? ARE WE THERE Yet
BURNOUT IN THE SECURITY
INDUSTRY: HOW WE SPOT IT, STOP IT AND BOUNCE BACK P10
NEURODIVERSITY AT WORK: UNLOCKING STRENGTHS, DRIVING INNOVATION
P12 WHY IT’S TIME TO WAKE UP, RETHINK THE CULTURE AND BUILD WHAT’S NEXT
P42
FROM THE PUBLISHER
Are we there yet?
Are we there yet? It’s a question we’ve all asked, on road trips, in meetings and, perhaps most importantly, on the journey toward equality and inclusivity in security. For Issue 26 of Women in Security Magazine we invite you to join us in exploring this question, not as a marker of impatience, but as a catalyst for honest reflection and meaningful progress.
Our theme, “Are we there yet?” to me screams out “One conversation at a time,” a reaction rooted in my deep belief that real change happens through dialogue. In the security industry every conversation matters. Each story shared, each perspective heard and each challenge to the status quo brings us closer to a world where everyone, regardless of gender, background or neurodiversity, can thrive.
Why do I believe one conversation at a time will change the world, especially in security? Because meaningful dialogue is the foundation of transformation, trust and progress in a field that depends on collaboration and adaptability. Security is about more than technology or protocols: it’s about people. When we talk openly, we break down barriers, build understanding and create space for innovation and growth.
One conversation at a time is also how we challenge outdated perceptions and awaken minds. It’s how we create a culture where gender equality and inclusivity are not just ideals but everyday realities. When we share our journeys of success, failure and resilience we inspire others to speak up, to listen and to act. This ripple effect, set in motion by a single honest exchange, has the power to reshape teams, organisations and the industry as a whole.
Transformation, in security as in life, rarely happens overnight. But with every conversation we move a step closer to a safer, more equitable and more innovative future. That’s why I am convinced: one conversation at a time, we really can change the world.
INSIDE THESE PAGES
In this issue you’ll find voices and stories that illuminate the power of conversation.
• Neurodiversity at work: discover the unique strengths neurodiverse professionals bring to our field, and how inclusive conversations can unlock their full potential.
• Recovering from burnout: through candid storytelling we explore the realities of burnout and the pathways to resilience, reminding us that vulnerability is a strength.
• Challenging perceptions, awakening minds: our contributors dissect stereotypes and outdated norms, urging us to keep questioning, keep learning and keep growing.
• Journeys of success, failure and resilience: we celebrate women who have navigated winding roads marked by both triumphs and setbacks-and whose stories inspire perseverance.
• Gender equality: the pursuit of equality is an ongoing journey. We examine how each conversation, no matter how small, chips away at the barriers that remain.
Every conversation that questions the status quo or highlights a different journey, whether about recovering from burnout, thriving as a neurodivergent professional or redefining leadership, helps to shift mindsets. These dialogues are the seeds of change, encouraging teams and organisations to design
Abigail Swabey
more inclusive policies, support one another and create environments where everyone feels valued and empowered.
By awakening minds we challenge outdated perceptions and inspire a culture of continuous learning and respect. This is how the security industry will evolve: one honest, courageous conversation at a time.
As you read I encourage you to reflect on your own journey. Where have your conversations taken you? Who has inspired you to think differently, to act bravely or to keep going when the road felt long?
We may not be ‘there’ yet, but with every honest conversation we move closer. Let’s keep talking, keep listening and keep changing the world, one conversation at a time.
Abigail Swabey
PUBLISHER, and CEO of Source2Create
www.linkedin.com/in/abigail-swabey-95145312
aby@source2create.com.au
ThankYou TO OUR SUPPORTING ASSOCIATIONS
MADHURI NANDI
Madhuri Nandi, Head of security at Nuvei, AWSN Board Chair, author of Cyber Smart Madhuri is a cybersecurity leader with nearly 20 years of experience across strategy, governance and engineering. She holds a master’s degree in cybersecurity and serves as head of security at Nuvei and as chair of the AWSN board. Madhuri is the author of the book, Cyber Smart, and creator of a cybersecurity awareness framework. She is known for her strong voice in inclusive leadership, mentorship and community building.
Are we there yet? Reflections from the edge of inclusion COLUMN
INTRODUCTION
“Are we there yet?” is a question we’ve all asked on long journeys, restless and eager to our destination. It’s also the question echoing in my mind as I look around the cybersecurity landscape and ask: have we truly arrived at a place of inclusion, understanding and belonging? The honest answer: not quite, but we are moving.
CHALLENGING THE ILLUSION OF PROGRESS
It’s easy to pat ourselves on the back because “the numbers look better.” But ask yourself some harder questions. How much diversity do you have across all cybersecurity domains? Has your GRC team become diverse while the makeup of your SOC, engineering or offensive security teams has remained unchanged? Are women represented only as ICs and middle managers, or do they genuinely hold executive leadership roles?
And when you count women in marketing and people officer roles in your women leadership quotas, what message are you sending? Filling seats is not sufficient. Grooming diverse talent across all levels, particularly IC and middle management layers, is critical. You can’t expect a thriving executive pipeline tomorrow if you don’t nurture potential candidates today.
NEURODIVERSITY IS NOT A TREND, IT’S A REALITY
Neurodiverse employees aren’t novelties for company brochures. They are real contributors with real impact. I’ve seen neurodiverse professionals spot patterns
others missed, handle chaos with calm precision and bring fresh thinking into rigid systems.
But here’s the thing; real inclusion isn’t performative policies or LinkedIn posts about “bringing your whole self to work.” It’s changing how we assess talent. It’s recognising that evaluating someone purely on verbal communication, how polished their emails are and how ‘articulate’ they sound in meetings may completely miss the depth of skill and innovation they bring.
We talk about diversity but forget that many minorities, neurodiverse individuals and unconventional thinkers are often dismissed because their English isn’t perfect, or their communication isn’t sufficiently ‘executive’. As an industry we must mature beyond equating skill with language polish.
FROM MINORITY TO MULTIPLIER
I’ve been the ‘only’ in a room too often: the only woman, the only non-linear thinker, the only challenger of norms. But you know what? Being the ‘only’ teaches you to see things others don’t: to notice when someone is being silenced, sidelined or underestimated.
And let’s be clear: gaining a seat at the table isn’t reaching the finish line. If you have a seat but you’re not heard, or worse, you’re only tolerated, you haven’t won. Build your tables. Pull up chairs for others who don’t fit the mould. Create spaces where real conversations happen, not just curated optics.
Having women in GRC and feeling you’ve achieved the ‘diversity numbers’ isn’t enough. How many women are in SOC leadership, offensive security, engineering? How many are groomed to be future executives, not just middle managers ticking a box?
WOMEN IN CYBERSECURITY: KEY STATISTICS (2024–2025) (FROM AI CHATS TO CONSIDER USING TO GIVE SOME DATA INSIGHTS)
• Workforce representation. Women constitute approximately 22 to 25 percent of the global cybersecurity workforce. ISC2
• Leadership roles. In 2018 the percentage of women in cybersecurity attaining leadership positions was greater than for men: chief technology officer (seven percent vs two percent), vice president of IT (nine percent vs five percent), IT director (18 percent vs 14 percent), C-level/ executive roles (28 percent vs 19 percent).
Cybersecurity For Me
• Team composition. On average women make up about 23 percent of cybersecurity teams globally. Notably, 11 percent of organisations report having no women on their security teams. ISC2
• Future projections. It’s estimated women represent 30 percent of the global cybersecurity workforce in 2025, with expectations of reaching 35 percent by 2031. asisonline.org+2Cybercrime Magazine+2N2K CyberWire+2
• Age demographics. Among cybersecurity professionals under 30, 26 percent identify as women, indicating a positive trend in younger demographics. asisonline.org
• Job satisfaction. The percentage of women in cybersecurity reporting job satisfaction has declined from 82 percent in 2022 to 67 percent in 2024, attributed to factors like layoffs, economic pressures and return-to-office mandates.
63SATS Cybertech
WHAT CAN WE INFER FROM THE ABOVE STATISTICS?
1. We’ve made progress, but we’re far from equality While women’s representation in cybersecurity has increased to ~22–25 percent, this still means three out of four cybersecurity professionals are men. Representation alone isn’t
parity, and the number hasn’t changed drastically in recent years despite all the diversity initiatives.
2. Representation is not even across roles
Women are still disproportionately represented in GRC, awareness and training roles with underrepresentation in SOC, engineering and offensive security. At the executive level, women tend to hold HR or marketing roles rather than technical decision-making positions.
3. Younger generations are driving change
With 26 percent of cybersecurity professionals under 30 identifying as women there’s clear traction in the early-career pipeline. The challenges are getting them to stay in cybersecurity and grooming them to grow into middle management and leadership.
4. Declining job satisfaction should alarm leaders
Job satisfaction among women in cybersecurity has dropped significantly, from 82 percent to 67 percent, hinting at cultural, systemic and possibly leadership problems. Burnout, lack of inclusion and slow progression are also likely contributors.
5. Pay equity is yet to be achieved
Despite qualifications and performance, women earn ~five percent less than their male peers in cybersecurity. This isn’t just a diversity issue—it’s an equity and value issue.
CONCLUSION: AWAKENING MINDS, SHAPING TOMORROW
We may not be ‘there’ yet. And that’s okay, so long as we don’t settle for the status quo.
Build real skills, resilience, critical thinking, storytelling and emotional intelligence. Learn to read the room. Learn when to speak, when to move and when to walk away.
Let’s raise the bar. Inclusion isn’t just about inviting people to the table; it’s about redesigning the table.
We’re not just asking “Are we there yet?” we’re building the future, unapologetically and boldly, for ourselves and for those who come after us.
www.linkedin.com/in/madhurinandi
BURNOUT IN THE SECURITY INDUSTRY: HOW WE SPOT IT, STOP IT AND BOUNCE BACK
Let’s be honest, burnout is rife in the security sector. Whether you’re on the front line as a security guard, deep in the weeds as a cybersecurity analyst or carrying the weight of the world as a CISO, the relentless pace and pressure are taking their toll.
As threats multiply and expectations soar it’s no wonder so many of us are feeling stretched to breaking point. Fatigue, slipping performance and even people leaving the field altogether; they are all too common. So, how do we get a handle on what’s causing burnout, spot it early and recover? Let’s break it down.
THE REALITY AND ROOTS OF BURNOUT
Burnout isn’t just a buzzword, it’s everywhere. Recent figures show a staggering 86 percent of Aussie IT and cybersecurity professionals have felt burnt out, and nearly half say it’s stopping them from doing their jobs properly. It’s a global problem too, with stress, exhaustion and mental health struggles reported at every level.
What’s driving this? A few usual suspects:
• Unmanageable workloads and endless shifts – usually made worse by staff shortages and dodgy rosters.
• Constant pings and ‘alert overload’. All those notifications wear you down, sap your focus and make decision-making a slog.
• Insufficient support or resources. Many of us feel we’re expected to work miracles with too little backup.
• No work-life balance. Irregular hours and the expectation to be ‘always on’ are a recipe for disaster.
• Boredom and no clear path forward: if there’s no progression, it’s easy to get cynical or just check out.
The fallout? Slower reactions, poor decisions, risky shortcuts and a higher chance of security incidents slipping through the cracks.
SPOTTING BURNOUT: WHAT TO WATCH FOR
If you or your mates are burning out you might notice:
• Slower reflexes and trouble concentrating.
• Forgetfulness, dodgy logic and a lack of get-upand-go.
• Feeling detached, cynical or on edge.
• Physical stuff: tired all the time, not sleeping or getting sick more often.
• Pulling away from the team or thinking about packing it in for good.
WHAT CAN WE DO ABOUT IT? FOR ORGANISATIONS
• Champion work-life balance: flexible shifts, proper breaks and a hard line on after-hours emails make a world of difference.
• Keep communication open: people need to feel safe raising concerns without fear of judgement.
• Invest in people and tech: more staff, better training and access to mental health resources. Automate the boring stuff so people can focus on what matters.
• Celebrate wins: recognition goes a long way towards making people feel valued.
• Build team spirit: supportive teams share the load and keep each other going.
FOR INDIVIDUALS
• Look after yourself: prioritise sleep, eat well, move your body and take breaks.
• Try mindfulness or stress-busting techniques: meditation, breathing exercises or just a walk outside can help reset your mind.
• Set boundaries: learn to switch off after hours and let your boss know your limits.
• Reach out: don’t go it alone. Talk to colleagues, mentors or a professional if necessary.
• Keep learning: new skills and certifications can reignite your passion and open doors.
BOUNCING BACK FROM BURNOUT
Recovery is absolutely possible, but it takes a conscious effort.
• Act fast: spot the signs early and take steps, maybe some time off, a lighter workload or professional support.
• Mix it up: a change in role or new challenges can break the monotony and bring back your spark.
• Reflect and debrief: after a tough incident, talk it out, learn from it and make sure you get some downtime.
• Take it slow: lower your expectations temporarily and focus on rebuilding your resilience.
FINAL THOUGHTS
Burnout isn’t a personal failing, it’s a natural reaction to the extreme demands of our industry. By recognising the signs, taking steps to prevent it and supporting each other through recovery we can build a healthier, more resilient workforce. And in the end, that’s not just good for you, it’s vital for the security of our organisations and the communities we protect.
NEURODIVERSITY AT WORK: UNLOCKING STRENGTHS, DRIVING INNOVATION
by Abigail Swabey
Neurodiversity is no longer a niche conversation topic, it’s one that is vital for shaping the future of work and security.
As awareness grows, so does recognition of the immense value neurodivergent professionals bring to every workplace, especially in fields like security and cyber that demand innovation, precision and adaptability.
WHAT IS NEURODIVERSITY?
Neurodiversity refers to the natural variation in human brains and minds. It encompasses autism, ADHD, dyslexia, dyspraxia and other mental conditions. About one in seven people worldwide are neurodivergent, representing a vast pool of talent with distinct cognitive strengths and perspectives.
THE COMPETITIVE EDGE OF NEURODIVERSE TALENT
Neurodivergent individuals often excel in areas critical to security.
• Hyperfocus and attention to detail: many can immerse themselves deeply in tasks, identifying
subtle anomalies in vast data sets; an invaluable skill for threat detection and response.
• Pattern recognition and analytical thinking: many neurodivergent individuals display an exceptional ability to spot trends and irregularities, vital for security analysis and incident response.
• Creative and out-of-the-box problem solving: dyslexic and ADHD professionals often approach challenges from unique angles, driving innovation and new strategies.
• Elevated productivity: studies show neurodivergent employees can be 30 to 140 percent more productive and make fewer errors than their neurotypical peers.
• Resilience and perseverance: many neurodivergent individuals display intense drive and commitment, thriving in roles requiring persistence and adaptability.
REAL-WORLD IMPACT AND SUCCESS STORIES
Despite facing barriers and stigma, neurodivergent professionals are increasingly being recognised
as drivers of success and innovation. Companies like Microsoft and JPMorgan Chase have seen measurable gains in productivity and quality after implementing neuro-inclusive hiring and support programs. High-profile individuals such as Temple Grandin and Richard Branson exemplify how neurodivergent thinking can lead to groundbreaking achievements and leadership.
BARRIERS AND THE PATH FORWARD
However, only about seven percent of organisations have a robust neurodiversity plan, and neurodistinct individuals still face higher unemployment rates and workplace misunderstandings.
Common challenges include:
• Navigating environments designed for neurotypical minds.
• Communication differences and sensory sensitivities.
• Emotional exhaustion from masking or adapting to conventional expectations.
BUILDING A NEURO-INCLUSIVE WORKPLACE
To unlock the full potential of neurodiverse talent, organisations must move beyond awareness to action.
• Flexible work arrangements: offer quiet zones, adjustable schedules and remote work options to accommodate different sensory and focus needs.
• Tailored communication: ask employees about their preferred communication and learning styles and adapt accordingly.
• Clear structure and expectations: provide well-defined routines, advance notice of changes and explicit instructions to reduce ambiguity.
• Executive function and mental health support: offer resources for task management, mental health and social connection to address unique challenges.
• Foster openness and trust: encourage sharing of
work preferences and create a culture where diverse thinking is valued and stigma is actively challenged.
• Leadership commitment: ensure senior leaders champion neuro-inclusion, embedding it into policies, recruitment and team culture.
THE BUSINESS CASE FOR NEURO-INCLUSION
Embracing neurodiversity is not just the right thing to do, it’s a strategic advantage. Neurodiverse teams are more innovative, adaptable and effective at problemsolving. By cultivating environments where every mind can thrive, organisations unlock new levels of creativity, collaboration and success.
CONCLUSION
The future of security, and that of the broader world of work, depend on our willingness to challenge assumptions, embrace difference and design workplaces where every brain is valued. Neurodiversity is not a challenge to be managed, but an asset to be celebrated. The next breakthrough in security could come from a mind that sees the world differently. Let’s ensure our workplaces are ready to welcome it; one conversation, one accommodation and one opportunity at a time.
AMANDA-JANE TURNER
Cybercrime is big business, thanks to technical advancement and interconnectivity creating more opportunities. This regular column will explore various aspects of cybercrime in an easy-to-understand manner to help everyone become more cyber safe.
Cybercrime: how is our data stolen?
It seems we are confronted every day with news of a data breach, a data leak, a data extortion, a data theft. With all the data about our lives seemingly online, it is a scary world. How do we keep our data safe? How is it being exposed or stolen? What can I do to keep my data safe?
Data can be exposed from misconfigurations, if the administrators of a database make an error. A data compromise with devasting impact on people and companies could be caused by something as simple as a database administrator: failing to change default credentials, leaving the database public instead of locking it down; making the database vulnerable to exploits by not updating software; leaving enabled unused features which can be exploited by criminals.
Data can be stolen by: network access gained through vulnerable devices; using unpatched applications to gain entry into a network; gaining control of user accounts with elevated access; using malware to initiate access.
Ransomware campaigns can exploit software vulnerabilities to gain access to networks and steal information that the threat actors—whether they be self-motivated or nation-state sponsored—then use to demand ransom payments.
Social engineering can also be used to trick people into giving up their personal data. Cyber crime groups sell phishing-as-a-service on underground marketplaces at bargain prices and exploit GenAI to create believable emails. This means cybercriminals do not need to be tech geniuses to create realistic and successful credentials and other phishing tools. Also, stolen credentials can be used to gain access to target systems.
Then there are malware variants such as infostealers that do as their name suggests: they steal information. Infostealer malware can be delivered in a variety of ways such as emails with links to malicious websites, emails that carry attachments with embedded malware, malicious websites or malicious
COLUMN
adverts on websites, or via malware embedded in what appear to be legitimate software downloads.
What can we do to help us stay safe from all these attempts to steal our data? The tried and true basics are still relevant:
• keep software and operating systems up to date.
• use multifactor authentication where possible.
• use complex non-iterated and not repeated passwords or passphrases.
• consider biometrics and options such as pass keys.
• stay vigilant about unexpected emails or texts requesting information or requiring you to click a link.
• clear your cookies and browser data regularly to minimise the risk of session hijacking.
• use an up to date and reliable antivirus solution where appropriate.
What if your data is stolen from the businesses you have shared it with? If you are in Australia, consider contacting IDCARE for advice, and read the information it has available on its website: https:// www.idcare.org/
Remember that anyone can become a victim of cybercrime and, with the ubiquitous nature of the internet and the plethora of online accounts, there is a wealth of data out there ripe for the picking. Do what you can to keep your data safe and know where to go for help if your data has been stolen.
Stay safe everyone.
www.linkedin.com/in/amandajane1
www.empressbat.com
WHAT’S HER JOURNEY?
Purity Njeri Gachuhi
Cybersecurity Analyst / Cybersecurity Instructor
Purity Njeri Gachuhi didn’t begin her journey with a clear roadmap—but she made a quiet promise to herself early on: she would one day specialise in either Networking, AI, or Security. “As I pursued my Bachelor’s degree in campus I was not sure where my path would lead,” she recalls, “but I made myself a quiet promise to specialise either in Networking, AI or Security.” Her early professional experience led her into networking and technical support roles, which helped her understand how interconnected systems power our everyday lives. But something was missing. “I quickly realised I wanted a career which I was more passionate about,” she says. “That led me to start exploring Cybersecurity.”
Her first foray into cybersecurity was through Vulnerability Assessment and Penetration Testing (VAPT), where she began to understand the offensive
side of security. But over time, her focus shifted. “I have since pivoted into training Cybersecurity which allowed me have a deeper and more wide understanding of various Cybersecurity concepts including Threat Intelligence, Incident Response, GRC, SOC,” she explains. Today, as a Cybersecurity Analyst and Instructor in Nairobi, Kenya, she finds herself right at the heart of the field she grew to love.
Transforming her initial interest into a professional path required deliberate action and persistent learning. Mentorship played a critical role. “Right from the start, I was fortunate to be part of Cybergirls, an initiative by Cybersafe Foundation,” Purity shares. “Through the program I gained both the technical and soft skills that have been instrumental in shaping my career.” The support system she found there has continued to shape her journey, providing not just knowledge, but also confidence and community.
“I learned how to navigate cybersecurity tools, communicate effectively and speak up about my abilities – skills that directly contributed to me landing roles in the field,” she says. In addition to Cybergirls, communities such as SheHacksKE and AfricaHackon have been central to her growth. “These communities give me the opportunity to learn from industry peers, explore practical use cases and stay connected to what’s happening on the ground.”
In her current role in a Security Operations Centre, Purity is part of the frontline of defense. “Whether I am investigating suspicious activity, responding and mitigating incidents or participating in the improvement of detection rules – it’s powerful being on the frontline of defense,” she explains. “Every alert I triage and analyse is a reminder that I am keeping the bad guys at bay!”
But this work doesn’t come without challenges. The pace of change in cybersecurity demands constant vigilance. “Cybersecurity is always evolving and as such I make continuous learning a priority,” she says. She keeps up to date with articles from The Hacker News, curated updates from within her organisation, and trusted voices on LinkedIn. Community-based webinars and masterclasses also help her stay sharp.
When asked what advice she would offer to her high school self, Purity answers with calm confidence: “Trust your curiosity and don’t wait for perfect timing—start learning now. It’s okay to not know everything; just be consistent, stay inquisitive, and find communities that support your growth.”
She encourages students entering the field to build solid foundations in networking, operating systems (both Linux and Windows), programming—particularly Python—and core cybersecurity concepts. “Hands-on experience, which is crucial, would be gained from platforms like TryHackMe, HackTheBox and Capture the Flag (CTF) challenges,” she adds.
Her typical workday is fast-paced and engaging. “It starts with a quick team sync to review any key updates or ongoing cases,” she shares. From there,
she dives into client environments, investigates alerts, and analyses unusual activity. “Depending on the nature of the incidents, I may also document findings, escalate where necessary, and contribute to reports or summaries.” The constant problem-solving and unpredictability keep the role exciting.
Looking ahead, she’s focused on certifications to deepen her expertise. “I completed the Certified in Cybersecurity (CC) certification by (ISC)²,” she says. “Cybersafe Foundation also supported me with a voucher for the eJPT exam, which helped me gain hands-on skills early in my career.” In the future, she plans to re-engage with (ISC)² and explore others like ISACA for more structured professional development.
Beyond remuneration, she sees mentorship, team culture, learning opportunities, and alignment with her long-term goals as key factors when considering new roles. And when it comes to emerging threats, she’s closely watching developments in AI-driven attacks, the evolving sophistication of phishing campaigns, and the continued vulnerabilities in supply chain security.
Despite the demanding nature of her work, Purity is intentional about maintaining balance. “I am all about creating those pockets of rest and joy – whether it’s swimming, getting lost in a book or just spending time with family and friends,” she says. “I have learnt the importance of logging off when the work day/week ends and setting boundaries that keep me balanced.”
Her journey so far has been shaped not by rigid planning, but by curiosity, community, and resilience. “I’m still navigating through with my vision becoming clearer,” she says. In a world where the threat landscape is constantly shifting, Purity stands not just as a defender of digital spaces—but also as a reminder that passion, when nurtured with purpose, can create a meaningful and ever-evolving career.
www.instagram.com/gachuhinjeri
x.com/helagacheri
AJ Cabrera
Sales Operations Consultant at Envirosuite; Formerly Senior Sales Operations Analyst at Sekuro
Aj never expected her journey to lead into the world of cybersecurity. With a background in clinical psychology, she found herself navigating a path that would eventually intersect with one of the world’s most complex and fast-paced industries.
“My interest in cybersecurity was sparked during my time at Sekuro, a top cybersecurity firm,” she recalls.
“I was immersed in the fast-paced world of sales operations and fascinated by how every deal and partnership was underpinned by a strong focus on protecting data and ensuring compliance.”
That initial fascination deepened over time. What began as curiosity soon became an understanding of cybersecurity as a business-critical function. “It’s not just a technical field,” Aj says. “Cybersecurity is a business enabler. It shapes how organisations operate and grow.”
Her career evolution wasn’t straightforward. Aj made a deliberate effort to reskill, transitioning from psychology to cybersecurity operations. “I had to learn the language of cybersecurity,” she explains. “I started working closely with cybersecurity sales teams and gradually took on more responsibility—managing sensitive sales data, contracts, and compliance processes.” Tools like Salesforce and Zoho CRM became staples in her professional toolkit, alongside a growing confidence in her ability to contribute meaningfully in a highly technical space.
Bridging the gap between business and technical teams has become one of her specialties. “One of the most challenging aspects has been translating technical jargon into actionable insights for sales and finance,” she says. “I’ve overcome this by focusing on clear communication, continuous learning, and building strong relationships across departments.”
Despite her success, Aj admits there were moments of uncertainty. “Coming from a non-technical background, I sometimes questioned whether I truly belonged,” she shares. “But I leaned into my strengths—organisation, communication, and process improvement—and reminded myself that diverse perspectives are valuable, especially in such a dynamic field.”
Her path, she says, has unfolded organically. “I didn’t set out with a specific cybersecurity role in mind. I followed opportunities where I could add value—in sales operations, process optimisation, and cross-functional collaboration. Each step revealed new interests.”
If she could speak to her younger self, Aj would offer reassurance. “Don’t be intimidated by the technical side of cybersecurity. There’s a place for people who are organised, good with people, and passionate about problem-solving. Don’t be afraid to start in a supporting role—you’ll learn a lot and find your niche.”
When it comes to academic preparation, she believes business, communication, and psychology courses are just as vital as technical ones. “Understanding human behaviour, negotiation, and organisational dynamics is crucial for roles that bridge technical and business functions.”
Looking forward, Aj anticipates rapid developments in AI and automation within the cybersecurity landscape. “These technologies will streamline threat detection and response,” she says. “But at the same time, I think supply chain attacks and social engineering will become more sophisticated, especially as organisations become more interconnected.”
Beyond salary, she says company culture, growth opportunities, and collaboration are the key factors she considers before accepting a new role. “It’s important to work in an environment where your contributions are valued and where you can continue to develop.”
Mentors and supportive colleagues have been instrumental in her journey. “They encouraged me to step outside my comfort zone. Their support gave me the confidence to see the bigger picture of how cybersecurity fits into business strategy.”
In terms of future development, Annette is considering certifications like CompTIA Security+ and CISSP, alongside continued upskilling in CRM platforms. “These credentials would strengthen both my technical understanding and operational expertise.”
Today, working at Envirosuite in environmental science, Annette finds immense satisfaction in solving complex problems. “Whether it’s streamlining
a process, improving data accuracy, or helping colleagues with a tricky sales challenge, I love knowing I’ve made a tangible impact.”
Work-life balance is another area she has learned to prioritise. “I set clear boundaries—when my workday ends, I step away from the laptop and recharge. I go for a swim, catch up with friends, or just enjoy a matcha break. At Sekuro, having supportive managers helped prevent burnout, and now at Envirosuite, the mission-driven culture encourages self-care.”
Staying current is a daily commitment. “I read industry news, follow thought leaders, attend webinars, and document new insights in platforms like Confluence. Learning is part of my routine.”
A typical day in her role is anything but static. “My mornings start with sales reports and CRM updates. I liaise with sales and finance to resolve contract or billing issues. Data analysis, troubleshooting, and process optimisation fill my day. I’m the go-to person for solving operational challenges.”
Technology plays a central role. “Salesforce and Zoho CRM are crucial, and I rely on advanced reporting tools. At Sekuro, we used platforms like Coupa and Ariba to streamline operations and ensure compliance.”
While she isn’t formally part of any industry organisation yet, it’s a goal for the year. “Those communities offer invaluable mentorship and support, especially during career transitions.”
For those transitioning into cybersecurity from other fields, Aj offers heartfelt encouragement. “Don’t underestimate your existing skills. My psychology background helped me communicate, solve problems, and stay organised—skills that are just as important as technical knowledge. Stay curious, keep learning, and find mentors. The field is always evolving, and your adaptability will take you far.”
www.linkedin.com/in/annette-jessica-cabrera-178658142
Ameera Mwale
Quality Assurance Engineer, Malawi Telecommunications Limited
Ameera’s journey into cybersecurity didn’t begin with code or computers. It began with concern—for people being manipulated out of their mobile money savings in Malawi. “My interest in cybersecurity was first sparked by a desire to understand how people were being manipulated into giving away their mobile money savings through social engineering,” she says. “I wanted to protect the vulnerable from digital scams—but as I dug deeper, I discovered a world far broader than I had imagined.”
That world opened up in unexpected ways. “Learning about exceptional women like Dr. Rachel Sibande, who have made tremendous strides in tech from Malawi, gave me a renewed sense of possibility,” she explains. As her passion grew, so did her skill set. “Since then, I’ve gained skills in networking, digital forensics, threat intelligence, and security governance—transforming curiosity into a growing sense of purpose.”
Her foundation began with a diploma in Computing and Information Systems, followed by a Bachelor’s in Computer Systems and Security. But the real shift happened when she became a CyberGirls Fellow. “The real turning point came when I was accepted into the CyberGirls Fellowship, where I specialized in Digital Forensics and Threat Intelligence,” Ameera recalls. “The program didn’t just build my skills—it introduced me to a global community of women in cybersecurity and mentors who believed in my potential long before I fully did.”
Still, the path wasn’t always smooth. “Absolutely, I experienced doubt,” she admits. “Cybersecurity is a highly technical and male-dominated field, and imposter syndrome can creep in easily. The CyberGirls community reminded me that feeling uncertain doesn’t mean I don’t belong—it just means I’m growing.”
A piece of advice from Confidence Staveley, Executive Director of the Fellowship, left a lasting mark: “She encouraged us to keep a list of our achievements to revisit when doubt shows up. That small habit has made a big difference.”
Unlike many who map out their careers step-by-step, Ameera allowed her journey to unfold organically. “I didn’t begin with a rigid career roadmap. My journey started with general curiosity, and over time, I found myself naturally drawn to threat intelligence.” That interest now includes deepening knowledge in malware analysis and digital investigations.
If she could speak to her high school self, Ameera knows exactly what she’d say. “Don’t be afraid to speak up or to be the only woman in the room. Ask questions. Seek guidance. Embarrassment is the cost of entry into growth, and it’s worth paying. You don’t need to know everything to start—begin with what you know, and you’ll find your way from there.”
The CyberGirls Fellowship remains the cornerstone of her development. “It connected me with mentors who offered me long-term guidance, a community of like-minded women who provided emotional support, and hands-on training that bridged the gap between theory and practice,” she says. “It gave me confidence, belonging, and a clear path forward.”
Today, as a Quality Assurance Engineer at Malawi Telecommunications Limited, Ameera is not just working—she’s thriving. “I love that there’s always something new to learn. The dynamic nature of cybersecurity keeps me curious, sharp, and constantly evolving,” she says.
She stays current through regular reading, online learning, and hands-on casework. “I believe in continuous learning—not just to stay relevant, but to stay prepared for whatever comes next.”
Looking ahead, she has big plans. “I’m currently working toward becoming a Certified Computer Examiner or Cyber Threat Intelligence Professional,” she says. “In the near future, I also hope to pursue a master’s degree in cybersecurity to further deepen my technical expertise and contribute meaningfully to the cybersecurity landscape in Africa.”
And when the right opportunity arises, she’ll be ready—but she won’t just look at the salary. “I’d look closely at the work culture: Is there teamwork? Is the organization open to diversity? Do they foster a growth mentality? For me, opportunities for continuous learning, mentorship, and meaningful contribution are just as important—if not more—than compensation.”
From curiosity to calling, from community to confidence, Ameera Mwale’s journey is not only about protecting others—but about becoming a force in a field that needs more voices like hers.
www.linkedin.com/in/ameeramwale
Regomoditswe Naledi Diale
Client Cyber Security officer
Ididn’t have a clear vision of the exact roles I wanted to pursue,” says Regomoditswe Naledi Diale, reflecting on the beginnings of a journey that has led her to become a Client Cyber Security Officer in Johannesburg. “But I knew that starting off in a SIEM environment would provide a strong foundation.” That foundation—one built on real-time monitoring, threat detection, and incident response— would shape the path she continues to forge in the cybersecurity landscape today.
Regomoditswe’s interest in cybersecurity was first sparked during her academic studies in networking. “I was fascinated by how data moves across systems, how networks are structured, and the protocols that ensure secure communication,” she says. “Networking laid the groundwork for understanding the importance of protecting digital infrastructure.” But it was her first role at Lawtrust, a leading South African cybersecurity firm, that transformed that foundational interest into a deeper passion. “Working there exposed me
to the critical role cybersecurity plays in protecting identities and sensitive data,” she explains. “It’s where I developed a fascination with digital trust, secure authentication, and cryptographic solutions.”
Her career later took her to Nclose, a company known for its focus on managed security services, SOC support, and vulnerability management. “That experience broadened my perspective from identityfocused security to a wider organizational security posture and threat defence,” Regomoditswe says. “I gained hands-on experience monitoring threats in real-time and implementing proactive security measures to mitigate risk.”
Regomoditswe credits her growth to a series of pivotal steps: “Building a strong foundation in networking was key. Then, gaining real-world experience at Lawtrust and Nclose helped me apply theoretical knowledge to practical challenges.” Beyond that, she actively pursued certifications and sought
out mentorships and opportunities to contribute to security projects outside of her formal roles. “I was proactive. I always looked for chances to learn and grow,” she says.
That doesn’t mean the path was always clear. “Yes, I’ve experienced moments of uncertainty,” Regomoditswe admits. “The complexity and constant evolution of cybersecurity made me question whether I could keep up. But my support structure—mentors, peers, communities—helped me navigate those doubts.” She points out that even small wins and consistent progress helped restore her confidence. “Seeing how crucial cybersecurity is to protecting organizations and individuals reignited my motivation.”
As for the most challenging part of her current role, she says it’s ensuring that technical insights are translated into clear, actionable strategies for clients. “The most satisfying part is helping clients strengthen their cybersecurity posture in ways that align with their business goals. Being a trusted advisor is incredibly rewarding.” Her daily responsibilities include compiling and presenting monthly reports, serving as a main point of contact for MDR customers, and bridging the communication between technical teams and internal stakeholders. “I also help track initiatives to ensure timely resolution and support service improvement discussions with senior leaders,” she adds.
To maintain work/life balance in such a high-pressure field, Regomoditswe relies on three essentials: “A support network, structured time management, and regular breaks. Calendars and task managers help me prioritize, and staying connected with peers keeps things in perspective.”
Staying effective in her role requires a consistent learning mindset. “I follow trusted cybersecurity news sources, participate in webinars, and listen to cybersecurity podcasts. It’s all about staying ahead.” Tools that enhance her work include threat intelligence platforms, SIEM systems, EDR tools, and vulnerability management solutions. “These tools help
me connect client needs to appropriate technologies,” she says.
Regomoditswe is also active in industry organizations and has recently joined several communities. “These affiliations offer continuous learning, networking, and staying on top of emerging threats and best practices. From both a personal and organizational perspective, they’re invaluable.”
She notes that her organization, like many others, has felt the impact of the cybersecurity skills shortage. “Level 2 and 3 SOC analyst roles have been particularly difficult to fill,” she says, pointing out the need for both talent and automation to close the gap. Looking ahead, she identifies several emerging threats: “AI-driven attacks, cloud security vulnerabilities, and the evolution of ransomware. AI will be used by both attackers and defenders. And with continued cloud adoption, securing those environments is absolutely critical.”
For those transitioning into cybersecurity from other fields, Regomoditswe offers grounded advice: “Leverage your transferable skills. Problem-solving, attention to detail, communication—they all matter. Learn the basics of security principles, networking, and operating systems, and consider getting an entrylevel certification to bridge the knowledge gap.”
If she could give her high school self advice? “Start exploring early, and don’t be intimidated. It’s not all about coding. Build a strong foundation in networking and operating systems. Play with home labs. Do capture-the-flag challenges. And remember— imposter syndrome is normal, but it doesn’t define your potential.”
Regomoditswe’s career continues to evolve. She plans to pursue the CISSP for broader security leadership knowledge and the CCSP to meet the growing demand for cloud security expertise. “Cybersecurity is a field of constant motion,” she says. “And that’s exactly what makes it so exciting.”
www.linkedin.com/in/regomoditswe-diale-51338a173
Alycia Rumney
Cyber Security Operational Assurance at BAE Systems
When Alycia Rumney reflects on how her cybersecurity journey began, it wasn’t in a lab or classroom, but rather amid the chaos of a global pandemic.
“While managing my business during the COVID-19 lockdown, I was a victim of identity theft,” she shares. “This incident revealed critical vulnerabilities not only on a personal level but also within business security and operational processes.” That eye-opening experience didn’t just shift her perspective—it changed her entire career. “Recognising the importance of strong cybersecurity controls and governance, I decided to sell my business and dedicate myself entirely to learning about cybersecurity.”
That bold decision marked the beginning of a rigorous new chapter. Alycia dove headfirst into the field with a 600+ hour cybersecurity boot camp, equipping herself with hands-on skills in risk management, control assessment, and incident response. “I supplemented this with certifications like ISO27001 Lead Auditor, CE-CSP, Azure Fundamentals, and CISMP,” she explains. The practical foundation she built through early consulting roles allowed her to implement and assess compliance with Cyber Essentials and ISO
27001 frameworks. “These roles primarily focused on establishing governance processes, conducting gap assessments, and validating control effectiveness, laying a strong foundation in cybersecurity and operational assurance.”
Now at BAE Systems, Alycia works in Cyber Security Operational Assurance—an area where technical acumen meets strategic oversight. “The most complex aspect involves managing the assurance of controls across a diverse range of critical applications and networks, ensuring they meet variations of the NIST SP 800-53 standards,” she says. It’s a juggling act involving multiple stakeholders, evidence verification, and remediation coordination. But Alycia thrives under pressure. “To manage this, I use tools such as JIRA for tracking actions and SharePoint for governance documentation, which facilitate transparent oversight and effective risk management.”
The road hasn’t always been smooth. “Transitioning from business ownership to cybersecurity was initially challenging, especially given the technical complexities involved,” she admits. But rather than being deterred, Alycia leaned into her strengths. “I focused on leveraging my strengths in governance,
compliance, and operational assurance—areas where I could make immediate contributions.” She credits structured learning, mentorship, and immersive experience as the pillars that helped her navigate early doubts. “Embracing the multidisciplinary nature of cybersecurity and understanding the importance of assurance processes strengthened my confidence and reaffirmed my commitment to this career path.”
Unlike those who pursue cybersecurity with a clear role in mind, Alycia’s path unfolded organically. “My journey was largely organic. Starting from a personal need to understand identity theft, I gradually expanded into broader aspects of cybersecurity,” she says. Over time, that curiosity developed into a focused passion for assurance and compliance. “This natural evolution has enabled me to contribute effectively to enterprise-wide security and operational resilience initiatives and lead to ever developing professional and personal goals.”
Looking back, she wishes she had been encouraged earlier. “I would advise my high school self to nurture curiosity about technology and systems while also emphasizing the importance of governance, risk management, and assurance,” Alycia says. She’s a firm believer that cybersecurity isn’t just about hacking—it’s about trust. “Cybersecurity is not solely about technical hacking skills; it involves establishing reliable controls, validating their effectiveness, and building trust using interpersonal skills.”
For aspiring professionals pursuing university studies, Alycia emphasizes a balanced approach. “A strong foundation should combine core computer science topics—such as networking, operating systems, and programming—with specialized studies in cybersecurity frameworks, control assurance, and risk management standards like ISO 27001 and NIST SP 800-53,” she advises. And it’s not just technical knowledge that matters: “Developing soft skills like communication and project management is crucial for effective collaboration and governance in complex environments.”
Looking to the future, Alycia sees a landscape in rapid evolution. “I anticipate that AI-driven security automation and zero-trust architectures will be transformative,” she says, noting that compliance expectations are rising too. “Regulatory frameworks are likely to become more stringent, emphasizing not just risk detection but ongoing, evidence-based assurance of security controls.” She also points to quantum computing as a looming disruptor. “It will challenge current cryptographic methods, prompting the evolution of assurance practices to address these emerging risks.”
Emerging threats will be no less complex. “Supply chain vulnerabilities and sophisticated ransomware attacks are expected to remain leading threats,” she warns. And as AI begins to serve attackers as well as defenders, Alycia believes the industry must stay nimble. “The rise of AI-powered attacks will require enhanced assurance capabilities through advanced detection and continuous control validation.”
When contemplating future career moves, Alycia is clear that impact trumps income. “I recommend that transitioning professionals leverage their existing skills in governance, process management, and stakeholder engagement to add value to assurance programs,” she says. Her advice is pragmatic: “Acquiring foundational cybersecurity knowledge through relevant courses and certifications is important; however, equally essential is cultivating an assurance mindset.” For Alycia, it’s a mindset that prioritizes resilience, collaboration, and the steady pursuit of trust.
In a field as complex and fast-moving as cybersecurity, Alycia Rumney is a reminder that resilience, purpose, and continuous learning can turn a crisis into a calling.
www.linkedin.com/in/alycia-rumney
Pradnya U Manwar
Senior Director – CyberSecurity and Information Security
When Pradnya Manwar encountered the Red Code virus early in her career, she had no idea it would ignite a lifelong pursuit. What began with running antivirus tools in a bid to disinfect infected systems quickly became something much deeper. “Even then, I was intrigued by the challenge of combating unseen digital threats,” she recalls. But it wasn’t until she found herself in the Security Operations Center of one of the world’s largest banks that her path became undeniable.
“In that high-stakes environment, cyber threats were relentless. Each day brought new attacks— sophisticated, persistent, and constantly evolving,” Pradnya explains. “It was in those intense moments— analyzing complex threats, responding to incidents, and safeguarding critical assets—that I found my calling.”
Over the years, what started as a spark of curiosity evolved into a clear sense of purpose. Today, as Senior Director – CyberSecurity and Information Security based in Mumbai, India, Pradnya stands as a seasoned leader and defender. “The ever-changing
nature of this field continues to fuel my passion, drive my growth, and strengthen my resolve,” she says. Her perspective as a woman in cybersecurity is also something she holds with pride: “Our perspectives, resilience, and leadership bring unique value to the industry. My journey as a defender has been empowering—and I hope it inspires others to step forward, take up space, and lead with confidence.”
Pradnya’s early professional steps laid a powerful foundation. She immersed herself in configuring firewalls, deploying intrusion detection systems, and administering enterprise servers across platforms like Sun Solaris, Unix, and Windows. “One of the most pivotal steps I took was immersing myself in a wide range of IT functions,” she shares. Her experience managing a shipping organisation’s full IT setup—including business continuity planning and infrastructure for a cadet institute—taught her to think both strategically and technically. “Cybersecurity wasn’t just a specialized function—it was the glue that held resilient, trustworthy IT systems together.”
For those just beginning their own journeys, she offers clear, compassionate advice: “Don’t wait to be
perfect to begin—just start. Focus on building strong fundamentals. Be curious, ask questions, and don’t shy away from technical challenges—they’re your best teachers.” She also emphasizes the importance of a problem-solving mindset rooted in ethical responsibility. “Cybersecurity isn’t just about tools or systems. It’s about protecting people, data, and trust.”
When asked what university students should focus on to build a strong cybersecurity foundation, Pradnya doesn’t hesitate. Networking, operating systems, cryptography, secure development, and hands-on labs all feature prominently. “In addition to technical depth, courses in communication, risk management, and leadership are crucial,” she notes. “Cybersecurity professionals must be able to explain complex threats to non-technical stakeholders and lead crossfunctional initiatives.”
Looking ahead, Pradnya sees a rapidly shifting threat landscape. AI-powered attacks, ransomware evolution, and supply chain compromises are just the beginning. “Attackers are becoming more strategic,” she warns. “They’re targeting identities, exploiting misconfigured cloud environments, and using deepfakes and data poisoning to bypass defences.” Her response is clear: “Cyber resilience—not just prevention—will be key.”
Staying current is a non-negotiable in Pradnya’s world. “To remain effective in my role, I follow a multipronged strategy,” she explains. That includes formal training, certifications, threat intelligence monitoring, peer engagement, hands-on experimentation, and deep research. “Engaging with the cybersecurity
community—especially women-in-cyber networks— has been a vital part of my learning and growth.”
Technology also plays a critical role in her day-today leadership. Tools like Next-Gen SIEMs, Orca Security, EDR, and threat intelligence platforms provide essential visibility and protection across multi-cloud and enterprise environments. “Ultimately, the synergy between these tools, processes, and skilled professionals is what enables us to stay ahead of threats and maintain strong cyber resilience,” she says.
Having navigated the industry from the ground up, Pradnya has a unique understanding of what it takes to transition into cybersecurity from other domains. “Cybersecurity is as much about problem-solving and risk management as it is about technical skills,” she affirms. Whether someone comes from IT, audit, law, or project management, the key is to leverage transferable skills and stay hands-on. “Don’t wait for perfection. Start with entry-level roles, experiment in home labs, and engage with the community. With the right mindset, anyone can thrive in this field.”
Pradnya Manwar’s journey is one of resilience, relentless curiosity, and rising to meet complexity with clarity. In a world filled with evolving digital threats, she stands as a powerful reminder that cybersecurity is not just a profession—it’s a calling. And hers continues to inspire the next generation of defenders.
www.linkedin.com/in/pradnya-umaji-manwar-70100997
Umadevi Yandamuri
Global Cyber Range Technical Trainer | Customer Success Manager – APAC
For Umadevi Yandamuri, a Global Cyber Range Technical Trainer and Customer Success Manager at APAC, the spark that ignited her cybersecurity journey was anything but conventional. “To be honest, my initial interest in cybersecurity has a rather amusing origin story,” she laughs. “It all started when I was just 14 years old, captivated by a hacker character in a TV series. He was in a basement lab with stacks of hardware, dressed in a classic black turtleneck, stealing from the bad guys and helping the good. It was a romanticised portrayal—but it sparked something in me.”
That spark evolved into action. She began learning Python, experimented with red team tools, and immersed herself in online communities, soaking up knowledge from GitHub, YouTube, books, and LinkedIn. “What started as a fascination with a fictional character has transformed into a genuine passion for cybersecurity,” she says, “driven by a desire to make a positive impact in the digital world.”
Yet, like many in the field, her journey wasn’t without moments of doubt. “The domain was predominantly male, and I felt a bit directionless. I always wanted a mentor, but being an introvert, I didn’t know how to seek one,” she shares. “Eventually, I found someone who helped untangle my learning path into a coherent flow. Once my basics were clear, I felt empowered to explore further.”
In her current role, the biggest challenge she faces is keeping pace with the relentless evolution of the field. “There’s so much happening—new developments every day,” she explains. “To stay informed, I dedicate one day each week to reading articles, watching videos, and engaging with experts on LinkedIn. I especially enjoy seeing other women in the domain, like Caytlin, who shares such essential insights. It’s inspiring.”
Her path to becoming a technical trainer wasn’t linear. “When I started, I was really into penetration testing and ethical hacking,” she recalls. “After earning my CEH, I thought I was ready to enter the field—but good opportunities weren’t available in my city. I didn’t want to leave my family.”
Then came a teaching opportunity. “I thought, I’ve always loved teaching—why not? Even though I was young, and my students were close to my age, they respected me. I would spend nights preparing lectures. Eventually, I mastered it. If you want to learn something well, prepare to teach it. You’ll understand it on a whole new level.”
If she could go back and advise her high school self, it would be about the value of connections.
“Cybersecurity isn’t just a niche—it touches every domain. I chose this career as an introvert, hiding behind a desk. But I’d tell my younger self to connect more, not fear mistakes, and be inspired, not intimidated, by others’ success.”
She’s passionate about improving how cybersecurity is taught. “Don’t choose a university just for its name,” she advises. “Focus on the quality of instructors, the research environment, and how hands-on the learning is. Certifications like CEH and CompTIA are valuable, but what matters is your actual skill. I’ve met graduates from top universities who still struggled with fundamentals. Get your hands on the keyboard, think logically, and build those troubleshooting muscles.”
Looking ahead, she sees two major forces reshaping the field: artificial intelligence and privacy regulations.
“AI will revolutionize threat detection and response, but it’s a double-edged sword. Attackers will use it too. At the same time, privacy laws like GDPR and CCPA will tighten, pushing companies to improve their security posture. It’s going to be a transformative time.”
Despite the intensity of her work, Umadevi prioritises balance. “Work-life balance in cybersecurity feels like chasing a unicorn,” she says with a smile. “Imposter
syndrome sneaks in, telling you to do more. But I’ve learned to protect my time fiercely. Self-care isn’t indulgent—it’s essential.” Whether it’s taking short breaks, chatting with non-tech friends, or getting lost in a book, she finds ways to recharge. “And vacations—non-negotiable. You don’t want to look back one day and realise all you did was work.”
A typical day for Umadevi is a mix of strategy, delivery, collaboration, and continuous learning. “My mornings start with aligning with CISOs and team leads to identify skill gaps. Midday is training time— hands-on sessions with analysts, brainstorming with my team. Afternoons are about analysing feedback, improving what we deliver, and staying sharp on industry trends. And yes, a power nap is part of the routine!” she laughs.
Umadevi sees herself as a bridge—connecting people with the practical cybersecurity skills they need. “I’m empowering the workforce, one learning experience at a time,” she says. From a 14-year-old girl inspired by a hacker in a turtleneck to a global technical trainer, her journey is proof that passion, persistence, and preparation can shape a powerful career—and future—in cybersecurity.
www.linkedin.com/in/umadevi-yandamuri-326129233
Meg Peddada
Senior Partner Solutions Architect
Meg Peddada’s interest in cybersecurity began with a childhood dream of joining law enforcement and a fascination with technology.
“This combination sparked my interest in cybercrime prevention and investigation,” she says. “Throughout my journey in this field, I have developed a deep understanding of cybersecurity’s crucial role in protecting clients and maintaining digital safety.” That blend of passion and purpose laid the foundation for what has become a dynamic and impactful career.
Early in her professional life, two factors played pivotal roles in shaping her direction: mentorship and community. “Working alongside highly skilled professionals who were inspirational and impactful really helped,” Meg reflects. “Equally, active participation in industry conferences and networking fostered a continuous learning culture.” That willingness to stay engaged with both the people and progress of the field gave her a launchpad to build deep expertise.
Now a Senior Partner Solutions Architect based in New York, Meg continues to face—and embrace— some of cybersecurity’s most complex challenges. “The human element remains our industry’s biggest
challenge,” she notes. “People are susceptible to errors and mistakes, making it difficult to maintain consistent security standards. A particular challenge is convincing business executives about security’s strategic importance. However, we’re witnessing a positive shift in industry attitude towards cybersecurity investment and prioritization.”
Like many pioneers, Meg faced moments of uncertainty. “When I started in cybersecurity, it was still a novel thing and was up and coming. In my early career, big data or crypto were a big thing and it made me wonder if I was on the right trajectory,” she admits. “However, I’m glad I stuck with it—there is immense potential in this field.”
Her career has evolved through a mix of intentional planning and serendipitous opportunity. “I initially aspired to become a Chief Information Security Officer (CISO), a role that is now evolving into the broader Chief Security Officer (CSO) position,” she shares. “Having started off in penetration testing, I got to try different things like digital forensics, security architecture, and security implementations—all of which have been rewarding and educational.”
Asked what she would tell her high school self about a career in cybersecurity, Meg doesn’t hesitate. “Explore online courses to build security fundamentals. Participate in capture-the-flag exercises. Gain handson experience early. Most importantly, cultivate genuine interest in the subject—everything else follows naturally.”
For university students, she underscores the importance of building on strong computer science fundamentals. “Till today, a lot of what we refer to comes back to those basics,” Meg says. “Also, communication might not be something we immediately think of, but it’s super important that we’re able to convey security issues concisely and efficiently.”
Looking to the future, she sees AI security as both a revolution and a risk. “AI security is revolutionizing our field. While much remains unknown, researchers continuously update our understanding of this
emerging area. We should embrace experimentation and learning from failures,” she says. At the same time, she warns of the evolving threat landscape: “Supply chain attacks and AI-powered attacks are the most significant threats I foresee over the next two years.”
When evaluating new career opportunities, Meg prioritizes more than just salary. “Team! I have always been a major advocate for having a good, supportive, skilled team as that really shapes your career,” she explains. “The amount you can learn from your peers is seriously underestimated. Also, company values and strategy—if there’s a positive attitude in securing systems and information, then half the work is already done.”
Mentorship has been a cornerstone of her own success. “I’ve had the pleasure of working with many talented individuals and managers who have been instrumental in my career development. They guided me on which areas to focus on, when to shift toward growing trends, and gave me opportunities to work on projects that interested me.”
Certifications continue to matter in her eyes— especially those tied to emerging demands. “Cloud security certifications are important. There’s a heavy shift toward cyber professionals becoming more hands-on,” she notes. “Foundational courses such as CISSP and SABSA are still very instrumental and important in getting the basics right.”
What brings her the most satisfaction in her current role? “Solving complex technical challenges is my primary motivation. I find great satisfaction in unblocking business workloads by addressing complex security problems.”
Striking a work/life balance is something Meg approaches with honesty. “I won’t sugar-coat it—there are a few long nights, but that’s the fun and hard part of it sometimes. However, knowing when you need to rest and recover is very important. Taking time off to just unwind can be refreshing. Having a non-tech hobby can help your mind creatively solve problems. For me, that’s either arts or sports.”
To stay current, she uses a mix of quick daily updates and peer engagement. “News, Reddit, blogs—I usually spend five to ten minutes in the morning catching up. Peer group networking is also a big part of staying sharp.”
A typical day for Meg includes helping customers implement technical security controls in their workloads and working on innovative solutions—some of which may be published as thought leadership or even open-sourced.
She attributes much of her effectiveness to the tools and technologies she engages with, along with the support she receives from being part of professional communities. She’s a member of Women’s Bond Club, Australian Women in Security Network, and Women in Security—organizations that have provided vital support and connection throughout her career.
On the topic of the cybersecurity skill shortage, Meg offers a more optimistic view. “Personally, I think we might have solved the skill shortage—cybersecurity has grown exponentially in the last few years. That’s thanks to many such organisations who have played a pivotal role in encouraging new users into this field. As we move into a new era of AI, we need to build our strengths and skills in this space to anticipate new changes.”
For those transitioning into cybersecurity from other backgrounds, Meg’s advice is clear. “Gain more hands-on experience. Participate in challenges at conferences or meetups. Just generally invest time to learn about cybersecurity.”
In every part of her journey—from penetration tester to thought leader—Meg Peddada has remained true to her passion for solving problems and securing systems. Her path offers not just inspiration, but practical wisdom for anyone looking to navigate and thrive in the evolving world of cybersecurity.
www.linkedin.com/in/meg-peddada
Charlotte Wylie
Senior Vice President - Deputy Chief Security Officer @ Okta
Charlotte Wylie, Senior Vice President and Deputy Chief Security Officer at Okta, speaks with remarkable clarity about what many might consider one of the murkiest challenges in cybersecurity: communication. “The most complex challenge isn’t always the technical one, surprisingly enough,” she says. “It’s often more of a challenge translating highly technical security risks into clear, actionable business imperatives for every part of the organization.”
For Charlotte, that translation work is fundamental. “We’re dealing with incredibly sophisticated threats, but if my business partners I rely on to crossfunctionally defend against these threats don’t grasp the ‘why’, then getting the necessary buy-in and resources becomes incredibly difficult.” Her answer? “Relentless communication and simplification. No jargon. I say to my team that our other role, aside from what our title says, is CRO; Chief Repeating Officer.”
She smiles at the irony of it, but it’s a serious leadership principle. “We have to speak the language of business, focusing on outcomes,
and demonstrating tangible value whilst always making sure our stakeholders understand the why. Sometimes, that looks like saying the same thing in many different ways – and this is a must-have skill.”
In addition to clarity, collaboration is key. “Security can’t be a blocker; it has to be an enabler. By embedding security early and often, we build empathy and shared understanding.” And for those who might doubt the value of metrics in a human-centred domain, Charlotte stresses the power of data. “Using metrics and real-world examples to illustrate risk and show progress… that’s how we bridge the gap.”
Charlotte’s path into cybersecurity was less a straight line and more an evolving curiosity. “You know, when I first started out in cybersecurity, I wouldn’t say I had a perfectly clear, mapped-out vision of the exact roles I’d aspire to. The field itself was still evolving so rapidly, and my own understanding was deepening every single day.”
Instead, she followed the problems that fascinated her most. “Each role, each challenge, presented a new learning opportunity that naturally led me to the next. It was about following where the most interesting and impactful work was, constantly asking questions, and letting that drive my growth.”
Yet even the most committed professionals encounter doubt. “Absolutely! I think anyone who’s been in this field for a while and is being honest will tell you there are moments of uncertainty,” she admits. “For me, it wasn’t about questioning the importance of cybersecurity, but sometimes the sheer scale of the challenge, the relentless pace of new threats, or even just the feeling of ‘drinking from a firehose’ when you’re constantly learning.”
What carried her through those moments was connection. “Leaning on trusted advisors and confidants in this community to share doubts makes
those doubts smaller. Just someone validating how you feel but also reminding you of why you’re still here.” Charlotte re-centres herself by focusing on the impact of the work: “When you see how your work directly protects people, data, or critical systems, that reinforces why you’re doing it.”
The scope of her role today is expansive and evershifting. “A ‘typical’ day as a Deputy CISO is rarely, truly typical,” she laughs. “It’s a dynamic blend of responsibilities… It’s definitely not just ‘CISO-lite’; it’s about being deeply immersed in the operationalization of security strategy.”
Charlotte oversees all of the Technical Security Services at Okta — from Product Security to Offensive Security and Enterprise Security. Her days begin early, catching up on global updates, and quickly pivot into strategic discussions, aligning security programs with business outcomes. “A big chunk of my time is spent translating: taking those complex technical challenges and risks, and simplifying them for different audiences across the organization – from engineering teams to legal, or even senior leadership.”
And there are the sudden shifts. “A significant incident can completely derail the day, and you pivot instantly into crisis mode.” But beyond the chaos, her focus remains clear: “The core priority is really about building an incredibly resilient security posture that can adapt to anything thrown our way.”
Despite the demands, Charlotte insists on maintaining balance — though she admits it hasn’t always been easy. “Cybersecurity isn’t a 9-to-5 job… I can honestly say that I have had many times in my career where this equilibrium has been completely off kilter. Between being the mum of young kids and work, compromise is my middle name!”
For her, it starts with focus. “It starts with ruthless prioritization: understanding what truly moves the needle and what can wait, or be delegated.” Building a strong and empowered team has also been essential. “That allows me to step back when needed, knowing things are in capable hands.”
And boundaries are sacred. “When I’m with my family, I’m with them. I make time for things that recharge me… It’s not about working less, it’s about working smarter and protecting that personal space, because that’s what allows me to show up as my best self.”
Looking to the future, Charlotte sees a landscape shaped by three major forces. “First, it’s the continued explosion of AI’s dual use… GenAI weaponized for phishing, deepfakes, automated attacks — but also our most powerful defence.” Second, she says, is identity. “As everything becomes connected –humans, machines, AI agents – securing every single identity… will be paramount.” And third: “Software supply chain security will remain a critical, evolving challenge… The focus will shift even more towards verifiable trust, transparent components, and automated assurance.”
When asked who has influenced her most, Charlotte doesn’t hesitate. “A truly impactful manager is also your biggest champion, advocate, sponsor and critic rolled into one. They invest in your growth, challenge your thinking, and, crucially, represent you in the rooms you aren’t in.”
She speaks with genuine appreciation for those who helped shape her. “I’ve been incredibly fortunate to have managers who saw potential in me, perhaps even before I fully saw it myself. They created opportunities, provided candid feedback, and helped me navigate moments of uncertainty.”
But what brings her the deepest fulfillment is not the technology, but the people. “Watching individuals grow, develop new skills, and truly shine in their roles is incredibly rewarding.” At the heart of her leadership is a drive to create a culture of curiosity and empowerment. “Knowing that I’m helping to cultivate the next generation of cybersecurity leaders, and that together, we’re building something that genuinely protects people in the digital world, brings immense fulfillment every single day.”
https://www.linkedin.com/in/charlotte-wylie
CRAIG FORD
Craig is an experienced cyber security professional with various qualifications including two master’s degrees. He is the Head Unicorn (co-founder and director) of Cyber Unicorns, in which he acts as a vCISO to clients such as Baidam Solutions, Wesley Mission, PCYC, Hungry Jacks and Ipswich City Council. He was CTO (Chief Technology Officer) for Baidam Solutions between January 2022 to June 2023, where he led the technical services team, helping to build out the internal services capability for Baidam. Craig was QLD chair for AISA for two years until he was appointed to the national board of directors in December 2022.
Craig is a published author with three different book series – ‘A Hacker I Am’ cyber education series, ‘Foresight’ is his Cyberpunk/hacker fantasy novel series and then there is ‘The Shadow World’, a co-authored kids cyber education book. He is a freelance cyber security journalist and is a regular columnist with the Women in Security Magazine, as well as a freelance contributor for Cyber Today, Top Cyber News, SecureGov, Careers with STEM and Cyber Australia magazines.
COLUMN
Are we there yet? Who
doesn’t
love a good road trip?
It’s an honoured pastime, and an adventure many seek. It doesn’t matter if you are in Australia, New Zealand, the US, Europe or Asia, a solid road trip can be an adventure and a disaster wrapped into one.
If you have kids, the dreaded “Are we there yet?” bedevils every generation. I know I probably asked that question when I was a kid, and I can guarantee you my kids do. We all do, because of the anticipation at the beginning of any road trip: we are packed, we hit the road and fixate on our destination.
WHERE ARE WE GOING?
We forget about the journey and just want to get to the end. Cybersecurity can be a little like this: we forget the journey is part of the adventure. It is not just about the finish line, the achievement or the job title.
I have many conversations with graduates, and even with industry veterans like myself, who have started to become part of the furniture. Every story is different. Every journey is full of ups and downs, including my own.
However, this is what we want. Not the bumps in our journey. They are not very enjoyable, but I always say we can learn just as much from our failures as from our wins (probably more from the failures if we embrace them and use them to drive us).
Our different journeys, the different pathways that brought us to where we are today and determine where we are headed, and even those pesky bumps and bruises we suffered along the way all make us who you are.
My journey has made me who I am, not only in this industry, but in life itself. We are all shaped by our experiences, and that makes each of us special.
Cybersecurity is tough. We probably all know that. It can sometimes feel as if it is chewing us up and spitting us out a little worse for wear. I have been there. I have considered whether cybersecurity was really for me, but I am still in the industry. Yes, I have some battle scars to show for my road trips through cybersecurity and life, but I am still standing.
Cybersecurity can be unforgiving, and it can be cruel. It can also be a very rewarding and fulfilling industry. We are all different, and that will help us succeed. We need to think differently about how we solve the problems we face. We need to see the opportunities and the risks.
We need to band together to create an impenetrable shield and push back the hordes who will try to take us down: our opponents, the malicious actors of this world who will show us no mercy as they try to steal our data and our money, and bring our organisations to their knees.
We know this reality. We know what we face as an industry and as a society. So, why do we make it so hard for new people to join us? Why is it so hard to bridge the gap between training and getting a start in the industry?
I know, there is no such thing as an entry-level job in cyber. I know many of you hit roadblock after roadblock to get that first opportunity. I was once in that same position, making the transition. I worked in IT support for about a decade before I made the change, and I faced great resistance to making the transition to a fulltime role in cyber, despite doing cybersecurity as part of my job before it was even called cybersecurity.
SO WHY WAS IT SO HARD?
I don’t know. Maybe it’s the industry in general. We need to look at the industry differently, and adopt a traineeship model like that for builders,
plumbers and electricians. We need government incentivised traineeships that allow businesses to take on inexperienced individuals, send them to Tafe or university and give them time on the tools with our teams.
Government funding would help businesses manage the cost. People would get their start in the industry and gain the needed skills. This would help address the skills shortage (I know some don’t think there really is one) and help bridge the gap between education and industry entry.
Yes, I also know that we can’t fill all the roles with graduates. We need skilled people as well. Of course we do. So does every other industry. However, I am certain that, if we come together and build more talent rather than poaching each other’s, we can make leaps and bounds in the defence of our digital world.
So, next time you hear someone say, “Are we there yet?” think about what you have read here. Think about the journey, not just the destination. Think about how you could help improve our industry, making it easier for someone who is looking at this field; someone who wants to make a real difference.
Could you help make someone else’s journey easier than yours? If your answer is yes, take action. Don’t sit on the sidelines. Look at their life experiences and see what benefits they can bring, rather than looking only at their cyber specific skills or qualifications. Their experience does matter.
Let’s build a better cyber industry from these road trips of life.
www.linkedin.com/in/craig-ford-cybersecurity
www.facebook.com/CyberUnicorns
www.instagram.com/cyberunicorns.com.au
x.com/CraigFord_Cyber
www.cyberunicorns.com.au
INDUSTRY PERSPECTIVES
JO STEWART-RATTRAY
WHY IT’S TIME TO WAKE UP, RETHINK THE CULTURE AND BUILD WHAT’S NEXT
by Jo Stewart-Rattray , Oceania Ambassador, ISACA
I like the whimsy of “Are we there yet?” I remember those days we set off on an eight hour drive to my Dad’s hometown in country Victoria. The time was always measured by the next driver rest stop or fuel stop. Dad used to get white line fever. We just had to get there, sometimes driving through the night. The seven-year-old me would be in the back seat saying “when can we stop? I need to go to the loo,” which was met with “just a few more miles to the next town, George,” which was Dad’s nickname for me. A few more miles could have been 35 kilometres!
These days that same feeling lingers in my professional life. As someone who’s spent years working in cybersecurity I’m still looking ahead and hoping for the moment when we arrive at a place where the industry is diverse enough and resilient enough to stay ahead of growing cyber threats.
But there’s always another corner. Back then it was “just a few more miles.” Now, it’s burnout, skill shortages and the advance of technologies like quantum computing that keep the destination shifting.
THE LONG ROAD AHEAD— QUANTUM COMPUTING
Just when we think we’re making progress the environment shifts and innovation keeps us ‘on the road’. ISACA’s new Quantum Computing Pulse Poll is a wake-up call, reminding us that one of the most transformative technologies of our time is not far away.
While many in the industry are aware of its risks, few are acting on them. ISACA’s recent poll showed 62 percent of tech professionals fear quantum computing could soon render today’s internet encryption obsolete, yet only five percent of organisations have a plan in place.
PREPARING FOR WHAT’S NEXT
The potential of quantum computing is immense, and so are the implications. Nearly two-thirds (63 percent) of professionals surveyed by ISACA believe quantum technology will shift or increase cybersecurity risks. In Australia and New Zealand concern runs even deeper, with higher levels of anxiety reported about the consequences of quantum disruption.
This tells us two things: we know the risks are coming and we care deeply about addressing them. But we need clear plans, investment in people and a shift in how we prioritise innovation.
ISACA’s poll indicates only five percent of global organisations saying quantum computing is a high priority today. That number must increase. At the same time, just seven percent of professionals report a strong understanding of post-quantum cryptography standards, despite the US National Institute of Standards and Technology (NIST) having worked on them for over a decade.
However, quantum computing does have some positive aspects, with almost half (48 percent) of respondents to the ISACA poll optimistic about the impact of quantum computing on their sector.
RETHINKING QUALITY AND CAPABILITY
Success in cybersecurity has often been measured
by speed, efficiency and system uptime. But, as we move closer to quantum disruption, our definition of success needs to evolve.
The ISACA poll had 52 percent of professionals saying quantum computing would change the skills businesses need and 57 percent saying it would introduce new business risks. Rather than viewing these statistics as roadblocks, we should see them as signalling that we need a broader, more adaptive mindset.
Some organisations are already taking steps:
• 46 percent are assessing the regulatory or compliance implications of quantum computing.
• 38 percent are exploring quantumsafe cryptography.
• 27 percent are providing training and upskilling.
• 28 percent are collaborating with quantum hardware and software providers.
These are practical, forward-thinking moves, but we need more organisations to follow suit, and more leaders championing this transition.
DIVERSITY IS A STRATEGIC ADVANTAGE
One of the most powerful tools we have for managing change is diversity: diversity of thought, background and lived experience. The challenges quantum computing brings aren’t just technical; they will also have ethical and social implications. Solving these challenges will require a much broader range of voices at the table.
The cybersecurity workforce of the future must be inclusive by design. That means making space for women, people from culturally diverse backgrounds, neuro-divergent professionals and those from all walks of life. Not only is increasing diversity the right thing to do, it makes our solutions stronger, our organisations more resilient and our collective impact far greater.
BUILDING WHAT’S NEXT
So, are we there yet?
Not quite. But there are ways we can get ‘there’ more efficiently, collaboratively and optimistically:
by investing in people and building diverse pipelines of talent. Real progress doesn’t just happen. It’s built through mentorship, through systemic change and through leaders who are willing to rethink who’s in the room and who gets to lead.
ABOUT THE AUTHOR
Jo has over 25 years’ experience in the security sector. As a director with BRM Advisory she consults in risk and technology issues with a particular emphasis on governance and cybersecurity. She is the Oceania Ambassador for global IT professional association, ISACA, an ISACA Hall of Fame inductee, vice president, communities of the Australian Computer Society and Ambassador of the National Rural Women’s Coalition. She regularly provides strategic advice and consulting to the banking and finance, utilities, healthcare, tertiary education, retail and government sectors.
www.linkedin.com/in/jo-stewart-rattray-gaicd-4991a12
WHY BREAKING FREE FROM PASSWORDS IS KEY FOR AUSTRALIA’S CYBERSECURITY RESILIENCE
By Mary Attard , Accenture ANZ Security Lead
Passwords are a part of everyday life, protecting everything from our social media and online shopping accounts to digital banking and superannuation. Today, there are over 300 billion passwords in use globally. Most of us accept them and blindly put our trust into this system. But, as the world moves forward driven by breakthroughs in AI, quantum technologies and green energy, why does this decades-old security method remain stubbornly in place?
The increasing damage caused by legacy password practices is finally starting to show. Despite efforts to strengthen them, compromised credentials remain one of the leading causes of cyber incidents. In Australia, compromised passwords accounted for a significant proportion of cybersecurity breaches in FY2023–24, highlighting an urgent need for a different approach.
World Password Day on 1 May represented an opportunity for organisations to rethink their own password practices. The move to passwordless
authentication won’t be simply a routine technical upgrade, but a necessary step towards creating a safer digital environment.
THE HIDDEN COST OF PASSWORDS
Passwords have long been the foundation of digital security, but they have also become one of its biggest vulnerabilities. Despite more secure technologies being available, many organisations continue to rely on passwords as their primary method of authentication. However, they remain the weakest link in the security chain, susceptible to hacking techniques such as phishing—attackers tricking individuals into revealing sensitive information—and “credential stuffing”, where stolen username and password combinations are used in automated attacks to access multiple accounts.
The financial cost should not be underestimated. Managing passwords has become a significant business expense, with organisations globally spending an estimated US$1 million annually on activities like staff and infrastructure management,
MARY ATTARD
as well as US$1 million annually on activities such as staff and infrastructure management, as well as password resets˚ As businesses grow, so too do the complexities and risks associated with password management, placing greater strain on IT teams and broadening the attack surface for potential breaches.
BIOMETRIC AUTHENTICATION: A SAFER ALTERNATIVE
While practices like regular password changes and multifactor authentication (MFA) have traditionally been seen as effective safeguards they are no longer sufficient to defend against increasingly sophisticated cyber threats. The solution lies in moving beyond passwords altogether. Passwordless authentication leverages public-key cryptography, allowing users to authenticate without ever sharing a password. Instead, a private key stored securely on the user’s device works with a public key stored by the service provider to verify identity.
By removing passwords from the equation, businesses significantly reduce the chances of data breaches. There are no passwords to steal, intercept or reuse. Authentication becomes tied to the device and, often, the user’s biometrics or device PIN, creating a much stronger security posture.
Within customer identity and access management (CIAM) circles, passkeys—FIDO-aligned credentials stored on a user’s device and unlocked with biometrics—are sparking debate about whether they should fully replace passwords. Passkeys still rely on public key cryptography yet they differ from appbased multifactor flows because they remove the ‘knowledge factor’ entirely. They eradicate phishing
risk and streamline logins, but they also demand robust device-lifecycle policies to prevent lockouts and lost device headaches.
Nevertheless, ultimately, adopting passwordless authentication helps close the security gaps introduced by human behaviour, such as reusing passwords across multiple services or falling for phishing scams. It enables a more seamless and intuitive experience, without sacrificing security.
LAYING THE GROUNDWORK FOR PASSWORDLESS SECURITY
Making the shift to passwordless authentication requires a strategic, organisation-wide approach. It involves not only deploying new tools but evolving identity and access management systems, upgrading devices and ensuring the environment is ready for passwordless protocols.
Organisations need to evaluate their IT ecosystems to ensure applications are compatible with modern authentication standards and that hardware devices can support secure authentication methods like biometrics or security keys. Education is also critical, both internally and externally, to help users understand the importance and advantages of passwordless authentication and how to navigate the new systems.
Flexibility is key. With remote and hybrid work models firmly established—more than a third of Australians worked from home at least once a week in 2024 businesses must be able to deliver consistent, secure access not just in the office, but across all devices and locations. Managing authentication
across an increasingly diverse range of endpoints demands agile, scalable solutions that can adapt as organisations evolve.
ACCENTURE’S JOURNEY TO PASSWORDLESS SECURITY
At Accenture we’ve been undertaking a multi-phased passwordless journey over the past decade. Our goal has been to remove dependency on passwords across all applications and identity platforms, enabling our people to experience seamless, secure authentication.
Central to our strategy was moving our applications to Azure Active Directory (Azure AD) and deploying passwordless solutions like Windows Hello for Business. We’ve since eliminated the need for passwords in the user experience for our employees globally, improving login speed, reducing authentication failures and strengthening our security posture. As we continue to evolve, we’re demonstrating how large enterprises can successfully operate and continue to innovate in a passwordless future.
www.linkedin.com/in/maryattard
ADVERTISING PACKAGE EXCLUSIVE
For the past four years , Source2Create has proudly delivered Women in Security Magazine to the industry free of charge , championing diversity, inclusion, and the incredible contributions of women in cybersecurity. As we continue to grow, we now need partners to help us sustain and expand this vital platform.
By supporting this package, you’re not just backing us—you’re investing in the magazine, its community, and the future of women in security. To ensure we can keep delivering this high-value publication, we’re introducing a nominal fee for $900 Ex GST, an exceptional package that provides extensive coverage and visibility.
HOW TO BE AN AUTHENTIC LEADER
By Marina Toailoa, Risk & Compliance
Authenticity in leadership means embracing your core values, beliefs and personality while meeting a role’s demands. It’s about showing up as the real you rather than someone you think you should be. For me, staying true to myself as I grow in the security industry is non-negotiable. I believe authenticity is the cornerstone of success. I’m far more determined and motivated when I am bringing my whole self to the table than when changing to fit, or to meet a requirement.
In the security industry authenticity doesn’t get the attention it deserves. The focus is often on technical skills, precision or operational wins, sidelining the power of self-awareness and emotional intelligence. Let’s be real: the intense pressure in this field can subtly push you to change who you are, nudging you towards adopting a stereotypical ‘security leader’ image. But that can disconnect you from your team and from clients who crave genuine human connection. However, times are changing. We’re starting to see the value of a humanistic approach where vulnerability is a strength and where staying true to your values builds trust. Emotional intelligence, self-awareness, self-regulation, empathy and social
skills are critical, yet often overlooked. They are what help leaders navigate high-stakes, high-pressure situations with grace. Picture a leader who leans into their natural empathy to support a shaken team after a security breach, rather than hiding it to seem ‘tough’. That authenticity drives better outcomes and deeper loyalty.
My confidence as a leader comes from staying true to who I am. If I don’t believe in something, I won’t say or do it just to fit in. One of my favourite books, The Four Agreements by Don Miguel Ruiz, talks about being impeccable with your word; speaking with integrity, honesty and intention, and ensuring your words reflect truth and respect for yourself and others. In security, where trust is everything, this is huge. Misleading a client about a system’s vulnerabilities or hyping up capabilities can shatter credibility. Faking a ‘tough’ persona to fit an image often leads to inauthentic communication, which undermines trust. But a leader who owns a mistake with honesty? That’s powerful. It aligns with being impeccable and earns respect, even in an industry that pressures you to seem unbothered. Staying true to your values ensures your words carry the weight of your genuine character.
MARINA TOAILOA
Being real creates genuine connections. In security, where stress runs high, showing you care can include checking in with your team after a tough incident. This will inevitably build loyalty and teamwork. If you’re naturally warm or empathetic, don’t hide these traits to seem ‘professional’. Revealing them sparks bonds that motivate people far better than a cold approach. Authenticity also keeps you grounded. Being honest about what you don’t know and instead leaning on your team’s strengths makes you more effective and happier. Plus, it sets an example, inspiring others to also bring their true selves to their roles.
In short, staying true to yourself is a power move. It makes you unshakeable, fuelling true inner growth and success. Staying true to your values during setbacks or pressure helps you stay grounded and develop a resilient character that can handle adversity without compromising principles. Authenticity isn’t just a trait; it’s the foundation for thriving in the places you truly belong.
www.linkedin.com/in/marina-azar-toailoa-66259511a
www.instagram.com/mummysafetysecurityproject
ANDEH CHIOMA
CULTURE,
CODE AND CONFIDENCE: THE ROLE OF TRADITION IN SHAPING WOMEN’S DIGITAL ENGAGEMENT
By Andeh Chioma, Security analyst and passionate advocate for inclusive technology
When we talk about bringing everyone into the digital age the conversation often centres on tangible barriers: spotty internet, pricey devices or a lack of tech skills. But, for women, especially those in regions like Africa, access to technology is only half the story. The deeper truth lies in the invisible threads of culture, tradition and social expectations that subtly, or not so subtly, shape who gets to engage online, how boldly and at what cost.
THE HIDDEN CODE OF CULTURE
In many African societies culture is the heartbeat of identity. It offers meaning and connection but can also draw lines that quietly limit women’s opportunities. From rural villages to bustling cities, women’s roles are often tied to home and hearth; caregiving, nurturing, preserving family honour.
Technology, meanwhile, is frequently seen as men’s domain: a space for coding, innovation and risktaking. This perception creates a digital confidence gap that no amount of infrastructure alone can bridge.
Imagine a young woman in a conservative community, smartphone in hand, hesitant to join a social platform or explore an online course. Why? It’s not just about access. It’s the weight of judgment, whispers that her curiosity might be ‘inappropriate’ or ‘rebellious’. Research from the Alliance for Affordable Internet (A4AI) reveals a stark reality: women in low and middle income countries are far less likely to use the mobile internet than men, not only because of cost but because of societal disapproval and limited digital know-how. Culture, it turns out, can be as much of a gatekeeper as a weak signal.
NAVIGATING RISK IN DIGITAL SPACES
The barriers to digital engagement are not only cultural, they are also psychological and reputational. For women, going online is not only about posting or browsing; it’s a high stakes balancing act. Every comment, photo or profile carries the risk of scrutiny, harassment or worse. In tightly knit communities where reputation and family honour are intertwined, a single online misstep can ripple into real-world consequences: shaming, blackmail or ostracism.
These fears are amplified by patchy digital safety nets. Weak legal protections and inadequate reporting systems leave women vulnerable, forcing many to choose invisibility over engagement. It’s not a lack of interest that keeps them offline; it’s a calculated choice to avoid harm. For every woman sharing her voice on social media or launching an online business, countless others stay silent, their potential unrealised not by choice but by necessity.
REWRITING THE RULES WITH CONTEXTUAL TRAINING
Closing this gap demands more than handing out devices or Wi-Fi passwords. It calls for programs that understand the cultural currents shaping women’s lives. Digital literacy must go beyond teaching code or clicks. It needs to build confidence, foster critical thinking and address the unique risks women face online.
Across Africa initiatives are proving this approach works. Kenya’s Ajira Digital Program, for instance, does not only teach women how to navigate the internet; it equips them with skills for digital entrepreneurship and strategies for staying safe online. In Ghana, Soronko Academy empowers women with tech training tailored to their realities. Nigeria’s CyberSafe Foundation goes further, embedding cybersecurity and AI skills in underserved communities to ensure women are not merely users
WHAT SKILLS ARE TRANSFERABLE TO CYBER ROLES?
By Marise-Marie Alphonso, Information Security Professional
The theme of this issue poses the question: ‘Are we there yet?’ My overwhelming response to this question is a resounding ‘No’. There is great scope for bringing others into the fascinating field of cybersecurity because the range of skill sets required to build careers in the cyber industry is extremely broad. In this article I focus on six key areas with skills that are transferable into the cyber industry and may interface with, or reside within, the cybersecurity team.
TECHNICAL SKILLS
Maybe you have a software development background and have thousands of lines of code to your credit. Your skills are paramount in cybersecurity. Ensuring that the design principle ‘secure-by-design’ is upheld is key to building cyber resilient systems. References such as the OWASP Top 10 provide a guide to using secure coding practices when developing software to reduce the number of critical and highrisk findings in an application penetration testing report. You may be a system administrator or a network administrator, both technical roles that must incorporate the security perspective to ensure systems and infrastructure are configured securely and updated while following IT change management practices. Again, with these roles, ensuring systems are configured using security principles such as ‘least
privilege’ and asking questions such as ‘Which ports do we need open?’ and ‘Which default services must be disabled on this server?’ would position you well to be a security champion.
COMMUNICATIONS
With the cyber field being so broad, the ability to communicate to different groups of people on topics relevant to them is important. These communications include:
• sharing the important points in security policies and procedures applicable to all staff.
• conveying expectations on data security and secure access requirements to thirdparty suppliers.
• communicating security awareness messages on prevalent cyber threats to staff in high-risk roles.
• providing the board with cybersecurity program updates and a view of the organisation’s cyber risk profile.
• communicating with customers following a data breach involving unauthorised access of their personal information.
Members of the communications teams in an organisation would be welcome additions to a security team, because their clear, crisp and
MARISE-MARIE ALPHONSO
concise communications enable stakeholders to understand how they must respond to a particular cybersecurity message.
BEHAVIOUR AND CULTURE
Are you currently in a human resources or people and culture team focused on driving a positive culture in line with your organisational values? Organisational culture typically uses the organisation’s values as a moral compass to guide the norms and collective behaviours within the organisation. Having a positive security culture produces massive benefits by uplifting the security posture of an organisation. Being in a role that can influence security behaviours and contribute to a positive culture is pivotal for human risk management. If you can influence staff to take on the responsibility of being security champions and, as a result, handle data securely, report security incidents and advocate for secure behaviours, you are part of the security team!
REPORTING AND ANALYTICS
You may have heard the terms key risk indicators, key performance indicators and key control indicators. These are metrics that provide visibility into an organisation’s cybersecurity posture and risk exposure. There’s room in cyber teams for data analyst wizzes who can turn a bunch of numbers into interactive, illustrative visualisations using graphs, trend lines and charts that tell a story. Operational security teams, executives and the board can then use these to make the important data-driven decisions required to address security control ineffectiveness, compliance obligations and cybersecurity spend.
RISK MANAGEMENT
We all manage risks on a regular basis, perhaps just in a context other than cyber. We make decisions on whether to take out insurance policies: for our health, homes and cars. And we decide whether to stop or proceed when approaching an amber traffic light. Cyber risk management is a fascinating topic requiring an understanding of an organisation’s context including its legal and regulatory obligations, the cyber threat landscape, the
business operating environment and the technology it uses. Organisations typically have enterprise risk and compliance specialist roles that could make use of skills transferable from the risk and compliance domains to the management of cyber risks. Cyber risk management is key to understanding whether an organisation’s spending on cyber initiatives is commensurate with the risk posed.
INCIDENT RESPONSE
If you have a knack for managing the actions required when things do not go according to plan, a role in cyber incident response could be for you. Incident responders have a variety of skills ranging from analysis, research and investigation to technical acumen, and an understanding of legal, regulatory and contractual obligations. Depending upon the nature and type of security incident, actions must be taken to reduce the impacts it could have on an organisation, such as operational downtime, reputational damage and fines for non-compliance with legal requirements. Incident responders play a pivotal role in the cyber responsiveness and resiliency of organisations.
As summarised above, there are roles in cybersecurity for individuals with a wide range of skill sets. It takes a collective, collaborative effort to secure organisations and, by extension, the economy as a whole. It is comforting to know that, should someone so choose, they can move into a career in cybersecurity and contribute to building a resilient future in our digitally connected world.
www.linkedin.com/in/marisealphonso
BEYOND THE BINARY: NAVIGATING THE SPECTRUM BETWEEN SUCCESS AND FAILURE IN SECURITY LEADERSHIP
by Lisa Ventura MBE , Founder – Cyber Security Unity
In the world of cybersecurity traditional metrics of success and failure often paint an incomplete picture. Security leaders operate in an environment where perfect protection is not just difficult, it’s impossible. The binary lens through which we typically view outcomes—breach or no breach, incident or no incident—fails to capture the nuanced reality of security work. This article explores how security leaders can navigate the complex spectrum between success and failure, transforming challenges into opportunities for growth, resilience and innovation.
THE MYTH OF PERFECT SECURITY
“There are only two types of companies: those that have been hacked, and those that will be hacked,” said former FBI director Robert Mueller in 2012. More than a decade later this statement rings even truer. The question is no longer if a security incident will occur, but when, and how effectively an organisation can respond.
Maria Chen, CISO at a Fortune 500 healthcare company, puts it this way: “The moment I stopped viewing incidents as failures and started seeing them as inevitable learning opportunities, my entire approach to leadership transformed. We shifted from a culture of blame to one of continuous improvement.”
This perspective doesn’t diminish the importance of prevention. Rather, it acknowledges that in a field where adversaries need to succeed only once while defenders must succeed every time, reframing ‘failure’ becomes essential for sustainable leadership.
REDEFINING SUCCESS IN SECURITY LEADERSHIP
What does success look like when perfection is unattainable? For forward-thinking security leaders the answer lies in reconceptualising both metrics and mindsets.
LISA VENTURA
Jasmine Washington, who rebuilt the security program at a financial services firm after a major breach, explains: “Success isn’t the absence of incidents, it’s how quickly we detect them, how effectively we respond, and most importantly, what we learn that prevents similar issues in the future.”
This approach requires moving beyond simplistic pass/fail evaluations toward a more sophisticated understanding of security as a journey of continuous improvement. Success becomes measured not just by what didn’t happen, but by how the organisation strengthened its posture through each challenge encountered.
THE ART OF THE BLAMELESS POSTMORTEM
Central to transforming incidents into advancement opportunities is the practice of blameless postmortems: systematic analyses focused on process improvement rather than individual fault finding.
“The minute someone feels they might be blamed, their brain switches to self-preservation mode, and the learning opportunity is lost,” explains Sophia Rodriguez, who implemented blameless postmortems at several tech companies. “By creating psychological safety, we get honest accounts of what happened, which is the only way to prevent recurrence.”
Effective blameless postmortems follow several key principles.
Focus on systems, not people. The analysis examines how processes, technologies and
"Success isn’t the absence of incidents, it’s how quickly we detect them, how effectively we respond, and most importantly, what we learn that prevents similar issues in the future.”
organisational factors contributed to the incident rather than seeking individual culprits.
Use neutral language. Replace phrases like “Sarah failed to patch the server” with “The patching process did not include this server in its scope.”
Identify multiple contributing factors. Most security incidents result from a chain of events rather than a single error.
Document specific, actionable improvements. Each postmortem should generate concrete process changes.
Create feedback loops. Track implemented improvements and verify their effectiveness over time.
When Teresa Blackwell became the first woman CISO at her manufacturing firm after a ransomware attack she instituted blameless postmortems as standard practice. “The previous culture of finger-pointing had created an environment where people hid problems until they became crises,” she says. “Within six months of implementing blameless reviews, we saw a 300 percent increase in proactive reporting of potential security issues.
MEASURING PROGRESS IN A PREVENTIONFOCUSED FIELD
One of the most persistent challenges in security leadership is demonstrating value when success often means that nothing noteworthy happened. How do you celebrate wins when your primary objective is preventing negative outcomes?
Naomi Patel, who transitioned from a technical security role to executive leadership, developed what she calls ‘visibility metrics’ to address this problem. She says: “We needed ways to show progress that didn’t depend on breach statistics. We started tracking time-to-detection, vulnerability remediation velocity and security program maturity across different domains.”
Incremental metrics that successful security leaders employ include:
• Mean time to detect (MTTD) and mean time to respond (MTTR), with consistent improvement targets.
• Reduction in the attack surface through vulnerability management.
• Increased coverage of security controls across environments.
• Improvements in security awareness as measured by phishing simulation results.
• Maturity progression across different security domains.
“The key is to create a narrative of continuous improvement,” says Chen. “Board members and executives understand that perfect security isn’t realistic, but they want to see that you’re making measurable progress toward greater resilience.”
LEARNING FROM SETBACKS: WOMEN’S PERSPECTIVES
The security field, still predominantly male, presents additional challenges for women in leadership positions. Yet many women have found that navigating setbacks effectively became their greatest career accelerator.
Washington, who was initially passed over for her CISO role in favour of a less-qualified male colleague, later assumed the position after her
predecessor’s hasty implementation of a security tool created significant operational disruptions. “That incident taught me the value of thoughtful change management and stakeholder communication. When I stepped in, I approached every initiative with careful planning and transparent communication,” she says. “Those lessons from watching someone else’s failure became the foundation of my leadership approach.”
Rodriguez faced scepticism when she advocated for cloud security investments that others considered unnecessary, until a competitor experienced a major breach from the exact vulnerability she had identified. “That moment could have been an ‘I told you so,’ but instead, I used it as an opportunity to build consensus around a more comprehensive cloud security strategy,” she says. “Converting that potential failure into organisational learning accelerated my career more than any success could have.”
BUILDING RESILIENCE THROUGH FAILURE ANALYSIS
Resilience, both personal and organisational, emerges through the intentional processing of setbacks. Security leaders who develop systematic approaches to analysing failures build stronger teams and more robust security postures.
Blackwell implemented what she calls ‘resilience retrospectives’ that look beyond immediate incident response to examine broader organisational factors.
“The key is to create a narrative of continuous improvement,” says Chen. “Board members and executives understand that perfect security isn’t realistic, but they want to see that you’re making measurable progress toward greater resilience.”
“We ask questions like: what early warning signs did we miss? How did our organisational structure help or hinder our response? What assumptions are incorrect? These deeper questions help us build systemic resilience, not just technical fixes.”
Chen emphasises the importance of personal resilience for security leaders. “This role can be isolating. You’re constantly balancing opposing forces: business enablement versus protection, speed versus caution. Learning to view setbacks as data points rather than personal failures is essential for longevity in this field.”
FROM BINARY TO SPECTRUM: A NEW LEADERSHIP PARADIGM
As threats evolve and security landscapes become more complex, effective security leadership increasingly depends on embracing the full spectrum spanning traditional concepts of success and failure.
Patel articulates this shift. “The most dangerous security leaders are those who believe they’ve ‘solved’ security or those who become paralysed by fear of failure. The most effective leaders operate in the middle, confident enough to make decisions under uncertainty while humble enough to continuously learn and adapt.”
This balanced approach—seeing security as a spectrum rather than a binary state—enables leaders to build cultures where reporting of problems is rewarded, incremental improvements are celebrated and failures become the foundation for future success.
As Rodriguez reflects, “The moment you embrace the fact that perfect security doesn’t exist is the moment you begin to build something far more valuable: an adaptable, learning organisation capable of responding to whatever challenges emerge. That’s the true measure of security leadership success.”
If we reframe our understanding of success and failure in security leadership we create space for more authentic, effective approaches to protecting
“The future belongs to those who can thrive in ambiguity,” observes Patel. “Security is inherently a field of trade-offs and calculated risks, not absolutes.”
our organisations while building sustainable careers in the industry.
FINAL THOUGHTS: EMBRACING THE GREY
The journey from binary thinking to spectrum awareness represents more than just a philosophical shift; it’s a practical necessity in today’s security environment. As attack surfaces expand and threats grow more sophisticated, security leaders who cling to simplistic success/failure dichotomies will increasingly find themselves at a disadvantage.
“The future belongs to those who can thrive in ambiguity,” observes Patel. “Security is inherently a field of trade-offs and calculated risks, not absolutes.”
This evolution requires security leaders to develop skills rarely emphasised in technical training: emotional intelligence, change management, strategic communication and, perhaps most importantly, comfort with uncertainty. The ability to acknowledge what isn’t known and to make decisions anyway, distinguishes today’s most effective security leaders.
For those entering the field or seeking to advance their careers this paradigm shift offers both challenge and opportunity. The challenge lies in developing a more nuanced perspective that embraces complexity rather than reducing it to binary outcomes. The opportunity comes from creating more sustainable, psychologically safe environments where innovation flourishes precisely because people aren’t paralysed by fear of failure.
Washington shares a final insight: “I’ve learned that my value as a security leader isn’t measured by
preventing every incident. That’s impossible. It’s measured by how I help the organisation navigate through uncertainty while becoming stronger with each challenge we face.”
As the security landscape continues to evolve this spectrum-based approach provides not just a more accurate model of reality, but a more humane and ultimately more effective framework for leadership. Through acknowledging the continuous gradient between success and failure security leaders can build organisations that are not just protected, but truly resilient, capable of absorbing setbacks, learning rapidly and emerging stronger than before.
In the end perhaps the most binary aspect of security leadership is the choice itself: embrace the spectrum between success and failure or remain limited by outdated notions of perfect protection. For those who choose the former path, a world of more meaningful metrics, more authentic leadership and more resilient organisations awaits.
LISA ON SOCIAL MEDIA AND YOUTUBE
x.com/cybergeekgirl
www.linkedin.com/in/lisasventura
www.facebook.com/lisasventurauk
www.instagram.com/lsventurauk
bsky.app/profile/cybergeekgirl.bsky.social
www.youtube.com/@CyberSecurityLisa
CYBER SECURITY UNITY'S CHANNELS
www.linkedin.com/company/csunity
x.com/CyberSecUnity
www.facebook.com/CyberSecUnityUK
ABOUT LISA VENTURA MBE –FOUNDER, CYBER SECURITY UNITY AND NEURO UNITY
Lisa Ventura MBE is an award-winning cybersecurity specialist, published writer/author, journalist and keynote speaker. She is the founder of Cyber Security Unity, a global community organisation dedicated to bringing individuals and organisations together who actively work in cybersecurity to help combat the growing cyber threat and Neuro Unity, a non-profit that champions and promotes neuroinclusion for all.
As a consultant Lisa also provides cybersecurity awareness and culture change training along with neurodiversity in the workplace training and works with cybersecurity leadership teams to help them collaborate more effectively. She has specialist knowledge in diversity, equity, belonging and inclusion (DEIB), neurodiversity, the human factors of cyber security, cyber psychology, neurodiversity and AI in cyber.
More information about Lisa can be found on www.lisaventura.co.uk or the Cyber Security Unity website www.csu.org.uk
KAREN STEPHENS
Karen Stephens is the co-founder and CEO of BCyber. After more than 25 years in financial services, Karen moved into SME cybersecurity risk management. She works with SMEs to protect and grow their businesses by demystifying the technical aspects of cybersecurity and helping them to identify and address cybersecurity and governance risk gaps. She was recently named inaugural Female Cyber Leader of the Year at the 2023 CyberSecurity Connect Awards in Canberra.
COLUMN
Are
we there yet?
Are we there yet? If you are asking this question in relation to Australian companies’ cyber resilience, the answer is no, not by a long shot. Don’t believe me. Believe the Australian Signals Directorate (ASD) whose most recent Cyber Threat Report shows the ASD receiving a cybercrime notification every six minutes, and fielding an average of 100 hotline calls each day.
Those statistics tell us quite clearly that nefarious cyber activity is still rampant and that cybersecurity is not done and dusted, it is a journey. In fact, it is a never-ending journey, and there is no crib sheet. If the recent FIIG Securities (FIIG) case tells us anything it’s that “Cybersecurity isn’t a set and forget matter. All companies need to proactively and regularly check the adequacy of their cybersecurity measure.”
Let’s debunk three cyber myths and help you in your quest for a cyber safe life.
1. Cyber is just a tech problem. No. The involvement of the human element in breaches is hovering around 60 percent. The bottom line is you can have the best security software in the world, but if you or a colleague insists on clicking on every link known to mankind, then your security software must be 100 percent secure 100 percent of the time, and we know that is unrealistic.
2. Cyber criminals are ‘lone wolves’ in someone’s basement. No. Cybercrime is a business, a very, very big business. If cyber criminals were a country they would be the world’s third largest economy behind the USA and China
3. We use all the web. No. People typically engage with only the so-called visible web, ie the section that houses websites and whose content is
indexed by standard search engines (eg Google, Edge etc). It accounts for about four percent of what is available. The remaining 96 percent is made up of the deep web and the dark web.
It’s not all doom and gloom. Here are three no-cost strategies to enhance both your personal and your company’s cyber resilience.
1. Good password hygiene. While it may not be glamorous, maintaining strong passwords can prevent numerous problems. Aim for at least 16 complex characters. Never reuse or share passwords and consider using a password manager.
2. Trust no one, verify everything. If you receive a call from an unknown number, let it go to voice mail. If you receive a great offer via email, delete it and go straight to the website of the source. There are many more examples, but I think you get the gist.
3. Treat your mobile with respect. These days mobile phones are mini supercomputers. In fact the iPhone in your pocket has over 100,000 times the processing power of the computer that landed man on the moon 50 years ago. Ensure your device’s hardware, software and apps are up to date. Take some time to remove any unnecessary apps and delete any you do not use.
So, are we there yet? No, but hopefully we’ve cleared up some misconceptions and fortified both your personal and company cybersecurity practices.
www.linkedin.com/in/karen-stephens-bcyber
www.bcyber.com.au x.com/bcyber2
karen@bcyber.com.au youtube.bcyber.com.au/2mux
CAREER PERSPECTIVES
SANDRA MWIHAKI
CRIMINOLOGY TO CYBERSECURITY: REWRITING RULES, NOT JUST BREAKING IN
by Sandra Mwihaki , Cybersecurity Analyst
NAVIGATING TECH IDENTITY AND REDEFINING BELONGING, ONE FIREWALL AT A TIME.
I never thought I would develop a passion for technology, especially not after years dedicated to studying criminology. But somehow, in between studying human behaviours and investigating crimes, I became immersed in the digital world. It was not just out of curiosity, but out of necessity. Change is inevitable. Technology is transforming everything, including crimes. I needed to catch up, and that’s how I found myself interested in the cybersecurity world.
Despite my passion and love for cybersecurity, pursuing that interest was not easy. As a woman in a developing country without a degree in computer science, breaking into the tech world was like picking a lock from the outside with my peers asking, ‘Do you even belong to this side?’ Just like every beginner at first, I wasn’t sure. I had to prove I really belonged. I therefore had to learn the lingo, gain some
certifications and learn everything I could about digital forensics, cyber law and ethical hacking. After doing all that, I have learnt that we all belong, even those of us who do not fit the mould.
THE VALUE OF A FAMILIAR PATH
I always get questioned about how I made the shift from criminology to the tech world. For me, it was not a big leap. Because I am now familiar with both fields, I find both to be rooted in protecting systems, understanding patterns and challenging injustices. The only differences are the tools used to carry out these tasks. The most important tool I have carried throughout this process has been perspective.
I never had the privilege of studying on a STEM campus. I learnt through WhatsApp groups and courses offered online. My dedication to learning and advancing my skills gave me a slot in one of the best tech programs, Cyber Shujaa, which also encourages
women to grow and gain confidence in cybersecurity. Being in the community as a security analyst, I found tutors and friends who believed in me. And with every login screen and virtual lab, I started to feel more like a contributor than a visitor.
Over time, I have realised that the tech industry values linear paths as well as formal credentials. However, I tend to think innovation thrives on diversity of thoughts and experiences. My background gave me questions other people did not ask and, in most cases, these questions led to better answers.
INCLUSIVE SECURITY IS BETTER.
According to the World Economic Forum’s 2023 xxx we’ve made progress with women making up to 29.9 percent of the STEM workforce globally. However, women account for only 24 percent of cybersecurity and other security roles, and the number is even lower for woman with disabilities and women of colour (ISC², 2022).
In my experience, cybersecurity is not just about code, it’s also about understanding how people think, where and when the system breaks and, most importantly, what stories data tells. With all this, the field requires all kinds of minds, especially those of women and individuals from neurodivergent backgrounds. For women like me, coming from the global south, tech spaces, especially security, remain inaccessible. If only systems were accessible, how many of us would be innovating the future of digital safety?
In my country, Kenya, cybersecurity is growing, but, unfortunately, resources are often scarce. I therefore approach cybersecurity with a different lens. I understand how to work without the latest tools and still manage to show up with excellence. In local tech hubs, I know of women who are creating security solutions for real-world problems. Even if we are not in Silicon Valley, we are surely creating value day-byday. Unfortunately, the global industry still does not give us a hearing. Talent from the South is seen as an exception and not the norm. This should change, because innovation is global, and so too should opportunity be global.
NEURODIVERGENCE, BURNOUT AND REDEFINING SUCCESS
To prove themselves in cybersecurity, women must work harder than men, especially those of us from underrepresented backgrounds. I have faced impostor syndrome, self-doubt and burnout. My ideas have been dismissed, only to be repeated by someone else with them receiving the praise. As a result of these experiences, I have suffered from burnout and struggled to stay silent, but have had to push on so as not to be seen as weak. This is why we should redefine success: it is knowing when to ask for help and knowing when to rest. Opportunities to succeed can be enhanced by creating systems where we don’t need to burn out to be considered committed.
ARE WE THERE YET?
Well, no, but I strongly believe we are getting there. I have hope, especially for everyone who dares to challenge how things have been done. And, for every young woman wondering if she belongs in tech: yes, you do. We are waiting for you not just to break in but also to rewrite the rules, and everyone passionate about this gets a seat.
www.linkedin.com/in/sandra-mwihaki-66404424
FROM ALASKA AND THE NSA TO LEADING THREAT INTELLIGENCE
AT INFOBLOX: RENÉE BURTON’S JOURNEY
by Renée Burton , Vice President of Threat Intel at Infoblox
In a job interview, we’re often expected to recite our career histories in the span of a few minutes. Similarly, our careers span only a few pages on our resumés, or a few updates on LinkedIn.
Yet, if we reflect on our careers, they cannot be consolidated into bullet points for a CV or a few scrolls on LinkedIn. In each, there are teams of people, an intricate web of support, encouragement, guidance and advice that aren’t featured yet make up the foundation of who we are and where we are today.
In this web there are also unexpected opportunities that provide us with great purpose, or setbacks.
Despite being an extreme planner, to the point that even my spontaneity is planned, when I reflect on my career I can’t say any of it was linear. Running a global threat intelligence team certainly wasn’t in my plan.
So, how does a kid from Alaska find their way to this role? My journey took me from growing up below the US federal poverty line, in a community marked by hardship and crime, to earning a PhD in mathematics and speaking publicly on some of the most advanced issues in cybercrime.
Between these milestones I spent a full career at the National Security Agency (NSA). I have no doubt luck and good timing played a role in my success. But there were people and networks that certainly helped me take advantage of luck when it came my way.
From the very beginning I had the fortune of being surrounded by incredible women. My mother, a child of World War II and an immigrant to the United States, raised three kids on her own. As a single mother in a foreign country, she earned her education and found stability as a teacher.
RENÉE BURTON
She was joined by a community of women who loudly championed education, independence and equality. From great aunts to Girl Scout leaders, I learnt the valuable lessons of leadership, friendship, service and standing up for myself and others. These lessons continue to guide every decision I’ve made.
As I entered my teenage years and started to consider what I might want to be when I grew up, my affinity for planning lead me to consider law. Later, as my studies progressed, I thought my affinity for talking and education might be better suited to a professorial role.
But life has a funny way of sending opportunities your way that you might never have expected. Instead of taking the bar exam or continuing my journey in academia, I wound up at the National Security Agency (NSA) working as a mathematician and a technical director. I even spent time as a strategist working to combat terrorism.
At the NSA I had the good fortune of meeting many mentors, and others who saw potential in me and took an interest in my growth. One said to me, “Someday, you’re going to be asked to be a manager. It might not be what you want to do, but it will be the right thing to do.”
These words were important. When that call came, I knew I had to say yes. It might not have been what I had planned, but I knew it was the right decision.
I spent 20 years at the NSA, even though I had always planned to move back to the Pacific Northwest. Leaving a successful career, surrounded by people you know and trust, is never easy. But when the call came from Infoblox, and they were open to the role being remote, I knew I had to take it.
My role at Infoblox has allowed me to continue my work in threat intelligence, protecting people and organisations from bad actors. In the commercial world I can protect a wide range of individuals from students in classrooms to some of the world’s largest organisations.
In the private sector, the criminals’ tactics are different. I’ve gained a whole new understanding of the impact of crime and what that can look like beyond national security.
We now have a small team of global experts who focus on domain name security (DNS). Nicknamed the phonebook of the internet, 92 percent of cyberattacks rely on DNS in their execution, according to the NSA.
Success in cybersecurity depends on a range of perspectives, and we’re proud that our team includes strong representation from women. Still, the overall talent pipeline for women and underrepresented minorities in this field is not as robust as it needs to be.
Too often, cybersecurity is framed around the latest malware or high-profile breaches. But the real work of fighting cybercrime is a long-term challenge. It begins with encouraging curiosity and developing talent early, starting in elementary school.
Creating opportunities for all children, especially girls and minorities, to explore technology and build confidence in their abilities is essential for the future of both cybersecurity and the broader tech industry.
A community of women surrounded me along the way: women loudly championing education, independence and equality. Now, it’s my turn to be a part of that community for the next generation, perhaps my most exciting role to date.
www.linkedin.com/in/ren%C3%A9e-burton-b7161110b/
Craig Ford Australian BestSelling Author, vCISO, AISA Member Board of Directors
Emma O’Neil Director at CyberWest Hub
Peter Gigengack
Venkat Balakrishnan Chief Information Security Officer at TAL Australia
Director Cyber Security | Capability at the Depar tment of the Pr and Cabinet of W
Rachell DeLuca Director | Protectiv Security & Risk Specialist, Protectiv Security Advisory
Matthew Duckwor th Director, IT Risk and Security at MetLife
Ryan Ko Professor of Cyber Security at The University of Queensland
Director Cyber Security Strategic Development at
Global
Jackie Montado Chief Digital and Technology Officer at Wesfarmers Industrial and Safety
Lindsey Horne Superintendent of Security Operations WA Iron Ore
Vannessa Van Beek
CISO at For tescue
Nadia Taggar t
AARNet
at BHP
Nivedita Newar
Deputy CISO at UNSW
David Griffiths CISO at Nor thern Beaches Council
Helen McLeish Chief Cyber Security Officer at East Metropolitan Health Service W
Roxanne Pashaei Director Cyber Security Operations at Western Sydney University
Marie Patane
NSW Chief Cyber Security Officer at the NSW Department of Customer Service
Tamsin Jowett ICF Executive Coach & Diversity Consultant at Coaching To Thrive
River Nygryn CISO at Hammondcare
Karen Owens Head of Security & Risk (CISO) at Insurance Commission of WA
Sharon Lee Acting Chief Information Security Officer at NSW Depar tment of Creative Industries, Tourism, Hospitality and Spor t
Jacinta Thomson Executive Director Emergency Communications Information Services at Triple Zero Victoria
John Taylor Group Executive | CIO | CTO | CISO
TECHNOLOGY PERSPECTIVES
TANNU JIWNANI
POST-INCIDENT HARDENING AFTER A FORGED TOKEN BREACH
by Tannu Jiwnani , Security Engineer
INTRODUCTION
In cloud-native environments identity serves as the perimeter, with tokens acting as keys. Token forgery can disrupt authentication due to weak validation, stolen keys or a compromised identity provider. Recovery involves containment and defence strengthening. A forged token incident in a zero-trust environment means an unauthorised entity impersonates a user, bypassing multifactor authentication and the entire security stack, highlighting security vulnerabilities and trust verification issues.
This article will offer an overview of tokens, token breach incidents and a post-incident hardening checklist to ensure teams are prepared for future incidents, thereby turning breaches into opportunities for enhancing security measures.
WHAT IS A TOKEN?
A token in cybersecurity is a small data object that functions much like a digital keycard, validating a user’s identity or access rights to systems, applications or services. Common types include:
• access tokens, which grant entry to resources (such as email or cloud services)
• refresh tokens which allow users to obtain new access tokens once the originals expire.
• ID tokens which carry information about the user’s identity and are often used in protocols like OpenID Connect.
Tokens typically contain details such as the user’s identity, their permissions or roles, expiration time, the issuing authority and, often, a digital signature for tamper resistance. Technologies like OAuth 2.0, JWT (JSON Web Tokens), OpenID Connect and API key systems rely on these tokens to enable secure, flexible and scalable authentication and authorisation across digital platforms.
WHAT IS A FORGED TOKEN BREACH?
A forged token breach occurs when an attacker creates or alters an authentication token, like a JWT or OAuth token, to gain unauthorised access. By forging a digital ‘key’ that seems valid they bypass login and permission checks. This can result from weak token validation, compromised signing keys,
misconfigured identity providers or insecure token handling. Once accepted, the forged token allows the attacker to impersonate users, escalate privileges or access sensitive resources undetected, making this breach particularly stealthy and dangerous.
FORGED TOKEN BREACH IDENTIFIED AND MITIGATED!
Consider the scenario of a cloud engineer at a software-as-a-service (SaaS) company who identified an internal service account accessing production APIs from an unfamiliar IP address. Despite the token appearing valid, its behaviour was suspicious. Further investigation revealed that the token had a manipulated issued-at timestamp and lacked the expected metadata typically injected by its identity provider. The engineer promptly raised an internal incident report, initiating an immediate containment protocol: all keys were rotated, affected sessions revoked and access logs scrutinised for anomalies. The breach was contained before any data exfiltration could occur, yet it exposed deficiencies in token validation and logging mechanisms.
Once the immediate threat is mitigated, a crucial task remains: enhancing defences, tightening controls and ensuring such stealthy intrusions are prevented in the future. Below is a post-incident hardening checklist designed to help fortify your environment and address the weaknesses exploited by forged tokens.
POST-INCIDENT HARDENING CHECKLIST
1. Review and harden token validation logic
Token validation is essential for secure authentication. After a forged token incident, enforce signature verification to accept only
tokens signed by a trusted authority. Avoid weak algorithms like none for JWTs. Perform critical claim checks, for example issuer (iss), audience (aud) and expiration (exp) to prevent tampering or reuse of tokens. Implement tight scope restrictions to limit permissions to necessary actions and reject tokens with unrecognised claims. Careful token validation helps eliminate common security vulnerabilities.
2. Audit and rotate signing keys
After a forged token incident audit all signing keys in your authentication systems. If any key is compromised or exposed immediately rotate it to prevent unauthorised access. Regular rotation of keys is essential; invalidate old tokens signed with compromised keys. Use asymmetric encryption algorithms like RS256 or ES256 for better security. Store keys in a key management system (KMS) or hardware security module (HSM). Implement automated key rotation policies to ensure new tokens use the latest keys, minimising exposure risks. A solid key management strategy ensures intercepted tokens can’t be reused or forged, preserving the integrity of the authentication process.
3. Improve logging and traceability
Effective logging and traceability are crucial for detecting and responding to forged token incidents. Ensure your systems log key events like token issuance, validation failures and suspicious usage, capturing details such as user IDs, IP addresses, device types, timestamps and scopes or permissions granted. Implement centralised logging with tools to monitor anomalies and correlate events across systems. Increase log retention periods for longer-lived tokens to investigate incidents over time. This improves traceability, helping to quickly identify and address attacks.
4. Implement token anomaly detection
Anomaly detection is crucial for identifying forged tokens or suspicious behaviour. Monitor token usage patterns to spot unusual activity. Flag tokens with long lifespans, such as access tokens valid beyond an hour, because these increase misuse risk. Watch for unusual claims like admin privileges for normal users
or unexpected roles. Tokens used from distant IPs or in impossible travel scenarios (eg, logging in from different continents within hours) are also red flags. Detect replay patterns where tokens are used simultaneously across multiple endpoints, because these may indicate compromised tokens. Implementing these strategies can help you identify and respond to potential token thefts early.
5. Refine alerting and response playbooks
Timely detection and swift action are essential for responding to a forged token breach. Refine your alert system to flag suspicious token behaviour such as multiple failed validations, use of expired or revoked tokens or tokens with unusual claims. Establish clear response playbooks for containment, investigation and remediation steps, including revoking compromised sessions, rotating signing keys and notifying affected users. Ensure communication protocols keep all stakeholders informed. Regularly test and update these playbooks through exercises or simulations to enhance your team’s readiness. A streamlined alerting and response strategy reduces detection and response times, minimising breach impact.
6. Run red-team or tabletop exercises
One way to test your organisation’s preparedness for a forged token attack is through red team exercises or tabletop simulations. A red team exercise involves ethical hackers replicating the tactics, techniques and procedures (TTPs) of attackers to identify potential vulnerabilities, including forged tokens, and evaluating the effectiveness of your systems and incident response plans.
Alternatively, undertake a tabletop exercise , a discussion-based simulation where your team walks through a hypothetical forged token breach scenario, outlining the response steps, decisions and communication strategies in real time. Such exercises help identify weaknesses in detection mechanisms, token validation logic and response workflows before an actual attack occurs. They also provide insights into improving coordination between security, development and operations teams. By regularly conducting
these exercises, you can continually refine your security posture, ensuring your organisation is prepared to respond effectively to a forged token attack.
CONCLUSION
Forged token incidents indicate underlying issues in trust assumptions within identity architecture which attackers can exploit. Instead of just recovering from the breach, it is important to address these vulnerabilities to enhance security. Consistently validating tokens is crucial for maintaining trust. By strengthening token validation, key management and anomaly detection systems, a more resilient and secure environment can be achieved.
REFERENCES
1. https://www.techtarget.com/searchsecurity/ definition/security-token
2. https://jwt.io/introduction
3. https://auth0.com/blog/refresh-tokens-what-arethey-and-when-to-use-them/
4. https://oauth.net/2/
5. https://openid.net/developers/how-connectworks/
6. https://www.ibm.com/think/topics/asymmetricencryption#:~:text=Asymmetric%20 encryption%20algorithms%20are%20 the,Elliptic%20Curve%20Cryptography%20(ECC)
7. https://auth0.com/blog/rs256-vs-hs256-whatsthe-difference/
8. https://ldapwiki.com/wiki/Wiki.jsp?page=ES256
9. https://securiti.ai/glossary/key-managementservice-kms/
10. https://en.wikipedia.org/wiki/Hardware_security_ module
www.linkedin.com/in/tannujiwnani
STUDENT IN SECURITY SPOTLIGHT
Daniela Chavez Rejas is currently pursuing a Master’s degree in Cybersecurity ICT Innovation at the University of Trento.
Masters of Cybersecurity ICT Innovation student at the University of Trento.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
When I first considered studying cybersecurity, like many people, I thought it was just about a specific set of technical skills. I didn’t realise how broad and diverse the field truly is. As I’ve progressed through my Master’s, I’ve come to appreciate just how vast and multifaceted cybersecurity really is. It’s not just about one thing, it’s a deep and complex area that requires a more focused approach to navigate effectively. I’ve encountered everything from theoretical algorithms to vulnerability analysis in systems and applications. Some courses dove deeply into technical details, while others took a more holistic, systems-level view. It almost felt like I was starting an entirely new degree, but my Bachelor’s background has given me a solid foundation to stay on track. Initially, I had this naïve image of cybersecurity, something out of a movie with hackers lurking behind screens. Now, I realise that cybersecurity is everywhere—it’s about more than just protecting digital systems; it involves things like securing infrastructures and educating people on good cyber hygiene. It’s so much more comprehensive than I ever imagined.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
Luckily, the people around me were incredibly excited and supportive when I got into the cybersecurity Master’s program. We all knew it would be a challenge, especially with the added step of moving to a new city, but everyone was behind me 100%. They saw cybersecurity as such a promising field, especially with how much more crucial it’s becoming in our digital world. It was reassuring to know that my decision was not only supported but also seen as a smart move for my future. It made all the difference to have that encouragement along the way.
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. One of the most memorable experiences for me was taking part in CyberChallenge 2024. I was so honored to be selected to train with a team from my university and participate in the final challenge day. Even though I didn’t make it to the nationals, the experience was incredibly rewarding. During the training, we tackled various challenges on the CyberChallenge platform and worked through extra exercises prepared by our tutors. We covered everything from web security and cryptography to reverse engineering and binary exploitation. It was my first real dive into ethical hacking, and I loved every moment of it. The experience felt like a rollercoaster—some days I felt on top of the world, and other days I doubted if I belonged in this field at all. But I quickly learned that it’s okay not to be perfect at everything right away. What really matters is persistence and working together. I was lucky to have such supportive peers who shared their knowledge with me, and I was able to contribute by offering strengths in other areas. It was a journey of both technical and personal growth, and I’m grateful for all that I learned.
DANIELA CHAVEZ REJAS
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
I believe my program was a great starting point for diving into the huge and rapidly evolving world of cybersecurity. It covered a lot of important areas, like cryptography, network security, risk assessment, and ethical hacking. That said, I feel it could have benefited from a more practical, real-world focus. For example, working on projects based on actual case scenarios or analysing how companies manage their security infrastructure would really help connect the dots between theory and practice. Having that kind of hands-on experience would make a huge difference in preparing students to apply what they’ve learned in the real world.
What aspect of your cybersecurity studies excites you the most, and why?
What excites me the most about cybersecurity is how it’s both a technical and human challenge. On one side, I get to dive deep into technical topics like
encryption or reverse engineering, and on the other, I have to think about how people behave, how systems can be socially attacked, and how security policies are set up. It feels like working on a giant puzzle where every piece matters—code, networks, people, and even psychology. What I find really thrilling is that cybersecurity is never the same for long. There’s always something new to learn or improve on, and that constant change keeps me curious and motivated to stay engaged in the field.
Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges? One area I’ve found especially challenging is lowlevel programming and binary exploitation. It was completely outside my comfort zone at first. It honestly felt like learning a new language. At the beginning, I was pretty overwhelmed, but I’ve learned to take it step by step. I focus on really understanding the basics, practicing with hands on exercises, and reaching out to tutors or classmates who have more
experience. Something that’s made a big difference is shifting my mindset: instead of feeling discouraged when things don’t click right away, I try to see those moments as chances to grow. I’ve realised that struggling with something doesn’t mean I’m not good enough, it just means I’m learning.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
Absolutely. I’ve come to realize that cybersecurity isn’t just about knowing the technical stuff—it’s also about how well you can communicate, collaborate, and sometimes even take the lead. It’s one thing to solve a technical issue, but being able to clearly explain it to someone without a technical background is just as important. I’ve found that soft skills like communication, teamwork, and even a bit of project management play a huge role, especially if you want to move into positions with more responsibility. I’m actively working on building those skills too, because I know they’ll make me a more well-rounded and effective professional in the long run.
Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider?
If I could go back, I think I’d choose to focus on IT a bit earlier. In high school, I followed a science program that only offered a few hours of informatics each week. At the time, I wasn’t totally sure what direction I wanted to take, so I picked something broad and safe. But looking back, I realise that enrolling in a more IT-focused school would’ve given me a stronger technical foundation and the chance to explore those subjects much sooner.
That said, I know it’s completely normal not to have everything figured out at that age. Even though I already had a feeling I wanted to go to university and by the end of my first year, I was pretty sure IT was the right path. I stuck with the original plan. I could’ve switched schools to better match my interests, but every experience along the way has taught me something meaningful. Even if my journey wasn’t the most direct, I’m still grateful for it. It shaped the way I learn and helped me grow in ways I didn’t expect.
www.linkedin.com/in/danielachavezrejas
DANIELA CHAVEZ REJAS
in
Are you a student passionate about shaping the future of security? Do you have innovative ideas and insights to share with a global audience? Join us in contributing to the Women in Security Magazine and become a voice for the next generation of security leaders!
Why contribute?
Gain valuable exposure: Reach over 11000 subscribers globally and showcase your expertise to industry professionals.
Make an impact: Share your experiences, challenges, and aspirations to inspire others and shape the future of security.
How to get involved
Let us know you are interested. We will send you a series of questions of which you can choose which ones you would like to answer. Submit those back to us in an email. We will then edit to be a concise and flowing edited Q&A.
Don't miss this opportunity to be part of a vibrant community of students driving change in the security industry. Contact us today to learn more about how you can contribute to the Women in Security Magazine!
Contact: jane@source2create.com.au
Arianna Menegati has completed studies in Data Security and Information Privacy through a range of respected Australian institutions, including Australian Catholic University (ACU), International College of Management Sydney (ICMS), TAFE, and Academy of Technology (AT).
Professional transitioning into cybersecurity
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest? I usually say something like, “Imagine being the person who stops a cyberattack before it even happens.” That tends to grab people’s attention. Cybersecurity, to me, is this fascinating mix of digital detective work, strategy, and even a bit of psychology. I love explaining how it impacts every corner of our world from hospitals to art galleries and how it’s not just about coding. It’s really about people, systems, and always staying one step ahead. That’s when most people start to get curious and want to know more.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
At first, I honestly thought I had to be some kind of coding whiz to belong in cybersecurity. But once I got into it, I realised just how broad the field really is. What surprised me most was how valuable my background in project management and business operations turned out to be. In my GRC role, it’s
less about deep technical skills and more about understanding frameworks, strategy, and using the communication skills I’d already built over the years. Discovering that was such a relief and honestly, really exciting.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
I’m working toward roles like GRC Analyst or Information Security Consultant, especially in the fintech space. I’m really drawn to the strategic side of things, misunderstanding how businesses work, analysing risks, and putting the right frameworks in place. It’s where my soft skills and technical knowhow really come together. Lately, I’ve been especially motivated by the rise of privacy laws and the challenges around AI compliance. They feel like the next big frontier in security, and I’m excited to be part of that shift.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
To be honest, there was definitely some confusion when I made the shift, especially from people who knew me in sales, customer service, or my managerial roles in fintech. It seemed like a big leap to them, but for me, it felt like the natural next step. I wanted to apply everything I’d learned to a field that’s impactful and future-proof. I didn’t spend time trying to convince anyone, I just threw myself into gaining as much hands-on experience as I could. That’s what really helped me find my footing.
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
The real turning point for me was going through identity theft. Suddenly, cybersecurity wasn’t just
ARIANNA MENEGATI
an interesting concept , it was personal. I needed to understand how things could go so wrong and, more importantly, how to build systems that actually protect people. That experience lit a fire in me. Professionally, my internship at Intrix has been a huge part of that journey. Being trusted to take part in real audits and compliance work gave me a glimpse into how powerful GRC roles can be and how much of a difference they really make.
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. During a virtual internship with Telstra, I worked on a simulated incident involving the Spring4Shell zero-day vulnerability targeting critical infrastructure. I created a firewall rule, wrote up an incident report, and suggested prevention strategies. Even though it was just a simulation, it felt incredibly real and that was the moment it clicked for me. I realised I wasn’t just learning anymore I was actually contributing. That experience gave me a real sense of confidence and belonging in the field.
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
Right now, I’m a GRC intern at Intrix Cybersecurity, where I get to support audits and risk assessments. It’s been a great way to see the inner workings of security in action. I’ve also completed virtual internships with Mastercard, PwC, and Telstra, working on everything from phishing simulations to threat analysis and compliance training. Each project gave me a chance to apply what I’d learned in a real-world context, and that hands-on experience has really boosted my confidence. It’s been exciting to see how all the theory actually makes a difference.
The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue
any of these certifications? If so, which ones, and what factors influenced your choice?
Absolutely! I’ve completed certifications like ISO/IEC 27001:2022 Lead Auditor, Microsoft SC-900, AWS Security Fundamentals, and a handful of micro-certs in areas like networking, vulnerability management, and data privacy. I picked them because they align really well with the GRC space and helped back up the hands-on experience I’ve been building. Each one has not only sharpened my skills but also helped me get clearer on where I want to go in my career and opened up new opportunities along the way.
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
I really get a kick out of taking complex frameworks or legal jargon and breaking it down into something people can actually understand and use. Whether it’s writing security policies, running audits, or mapping controls to real business goals, that’s where I feel most in my element. I’m also really drawn to the ethics and compliance side of AI and automation. It’s such an important and fast-moving area, and I love being part of the conversation around how we get it right.
ARIANNA MENEGATI
What aspect of your cybersecurity studies excites you the most, and why?
Definitely. Cybersecurity isn’t just about the tech it’s about making that tech understandable and meaningful to people. Whether I’m presenting to a board or rolling out a training program, clear communication is everything. My background in project management and business operations has really helped with that, but I’m always working to sharpen those skills. At the end of the day, even the best security strategy won’t work if no one understands or buys into it.
Conversely, which aspect of your studies do you find least interesting or useful, and how do you navigate through it?
I’ll be honest when units get too stuck in outdated systems or overly theoretical content, I find it a bit hard to stay engaged. I know the foundations are important, but I really come alive when the material connects to what’s actually happening in today’s threat landscape. To keep myself motivated, I like to bring in outside resources things like current case studies, articles, or podcasts that help me bridge the gap between what I’m learning and how it applies in the real world. It helps me connect the dots and keeps everything feeling fresh and relevant.
Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges? Yes, networking theory and deep-dive protocol analysis were definitely a challenge at first especially coming in without a traditional IT background. Honestly, it felt like learning a whole new language. What helped me was taking a really practical approach: using tools like Cisco Packet Tracer, diving into video tutorials, and getting hands-on with labs so I could actually see what was happening in a network. I’ve learned that I retain so much more when I can do it, not just read about it.
Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?
Definitely. I’d really love to see more focus on cloud security, privacy law, and AI governance especially since those areas are evolving so quickly and shaping the future of the industry. On the flip side, some units still spend a lot of time on legacy systems that aren’t really used much anymore. I get that there’s value in understanding the roots, but I think the balance needs to shift more toward the skills and risks we’re actually facing today and tomorrow.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
Absolutely. I’ve seen firsthand how important soft skills are in cybersecurity whether it’s breaking down risk for a non-technical audience or building trust between teams. My background in project management really opened my eyes to how much communication and leadership matter when you’re trying to get people on board. Honestly, I think courses should make things like stakeholder communication, influence, and aligning with business goals a core part of the curriculum. That’s what turns a good technical solution into something that actually gets used.
Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?
Yes, I’m especially drawn to communities that uplift women in cyber, and I’m really passionate about topics like AI governance and emerging cloud trends. I stay active on LinkedIn whether it’s joining discussions, sharing what I’ve learned, or just listening in on what others in GRC and compliance are talking about. I also love attending
panels, virtual events, and forums. It helps me stay connected to where the industry’s heading. Being part of that bigger conversation keeps me motivated and reminds me that I absolutely belong here, even if my path into cybersecurity hasn’t been the most traditional. I’m also proud to be part of AWSN because I’m deeply committed to helping increase diversity in this space.
What is your preferred source for staying informed about cybersecurity trends and general information?
I like to mix structured learning with staying plugged into what’s happening right now. For deeper dives, I follow newsletters like The Hacker News, Cybersecurity Dive, and GRC World Forums. They help me stay on top of trends and developments. I also keep an eye on sites like ACSC, OWASP, and ISACA for updates on frameworks and best practices. And for a broader perspective, I follow cyber leaders on LinkedIn and love listening to podcasts like Darknet Diaries and Smashing Security It’s that mix of formal and real-time learning that keeps me both informed and inspired.
Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences.
There’ve definitely been subtle things, like being talked over in meetings or hearing my ideas repeated by someone else and suddenly taken seriously. And more than once, people have assumed I must be from HR or marketing before realising I actually work in cyber. But honestly, that just pushes me harder to carve out space not just for myself, but for others who don’t fit the typical mold. I’ve learned how to stand my ground, speak with confidence, and own my expertise without having to change who I am.
What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?
I’m pretty serious about protecting my digital life especially after going through identity theft. For me, it’s not about being paranoid, it’s just smart prevention. I use layered protection like MFA on all my accounts, keep my passwords strong with a manager, and regularly check app permissions. I also separate my personal and professional profiles and keep an eye on what’s out there about me online. It’s become second nature now, and honestly, it gives me peace of mind.
Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider?
Honestly, I don’t regret taking a nonlinear path into cybersecurity. My background gave me soft skills, resilience, and the ability to adapt things that have become real strengths in this field. If there’s one thing I’d change, it would be giving myself permission to explore tech earlier, without feeling like I had to “fit in” first. But even though that experience has shaped me, it’s made me more empathetic toward others who are making a pivot into cyber and figuring it out as they go.
Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?
Yes, I’ve been actively applying for roles while also working on certifications and interning. It’s definitely a challenge many positions ask for more experience than someone early in their career like me has. But I’ve found that networking and building connections is really key in today’s job market. Each interview I’ve had has been a chance to improve, and I try to see every round as a learning opportunity. I’m getting better with each one!
www.linkedin.com/in/arianna-cybergrc-infosec-ai
Sahana Nagaraj is currently pursuing her MSc in Cybersecurity at the National College of Ireland (NCI).
MSc in Cybersecurity student at the National College of Ireland (NCI).
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?
I like to describe cybersecurity as being a mix of a digital detective and a protector. Everything we rely on our phones, apps, cloud systems need to be kept secure, and that’s where we come in. I often tell people that with AI, IoT, and remote work growing so fast, the threats are growing too. Being in this field means you’re right on the front lines, helping to defend against real-world attacks. It’s exciting because the work is always evolving, it challenges you to keep learning, and you know that what you’re doing truly makes a difference.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
At first, I thought cybersecurity was mostly about things like firewalls and antivirus software—just the basics you hear about. But once I really got into it, I realised how broad and complex the field actually is. It touches everything from network defense and digital forensics to penetration testing, risk management, secure system design, and even psychology. I didn’t expect it to be so multidisciplinary, and that’s what makes it so
fascinating. There’s always something new to learn, and that constant variety keeps me fully engaged.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
I’m aiming to become a Cybersecurity Analyst or a SOC Analyst because I really enjoy the handson, fast-paced side of cybersecurity. I’m especially passionate about spotting threats in real-time, digging into logs, responding to incidents, and using tools like Splunk to make sense of it all. There’s something really exciting about being on the front lines proactively monitoring systems and stopping attacks before they cause damage. It also plays to my strengths in troubleshooting and threat detection, which makes it feel like a natural fit for me.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
At first, there was definitely some confusion from my family; they weren’t quite sure what cybersecurity really involved, since it’s not one of those traditional career paths everyone’s familiar with. A few friends even thought it might be too technical or that I’d be stepping into a very male dominated space. But I handled those concerns by sharing what I was learning, showing them how in-demand cybersecurity professionals are, and talking about how important this work is on a global scale. Over time, they started to understand my passion for it and became more supportive.
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
Working at Tech Mahindra gave me a real glimpse into the cybersecurity challenges we face in the real
SAHANA NAGARAJ
world especially with EV infrastructure and IoTbased systems. Seeing how vulnerable connected environments can be really opened my eyes. Then, during my MSc, I started joining workshops and CTF events, and that hands-on exposure made me realise just how fast-moving and exciting this field is. All of these experiences pulled me toward the defensive side of cybersecurity. I knew I wanted to be the one helping to protect systems and respond when things go wrong.
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. One of the most memorable moments during my studies was taking part in a Capture the Flag (CTF) challenge. It was intense. We were racing against the clock to solve reverse engineering and web exploitation problems, and I absolutely loved it. That experience really clicked with me. It showed me how much I enjoy the thrill of threat hunting and ethical hacking. It also gave me a big confidence boost and confirmed that offensive security is something I’m genuinely passionate about.
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
At Tech Mahindra, I had the chance to work closely with ChargePoint’s EV infrastructure, which was a great learning experience. My role involved spotting any anomalies, analyzing log files, and escalating incidents related to connectivity issues or potential security
misconfigurations. Right now, I’m diving into some exciting projects where I’m analyzing threat intelligence using AI and looking into vulnerabilities in biometric authentication. It’s been a great way to apply my skills and keep growing in the field.
The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice?
Yes, right now I’m working on preparing for CompTIA Security+ and CEH (Certified Ethical Hacker). These certifications are a big part of my plan to break into SOC and incident response roles. They cover key areas like risk management, network security, and ethical hacking—knowledge that’s essential for the career path I’m aiming for. I’m excited to deepen my understanding and take the next step in my journey!
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
Definitely to some extent. My MSc in Cybersecurity covers a lot of great topics like threat intelligence, penetration testing, secure software design, and compliance. But I do feel like there’s room for more hands-on, real-time SOC simulations and deeper integration with tools like Splunk or Elastic. I think that kind of practical experience would make the learning even more valuable and relevant to the kind of work I’m aiming for.
What aspect of your cybersecurity studies excites you the most, and why?
What excites me the most is threat intelligence and ethical hacking. I really enjoy diving into malware behavior, tracking down indicators of compromise, and using tools like Wireshark, Metasploit, and Kali Linux. It’s like solving a challenging puzzle, and knowing that it has real-world implications
just makes it even more rewarding. The sense of uncovering something important and making a difference is what really drives me.
Conversely, which aspect of your studies do you find least interesting or useful, and how do you navigate through it?
I’ll admit, I find regulatory compliance modules a bit dry at times, even though I totally get how crucial they are. To make them more engaging, I try to connect the concepts to real-world examples, like major data breaches where compliance failures led to huge consequences, such as GDPR violations. It helps me see the bigger picture and understand why these rules are so important in the real world.
Are there specific aspects of your cybersecurity studies that you find particularly challenging? If so, what are they, and how do you approach overcoming these challenges? Cryptography can be tricky, especially when it comes to the math behind it. To make it easier, I like to use visual aids and online simulators to see how things work in action. I also break down the more complex algorithms into smaller, simpler steps. It helps me grasp the concepts better and makes it feel less overwhelming.
Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?
Yes, I think there should be more focus on hands-on SOC training and working with real-world tools. A bit less time could be spent on basic IT concepts that most cybersecurity students are already familiar with. It would make the learning experience more relevant and give us the practical skills we need for the field.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
Cybersecurity isn’t just about the technical side—it’s also about being able to explain risks in a way that makes sense to the business. That’s where soft skills like communication, teamwork, and leadership come into play, especially in roles like incident response or risk assessment. Being able to connect the dots between tech and business is key to making sure everyone’s on the same page and ready to tackle challenges together.
SAHANA NAGARAJ
Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?
I stay engaged in the cybersecurity community by attending webinars, joining local meetups, and participating in online CTF challenges. I also follow cybersecurity forums and blogs to keep up with the latest trends and discussions. Being part of these communities exposes me to different attack scenarios and global developments, which really enriches my learning and keeps me on my toes.
What is your preferred source for staying informed about cybersecurity trends and general information?
I follow platforms like ThreatPost, The Hacker News, Krebs on Security, and LinkedIn pages of security researchers. I also watch DefCon and Black Hat sessions on YouTube.
Have you ever encountered situations where being a woman in cybersecurity made you feel disadvantaged or discriminated against? If so, please share your experiences.
I haven’t experienced outright discrimination, but there have been times when I felt underestimated or like the only woman in the room. I try to use those moments as motivation to prove myself and, more importantly, to help create a more inclusive environment for other women in the field. It’s important to me to be part of changing the dynamic and making sure everyone feels like they belong.
What measures do you have in place to enhance your personal cybersecurity in today’s digital landscape?
I make sure to use password managers, enable MFA on all my accounts, and keep my software up to date. I also regularly audit my digital footprint to stay on top of things. For my personal devices, I rely on endpoint security tools and always stay alert for phishing attempts. It’s all about staying proactive and keeping my digital life secure.
Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider?
Looking back on my journey, I’m really grateful for the diverse experiences that have shaped my path. While I do wish I’d gotten into cybersecurity-focused training earlier and taken part in CTFs or internships during my undergrad, the time I spent in IT support gave me a solid foundation. It helped me develop the technical skills and problem-solving abilities I rely on now. The combination of both areas has made it easier for me to adapt quickly in the cybersecurity field, and I’m feeling confident about the direction I’m heading.
Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?
I’ve been actively applying for roles like SOC Analyst, IT Security Intern, and Cybersecurity Graduate positions. It’s definitely a competitive process, but also really rewarding. I’ve gone through technical assessments, behavioral interviews, and casebased questions, which have been great learning experiences. My hands-on experience and academic projects have definitely helped me stand out and show what I bring to the table.
www.linkedin.com/in/sahana-nagaraj01
github.com/Sahana01525
Tiana Attard is currently pursuing a Bachelor of Cyber Security and Behaviour at Western Sydney University
Bachelor of Cyber Security and Behaviour student at Western Sydney University
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
When I first decided to study cybersecurity, I thought it would be all about technical stuff — lots of programming and maybe the classic image of a hacker sitting alone in their basement. That’s pretty much what you see in movies and on TV, right?
But once I got into it, I quickly realised cybersecurity is so much broader than that. It covers everything from ethical hacking and offensive security to governance, risk, and compliance (GRC). Some days you might be doing a physical penetration test, sneaking past physical security or using social engineering to access digital systems. Other days, you could be working in a Security Operations Centre (SOC), monitoring dashboards and investigating suspicious activity.
At first, it was a bit overwhelming to be introduced to such a wide range of areas—I wasn’t sure where to focus or what I was most passionate about. But thanks to my university course, I’ve been able to explore different paths and figure out which parts really excite me. Now, I’m focused on building my skills and deepening my knowledge in those specific areas that I love.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
At the start, my big goal was to land a red team role— something in ethical hacking or penetration testing. I love how the threat landscape is always changing, which means there’s always a new puzzle to solve. I enjoy digging into older vulnerabilities to see how they were exploited, but what really excites me is keeping up with the latest trends and discovering new attack methods before anyone else does. Ethical hacking feels like a creative, critical-thinking challenge that’s both fun and super rewarding. That thrill of solving problems and uncovering hidden weaknesses is what really drives me.
That said, as I explore more cyber roles, I’m discovering paths I hadn’t considered before. Threat intelligence, for example, has really caught my eye. It might not be as common as some other roles, but the idea of analysing emerging threats and staying one step ahead to protect organisations is fascinating. It’s becoming an area I’m really curious about and eager to learn more.
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
I started working as a digital forensics analyst during my second year at university, and it turned out to be such a valuable learning experience. It opened my eyes to a whole side of cybersecurity I hadn’t really explored before. One of the biggest surprises was how much of the role involved working directly with lawyers—something completely new to me. I got a firsthand look at the formal processes behind evidence collection and analysis, especially the importance of detailed documentation to maintain the chain of custody.
That role taught me a lot—everything from writing clear, professional reports and creating forensic images to thinking on my feet when things didn’t go
TIANA ATTARD
to plan. There were definitely moments where images would fail or triaging would hit a snag because of unexpected software issues. I had to learn to stay calm, adapt, and figure out creative solutions.
After spending time on the blue team, I realised my real passion lies in red teaming. That’s what led me to a cyber threat intelligence internship, where I’ve been diving into passive and active reconnaissance and getting hands-on with penetration testing. This internship has helped me build not just my technical skills, but also my confidence in client interactions— especially when I’m walking them through our tools or presenting findings in meetings.
I’ve also been learning how to use alternate search engines like FOFA, Censys, and Shodan, along with Google Dorking techniques, to uncover potential vulnerabilities. On top of that, I’ve been exploring web exploitation using platforms like Metasploitable and WebGoat, which has really pushed me to think more like an attacker. It’s been such a great way to grow both my technical knowledge and my confidence in the field.
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
I think my academic program has given me a really solid foundation to build on. It covers a wide range of areas—everything from networking and programming to ethical hacking, usable security, and general cybersecurity practices. While the course doesn’t always move as fast as the real-world threat landscape, I still feel like it does a great job of teaching the core skills you need to get started in the field.
What I really appreciate is how we’re encouraged to take initiative and stay up to date with what’s happening in the industry. Whether it’s researching the latest vulnerabilities, following new trends, or exploring tools on our own, there’s a strong emphasis
on being curious and proactive. That mindset has been really valuable and has helped me feel more confident and adaptable as I take steps toward a career in cyber.
Considering the holistic requirements of a future role, do you see the need for additional training in non-cyber skills, such as interpersonal communication or management? If yes, why?
I honestly believe that non-technical skills are just as important as technical ones in cybersecurity. Sure, knowing your tools and having that deep technical knowledge is crucial—but at the end of the day, if you can’t explain what you’ve found to someone without a technical background, it’s easy for important issues to get lost in translation.
Being able to clearly communicate complex ideas in a way that makes sense to different audiences is such a valuable skill. Whether it’s working with stakeholders, explaining risks to leadership, or even writing reports, strong interpersonal communication can really make a difference. It helps build trust, ensures that security recommendations are actually followed, and brings teams together. I’ve seen firsthand how bridging that gap between technical and non-technical worlds can be a real game changer.
Reflecting on your journey thus far, would you, with the benefit of hindsight, make any changes to your career trajectory? If yes, what adjustments would you consider?
Looking back on my journey so far, I’m really grateful for the opportunities my university experience has given me—it’s definitely helped shape my path and opened a lot of doors. That said, if I could go back and do a few things differently, I’d definitely focus more on networking.
TIANA ATTARD
The few events I did attend—like conferences, info sessions, and networking dinners—had such a big impact. Talking to people already working in the field gave me a much clearer picture of what life in cybersecurity is really like. I also discovered some great resources and career paths I hadn’t even thought about before. It made me realise how powerful it is to connect with professionals who might later become mentors, collaborators, or even future colleagues.
Alongside that, I’d also dedicate more time to handson technical practice. With so many online resources out there, it can be overwhelming to know where to start. But after speaking with people working in the areas I’m interested in, I’ve found platforms like Hack The Box and TryHackMe to be incredibly useful. I wish I had started exploring those earlier—they offer the kind of practical, challenge-based learning that really helps solidify technical skills in a fun and engaging way.
What aspect of your cybersecurity studies excites you the most, and why?
When it comes to which area of cybersecurity excites me the most, ethical hacking and penetration testing are definitely at the top of the list. During my degree, two subjects really stood out for me—Cyber Crime and Social Engineering in my first year, and Ethical Hacking Principles and Practice in my third. Those classes gave me a glimpse into the offensive side of cyber and really sparked my curiosity. I loved learning how attackers think and the creative ways they find to exploit systems.
What draws me to ethical hacking is that it’s so much more than just technical know-how—it’s about thinking creatively and adapting to unfamiliar environments. No two systems are the same, which means you have to approach each
challenge differently. That mix of logic, curiosity, and problem-solving is what inspires me to keep pushing myself and learning more. It feels a bit like solving a puzzle, and I love that there’s always something new to discover.
Conversely, which aspect of your studies do you find least interesting or useful, and how do you navigate through it?
Since my degree combines cybersecurity with behavioural science, I’ve had the chance to explore both technical and psychology-based subjects. While I completely understand how important human behaviour is in areas like social engineering and insider threats, I’ve found the non-technical, psychology-focused topics to be a bit harder for me to connect with. It’s not that they’re unimportant—it just takes more effort for me to see how the theory applies in real-world cyber scenarios compared to technical subjects, where hands-on labs and problem-solving make the learning feel more natural and immediate.
To manage that, I’ve had to adjust the way I study. Instead of focusing on practical tasks, I spend more time taking detailed notes, engaging with the learning materials, and really trying to understand how these behavioural concepts could fit into a cybersecurity context. Reframing the content like that helps me stay motivated and appreciate its relevance.
Even though these aren’t the subjects I’m most passionate about, I do see the value they bring— especially when it comes to areas like penetration testing or social engineering, where understanding how people think and behave can give you a real edge. So I’ve learned to approach them with an open mind, knowing they’re helping me become a more well-rounded professional.
www.linkedin.com/in/tiana-attard-68a284212
Grace Mawia Mutunda is currently pursuing a degree in Security and Forensics at the Meru University of Science and Technology
Security and Forensics student at the Meru University of Science and Technology
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?
I like to describe it like this: “Think of it as being a digital detective or bodyguard. I get to track down threats, secure systems, and protect people’s data from falling into the wrong hands.” What I love most is that it’s never boring—there’s always something new to learn, and every day brings a fresh challenge. It keeps me on my toes, and that’s what makes it so exciting.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
When I first got interested in cybersecurity, I honestly thought it was just about hacking and setting up firewalls. But once I started learning more, I realised it’s so much bigger than that—it covers everything from digital forensics and ethical hacking to compliance, risk management, and even human psychology. It’s definitely more complex than I expected, but also way more fascinating and meaningful. There’s a real sense of purpose in knowing the work you do can help protect people and systems in a very real way.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
I’m aiming to become a Digital Forensics Analyst because I genuinely enjoy digging into digital evidence and figuring out how security incidents happened. It’s like being a cyber detective—piecing together clues, tracing the steps of an attacker, and helping organisations understand and recover from breaches. There’s something really rewarding about being the one who helps uncover the truth and strengthens security for the future.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
My parents have been really supportive throughout my journey. At first, I actually planned to study medicine, but life had other plans, and I wasn’t able to go down that path. It was my mum—who has a background in computer science—who first introduced me to cybersecurity. She saw how fast the field was growing and believed it would be a great fit for me. Her encouragement really helped me make the switch, and I’m so glad I did. I’ve come to genuinely enjoy the field and appreciate how impactful and exciting it is.
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
When I decided to fully commit to a career in cybersecurity, I was lucky to come across a program called CyberGirls. It’s an amazing initiative that trains and empowers young women with practical cybersecurity skills. Through CyberGirls, I got the chance to dive into Digital Forensics and Threat Intelligence, and that experience really helped shape my path. It gave me more than just technical training—it offered mentorship, real hands-on
GRACE MAWIA MUTUNDA
projects, and a clearer sense of where I wanted to go in the field. It was a turning point for me, and I’m so grateful for it.
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. One project that really stands out for me is when I built a cracked software detector using blockchain and smart contracts. It was such a great way to bring together everything I’d been learning— security concepts, coding skills, and real-world problem-solving. Seeing it actually work during the presentation was such a proud moment. It reminded me why I love this field—turning ideas into something practical and meaningful.
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
I’ve had the chance to work on a mix of personal and academic projects that simulate real-world security challenges—like building license validation systems, which was a great learning experience. I’ve also taken part in Capture The Flag (CTF) competitions, and those have been a lot of fun! They really helped me sharpen my practical skills in spotting vulnerabilities and figuring out how to defend against them. It’s one thing to learn theory, but putting it into action like that has been incredibly valuable.
The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice?
Yes, I’ve already completed the Cisco certification and the ARC-X Threat Intelligence certification, both of which gave me a solid foundation in networking and threat analysis. They really helped build my confidence and gave me a clearer understanding of how things work behind the scenes. I’m also planning to go for the Huawei HCIP certification next—it’s a great way for me to deepen my knowledge, especially in network security. For me, these certifications aren’t just about ticking boxes—they’re a way to stay current, grow technically, and show that I’m serious about building a strong career in cybersecurity.
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
Yes, to some extent. The course has given me a solid foundation, but I’ve noticed that some of the material doesn’t always keep up with how fast the industry is evolving. That’s why I like to go beyond the classroom—whether it’s reading security blogs, exploring online resources, or practicing on hands-on platforms. It helps me stay current and keep building on what I’ve learned in class.
What aspect of your cybersecurity studies excites you the most, and why?
What I really enjoy is the investigative side of cybersecurity—especially digital forensics and incident response. There’s something so fascinating about digging through digital evidence and figuring out the who, what, when, and how behind a cyberattack. It honestly feels like being a detective, but in the digital world. Every clue you uncover brings you one step closer to the bigger picture, and I find that incredibly rewarding.
www.linkedin.com/in/grace-mawia-9b8340269
LISA ROTHFIELD-KIRSCHNER
Author of How We Got Cyber Smart | Amazon Bestseller
New social media rules in Australia
Dear Olivia and Jack,
We wanted to have a quick chat about something that’s changing soon and will probably affect both of you.
A new rule is coming in that sets 16 as the minimum age for using social media, like TikTok, Instagram, Snapchat: all the usual ones. If you're under 16, you’ll need our permission to create or keep using those accounts, and the apps will need to properly verify your age; no more typing in only a birth year and getting through.
We know this might feel annoying or unfair. You’re both smart and thoughtful and just want to stay in touch with friends, share funny stuff and enjoy what everyone else your age is doing. But this new rule isn’t about punishing you or trying to control everything. It’s about keeping you safe online.
Social media has some great things going for it, but it also comes with stuff that can be overwhelming or even harmful, such as pressure to look a certain way, really dark content, mean and nasty comments, people who aren’t who they say they are. The government and the eSafety Commissioner (a role that exists solely to keep people safe online) have seen a lot of this happening to children your age, older and younger. That’s why the rules are changing.
Here’s what it means in practical terms.
• You need to be 16 or older to use most social media without any parental involvement.
• Because you are both under 16, any apps you want to use will need to ask us for permission before you can do so.
• Platforms will be required to verify your age properly, companies break the rules, they can be fined or held responsible.
There’s a trial of the new system happening later this year and, by some time in 2026, it will be fully operational. Because you will still be under 16 at that point, your accounts might need to be paused or adjusted.
We get that this might feel like a step backwards, but it's not forever. Once you hit 16 you'll be able to make those choices yourselves. In the meantime, we can figure out together what makes sense. Maybe that’s using different apps, setting up shared accounts, or just talking about what you’re seeing online and how it’s making you feel.
We’re planning to use things like Apple Screen Time, Google Family Link or Bark to help set healthy limits and keep an eye on your activity without being intrusive. These tools can help protect your privacy and keep you safe, especially while these new changes are rolling out.
We know this won’t be your favourite rule, but please know that it’s not forever and it’s not about whether we trust you; it’s about giving you a bit more time to grow before stepping into platforms that are built for older teens and adults.
We’re proud of how you handle yourselves. We trust you, and we’re always going to be here to help guide you through changes like this, even the ones that feel a bit frustrating.
Love you always, Mum and Dad
PS. If you're curious, or want to understand more about the reasons behind this, we can check out the info together at esafety.gov.au.
www.linkedin.com/in/lisarothfield-kirschner
howwegotcybersmart.com
How We Got Cyber Smart addresses cyber safety, cyber bullying and online safety for elementary school-aged children.
Lisa has partnered with Cool.Org , and her content is found on the Department of Education website .
WOMEN IN SECURITY MAGAZINE CONTRIBUTORS
1. MADHURI NANDI
Madhuri Nandi, Head of security at Nuvei, AWSN Board Chair, author of Cyber Smart
2. AMANDA-JANE TURNER
Author of the Demystifying Cybercrime series and Women in Tech books. Conference Speaker and Cybercrime specialist
3. PURITY NJERI GACHUHI
Cybersecurity Analyst / Cybersecurity Instructor
4. AJ CABRERA
Sales Operations Consultant at Envirosuite; Formerly Senior Sales Operations Analyst at Sekuro
5. AMEERA MWALE
Quality Assurance Engineer, Malawi Telecommunications Limited
6. REGOMODITSWE NALEDI DIALE
Client Cyber Security officer
7. ALYCIA RUMNEY
Cyber Security Operational Assurance at BAE Systems
8. PRADNYA U MANWAR
Senior Director – CyberSecurity and Information Security
9. UMADEVI YANDAMURI
Global Cyber Range Technical Trainer | Customer Success Manager – APAC
10. MEG PEDDADA
Senior Partner Solutions Architect
11. CHARLOTTE WYLIE
Senior Vice President - Deputy Chief Security Officer @ Okta
12. CRAIG FORD
Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC and Baidam Solutions
13. JO STEWART-RATTRAY
Oceania Ambassador, ISACA
14. MARY ATTARD
Accenture ANZ Security Lead
15. MARINA TOAILOA
Risk & Compliance
16. ANDEH CHIOMA
Security analyst and passionate advocate for inclusive technology
17. MARISE ALPHONSO
Information Security Professional
18. LISA VENTURA
Founder, Cyber Security Unity
19. KAREN STEPHENS
CEO and co-founder of BCyber
20. SANDRA MWIHAKI
Cybersecurity Analyst
21. RENÉE BURTON
Vice President of Threat Intel at Infoblox
22. TANNU JIWNANI
Security Engineer
23. DANIELA CHAVEZ REJAS
Masters of Cybersecurity ICT Innovation student at the University of Trento
24. ARIANNA MENEGATI
Professional transitioning into cybersecurity
25. SAHANA NAGARAJ
MSc in Cybersecurity student at the National College of Ireland (NCI)
26. TIANA ATTARD
Bachelor of Cyber Security and Behaviour student at Western Sydney University
27. GRACE MAWIA MUTUNDA
Security and Forensics student at the Meru University of Science and Technology
28. LISA ROTHFIELD-KIRSCHNER
Author of How We Got Cyber Smart | Amazon Bestseller
THE LEARNING HUB
CYBER SECURITY
Leading our list is an SC Training course that offers a comprehensive overview of the basics of cyber security. It’s created for both new and seasoned employees to teach them the importance of taking measures to protect themselves and the company from cyber attacks.
VISIT HERE
CYBERSECURITY FOR BUSINESSES - THE FUNDAMENTAL EDITION
Small businesses are also at risk of hacking. This EC-Council course is particularly aimed to help small business owners understand cyber risk and reduce its possible impacts. It’ll also go over the primary concepts connected to cyber insurance and the advantages and disadvantages of having a policy.
VISIT HERE
INTRODUCTION TO CYBER SECURITY
Up next is another introductory course to the key concepts of cyber security. It’ll delve into the motivation as to why your organization should implement cybersecurity strategies and what leads a hacker to break into the system.
Your teams will also understand why cloud storage is becoming the popular choice today. Plus, it’ll orient them on ransomware, botnet attacks, phishing attacks, cryptocurrency hijacking, and more.
VISIT HERE
COMPUTER FORENSICS
This next course covers a specific aspect of cybersecurity called digital forensics. It differs from the other courses on this list as it goes over the legal side of computer-related crimes and how to obtain evidence for it. This course is created by the Rochester Institute of Technology and is hosted on edX. It’ll talk about court admissibility, appropriate forensic tools, and the forensics report. This is an advanced course so you do need to take a prerequisite training before jumping on this one.
VISIT HERE
CYBERSECURITY BASICS
This IBM course is created with cybersecurity professionals in mind. It’s a good beginner course to jumpstart your or your team’s careers as it goes over key concepts, tools, and practices to protect both digital and physical assets. This course will also dive into various security threats, common best practices, and concepts related to authentication and identity management. This course is self-paced, but it can be taken for a limited time only.
VISIT HERE
CERTIFIED IN CYBERSECURITY (ONLINE SELF-PACED)
This course comes straight from one of the top member associations for cybersecurity professionals, ISC2. They offer online self-paced training that’s free of charge after registering for an account and filling out your ISC2 candidate application form. If you’re looking for free online cyber security courses with certificates, you can register for their free certification exam after getting access to training. The only downside is that there is a 50 USD annual fee to become a certified member of ISC2 after passing the test.
VISIT HERE
GOOGLE CYBERSECURITY PROFESSIONAL CERTIFICATE
Google's cybersecurity certification is available for free on Coursera if you qualify for funding; you will learn in-demand skills such as cybersecurity practices, threats and vulnerabilities, and Python, Linux, and SQ. The course is aimed at beginners with zero industry experience, and you can share the certificate on your LinkedIn profile upon completion.
VISIT HERE
CYBERSECURITY ANALYST
Created by leading academics and experienced professionals, the free online cybersecurity courses explore the fundamentals of one of the world’s most important subjects. Get to know the functions, objectives, and limitations of cybersecurity, along with the roles and responsibilities of primary cybersecurity personnel. Their free cybersecurity awareness training programs are perfect for job seekers and members of the workforce alike – anyone interested in staying safe online. Learn cybersecurity online for free, before progressing to a more advanced diploma program.
VISIT HERE
THE LEARNING HUB
LEARN HTML
Codecademy can be a valuable resource for prospective computer programmers. The site offers free courses in languages including C++, Python and JavaScript. Before diving into more complex concepts, learners should gain an understanding of HyperText Markup Language, or HTML, the building blocks of websites.
VISIT HERE
DIGITAL THINKING TOOLS FOR BETTER DECISION MAKING
Through its OpenLearn platform, U.K.-based The Open University offers a free eight-session course exploring various digital tools and their uses. The course is not necessarily intended for prospective web developers but provides information for people who might use these tools in their everyday lives. Participants learn how to fine-tune their online searches, assess the credibility of information they find online, use Python to calculate answers to problems and use FreeMind to build an argument map.
VISIT HERE
RESPONSIVE WEB DESIGN
A 501(c)(3) charity, freeCodeCamp offers free online courses (with certifications) to people learning to code. The platform’s introductory certification, Responsive Web Design, introduces students to the foundational languages of web development—HTML and CSS—through a series of projects they build themselves. To earn certification, students must build a survey form, a tribute page, a technical documentation page, a product landing page and a personal portfolio page. Along the way, they develop skills by building projects, including a cat photo app and a cafe menu.
VISIT HERE
INTRODUCTION TO COMPUTER SCIENCE
Available to the general public through the edX platform, Harvard’s introductory computer science course explores algorithms, data structures, software engineering, security and more. Students gain familiarity with HTML, CSS, SQL, JavaScript, Python and C; learn to think algorithmically; and explore strategies for efficient problem-solving.
VISIT HERE
SFTP PODCAST
With Olena Kirichok and Anna Kurylo
Successful Females in Tech
Podcast is made for women in tech by women in tech. We would like to challenge the idea that women need to act like men to become successful in tech. In this podcast, we will talk about different aspects of working in the tech industry
MALICIOUS LIFE
Produced by Cybereason
Malicious Life tells unknown stories of the history of cybersecurity, with comments and reflections by real hackers, security experts, journalists, and politicians.
THE WOMEN IN THE ARENA PODCAST
With Rebecca T
The Women in the Arena podcast is dedicated to amplifying America's women veterans' diverse voices and experiences. We honor their resilience, authenticity, and leadership while celebrating remarkable women who have dared greatly in various areas of life.
HOW WOMEN CAN BREAK THROUGH BARRIERS IN THE SECURITY INDUSTRY
With Security Info Watch Aileen Garcia
Women have made significant strides in the security industry in recent years. Greater efforts by organizations like SIA and ASIS have been made to encourage women to enter the cybersecurity workforce, building foundational resources they did not have before. As the cyber talent shortage stretches on with no end in sight, women might provide the burst of energy the industry needs.
CYBERSECURITY & LEADERSHIP WITH MARYAM
With She Knows Tech
In this episode, Shubha sits down with cybersecurity expert Maryam for an insightful conversation covering all things cyber and leadership. From navigating evolving threats and building resilient security strategies to empowering diverse teams and leading with purpose, Maryam shares her journey, challenges, and practical wisdom for thriving in the everchanging tech landscape. Whether you're a cybersecurity professional or an aspiring leader, this episode offers valuable takeaways and inspiration.
WOMEN MAKING WAVES IN CYBERSECURITY (FT. KRISTINA BALAAM)
With Security Soapbox
This episode, Lookout threat researcher Kristina Balaam takes over as guest host to discuss the importance of diversity in cybersecurity with federal sales engineer Victoria Mosby. Victoria is a member of the Day of Shecurity initiative and the Lookout Foundation. Tune in to hear their experiences as engineers in a traditionally male-dominated field and their advice for starting your career in cybersecurity.
CYBERSECURITY WAKE - UP CALL: HOW SAFE IS YOUR GUESTS’ DATA?
With Privacy Check In Podcast
In this inaugural episode of Privacy Check-In, host Felicita J Sandoval MSc., CFE is joined by Jean Marie Altema [altɛːma] and Anita Patel for a Cybersecurity Wake-Up Call: How Safe Is Your Guests’ Data?
FROM CAPITOL HILL TO THE HOKEY POKEY WITH THE KGB!
With Iron Butterfly Podcast
we sit down with Suzanne Spaulding, whose decades of service across CIA, Capitol Hill, and national commissions have quietly shaped modern national security. A force behind bipartisan intelligence oversight and the birth of CISA, Suzanne’s journey is one of courage, idealism, and yes — even a diplomatic hokey pokey with the KGB.
TECH SISTERS STORIES
With Tech Sisters
Tech Sisters is a community that supports Muslim Women in Tech through storytelling, mentorship and collaboration. We know how important it is to have role models who look like us. These interviews are how we put the focus on our incredible sisters, the work they're doing, the challenges they faced, and the lessons they learned.
EMPOWERING WOMEN IN CYBER SECURITY AND THE SPIRITUAL ASPECT OF CYBERSECURITY
With ITSPMagazine
Jessica A. Robinson shared the inspiring story of how PurePoint International came to be - born out of a dream during a pilgrimage in India and Nepal. Her vision encompassed not only traditional cyber security but also holistic security, integrating psychological, emotional, and spiritual well-being into the security framework.
THE DEFENSIVE SECURITY PODCAST
Hosted by Jerry Bell and Andrew Kalat
The Defensive Security Podcast is a weekly information security podcast that reviews recent highprofile cybersecurity breaches, malware infections, and intrusions to identify lessons that can be applied to the organizations we protect.
THE CYBER DEFENSE DIARIES
With
Cyber Secured Podcast
In their first episode, Matt and Attila talk about the importance of staying alert to new cyber threats. They share interesting stories from the news and their own experiences, showing important lessons in being aware and proactive about cybersecurity. They also introduce "Riskara 360," a special tool they created to help businesses check how well they are doing in keeping their cyber defenses strong.
CYBER SECURITY (STEM IS EVERYWHERE)
Author // Carla Delos
Discover how to use your digital technology safely, and avoid dangerous contacts and websites. Young people are often targeted online in a variety of ways. Find out how to stay safe online while enjoying all that computers have to offer us. STEM stands for science, technology, engineering and mathematics, and it is not just for scientists.
BUY THE BOOK
MIND THE TECH GAP
Author // Nikki Robinson
IT and cybersecurity teams have had a long-standing battle between functionality and security. To understand where the problem lies, this book will explore the different job functions, goals, relationships, and other factors that may impact how IT and cybersecurity teams interact.
BUY THE BOOK
CYBERFEMINISM INDEX
Authors // Legacy Russell, Mindy Seu, and Julianne Pierce
Hackers, scholars, artists and activists of all regions, races and sexual orientations consider how humans might reconstruct themselves by way of technology
When learning about internet history, we are taught to focus on engineering, the military-industrial complex and the grandfathers who created the architecture and protocol, but the internet is not only a network of cables, servers and computers. It is an environment that shapes and is shaped by its inhabitants and their use.
BUY THE BOOK
IN SECURITY
Author // Jane Frankland
IF YOU'RE SHORT ON WOMEN YOU'RE LESS SAFE.
Women matter in cybersecurity because of the way they view and deal with risk. Typically, women are more risk averse, compliant with rules, and embracing of organisational controls and technology than men. They're also extremely intuitive and score highly when it comes to emotional and social intelligence, which enables them to remain calm during times of turbulence - a trait that's required when major security breaches and incidents occur.
BUY THE BOOK
THE ART OF ATTACK
Author // Maxie Reynolds
In The Art of Attack: Attacker Mindset for Security Professionals, experienced physical pentester and social engineer Maxie Reynolds untangles the threads of a useful, sometimes dangerous, mentality. The book shows ethical hackers, social engineers, and pentesters what an attacker mindset is and how to use it to their advantage. Adopting this mindset will result in the improvement of security, offensively and defensively, by allowing you to see your environment objectively through the eyes of an attacker.
BUY THE BOOK
COUNTDOWN TO ZERO DAY"
Author // Kim Zetter
The book unfolds like a high-stakes techno-thriller, but it's all factual. It begins with cybersecurity experts' discovery of the Stuxnet worm and tracks the subsequent investigation that revealed its true purpose and sophistication.
BUY THE BOOK
CYBER SECURITY SAM BOOK 2: THE INVISIBLE MAN
Author // Rich Owen
The Invisible Man is a mystery, in which a bright high school boy named Sam helps the FBI and Secret Service investigate potential cybercrime. In this story, you will get an update of the status of the perp from the previous investigation in the book Time Out. Sam will also find himself working with the Secret Service and FBI on an incident that causes all teachers to not get paid. Sam later finds himself helping to solve a major bank robbery where at one point the best suspect is a ghost. After many twists and turns Sam finally garners the help of his friends to identity the perp for the Special Agents.
BUY THE BOOK
CYBER MINDS
Author // Shira Rubinoff
Shira Rubinoff's Cyber Minds brings together the top authorities in cybersecurity to discuss the emergent threats that face industries, societies, militaries, and governments today. With new technology threats, rising international tensions, and state-sponsored cyber attacks, cybersecurity is more important than ever. Cyber Minds serves as a strategic briefing on cybersecurity and data safety, collecting expert insights from sector security leaders,
BUY THE BOOK
MY DEVICE RULES! SIMPLE CYBER SAFETY FOR CONNECTED KIDS
Authors // Kate Power and Rod Power
As our kids spend more and more time on technology, it exposes them (and us) to increased risks. This book is a simple way to help connected kids keep themselves and their data safe. My Device RULES! clearly outlines what to do if they come across adult content or risky links and what behaviour to avoid, such as uploading their picture, personal details or interacting with online strangers.
BUY THE BOOK
OH, NO ... HACKED AGAIN!
Author // Zinet Kemal
Meet Elham, a fun eight-year-old girl who loves online games. While she and her siblings enjoy the adventures of online games, Elham struggles with making the safest decisions.
What happens when she suddenly cannot log in to her favorite game? She’s been hacked before. How will she recover if it happens again? Elham must lean on her mom and siblings to stay safe while navigating the digital world.
BUY THE BOOK
THE SECURITY AWARENESS PIXIEDEALING WITH CYBERBULLYING
Author // Andrew Aken
Through memorable poetry and captivating imagery, Sandy, the Security Awareness Pixie, takes children on an adventure teaching them about security and safety in the online world. Children between the ages of 3-12 are increasingly exposed to digital environments where risks abound. At this impressionable age, children are curious and may inadvertently share personal information or fall victim to online threats such as cyberbullying, inappropriate content, or scams.
BUY THE BOOK
CYBER SAFE: A DOG'S GUIDE TO INTERNET SECURITY
Authors // Renee Tarun, Susan Burg
Lacey is the cyber-smart dog who protects kids by teaching them how to stay safe online. Kids will join Lacey and her friend Gabbi on a fun, cyber-safe adventure to learn the ins and outs of how to behave and how to keep safe online.
Today's kids are accessing the internet about as soon as they start to read. "Cyber Safe" is the fun way to ensure they understand their surroundings as they navigate today's digital world.
BUY THE BOOK
SECURING TOMORROW
By McAfee
SecuringTomorrow is a blog by McAfee, one of the biggest security software providers. The blog often provides original research or statistics, dedicated to cyber threats and protection from them. The blog has sections for both individual and business users.
DARK READING
By Dark Reading
DarkReading is one of the most well-known sites, dedicated to cybersecurity. Here you can find security-related news on many topics: Apps, IoT, Cloud, and much more. DarkReading Twitter account has more than 200k followers, a very solid number for the cybersecurity industry. The blog is constantly updated, with more than 30 new posts published every week.
THE SECURITY LEDGER
By The Security Ledger
The main aspect of cybersecurity this blog focuses on is Internetof-Things security. Being updated with IoT security news becomes more and more important, as the global IoT market is constantly growing. According to Forbes, the IoT market may double by 2021, reaching $520 billion.
SECURITY BRIEF AUSTRALIA
By Security Brief Australia
SecurityBrief Australia is focused on cybersecurity and cyberattack news. Its readers include business and enterprise security decisionmakers. Security Brief Australia is a purely digital publisher that aspires to be the leading source of technology news globally. We run an extensive network of technology news websites throughout the globe, with sites in Asia, Australia and New Zealand.
THE DAILY SWIG
By The Daily Swig
PortSwigger is a web security company on a mission to enable the world to secure the web. Every day, we drive each other on to push the boundaries of what we can accomplish together. We are always growing, learning new skills, and striving to achieve even more.
ESTORM AUSTRALIA » CYBER SECURITY
By EStorm Australia » Cyber Security
eStorm Australia is a Managed Service Provider driving the growth of businesses. For 20 years we have passionately built our reputation in the IT industry as an adaptive, innovative, and creative IT solutions provider for our clients. Our initial discovery process is focused on finding a solution for your business that is scalable, within your budget, and designed to minimize downtime and increase productivity.
READ BLOG
READ BLOG
READ BLOG
READ BLOG
READ BLOG
READ BLOG
ALPHA CYBERSECURITY
By Alpha Cybersecurity
This blog is run by information security professionals, who are dedicated to helping everyone keep themselves safe online. Here you can find articles on recent cybersecurity updates. Also, you can get detailed insights into cybersecurity threats and how to avoid them.
SPINBACKUP BLOG
By Spinbackup Blog
Yep, that’s the blog you are reading now. Spinbackup is a San Francisco-based cybersecurity and cloud-to-cloud backup solutions provider for SaaS data.
In our blog, you can read about cybersecurity threats and ways to protect your data from them. Also, we provide Office 365 and G Suite admin guides, analysis, and other helpful information for IT professionals.
JAM CYBER BLOG
By Jam Cyber Blog
jam Cyber is a joint venture providing Business-to-Business (B2B) solutions to small and medium-sized enterprises (SMEs) since 2006. We are proud to say that no fully managed business customer has left us since we opened in 2006. Jam Cyber works hard to keep it that way. Jam Cyber exists to Keep Your Business Safe and secure and Stop Nasty Cyber Attacks from Damaging Your Livelihood.
CYBRA SECURITY BLOG
By Cybra Security Blog
Cybra is a collection of veteran Australian cyber security professionals who are not afraid to challenge the status quo. We provide realistic and practical advice on how to arm yourself against threats, both internal and external to your business. Our mission is to make cyber security accessible for all Australian businesses.
CYBER DAILY
By Cyber Daily
Momentum Media is an evolving, forward-thinking information and professional development business based on a purpose that supports corporate Australia and the markets critical to our nation's economic prosperity and security.
READ BLOG
IMPROVE YOUR CYBER SECURITY EFFECTIVENESS
By Cyooda Security
Cyooda Security is an independent information security consulting and advisory practice. It was founded in 2023 by John Reeman, a former Chief Information Security Officer and cybersecurity advisor with over twenty-five years of extensive security and industry experience gained by working with some of the largest global organizations and government agencies. In a world where threats evolve at lightning speed, our approach to cyber security is anchored in our name READ BLOG READ BLOG
READ BLOG
READ BLOG
READ BLOG
JOB BOARD
PRINCIPAL ADVISOR, SECURITY | ROBERT WALTERS
FULL TIME NEW ZEALAND
ABOUT THE ROLE
You'll play a key role in strengthening governance, physical and personnel security across the organisation by leading engagement, driving improvements, and embedding good practice into business-as-usual.
YOUR RESPONSIBILITIES WILL INCLUDE:
• Building trusted relationships across the business to embed a culture of security, particularly with front line staff and leadership.
• Leading incident response for physical and personnel security matters and supporting investigations.
• Delivering clear, engaging training and guidance
- moving from one-way delivery to collaborative, practical support.
• Conducting physical security assessments at sites around the country (approx. one trip per month).
• Reviewing and improving existing PSR policies, procedures, and training materials.
• Supporting the organisation's shift to a proactive, embedded model for managing protective security.
AI GENERATED CONTENT PRODUCT POLICY LEAD - TRUST AND SAFETY | TIKTOK
FULL TIME UNITED STATES
RESPONSIBILITIES
The Trust & Safety Policy team develops and reviews our community policies to promote a positive and safe environment for all of our Users and Content Creators to enjoy and express themselves. This role will design the global approach to the AI Generated Content, including researching and drafting policies, advising on critical escalations, and devising strategies to mitigate
harm from novel challenges presented by AI generated content. The Policy Lead will collaborate with cross-functional enforcement partners, brief policy proposals to senior company leadership, engage with external experts, and coordinate closely with product, communications, and government relations teams.
SPECIALIST - CYBER SECURITY | DELOITTE - NZ
FULL TIME NEW ZEALAND
YOUR TYPICAL DAY WILL INCLUDE:
• Serve as an expert to key clients on their cyber, privacy and resilience needs and bringing them valuable insights and fresh thinking.
• Help our clients solve their hard security challenges as they balance the need for business transformation, regulations, and risk management.
• Work with our wider teams to embed secure practices into our client delivery.
ENOUGH
ABOUT US, LET’S TALK ABOUT YOU. YOU ARE SOMEONE WITH:
• At least 5 years’ experience delivering cyber security solutions with a specific focus on cloud
security. Appropriate certifications and qualifications in IT Security, Computer Science or Cloud will be highly beneficial.
• Ability to deliver tangible value to clients and teams.
• Experience working in consulting/professional services environment with a focus on delivering both technical and business outcomes.
• Excellent command of English, spoken and written, as report writing, and presentations are an essential part of the position.
APPLY HERE
APPLY HERE
APPLY HERE
CLOUD, AI, IOT ADVISORY SPECIALIST | WORLD FOOD PROGRAMME
CONTRACT REMOTE ITALY
ACCOUNTABILITIES/RESPONSIBILITIES:
• Continuously monitor and strengthen the security posture of multi-cloud environments (e.g., AWS, Azure, GCP).
• Design, implement, and manage cloud-native security controls including IAM policies, encryption, key management, and centralized logging.
• Collaborate with Development and Infrastructure teams to embed security into CI/CD pipelines and cloud-native workflows.
• Support cloud incident response process.
• Create and maintain comprehensive documentation of cloud security architectures, operational procedures, and configuration.
• Provide cybersecurity advisory support to development and infrastructure teams, promoting secure-by-design principles across cloud platform.
• Conduct threat modeling and risk assessments for AI/ML systems, covering models, datasets, APIs, and associated infrastructure.
• Design and implement protections against AI-specific threats such as adversarial attacks, model extraction, and data poisoning.
• Ensure secure collection, handling, storage and governance of training and inference data in alignment with data security policies.
CYBERSECURITY, BUSINESS APPLICATIONS | IBM
FULL TIME PHILIPPINES
YOUR ROLE AND RESPONSIBILITIES
As a Consulting Field Marketing & Communications Professional, you’ll build go-to-market plans based on a deep understanding of clients, partners and the local market to drive consulting signings pipeline. You will collaborate with multi-disciplinary teams to deliver against shared goals, including Product Marketing, Consultants, and Strategic Partners. To be successful in this role, you need to be a natural storyteller, with strong executive presence and a passion for data.
The Consulting Field Marketer will help achieve the following objectives for the market he/she covers:
• Build deep relationships, pipeline, and advocacy with target audiences through high-caliber experiences
that delight, educate and inspire C-Suite buyers and senior leaders.
• Drive brand eminence and advocacy through client references, client speaking engagements and external communications.
• Grow IBM Consulting pipeline for our offerings and services through sell-to / sell-through Strategic Partners.
• Manage pipeline in partnership with analytics team and direct the work of multi-program plans to react to gaps in pipe, delivering tangible results. Determine innovative ways to progress pipeline and work across teams to create and execute progressionoriented campaigns.
APPLY HERE
CYBER SECURITY ANALYST | OMNI ALL IN (SINGAPORE) PTE.LTD
FULL TIME SINGAPORE
CORE RESPONSIBILITIES & DUTIES:
Security Monitoring and Analysis:
• Monitor security logs, network traffic, and system events for suspicious activity.
• Analyze security alerts and events to identify potential threats and vulnerabilities.
• Utilize security information and event management (SIEM) tools to detect and correlate security incidents.
APPLY HERE
JOB BOARD
HACKER COMMUNITY LEAD | INTIGRITI
FULL TIME ENGLAND
WHAT YOU’LL BE DOING
• Develop a comprehensive plan, combining market research, segmentation, positioning, and tactics to reach target audiences, drive brand awareness, and achieve business objectives.
• Plan and oversee Community events (virtual and in person) such as Challenges, Open Ports, CTFs, and conferences such as BSides and DefCon. Develop and implement strategy, outlining the channels, tactics, and metrics to be used to achieve community objectives.
• Hacker Community Relationship Building - Nurture and engage our community of researchers, fostering positive interactions, facilitating discussions, and
SECURITY ANALYST | ARKOSE LABS
FULL TIME AUSTRALIA
PRIMARY RESPONSIBILITIES
• Provide leadership in an innovative and dynamic team that can inform, influence, and support improved use of data for decision making in customer security through direct support and capacity building.
• Increase the capacity of teams to utilize multisectoral data to improve situational awareness, attack preparedness and response.
• Help drive customer adoption and deliver on Arkose Labs value proposition.
building relationships to cultivate a vibrant and inclusive hacker space focused on researcher growth and effectiveness.
• Gather hacker & market data (annual hacker survey, regular communication with our hackers)
• Monitor Platform wide Community metrics
• Inspire individuals to learn how to hack.
• Manage Technical Content creation
• Identify and grow talent within the community.
• Create & maintain brand ambassadors.
• Create safe spaces for hackers to meet, network and bond.
APPLY HERE
• Collaborate with CSOps team to develop technical approaches and new or enhanced technical tools to improve the analysis and utilization of data.
• Work collaboratively across teams providing technical expertise in the use of data for improved customer security performance.
• Serve as escalation point-of-contact for customers on data analytics and security settings.
APPLY HERE
SECURITY CONSULTANT II, CYBERSECURITY AWARENESS & TRAINING |
TELUS
FULL TIME CANADA
HERE’S HOW
• Develop and deliver engaging cybersecurity awareness training programs covering topics such as phishing, password management, safe browsing practices, email security, and social media awareness.
• Support projects and client engagements by writing reports and preparing presentations, making use of your communication skills to explain security concepts to technical and non-technical audiences.
• Conduct phishing simulations and analyze results to identify areas for improvement in client organizations.
• Stay up-to-date with the latest cybersecurity threats and best practices to ensure training content remains relevant and effective.
• Collaborate with cross-functional teams to integrate security awareness into clients' overall cybersecurity strategies.
APPLY HERE
CYBERSECURITY AND REGULATORY COMPLIANCE SPECIALIST | SAP
FULL TIME CHINA
WHAT YOU WILL DO
• The role works closely with local and global teams across all lines of business, including SAP security community.
• Be part of the China regulatory compliance program, fully involved in program and content discussion meetings and be able to communicate and collaborate with the right knowledge.
• Participate in regulatory security compliance projects across the company to enable secure and compliant products and services delivery.
• Contribute your security expertise and / or regulatory knowledge to further the success of the compliance deliverables.
• Work closely with stakeholders to define project goals, objectives, resource needed, compliance methodology, expected deliverables, achievement and milestones.
• Establish and maintain strong relationships with key stakeholders and partners.
• Take on workstream responsibilities, delegating tasks and responsibilities to project team members based on their strengths, roles and project needs.
APPLY HERE
CYBER SECURITY ENGINEER | CYBER RECRUITZ (PTE. LTD.)
FULL TIME SINGAPORE
KEY RESPONSIBILITIES
• Risk Management: Identify and mitigate cyber risks in on-prem and cloud setups.
• Compliance: Ensure adherence to cybersecurity standards.
• Collaboration: Work with IT teams, PMs, and vendors to embed security.
• Monitoring: Track vulnerabilities and improve overall security posture.
• Awareness: Conduct staff training on security best practices.
REQUIRED SKILLS
• 8+ years overall experience; 3+ in data engineering
• Strong in Databricks on AWS, PySpark, Python.
• Skilled in ETL, data quality, and pipeline automation.
• Familiarity with Informatica DEI is a plus.
• Excellent communicator in client-facing roles.
APPLY HERE
CYBERSECURITY HUMAN RISK PROJECT LEAD | SCHNEIDER ELECTRIC
FULL TIME SPAIN
WHAT WILL YOU DO?
The responsibilities below are shared globally across the team, with each member assigned specific initiatives that encompass global, tailored, and regional aspects.
• Cybersecurity policies
Ensuring cybersecurity policies are not just known, but deeply understood and embraced across the entire company.
• Cybersecurity Awareness assets
Create hands-on, clear and engaging materials that empower employees to enhance their cybersecurity skills and become vigilant cyber citizens.
• Cybersecurity Learning modules
Develop and deliver cybersecurity learning modules to educate employees on best practices and emerging threats.
• Tailored Cybersecurity Awareness and Training Programs
Develop, implement, and continuously improve cybersecurity awareness and training programs to reduce risk from cybersecurity threats and human error.
SECURITY EVENTS
NAMMA PRIVACY CONFERENCE
17 July, 2025 | In Person | Bengaluru, India
Namma Privacy 2025, an initiative by DPO Club, brings together experts from academia, industry, law, and policy to explore privacy, cybersecurity, and the DPDP Act, 2023. Join us for impactful discussions, global insights, and collaborative action to drive India’s privacy movement. Be a catalyst for change and help shape the nation’s data protection future.
CIOMEET 2025: CALGARY
24 July, 2025 | In Person | Calgary, Canada
Successful CIOs empower themselves with the knowledge and experience of their community. Moderated by Former host-anchor-journalist TVA Sports/Sportsnet; Louis Jean, CIOMeet Calgary collaborate Calgary area IT leaders with diverse backgrounds, experiences, and industries to connect the dots between innovation, efficiency, and collaboration.
CYBERSECURITY, DATA BREACH AND DATA PRIVACY FORUM
29 July, 2025 | In Person | Sydney CBD
The importance of cybersecurity and its broader risks have become a social phenomenon. Strong demands from the public, employees and investors and more governmental regulations have strengthened and motivated organisations to track and report their cybersecurity goals. It has also become a strong factor in company's environmental, social and governance (ESG) efforts as a business requirement.
INTERFACE MONTANA 2025
30 July, 2025 | In Person | Bozeman, Montana State University
IT Infrastructure is constantly changing, bringing more new challenges with it every day. From ransomware and the latest security threats to emerging developments in AI and the need for increased bandwidth and storage, it’s nearly impossible to keep up to date. Our conference is designed to help. We’ve assembled a combination of Best-in-Breed hardware and software solutions, along with local experts and organizations to help educate, advise and connect you to resources that can help you meet your goals.
JULY & AUGUST 2025
GOVERNANCE 360 AFRICA: CYBER | FRAUD | RESILIENCE
22-24 July, 2026 | In Person | Mombasa, Kenya
Cybersecurity priorities and best practices, cybercrime risks and mitigations. Building resilient and future facing technology infrastructures, Supply chains and integrity of information. Blockchain, Crypto, AI, Cloud, Leveraging advanced technologies -risks and opportunities.
VIEW HERE
BLACK HAT USA 2025
2-7 August, 2025 | In Person | Las Vegas, Nevada
Black Hat is synonymous with cutting-edge research and practical cybersecurity training. The 2025 edition promises intensive workshops, technical briefings, and demonstrations of the latest vulnerabilities and exploits. Whether you’re a white-hat hacker, a penetration tester, or a cybersecurity policymaker, Black Hat offers unparalleled opportunities to expand your skill set and network with the best in the industry.
VIEW HERE
DEFCON 33
7-10 August, 2025 | In Person | Las Vegas, Nevada
Just after Black Hat, DefCon takes over Las Vegas as a more informal and community-driven event. Known as the largest hacker conference in the world, DefCon is a playground for cybersecurity enthusiasts to test their skills, learn from peers, and explore emerging challenges. From Capture the Flag (CTF) competitions to hands-on hardware hacking villages, it’s an unmissable experience for anyone passionate about cybersecurity.
VIEW HERE
BSIDES SASKATOON 2025
22 August, 2025 | In Person | Saskatoon, Canada
Security BSides, or simply BSides, is a grassroots movement that has sparked a global wave of community-driven conferences presenting a wide array of information security talks. Imagine it as the indie music festival of the cybersecurity world – it’s where the latest tunes in security research and innovation are shared.
VIEW HERE
SECURITY EVENTS
NATIONAL HOMELAND SECURITY CONFERENCE (NHSC) 2025
25-28 August, 2025 | In Person | Washington, D.C.
For professionals working in homeland security, emergency management, and public safety, the NHSC is the go-to event. It provides a platform to discuss cybersecurity issues critical to national security, such as critical infrastructure protection and supply chain risk management. Attendees will gain insights into how cybersecurity intersects with broader security challenges.
GENERATIVE AI SUMMIT LOS ANGELES
27 August, 2025 | In Person | Los Angeles, California
To open Generative AI Summit LA, James Lin will explore the state of the field as it stands, and dive into the blockers in building and deploying applied AI systems.
Drawing on his own recent experiences, James will be focusing on real-world use cases, sharing learnings from his both strategic and technical role. VIEW HERE
SECUREWORLD: CRITICAL INFRASTRACTURE
28 August, 2025 | Online | Portland, Oregon
For more than 25 years, SecureWorld has been the trusted gathering place for cybersecurity professionals—from the CISO to the front-line practitioner—and the solution providers who support them. We bring the full cybersecurity ecosystem together through in-person regional conferences and dynamic virtual experiences, all powered by community.
#LINUXSECURITYSUMMIT
28-29 August, 2025 | In Person | Amsterdam, Netherlands
Linux Security Summit (LSS) is a technical forum for collaboration between Linux developers, researchers, and end users with the primary aim of fostering community efforts to analyze and solve Linux security challenges.
LSS is where key Linux security community members and maintainers gather to present their work and discuss research with peers, joined by those who wish to keep up with the latest in Linux security development and who would like to provide input to the development process.
