Securing your next role in cybersecurity: Tips for acing the interview

Article by Kristina Balaam, Senior Staff Intelligence Researcher, Lookout

Cybersecurity is a fascinating industry filled with potential. As our society continues to introduce technology into nearly every aspect of our personal and professional lives, the demand for cybersecurity professionals continues to grow.

Over the past several years, I’ve been involved in the hiring and interviewing of dozens of candidates for various positions and levels of seniority. While I’ve truly enjoyed every conversation with these candidates, those who that stood out the most to me (and usually to the rest of the interviewing team) all seemed to succeed because they were able to do the following things:

Know your reason for applying for this role

Whether you’re transitioning into cybersecurity from another field or just looking for a new job in a different organization, it’s important to have a genuine answer when asked, “Why do you want this job?”

Despite it being a relatively standard interview question, I’ve spoken with a number of candidates who weren’t able to provide an answer. Even though “a salary bump” or “a more senior title” might be the truth behind your decision to apply, these won’t  always resonate with the hiring team. At least a few of the people interviewing you will likely be the individuals you’ll end up working with, and there tends to be an expectation that a new hire will be enthusiastic about the role or the organization – or both.

Level Up Summit 2022

Don’t miss our Level Up Summit on 06 December, where we’re tackling the barriers for women in tech head on. Join us for keynotes, panels, Q&A’s & breakout sessions on finance, people management, negotiation, influencing skills, confidence building, building internal networks, maximising the power of mentorship, and much more. 

BUY YOUR TICKETS

Be honest about your skills and knowledge gaps

Your resume is an opportunity to brag about what you know and what you’ve accomplished. It’s important, though, that it’s a true representation of your abilities! Even in non-technical roles in cybersecurity, there’s always a good chance that you’ll be asked about the skills or knowledge you have listed on your resume.

If you can’t answer basic questions related to that area of expertise, it will be difficult for an interviewer to believe you truly have the experience you’ve claimed.

Be able to provide details about your most recent work experience

Your interviewers will probably want to hear in detail about the work you’ve been doing in recent years.

Interviewers won’t expect you to recount every little detail from your first ever job, but being able to speak confidently about the projects you’ve completed and your successes (and “failures”) will help reassure your interviewer that the details on your resume are accurate. Be sure to highlight how the good and bad experiences contributed to your career growth.

In lieu of work experience, be able to talk about relevant projects or research

If you’re transitioning into cybersecurity, being able to talk about side projects or personal research (and experience with cyber threats) related to your intended role can demonstrate your interest and experience in the field.

While most entry level positions don’t typically require relevant work experience , having some demonstrable experience – whether through independent study, post-secondary coursework or a CTF (Capture the Flag) competition – can set you apart from other candidates.

Always be prepared to ask your interviewer questions

There’s no guarantee your interviewer will give you time for questions, but have a few ready to ask anyways. While both acting as an interviewer and interviewee, I’ve found that questions for the candidate tend to be left until the end of the interview.

Preparing several questions for the interviewer in advance helps demonstrate your genuine interest in the role, and in the organization / team with whom you hope to work. These could be questions about the corporate culture, the company’s growth plan, and/or the technology used by the team or even something generic like, “Can you tell me your favorite part about working at Company X”?

Interviews can be an exhilarating and nerve-wracking experience. Your interviewers know this too. Good interviewers want you to succeed and want to learn about who you are and what you’re excited about. Keep these tips in mind, be yourself and try to have fun! Remember: even though you’re interviewing for a position, this is also your chance to interview your future employer. Have confidence in yourself, and good luck!


Why SMEs need to train employees in cybersecurity

Article James Swaffield, Managing Director, Capita Learning

The idea of full-time remote working was once exclusive to a small group of people, typically conjuring thoughts of the self-employed person managing their business from the convenience of their home office.

Fast forward to the present, and large swathes of the workforce continue to work from home despite an end to all Covid restrictions at the beginning of the year – recent ONS figures show 23% of UK businesses are using (or plan to use) the remote working model on a permanent basis. Make no mistake: this is a seismic shift in the space of two years.

Yet, while the development and proliferations of businesses technologies have helped facilitate remote working – often with relative ease and speed – it has simultaneously exposed the severe shortage of digital skills among UK employees.

Indeed, research from Salesforce’s Global Digital Skills Index found that 80% of UK workers do not feel ready to operate in a digital-first world, with 43% stating they feel ‘overwhelmed’ by the rate of technological change.

Worryingly, cybersecurity skills shortages are one prevalent area that contributes to this wider digital skills gap. In a report published earlier this year, the Department for Digital, Culture, Media, and Sport (DCMS) found that approximately 697,000 UK businesses (51%) have a basic skills gap. It highlighted that the individuals in charge of cybersecurity in businesses lack the confidence to carry out the kinds of basic tasks laid out in the government-endorsed Cyber Essentials scheme.

Certainly, for organisations of all sizes, a lack of cybersecurity skills among their staff could lead to damaging consequences. Yet, as the ‘war for talent’ intensifies, it is likely that the repercussions could be worse for small and medium enterprises (SMEs), which might lack the resource to attract and retain those with the most highly sought-after skills.

SMEs most at risk

Whenever cybersecurity breaches make the headlines, the target tends to be a major institution or brand.

However, online criminal activity is often directed toward smaller businesses. In fact, Markel found that 51% of SMEs have been the victim of a cybersecurity breach, with malware, data breaches, and phishing the most common forms.

Compared to a larger national and international organisation that may be able to weather the storm of a breach (financially and reputationally), the effects of a cyberattack for SMEs can be devastating. For example, one study in the US found that as many as 60% of hacked SMEs go out of business within six months of an incident.

In addition, to the immediate financial hit from the loss of data and assets, cyberattacks can cause further problems for businesses. For instance, the time and effort spent recuperating from an attack in an attempt to go back to normal operations. At the same time, the possibility of losing a commercial contract or customer trust could potentially be the most damaging side effect of all.

The need to solve the cybersecurity skills deficit could not be stronger, from reputational damage and financial expenses to national security concerns. Employees must be able to recognise and resolve threats to remain ahead of them, which applies not only to cybersecurity experts and IT departments, but to the entire workforce.

Level Up Summit 2022

Don’t miss our Level Up Summit on 06 December, where we’re tackling the barriers for women in tech head on. Join us for keynotes, panels, Q&A’s & breakout sessions on finance, people management, negotiation, influencing skills, confidence building, building internal networks, maximising the power of mentorship, and much more. 

BUY YOUR TICKETS

Reskilling and upskilling are key

Bridging the cybersecurity skills gap does not mean flooding the workforce with highly trained advanced tech professionals.

Instead, the aim should be to take a human-centric approach where all employees are comfortable with the IT systems and processes they are working with – particularly when human error is the biggest culprit for cybersecurity breaches.

Smaller businesses without IT departments should be able to operate smoothly, with business leaders safe in the knowledge that their staff can set up firewalls or safely identify phishing emails and malware. To achieve this, businesses that have not already done so will need to consider training opportunities that allow all staff, not just those in advanced tech roles, to reskill and acquire the digital skills they may be missing.

Fortunately, there are options available. Digital skills bootcamps are a great example of one initiative making real progress in this area. For instance, with a £7 million grant, West Midlands Combined Authority (WMCA) has piloted over 30 digital bootcamps and trained around 2,000 adults with essential tech skills. Recently, a further £21 million was made available from the Adult Education Budget to fund the new bootcamps in the West Midlands over the next three years, with a target of supporting more than 4,000 people.

The bootcamps are guided by seasoned industry specialists and play a critical role in educating the workforce – particularly young people – with hands-on data training. They are free for participants and provide clear channels for employers to either upskill or hire new talent.

Further, these programmes offer a fantastic opportunity to broaden the talent pool in the tech industry. Bridging the cybersecurity skills gap will take a team effort. Essential training should be made available to as many people as possible, regardless of ethnicity, gender, or wealth.

Digital skills bootcamps are crucial to the development of a tech-competent workforce. Certainly, SMEs need to maintain a sufficient level of online security and prevent financial and reputational loss, which is critical to their survival. Therefore, to improve access to digital skills training for all employees, I would advise employers to look for current digital skills partnerships in their region and, if possible, engage with course providers.

James SwaffieldAbout the author

James Swaffield is the Managing Director of Capita Learning. Capita is a consulting, transformation and digital services business that provides innovative solutions to help businesses and the public sector operate effectively and efficiently whilst transforming customer and citizen experience.


Isabelle Freeman, Huawei

In Her Shoes: Isabelle Freeman | Cyber Security Executive, Huawei UK

Meet Isabelle Freeman, Cyber Security Executive at Huawei UK

Isabelle Freeman, Huawei

Isabelle is a Cyber Security Executive at Huawei UK. In this piece, we talk about a typical working day, her advice for those aspiring to a career in tech and what she loves about working at Huawei.

Tell us a bit about yourself, background and your current role

My journey with cyber security began when I began a Master’s in International Security and Risk after having studied Politics and IR as an undergraduate. I was drawn to the interdisciplinary approach between global politics, risk management and cyber security, and after starting quickly realised I wanted my future career to have a similarly dynamic remit.

In September 2020 I began working as a Cyber Security Executive at Huawei UK, a role that combined the two areas of most interest to me: politics and cyber security governance. Over the last two years, my responsibilities have expanded beyond just cyber security, but to also incorporate privacy and data protection.

On a typical workday, how do you start your day and how does it end?

There are three things I make sure I do every morning to get into the right frame of mind for the day ahead. First, I check emails in case there’s anything I need to attend to urgently. Second, I check the news in case there are any stories I’ll need to keep track of throughout the day. And third, is my planning ritual. For me, it’s essential to start my day by scheduling my main priorities and meetings, and making a note of all the tasks, big or small, that I need to get done. Anyone who sees me in the office will know that I have my planner on me at all times – it’s like a bible to me! At the end of the day, once I’ve ticked everything off on my list, I’ll then shut my laptop, go home, and head out for a run.

Did you ever sit down and plan your career?

I had long considered the different types of careers that interested me, but truth be told I would have never expected to end up working in tech. It took some time to decide whether to take the plunge dive into this unfamiliar sector but once I did, it was definitely worth it.

What do you love about working for Huawei UK?

Every day’s a school day when you work at Huawei. On the one hand, the sheer scale of the company means there’s so much going on, but the fact it pioneers so much research means you feel really close to the technology that is transforming the way we live. There’s always something interesting to talk about, whether it’s hearing about the newest products being developed in R&D, the most recent regional strategy, or the latest negotiations with important stakeholders.

Within Huawei, cyber security is treated with the utmost importance, so being on the team has led me to work on a huge array of projects across the business. All these experiences have given me great insights into the industry and Huawei’s place within it, which I’ve found immensely gratifying.

Have you faced any challenges along the way and if so, how did you overcome these challenges?

Beginning my career in the midst of a global pandemic brought a set of challenges I could never have imagined.  The virtual induction process was particularly challenging, and it was harder than usual to get a real sense of the company and its inner workings. Fortunately, all of my colleagues were super supportive, understanding and willing to answer any of my questions. I strongly believe in the importance of asking questions, especially when you are just starting out in your career when you can easily feel overwhelmed. But rest assured, asking for help and guidance whenever you need to will quickly make you far more confident in your role, whatever your company or industry.

Have you benefited from coaching, mentoring or the sponsorship of others?

Immensely! I am extremely grateful to work in a team where I have received invaluable mentoring and coaching. Especially as I am just starting out in my career, learning from colleagues with decades of experience has helped me develop a far more nuanced understanding of the tech landscape than I would otherwise have had access to. I am lucky enough to have great mentors, both technical and non-technical, who I work with on a daily basis.

What advice would you give to those who aspire to a career in tech?

I’d start off by emphasising that with such a rapidly-evolving industry, there is a vast array of careers out there. Don’t get bogged down by the technical knowledge, and instead remember the bigger picture: there will definitely be a place for you to shine. In terms of success, this is always going to look different from person to person, so focus on looking for fulfillment rather than a fancy title or loads of accolades. The best thing you can do in this industry is to have an open and inquisitive mindset, which will be sure to lead you down the right tech avenue.

What does the future hold for you?

Whilst I am only just beginning my career, I hope that my future roles are as interesting and challenging as my current one. With the tech sector moving at such a rapid pace, I particularly look forward to playing a part in developing key technologies that will shape the world for future generations.


Diverse workforces create the best defence: Why cybersecurity needs more women

Article by Nicky Whiting, Director of Consultancy at Defense.com

Women are woefully underrepresented across the entire technology sector, and while efforts are being made to increase female representation within the sector, a significant disparity still exists. 

Cybersecurity sits somewhere in the middle of the various sectors regarding representation, currently 10% higher than the industry average. However, there is a distinct underutilisation of female talent within cybersecurity: women across the globe hold more qualifications than their male counterparts. It is essential to mention that statistics such as these indicate that women often feel like they need to be more qualified than men to be considered for the same role within the cyber sector. As a result, there is currently an enormity of untapped potential leaking out of the industry. This leak needs fixing. As an industry, we are missing out on future leaders, fresh talent essential for innovation, and a collection of diverse mindsets, all of which are crucial to tackling the evolving threat landscape.

The business case for diversity in cybersecurity

By championing diversity and inclusion, businesses can play an important role in addressing long-term societal issues. In the workplace, this action helps to create an environment where innovation, originality and empathy thrive. Working environments where these factors are pervasive often produce cutting-edge products and solutions, precisely what is needed to secure systems against today’s cyber threats.

The lack of diversity in cybersecurity has resulted in teams comprising employees whose experiences, opinions, and ideas are incredibly similar. We need to see more effort being made to embrace better diversity management and a more holistic, inclusive approach to work.

For cybersecurity, as in other industries, the business case for diversity is overwhelming. Organisations that promote diversity and inclusion regularly outperform their rivals and see higher profitability than their less diverse counterparts. Boston Consulting Group found companies with more diverse management teams have 19% higher revenues than their less diverse counterparts. Diversity also has important benefits in boosting employee retention.

If we are to realise these benefits, investing in STEM education needs to be a priority for our industry.

The obstacles facing women in STEM

The gender disparity in the technology sector derives in part from a lack of female representation in STEM (Science, Technology, Engineering, Mathematics) education. A correction needs to occur if we are to see gender divisions within technology begin to shrink. This underrepresentation in STEM is spurred by many obstacles that hold talented women back.

A major obstacle is the lack of role models currently within cybersecurity. Young minds are easily moulded by various forms of media, and at present, there is a blatant lack of female cybersecurity role models for young women to look up to and emulate. Concerted efforts need to be made amongst organisations to ensure that the stories of women in cybersecurity are heard. The amplification of these stories will begin to rectify the STEM issue at hand while attracting females from other sectors who have had somewhat of an interest in this exciting field.

We also need to see more time invested by cybersecurity companies in showcasing to women what a STEM career has to offer them while also enlightening advisors, educators, and parents. Whether it is backing skills workshops in schools, careers presentations to students, or even targeted apprenticeship programmes – cybersecurity companies can and must do more to encourage more women to consider it as a career path. Furthermore, this work must happen as early as possible in young women’s lives, as it becomes increasingly difficult to move into STEM when someone chooses, for example, humanities-based exams at GCSE or A-Level.

It is also important to note that while STEM pathways provide the easiest route to obtaining a career in cybersecurity, it isn’t always necessary. Compliance – a vital part of modern cybersecurity – does not require a background in STEM. 

Creating a cybersecurity environment where women excel

Having worked in various info-sec companies across the UK, I am proud that at Bulletproof, we are committed to creating a workplace that celebrates diversity and encourages a truly inclusive approach to work.

The blueprint for achieving an environment like this is simple. Women must be highlighted within the business and encouraged to step into the spotlight. Employees must be afforded the flexibility needed to deal with the varying circumstances within their lives. Organisations need to ensure that inclusive language is used in all recruitment stages. Recruitment practices should also be re-evaluated to ensure that female candidates understand that they can apply for a role without ticking every box in terms of skills, as men will often apply for positions without doing so. Equal pay and opportunities must be afforded to every individual. Finally, ensuring that a culture of belonging and community is championed throughout the organisation is paramount. Any form of toxicity within an organisation, such as misogynistic comments, must be met with a zero-tolerance approach. This sends a strong message from the top, builds values and creates an environment where women feel comfortable and safe.

Ensuring that this environment is created will only benefit an organisation. The more diverse a cybersecurity workforce is, the more equipped it will be to deal with the myriad of threats facing the current cyber landscape.


Sarah Cunningham

International Women's Day: WeAreTechWomen talk career journeys & advice with an outstanding woman in cyber

Meet Sarah Cunningham, Information Security Consultant at Waterstons

On International Women’s Day, we asked Sarah Cunningham, Waterstons’ information security consultant, more about her story as a woman working in cyber security and her journey into the sector.

Sarah Cunningham

For as long as I can remember I have had an interest in computers and technology.

Growing up and throughout school I excelled in STEM subjects – especially maths and computing – so naturally, I found myself strongly gravitating towards this industry.

After leaving school, I spent some time as a desktop engineer, working with the physical side of computing before moving on to pursue a degree in Ethical Hacking. This, for me, is where I really found my passion and love for cyber security.

Now, almost six years later, I work full time as an information security consultant for Waterstons, where I have the opportunity and freedom to build on my interest in cyber, work with like-minded individuals and help others along the way.

At the beginning of my journey, I found it intimidating walking into a room knowing less than 10% of the people there would be women. Looking back these experiences have helped me to grow and appreciate the position I am in now.

While yes, cyber security is an industry dominated by men, I have always preferred to focus on the quality of incredible women in our field, rather than focusing on the quantity of them. There are so many inspirational women in STEM that it would be difficult to believe you are alone.

Sarah Cunningham - Workshop

Last year I was honoured to have been shortlisted for the Outstanding Woman in Cyber Award at the 2021 Scottish Cyber Awards.

I was very humbled to be standing alongside three other very talented and hard-working women which was prize enough, but to then go on and win the award, I felt overwhelming joy.

While we are still the minority in the cyber security field, awards and events like these – focusing on the female talent in the sector – are a fantastic way to showcase and highlight the exceptional work of women out there.

Surrounding yourself with positive role models who will help you succeed and build a career is the foundation to a successful beginning in this field, and I’m passionate about not only looking to these role models, but aspiring to be one.

In this digital age, we need to move away from the stereotyping of women in our industry and instead focus on inspiring the next generation of young women to enter into the field.

International Women’s Day is a phenomenal opportunity to highlight the efforts of thousands when it comes to fighting these stifling industry stereotypes.

The main piece of advice I would give to all women out there, not only those in STEM, is: Don’t be scared or shy to speak out. Don’t be hesitant to promote your work, and never worry about standing up for yourself and your ideas.

I have learned that by highlighting the amazing work you have done, you are inspiring the next generation of young women to follow in your footsteps!


Understanding the cyber security recruitment pool

cybersecurity, cyber crime

Ipsos MORI and Perspective Economics have been commissioned by the Department for Digital, Culture, Media and Sport (DCMS) to undertake research to quantify and provide understanding of the cyber skills recruitment pool in the UK.

The research aims to gain a better understanding of the cyber skills recruitment pool in the UK, its size and geographic location, the types of skills and experience that are prevalent in the pool and recommendations on how employers can effectively recruit from the pool.

DOWNLOAD THE REPORT

Encouraging more females within cybersecurity

Article by Andrea Babbs, Head of Sales UK & Ireland at VIPRE Security

As a result of the ongoing pandemic, the cybersecurity industry has continued to accelerate, and has no indication of slowing down anytime soon.

With new and innovative methods of hacking affecting businesses of all kinds, the number of cyber attacks is also increasing. A report by DCMS showed that the UK’s cyber security industry is now worth an estimated £8.3 billion – but why do we still see a lack of female representatives for an industry so high in demand?

The industry predominantly remains male-dominated, and this lack of diversity, in turn, means less available talent to help keep up with the rise in mounting cyber threats. Women currently represent about 20% of people working in the field of cybersecurity, says Gartner. Andrea Babbs, Head of Sales UK & Ireland at VIPRE Security, outlines how attracting and embracing more females, and providing equal opportunities within the workplace, is significant for the future of the cybersecurity industry.

Male dominated subjects

Even at the very beginning of a ‘tech’ based career pathway, a woman’s success is already limited. Females make up only 28% of the workforce in science, technology, engineering and math subjects (STEM), and are systematically tracked away from these subjects throughout their learning, and pushed towards written and creative arts, narrowing their training and potential positions to go into these fields later in life.

STEM subjects are traditionally considered as masculine by many. All too often, teachers and parents may steer girls away from pursuing such areas – with females making up just 26% of STEM graduates in 2019. Additionally, there is a need for more female STEM teachers, as young girls may feel that they cannot be what they can’t see. Because less women study and work in STEM, these fields tend to create exclusionary male-dominated cultures that are not inclusive of, or appealing to women.

Barriers into the cybersecurity industry already exist, such as often requiring a minimum of two years of experience for entry level positions. This proposes the question, how do you get those two years without being offered an opportunity to gain the necessary skills or lessons? This requirement leads to talented, tech-savvy young women entering non-tech sectors, further enhancing the pattern of fewer women in cyber security, as well as technology as a whole, even if they have trained in that subject.

Additionally, females who have been successful in entering the industry often receive different treatment compared to males who work in technology, and can occasionally be mistaken for having a less ‘dominant’ role. Another VIPRE colleague, Angela, who has been a Support Engineer at VIPRE for over ten years is still asked to put people through to an engineer on the phone – as it is perceived that as a woman, she can’t be one herself, despite having over a decade of experience. These stereotypes can therefore discourage young women from entering the field and diminish the accomplishments and self esteem of those already in it.

Obstacles and challenges

From engineers to analysts, consultants and technologists, the roles are unlimited in cybersecurity. It is clear for women entering the industry that the profession is not limited to just one type of job, and requires a range of skill sets, most of which can now be done remotely – which has been heightened due to COVID-19.

However, research demonstrates that 66% of women reported that there is no path of progression for them in their career at their current tech companies, suggesting the very reason why women tend to end up in the more ‘customer facing’ roles, such as marketing, sales or customer support. How can females continue to advance once they have a foot in the door into more technical or product focused roles?

Despite girls outperforming boys across a range of STEM subjects, including maths and science, the presumption remains that women are not equipped to take on ‘complex’ tasks and roles. To support this, research reveals those who attend an ‘all-girls’ school and see their female peers also participating in technology subjects, therefore do not have lower-esteem when pursuing that industry, and are in a learning environment free from gender stereotyping, unconscious bias and social pressure. And even if a female is successful within these areas, we continue to see a lack of women represented in senior leadership roles on boards, as CEOs and in STEM careers. We need to dispel the myths that women cannot take on ‘tech-heavy’ jobs.

Maternity leave or taking a break to raise a family is another challenge women face later on in their career. Employers might question the gap in their CV when they eventually want to return to work after taking a break from such a demanding industry to start and raise a family. A recent study shows that three in five professional women return to lower paid or lower-skilled jobs following their career breaks. Additionally, the challenges faced by women returning to the workplace costs the UK an estimated £1.7 billion a year in lost economic output.

“It’s almost considered career suicide to leave,” explains the former senior director of the Anita Borg Institute for Women and Technology, Claudia Galvan. These women find it “almost impossible to go back to work, or if they do go back to work, they have to take totally different jobs from what their career was, a demotion, of course pay cuts — and that’s if they get the opportunity to get back into the workforce.”

Based on my personal experience at a previous employer, whilst it was agreed that I could work fewer days a week after returning from maternity leave, this arguably caused more problems. The ‘compromise’ that was reached was that I could work four days but I still needed to have the same target as people in the same position who worked five days a week. They also reduced my pay by 20% inline with the four day week, and actually created a more stressful environment as I found myself working longer hours over the four days.

One Tech World Virtual Conference 2022

01 APRIL 2022

Book your place now to what is becoming the largest virtual conference for women in technology in 2022

FIND OUT MORE

Everyone is the target. So why not get everyone involved?

To ensure that women gain equal footing in stereotypically male-dominated industries, there is an often-overlooked factor – men need equality too. Businesses need to offer the same level of paternity leave and support to men as they do women when it comes to looking after a family. This then leads to the need for flexibility within working hours for school runs, for example, as it needs to be understood that men have children too, and women are not always the number one caregiver. For example, my husband received more questions about taking time off if our child was unwell than I ever did. He was constantly asked of my whereabouts as if it was my sole responsibility to look after our child, not both of us. Ultimately, the debate here is not just that there needs to be more women in cybersecurity and technology, but that workforces must have diversity within them.

Having a diverse workforce allows there to be a balance of input, more creativity, new perspectives and fresh ideas. From different learning paths, to ways of approaching problems, and bringing in wider viewpoints, women bring an array of different skills, attributes and experience to cybersecurity roles. Working in an industry like cybersecurity where everyone is impacted and everyone is a target – we need everyone to be involved in developing solutions which work to solve the problem. This is not just limited to gender, but also includes age, culture, race and religion. To truly mitigate the risk of cybercrime, we need a solution relevant to all the people impacted by the problem.

Taking action

To begin with, whether this is from a younger age during school studies or university courses, offering varied entry pathways into the industry, or making it easier to return after a break, women must be encouraged into the field of cybersecurity. These hurdles into the sector have to be addressed.

Each business has a part to play when it comes to ensuring that their organisation meets the requirements of all of their employees. From remote or hybrid working, reduced hours or adequate maternity and paternity support, working hours should be more flexible to suit the needs of the employee.

A “return to work scheme” would greatly benefit women if companies were to implement them. This can help those who have had a break from the industry get back into work – and this doesn’t necessarily mean limiting them to roles such as customer support, sales and marketing. HR teams must also do better when it comes to job descriptions, ensuring they appeal to a wider audience, offer flexibility and that the recruitment pool is as diverse as can be.

Setting up the Cyber Security Skill strategy, the government has started taking action. Businesses themselves have also started to enforce programmes to support those with gaps in their CV’s and are eager to return to their careers, such as Ziff Davis’s Restart Programme. This programme is committed to those who have a gap in their experience and are keen to return to their careers, providing them with an employment opportunity which emphasises growth and training, helping professionals return to the workforce. When businesses step up and take matters into their own hands, it provides more available paths into the industry for everyone.

Creating a gender-balanced cyber workforce

The cybersecurity industry remains an attractive and lucrative career path, but more should be done to direct female students in the right way to pursue a job role within STEM and to support those who are returning to work.

There is more of a need than ever before for more diverse teams, as cybersecurity threats become more varied. Becoming part of a gender-balanced cyber workforce is an efficient way to avoid unconscious bias and build a range of solutions to complex problems.

Whilst the latest government initiatives and courses to attract diverse talent, and better the UK’s security and technology sectors is a great start, the only way to progress is more investment and emphasis on STEM as a career path. This will encourage both males and females, who are treated equally and can see themselves reflected in their senior management teams.

Andrea BabbsAbout the author

Andrea Babbs has worked in the IT Industry for over 20 years. During that time she has worked for IT Security Vendors and Resellers dealing with email, endpoint and web security. Andrea is currently Country Manager and Head of Sales for VIPRE Security Limited, where she manages the UK and Irish business. Andrea’s length of experience in the industry means she has seen the threat landscape change from simple viruses and spam to the sophisticated, zero-day, polymorphic threats of today. However, she recognises that in attacks of all types, humans are the last line of defence, meaning they need awareness and effective tools to help them prevent little mistakes with big consequences.


black woman working on computer in the hallway, diversity, SysAdmin Day

Embracing more females within cybersecurity

black woman working on computer in the hallway, diversity, SysAdmin Dayblack woman working on computer in the hallway, diversity, SysAdmin Day

As a result of the ongoing pandemic, the cybersecurity industry has continued to accelerate, and has no indication of slowing down anytime soon.

With new and innovative methods of hacking affecting businesses of all kinds, the number of cyber attacks is also increasing. A report by DCMS showed that the UK’s cyber security industry is now worth an estimated £8.3 billion – but why do we still see a lack of female representatives for an industry so high in demand?

The industry predominantly remains male-dominated, and this lack of diversity, in turn, means less available talent to help keep up with the rise in mounting cyber threats. Women currently represent about 20% of people working in the field of cybersecurity, says Gartner. Andrea Babbs, Head of Sales UK & Ireland at VIPRE Security, outlines how attracting and embracing more females, and providing equal opportunities within the workplace, is significant for the future of the cybersecurity industry.

Male Dominated Subjects

Even at the very beginning of a ‘tech’ based career pathway, a woman’s success is already limited.  Females make up only 28% of the workforce in science, technology, engineering and math subjects (STEM), and are systematically tracked away from these subjects throughout their learning, and pushed towards written and creative arts, narrowing their training and potential positions to go into these fields later in life.

STEM subjects are traditionally considered as masculine by many. All too often, teachers and parents may steer girls away from pursuing such areas – with females making up just 26% of STEM graduates in 2019. Additionally, there is a need for more female STEM teachers, as young girls may feel that they cannot be what they can’t see.Because less women study and work in STEM, these fields tend to create exclusionary male-dominated cultures that are not inclusive of, or appealing to women.

Barriers into the cybersecurity industry already exist, such as often requiring a minimum of two years of experience for entry level positions. This proposes the question, how do you get those two years without being offered an opportunity to gain the necessary skills or lessons? This requirement leads to talented, tech-savvy young women entering non-tech sectors, further enhancing the pattern of fewer women in cyber security, as well as technology as a whole, even if they have trained in that subject.

Additionally, females who have been successful in entering the industry often receive different treatment compared to males who work in technology, and can occasionally be mistaken for having a less ‘dominant’ role. Another VIPRE colleague, Angela, who has been a Support Engineer at VIPRE for over ten years is still asked to put people through to an engineer on the phone – as it is perceived that as a woman, she can’t be one herself, despite having over a decade of experience. These stereotypes can therefore discourage young women from entering the field and diminish the accomplishments and self esteem of those already in it.

Obstacles and Challenges 

From engineers to analysts, consultants and technologists, the roles are unlimited in cybersecurity. It is clear for women entering the industry that the profession is not limited to just one type of job, and requires a range of skill sets, most of which can now be done remotely  – which has been heightened due to COVID-19.

However, research demonstrates that 66% of women reported that there is no path of progression for them in their career at their current tech companies, suggesting the very reason why women tend to end up in the more ‘customer facing’ roles, such as marketing, sales or customer support. How can females continue to advance once they have a foot in the door into more technical or product focused roles?

Despite girls outperforming boys across a range of STEM subjects, including maths and science, the  presumption remains that women are not equipped to take on ‘complex’ tasks and roles. To support this, research reveals those who attend an ‘all-girls’ school and see their female peers also participating in technology subjects, therefore do not have lower-esteem when pursuing that industry, and are in a learning environment free from gender stereotyping, unconscious bias and social pressure. And even if a female is successful within these areas, we continue to see a lack of women represented in senior leadership roles on boards, as CEOs and in STEM careers. We need to dispel the myths that women cannot take on ‘tech-heavy’ jobs.

Maternity leave or taking a break to raise a family is another challenge women face later on in their career. Employers might question the gap in their CV when they eventually want to return to work after taking a break from such a demanding industry to start and raise a family. A recent study shows that three in five professional women return to lower paid or lower-skilled jobs following their career breaks.  Additionally, the challenges faced by women returning to the workplace costs the UK an estimated £1.7 billion a year in lost economic output.

“It’s almost considered career suicide to leave,” explains the former senior director of the Anita Borg Institute for Women and Technology, Claudia Galvan. These women find it “almost impossible to go back to work, or if they do go back to work, they have to take totally different jobs from what their career was, a demotion, of course pay cuts — and that’s if they get the opportunity to get back into the workforce.”

Based on my personal experience at a previous employer, whilst it was agreed that I could work fewer days a week after returning from maternity leave, this arguably caused more problems. The ‘compromise’ that was reached was that I could work four days but I still needed to have the same target as people in the same position who worked five days a week. They also reduced my pay by 20% inline with the four day week, and actually created a more stressful environment as I found myself working longer hours over the four days.

Everyone is the target. So why not get everyone involved? 

To ensure that women gain equal footing in stereotypically male-dominated industries, there is an often-overlooked factor – men need equality too. Businesses need to offer the same level of paternity leave and support to men as they do women when it comes to looking after a family. This then leads to the need for flexibility within working hours for school runs, for example, as it needs to be understood that men have children too, and women are not always the number one caregiver. For example, my husband received more questions about taking time off if our child was unwell than I ever did. He was constantly asked of my whereabouts as if it was my sole responsibility to look after our child, not both of us. Ultimately, the debate here is not just that there needs to be more women in cybersecurity and technology, but that workforces must have diversity within them.

Having a diverse workforce allows there to be a balance of input, more creativity, new perspectives and fresh ideas. From different learning paths, to ways of approaching problems, and bringing in wider viewpoints, women bring an array of different skills, attributes and experience to cybersecurity roles. Working in an industry like cybersecurity where everyone is impacted and everyone is a target – we need everyone to be involved in developing solutions which work to solve the problem. This is not just limited  to gender, but also includes age, culture, race and religion. To truly mitigate the risk of cybercrime, we need a solution relevant to all the people impacted by the problem.

Taking Action 

To begin with, whether this is from a younger age during school studies or university courses, offering varied entry pathways into the industry, or making it easier to return after a break, women must be encouraged into the field of cybersecurity. These hurdles into the sector have to be addressed.

Each business has a part to play when it comes to ensuring that their organisation meets the requirements of all of their employees. From remote or hybrid working, reduced hours or adequate maternity and paternity support, working hours should be more flexible to suit the needs of the employee.

A “return to work scheme” would greatly benefit women if companies were to implement them. This can help those who have had a break from the industry get back into work – and this doesn’t necessarily mean limiting them to roles such as customer support, sales and marketing. HR teams must also do better when it comes to job descriptions, ensuring they appeal to a wider audience, offer flexibility and that the recruitment pool is as diverse as can be.

Setting up the Cyber Security Skill strategy, the government has started taking action. Businesses themselves have also started to enforce programmes to support those with gaps in their CV’s and are eager to return to their careers, such as the Ziff Davis’s Restart Programme. This programme is committed  to those who have a gap in their experience and are keen to return to their careers, providing them with an employment opportunity which emphasises growth and training, helping professionals return to the workforce. When businesses step up and take matters into their own hands, it provides more available paths into the industry for everyone.

Creating a Gender-Balanced Cyber Workforce 

The cybersecurity industry remains an attractive and lucrative career path, but more should be done to direct female students in the right way to pursue a job role within STEM and to support those who are returning to work.

There is more of a need than ever before for more diverse teams, as cybersecurity threats become more varied. Becoming part of a gender-balanced cyber workforce is an efficient way to avoid unconscious bias and build a range of solutions to complex problems.

Whilst the latest government initiatives and courses to attract diverse talent, and better the UK’s security and technology sectors is a great start, the only way to progress is more investment and emphasis on STEM as a career path. This will encourage both males and females, who are treated equally and can see themselves reflected in their senior management teams.

Andrea BabbsAbout the author

Andrea Babbs has worked in the IT Industry for over 20 years. During that time she has worked for IT Security Vendors and Resellers dealing with email, endpoint and web security. Andrea is currently Country Manager and Head of Sales for VIPRE Security Limited, where she manages the UK and Irish business. Andrea’s length of experience in the industry means she has seen the threat landscape change from simple viruses and spam to the sophisticated, zero-day, polymorphic threats of today. However, she recognises that in attacks of all types, humans are the last line of defence, meaning they need awareness and effective tools to help them prevent little mistakes with big consequences.


Taking cyber security seriously for National Cybersecurity Awareness Month

National Cybersecurity Awareness Month is a month-long campaign observed every October and 2021 marks the 18th year since its initial conception.

Since then it has grown exponentially and has become renowned across the word, with businesses, consumers, corporations, educational institutions and young people, all taking stock of the importance of internet security and cyber security measures.

As cyber criminals took advantage of the operational changes businesses had to quickly make as a reaction to the pandemic, ransomware attacks soared with the UK being ranked number 10 on the list of countries worst affected by ransomware. In fact, four in ten UK businesses (39%) experienced a cyber security attack in the last 12 months alone, with around a quarter (27%) of these organisations experiencing them at least once a week.

With cyber attacks becoming more frequent and more sophisticated, WeAreTechWomen took a moment to speak with experts in the field to find out what businesses can do to protect themselves – here is what they had to say:

The first line of defense – employees

National Cyber Security Awareness Month 2021 is a time to reflect on the major technological and lifestyle shifts brought on by the pandemic and their security implications.

Tim Bandos, Digital GuardianFor Tim Bandos, CISO & VP Security Managed Services at Digital Guardian, cyber talent retention should be a top priority. He said: “Finding the right fit for your security team remains a daunting and somewhat challenging task in today’s world. There’s a well-documented shortage of talent across the cyber security industry dating back several years. The pandemic and the challenges it brought have made matters worse.

“When it comes to ensuring cyber talent retention, establishing the right working environment is critical to keeping people engaged and motivated to stay. Having policies to ensure there’s an effective work-life balance and offering solid benefits are important elements when it comes to employee retention. I also believe that if you have a highly collaborative and engaging team that focuses on achieving group goals and taking the time to reward and celebrate them, it goes a very long way in countering anyone’s interest in leaving.”

Providing employees with the right skillset is essential when it comes to cyber security. Don Mowbray, EMEA Lead, Technology & Development at Skillsoft commented: “In today’s digital age, companies must continuously train their employees and build a security-minded workforce that’s aware of the multitude of threats they face.”

He suggests, “leveraging blended learning mixes styles, tactics, and content delivery modalities that make for a robust, effective and tailored environment for all. In cyber security training, it can involve putting the practical skills learned to the test in controlled practice labs or gamified style attacker versus defender environments, with traditional courses and lessons layered throughout, helping learners evaluate their skills via a hands-on approach.”

The right tools for the role

All businesses operate in different ways depending on a multitude of factors such as industry, department, or compliance and regulation. It makes sense then that there is not one-fits-all when it comes to the tools each needs to support the work.

For Phil Dunlop, General Manager, EMEA at Progress, it’s about supporting the IT teams with the correct tools. “As we emerge from the pandemic, and workers start to head back to offices, IT teams continue to carry a heavy responsibility for data security. Within the working environment, employees sharing personal and private data internally and externally is a constant stress for security teams and IT operations. And the data security risks associated with social platforms like Slack, Teams and WhatsApp only add to the pressure.”

Dottie Schindlinger, Executive Director at Diligent Institute, agrees: “Open communication tools – like Slack, texting and personal email – are great for informal communication, but they don’t often provide the level of security or access privileges needed for sensitive communications between executives, the board, legal, HR, risk and compliance teams… Organisations need secure environments and workflows that allow them to communicate highly sensitive information safely, without worrying that it might accidentally be misrouted, forwarded, leaked or even stolen. And, the system must be intuitive and convenient, so executives remain within its workflows and processes without straying to other systems and creating security gaps.”

Keeping technology up to date 

Remote work unexpectedly became the norm in 2020, and as we close out 2021, the hybrid work model may be here to stay for decades to come. “Rather than retreating back to legacy methods and previous strategies, companies must #BeCyberSmart and tackle modern threats head on,” Tyler Farrar, CISO at Exabeam commented. “It’s critical to highlight that compromised credentials are the reason for 61% of breaches today. To remediate incidents involving user credentials and respond to adversaries, organisations must consider an approach that is closely aligned with monitoring user behaviour to get the necessary context needed to restore trust, and react in real time, to protect employee accounts. This should include the ability to understand what normal looks like in your network, so when anything abnormal occurs, you can immediately detect it and prevent it from causing harm or damage to your organisation.”

With ransomware on a continual rise, outsourcing to specialist providers continues to be an increasingly popular choice for businesses requiring expert security services. Andy Collins, Head of Security at Node4 said: “It can be difficult for busy internal security teams to allocate time and resources to essential, but not urgent, tasks such as identifying the most effective local or off-site backup location for each data tier, or analysing the operational impact to avoid performance degradation for systems and applications. Security MSPs can provide great aid in preventing cyber-attacks by providing technical support, filling technical gaps, and staying up to date with the latest threat and security technologies in order to resist their ever-changing nature.”

Recovery over ransom

As fending off cyber attacks becomes a daily reality, having a cyber strategy in place should be a top priority for all businesses to ensure that, should the worst happen, the business is poised to recover.

Andy Fernandez, Senior Manager, Product Marketing at Zerto, a Hewlett Packard Enterprise company said: “Ransomware attacks are evolving, targeting next-gen applications like Kubernetes and Microsoft 365. As the adoption of cloud applications grows, so will exploits and attacks and in turn the importance of restoring data. Modern organisations that are responsible for that data will need to have native data protection solutions that can help them protect internal applications and applications shipped using containers. For example, we are seeing file-less attacks explicitly targeting stateful Kubernetes data.”

Hugh Scantlebury, Founder and CEO at Aqilla agrees, “cyber attacks continue to grow in frequency and severity. Backup and disaster recovery coupled with regularly audited security measures are the best form of defence. But don’t assume that your cloud-based SaaS solutions automatically offer these services.

“Aqilla’s software does. But if you’re using cloud-based accounting and financial software — indeed, any cloud-based solution — we’d recommend you check that your solution operates from a secure and well-managed data centre. Ask your provider if they store your data in accordance with the National Cyber Security Centre’s 14 Cloud Security Principles.

“Finally, check whether disaster recovery and automated backup are taking place (and with what frequency) within your SaaS environments.”

For Thomas Cartlidge, Head of Threat Intelligence at Six Degrees, it is all about cyber hygiene. He told us: “Strong cyber security hygiene has never been as important as it is today. As workers get settled into hybrid environments it is critical your employees protect their identity while at work and at home.”

“Making cyber smart decisions that align to your wider organisational strategy is an essential element of maintaining operational integrity and ensuring success in this hostile digital landscape,” he concludes. “If you have a cyber skills gap in your organisation, you should be soliciting input from a third party to help prioritise your cyber strategy.”


cybersecurity, black iphone with padlock showing

Interested in a Career in Cybersecurity? Here’s How to Make a Meaningful Impact

cybersecurity, black iphone with padlock showing

Article by Meera Rao, Senior Director of Product Management, Synopsys Software Integrity Group

I was a software developer and continuous integration practitioner for over 20 years before I accidentally was thrown into the security field.

When I initially joined this field, I had no clue about anything related to security, and was quite nervous when talking to my own colleagues let alone speaking to clients or at conferences, as I do now. Being able to speak intelligently about the field and sharing my knowledge at conferences helped me a lot in my career in the security field. Having a solid understanding of software development, end to end knowledge of the software development life cycle, and a deep understanding of software architectures was instrumental to my success in the security field.

From data breaches, to open source security issues, IoT devices vulnerable to cyber-attacks, and unsecured servers, we have seen it all and continue observing these security issues pop up almost every day. So, how can you be part of an industry which has a severe talent deficit, make a positive impact, grow your career, and be well compensated?

In all honesty, having advanced degrees in information security is not necessary to be a leader in this industry, and I am the prime example of this fact. Let me walk you through the job requirements for some of the latest AppSec focus areas, and offer some guidance around how to contribute and be part of the latest trends in the industry:

Cloud Security Practitioner: Cloud is the talk of the town these days. Every organization (big or small) wants to move to cloud. To work as a cloud security practitioner, you need to have experience in building, communicating, and managing cloud environments. You also need to have managed migration to the cloud, delivered a cloud native project, led and/or delivered cloud automation, and have a working knowledge of Amazon Web Services, Microsoft Azure, and Google Cloud platforms. Knowledge of RedHat / OpenStack would also be highly valuable.

DevSecOps Engineer: Who hasn’t heard of these industry buzz words: DevOps, DevSecOps, SecDevOps? If you are interested in being part of a great DevSecOps team as a DevSecOps engineer, then you should gain experience in containerization technology—preferably Docker and Kubernetes, have written enterprise Java applications using the JEE technology stack, have deep knowledge of build automation using tools like Jenkins, Bamboo, release automation (e.g., Jenkins, Puppet, etc.) and experience using scripting languages (e.g., Ruby, Python, etc.).

Security Champion: Security Champions are software developers. They allow for application security development and architecture to provide the first level of defense when it comes to providing application security guidance to development teams. If you are part of a development team, have good communication skills, and are curious to know more about security, you can be a security champion candidate.

The following roles require that you have a solid understanding of application architectures, frameworks, threat landscape, and some security background.

Threat Modeling SME: Threat modeling identifies the types of threat agents that cause harm and adopts the perspective of malicious hackers to see how much damage can be done to a system. Threat modeling subject matter expertise would require you to review the system’s major software components, security controls, assets, and trust boundaries, and then model those threats against existing countermeasures. You would then need to evaluate the potential outcomes.

Threat modeling requires an experienced security architect with knowledge in three fundamental areas: architecture and design patterns, enterprise application technologies, and security controls and best practices. Performing threat modeling is a difficult and an expensive undertaking for most organizations. Finding skilled resources is oftentimes a challenge.

Security Consultant: Do you like traveling (a requirement under traditional circumstances)? How about working within different industry verticals such as multinational media corporations, healthcare companies, financial institutions, pharmaceutical companies, and so on? Do you like the idea of parachuting in wherever software insecurity invades and work to stomp out bugs and flaws wherever they hide? Then you would enjoy life as a security consultant. In this role you will be able to perform source code analysis, software penetration testing, secure software design and architecture, and will become an indispensable advisor to customers.

I want to leave you with a final word. What I’ve shared with you today presents a teaser of all the exciting career options you can have in the AppSec industry. However, the key to being successful is constantly learning about new attacks, threats, and above all, helping customers exterminate bugs and untangle the flaws that make their systems insecure.