required. I just did it. I applied for a job, I prepped the best way I knew how,

and I just went for it. I did not hold back against my intentions to leave behind 13 years of blood, sweat and tears (mostly tears) in an education career that had, in all honesty, become stagnant; a career in which I had become incredibly cynical and had lost the passion that had launched me into the classroom.

It was a Monday afternoon. I left school early so I could make the long journey from Clarkson in Perth’s far northern suburbs to inner city Leederville, HQ of WA’s Water Corporation. There I was greeted by my two interviewees who seemed very interested, but mostly curious, as to why a teacher was considering a position sure to be challenging, to say the least.

Let’s just call one of my interviewees Jack and the other one, Michelle. Those aren’t their real names, so don’t bother doing an online stalk.

They were really friendly, asked me some pretty good questions before easing me into the tougher ones, and raised their eyebrows at many of my responses

(something I thought at the time to be a negative, but in fact was a good response).

Forty five minutes later I left the interview, hands shaken with both Jack and Michelle, and friendly pleasantries given. The whole “You’ll hear shortly” spiel and I was out the door. It felt quick, and I was sweating. The late April autumn weather wasn’t cool enough to prevent the perspiration under my cheap suit, nor did I feel good about what had transpired. Let’s be honest, do any of us every feel good after a job interview? If you answered yes, you may want to reflect on how honest you are with yourself. Or you may want to consider whether you’re actually human and not an AI machine fed with false memories, but I digress.

Later that evening, while at my eldest son’s footy training, I received the phone call: “You’re it”.

Why?

Why me? I mean, not that it’s a bad thing, but why someone who had devoted their time to nothing but education for the past 13 years, who had only studied pedagogical philosophies and who’s only professional development had been on classroom teaching methodologies?

I’m not ready. I’m not the one. It has to be someone else.

Was I certain I wanted out of education? By this point, I wasn’t sure. The only thing I was sure about was that they had made a mistake. Surely there were one or two candidates better qualified than I? I didn’t even have a plan. I didn’t have a strategy. I didn’t bother listening to those influencer recruiters. I didn’t sign up for a course, and even if I had done so, I would not have wanted to!

Why me?

Why not?

You didn’t have a plan. You didn’t have a strategy. You

went for something you found interesting. You related it back to your current role. You sold your skillset and made it relevant to the role you wanted. You were able to communicate that effectively. You were able to model that effectively in the interview. You were able to… You were able to…You were able to…

I’m an overthinker, always have been. But I’m also self-aware enough to know that my overthinking can have repercussions for others. I accepted the job offer. I didn’t question, “why me”, in any discussion I had with my new boss, my new team, the wider organisation.

I was no longer employed as a secondary school media studies teacher with the Western Australian Department of Education. I was now employed as a cybersecurity awareness officer with Water Corporation and, as such, I needed to act like one. I needed to talk like one. I needed to be one.

I was one.

I’m still a teacher. I’m still in cybersecurity. But, I still don’t have a plan. I still don’t have a strategy. I still don’t listen to influencer recruiters on LinkedIn or any other snake oil salesperson out there talking about “how you too can transition to a career in cybersecurity.”

I hope the people who really need to read this article get to read it.

There is no secret sauce or magic juice for getting into cybersecurity. Everyone will have a different story.

Maybe you have a plan. Maybe you have a strategy. Maybe your story will be different, and you’ll fall into cybersecurity and never want to leave.

www.linkedin.com/in/simoncarabetta

Sapna Kumari

Senior Cybersecurity Consultant (Technical)

Ibelieve there is always a new opportunity to learn in the field of cybersecurity.”

For Sapna Kumari, Senior Cybersecurity Consultant (Technical), cybersecurity has never been just about systems and software—it’s a dynamic intersection of technology, risk, and human behavior. Her journey into this fast-evolving field didn’t begin with a childhood dream or a straight path. Instead, it was a gradual, organic immersion, fuelled by curiosity, persistence, and an insatiable appetite for knowledge.

Sapna’s early fascination with the mechanics of how things work naturally led her to read widely about technology, particularly cybersecurity. It was during her Master of Cybersecurity at the University of South Australia that her interest was solidified. “I believe in the theory behind practical concepts,”

she says. “The hands-on cybersecurity labs helped me understand how real-world environments are structured, and that was a game-changer.” It was in these labs—problem-solving, identifying vulnerabilities, and thinking like an attacker—that Sapna began to see herself as a defender.

Yet, the path wasn’t always clear. With a Master’s in Computer Applications under her belt before diving into cybersecurity, the transition felt daunting. “At first, the field’s constant change, the enormous amount of technical expertise needed, and the duty of protecting important data felt overwhelming,” she admits. But rather than retreat, she leaned in—setting small goals, mastering tools one at a time, and building resilience. She credits self-learning and community involvement with helping her push through the uncertainty. “By fostering curiosity and resilience, I transformed my doubts into a catalyst for growth.”

“By fostering curiosity and resilience, I transformed my doubts into a catalyst for growth.”

Her journey has been marked by adaptability. Working in a consulting role has meant adjusting to different clients, technologies, and environments—sometimes all in the same week. “Each customer has a unique working environment and methodology,” she explains. “It’s like joining a new company each time.” But it’s this very diversity that has sharpened her skills and expanded her understanding. Sapna lives by the 5Ps: “Proper Planning Prevents Poor Performance,” a motto that has seen her through even the most complex challenges.

Sapna’s professional compass has always pointed towards growth, not just upward but outward—into areas that pique her curiosity and test her limits. While she didn’t begin with a fixed destination, her openness to explore vulnerability management and incident response has carved out a clear niche. Now, she’s eyeing penetration testing certifications like CompTIA PenTest+, CEH, and OSCP to further hone her expertise.

“Achieving success in a cybersecurity career is a gradual process, with each step offering important experience and personal growth.”

Her advice to her younger self—and anyone considering cybersecurity—is to cultivate curiosity and problem-solving skills early. “Trust the journey and find joy in the process,” she says. And for career changers, she emphasizes the importance of transferable skills. “Whether it’s communication, analytical thinking, or time management—those skills matter. Combine them with foundational knowledge, and you’re already on your way.”

In a world of constant cyber threats and shifting technologies, Sapna remains grounded. She stays current through structured self-learning plans and by immersing herself in cybersecurity communities online. She believes that AI and zero-trust models will redefine how organisations secure data in the near future—and she’s determined to stay ahead.

Still, success isn’t just about keeping up. It’s about balance. “Defining firm boundaries and emphasizing self-care is crucial,” she shares. She’s intentional about setting work hours and guarding her personal time, ensuring she can recharge and continue showing up at her best.

When considering career opportunities, she looks beyond the paycheck. Culture, learning opportunities, alignment with her skills, and work-life balance top the list. “Career growth isn’t just vertical,” she says. “It’s about the right fit for who you are and where you want to go.”

Sapna Kumari’s journey is a testament to the power of adaptability, curiosity, and quiet tenacity. Her story reminds us that cybersecurity isn’t just about outsmarting attackers—it’s about navigating complexity with purpose, and learning to thrive amid constant change.

“Trust yourself, keep learning, and stay curious—the field will evolve, and so will you.”

www.linkedin.com/in/sapna-kumari-5a0453163

“Career growth isn’t just vertical. It’s about the right fit for who you are and where you want to go.”

Min Kyriannis Chief Executive Officer

Don’t get too comfortable. It’s always good to continuously look and want more.”

Min Kyriannis has never been one to follow a single path. As the CEO of a technology company, her career is the product of curiosity, grit, and an enduring fascination with how things work—and how they can be made better.

With over 25 years in the tech industry, Min’s early interest in cybersecurity wasn’t sparked by a single moment but by a lifelong engagement with deep tech. Her passion lies in watching the logical world of technology evolve, in witnessing innovation rise even as new vulnerabilities emerge alongside it. “Seeing how we are innovative yet can be challenged simultaneously is mind-blowing,” she says. That duality—of creation and consequence—is where her work finds meaning.

Min’s career has been shaped by her hunger to learn and adapt. “One thing I never stopped doing was continuously learning and absorbing any information that was provided,” she says. She didn’t wait for ideal

conditions or perfect timing. When opportunities came, she grabbed them. That tenacity led her from a broad technology focus into the intricacies of cybersecurity, including the complex world of operational technology (OT) systems.

There were, of course, moments of uncertainty. Cybersecurity, like any evolving industry, can make even the most experienced professionals feel like novices. “You tend to question whether you are correct because people always know more than you do,” she admits. But for Min, those doubts became part of the process. “The key is being confident in yourself, listening, and being open to learning. Sometimes you will have to get validation of what you do, and surrounding yourself with people smarter than you is always a good way to confirm that.”

Today, as the digital world accelerates into a new era of AI, robotics, and deep machine learning, Min keeps a steady eye on the broader implications. She believes the next two years will be shaped by the collision of powerful new technologies and the urgency of responsible implementation. “We’ll have to be careful in what’s being created,” she says. “There are both positives and negatives with any new developments.”

“The key is being confident in yourself, listening, and being open to learning. Sometimes you will have to get validation of what you do, and surrounding yourself with people smarter than you is always a good way to confirm that.”

She’s also deeply concerned about the speed and sophistication of modern threats. “Bad actors are using deep machine learning or AI to penetrate devices and networks,” she warns. The risks to critical infrastructure are real and growing. “These systems can cause entire cities to fall and financial systems to crash. We need to be cautious about the speed and persistence of attacks.”

Despite the challenges, her support system remains a cornerstone. Her husband, Jimmy, and their two daughters, Maria and Marina, are constant sources of inspiration and grounding. “My kids are the next generation of leaders, so what we do influences their decisions in life,” she reflects. Her family isn’t just along for the ride—they’re part of the journey. Her youngest has even taken an early interest in investments, inspired by the conversations around the dinner table.

That blend of personal and professional fulfilment carries over into what she loves most about her role: the people. “Opening new ideas and thoughts is primarily about meeting new people and interconnecting with everyone,” she says. Having worked across sectors, she finds real joy in bringing them together and watching innovation take root in unexpected ways.

Balance, too, plays a central role in her philosophy. “I’m a wife, a mother, the family cook, and an entrepreneur,” she says. Her life is full—but intentionally so. “I think the key factor here is enjoying what I do and reminding myself to be inclusive with my kids and family.”

Her commitment to community and service is reflected in her affiliations. As a board member of the Security Industry Association (SIA), she values how the organisation fosters both learning and industry connection. She also serves as board chair for Women in International Security (WIIS), a role that offers her a unique lens into policy, peacekeeping, and global leadership. As vice chair for the Federal Enforcement Homeland Security Foundation (FEHSF), she helps provide rapid-response aid to federal law enforcement officers and their families. These roles don’t just enhance her professional life—they reaffirm her core values.

For those entering cybersecurity from other sectors, Min offers both realism and encouragement. “Never give up on yourself, but also ask a lot of questions,” she advises. In an ever-changing landscape, curiosity is not just a strength—it’s essential. “Other industries will emerge as technology advances, so keep an open mind.”

At the heart of it all, Min Kyriannis is a systems thinker, a connector, and a leader who never stops learning. Her journey proves that when you stay curious, stay humble, and stay hungry, the path forward—even in an industry built on risk—can be remarkably rewarding.

www.linkedin.com/in/mkyri

Disha Nagasiddappa Somashekar

Cyber

Security Operations Analyst

Disha Somashekar’s journey into cybersecurity didn’t begin with a grand plan or childhood dream. It started quietly, almost accidentally, during her time at Amazon, where she worked as a Transaction Risk Investigator. It was there, amid conversations with customers whose accounts had been compromised, that she first encountered the real-world implications of digital threats.

The experience lit a spark. She found herself intrigued by stories of ethical hackers—individuals who turned their technical acumen into a force for good. The idea that someone could uncover vulnerabilities and protect people, rather than exploit them, deeply resonated with her. What began as a curiosity soon transformed into a calling.

“Rather than pausing everything for a year chasing something uncertain, why not build on the opportunities already available?”

Disha had originally envisioned a future in management, with her sights set on India’s prestigious IIM institutions. When plans didn’t unfold as expected, a conversation with someone from the administrative team at Jagdish Sheth School of Management (JAGSoM) shifted everything. Inspired by the advice to keep moving forward rather than standing still, she enrolled in JAGSoM’s dual-degree program—earning a Post Graduate Diploma in Management and a master’s in Digital Forensics and Cybersecurity from the University at Albany.

The transition wasn’t smooth. Entering the cybersecurity space with little prior knowledge, she initially struggled to understand the complex concepts being taught. But rather than giving in to self-doubt, she took matters into her own hands—researching certifications, studying late into the night, and asking the difficult questions. Her determination to bridge the knowledge gap paid off. In just nine months, Disha laid the foundation for a career she hadn’t anticipated but had grown to love.

“Be your own competition—constantly reflect, improve, and learn something new every single day.”

Now a Cyber Security Operations Analyst, Disha thrives in the face of challenges. She’s driven not just by completing tasks, but by mastering them. She takes pride in immersing herself fully in new responsibilities, often tackling work that stretches beyond her comfort zone. This hunger for excellence and growth has earned her recognition for consistently meeting deadlines and delivering highquality results.

At the heart of her success is a relentless commitment to personal development. She continues to pursue certifications—CISSP, CEH, CCSP, and more—strategically selecting them to stay ahead of industry trends and deepen her expertise. Whether through Capture The Flag competitions, networking, mentorship, or hands-on labs, she makes learning a daily practice.

“Balance doesn’t mean perfection—it means being present.”

In a high-pressure field like cybersecurity, Disha knows the importance of balance. She protects her well-being with the same vigilance she applies to protecting systems: prioritizing sleep, nutrition, and movement. Dancing and badminton help her recharge and find flow, while intentional time management allows her to show up fully in both her professional and personal life. “Being around with friends and family makes me feel better”

Looking ahead, she’s thoughtful about what comes next. Career advancement, for Disha, isn’t solely about salary. She seeks environments where continuous learning is encouraged, where culture and ethics matter, and where her contributions can make a real impact. She’s drawn to companies with a strong vision for the future—organizations that see cybersecurity not just as a technical challenge, but as a mission to protect people and empower communities.

“Don’t be afraid of starting over or taking a different path.”

Disha’s story is a powerful reminder that career paths aren’t always linear—and that success often comes from embracing the unexpected. For those transitioning into cybersecurity from other fields, she offers both empathy and guidance: start with the basics, seek mentorship, engage with the community, and give yourself time to grow. Above all, be persistent.

Her journey—from uncertainty and detours to purpose and precision—captures the heart of what it means to be a woman in security today. Resilient. Curious. Always evolving.

www.linkedin.com/in/dishans21

Cyber Security Consultant

Itransitioned from Biomedicine into cybersecurity, and it was definitely a challenge coming from a non-technical background with a completely different way of thinking,” reflects Inez Chong, a Cybersecurity Consultant. Her journey from biomedicine to the world of cybersecurity is a testament to persistence, adaptability, and the willingness to embrace a steep learning curve. For Inez, the shift wasn’t simply about acquiring technical knowledge—it was about transitioning her mindset, a shift she navigated with curiosity and determination.

Inez’s initial interest in cybersecurity was sparked through a blend of curiosity and opportunity. Though her background was in biomedicine, she was drawn to the logical problem-solving and complex challenges that cybersecurity posed. “What helped me most

“What helped me most was being persistent, staying curious, and not being afraid to ask for help."

was being persistent, staying curious, and not being afraid to ask for help,” she admits, acknowledging that the transition was not without its hurdles. This approach, coupled with a commitment to selflearning, helped her move from the biomedical field into a cybersecurity career, a shift that required both technical mastery and a strategic mindset.

Her career as a cybersecurity consultant is dynamic and ever-evolving. Inez describes her work as engaging with a variety of clients, each with distinct security needs and challenges. “No two days are ever quite the same,” she says, reflecting on the unpredictability and excitement of her role. A typical day might involve assessing security postures, identifying risks, or advising on cloud configurations and security controls. “It’s a fast-paced role, but incredibly rewarding, especially when I see the tangible impact of the work we do.”

The complexity of cybersecurity is ever-present in her daily work, especially in a world where threats evolve as rapidly as technology. Inez’s ability to adapt is key to her success. “My role requires constant learning,” she says, adding that staying abreast of

Inez Chong

“Don’t be discouraged by the learning curve—lean into it, stay consistent, and make the most of the supportive cyber community around you.” developments is vital in this fast-paced field. To do so, she attends events hosted by organizations like ISACA, NZ Women in Security, and Hack the Box. “Meeting professionals across different roles has helped me better understand potential career paths,” she explains, noting that these affiliations have also been invaluable for learning, networking, and staying current.

As a consultant, Inez’s ability to communicate complex technical findings to non-technical stakeholders is vital. “A big part of my role is also communication—translating complex technical findings into clear, actionable advice,” she says. This skill is essential for her work, as it enables her to make cybersecurity solutions accessible to clients with varying levels of technical expertise.

Looking to the future, Inez identifies AI-driven attacks as one of the most significant developments in the cybersecurity landscape. “As attackers start using AI to automate and scale their efforts, defenders will need smarter tools to keep up,” she notes. The growing focus on digital identity and zero-trust models also piques her interest, particularly as remote work and cloud services continue to expand.

When it comes to her future, Inez is focused on pursuing expertise in cloud security, an area she finds fascinating for its interconnectedness. To support her ambitions, she plans to pursue certifications such as AWS Security Specialty and Certified Cloud Security Professional (CCSP). “I’m really interested in moving into the cloud security niche,” she shares, emphasizing her desire to understand how everything interconnects in the cloud.

Despite the demands of her career, Inez values worklife balance. “In a fast-paced field like cybersecurity, it’s easy to get caught up in work, so I make it a point to create space for my personal life,” she says. Whether it’s hitting the gym after work, spending time with family and friends, or dedicating time to her hobbies, she prioritizes activities that recharge her and maintain her focus.

For those looking to break into cybersecurity, Inez’s advice is rooted in persistence and curiosity. “Don’t be discouraged by the learning curve—lean into it, stay consistent, and make the most of the supportive cyber community around you.” She believes that hands-on experience is crucial, whether through labs, internships, or capture-the-flag (CTF) challenges. “For anyone studying to get into cybersecurity, I think it’s important to focus on areas like computer networks, operating systems, and programming,” she advises, adding that practical experience is key to turning theoretical knowledge into real-world skills.

Inez’s journey shows that with curiosity, persistence, and a willingness to learn, one can thrive in even the most demanding fields. From transitioning careers to navigating the complexities of the cybersecurity landscape, Inez’s story is an inspiring example of resilience and growth in a rapidly evolving industry.

www.linkedin.com/in/inez-chong-18030b1b6

Banner Ads

Prime placement at the top or middle of key sections for high engagement

• Help sustain a publication that has made a difference in the lives of countless readers

• Amplify your brand’s visibility in the global security industry

• Be a part of our mission to inspire and empower professionals worldwide

Full-Page

Showcase your brand with Listings

Showcase your company in the Women in Security Magazine's exclusive directory—connecting you with industry leaders and innovators.

Audience Snapshot

Bi-Monthly Circulation 5,000+ readers globally

You to HELP Us Lights On

Opportunities

options to suit your needs, including:

Partner Magazine Ownership Opportunity

Align your brand with industry excellence and innovation by partnering with Source2Create. Receive exclusive ownership recognition for Women in Security Magazine, delivered on your behalf as the sole partner of this prestigious publication.

REQUEST A QUOTE

Full-Page Ads

with maximum visibility

Event Promotion

Spotlight your events, webinars, or conferences to a targeted audience

CRAIG FORD

Craig is an experienced cyber security professional with various qualifications including two master’s degrees. He is the Head Unicorn (co-founder and director) of Cyber Unicorns, in which he acts as a vCISO to clients such as Baidam Solutions, Wesley Mission, PCYC, Hungry Jacks and Ipswich City Council. He was CTO (Chief Technology Officer) for Baidam Solutions between January 2022 to June 2023, where he led the technical services team, helping to build out the internal services capability for Baidam. Craig was QLD chair for AISA for two years until he was appointed to the national board of directors in December 2022.

Craig is a published author with three different book series – ‘A Hacker I Am’ cyber education series, ‘Foresight’ is his Cyberpunk/hacker fantasy novel series and then there is ‘The Shadow World’, a co-authored kids cyber education book. He is a freelance cyber security journalist and is a regular columnist with the Women in Security Magazine, as well as a freelance contributor for Cyber Today, Top Cyber News, SecureGov, Careers with STEM and Cyber Australia magazines.

COLUMN

You have a seat at the table, now what?

Anyone who knows me will know I am a big advocate for diversity in all its forms. I think it challenges us to think differently and see things from another’s perspective, one that we may never have considered. In cybersecurity this is key to tackling some of the big issues we face; to helping us change how we have approached problems. Because, if we are honest with ourselves, we are not making much progress pushing back the hordes.

We are losing the war. Sometimes we do win battles, but we are failing to fully defend society from constant bombardment by the malicious hordes. It’s a reality we are living with. Don’t get me wrong, it is not from a lack of effort. Most of us are putting in the hours, putting in the effort, but we just aren’t making any real progress.

I am not suggesting we give up. With some real focus and determination I think we can win this fight.

How?

The first step is to change our approach to supporting diversity. If you are like me and have worked hard to get where you are in our amazing industry, you have gained your seat at the table.

CONGRATULATIONS, YOU HAVE MADE IT

Now your hard work really begins.

I know you could be freaking out right now, thinking “Has Craig gone mad? I have spent years getting here and what does he mean by ‘the hard work starts now’?”

Well, it is simple really.

You are now in a position of influence where you can help make that journey easier for others. This is not a competition. Most of us want the same things. Don’t hold others back, be a true leader and hold others up, help them be seen for the great things they do. Don’t take credit when credit is due elsewhere in your teams. It takes a true leader to risk having someone overtake them by helping that person progress their career. However, for someone who enjoys helping others, the personal rewards are more than enough. I feel a great sense of pride knowing I have helped someone reach their goal and be recognised for the amazing work they have done.

As I said above, it’s not a race. We each have our own path to follow. If someone overtakes you, be happy for them and keep doing what you know is right. Karma

will repay your kindness in the end, even if only with happiness and real fulfilment.

Next, if you want diversity in your teams, help create it from the top. I am not talking about token roles. I am talking about giving roles to the people who have earned them. This isn’t about statistics or fulfilling a quota. It’s about helping everyone reach the level they aspire to (or the level you know they can achieve with some help). It’s about choosing diversity in all its form: backgrounds, education and gender. It’s about helping everyone to be on a level playing field, getting the same earnings for the same jobs and the same opportunities to advance.

Creating this kind of environment will naturally help your team diversify. It will help your organisation succeed in one of the most exciting and challenging

industries. It will help both girls and boys see amazing women and men smash through the glass ceiling. You can’t be what you can’t see. So, let’s make it a reality. Let’s show how leaders are supposed to act, and help others achieve their dreams.

Be that change now. You do have that seat at the table after all.

www.linkedin.com/in/craig-ford-cybersecurity

www.facebook.com/CyberUnicorns

www.instagram.com/cyberunicorns.com.au

x.com/CraigFord_Cyber

www.cyberunicorns.com.au

INDUSTRY PERSPECTIVES

THE ROLE OF WOMEN IN SHAPING CYBERSECURITY POLICIES AND LEGISLATION

by Lisa Ventura MBE , Founder – Cyber Security Unity

Cybersecurity is one of the most important issues organisations need to focus on today with governments, corporations and individuals facing an ever-evolving array of digital threats. As cyber threats become more sophisticated the need for comprehensive policies and stronger legislation grows. However, crafting effective cybersecurity policies requires diverse perspectives, because cybersecurity threats impact different demographics in distinct ways.

Historically, the field of cybersecurity, in both practice and policymaking, has been very male-dominated. However, in recent years women have increasingly taken on pivotal roles, ensuring that cybersecurity policies and legislation are inclusive, equitable and effective.

This article explores the critical role women play in shaping cybersecurity policies and legislation, highlighting their influence in ensuring diverse perspectives are considered in the formulation of cyber laws and regulations. It also examines the

challenges women face in the cybersecurity field and the impact of their contributions on the broader security landscape.

WOMEN’S GROWING INFLUENCE IN CYBERSECURITY POLICY AND LEGISLATION

Bridging the gender gap in cybersecurity leadership Despite the underrepresentation of women in cybersecurity, many have risen to positions of influence in policymaking, regulatory bodies and advocacy organisations. Women leaders in cybersecurity policy bring unique insights into the conversation, emphasising privacy, digital rights and the social implications of cyber threats. They advocate for inclusive policies that address the needs of all citizens, particularly marginalised communities that may be disproportionately affected by cybercrime.

Prominent figures such as Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency (CISA), and Anne Neuberger, deputy national security advisor for cyber and emerging

LISA VENTURA

technology, have been instrumental in shaping US cybersecurity strategies. Similarly, European policymakers such as European Commission vice president Margrethe Vestager have played key roles in regulating big tech and strengthening cybersecurity resilience.

The role of women in legislative advocacy

Women are not only participating in cybersecurity policy discussions but are actively driving legislative changes. Female lawmakers and policymakers have been at the forefront of advocating for stronger cybersecurity regulations, consumer data protections and ethical artificial intelligence governance.

For example, senator Kirsten Gillibrand has championed data privacy legislation in the US, recognising the need for stronger protections against digital threats. In the UK, Baroness Joanna Shields has been a leading voice in online safety and cybersecurity policies, pushing for more accountability among tech giants.

Women in policy advocacy organisations, such as the Electronic Frontier Foundation (EFF), the Center for Democracy & Technology (CDT), and Women in Cyber Security (WiCys), are also influencing the global cybersecurity conversation. Their efforts help ensure that cyber laws consider diverse populations and address emerging threats such as online harassment, digital financial fraud and cyber-enabled genderbased violence.

Ensuring ethical and inclusive cyber security policies

Some of the most significant contributions of women to cybersecurity policymaking are in ethical considerations and inclusivity. Traditional cybersecurity frameworks have often been developed from a purely technical perspective, neglecting the social, economic and human rights dimensions of cyber threats.

Women in cybersecurity have been vocal about issues such as algorithmic bias, surveillance overreach and the impact of cyber policies on marginalised groups. Their advocacy has led to more balanced legislation

that protects privacy rights, ensures transparency in data collection and holds corporations accountable for ethical cybersecurity practices.

For example, European policymakers, including female members of the European Parliament, have been key players in advancing the General Data Protection Regulation (GDPR). The GDPR has set a global standard for data protection, ensuring individuals’ rights are respected in the digital age. Similarly, female leaders in international organisations such as the United Nations’ International Telecommunication Union (ITU) have pushed for global cybersecurity cooperation and equitable access to cyber resources.

Gender

representation in cybersecurity policy

Despite efforts to promote diversity in technology and security, women make up only about 24 percent of the cybersecurity workforce globally, according to a study by ISC2. The percentage of women in leadership and policy roles is even lower. Women in cybersecurity policy often struggle with visibility, credibility and access to opportunities compared to their male counterparts.

Several factors contribute to the gender disparity in cybersecurity policy roles, including:

• Historical exclusion: cybersecurity has traditionally been a male-dominated field and many leadership positions continue to be filled by men.

• Lack of role models: few women in senior cybersecurity policy roles means that younger women have fewer mentors and examples to follow.

• Unconscious bias: hiring and promotion decisions can be influenced by gender stereotypes, leading to fewer women in leadership roles.

CHALLENGES FACED BY WOMEN IN CYBERSECURITY POLICY

Gender bias and stereotyping

One of the most significant barriers women face in cybersecurity policy is gender bias. The stereotype that cybersecurity is a technical and male-oriented field can create an environment where women are seen as less competent or authoritative in discussions about security policy.

Women must often work harder to prove their expertise, even when they have the same or higher qualifications than their male counterparts. This bias can manifest in:

• Dismissal of ideas: women’s contributions in policy discussions may be overlooked or undervalued.

• Double standards: women may be judged more harshly for making mistakes or expressing strong opinions.

• Assumptions about technical knowledge: women may be questioned about their understanding of cybersecurity concepts, even when they hold policy roles that do not require deep technical skills.

Workplace culture and inclusion issues

Like many tech fields, cybersecurity often has a workplace culture that can be unwelcoming to women. Such a culture can include:

• Male-dominated networks: many policy discussions, conferences and networking events are male-dominated, making it harder for women to build professional connections.

• Exclusion from decision-making: women may find themselves sidelined in important discussions, or not being given leadership opportunities in major policy projects.

• Hostile work environments: some women in cybersecurity policy report experiencing harassment, discrimination or a lack of support from colleagues.

Limited career advancement opportunities

Women in cybersecurity policy often struggle to advance to leadership positions due to:

• The glass ceiling effect: even when women have the necessary experience and skills they may be overlooked for promotions in favour of male colleagues.

• Lack of sponsorship: while mentorship is valuable, women also need sponsors—senior leaders who actively advocate for their promotion and career growth.

• Unequal access to high-profile projects: women may be assigned less critical roles or administrative tasks rather than being given leadership opportunities in major cybersecurity initiatives.

Work-life balance and expectations

The demanding nature of cybersecurity policy roles—especially those in government or corporate leadership—can make it challenging for women who also bear caregiving responsibilities. These challenges include:

• Long hours and on-call expectations: cybersecurity policy roles often require urgent responses to cyber incidents, leading to unpredictable work hours.

• Lack of flexible work options: while remote work has become more common, a constant physical presence is still expected for many leadership roles.

• Motherhood penalty: women who take time off for family reasons may find it harder to re-enter the workforce or advance in their careers.

Underrepresentation in thought leadership and conferences

Cybersecurity policy is heavily influenced by think tanks, government advisory boards and international conferences. Women are underrepresented as speakers, panellists and authors in these influential spaces. This underrepresentation can result in:

• Lack of visibility: women’s perspectives may be missing from key policy debates.

• Fewer opportunities for recognition: speaking engagements and publications help establish credibility, and the lack of representation can hinder career growth.

• Reinforcement of the gender gap: Women not being seen as thought leaders perpetuates the cycle of exclusion.

Addressing the challenges: steps towards positive change

While the challenges women face in cybersecurity policy are significant, several solutions can help promote inclusivity and equity in the field.

1. Encouraging mentorship and sponsorship

Organisations should establish formal mentorship and sponsorship programs to support women in cybersecurity policy. Senior leaders should also advocate for women’s career advancement and actively recommend them for leadership roles.

2. Addressing workplace bias and culture

Companies and government agencies must implement bias training and enforce policies against discrimination. Diversity and inclusion efforts should be more than performative; they should result in real changes in hiring, promotions and workplace dynamics.

3. Promoting women in thought leadership

Organisers of conferences and industry events

should commit to gender diversity in their speaker lineups. Women should be encouraged and supported in publishing research, speaking at forums and taking leadership roles in policy development.

4. Implementing flexible work policies

Offering remote work, flexible hours and better parental leave policies can help retain talented women in cybersecurity policy roles. Employers should recognise that work-life balance benefits both employees and organisations.

5. Strengthening educational and pipeline programs

Encouraging young women to pursue studies in cybersecurity, law and policy can help build a stronger pipeline for future leaders. Schools, universities and professional organisations should offer scholarships, training and networking opportunities for women in cybersecurity policy.

STRATEGIES TO INCREASE WOMEN’S IMPACT IN CYBER SECURITY POLICY

Encouraging women’s participation in cybersecurity policy

To enhance women’s impact on cybersecurity policymaking, proactive measures must be taken to encourage their participation. These should include mentorship programs, leadership training and targeted initiatives to recruit more women into cybersecurity policy roles.

Establishing support networks and advocacy groups

Organisations such as Women in Cybersecurity (WiCyS) and the Global Forum on Cyber Expertise (GFCE) have been instrumental in creating platforms for women to engage in cybersecurity policymaking. These networks provide mentorship, resources and advocacy support for women seeking to influence cyber legislation.

Promoting gender-inclusive cyber policies

Governments and international bodies must commit to gender-inclusive cybersecurity policies. These should include integrating gender analysis into cyber regulations, ensuring women’s voices are included in decision-making processes and addressing genderbased cyber threats in legislation.

Addressing online harassment and digital genderbased violence

Given the rise of cyber-enabled gender-based violence, cybersecurity laws must include specific provisions to protect women online. Policies addressing issues such as deepfake technology, online harassment and non-consensual image sharing are crucial to ensuring digital safety for all.

FINAL THOUGHTS

Women have played a crucial role in shaping cybersecurity policies and legislation, ensuring diverse perspectives are represented in cyber governance. From advocating for ethical AI and data protection laws to leading international cybersecurity efforts, their contributions have strengthened digital security frameworks worldwide. However, challenges such as gender bias, underrepresentation and online threats continue to hinder achievement of their full potential in cybersecurity policymaking.

To build a more inclusive and effective cybersecurity policy landscape it is imperative to support women’s participation, amplify their voices in decision-making forums and implement gender-responsive cyber regulations. By doing so we can move beyond merely giving women a seat at the table and ensure their expertise and insights actively shape the future of cybersecurity legislation.

ABOUT LISA VENTURA MBE

Lisa Ventura MBE is an award-winning cybersecurity specialist, published writer/ author, journalist and keynote speaker. She is the founder of Cyber Security Unity, a global community organisation dedicated to bringing together individuals and organisations who actively work in cybersecurity to help combat the growing cyber threat. She is also the founder of Neuro Unity, a non-profit that champions and promotes neuroinclusion for all. As a consultant Lisa also provides cybersecurity awareness and culture change training and works with cybersecurity leadership teams to help them collaborate more effectively. She also provides training to organisations on the benefits of hiring neurodivergent people. She has specialist knowledge in the human factors of cybersecurity, cyber psychology, neurodiversity and AI in cyber. More information about Lisa can be found on www.lisaventura.co.uk

LISA ON SOCIAL MEDIA AND YOUTUBE

x.com/cybergeekgirl

www.linkedin.com/in/lisasventura

www.facebook.com/lisasventurauk

www.instagram.com/lsventurauk

bsky.app/profile/cybergeekgirl.bsky.social

www.youtube.com/@CyberSecurityLisa

CYBER SECURITY UNITY'S CHANNELS

www.linkedin.com/company/csunity

x.com/CyberSecUnity

www.facebook.com/CyberSecUnityUK

Let Us Join Your Team Now !!!

"Get skilled support to fill your team’s gaps at the same wage rate.

Source2Create provides a team of professionals across marketing, social media, admin, and content management, ready to enhance productivity without adding strain to your budget."

DO YOU CURRENTLY HAVE ANY OF THE FOLLOWING REMOTE OPEN POSITIONS?

Marketing support

Marketing strategy

Event coordinators/managers

Telemarketers

Linkedin/Instagram managers

Admin support

Canva ad creators

Wordpress content administrator

Admin and Data Entry

SCHEDULE A CALL TODAY OR EMAIL ABY

ABY@SOURCE2CREATE.COM.AU

FINANCIAL LITERACY CAN PREVENT PEOPLE FROM BECOMING VICTIMS OF SCAMS

By Annie-Mei Forster , Senior GRC consultant

at Securus Consulting Group , co‑host of the Lost In Cyberia podcast and provides cybersecurity tips on the @thecybersecuritygals Instagram

I recently listened to an episode of The Perfect Scam podcast about a 25-year-old woman who had her inheritance wiped out in a crypto-dating scam.

In the episode she discussed how she had no idea about investing, or how cryptocurrencies worked. After meeting a man online, he convinced her to invest money into crypto. It was small amounts at first, but eventually, as her confidence grew, she invested all the money she had inherited from her mother. Unfortunately, she never saw any of this money again.

As someone who has recently started investing in the stock market, I wondered: if this woman had a basic understanding on investing, would she have fallen victim to this type of scam?

Historically, there are many reasons why women have been underrepresented in stock market investing, including financial education traditionally being directed toward men. There is also research that suggests women approach financial risk differently.

According to the CFA Institute, historically, only 40 percent of women have invested. However, things are starting to shift with 77 percent of Gen-Z women investing today. This means not only that more women are investing but are investing earlier. Those extra years of investing will make a huge difference. However, it may come as a surprise that women who do invest tend to have better investment returns while taking less risk than men.

WHY WOMEN ARE TARGETED FOR FINANCIAL SCAMS

Scammers often perceive women as easier targets due to factors such as a tendency to trust others and a lack of awareness about financial scams. Older women who are divorced or widowed are often targeted because they’re seen as more financially stable and looking for companionship.

While there are more avenues now for women to learn about investing, talking about money is still seen as taboo, and many women lack confidence in investing.

ANNIE-MEI FORSTER

This makes them a target for financial scammers who offer to guide their victims through the investment process and make it easy for them to understand.

ONLINE DATING AND CRYPTO SCAMS

Financial scams are big business. In 2023, Australians lost more than $40 million to fake investments through dating websites and social media. Scammers go to great lengths to gain the trust of people through these online dating platforms in the hope of luring their victims into investing their money into crypto scams or other fake investments.

Cryptocurrency investment fraud is the most common type of cryptocurrency scam. In the US, the FBI’s Internet Crime Complaint Center (IC3) reported that losses from these crypto-related investment scams rose from US$2.57 billion in 2022 to US$3.96 billion in 2023. That’s a 53 percent increase.

Most complaints filed came from individuals aged 30-39 and 40–49, but those that suffered the highest losses were over the age of 60. This type of crime not only leaves victims with their bank accounts drained but also with the knowledge that the person who duped them did not love them.

HOW TO PROTECT AGAINST SCAMS AND ENHANCE FINANCIAL LITERACY

Here are some ways to protect yourself against financial scams and learn about finance.

• Be cautious of unsolicited financial advice or investment opportunities. Always verify information sources. And if something sounds too good to be true, it probably is.

• If you’ve met someone through an online dating app, try and meet in person to verify they are who they say they are. Scammers are often located overseas. If they’re reluctant to meet up, it could be a big red flag.

• There are lots of great podcasts that are beginnerfriendly for anyone looking to get into investing. Some of my favourites include Girls That Invest, Get Started Investing, Financial Feminist, Get Rich Slow Club and Networth and Chill.

• Talk to a certified financial advisor if you’re planning on making a big financial decision or investment.

• Go to financial events where you can meet likeminded individuals who are also looking to learn. I went to a Ladies Finance Club event last year which was great. Not only did they have speakers who talked about investing, but also speakers on other topics, including clearing debt and buying property.

• Educate yourself on financial topics by reading widely. Nowadays there are many great free resources online. Read the financial section of the newspaper, sign up for financial newsletters and follow financial experts on social media.

WHAT DO I DO IF I HAVE BEEN SCAMMED?

Victims of financial scams can feel a lot of shame, especially if they have also convinced their friends and family to invest. If you have been scammed you can get in touch with the Global Anti-Scam Alliance, which has a community for people who are victims. The woman in The Perfect Scam podcast episode I listened to said she felt much better after talking with other people who had been in similar situations.

Make sure you report the scam to the police. In Australia, you can also go to the Scamwatch website, which has resources on how to spot scams and how to report them.

Financial literacy is a powerful tool in preventing financial scams because it helps individuals recognise red flags, make informed decisions, and protect their money from scammers.

www.linkedin.com/in/annie-mei-forster

KATE HEALY

BUILDING EMPOWERED CYBER: LESSONS FROM A YEAR IN THE FOUNDER’S CHAIR

By Kate Healy, Executive Director and Founder of Empowered Cyber

Last year I took the leap into the world of founders by starting my own boutique cyber advisory firm. My goal is to empower companies with cyber security knowledge. Especially those without large security teams who don’t have access to resources that can help with strategy, risk management and talking to the board. In particular, small to medium enterprises, technology start ups and scale ups and vendors. I also wanted to provide services that were accessible and ensure ongoing client education as part of any engagement, leaving any client more knowledgeable than they were before we met. And so Empowered Cyber was born.

The past year has certainly been a journey. Becoming a founder is like riding a rollercoaster without a safety belt. One minute you are laughing with joy, the next you are out of your chair holding on for dear life. It requires you to learn and pivot quickly. From book keeping and Business Activity Statements to learning how to quote, ensuring contracts are in place and creating a partner ecosystem, it’s been a steep learning curve.

One of the hardest things to do is to walk away from an idea, especially one you know will make

the industry better. But to be successful, you have to research and objectively critique your business strategy and decide whether it will actually succeed. Unfortunately I had to make this decision early in Empowered Cyber’s journey. Throughout my career, I have been involved in hundreds of third party or vendor risk assessments. This is a process where we review the security controls of a provider and decide whether there is a risk, unfortunately many startups or smaller companies failed the review. Either they didn’t get the business or had to spend a significant amount of money improving their security, or worse, we as the customer had to accept the risk of doing business with them.

A key part of my business plan was to solve this problem by providing an affordable risk management product for startups and scale ups. I spoke to investors and venture capitalists about whether they would provide funding to their portfolio to ensure they developed more secure products, but disappointing, the answer was no. Sadly, with 90% of start ups failing, only the minimal viable product is funded, this often doesn’t include security. Deciding to walk away from a product I believed could make a real impact was an extremely difficult decision, but it was one that

had to be made quickly to allow me to focus on other areas I could make an impact.

I’ve also had some areas of great success. One of my favorite clients to work with are vendors. Empowered Cyber is vendor agnostic, but we work with vendors to help them better communicate with cyber security teams. This is important because security teams need to understand how a product is secured and if the sales team is unable to explain this, it can create a lot of friction for both the vendor and the customer. Or when it comes to security products, security teams can’t always understand how a product can help them. This is a problem as it can mean they are missing out on an opportunity to be more secure.

And despite the challenges, I’ve had the privilege of working with other founders to help them secure their own products and it’s a privilege to be part of their journey towards changing the world.

One of the great things about becoming an entrepreneur is meeting others on the same journey, many of them women, thanks to events specifically created for female founders. When I started my career in cyber security 25 years ago, it was rare to see another woman, however now there are not only more women in the industry, some of them are killing it at creating products or services that are helping to keep us all secure.

But sadly, I’ve also seen many return to corporate roles within a year of starting out, especially in consulting. Whilst many of us smaller firms provide equivalent but more personalised services, we are often overlooked for more costly services provided by established brands. It can also be tough being in the constant feast or famine cycle that comes with the first couple of years of creating an advisory firm. The constant pressure of delivering whilst looking for new opportunities can mean many founders don’t take time out, this can take its toll.

It can be a lonely journey. When you work for someone else, you have ongoing feedback on how you are performing. When you are a sole founder, without that feedback, it can be hard not to look at

your progress negatively. It takes a lot of resilience to keep going. It’s also one of the reasons awards and industry recognition are so important.

I’m often asked what it’s like being a female founder in cyber security. For the most part, I believe I’m the same as any other founder, but there are certainly additional challenges. There are still some that see me as a Sales person or not that technical, despite having a Computer Science degree, technical certifications and a long career in the industry. This can be an initial barrier, but is overcome once they see the quality of the results delivered.

One of the best things about running your own company is that you can write your own rules. I’m a firm believer that small actions have big results, especially when it comes to closing the skills gap and helping the next generation enter the industry. At Empowered Cyber, I take university students with me to client engagements, providing them with valuable experience. One student was even given a part time placement after working with one of my clients, giving her a huge advantage for when she graduates.

Being a founder is not easy, but I’ve found that being clear about your why and always keeping your eye on the north star keeps you going. I’ve also never felt I could have as much impact on improving cyber security as I do now.

www.linkedin.com/in/someonesaycyber

www.linkedin.com/company/empowered-cyber

empoweredcyber.com

MARISE ALPHONSO

WOMEN BEING MORE THAN A PRESENCE IN CYBER ROLES

By Marise Alphonso, Information Security Professional

Early last year, ISC2 estimated women constitute between 20 and 25 percent of the global cyber workforce. Looking beyond women’s presence in a workplace and the filling of quotas for an organisation’s gender equity initiatives, more needs to be done to increase women’s participation in the cybersecurity industry to allow society to benefit from the skills women can bring to cyber roles.

I’ve experienced this first-hand through my participation in the industry via cybersecurity roles in workplaces, cybersecurity courses and industry events where women were a minority. The benefits of more women working in cybersecurity could be multidirectional: enabling more women to engage in interesting work, more organisations to be cyber secure thanks to an increased workforce, and the economy to be more resilient.

In my experience, and speaking for other women who work in cybersecurity, women will feel empowered to do their best work when the industry and workplaces provide them with the conditions that enable them to be their authentic selves and apply these best selves to adding value while working in cybersecurity.

The following are my experiences and recommended conditions that will allow women to be more than a ‘presence’ in a work environment.

• Organisations filling cyber roles

– Organisations should seek leaders who are willing and able to provide environments that are supportive of the needs of women balancing career and family needs. In practice, this means flexible work arrangements where work is output-driven, mentoring opportunities where women are given guidance and feedback to facilitate their personal and professional growth, and stretch assignments which grow skills that can be learnt or strengthened.

– Clarity should be provided on the scope of a cyber role being recruited for: cybersecurity is an extremely broad field spanning domains that include security governance, hands-on technical roles, cyber law and security culture. The extent of what is required to bolster an organisation’s cyber offensive and defensive capabilities can be overwhelming, and job descriptions often do not give candidates confidence about what is expected for a role.

Descriptions can be either very light-on when explaining role responsibilities or, on the flip side, require a myriad of skills that may be impossible to find in a single candidate.

– Organisations should develop a culture of highperforming teams where security personnel work collaboratively and pull their weight equally using their skills to achieve outcomes that mature and uplift organisational cyber capability. Cyber work has breadth and depth, and effective team work to uplift cyber maturity is key.

• The cyber industry

– Women need to be given opportunities to understand what working in cybersecurity looks like. There are a number of programs in place that provide this view for girls in high school who may be considering a future career in cybersecurity and there are industry events for women who may want to transfer to a career in cybersecurity. However, more needs to be done to expose details of the various roles in cybersecurity.

– The industry needs to promote the cyber profession as one that has social impact and offers protection for a community and society at large. Given the interconnectedness of today’s business world with its far-reaching supply chains, the strength of a small business’ cybersecurity could be a significant determinant of the overall security of an entire supply chain.

WOMEN IN CYBERSECURITY

• Women who work in, or aspire to work in, cybersecurity must develop attributes that allow them to raise their profiles and make a difference in the profession. Actions they can take include:

• Cybersecurity is a rewarding profession. Awareness and understanding of the career paths it presents can enable women to focus and hone their skills in the areas that interest them.

• Women who are interested in a career in cyber must be able to articulate how their skills and experiences can translate to skills they can use in cybersecurity, whether these are technical skills or others they have acquired through previous roles or life experiences.

• Women should seek to develop skills beyond cybersecurity: the ability to influence, communicate, problem-solve and articulate cybersecurity issues and risks to a variety of stakeholders internal and external to an organisation.

• Women must know their worth and negotiate for roles that allow them to use their skills in ways that benefit the organisation they work for as well as enabling them to enhance those skills, and apply those enhancements

IN SUMMARY

There are numerous conditions that must align for that ‘more than a seat at the table’ adage to benefit women, the organisations they work for, the cybersecurity industry and society at large.

www.linkedin.com/in/marisealphonso

KAREN

STEPHENS

Karen Stephens is the co-founder and CEO of BCyber. After more than 25 years in financial services, Karen moved into SME cybersecurity risk management. She works with SMEs to protect and grow their businesses by demystifying the technical aspects of cybersecurity and helping them to identify and address cybersecurity and governance risk gaps. She was recently named inaugural Female Cyber Leader of the Year at the 2023 CyberSecurity Connect Awards in Canberra.

COLUMN

Simply sitting down at the table isn’t enough anymore

“We, today, stand on the shoulders of our predecessors who have gone before us. We, as their successors, must catch the torch … passed on to us ... We cannot lose in this battle.” — Dr Benjamin E Mays

The cybersecurity industry is evolving, and women are stepping up as the business landscape changes. It’s all very well and good to say this, but, as you know, words don’t bring about change, actions do.

Getting beyond the ‘seat at the table’ and into making impactful change is rather like building a Lego house; sometimes you need instructions or support from another to get those foundations sturdy, so the house does not collapse. Here are four actions to help strengthen the foundations, so we and others may thrive.

Lead by example. Have you ever heard someone share their work experience and their career evolution and thought, “Wow, I’m not the only one!”? What seems mundane to you could be remarkable to someone else. By sharing your story, you show others they are not alone. In my case, after 25+ years in financial services, I took the leap into cyber risk management. It was not an obvious step, but one that led to a wild ride, proving to myself (and others) that making a change can have a positive outcome, if you give it a try. Sharing the story of how you got to where you are today has the power to connect, uplift and maybe even inspire.

Change your hiring practices. In a sea of applications, it’s tempting to rely on checklists, ‘bots’ and tech skills to filter candidates. While I recognise

the importance of time, it might be better to think laterally and prioritise those who demonstrate skills like problem-solving, creativity and relationshipbuilding. Technical skills can be learnt, but these other core traits are far harder to develop.

Your actions speak louder than words. You’re busy. I’m busy. The world is … well, busy, so it’s easy to overlook the value of connection. Taking the time to meet with peers to brainstorm and/or meet those thinking about moving into our industry (proving that, yes, a career left turn is possible) is impactful for both you and your new ‘coffee’ partner. Let’s prioritise these conversations and help guide the next generation, or “solve the problems of the world” with our current peers. Your engagement could be their inspiration.

Your personal growth. When flying you are always instructed to put on your own mask first in the event of an emergency. So, my question to you is: “What have you done to grow your knowledge lately?” And now for a ‘repetition warning’ because, as I have said before: traditional university programs are fantastic but not always appropriate due to time, budget or other constraints. Enter micro courses; your quick, affordable learning solution. Don’t let the barriers of conventional education hold you back: embrace the flexibility of micro courses.

I look forward to hearing how your foundation strengthening goes. This means you are not just taking the proverbial seat at the table; you’re pulling out the neighbouring seat and guiding someone into it.

www.linkedin.com/in/karen-stephens-bcyber

www.bcyber.com.au x.com/bcyber2

karen@bcyber.com.au youtube.bcyber.com.au/2mux

MORE THAN A SEAT AT THE TABLE: MY INSIGHTS ON REDEFINING CYBERSECURITY LEADERSHIP

by Aparna Achanta , Security Architect and Leader, IBM Consulting, USA

When you hear the phrase ‘cybersecurity expert’, your mind might immediately conjure up an image of a technical genius coding in a dark room. As a principal security architect and lead at IBM in the USA and a leading voice in the tech industry, I shatter that image and bring cutting-edge knowledge, empathy, mentorship and advocacy to help create a more inclusive cybersecurity world. My journey is not only about claiming a seat at the table: it’s about redesigning that table.

“I started out in software engineering, building SaaS applications,” But I kept seeing the same thing: security was always an afterthought.”

One project in particular, where a bug led to unauthorised access of sensitive data, became a defining moment. “That’s when I knew I couldn’t just build cool things. I had to protect the people who trusted us with their data.”.

That realisation prompted me to make a career pivot, transitioning from reactive development to proactive security. Since then I have led US Federal Government cloud security efforts, implemented zero trust frameworks and mentored rising stars in tech. But one thing has never changed: my sense of curiosity.

“I used to spend late nights dissecting malicious code, not because I had to, but because I wanted to understand how the attackers thought”. That same curiosity led me to uncover a massive vulnerability in a federal agency’s cloud system early in my cybersecurity career. It is these real-world moments— when systems falter and humans respond—that defined my leadership. I credit my success to three traits: curiosity, perseverance and collaboration.

“During a ransomware outbreak in a large enterprise, we hit a wall. We were exhausted, frustrated, and stuck,” “But we didn’t give up. We found a workaround, saved the data and got operations back online. That moment reinforced the power of perseverance.”

APARNA ACHANTA

I’d like to highlight the threats we should all be watching for - phishing, ransomware, DDoS, zero-day exploits and insider threats. My message is clear: cyber risk is not just a big business problem. “If you’re online, you’re a target. Everyone, from CEOs to freelancers, needs to take cybersecurity seriously.”

So, what should people do when an attack happens? “Call your cybersecurity expert first. They’ll contain the threat and preserve evidence. Then report it to the authorities. Cybersecurity is not a solo sport, take as much help as you can.”

Weak passwords, outdated software, untrained employees and no backups constitute a recipe for disaster for organisations. My five-point action plan for business leaders includes:

1. Implementing zero trust: “Assume no one is trustworthy by default—even internal users.”

2. Strong authentication: “Multi Factor authentication can stop most phishing attacks in their tracks.”

3. Regular patching: “Attackers exploit what we fail to update.”

4. Security training: “Human error is the most common attack vector.”

5. Offline backups: “Don’t let ransomware take you down—be ready to restore.”

But it’s not all firewalls and frameworks. My cybersecurity vision stretches beyond code. As a founding member of the WomenTech Network, an executive board member of Women in Cybersecurity and a mentor with All Tech is Human, TopMate and American Corporate Partners, I am passionate about building a cybersecurity culture that is diverse, ethical and inclusive.

“Cybersecurity isn’t just about tech, it’s about people. We need different perspectives to solve complex problems. Representation prevents groupthink and drives innovation.”

My dream is a global ‘Cyber for All’ movement. “Imagine if every high school taught cybersecurity

basics and if underrepresented communities had pathways into tech. We’d build not just a safer digital world, but a more equitable one.”

As digital transformation accelerates, I saw an opportunity to integrate AI and machine learning into threat detection, building cloud security frameworks for the remote work era and preparing for threats from quantum computing. My advice to tech leaders and governments is to Prioritise collaboration, standardise best practices and educate everyone. My motto is “Cybercriminals collaborate globally—we should too”.

At the heart of my work is a simple truth: cybersecurity is a human issue. From safeguarding sensitive data to mentoring the next generation, my career is a testament to the fact that true leadership is about uplifting others while protecting what matters most.

“It’s more than just a seat at the table. We’re building a bigger table—one that everyone’s invited to.”

#WomenEntrepreneurs #CollaborativeCulture #Thrive #SmashingTheSystem

www.linkedin.com/in/aparna-achanta-41741739

WOMEN IN SECURITY: A CONVERSATION WITH THE PARAGON ALLIANCE CO‑FOUNDERS MEG TAPIA AND ANNIE HAGGAR

By Meg Tapia and Annie Haggar, The Paragon Alliance co ‑ founders

In an industry where women make up only 17 percent of the workforce, carving out a space for female leaders in national security and cybersecurity is not just important; it’s essential. Meg Tapia, managing director of Novexus and winner of the 2024 Women in Security Converged Resilience Champion Award, and Annie Haggar, partner and head of cybersecurity at Norton Rose Fulbright, are two trailblazers doing just that. Having built successful careers in maledominated industries they co-founded The Paragon Alliance in 2023, a powerful network helping women navigate careers in cyber and national security.

Meg and Annie sat down to talk about the value of networking when becoming entrepreneurs. In this candid conversation they open up about the importance of networking, overcoming entrepreneurial fears, and how the next generation of women entrepreneurs can rise together.

From the important role of mentorship to the power of soft skills, Meg and Annie share the insights they’ve gained through their own hard-won experiences,

offering inspiration to any woman looking to thrive in Australia’s diverse security community.

Meg: Let’s talk about the Paragon Alliance. We co-founded this initiative because we believe in the power of networking and making sure women starting in cyber and national security have access to leaders who can offer opportunities. Annie, why is networking so important for women in male-dominated fields?

Annie: Networking is at the core of us as humans. When you put a ‘networking’ title on it, people feel like it’s a job, but, ultimately, everything we do is about relationships. For women, when we make up only 17 percent of the cybersecurity workforce, we have to develop deep relationships so people understand our skills. But so many networking functions are about selling. With the Paragon Alliance we provide a safe space where you can have deeper conversations about career issues or security developments without being aligned to a particular product or company, and without having to give or listen to a sales pitch.

MEG TAPIA

ANNIE HAGGAR

Meg: And with such a low percentage of women working in cyber and national security, it’s important to create a space where they have access to decision makers, who are still largely men. I would add that networking isn’t about “what do I get?” but “what can I offer to help you?” And, one day, that offer of support will be reciprocated. The Paragon Alliance is important because we’re not lifting only one or two women, we want to lift the whole profession and industry: a rising tide that lifts all boats.

Annie: But we also have another core objective; to enable collaboration for female entrepreneurs and security businesses. Sole practitioners and entrepreneurs tend to have small voices. But when we come together, we can solve more problems and have access to bigger business opportunities.

Meg: So it’s about amplifying your reach and power through networks. Let’s talk about being an entrepreneur, which is something I never thought I’d be calling myself. Before you became a partner and head of cybersecurity at Norton Rose Fulbright you owned your own business. What was it like when you first started your own company?

Annie: That period was equal parts exciting and terrifying. I’d always worked in big organisations with safety nets. As soon as you step out on your own, there’s no guarantee you’ll pay the mortgage next month. For somebody who’d always been the breadwinner, that was stressful. I put a baseline of work in place; a contracting engagement that provided minimum monthly income. Then I worked all other hours to grow my business. That meant doing my own graphic design, attending networking events and speaking whenever possible, because I never knew when the next opportunity would come.

I put all that energy out over a two-year period. What I’m finding is it’s still coming back now. People approach me saying, “I saw you speak two years ago and want you to help me now.” For anyone on that entrepreneurship journey, don’t think these networking efforts won’t pay off; they sometimes just take a longer than expected.

Meg: That’s because you’re still you. The Annie who gave that presentation two years ago is still the Annie working at NRF today. Although you have a different role and access to resources, your passion for cyber law remains the same.

Annie: That’s right. And I’m actually still an entrepreneur in my current role, starting a practice group, building my team. It’s intrapreneurship.

Although I loved running a business for 18 months, people ask me why I joined a big firm again. I realised my value and the complexity of my advice— covering multiple countries and highly regulated environments—is what big companies need, and they primarily buy from other big companies. They don’t know how to buy from sole practitioners. So, one of the most important things for an entrepreneur is knowing your market: who your clients are, how they buy and if your business structure suits that client base. In my case, it didn’t, so I needed to bring my expertise to a larger organisation.

What about you, Meg? You started your business about six months after mine. What led you there and what have you learnt?

Meg: Well, Annie, you inspired me to start my own company. That says something about the importance of role models and women who champion small business. It’s difficult to be what you can’t see. And because I’d seen you do it, I knew it was possible. I’d worked for 20 years in government and two years at Accenture, where we first met, and where I found myself at a crossroads. Seeing you start and build your business gave me the seeding of an idea that maybe I could do it myself.

I determined I had a maximum of six months without revenue, and I’d need to hustle to make this venture viable. Those first months were harrowing. You don’t know if you’ll land a contract. You’re doing everything yourself: accounting, legal, graphic design, IT. On top of that, like you, I had family responsibilities.

For me, networking was vital. The first thing I did was print business cards. If I hadn’t handed them around telling people, “Hey, I’ve started a business, I’m available, I can help,” I might never have landed that first contract. I have now had two successful years running my own company, and I love it! I love the flexibility, choosing meaningful engagements and partnering with people whose values align with mine.

Annie, tell me about what skills you needed when you first started your company. I needed to learn public speaking, because I’ve always been behind the scene. It was nerve racking, but it’s a skill I’ve learnt and continue to improve. Now, I’m asked to brief boards on issues like disinformation and to moderate panels. I wouldn’t be here today had it not been for watching people I admire and thinking, “I need to master this for my business to work.”

Annie: My advice for women wanting to be entrepreneurs or advance their careers is: analyse what skills you need to get you from where you are to where you want to be. When I started my business, I knew I wasn’t good with numbers and governance responsibilities. So I completed a directors’ course, which not only expanded my network, but also gave me solid directorship skills. I learnt how to read financial statements and analyse accounting information. But I still hired a good accountant

because I knew I’d never become a finance expert. You need to analyse what skills to develop yourself, what to outsource, and how to prioritise your time.

I remember spending nights with my children, in their dark room, with my backlit laptop doing accounting, graphic design, writing articles. I worked constantly, which isn’t sustainable. It’s necessary initially but you must ensure you have a strategic plan to develop or outsource the skills you need to succeed in your business.

Meg: It’s so important to understand what skills you have and what skills you need to develop. So many women undersell themselves because they don’t recognise the value in the skills they already have. After 20 years in government I initially struggled to define what I could offer a profit-driven company. So I did a skills audit, matching my experiences—crosscultural engagement, C-suite relationship building, foreign languages—to industry roles. I realised my ‘soft skills’ were actually what are needed. What’s easier to learn is what we often call ‘hard skills’— reading balance sheets, finances, strategy. I did an MBA to get the hard skills and realised that I, like many women, already naturally had the soft skills like relationship building, active listening and adaptability.

Annie: I’ve always admired your ability to engage people, make them comfortable and help solve their problems. That skill can be taught and learnt, like networking. What tips do you have for women to improve their networking abilities?

Meg: People often think networking requires being an extrovert or naturally confident; that’s not true. What you need is a tiny bit of courage to walk into that space, or to email someone you admire. Don’t worry about confidence; focus on courage. Then, remember: it’s not about you. It’s more important to focus on the other person, and ask questions. The easiest ice breaker is: “Hi, I’m Meg. What brings you to this event?” Be naturally curious about the other person. It’s perfectly OK to say, “I’m new here and feel nervous. Would you introduce me to someone?” Nine times out of ten, people will say yes, because people naturally want to help and build connections.

Annie: People assume I’m an extrovert, but I’m actually an introvert. I’ve had to learn networking skills over my career. I still take a deep breath before RSVPing to networking events. I prepare questions that mix the professional and personal: “What brings you here? What do you do? Any weekend plans?” But I also recognise that, as an introvert, I need to take time to recharge afterwards, because networking drains me. You’ll find me flat at the end of a conference. So I think it’s important to accept the invitation but also give yourself time to recover. Set those boundaries so networking doesn’t become exhausting.

Meg: Yes, and it’s important to also remember that, while networking outside your organisation is important, networking within your organisation is equally crucial. It’s how you identify opportunities, build your profile and get promotions. Speaking of skills, tell me Annie, how do you feel when people say: “I work in cyber but I’m not technical”?

Annie: I’m guilty of saying that, and I’ve been told to stop, because it discounts my expertise and incorrectly defines ‘technical’. When people—usually women—say this, they mean “I don’t code or hack,” as if that makes them less valuable, which isn’t true. The current debate about professionalising cybersecurity carries the risk of excluding people with soft skills who lack certifications despite having hands-on experience. My favourite example is a successful Australian Cyber Security Centre team member with a background in hairdressing. She’s phenomenal at making people comfortable and getting them to share things they’ve never told anyone. You don’t get those skills from an IT degree. So maybe we need to say, “I don’t code,” but we need to stop saying “I’m not technical.” If you understand the cybersecurity language, complex issues and problem-solving without using ones and zeros, that’s a technical achievement itself.

Meg: I fully agree! We often conflate cyber with coding. But cyber is actually about people. Sure, threat hunting involves code, but that code didn’t appear by itself; there are people behind it. Cyber isn’t just about the technology; it’s very much about human factors.

Annie: Exactly. Attack methodologies have shifted from exploiting technical vulnerabilities to using stolen credentials acquired through social engineering. Why? Because it’s easier and doesn’t trigger monitoring tools when you’re using legitimate credentials. That means people skilled in social elements who can train others to detect phishing are increasingly important, because that’s where attacks are succeeding. That’s where our community needs to pivot.

Meg: One last question. Annie, what advice would you give someone starting in cybersecurity?

Annie: Find someone you admire doing something you want to do and make it your goal to do something similar within a timeframe. At my first cyber conference, I decided I would present there on a legal topic within five years. It took a couple of years, and I was terrified. In the end, I asked a male colleague to co-present with me. But it turned out I knew more about the topic than everyone else in the room. Now I present at every cyber conference.

Meg: My advice is to have a ‘yes’ mindset. Say yes to every opportunity, no matter how daunting. If it comes your way, it’s because someone believes you can, so believe in yourself too.

Annie: I agree. But also know when to start saying no, because you do need self-care. Just don’t say no because you’re scared. Fear is not a good enough reason to hold yourself back.

www.linkedin.com/in/megtapia

novexus.com.au

www.linkedin.com/in/annie-haggar

www.nortonrosefulbright.com/en-za/people/165386

AMINA AGGARWAL

Founder | Enterprise Security Architect

Leading a collaborative culture as a security architect

In today’s multifaceted work environments collaboration is the cornerstone of successful project execution. This is especially true in the realm of security architecture, where the integration of diverse teams and stakeholders is crucial for achieving robust and secure solutions.

THE ROLE OF COLLABORATION

Imagine a bustling office where teams from IT, operations and user departments are working together on a critical project. The air is filled with the hum of discussions and the tapping of keyboards. In this environment, collaboration is essential for getting work done. It’s not just the responsibility of the tech teams to implement solutions; users play a pivotal role in defining success criteria. A collaborative culture streamlines the program of work and encourages stakeholders to discuss risks and issues openly from the outset of a project. This open dialogue is vital for the success of any project or program.

CHALLENGES IN A CROSS-FUNCTIONAL ENVIRONMENT

However, fostering such a collaborative culture is not without its challenges. One of the primary hurdles is architectural fragmentation. With the rapid expansion of the attack surface, enterprises often implement point security products to cover gaps, leading to fragmented security architectures. This fragmentation can reduce visibility and create silos, making it difficult to manage security effectively.

Another significant challenge is the lack of integration. Integrating various security tools and systems can be daunting. Ensuring all components work seamlessly together requires significant effort and coordination. Additionally, communication

barriers often arise. Different departments may have varying levels of understanding and priorities regarding security. Bridging these gaps and ensuring clear, consistent communication is crucial, but often challenging.

Resource constraints also pose a problem. Limited resources, both in terms of budget and personnel, can hinder the implementation of comprehensive security measures. Security architects must often do more with less. Finally, the evolving threat landscape adds another layer of complexity. The constantly changing nature of cyber threats requires continuous learning and adaptation. Staying ahead of new threats while managing existing ones is a significant challenge.

SETTING THE SCENE FOR SUCCESS

Despite these challenges a collaborative culture can set the scene for the success of projects and programs. As a security architect my role involves not only implementing security controls but also fostering a culture where security is seen as a business enabler. By highlighting the importance of security to the business and stakeholders I ensure everyone understands the value it brings.

For example, during the initial phases of a project, I make a point of presenting to the executive team and other stakeholders on how security measures can protect the business and enable growth. By aligning security goals with business objectives we can gain the necessary support and resources to implement effective security solutions.

ENGAGING THE TEAM

It’s crucial that my team comprehends not only the ‘what’ but also the ‘why’ behind security controls. This understanding helps convey the message

across the board, ensuring solutions are secure by design. Regular reviews of configurations against approved baselines such as the ASD Blueprint and CIS Benchmarks are essential practices.

For instance, in a project to implement a new data loss prevention system, we conducted a series of interactive training sessions. In these sessions team members from different departments were encouraged to share their specific security concerns and requirements. This collaborative approach not only helped to identify potential risks early, it also fostered a sense of ownership among all participants. Additionally, we created a shared knowledge base where team members could document and access information about security protocols and best practices, ensuring continuous learning and improvement.

THE BASICS MATTER

Getting the basics right is fundamental. The team knowing why certain actions are necessary, rather than undertaking them simply because they are part of the project, fosters a more engaged and motivated workforce. This clarity is achieved through regular workshops, catch-ups and early identification of key risks.

In one instance we organised a ‘security team meeting’ where we invited cybersecurity teams to participate in hands-on activities related to security controls. This event included recommending security controls based on the threat scenarios for a broad set of solutions implemented within the given enterprise. By engaging in these activities participants gained a deeper understanding of the importance of security measures and how they contribute to the overall safety of the organisation. The meeting not only enhanced their technical skills but also built a stronger, more cohesive team committed to maintaining a secure environment.

COLUMN

CONCLUSION

In conclusion, a collaborative culture is indispensable for the success of projects. By fostering open communication, emphasising the importance of security and ensuring everyone understands the rationale behind security measures, we can implement solutions that are both secure and efficient. As a security architect my goal is to smash through silos and help the team thrive in a secure and collaborative environment.

www.linkedin.com/in/aminaagg

Source2Create Spotlight

Content

Content allows you to establish, share, and strengthen your brand. It helps build relationships which is why we are shining the light on our content service.

Content strategies don’t just define the goals your content is intended to achieve, but also the procedure, processes and governance required to get there. We can show you how to manage your content effectively .

We can then use that content to attract, acquire and engage your customer and new prospects, deepening your relationships

What are you waiting for? REACH

CAREER PERSPECTIVES

WHY TRUE INCLUSION MEANS WOMEN LEADING THE CHARGE IN CYBERSECURITY

by Blessing Ezeobioha ,

Digital forensics and Threat intelligence at TEknowledge

For decades industries have talked about inclusion in terms of giving women a ‘seat at the table’. But let’s be honest, a seat is not sufficient As women in cybersecurity we’ve long recognised that a passive place at the table does not equate to meaningful participation, authority or empowerment. To truly evolve our industry needs not only women’s presence, but women’s leadership, innovation and authentic influence.

RETHINKING REPRESENTATION

Representation is necessary, but it’s only the first step. It’s encouraging that organisations across technology and cybersecurity have taken steps to diversify their teams. However, true representation requires much more. It must evolve from simply adding women to teams to creating spaces where women’s voices genuinely matter; where our contributions lead decisions, shape policies and shift organisational cultures.

As a woman and a security professional I’ve often encountered well-intentioned efforts that

resulted in only token participation: being invited to speak, yet subtly discouraged from challenging established practices; included in discussions, yet left feeling unheard or undervalued. This is why #SmashingTheSystem is more relevant now than ever. The goal is not to fit women into the existing mould, but rather to redefine and rebuild that mould.

WOMEN ENTREPRENEURS—CATALYSTS OF INNOVATION

Women entering cybersecurity are not passive participants; we’re entrepreneurs of innovation. We bring fresh perspectives, collaborative strategies and powerful problem-solving capabilities essential to modern cybersecurity teams. Our industry is facing increasingly sophisticated threats, complex compliance issues and evolving challenges that cannot be solved through traditional thinking alone.

Women naturally drive a #CollaborativeCulture; one that prioritises diverse viewpoints, empathy-driven leadership and innovation. This entrepreneurial spirit does not only strengthens teams; it transforms entire

security operations, enabling companies to face tomorrow’s threats today.

CREATING A THRIVING RATHER THAN A SURVIVING CULTURE

To move from merely surviving to thriving in cybersecurity, organisations must critically assess their internal cultures. Too many talented women remain invisible or underutilised, held back by outdated cultures that reward the loudest over the most insightful voices. To truly leverage the strengths of women in cybersecurity companies must actively foster environments where collaboration, innovation and inclusion are not only encouraged but are foundational.

HOW WE TRULY THRIVE

Thriving as women in cybersecurity demands a systemic shift.

1. Active sponsorship over passive mentorship

Mentorship provides guidance, but sponsorship propels action. Organisations need leaders— especially male allies—actively investing in women’s career advancement and

recommending them for leadership roles, key projects and strategic assignments.

2. Recognise non-linear career journeys

Women often face career paths shaped by multiple roles: professional, parent, caregiver. The cybersecurity industry must recognise that non-linear career paths are not weaknesses but incredible sources of resilience, empathy and adaptability—qualities critical in modern security.

3. Meaningful leadership representation

In cybersecurity, decision-making tables remain disproportionately male. True transformation requires more women leaders, not only at the entry or mid-level but across executive teams, SOC management and strategic advisory boards. It’s crucial for organisations to understand that when women lead, companies become more innovative, effective and resilient

CHALLENGES WOMEN FACE AND OVERCOME

Every woman in cybersecurity has faced her own set of unique challenges, from implicit biases and stereotypes to outright barriers in career progression. Yet, as women entrepreneurs and innovators in this space, we’ve consistently demonstrated resilience.

Our collective stories of thriving through adversity highlight why cybersecurity needs to fully harness women’s capabilities.

COLLABORATION: THE ULTIMATE CYBERSECURITY ASSET

Cybersecurity’s success is inherently collaborative. Women leaders are often uniquely positioned to cultivate team environments that dismantle the outdated lone-wolf mentality and lead to stronger, more innovative security teams.

REAL-WORLD EXAMPLES OF SMASHING THE SYSTEM

In real-world practice those companies genuinely embracing inclusion benefit tremendously. They consistently demonstrate better retention of female employees, faster and more creative solutions to complex cybersecurity challenges, enhanced organisational culture and increased trust among stakeholders.

THE ROAD AHEAD

As we look forward, the goal is not to grant permission for women to participate; it’s to entirely remove barriers to leadership. The cybersecurity industry is uniquely positioned to lead in gender equality and diversity, leveraging the depth, insight and innovative capacities of women.

A CALL TO ACTION: LET’S THRIVE TOGETHER

To all women in security and those aspiring to join us: your voice matters, your journey counts and your leadership is essential. Continue to demand more than mere representation. Insist on true empowerment.

Let’s commit to #Thrive as women entrepreneurs, create a genuine #CollaborativeCulture, and embrace the challenge of #SmashingTheSystem that was never designed for us, but can now be redesigned by us.

Together, we are more than seats at any table: we are creators of lasting change.

ABOUT THE AUTHOR

Blessing Ezeobioha is a cybersecurity analyst, leader, advocate for women’s empowerment in cybersecurity and a passionate champion for inclusive cultures in tech. With extensive experience in security operations, threat intelligence and digital transformation, she actively mentors and empowers women to not merely survive, but to thrive and lead within the cybersecurity field.

www.linkedin.com/in/blessing-ezeobioha-

ADVERTISING PACKAGE EXCLUSIVE

For the past four years , Source2Create has proudly delivered Women in Security Magazine to the industry free of charge , championing diversity, inclusion, and the incredible contributions of women in cybersecurity. As we continue to grow, we now need partners to help us sustain and expand this vital platform.

By supporting this package, you’re not just backing us—you’re investing in the magazine, its community, and the future of women in security. To ensure we can keep delivering this high-value publication, we’re introducing a nominal fee for $900 Ex GST, an exceptional package that provides extensive coverage and visibility.

STRATEGIES NEEDED TO BREAK BARRIERS AND SUPPORT WOMEN IN CYBERSECURITY

by Rosalyn Page , Cybersecurity & Digital Lifestyle Journalist

Women remain underrepresented in cybersecurity, comprising just 22 percent of security teams on average, according to the 2024 ISC2 Cybersecurity Workforce Study. Despite progress, systemic barriers continue to hinder gender parity in the industry. Women need support across a range of measures: mentorship, sponsorship and a commitment to fostering inclusive workplaces. For organisations looking to attract and retain women in cybersecurity, diversity initiatives must go beyond surfacelevel commitments.

Nataly Kremer, chief product officer and head of R&D at Check Point Software Technologies, stresses the importance of practical workplace initiatives, saying: “There needs to be systemic change. Organisations can’t just rely on individual effort to make cyber more inclusive. Organisations need to implement equitable hiring and promotion practices, offer flexible work arrangements and create sponsorship programs that ensure women advance into leadership roles.”

The ISC2 study found that flexible work policies significantly impact job satisfaction. Women working remotely report the highest job satisfaction levels (73 percent), underscoring the need for companies to maintain hybrid options. Kremer says. This is crucially important because diverse teams lead to better innovation and improved problem-solving.

When companies reduce flexibility they risk losing experienced professionals who rely on flexible work to balance career and caregiving responsibilities, which can lead to a lack of women’s participation and diversity. However, recent rollbacks of remote and hybrid work are likely to disproportionately affect women, raising concerns about retention and declining job satisfaction.

THE POWER OF MENTORSHIP

Mentorship is a cornerstone of professional growth, particularly for women navigating the cybersecurity field where they can face barriers like unconscious bias, limited access to networks and fewer leadership

opportunities. Kremer says support through advocacy, allyship and mentorship helps break these barriers and foster a more inclusive industry.

While 83 percent of professionals recognise the value of mentors, only 22 percent have one, according to ISACA’s 2024 Cybersecurity Workforce Study. Julia Kanouse, ISACA’s chief membership officer, says mentorship helps expand networks, gain new knowledge and insights, and build new skills.  “For women, in particular, it can also help overcome a lack of confidence.”

The survey also found women more likely to have a mentor, want a mentor and recognise the importance of mentors, but men are more likely to be mentors. Kanouse says there is an opportunity for women to take on more of these mentor roles.

Jasmin Ilic, co-founder and CEO of AWS security training provider, Cybr, says the value of mentoring is opening doors and then making sure they stay

open, allowing mentees to find new opportunities and advance in their careers. “It’s not just giving advice; it’s advocating for someone when they’re not in the room.”

According to Ilic, to achieve pay equity, clear career progression paths, flexible work policies, mentorship and sponsorship programs need real investment and accountability. “The right mentor can change the trajectory of a career, but we also need sponsors who actively push women forward, not just cheer from the sidelines,” she says.

PAYING IT FORWARD: WOMEN AS ROLE MODELS

Seeing women in cybersecurity positions helps other women to envision their own paths in cybersecurity. Yet, with women underrepresented across the field, this can be a challenge. Many security teams have no women at all, and only a tiny percentage claim to have gender parity, according to the ISC2 workforce report. Increasing women’s participation helps women to be role models to other women.

In male-dominated industries women can struggle with imposter syndrome and self-doubt, making it even more important to have leaders who actively encourage and advocate for them, says Melanie Ware, director, ACT, of Trustwave.

Early in her career, Ware benefited from the support of a male manager who encouraged her to seek new opportunities. “It gave me the confidence to push forward, and while imposter syndrome doesn’t disappear overnight, developing self-belief through practice makes a real difference,” she says.

As a strong believer in the philosophy of pay-itforward, Ware now encourages other women to chase opportunities and not let self-doubt hold them back. “Confidence grows with experience, and the more you push yourself, the more you realise what you are capable of.”

MOVING AHEAD: CLAIMING A SEAT IN THE BOARDROOM

Representation matters. It shows other women that leadership roles are achievable, even if they are facing challenges on their own journeys. While structured initiatives can help drive change, lasting progress comes from leaders and colleagues who actively support a culture of respect and opportunity, says Ware. “Seeing women in leadership positions helps set the expectation that senior roles are open to everyone, not just a select few.”

The cybersecurity industry has made strides in gender diversity, yet there is still a way to go to lift women’s participation in senior leadership. Some 55 percent of women respondents are in managerial or higher positions in their organisations, but only seven percent occupy c-suite roles such as CTO, CISO and CIO, according to the ISC2 workforce study.

According to Kremer confidence, visibility and persistence are key to breaking barriers in cybersecurity. She says this starts with encouraging young women and girls to consider cybersecurity as a career, but real change needs a range of longterm initiatives. “I’ve seen firsthand how sponsorship, networking and company culture can make a huge difference in helping women stay and grow in the field.”

Similarly, according to Ilic, visibility is an important part of raising women’s participation across the industry, including in senior roles. “When women see someone who looks like them in leadership, it shifts their belief in what’s possible. I wish I had more role models early in my career, so I make a conscious effort to be one now.”

According to Kanouse, who has spent more than 10 years working on these challenges, support is key. That includes support at home, support from other women, from a boss, from a mentor and from male allies.  “Not everyone’s career path is going to look or feel the same, ensuring women can pursue the path that’s best for them is critical, and that can only happen if they have built the right kind of scaffolding around them.”

www.linkedin.com/in/rosalyn-page

rosalynpage.com

MADHURI NANDI

More than a seat at the table: redefining influence in cybersecurity

INTRODUCTION

For years the conversation around women in cybersecurity has focused on getting them seats at the table. But what happens once we get those seats? Are we expected to quietly fit in, or can we reshape the conversation, redefine leadership and challenge long-standing biases? My journey has never been only about earning a spot, it’s been about making sure my presence matters.

Early in my career I was told outright that security engineering was not for women. Instead of stepping aside, I pushed forward. I did not just learn security products, I mastered them across different domains. Later, when working in security data analytics, I faced another assumption: that women could analyse data but not handle technical aspects like data ingestion

or dataset creation. Again, I refused to be boxed in. I took full ownership, ensuring leaders were given meaningful security insights, not just numbers. Every challenge became a chance to prove that assumptions do not define ability.

FROM INVITATION TO INFLUENCE

Many of us have been the only woman in a room full of decision-makers. Invited, but not truly included. It’s one thing to be in the room, it’s another to have a voice that drives change.

I remember when I proposed a shift in risk reporting; moving from vague qualitative assessments to quantifying cybersecurity risks in financial terms. The idea was met with hesitation, even dismissal. But I kept pushing, showing how this approach

could bridge security and business strategy. When it was finally implemented, it changed how security investments were prioritised. Influence isn’t handed to us. It’s built through persistence and action.

OWNING LEADERSHIP WITH AUTHENTICITY

Leadership isn’t about fitting into expectations. It’s about reshaping them. The strongest leaders are not always the loudest but those who bring authenticity, emotional intelligence and vision.

Confidence isn’t given, it’s built. I’ve had moments of doubt, but I reminded myself that I had earned my place. True leadership isn’t just about technical expertise. It’s about having the courage to stand by your ideas, take risks and lift others along the way.

CREATING MORE SEATS AT THE TABLE

Success isn’t just about personal achievements, it’s about opening doors for others. Real progress in cybersecurity means not just taking a seat but making room for those who follow.

COLUMN

Mentorship has been one of the most fulfilling parts of my journey. I’ve guided many professionals, especially women, who have transitioned into cybersecurity from different backgrounds. Some came from IT, others from completely unrelated fields, unsure if they belonged. My goal was not simply to teach technical skills but to help them recognise their own potential. Seeing them grow reminded me that representation isn’t just about visibility, it’s about empowerment.

BEYOND THE SEAT: BUILDING A LEGACY

Impact is not only about securing a place at the table, it’s about leaving behind something greater for those who follow.

For me, legacy means proving that women belong in every aspect of cybersecurity, not only where tradition expects them. It’s about making sure the next generation sees role models who did not simply take up space, but reshaped it. Influence is about action, not just presence. That is how real change happens.

www.linkedin.com/in/madhurinandi

STUDENT IN SECURITY SPOTLIGHT

Forensic Computing at the University of Portsmouth.

Forensic

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?

“I like to think of cyber forensics as being a digital detective — it’s all about piecing together puzzles and uncovering the truth, all while helping protect people before threats even reach them.”

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

When I first got into cyber forensics, I expected it to be super technical with tons of coding — but I quickly realised there’s so much more to it. It actually brings in elements like psychology and law, which really surprised me. That mix has challenged me in the best way and opened up so many different areas for me to explore.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

I’m really drawn to OSINT roles or anything on the legal side of cybersecurity — that’s always been an area of interest for me. OSINT, or open source intelligence, is kind of like being a digital detective

or a tech-world private investigator. The challenge is that you’re only allowed to use information that’s publicly available online, so you have to get creative while still playing by the rules. That’s what makes it so fascinating and rewarding.

When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

My dad works in cybersecurity, so he was the one who first nudged me in that direction. I started out in general cybersecurity, but eventually found myself drawn to digital forensics. It’s not a path a lot of people choose, so when I made the switch, a lot of people were actually pretty impressed. It’s been exciting to dive into a field that’s still growing and not as widely explored.

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

I’ve mostly been inspired by people who share a passion for cyber forensics — seeing their journeys and achievements over the years really kept me motivated. But the real turning point for me was during my final-year project, where I explored the psychological profiling of cybercriminals. That’s when it all clicked — I saw how powerful it can be to bring together forensics, psychology, and cybercrime analysis. It made me even more excited about where this field can take me.

Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. My most memorable moment has to be my very first Capture the Flag (CTF) competition. I was in my second year and honestly, I was pretty nervous — I didn’t feel like I had all the skills yet, and the pressure of a time limit was totally new to me. But even with all that, my team placed 30th out of 71, and that small win gave me such a boost. It really motivated

Dhivyah Nair is currently pursuing a degree in Cybersecurity and

Cybersecurity and

Computing student at the University of Portsmouth

DHIVYAH NAIR

me to keep pushing myself and made me even more excited about the path I’m on with my degree.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

I did a cybersecurity internship back home in Malaysia, and it was such an eye-opening experience. It really shifted my perspective on what work life is like compared to being a student — it’s a whole different world! During the internship, I got hands-on with log analysis and even had the chance to work on a project with a local bank, which was such a great learning opportunity. I also took a short course on APIs while I was there, which added an extra layer to everything I was learning.

The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue, any of these certifications? If so, which ones and what factors influenced your choice?

I’m planning to go for the CompTIA Security+ and hopefully the CHFI (Computer Hacking Forensic Investigator) from EC-Council. I chose these because they really align with my passion for forensics and investigations, plus they’re globally recognized — which is perfect since I’m aiming for an international career. I’m also looking into doing some OSINT certifications to build on that investigative side even more.

Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?

For the most part, yes — my course at the University of Portsmouth does a great job of staying current with the latest tools and practices, and I really appreciate how they use real-world case studies based on recent events. That said, I think it could be even better with more hands-on exposure to industry tools, maybe through guest speakers from the field or stronger partnerships with companies. It’d be great

to get that extra bit of real-world context alongside what we’re learning.

What aspect of your cybersecurity studies excites you the most, and why?

Digital forensics, hands down. There’s just something so fascinating about following digital breadcrumbs to piece together what happened, when it happened, and who was behind it. It honestly feels like solving a high-stakes mystery every time — and that thrill never gets old.

Conversely, which aspect of your studies do you find least interesting or useful, and how do you navigate through it?

Some of the more theoretical modules can be a bit challenging, especially when they don’t feel like they have an immediate real-world application. I try to stay engaged by connecting them to practical outcomes or imagining how they could come into play during investigations or intelligence work. It helps me see the bigger picture and stay motivated.

Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges? Sometimes, low-level programming or protocol analysis can feel pretty dense and tricky. When that happens, I just take it one step at a time. I try to find real-world analogies to make sense of it, and I don’t hesitate to turn to forums or discuss things with classmates. Breaking it down into smaller, more manageable parts really helps me get through the tough spots.

Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?

I’d really love to see more focus on cybercrime psychology, threat actor profiling, and legal frameworks — especially for those of us looking to work at the intersection of law and tech. It’d be amazing to dive deeper into those areas as they’re

so crucial for understanding the bigger picture in cybersecurity.

Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?

Absolutely. Communication is key, especially when you need to explain technical findings to people who aren’t as tech-savvy. In investigations, being able to present evidence clearly and effectively can really make or break a case.

Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?

I have started reaching out to professionals on LinkedIn and joined a few online cybersecurity groups and forums. These spaces have been great for learning about emerging trends, discovering job opportunities, and just feeling more connected to the global cybersecurity community.

What is your preferred source for staying informed about cybersecurity trends and general information?

I usually keep myself updated through LinkedIn. It’s a great way to stay on top of the latest trends and news in the industry.

Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences.

Thankfully, I haven’t experienced direct discrimination since I haven’t entered the workforce yet, but there have definitely been moments where I’ve felt underrepresented — especially in lab settings or during discussions that tend to be male-dominated. That’s one of the reasons I’m so passionate about being visible in this field — to show that women absolutely belong here, just like anyone else.

What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?

I make sure to use strong, unique passwords and rely on a password manager to keep things organized. I’ve got 2FA set up everywhere, stay on the lookout for phishing attempts, and regularly audit my devices. I also use VPNs and antivirus tools to stay secure. For me, practicing what we preach when it comes to security is a must.

Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider?

If I could go back, I’d definitely try to get more hands-on experience earlier — like jumping into Capture The Flag (CTF) challenges or connecting with cybersecurity communities outside of class. I’ve focused a lot on academics, which I don’t regret, but I’ve come to realise just how valuable early exposure to real-world problem-solving and networking is. Moving forward, I’m making it a priority to strike a balance: building my technical skills while staying active in the field.

Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?

Yes, I’ve started looking into opportunities, particularly with private firms where my international background can be an advantage. It’s definitely competitive, but I’ve found that highlighting my hands-on experience and being clear about my niche interests — like forensics — really helps me stand out.

www.linkedin.com/in/dhivyahnair

Niharika Kadari is currently pursuing a Master of Laws with a specialisation in Technology & Innovation at Monash University in Victoria.

Master of Laws student at Monash University in Victoria

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest? If I had to explain the excitement and potential of a career in cybersecurity to someone unfamiliar with the field, I’d probably start with a relatable scenario. Imagine getting a text that looks like it’s from your bank—it says there’s been suspicious activity on your account and asks you to click a link to fix it. You’re worried, so you do. You enter your details... and within minutes, your account is emptied. That’s phishing—one of the most common and deceptive cyber threats out there.

Cybersecurity is all about stopping things like that from happening—before they even begin. It’s a field where you’re not just working with tech, you’re actively protecting people from scams, fraud, data theft, and serious breaches that can impact lives and entire organisations.

What really drew me in was the intersection between technology and law. Coming from a legal background, I’ve always been intrigued by how regulations shape the way we protect information. Whether it’s the GDPR in Europe, India’s Information Technology Act, or Australia’s Privacy Act—these legal frameworks hold companies accountable for how they handle

our personal data. That accountability makes cybersecurity not only important, but powerful.

So why pursue a career in it? Because it’s not just about coding—it’s about critical thinking, solving complex problems, and making a real difference. Every day brings a new challenge, and every solution helps build a safer, smarter digital world. To me, that’s incredibly rewarding.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

After I graduate, my goal is to work as an inhouse legal counsel for a cybersecurity-focused organisation—somewhere that’s truly committed to digital safety and tackling cyber-related challenges head-on. While my role would be grounded in law, my background in cybersecurity gives me a unique ability to connect the dots between legal frameworks and technical realities.

During my legal journey so far, I’ve had the chance to work on cases involving digital rights, data privacy laws, and emerging tech. I’ve helped assess compliance frameworks and

NIHARIKA KADARI

I’m particularly interested in helping organisations navigate the complex landscape of data protection regulations like the GDPR, Australia’s APPs, and HIPAA. With my knowledge of both legal requirements and cybersecurity best practices, I hope to support businesses in proactively managing risk, staying compliant, and building strong, futureproof security policies. It’s about more than just ticking legal boxes—it’s about being part of a smarter, safer digital future.

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

My biggest inspiration in pursuing a path in cybersecurity has been my eldest brother, who works as a Senior Application Security Engineer for a leading company in the United States. His passion for technology and deep expertise in application security opened my eyes to just how vital cybersecurity is in protecting digital spaces and keeping users safe.

We’ve had countless conversations—sometimes over late-night calls—about emerging technologies, the rise of cyber threats, and how security works behind the scenes in real-world applications. What really sparked my curiosity was how often he brought up the legal side of things—compliance requirements, secure coding practices, and the fine balance between innovation and regulation.

Hearing about his day-to-day challenges and how every line of code matters in keeping systems secure made me realise that I wanted to contribute too, but from a different angle. His encouragement and insights inspired me to dive into the legal side of tech, which ultimately led me to study Technology and Innovation Law.

Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression.

One of the most eye-opening moments in my cybersecurity journey was when the Supreme Court of India’s YouTube account was hacked, and the attacker live-streamed Bitcoin predictions. It was a striking reminder that no organization—not even one dedicated to law and justice—is immune to cyber threats.

What stood out to me most was how swiftly the government responded, restoring services and mitigating the breach. It was reassuring to see the efficiency of security measures in action, but at the same time, it reinforced a critical reality: as technology advances, so do cyber threats. The incident wasn’t just about one hacked account; it highlighted a much bigger issue—how even the most secure institutions must constantly adapt to an evolving digital landscape. With AI and emerging technologies accelerating at an unprecedented pace, cybercrime is evolving just as quickly. This realization strengthened my commitment to understanding and addressing these challenges, ensuring that security keeps up with innovation.

I had the incredible opportunity to complete an Advanced Diploma in Cybersecurity and Data Protection Laws at NALSAR University of Hyderabad, one of India’s top-ranked institutions. What made this experience so valuable wasn’t just the academic prestige—it was the perfect blend of theory and hands-on practice.

From retrieving original files with forensic tools like Autopsy to diving deep into open-source intelligence (OSINT) techniques, the course pushed me beyond textbook learning and into real-world applications. These hands-on experiences sharpened my skills and gave me an edge in understanding how cybersecurity laws and technical defenses intersect.

NIHARIKA KADARI

Looking ahead, I’m eager to expand my expertise through certifications like CIPP/E (Certified Information Privacy Professional – Europe), CIPP/US, and CISSP (Certified Information Systems Security Professional). Each of these aligns with my passion for cybersecurity, particularly in privacy, defense strategies, and ethical hacking. As cyber threats continue to evolve, I want to be at the forefront, ensuring security isn’t just reactive but proactive and resilient.

What aspect of your cybersecurity studies excites you the most, and why?

As a Master’s student in Law specializing in Technology and Innovation, what truly excites me about cybersecurity is the way law and technology intersect to shape the future. My background in cyber law, combined with my diploma studies, has given me a unique lens through which to view the rapidly evolving digital landscape.

I’m particularly drawn to the growing demand for legal frameworks that govern emerging technologies like AI, data protection, and cybersecurity. These advancements bring incredible opportunities, but they also raise critical ethical and security concerns. The idea that legal policies can both protect privacy and security while fostering technological innovation is what fuels my passion.

What excites me most is the chance to contribute to this evolving field—to help develop legal norms that don’t just respond to cyber threats but also anticipate and prevent them. Knowing that my work could help create a safer, more ethical digital world makes this journey incredibly meaningful.

Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?

While my cybersecurity coursework has been thorough, I believe there’s room for more focus on the legal and regulatory side of the field, especially as global data protection rules become more prominent. Understanding how these laws apply across different jurisdictions is becoming increasingly important as the digital world grows more interconnected.

I think there’s also an opportunity to dive deeper into topics like international cyber law and the critical role of governance, risk management, and compliance within cybersecurity. These areas are vital for anyone looking to understand the full picture of cybersecurity, not just the technical aspects.

That said, while technical skills are undoubtedly important, some foundational areas of cybersecurity—like basic system administration— might not get as much attention at the advanced level. This can be assumed knowledge for students with a solid tech background, but for others, these fundamentals could help provide a stronger base as they tackle more complex concepts.

Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?

Absolutely, I believe there’s a real need for more focus on non-cyber skills, particularly interpersonal communication and leadership. As the field of

cybersecurity continues to evolve, professionals are increasingly working with a diverse range of stakeholders—from legal teams and regulatory bodies to technical experts and business leaders.

Having strong communication skills is crucial for translating complex cybersecurity issues into language that non-technical people can understand. This helps ensure that key decision-makers are wellinformed and able to make smart, effective choices for the organization. It’s not just about technical expertise anymore; it’s about being able to lead, collaborate, and explain critical issues in a way that everyone can grasp.

What is your preferred source for staying informed about cybersecurity trends and general information?

To stay updated on the latest developments in cybersecurity, I mix a few different sources that help me get a well-rounded view. I’m particularly drawn to legal case studies, academic journals, and reputable online resources. I keep a close eye on Supreme Court cases related to cybersecurity fraud because they offer valuable insights into how laws are evolving to tackle digital threats.

In addition, I rely on trusted platforms like LexisNexis, Westlaw, and JSTOR for scholarly articles that dive deep into current cybersecurity issues and legal frameworks. These resources help me understand the complexities of the field. I also make sure to stay informed with real-time updates through blogs, news websites, and apps that track the latest advancements in cybersecurity, so I never miss anything crucial.

www.linkedin.com/in/niharika-kadari-28a84a1a0

Ingvild Nilsen, Aspiring SOC Analyst, BSc in Applied Cyber Security

Ingvild Nilsen is currently pursuing a degree in Applied Cyber Security at the University of South Wales (USW).

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

I’m aiming for a role in a Secure Operations Centre (SOC) because I really enjoy diving into security challenges and problem-solving. I have a particular interest in Azure and hope to specialize in Azure Cloud Security. I believe working through the SOC levels—1, 2, and 3—would be an amazing opportunity to build hands-on experience, not only in security operations but also with cloud systems. It’s a great way to grow both my technical expertise and understanding of the bigger security landscape.

When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

Growing up, higher education wasn’t something that was really encouraged, so I ended up doing an IT apprenticeship instead of continuing down the academic path. A few years later, when I shared my plans to move to the UK and go to university, my family wasn’t exactly thrilled. But through it all, my partner has been an incredible support system, and having them by my side made it so much easier to take this leap and pursue my goals.

Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. I recently attended the Women in Cyber Wales conference 2025, and it was such an eye-opening experience. It was amazing to be surrounded by so many women in tech—something I’m not used to, since I’ve always worked in environments where I’m one of the few women around. It was really refreshing, and I had the chance to connect with some incredible women, forming friendships that I know will last.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

I feel really lucky to have had the chance to do a short internship before diving into my studies. Through a company called ALF in Bergen, Norway, where I took a full-stack developer course, they helped me land an internship at Octaos AS in Osøyro. During that time, I worked on a risk assessment for their Azure infrastructure, which was an amazing opportunity to apply what I was learning in a real-world setting.

The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice? There are so many certifications out there, but I’ve tried to focus on the ones that align with my interests and the direction I want my career to take. I’ve already completed the AZ-900 and AZ-500 for Azure and am currently studying for the SC-200 exam. I’ve also noticed that many job positions mention the CompTIA Security+, so that’s next on my list. On top of that, I’m aiming to become a chartered professional, so I’m taking the necessary steps to make that happen as well.

INGVILD NILSEN

Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?

I think it would be really helpful to have more focus and time dedicated to SOC-related tools, especially SIEM tools. We barely scratched the surface with Splunk before moving on to other topics, and I’ve had to spend quite a bit of my own time getting up to speed with these tools. A little more hands-on experience would definitely go a long way in building confidence with them.

Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences. Like many women, I’ve encountered my fair share of challenges over the years—whether it’s having my input ignored or dealing with unwanted advances. But I’ve learned that setting firm boundaries and even using a slightly deeper voice has really helped me gain respect and be heard. A lot of this came from my experience as a community leader and founder of an active Guild Wars 2 community for seven years. Running a community was like managing a small business part-time, and it gave me invaluable leadership skills that translate into real-life interactions. It’s fascinating how much confidence and work-related skills you can develop in these structured, hierarchical online communities. I could go on forever about the parallels between being a guild leader and managing a team in the workplace!

Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?

I have been actively looking for opportunities in the South Wales + Bristol area, as well as remote roles, but it’s been a bit of a challenge. A lot of the positions I’m really passionate about require SC clearance, which I won’t be able to get for another four years. On top of that, I’m on a graduate visa for the next two years, so I don’t need sponsorship right now, but I may in the future. My current plan is to go back to school and complete an MBA, which would not only help me lay the groundwork for a managerial role but also extend my graduate visa for another two years after graduation. The tricky part is figuring out how to bring this up when applying for jobs—without scaring anyone off, or if I should mention it at all. It can also be really frustrating to put so much time and effort into applying and researching companies, only to never hear back.

Here’s a little background on how I ended up where I am today: I grew up with a religious upbringing and initially started my career with an IT apprenticeship in the oil industry. From there, I worked as an IT engineer at a hospital, but health issues led me to take a break from work. During that time, I decided to pursue a full stack developer course through ALF, which ended up connecting me with a representative from Noroff School. I applied and completed two years of study remotely through Noroff, which has a partnership with USW. Afterward, I moved to Wales to finish my third year at USW on campus. Now, I’m settling down in Cardiff and actively looking for work, either locally or remotely.

www.linkedin.com/in/ingvild-nilsen-66870823b

Technology

Information and Technology Cyber Security student at California State University

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

At first, I used to think cybersecurity was all about the technical side—codes, systems, and firewalls. But as I’ve learned more, I’ve come to realise it’s so much deeper than that. It’s just as much about strategy, clear communication, and creative problemsolving. You’re not just protecting systems; you’re working with people, navigating complex scenarios, and constantly thinking on your feet. That’s what makes it exciting for me—it’s a blend of tech and human insight.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

I’d love to work as an OSINT specialist because I genuinely enjoy digging into open-source information and uncovering valuable insights. There’s something really rewarding about piecing together data from different places to spot potential threats and help protect people or organisations. It feels a bit like solving a mystery—only the outcome can make a real difference in keeping others safe.

When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

Some people in my life didn’t quite understand my choice and pushed back a little, but my dad has always been my biggest cheerleader. His support meant the world to me. Even when others doubted me, I stayed focused, kept pushing forward, and let my work speak for itself. Over time, I’ve been able to show that I really am on the right path.

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

My dad and one of my cousins have been a big source of inspiration for me. My cousin, in particular, has had some amazing experiences working in cybersecurity around the world, and hearing about his journey really sparked something in me. It made me want to keep learning, keep pushing myself, and see just how far I can go in this field.

Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. One of the most memorable moments for me was helping to rebuild a college server room. It was such a turning point — everything I’d been learning in class suddenly felt real. Getting that hands-on experience and seeing the impact of our work in a live environment made it all click for me. It reminded me why I’m so passionate about this field.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

At my previous college, I had the chance to work as a cyber assistant, and it was such a rewarding

Amera Greer, a passionate and driven student majoring in Information and

Cyber Security at California State University, San Bernardino.

AMERA GREER

experience. I got to help design assignments for cybersecurity students, assist with server room projects, and even serve as a counselor for our cyber camps — guiding and mentoring future students just getting started in the field. Since then, I’ve transferred to a university, but those early experiences really shaped my passion and gave me a strong foundation for the journey I’m on now.

The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications?

Yes, I’m currently pursuing a certificate in ethical hacking. I chose this path because it really lines up with where I see my career heading. I love the idea of thinking like a hacker — but for the right reasons — and using that mindset to help protect systems and people. It’s a field that constantly challenges me and keeps me curious, which is exactly what I’m looking for in my career.

Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?

Yes, I definitely do. Since cyber threats are constantly evolving, I make it a point to stay up to date by doing

my own research. It’s important to keep learning and adapting, so I spend time exploring new trends and threats to make sure I’m always in the loop.

What aspect of your cybersecurity studies excites you the most, and why?

What excites me the most is open-source intelligence and threat hunting. I really enjoy the process of digging deep to uncover information that could be key in preventing potential attacks. There’s something incredibly satisfying about finding those hidden details that can make all the difference in keeping systems safe.

Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?

I am currently part of an amazing community called WiCys (Women in Cyber Security). It’s been such a supportive and empowering space for me. Being a part of it has really boosted my confidence and strengthened my commitment to continue pursuing a career in cybersecurity.

www.linkedin.com/in/amera-greer-545225259

Ushna Zubair is currently pursuing a Bachelor of Computer Science with a major in Cyber Security at the University of Wollongong (UOW). She is passionate about safeguarding the digital world and leveraging technology to enhance security, solve problems, and create safer digital environments.”

Bachelor of Computer Science with a major in Cyber Security student at the University of Wollongong (UOW)

As an IT Intern at Reliance Weaving Mills, I’ve experience conducting interviews with department staff to identify IT-related issues, analyze problems, and collaborate with IT teams to optimize system performance. I have assisted in performing security assessments, vulnerability scans, and risk mitigation with cybersecurity teams. Additionally, I have helped deploy firewalls, intrusion detection systems, and endpoint protection tools to enhance infrastructure security. My experience also includes implementing software solutions for data management, ensuring security compliance, and contributing to cybersecurity awareness training to mitigate threats like phishing and malware.

I’m currently interning as a Grant & Development Research Officer at the University of Wollongong, where I assess grant applications, ensure policy compliance, and manage Grant Information Systems. I have also worked on identifying IT-related issues, conducting security assessments and vulnerability scans, and collaborating with teams to implement software solutions that enhance data security and compliance.

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?

Cybersecurity is an incredibly dynamic and important field right now. I like to think of it as being a digital guardian—protecting individuals, businesses, and even whole nations from the growing threats in cyberspace. With the increasing frequency of cyberattacks, there’s a real demand for experts who can step up to the challenge. This field not only offers exciting career opportunities but also gives us the chance to make a meaningful impact on the safety and security of the digital world.

Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?

When I first thought about cybersecurity, I pictured it as just a technical field focused on coding and hacking. But as I’ve delved deeper into my studies and gained more experience, I’ve realized it’s so much more than that. It’s a multifaceted field that touches on human behavior, policy compliance, risk management, and cryptography. What excites me the most is how it requires not just technical skills, but also strategic thinking, problem-solving, and a constant drive to learn and adapt. It’s a field that’s always evolving, and that’s what makes it so engaging.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

I’m really passionate about pursuing a career as a security analyst or cybersecurity consultant. What excites me the most is the process of identifying vulnerabilities, analyzing cyber threats, and finding effective security solutions. I’ve always enjoyed problem-solving and critical thinking, so these roles feel like a natural fit for me. Ultimately, I want to help protect digital assets and strengthen security measures, making cyberspace safer for everyone.

USHNA ZUBAIR

When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

At first, my parents didn’t know much about cybersecurity as a career, but as they started to see how important it is and the opportunities it offers, they became really supportive. My career advisors also encouraged me, especially with the growing demand in the industry. My peers found it fascinating, which further fueled my passion. Whenever I had doubts, I just focused on staying informed and confident in the path I was choosing.

Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?

My journey into cybersecurity really started with a personal experience—I fell victim to a scam. That moment was a wake-up call for me, showing how important security is, not just online, but in every aspect of our lives. I’ve always been a naturally curious person, eager to understand how things work, and that curiosity led me toward technology and security. As I dove deeper into my studies, I got involved in university projects, internships, and cybersecurity competitions, which only strengthened my understanding and passion for the field. Now, I’m driven to protect people and systems from threats, both online and offline.

Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression.

One of the most memorable experiences for me was working on a cryptography security project. It was fascinating to learn how encryption methods play such a crucial role in data security and

how to apply the theory I’d learned to real-world problems. This experience sparked a deeper interest in cryptography and really solidified my passion for pursuing a career in this area.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

I had the opportunity to intern as an IT Analyst at Reliance Weaving Mills Limited, where I worked on system analysis, security measures, and IT support. It was a great hands-on experience that gave me practical exposure to the real-world side of cybersecurity. To further build on that, I’m also pursuing the Google Cybersecurity Certificate to sharpen my skills in security operations and risk assessment. Both experiences have really helped me understand how cybersecurity concepts are applied in everyday situations.

USHNA ZUBAIR

Yes, I’m currently working on the Google Cybersecurity Certificate, and I’m excited to keep building on my knowledge. Looking ahead, I plan to pursue certifications like CompTIA Security+, Certified Ethical Hacker (CEH), and CISSP. These certifications align with my career goals and will not only deepen my technical expertise but also boost my job prospects in the cybersecurity field.

Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?

While my program gives me a solid foundation, I know that cybersecurity is constantly evolving, and sometimes academic courses can’t keep up with the latest real-world threats. To stay ahead, I make it a point to follow industry news, take extra courses, and get involved in cybersecurity forums and competitions. This helps me stay up-to-date and keep sharpening my skills.

What aspect of your cybersecurity studies excites you the most, and why?

I’m especially excited about cryptography and ethical hacking. Cryptography really fascinates me because it’s the backbone of secure communication, and I love how it protects sensitive data. Ethical hacking also intrigues me because it’s all about testing systems for vulnerabilities to help strengthen security. Both areas give me the chance to dive into critical thinking and problemsolving, which is what I enjoy

Conversely, which aspect of your studies do you find least interesting or useful, and how do you navigate through it?

Some of the theoretical aspects of cybersecurity, especially cryptography, can be a bit

challenging and sometimes feel less engaging to me. While I totally understand their importance, I tend to learn best through hands-on experience. To overcome this, I focus on projects and real-world applications, which help me see the practical value of the theory and give me a deeper understanding of how it all comes together.

Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges? I do find some of the more complex cryptographic algorithms and their mathematical foundations a bit challenging. To tackle this, I break the concepts down into smaller, more manageable parts and look for extra resources like online tutorials or discussion forums to help clarify things. I also make sure to apply what I’ve learned through practical exercises, which really helps reinforce my understanding and build my skills.

Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?

I think it would be great if there was more focus on emerging areas like cloud security, IoT, and postquantum cryptography, since these are becoming increasingly important. At the same time, while foundational theories are essential, I feel some of the more basic networking concepts could be condensed, freeing up more time for specialized topics that are highly relevant today.

Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?

Absolutely—I believe strong communication and project management skills are just as important as technical know-how in cybersecurity. A big part of the job involves working with different teams

and explaining complex issues in a way that nontechnical people can understand. I’m always working on improving these soft skills because I know they’ll help me collaborate better, contribute more in team settings, and eventually take on leadership roles with confidence.

Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?

I try to stay connected with the cybersecurity community by joining online forums, attending webinars, and going to conferences whenever I can. I also enjoy taking part in local meetups and workshops—it’s a great way to meet people in the field, share ideas, and learn about the latest trends and tools. Being involved like this really keeps me inspired, motivated, and up to date as I continue my journey in cybersecurity.

What is your preferred source for staying informed about cybersecurity trends and general information?

To stay updated, I usually turn to trusted cybersecurity blogs like Krebs on Security and Dark Reading. I also follow industry leaders on LinkedIn and Twitter, which is a great way to catch quick updates and insights. Webinars and academic journals are part of my routine too—they help me stay on top of the latest trends and developments in the field.

Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences.

Thankfully, I haven’t personally faced any major discrimination during my studies or internships, but I’m very aware that gender disparity still exists in the field. I try not to let that define my experience— instead, I focus on what I bring to the table through my skills and contributions. I also make it a point to support others and help create a welcoming, inclusive environment where everyone feels valued.

What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?

When it comes to my own cybersecurity, I try to stay on top of best practices. I always use multi-factor authentication, keep my software and devices up to date, and stay alert for phishing attempts. I also make sure to use strong, unique passwords for all my accounts and regularly back up important data. It’s all about building good habits that keep me protected day to day.

Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider?

If I could go back, I’d definitely try to get hands-on experience in cybersecurity a bit earlier—maybe through internships or personal projects—to really complement what I was learning in class. I’d also make an effort to connect with the cybersecurity community from the beginning. Getting involved sooner would’ve helped me build a stronger network and gain more insight into the field early on.

Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?

Yes, I’m actively searching for opportunities in cybersecurity. It’s been a bit of a rollercoaster—some experiences have been really encouraging, like getting interview calls and positive feedback, while other times I haven’t made it past certain stages. But I try to see every setback as a learning experience. Each one has helped me grow, improve my approach, and feel more prepared for the next opportunity that comes along.

www.linkedin.com/in/theushnazubair

Aneesha Doal is currently pursuing a PhD in Cybersecurity Management at Coventry University

Cybersecurity Management PhD student at Coventry University

In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?

Anything to do with cyberspace feels like both our present and our future—it’s already shaping the way we do business and live our daily lives. We’re right in the middle of this fascinating, sometimes overwhelming era, where technology is moving fast and the possibilities seem endless. It’s a little scary, sure, especially with how rapidly AI is evolving, but it’s also incredibly exciting to be part of something that’s still just getting started.

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

I see myself stepping into a consultancy role where I can help businesses—no matter their size or background—strengthen their cyber resilience from a non-technical perspective. This goal has been shaped heavily by my PhD research, where I’ve been exploring how top management in UK SMEs perceive and approach cyber resilience. Through both studying the field and having real conversations with business owners, I’ve developed a deep sense of empathy for them. Many feel cyber resilience is either too technical or just not relevant to their world—and

that couldn’t be further from the truth. I’m passionate about raising awareness on the importance of not just cybersecurity, which often focuses on protection and prevention, but also the idea that it’s safe to fail. Businesses need to be educated on how to monitor, respond to, and learn from cyber incidents—that’s what true cyber resilience looks like. I want to bridge that gap, making cyber resilience feel practical, affordable, and achievable, and help create a culture where continuous learning and recovery are just as valued as defence.

When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

I didn’t face any opposition—actually, quite the opposite. When I shared that my PhD would focus on cybersecurity, my parents and peers were genuinely excited and proud. They saw it as an amazing opportunity, especially knowing how male-dominated the field can be. As a woman of colour, it felt like a particularly meaningful and proud moment for me—to be stepping into a space where representation truly matters and where I could hopefully inspire others to do the same.

Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?

I can’t really speak for the taught programmes like undergraduate or master’s courses, but when it comes to doing a PhD, there’s definitely a strong expectation to make both a theoretical and a realworld impact. It’s not just about contributing to academic knowledge—we’re also encouraged to think about how our research can make a difference in society. Even though a PhD typically takes 3 to 4 years, the work we do needs to stay relevant the whole way through, right up to submission. So yes, staying current and connected to real-world issues is a big part of the journey.

ANEESHA DOAL

What aspect of your cybersecurity studies excites you the most, and why?

As part of my data collection, I carried out 26 semistructured interviews—and honestly, that experience was a real game changer for me. It was incredibly refreshing and eye-opening to speak with people who are deep in the world of cyber, as well as those who are busy running businesses day to day. Hearing their perspectives brought my research to life in a whole new way. As a researcher, moments like that really get your mind whirring—you start piecing together new insights, seeing patterns, and it becomes clear how your work can genuinely contribute to the bigger picture. It’s where the research starts to feel truly meaningful.

Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you overcome these challenges?

Cybersecurity is such a fast-moving and unpredictable field, and that definitely carries over into academic research too. One of the biggest challenges is making sure your work stays relevant right up until the day you submit your thesis. Things can change so quickly! To stay ahead, it’s not just about trying to submit before someone else publishes something similar—it’s also about constantly keeping up with new research, regularly updating your literature review, and staying tuned into what’s happening in the field. It’s a bit of a balancing act, but it keeps things exciting and pushes you to stay on your toes.

Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?

Even with the rise of AI, I truly believe that humans will always be the greatest vulnerability and, at the same time, the biggest threat to any business. My thesis argues that future research needs to focus more on the human element—whether that’s through better employee engagement or understanding the role of leadership. Too often, research in cybersecurity tends to zoom in on the technical side, but the reality is that

no matter how advanced our technology gets, it’s only as strong as the people behind it. That’s why we need more focus on strengthening our “human shield.”

What is your preferred source for staying informed about cybersecurity trends and general information?

I stay updated through international news and social media. It’s a great way to keep my finger on the pulse of what’s happening around the world, especially when it comes to tech, cybersecurity, and broader global issues.

Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences.

Not yet, but I’m really hopeful that more women will feel empowered to pursue careers in cybersecurity. It’s exciting to think about the positive change we’ll see as more women step into these roles!

Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?

I haven’t started applying just yet, but it’s definitely something I plan to focus on once I’ve submitted my PhD. From the conversations I’ve had with cybersecurity professionals so far, one thing that’s really stuck with me is how new and ever-changing this field still is. A lot of job descriptions can feel overwhelming—especially with all the certifications they list—but I’ve been reassured that even employers aren’t always sure what’s truly essential for a role. So, when the time comes, I’m going to keep an open mind and just go for it. At the end of the day, there’s nothing to lose and everything to gain!

linkedin.com/in/aneesha-doal-96b3b064

instagram.com/cyberzenconsultancy

aneeshadoal@hotmail.co.uk

Juveria Banu is currently pursuing her Master of Science in Cyber Security at the University of Hertfordshire.

Master of Science in Cyber Security at the University of Hertfordshire

Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?

After I graduate, I’m aiming to land a mid to seniorlevel role as a Penetration Tester. Ethical hacking has always been a real passion of mine, and I’m lucky to have already gained hands-on experience— first back in India and then for a year here in the UK. These opportunities, along with everything I’ve learned during my master’s in Cyber Security, have really helped me develop a solid, well-rounded approach to the field. I feel confident tackling security assessments with a broader perspective now, and I’m excited to bring that insight into helping clients strengthen their systems with practical, strategic advice.

When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?

In 2019, when I made the decision to move into cyber security, I was lucky to have a lot of support around me. My parents and career advisors saw potential in me beyond my initial role in software testing, which I’d taken on after finishing my bachelor’s degree. They were genuinely excited about the shift and

encouraged me to dive deeper into the technical side of things. My dad, especially, has always been a big believer in lifelong learning. He used to say that programming is the future and pushed me to really master at least one language. Looking back, that advice has been gold—it’s stuck with me ever since. Over the years, I’ve worked with a range of languages like Java, Perl, Python, and C#, and they’ve all helped me build tools, automate tasks, and become much more efficient in security testing. His encouragement definitely played a big role in shaping the direction of my career.

Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. One of the biggest turning points in my cyber security journey was when I started teaching myself the core concepts through hands-on experience as a bug bounty hunter—even before I landed a formal role in the field. That time was definitely challenging, but it really shaped who I am today. I had to figure out a lot on my own, especially how to properly assess the impact and validity of the vulnerabilities I was finding. At first, I second-guessed a lot of my discoveries, unsure if they were even worth reporting.

But with persistence, a lot of late nights, and continuous learning, I started gaining the confidence to trust my instincts and sharpen my technical skills. I mostly used Bugcrowd and focused on Vulnerability Disclosure Programmes (VDPs) because they gave me more room to explore without the pressure of competing for rewards like in traditional Bug Bounty Programmes. For me, it was never about chasing payouts—it was the curiosity and the thrill of learning that kept me going.

What really stuck with me was seeing how quickly the threat landscape changes. Staying on top of zerodays and new attack techniques became part of my daily routine. That phase gave me the space to make mistakes, reflect, and improve—and it helped me grow into a more resilient, adaptable, and thoughtful

JUVERIA BANU

penetration tester, ready to make a real impact in any organisation I join.

Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?

When I decided to pursue a career in cyber security, my first hands-on experience came through a contract role at Citrix R&D in India, where I worked as a Penetration Tester. I was responsible for testing the web and infrastructure components of NetScaler’s new features and releases, which gave me a real taste of enterprise-level security and how it works behind the scenes. It was an exciting start and helped me understand how security fits into the bigger picture of product development.

After that, I joined Commissum—part of Eurofins at the time, now known as Resillion—as a Security Consultant. That role really broadened my experience. I got to work on penetration tests for web applications, infrastructure, and mobile platforms, and I even carried out cloud security reviews for clients across a variety of industries. It was a steep learning curve, but it laid a strong foundation in both technical skills and client-facing consultancy work.

Wanting to take things further, I moved to the UK to pursue my master’s in Cyber Security, which included an integrated internship. During that year, I worked again as a Penetration Tester and had the chance to learn from some of the most experienced professionals in the UK cyber security space. It was an incredible opportunity to build on what I’d already learned and really refine my skills in a more global context.

I pursued the CREST Practitioner Security Analyst (CPSA) certification while working at Resillion, as it was a requirement for the role. I actually renewed it earlier this year because it’s still one of the key foundational certs that employers in the UK tend to look for. That said, since CPSA is mainly multiplechoice, I’ve been keen to focus on more hands-on, practical certifications moving forward.

I did consider going for the CREST Registered Penetration Tester (CRT) next, but I’ve decided to hold off for now and revisit it if a future role specifically calls for it. Right now, I’m focusing on the Offensive Security Certified

Professional (OSCP), which I’m currently studying for. I really appreciate how in-depth and practical it is—it covers a broad range of penetration testing techniques and tools, and it’s definitely pushing me to grow.

Although my current expertise is strongest in web application penetration testing, the OSCP is giving me the chance to expand into internal testing as well, which I see as an essential area to develop for the kind of roles I want to take on in the future.

Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?

I think the academic program has done a great job of staying up to date with how fast the cyber security landscape is evolving. One example that really stood out to me was during the Penetration Testing module— we were asked to create an attack tree based on the latest threats, using real-world threat reports and research papers. It wasn’t just a theoretical exercise; it gave us a deeper look into what’s actually happening out there in the industry right now.

That assignment really helped me connect the dots between current attack trends and how we, as future security professionals, can think strategically about defending against them. It was one of those moments that reminded me why I’m so passionate about this field—we’re not just learning concepts, we’re learning how to tackle real, evolving problems.

What aspect of your cybersecurity studies excites you the most, and why?

I’ve always been an academic at heart, and what I love most about studying cyber security is having the time and space to really dive deep into research and learning. In a full-time consulting role—which I also enjoy—the pace is often fast, and the focus naturally shifts to meeting client deadlines. That doesn’t always leave much room for deep exploration or following your curiosity.

But as a student, I get to slow down and really dig into topics that interest me. There’s something incredibly exciting about being able to spend time investigating a concept thoroughly, sometimes even discovering vulnerabilities that could help improve security for a wider audience. On top of that, working on meaningful projects alongside some of the top research scholars in the field is both inspiring and rewarding. It reminds me why I chose this path in the first place.

Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?

Yes, I do think there are areas in cyber security that could use more focus in the curriculum—malware being a big one. While it’s acknowledged as a major threat, I feel like there isn’t quite enough handson training when it comes to actually dealing with it. Malware is still one of the most common and damaging types of cyberattacks, and as professionals, it’s not enough just to recognize it—we need to know how to analyze, contain, and mitigate it effectively.

Real-world incident response requires quick thinking and solid practical skills, especially when it comes to malware. A delayed or poorly handled response can lead to massive data breaches, financial loss, and long-term damage to an organisation’s reputation. I really believe that giving students more experience in malware response would round out their skillset and better prepare them for the challenges they’ll face in the field.

On a similar note, I also think there’s a real need to develop non-technical skills alongside our core cyber knowledge. Communication, in particular, is so important. It’s one thing to understand complex security concepts yourself—but it’s a whole different challenge to explain them clearly to people who don’t have a technical background. During my internship in the UK, I saw first-hand how crucial

JUVERIA BANU

it is to be able to break down cyber jargon and communicate risks effectively to both users and executive-level stakeholders. Often, the key is tying it back to business impact—because that’s what really resonates.

So yes, while technical skills are essential, being able to bridge that gap between tech and people is just as important. It’s how we build awareness, foster trust, and ultimately create more secure environments.

Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?

Yes, I love being part of the wider cyber security community—it’s something I’ve found incredibly energising and rewarding. I’m an active member of the Women in Cyber Security community and try to attend meet-ups and events whenever I can. It’s such a supportive space, and it’s been amazing to connect with others who are just as passionate about this field as I am.

I also regularly attend conferences like CRESTCon and BSides. These events have been eye-opening in so many ways—whether it’s listening to talks on emerging threats, learning from seasoned professionals, or just having those casual hallway conversations that spark new ideas. One of the most valuable things I’ve taken away from these experiences is inspiration for my own projects. For example, some of the recent discussions around AI in cyber security really sparked my interest and shaped the direction of my academic research.

I’ve also jumped into a few hands-on workshops at these events—things like malware analysis and even lockpicking, which was fun! It’s been a great way to gain practical skills and build confidence in areas I might not have explored otherwise.

Being part of this community helps me stay current, keeps me motivated, and reminds me that there’s

always more to learn—from both experts and peers. It’s made my journey in cyber security feel much more connected and purposeful.

Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider?

Looking back on my journey so far, if I could change anything, it would be to put more focus on developing my communication skills alongside my technical expertise. Early in my career, I was so focused on building my technical abilities that I didn’t always give enough attention to how I communicated complex findings, especially to non-technical audiences.

Now, I see how essential it is to be able to explain technical details in a way that people without a deep cybersecurity background can understand. This skill is crucial because it helps stakeholders grasp the potential impact of vulnerabilities, enabling them to make informed decisions. It also plays a key role in bridging the gap between technical teams and business leaders, making sure that everyone in the organisation understands the importance of security.

Since most of my technical skills have come from hands-on experience rather than formal training, I definitely wish I had invested more time early on in honing my communication abilities. It would’ve not only helped me better convey the significance of security findings, but it would’ve also made me a more well-rounded and effective professional in the cybersecurity field.

www.linkedin.com/in/bejuveria

ladysecspeare.wordpress.com

github.com/ladysecspeare

How We Got Cyber Smart addresses cyber safety, cyber bullying and online safety for elementary school-aged children.

Lisa has partnered with Cool.Org , and her content is found on the Department of Education website .

LISA ROTHFIELD-KIRSCHNER

Author of How We Got Cyber Smart | Amazon Bestseller

Olivia and Jack learn about sextortion

We are seeing more stories in the media about sextortion. As a parent, reading about the tragedies and destruction of families and communities is heartbreaking. This story, I hope, will help explain the dangers and how to protect your community and the children in your care.

Twins Olivia and Jack were very close and spent a lot of time together. They both played sports, chess and had an active social life which included online gaming and chat messaging platforms.

One evening, Olivia was thrilled to get a private message on her favourite drawing game. It is a fun game in which players are given a certain number of minutes to draw a character from a movie or TV series. They can play against the computer or another player. Olivia’s message was from someone named ‘artist22’, claiming to be another young player who wanted to play against her. “Your drawing skills are amazing!” they wrote. “I bet you’d be famous if you shared more of your private drawings.”

Olivia was excited about the thought of being famous and flattered that someone else thought her drawings were so good. Even though she knew she was not supposed to engage with strangers she got so caught up in the moment that

she wrote back “thanks, that sounds exciting!”

Over the next few days, artist22 messaged Olivia often. They seemed genuinely interested in helping her become a better drawer and gave her suggestions on how she could improve her skills. Then one day, artist22 asked for something troubling. “Can you send me some special drawings that you have done of yourself that no one else has seen? I promise I’ll keep them secret.”

Olivia hesitated, but then gave in, thinking it was harmless. These were just drawings; it did not seem like there was anything to worry about. So she sent some portrait drawings she had done of herself that were not shared in the game. The very next message was scary: “I want you to send me a photo of yourself, or I’ll tell your parents that you have been messaging with a stranger, and I’ll post your portraits online.”

Terrified, Olivia confided in Jack who helped her tell their parents right away. Their parents said: “You have done the right thing by coming to tell us. This is called sextortion, when someone tricks or pressures you into sharing personal things and then threatens you.”

Jack’s and Olivia’s parents explained how predators target children and teens online. “They pretend to be someone trustworthy, like a friend or another child. Never share private information or images online, even if it seems innocent, even if it’s a drawing. Always come to us if anything feels wrong.”

With her parent’s help, Olivia blocked artist22, reported them to the drawing app and deleted the messages. The experience shook her, but she felt safer knowing her family was there to protect her.

At dinner that night, Jack asked, “What if someone does something like this to me in my game? How do I avoid it?”

Their Mother gave them clear advice: “Be cautious about anyone asking for personal information or pictures, even if they seem friendly. And always let us know if someone makes you feel uneasy.”

Olivia learned to trust her instincts, and Jack resolved to be vigilant. Together they grew wiser about the dangers of the online world, promising to stick by each other and their family’s technology rules for staying safe.

www.linkedin.com/in/lisarothfield-kirschner

howwegotcybersmart.com

WOMEN IN SECURITY MAGAZINE CONTRIBUTORS

1. AMANDA-JANE TURNER

Author of the Demystifying Cybercrime series and Women in Tech books. Conference Speaker and Cybercrime specialist

2. MANAHIL HASAN

Senior Cyber Security Analyst Engineer

3. OMONIVIE CYNTHIA JATTO

Cybersecurity Specialist

4. RANEE BRAY

Senior Director, Cybersecurity @ Cloudflare

5. JORDAN WATSON

Senior Cyber Security Consultant

6. KELLY JOHNSON

General Manager ANZ, Acronis

7. THERESA MCCLUSKEY

Head of Global Enablement

8. SIMON CARABETTA

Simon is a former high school Media Studies and English teacher turned Cyber Security Advocate.

9. SAPNA KUMARI

Senior Cybersecurity Consultant (Technical)

10. MIN KYRIANNIS

Chief Executive Officer

11. DISHA NAGASIDDAPPA SOMASHEKAR

Cyber Security Operations Analyst

12. INEZ CHONG

Cyber Security Consultant

13. CRAIG FORD

Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC and Baidam Solutions

14. LISA VENTURA

Founder, Cyber Security Unity

15. ANNIE-MEI FORSTER

Senior GRC consultant at Securus Consulting Group, co - host of the Lost In Cyberia podcast and provides cybersecurity tips on the @ thecybersecuritygals Instagram

16. KATE HEALY

Executive Director and Founder of Empowered Cyber

17. MARISE ALPHONSO

Information Security Professional

18. KAREN STEPHENS

CEO and co-founder of BCyber

19. APARNA ACHANTA

Security Architect and Leader, IBM Consulting, USA

20. MEG TAPIA

The Paragon Alliance co-founder

21. ANNIE HAGGAR

The Paragon Alliance co-founder

22. AMINA AGGARWAL

Founder | Enterprise Security Architect

23. BLESSING EZEOBIOHA

Digital forensics and Threat intelligence at TEknowledge

24. ROSALYN PAGE

Cybersecurity & Digital Lifestyle Journalist

25. DHIVYAH NAIR

Cybersecurity and Forensic Computing student at the University of Portsmouth

26. NIHARIKA KADARI

Master of Laws student at Monash University in Victoria

27. INGVILD NILSEN

Applied Cyber Security student at the University of South Wales

28. AMERA GREER

Information and Technology Cyber Security student at California State University

29. MADHURI NANDI

Head of Security - Nuvei, Co-Chair AWSN

30. USHNA ZUBAIR

Bachelor of Computer Science with a major in Cyber Security student at the University of Wollongong (UOW)

31. ANEESHA DOAL

Cybersecurity Management PhD student at Coventry University

32. JUVERIA BANU

Master of Science in Cyber Security at the University of Hertfordshire

33. LISA ROTHFIELD-KIRSCHNER

Author of How We Got Cyber Smart | Amazon Bestseller

THE LEARNING HUB

INTRODUCTION TO CYBERSECURITY

The Introduction to Cybersecurity is one of the best free cybersecurity courses to consider. It offers a free taster to the subject and is accredited by the UK Government intelligence organization GCHQ, the global accreditation and examination institute APMG International, and The Institute of Information Security Professionals. In this course, you’ll learn how to recognize online security threats that could harm you and explore the steps you can take to minimize your risk. The course will improve your online safety in the context of the wider world, introducing concepts like malware, denial of service, phishing, trojan virus, security controls, penetration testing, network security, cryptography, identity theft, and risk management.

VISIT HERE

CYBERSECURITY

As we live in today's technological age, criminals have found a way to interrupt an organization's operations and even steal valuable information from their victims through cyber attacks. This course provides the information you need to know about the different kinds of cyber attacks and the safety precautions that you can take to avoid them.

VISIT HERE

CYBER SECURITY FOR BEGINNERS

The Cybersecurity Course for Beginners delivers a new lesson every two days for five weeks, all without the need to pay back any tuition loans. In terms of content, it aims to give you step-by-step advice for keeping your personal data out of nefarious hands and hackers with malicious intent. You’ll learn how to set up a security system and acquire a basic cybersecurity vocabulary. You’ll also learn to identify and eliminate the security holes in your system that make you vulnerable to cyber threats and breaches, and discover how cyberattacks work.

VISIT HERE

NETWORK SECURITY

In this course, you will examine the various areas of network security including intrusion detection, evidence collection and defense against cyber attacks.The issues and facilities available to both the intruder and data network administrator will also be examined to illustrate their effect.You will learn the principles and concepts of wired and wireless data network security. You will be guided through a series of laboratories and experiments in order to explore various mechanisms for securing data networks including physical layer mechanisms, filters, applications and encryption.

VISIT HERE

FOUNDATIONS OF CYBERSECURITY

This Foundations of Cybersecurity course will provide the foundational concepts for the cybersecurity field. It will look at the field as a whole, examine various types of attacks, learn ways to protect our environments through tools and design, and wrap up looking at more advanced topics. With nearly 40 resources across nine core modules, the course is set up using a sequence that begins each module with a theory or concept, supports it with tactics, and then drives it home with case studies or videos. VISIT HERE

INTRODUCTION TO ARTIFICIAL INTELLIGENCE (AI)

Artificial Intelligence (AI) is all around us, seamlessly integrated into our daily lives and work. Enroll in this course to understand the key AI terminology and applications and launch your AI career or transform your existing one.This course covers core AI concepts, including deep learning, machine learning, and neural networks. You’ll examine generative AI models, including large language models (LLMs) and their capabilities. Furthermore, you’ll examine AI’s application across domains such as natural language processing (NLP), computer vision, and robotics, uncovering how these advancements drive innovation and use cases.

DEVOPS ENGINEER LEARNING PLAN

This Learning Plan is designed to help DevOps Engineers, Developers, and Operations Engineers who want to become proficient at deploying secure and reliable applications at high velocity on AWS. The digital training included in this Learning Plan will expose you to version control, infrastructure as code, and continuous integration/continuous delivery (CI/CD). This Learning Plan can also help prepare you for the AWS Certified DevOps Engineer - Professional certification exam.

VISIT HERE

INTRODUCTION TO CYBER ATTACKS

This course provides learners with a baseline understanding of common cyber security threats, vulnerabilities, and risks. An overview of how basic cyber attacks are constructed and applied to real systems is also included. Examples include simple Unix kernel hacks, Internet worms, and Trojan horses in software utilities. Network attacks such as distributed denial of service (DDOS) and botnet- attacks are also described and illustrated using real examples from the past couple of decades.

VISIT HERE

VISIT HERE

THE LEARNING HUB

THE TEN DOMAINS OF CYBERSECURITY

Explore Cybersecurity Through Ten Domains

This course is designed to introduce students, working professionals and the community to the exciting field of cybersecurity. Throughout the MOOC, participants will engage in community discourse and online interaction. Participants will gain knowledge and understanding of cybersecurity and its domains.

VISIT HERE

CYBER AID - FOR HEALTH PROFESSIONALS

The Cyber Wardens program is a simple education tool designed to make your small business cyber-safe. Educating your team about cyber threats will help to protect your small business against cyber threats and recover from a cyber attack.

VISIT HERE

FUNDAMENTALS FOR CYBERSECURITY SPECIALIZATION

Throughout this specialization, you will learn concepts around cybersecurity tools and processes, system administration, operating system and database vulnerabilities, types of cyber attacks and basics of networking. You will also gain knowledge about important topics such as cryptography and digital forensics. The instructors are architects, Security Operation Center (SOC) analysts, and distinguished engineers who work with cybersecurity in their day-to-day lives at IBM with a worldwide perspective. They will share the skills that they need to secure IBM and its clients’ security systems from unauthorized access and intrusion. The specialization is comprised of five courses that explore topics like hardware security, cryptography and software security.

VISIT HERE

CISA CERTIFICATION PREP

ISACA’s Certified Information Systems Auditor (CISA) certification is for entry to mid-career professionals who want to understand the process of planning, executing, and reporting on risk-based auditing practices. This certification prep path is designed to provide you with a comprehensive overview of the concepts and skills you will need to pass the certification exam.

VISIT HERE

WOMEN SPEAK CYBER PODCAST

With Louisa P and Louisa V

This is women speak cyber - the podcast. With Diversity of ideas crtical to solving the complex challenges of securing businesses and people today, we believe all voices need to be heard. Whether you are an aspiring speaker, leader or wanting to advocate for others, join Louisa P and Louisa V and their special guests who will share the tools, tips and inspirational stories that will help you to speak cybersecurity with confidence and impact.

CLICK TO LISTEN

THE CYBER SECURITY RECRUITER PODCAST

With Thomas Richard

The mission is simple: To enhance your career growth within the Cybersecurity community & bring interesting and knowledgable guests onto the Podcast so that you can benefit from their experience.

BRAKESEC EDUCATION PODCAST

With Bryan Brake, Amanda Berlin, and Brian Boettcher

A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.

THE SECURITY COLLECTIVE PODCAST

With Claire Pales

The secure CIO is the podcast for Technology Executives who are tasked with hiring and retaining great cybersecurity leaders. Bestselling author Claire Pales, together with industry thought leaders, answers your questions about sourcing the right leaders, building cyber secuirty teams, candidate selection, salaries and more

TO THE POINTCYBERSECURITY

With Rachael Lyon

Forcepoint's To The Point Cybersecurity Podcast covers the latest cyber news, threats, and trends impacting the federal government.

CYBER SECURITY CAFE

With Beverley Roche

Interested in staying safe online or a cyber security professional? Leading cyber security consultant and advisor, Beverley Roche talks to global experts, academics and researchers to provide insights on the issues impacting the cyber security professional and our connected life.

KBKAST

With Karissa Breen

The Voice of CyberKBKast brings you interviews, discussions, and presentations from global leaders across information security and emerging technology. We spend time understanding what they do, and unpacking their thoughts on the constantly evolving technology and people elements in the security industry as they pertain to an executive audience. CLICK TO LISTEN

CYBER SECURITY INSIDE

With Camille Morhardt

Cyber Security is no longer a topic that is addressed only by programmers and coders. CISOs and their executive peers need to think about 'Cyber Security' differently. In this podcast, Tom Garrison, Vice President and GM of Client Security Strategy and Initiatives, will discuss relevant topics in clear, easy to understand language.

JOURNEY INTO CYBERSECURITY

With Cathy Olieslaeger

Put yourself in the shoes of a cybersecurity professional starting with when they were just a little kid and had no clue what cybersecurity even was. Meander with them along their journey and learn from their experience how to become a cybersecurity professional.

CYBER SECURITY TALKS

With Laurens Jagt

The interview podcast for cyber security professionals and for those who aspire to become one. We interview industry experts to get to know the latest trends, real life war stories and everything you need to know about this exciting industry.

CYBERSECURITY SIMPLIFIED

With Susanna Song

Cybersecurity Simplified aims to demystify cybersecurity and make it understandable to business people and managed services providers who aren't security experts. We explore the latest cybersecurity trends, threats and news with the insight and perspective of CTO David Barton of Overwatch Managed Security by High Wire Networks.

SECURITY, SPOKEN

With Lauren Goode, Michael Calore, and Leah Feiger

Get in-depth coverage of current and future trends in technology, and how they are shaping business, entertainment, communications, science, politics, and society.

THAT’S WHAT SHE SAID:

Author // Kimothy Joy

“A stunning book that celebrates a diverse group of inspirational women, from Maya Angelou to Malala Yousafzai. The book features illustrations and quotes with illuminating biographies to inspire women of all ages and backgrounds.” –Hello Sunshine

BUY THE BOOK

THE GIFTS OF IMPERFECTION

Author // Brene Brown

A small, quiet, grassroots movement that starts with each of us saying, ‘My story matters because I matter.’ Revolution might sound a little dramatic, but in this world, choosing authenticity and worthiness is an absolute act of resistance.

BUY THE BOOK

CYBER DEFENSE FOR WOMEN

Author // Cecilia Anastos

In the early XXI century, I was known as the “queen of OSINT (Open-source intelligence).” I figured out how to find anything and anybody who had left a digital footprint. I put Johnny Long’s techniques on steroids. I developed courses to teach my skills to law enforcement agencies, private sector, and the U.S. Navy SEALs.

BUY THE BOOK

SECURING OUR FUTURE:

Author // Black Women in Cyber Collective

"This book offers solace, unity, and motivation for those who feel marginalized in the realm of technology and cyber, inviting them to discover a supportive community and the courage to amplify their voices. Moreover, it provides an eye-opening experience for those who are part of the majority and haven't experienced being "othered" in this industry."

BUY THE BOOK

STRONGER TOGETHER: WOMEN IN CYBERSECURITY

Authors // David Meece, Emily Zakkak

This book throws open the doors to the world of IT and Cybersecurity, celebrating over 100 accomplished women who have carved their own paths in these dynamic fields. It's not just a chronical of their achievements, though each story delves into the unique challenges they faced, offering invaluable insights and stereotypes.

BUY THE BOOK

OWN YOUR EVERYDAY: OVERCOME THE PRESSURE TO PROVE AND SHOW UP FOR WHAT YOU WERE MADE TO DO

Author // Jordan Lee Doodley

From accidentally starting a small business instead of using her college degree, to embarrassing herself onstage in front of thousands, to wasting time worrying about what others think or say, Jordan Lee Dooley knows exactly how that feels—and she’s learned some important lessons about living a purposeful life along the way. BUY THE BOOK

YOU DO YOU

Author // Sarah Knight

Being yourself should be easy, yet too many of us struggle to live on other people's terms instead of our own. Rather than feeling large and in charge, we feel little and belittled.

INNOVATEHERS: WHY PURPOSE-DRIVEN ENTREPRENEURIAL WOMEN RISE TO THE TOP

Author // Barbara Kurshan and Kathy Hurley

As a woman, how can you foster an entrepreneurial mindset to succeed in business? How do you take an idea, dream or goal and transform that into a strategy for success in a purpose driven organization? How can you align your purpose and passion to help you do well and do good in your profession?

BUY THE BOOK

CATCHING A HACKER (ARKANSAS SPECIAL AGENTS: CYBER CRIME DIVISION BOOK 2)

Author // Maggie Wells

Arkansas Special Agent Emma Parker is determined to uncover a cyberbully targeting local teens—and Max Hughes’s daughter, Kayleigh, is the prime suspect. Max gives Emma full access to their home and technology to clear Kayleigh’s name, never counting on his attraction to the driven cop…nor their sinister discovery. Because someone has turned Kayleigh’s computer against her. Watching her. Stealing her data. And worse, using that information to get at other students…

BUY THE BOOK

THE SECURITY AWARENESS PIXIE - PROTECTING OUR ONLINE WORLD: A CHILDREN'S GUIDE TO CAREERS IN CYBERSECURITY AND IMPROVING CHILDREN'S ONLINE

SAFETY, PRIVACY, AND SECURITY

Author // Andrew Aken

Through memorable poetry and captivating imagery, Sandy, the Security Awareness Pixie, takes children on an adventure teaching them about security and safety in the online world. Children between the ages of 3-12 are increasingly exposed to digital environments where risks abound. At this impressionable age, children are curious and may inadvertently share personal information or fall victim to online threats such as cyberbullying, inappropriate content, or scams.

BUY THE BOOK

THE TECHNOLOGY TAIL: A DIGITAL FOOTPRINT STORY

Author // Julia Cook

The Technology Tail is part of the Communicate with Confidence book series that offers a timeless message to a new generation just learning how to navigate the fast-changing digital age. Written for children in grades 1 through 6, this storybook uses rhymes and colorful illustrations to grab their attention. There are also tips for parents and teachers who want to reinforce kindness and respect in a high-tech world.

BUY THE BOOK

DENNIS AND HIS ONLINE GAMING ADVENTURE!: CYBER SAFETY CAN BE FUN [INTERNET SAFETY FOR KIDS]

Author // Nina Du Thaler

It’s like Dennis has a new language – skins, noobs and loot boxes. Elle is intrigued, perhaps its online gaming. But when Dennis starts getting smelly, moody and skipping school she wonders what is happening. What will Elle discover when she delves into Dennis’ world? But more importantly, can she teach him how to manage his online world safely.

BUY THE BOOK

MOVE INTO THE WORLD OF CYBER SECURITY, BUILD A FUTURE AND MAKE A DIFFERENCE

By Marie Claire

This highly rewarding and flexible industry is perfect for people of all career backgrounds looking to change careers and make a difference every day. From banking to transport, and energy to the public sector, cyber security professionals help protect information and systems across a variety of industries, against online threats. With technology like the internet and mobile phones a fundamental part of modern life and developing all the time, cyber security is more important than ever before.

SAP’S STRATEGIC SHIFT IS SHAPING THE FUTURE OF AI-DRIVEN ENTERPRISES

By delta logix

The digital transformation of enterprises is no longer a distant goal—it is a necessity driven by increasing data complexity, the rapid evolution of artificial intelligence, and the demand for real-time decision-making. SAP has long been a central player in this transformation, providing solutions that power mission-critical business processes across industries.

QUANTUM COMPUTING: IS IT A CONVERSATION LEADERS SHOULD HAVE NOW?

By CGI (Tara McGeehan)

Quantum computing has been steadily gaining momentum in the technology industry over recent years, and rightly so. It’s a field that presents both enormous potential and significant challenges. While wider adoption is still in its infancy, the question is less about whether quantum computing will become important and more about how and when. As business and technology leaders, is it time to more seriously consider how this technology might shape strategies for organisations across every sector in the years to come?

WHEN CYBERSECURITY MEETS 'HER POWER': UNLOCKING THE POTENTIAL OF WOMEN IN CYBERSECURITY

By hkcert

The cybersecurity industry is currently facing a severe talent shortage. Statistics show that there is a global shortage of nearly 4 million cybersecurity professionals. Although the number of cybersecurity practitioners is growing at an annual rate of 8.7%, the supplydemand gap continues to widen.

ANYONE CAN START A CAREER IN CYBERSECURITY

By Lodrina Cherne (SANS)

We read about cybersecurity in the news almost every day as organizations and governments around the world continue to get hit with ransomware, scams, and cyber attacks. There is a huge demand for people trained in cybersecurity to help defend against these growing threats. In fact, recent studies estimate that there are almost 3 million cybersecurity job openings globally.

AFRICAN WOMEN IN CYBER DEFENSE

By Cyberheroines

In preparation for International Women’s Day, Meagan Tudge of SANS Security Awareness and I spoke to Anna Collard, SVP Content Strategy & Evangelist Africa for KnowBe4 Africa, about the landscape of cybersecurity careers for women in Africa. We learned so much that we realized it needed a dedicated post, so we end our celebration of Women’s History Month with a spotlight on Africa. READ

READ BLOG

HOW SMBS CAN TACKLE CYBERSECURITY CHALLENGES

By AI Cyber Experts

Ransomware, phishing, data breaches—cyber threats don’t discriminate. Whether you’re a global enterprise or a small business, the risks are real. While large corporations invest millions into cybersecurity, small and mid-sized businesses (SMBs) often wonder: How do we protect ourselves without a dedicated security team? The good news? You don’t need an army of inhouse experts. With the right strategies and tools, SMBs can secure their businesses just as effectively—without hiring a single security professional.

IT’S “BY MISTAKE” – HOW I GOT INTO CYBERSECURITY

By Gee Mohanty

Welcome to the Cisco Women in Cybersecurity’s blog series, where we highlight the stories of the mentors who have inspired and advocated for the careers of those in our community. This series seeks to show the importance of allyship, connection, and how different the journeys can be into a career in cybersecurity.

AI AND DATA SECURITY: BALANCING INNOVATION WITH RESPONSIBILITY

By Natalie Salunke

Artificial intelligence (AI) is transforming industries at an unprecedented pace, offering businesses the ability to automate complex processes, extract valuable insights and enhance decisionmaking. However, as AI systems process vast amounts of data, they also introduce significant challenges around data security, privacy and regulatory compliance. For legal teams, executives and tech professionals, the ability to balance AI innovation with responsible data management is critical.

ALL RULES CYBER - TIME FOR COMMON GROUND?

By Info risk today Shruti Dvivedi Sodhi, Purvi Morwal

India leads in technology advancement, yet our current approach to overseeing cybersecurity is fragmented. While entities such as the Indian Computer Emergency Response Team, or CERT-In; National Critical Information Infrastructure Protection Centre; and Ministry of Electronics and Information Technology, or MeitY, exist to regulate cyberspace and assist with incident management, their siloed operations often delay responses and dilute overall effectiveness in ensuring accountability and consumer relief in cases of cyber incidents.

By NSB Cyber

In today's modern cyber security landscape, maintaining outdated authentication methods is akin to not updating your front door lock that was made in the 1800s.

BRIDGING THE CYBER SKILLS GAP

By Code First Girls

With cyber threats growing more sophisticated every day, the demand for skilled cybersecurity professionals has never been greater. Yet, we’re facing a global cyber skills shortage that puts organisations—and their data—at risk. From empowering a diverse workforce to addressing the talent deficit, investing in cyber-security training can help you to build a more secure digital future.

READ BLOG

JOB BOARD

CYBER THREAT INTELLIGENCE ANALYST | MACQUARIE GROUP

FULL TIME AUSTRALIA

ABOUT THE ROLE

As a Cyber Threat Intelligence Analyst, you’ll be partnering with multiple functions in our global Cyber Threat and Incident Response team. You will ensure that our digital estate is protected from threats both known and unknown. You will work alongside a diverse team around the globe and be a vital contributor to identifying, triaging, and managing threats and risks in the cyber environment.

DEPUTY CISO | DATACOM

FULL TIME NEW ZEALAND

AS THE DCISO, YOU'LL BE RESPONSIBLE FOR:

• Operational Cybersecurity Management:

• Lead the implementation and operationalization of Datacom's cybersecurity compliance programs, ensuring alignment with Australian & New Zealand legislation, Essential 8 maturity, ISO 27001, SOC 2, and other relevant frameworks.

• Manage and monitor security operations, including threat detection, incident response, and vulnerability management, ensuring minimal risk exposure to Datacom and its clients.

You will work as a regional subject matter expert for all things cyber threat intelligence and serve as an all-source Cyber Threat Intelligence Analyst, feeding, developing, and building on the threat intelligence platform and in-house cyber threat intelligence solutions. In additional, you will provide analytic support pertaining to a wide range of cyber threat actors, malware, and topics affecting Macquarie, financial institutions, its customers, and partners.

APPLY HERE

• Oversee daily security operations, including secure architecture, project governance, and security posture monitoring for both public and private cloud environments.

APPLY HERE

SECURITY OPERATIONS & RESILIENCE SPECIALIST | MCKINSEY

& COMPANY

FULL TIME MEXICO

RESPONSIBILITIES IN EACH OF THESE PROGRAMS WILL INCLUDE

• Analyst

• Responsible for tracking high risk area travel and maintaining connectivity with study teams.

• Creating & maintaining Travel Safety Protocols (risk mitigation plans) and supporting studies/ travelers with logistics options (hotel, transport, medical, security)

• Monitoring and supporting incident threats and independently providing threat assessments on complex issues and incidents

• Triaging incoming questions for colleagues and sometime incidents

• Maintaining and ensuring data quality in ticketing systems

• Physical security

• Responsible for protection of company assets, personnel and information

• Implement physical security measures, processes and solutions to protect Firm’s assets, including property, people, and information

• Monitor potential disruptive events, weather conditions and incidents

• Liaise with local law enforcement and regulatory authorities, as required

APPLY HERE

INFORMATION SECURITY COMPLIANCE ANALYST | PARTNERHERO

FULL TIME PHILIPPINES

THE ROLE

We are seeking an Information Security Compliance Analyst to join our team. In this role, you'll be responsible for managing security questionnaires, addressing security-related inquiries, and supporting compliance initiatives to ensure that PartnerHero maintains the highest standards of security and regulatory compliance.

WHAT YOU’LL DO:

• Security Questionnaires: Complete and manage security questionnaires for prospective and existing customers.

• Sales Team Support: Serve as a resource for the sales team by addressing security-related questions and concerns.

• Collaboration: Work with the Compliance Manager to update compliance policies and documentation.

• Record Maintenance: Maintain accurate records of compliance activities, ensuring that documentation is up to date.

• Regulatory Updates: Stay informed about changes in regulatory requirements and industry standards.

• Continuous Improvement: Assist in the development and implementation of processes to enhance compliance and security operations.

APPLY HERE

SECURITY SALES SPECIALIST, PUBLIC SECTOR, GOOGLE CLOUD | GOOGLE

FULL TIME ITALY

RESPONSIBILITIES

• Build relationships with customers as a subject matter expert and trusted advisor, manage business cycles, identify solution use cases, and influence longterm strategic direction of accounts.

• Deliver against quota and achieve or exceed strategic business and growth goals while forecasting and reporting territory business.

• Work with Google accounts and cross-functional teams (e.g., Customer Engineering, Marketing, Customer Success, Product, Engineering, Channels) to develop go-to-market strategies, drive pipeline

and business growth, close agreements, understand the customer, and provide positive prospect and customer experience.

• Construct and execute a territory development plan.

• Work with multiple customers and opportunities, understanding each customer’s technology footprint and strategy, growth plans, business drivers, competitors, and how they can transform their business using technologies.

APPLY HERE

CYBER SECURITY CONTENT CREATOR | CCG CYBER WORLD

REMOTE CANADA

KEY RESPONSIBILITIES

• Create, edit, and publish short-form video content (reels/shorts) for multiple platforms

• Develop entertaining ways to explain cybersecurity concepts, threats, and best practices

• Create both educational and entertaining content to engage a wide audience.

• Deliver one high-quality video every two weeks

• Maintain a consistent brand voice and style.

• Collaborate with our cybersecurity team to ensure technical accuracy

APPLY HERE

JOB BOARD

SENIOR TECHNICAL SPECIALIST, AWS TRUST AND SAFETY | AMAZON WEB SERVICES (AWS)

FULL TIME SOUTH AFRICA

KEY JOB RESPONSIBILITIES

• You will work with internal and external stakeholders to investigate and resolve abuse incidents across multiple services for AWS.

• Investigate escalated content abuse issues (which includes CSAM), and deep dive to identify the root cause of the problem.

• You will occasionally work under high pressure in arising situations to identify a problem, develop a solution, and provide expertise on behalf of T&S for internal and external stakeholders.

• Help to influence leadership decisions regarding company policy, emerging trends and detection and response policies across customer segments for abuse issues.

• Use best judgement and incorporate available data to look around corners and identify areas for opportunity w/r/t potential abuse issues.

• Drive high-impact and highly cross-functional initiatives while simultaneously tracking a set of smaller projects.

• Drive project facilitation and goal setting for T&S improvement programs.

• Evolve the team and mentor T&S to effectively mitigate large scale abuse events.

• Lead incident/problem reviews and ad hoc analyses to identify gaps and influence system and process improvements.

APPLY HERE

CYBER SECURITY ASSURANCE SPECIALIST | BAE SYSTEMS

FULL TIME UNITED KINGDOM

WHAT YOU’LL BE DOING

• To support the delivery of an intelligence led and risk-based through life assurance programme across Sectors, UK Business Groups and Service Providers to underpin HMG Secure by Design requirements

• Responsible for ensuring the security and resilience of applications, systems and services throughout their lifecycle

• Participate in the delivery of wider automation within the through life assurance team

• To assist with the evolution of the through life assurance team as we adopt a BAU process with ensuring all enterprise networks, systems, applications and services are meeting Secure by Design requirements throughout their life cycle

• Aid the delivery of risk assessment activities for applications, systems and services being used across Shared Services & Head Office

APPLY HERE

CYBER AWARENESS SPECIALIST | TRIOPTUS

REMOTE INDIA

KEY RESPONSIBILITIES

• Training Development & Delivery

• Design, implement, and maintain targeted cybersecurity awareness training programs.

• Create engaging content (e-learning, videos, infographics, interactive sessions).

• Conduct virtual/in-person workshops and presentations on cybersecurity best practices.

• Continuously assess training effectiveness through KPIs and feedback mechanisms.

• Awareness Campaigns

• Plan and run awareness campaigns, aligned with global cybersecurity events (e.g., Cybersecurity Awareness Month).

• Develop internal communications such as newsletters, posters, and alerts.

• Partner with Marketing and HR for consistent enterprise-wide messaging.

APPLY HERE

CYBERSECURITY CONSULTANT - MANAGERIAL | EY

FULL TIME INDONESIA

YOUR KEY RESPONSIBILITIES:

You’ll spend most of your time working with a wide variety of clients and your colleagues to deliver the latest trends, practices, technologies, and architecture to design, build and maintain scalable and robust solutions that unify, enrich, collaborate and deliver value.

SKILLS AND ATTRIBUTES FOR SUCCESS:

• Outstanding team player

• High level of motivation

• Strong work ethic

• Self-starting attitude

• Independent and able to manage and prioritize workload

• Ability to quickly and positively adapt to change

• Excellent written and verbal communication, presentation, client service, and technical writing skills, coupled with excellent executive presence.

• Significant experience in managing and delivering medium to large teams on complex programs and projects.

• Assessing, designing, architecting, and developing solutions leveraging the latest technologies and trends to exceed the business requirements

• Unifying, enriching, and delivering value to derive insights and opportunities

APPLY HERE

IT SECURITY ANALYST, VULNERABILITY MANAGEMENT SPECIALISTREMOTE | TALENTIFY.IO

FULL TIME UNITED STATES

WHAT TO EXPECT (JOB RESPONSIBILITIES)

• Conduct regular vulnerability scans using tools such as Nessus, Qualys, or Rapid7 to identify security weaknesses

• Collaborate with IT and development teams to implement mitigation strategies and track remediation progress

• Assist in developing and enforcing vulnerability management policies in alignment with industry standards

• Generate detailed vulnerability assessment reports for stakeholders, highlighting risks and remediation progress

• Stay up to date on the latest security vulnerabilities, exploits, and mitigation techniques

APPLY HERE

CYBER SECURITY L2 - VULNERABILITY MANAGEMENT | INTERTEC SYSTEMS

FULL TIME UNITED ARAB EMIRATES

RESPONSIBILITIES (INCLUDES ALL TASKS)

• Manage Day to Day Security Operations of Security Solutions.

• Experienced in Vulnerability Management, Malware Protection, Data Security, Web Application Security and Network Security.

• Strive to achieve KPIs.

• Coordinate to Achieve SLA requirements.

• Security Incident Management.

• vendor coordination to solve technical issues on time.

• Conduct Technology Risk Assessment.

• Knowledgeable of Operating Systems Security (Windows and Linux).

• Conduct Security Awareness Trainings

APPLY HERE

SECURITY EVENTS

CYBERUK 2025

May 6-8, 2025 | In Person | Manchester, United Kingdom

CYBERUK 2025, the UK government’s flagship cybersecurity event, will take place from May 6-8, 2025, in Manchester, United Kingdom. Hosted by the National Cyber Security Centre (NCSC), the conference will bring together over 2,000 cybersecurity professionals, industry leaders, and government officials for collaboration, knowledge exchange, and networking.

46TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY

May 12-15, 2025 | In Person | San Francisco

The 46th IEEE Symposium on Security and Privacy remains one of the most prestigious forums for computer security and electronic privacy research. Taking place from May 12-14, 2025, at the Hyatt Regency San Francisco, the symposium will feature cutting-edge research presentations, expert discussions, and industry collaboration opportunities.

IOT SOLUTIONS WORLD CONGRESS

May 13-15, 2025 | In Person | Barcelona

The IoT Solutions World Congress 2025, scheduled for May 13-15 in Barcelona, will be an essential event for anyone involved in IoT, AI, and digital transformation. This congress is the first to focus solely on IoT integrated with cutting-edge technologies such as AI, Network Resilience, Big Data, and cloud computing, positioning it as an excellent opportunity for professionals working in network security, IT administration, and threat detection.

NORDIC IT SECURITY EVENT

May 20, 2025 | In Person | Sweden

This event will not be about passive audience members but active participants who will interact with thought leaders through AMAs, handson workshops, and roundtable discussions to generate collaborative solutions to global security challenges.

MAY & JUNE 2025

AUSCERT CYBER SECURITY CONFERENCE

May 20-23, 2025 | In Person | Gold Coast

The AusCERT Cyber Security Conference is Australia's premier event for cyber security professionals, offering a platform for knowledge sharing, collaboration, and networking. With a history spanning over two decades, the conference features a diverse lineup of speakers, tutorials, and workshops, attracting over 900 participants and more than 80 speakers annually.

CYBERSEC EUROPE 2025

May 21-22, 2025 | In Person | Brussels, Belgium

Cybersec Europe 2025 is a leading cybersecurity event bringing together industry experts, decision-makers, and technology providers to explore IT security, data management, cloud solutions, and artificial intelligence. Taking place on May 21-22, 2025, in Brussels, Belgium, the event features keynote speeches, interactive workshops, and AI-driven matchmaking for networking. VIEW

NICE CONFERENCE & EXPO

June 1-4, 2025 | In Person | Denver, Colorado

The NICE Conference & Expo 2025 brings together experts from education, government, industry, and non-profits to address the challenges of building a resilient cybersecurity workforce. Held from June 1-4, 2025, in Denver, Colorado, the conference focuses on workforce development, cybersecurity education, and talent sustainability.

COMPUTERWORLD CYBER BRIEFING

June 2, 2025 | In Person | Hovedstaden, Denmark

The Computerworld Cyber Briefing is a premier event focused on cybersecurity trends, challenges, and innovations. Designed for IT professionals, cybersecurity experts, and business leaders, this event dives into pressing issues such as data breaches, ransomware, and emerging threats in today’s digital landscape.

SECURITY EVENTS

CERTIFIED DATA MANAGEMENT PROFESSIONAL

June 2, 2025 | In Person | Amsterdam, Netherlands

Become a data management professional and join this 4-day training leading to the worldwide recognised Certified Data Management Professional (CDMP) title of DAMA International VIEW HERE

CYBERSECURITY & CLOUD EXPO NORTH AMERICA

June 4 – 5, 2025, | In Person | Santa Clara, CA

The expo features over 250 industry professionals presenting new approaches and real-world solutions. Attracting 7,000+ attendees from different industries, the event also presents great opportunities to network and collaborate with the best professionals in cybersecurity. VIEW HERE

GARTNER SECURITY & RISK MANAGEMENT SUMMIT

June 9-11, 2025 | In Person | National Harbor, Maryland

The Gartner Security & Risk Management Summit 2025 will take place from June 9-11, 2025, in National Harbor, Maryland, United States, bringing together cybersecurity and risk management leaders to explore AI-driven security, cloud protection, data privacy, and evolving cyber threats.

37TH ANNUAL FIRST CONFERENCE

June 22-27, 2025 | In Person | Copenhagen, Denmark

The FIRST (Forum of Incident Response and Security Teams) conference brings together global incident response teams from the private, public, and academic sectors. This year’s gathering in Copenhagen will focus on fostering collaboration to improve global cybersecurity efforts. FIRST’s sessions are known for their technical depth and strategic insights, making it a vital event for those involved in Computer Security and Incident Response Teams (CSIRTs).

Women in Security Magazine Issue 25

FROM THE PUBLISHER

More than a seat at the table

BREAKING THE SYSTEM, NOT JUST THE CEILING

BUILDING A FUTURE WHERE EVERYONE THRIVES

Abigail Swabey

Abigail Swabey

ThankYou TO OUR SUPPORTING ASSOCIATIONS

AMANDA-JANE TURNER

COLUMN

Cybercrime for sale

WHAT’S HER JOURNEY?

Omonivie Cynthia Jatto

Cybersecurity Specialist

FRENCH AND GOLF

HELPING REVIVE APPLE COMPUTER

FROM SEATLE TO NELSON, NZ

GETTING CYBERSECURITY TRAINING

CHAMPIONING WOMEN IN CYBERSECURITY

Sponsor BECOME A

SIMON CARABETTA

COLUMN

How I fell into cybersecurity

Disha Nagasiddappa Somashekar

Cyber

Cyber Security Consultant

Banner Ads

Full-Page

Audience Snapshot

You to HELP Us Lights On

Opportunities

Partner Magazine Ownership Opportunity

Event Promotion

Sponsored Articles

CRAIG FORD

COLUMN

You have a seat at the table, now what?

INDUSTRY PERSPECTIVES

THE ROLE OF WOMEN IN SHAPING CYBERSECURITY POLICIES AND LEGISLATION

Gender

CHALLENGES FACED BY WOMEN IN CYBERSECURITY POLICY

Gender bias and stereotyping

Workplace culture and inclusion issues

Limited career advancement opportunities

Work-life balance and expectations

STRATEGIES TO INCREASE WOMEN’S IMPACT IN CYBER SECURITY POLICY

FINAL THOUGHTS

LISA ON SOCIAL MEDIA AND YOUTUBE

FINANCIAL LITERACY CAN PREVENT PEOPLE FROM BECOMING VICTIMS OF SCAMS

WHY WOMEN ARE TARGETED FOR FINANCIAL SCAMS

ONLINE DATING AND CRYPTO SCAMS

HOW TO PROTECT AGAINST SCAMS AND ENHANCE FINANCIAL LITERACY

WHAT DO I DO IF I HAVE BEEN SCAMMED?

BUILDING EMPOWERED CYBER: LESSONS FROM A YEAR IN THE FOUNDER’S CHAIR

WOMEN BEING MORE THAN A PRESENCE IN CYBER ROLES

WOMEN IN CYBERSECURITY

IN SUMMARY

KAREN

STEPHENS

COLUMN

Simply sitting down at the table isn’t enough anymore

MORE THAN A SEAT AT THE TABLE: MY INSIGHTS ON REDEFINING CYBERSECURITY LEADERSHIP

WOMEN IN SECURITY: A CONVERSATION WITH THE PARAGON ALLIANCE CO‑FOUNDERS MEG TAPIA AND ANNIE HAGGAR

AMINA AGGARWAL

Leading a collaborative culture as a security architect

THE ROLE OF COLLABORATION

CHALLENGES IN A CROSS-FUNCTIONAL ENVIRONMENT

SETTING THE SCENE FOR SUCCESS

ENGAGING THE TEAM

THE BASICS MATTER

COLUMN

CONCLUSION

Source2Create Spotlight

Content

CAREER PERSPECTIVES

WHY TRUE INCLUSION MEANS WOMEN LEADING THE CHARGE IN CYBERSECURITY

Digital forensics and Threat intelligence at TEknowledge

RETHINKING REPRESENTATION

WOMEN ENTREPRENEURS—CATALYSTS OF INNOVATION

CREATING A THRIVING RATHER THAN A SURVIVING CULTURE