Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Move beyond your SEG with Tessian’s SEG Consolidation Wizard  | Generate Report Now →

Cyber Skills Gap
IT Departments are Looking for New Jobs: Here’s How to Retain Talent
by Andrew Webb Thursday, March 24th, 2022
You can’t stop people from leaving for pastures new; employee turnover is a natural function of any organization. But when that trickle turns into a flood, there’s an issue. Our recent Great Re-evaluation research conducted revealed that 55% of employees are thinking about leaving their jobs this year. What’s more, 39% are currently working their notice period or actively looking for a new role in the next six months. But who’s leaving, and why? According to research by Harvard Business Review, ‘mid career’ employees between 30 and 45 years old have had seen the greatest increase in resignation rates. The research also identified the most at risk sectors and alarmingly tech industry resignations came out on top, with an increase of 4.5% (compared to 3.6% in healthcare for example). If this sounds like the situation in your security or IT team, here’s why they might be leaving, and what you can do about it.
Why are people quitting?   A recent McKinsey report highlighted that it wasn’t always the promise of a higher salary that lures people away. Instead, the things employees were looking for were: feeling valued by either the organization or by their immediate managers, a sense of belonging, and a flexible work schedule. In essence, employees were far more likely to prioritize relational factors, whereas employers were more likely to focus on transactional ones   The past two years have certainly taken their toll on security teams from the CISO down, and people are a little burnt out and stressed. SOC teams are on the front line of a company’s defenses against cyberattacks – alert fatigue is real.  What to do: Work with your people team on an employee support plan, schedule regular check-ins with team members, and explore technological solutions like Spill.chat – full disclosure, it’s what we use here at Tessian.
Highlight team achievements   SOC team members have a thirst for knowledge – they have to reply to an attack quickly in a high-pressure situation. If they feel they haven’t got the support and encouragement they need, both managerially and technologically, they’ll walk. After all, it can be particularly demoralizing to devote eight hours a day to defending an organization when that defense is neither valued and acknowledged nor resourced sufficiently.    What to do: As the company’s security leader, you have to beat the drum for your team’s work and show the value that it brings to the company. Remember, IBM’s ‘Cost of a Data Breach’ report tells us the average cost of a breach is $4.24 million. Communicate that, whether it’s at the all-hands or a poster in the restrooms.
Automate and augment the mundane The IBM Pollyanna Principle states ‘machines should work; people should think’. That means you should review your security automation and response (SOAR) set-up periodically and see what can be automated. Things that automate well are repeatable manual tasks, threat investigations, triage of false positives, and creating reports. This Microsoft blog has some great tips on what security tasks and objectives you should automate, and why. After all, if attackers are automating many of their processes for increased efficiency, so should you.  What to do: Automating the everyday tasks from reporting to rooting out false positives will help you and your team concentrate on the critical issues. Be realistic about what automation is capable of. With that expectation, focus on areas where augmentation can help the team make faster and better decisions. That’s the winning formula.
Reward growth   As Mike Privette said in our podcast, security is the one corporate function that should always be growing. As we explored in this article, one of the key factors in building out a security team is that people must have confidence that they can grow and gain value by staying within the organization. So as well as increasing the team in terms of overall size, prioritize elevating existing team members into more senior roles.   What to do: Have a clear understanding of individuals’ potential career progression within the organization. Work with your People team on highlighting future opportunities and creating growth plans for 6-12 months down the line.  
Make time for training, learning and development   As well as promotions and increased responsibilities for some team members, training across the team keeps everyone united and aligned. Training in conjunction with things like automation is most effective when you’re looking to change behaviors, such as decreased response times or triaging.   For the fifth straight year, the ISSA and EGA Cyber security survey reveals that 59% of cybersecurity professionals agree that while they try to keep up with cybersecurity skills development, job requirements often get in the way. As the survey notes, ‘This training gap is quietly increasing cyber risks at your organization’   What to do: designate a baseline metric to improve upon, and design a training program that is focused, flexible, and able to meet that metric. If training lacks an objective and feels like a chore, people will treat it as a chore.    Finally, if people are dead set on leaving, the only thing you can do is wish them all the best. Infosec is a small world and chances are your paths might cross again.
Read Blog Post
Cyber Skills Gap
There Isn’t a Cyber Skills Shortage, You’re Just Not Hiring and Retaining The Right People
by Josh Yavor Friday, March 18th, 2022
The Cyberseek heatmap shows there are over 500,000 cyber job openings in the US alone, and globally over 3.5 million.. With so many unfilled vacancies there must be a skills shortage, right? I’m not so sure. I think our perceived talent and skills shortage is largely self-inflicted because as an industry we’re sadly terrible at hiring, growing, and retaining people.  Too many organizations are chasing a finite number of senior-level people which results in two critical problems. The first is self-inflicted: over the past decade as an industry, we have failed to grow enough people from entry and mid-level positions into senior level roles. The second thing is that many organizations believe they can only hire senior talent rather than grow and retain the talent they already have. If we don’t invest in people earlier in their career, we will never have the talent pool our collective job postings demand.
The problem with hiring only senior talent   We tend to spend a lot of time and energy looking for “unicorn hires”. These hires can take months of our energy and attention for each role. In aggregate, we risk incurring opportunity costs that prevent us from  growing a person – or several people – into these capabilities. Of course, the security industry is not the only offender. Many technical roles outside of security are subject to the same type of bad behavior. We allow ourselves to create job postings with requirements that are sometimes impossible – like requesting 10+ years experience in a technology that has literally only existed for five.    So why are situations like this happening? Despite good intentions, a recruitment team supporting a security team without enough investment of time and partnership from the engineering managers is going to get these things wrong. It’s not their fault, but a clear indication that we need to be better together.
https://www.tessian.com/wp-content/uploads/2022/03/josh-audiogram.mp4
I challenge hiring managers to answer this important question: Describe the specific skills and experiences that 5-10 years of experience mean to you?    When I ask this, one of two things happens: they either can’t answer it – which is a good indicator that it shouldn’t go in the job description – or they can, and this becomes the start of better job requirements. Chronological time doesn’t tell us all that much about someone’s capabilities, how they grew (or didn’t), or what they’re good at.   Instead, we should be focussing on things like core experiences, history of growth, skill sets, and capabilities. That’s what we should switch our requirements and expectation language to. So we should seek people who have specific experiences or capabilities, such as leading specific team sizes, adapting to rapid change in a high growth organization, or have navigated significant technology migrations. These are more equitable, measurable, and useful capability assessments that don’t rule out qualified candidates by setting minimums for years of work experience.
Reminder: if a team runs itself for six months while you hire a manager, you shouldn't be hiring, you should be promoting. — Matt Wallaert (@mattwallaert) November 18, 2020  
The great resignation   We’ve covered the great resignation/re-evaluation/migration previously on this blog. But even before this movement, we were already seeing an average ‘in role’ time of just 18 to 36 months for many security individuals. That’s a high turnover, and The Great Migration has only increased it. Senior decision-makers across the US report an average security staff turnover rate of 20% according to research from ThreatConnect. Compare that to another study by Michael Booz that found that the global average for all roles was around 11%.
Organizations should be focused on what it takes to keep people longer. To retain people, there are two key factors. First, people must have confidence that they can grow and gain value by staying within the organization. Second, they need to be able to experience recognition, and crucially – rewards, for their increasing value both in the market and in their organization. Too often we prioritize budget for new hires when the best option is to invest in the people we already have on staff and reward them before someone else does.    In my experience, not enough is done during the first two years of employment to give employees confidence that there is an ongoing trajectory for them in terms of growth, recognition, and rewards. And by the time we get to that two-year point, the first time that the organization hears about it is when they’re getting the resignation letter.    Sadly that is THE WORST time to attempt a growth and rewards conversation.
Creating a better pipeline   Of course as people levelup and grow into new roles, you need new recruits. But many security leaders are reluctant to have their teams be the first stop in someone’s security career. However, there are plenty of security roles that are great places to get a start in security while applying relevant and overlapping skills from previous non-security roles.    There are very few cases where significant skill transfer from non-security to security roles is not possible. Some of the more obvious examples are IT system administrators becoming enterprise security engineers, software developers being successful in product security roles, etc. We need to look beyond these examples and expand our mapping of critical skills and capabilities to additional roles and backgrounds. Some of the most talented security professionals in our industry today come from much more diverse backgrounds. Some went to university to study linguistics, art, or math, and many never pursued higher education.
Your next security hire could come from customer success, marketing, or human resources   One of the things we need to be more conscious of is that security roles don’t just need technical skill sets. In fact training people up in specific technical skills is relatively easy to do. Instead, we should be optimizing security roles for people who are making a job transition. Security teams can benefit hugely from the things that are NOT easy to train people up on, like emotional intelligence, personal relationship management, and communication skills.   I’ve done this myself. I supported hiring someone with a background in customer service for a security operations role. 90% of the job is still based on providing effective customer service and rapidly triaging problems to identify the most appropriate solutions; it’s just a different set of customers and problems. We can train people on how to use our technology and how to think about security. What’s much harder is training people to be effective communicators with empathy and the high emotional intelligence to provide exceptional outcomes while supporting people.    I’ll finish how I started, by saying again that, there isn’t necessarily a skills shortage in many cybersecurity roles. We’re just setting the requirements poorly, largely ignoring retention, failing to take advantage of skill transference opportunities from non-security roles, and not giving people the opportunity to grow. Want to Join us at Tessian and start or develop your security career? Check out our open roles. What’s it like to work here? Here’s 200 reasons why you’ll love it. Want to find out more about diversity and the cyber skills gap? Register for our up-coming LinkedIn Live.
Read Blog Post
Cyber Skills Gap
New Research: 1 in 3 Employees in IT and Security Teams Are Female
by Tessian Monday, March 7th, 2022
As the global job market has contracted over the last 18 months, cybersecurity has expanded, putting IT and security professionals in higher demand than ever. But diversity is still a big problem in the industry and it’s one that security leaders, HR teams, and recruiters are desperately trying to solve.    And, while there’s still room for improvement, new research shows that organizations are prioritizing diversity and inclusion (D&I), and it’s paying off: 1 in 3 employees in IT and security teams are female.    Why is diversity so important in cybersecurity?    We know instinctively why D&I matters from an ethical perspective. But, year after year, research from consulting firms like McKinsey show there’s a strong business case for diversity, too. It helps boost innovation, increase job satisfaction, and helps drive higher profitability, market share, and return. It’d also have a big impact on the global economy.    The Center for Economics and Business Research quantified just how much of an impact…   If the number of women working in cybersecurity rose to equal that of men, we’d see a $30.4 billion boost to the industry’s economic contribution in the US and a £12.6 billion boost in the UK. And, if women earned as much as their male counterparts, we’d see billions more pour in, with a further $12.7 billion added in the US and £4.4 billion in the UK.   So, how diverse is the industry today?
How diverse is the industry today?   A recent survey of 250 IT leaders in the US and UK revealed that: On average, one in three (33%) employees in IT and security teams, in UK and US organizations, are female  IT leaders in US organizations have slightly more diverse teams, with 36% of their team being female, versus 30% of IT teams in UK organizations  Larger companies are more likely to have greater diversity in their teams. 36% of IT teams in medium sized businesses (25-499 employees) are female, and 34% of IT teams in large enterprises (1000+ employees) are female. This drops to 29% in small businesses (2-49 employees)  But it’s not just about gender. It’s about geo, professional experience, educational background (or lack thereof), age, religion, and more.    According to a 2021 report from (ISC)2, while minority professionals make up a significant portion of the cybersecurity workforce, they’re underrepresented across senior roles within their organizations. Among minority cybersecurity professionals, just 23% hold a role of director or above, 7% below the U.S. average.    And, interestingly, minorities who have advanced into leadership roles often hold higher degrees of academic education than their Caucasian peers who occupy similar positions. Of minorities in cybersecurity, 62% have obtained a master’s degree or higher, compared to 50% of professionals who identified as White or Caucasian.    That said, progressive IT leaders do have objectives in place to hire people from a more diverse range of backgrounds: 56% of IT leaders in US organizations have objectives around increasing efforts to hire people from more diverse range of backgrounds in 2022 46% of IT leaders in UK firms have objectives have objectives around increasing efforts to hire people from more diverse range of backgrounds in 2022 65% of large businesses (1000+ employees) have objectives around increasing efforts to hire people from more diverse range of backgrounds in 2022 This begs the question: what can organizations do to ensure a more diverse workforce, including diverse leadership?    How can organizations hire (and keep) diverse talent? Hiring diverse talent   To better understand what would encourage more diversity in cybersecurity, we asked female practitioners what would make the biggest impact. Here’s what they said:   !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   According to Tessian’s CISO, Josh Yavor, job descriptions and requirements are turning people off and away, too.    “We have to look at the terrible multi-decade history of awful job descriptions and requirements in cybersecurity. This industry is bad at posting entry-level descriptions that require unreasonable levels of experience and this makes it impossible to hire anyone. The challenge I give to hiring managers is to ask them, what does 5-10 years of experience actually mean to you? What does 5-10 years of experience look like and what value does that actually provide?” Josh explained.   It’s essential that organizations remove barriers to entry like 4-year degrees, cybersecurity certifications, and previous experience. Of course, IT skills and knowledge of computer science and engineering may be prerequisites for some roles in cybersecurity. But all roles require soft skills.For example, data analytics, analytical thinking, creative thinking, and collaboration.   Retaining diverse talent   The Great Resignation of 2021 has continued well into 2022, with record high numbers of people quitting their jobs and seeking opportunities for better positions, better pay, better work/life balance and even exploring a career in a completely new industry.   According to our latest survey of 2,000 employees in UK and US businesses, 55% are considering leaving their current employer this year. The most likely department to be on their way out? IT.    That means retaining diverse talent is just as important as hiring diverse talent.    How? Prioritize employee wellbeing, promote flexibility, offer good perks (which means more than just snacks, beer, and ping pong), build a good company culture, and invest in career development.   Looking for a new gig? If you’re looking for your next gig, and want all of the above ☝ explore Tessian’s open roles.
Read Blog Post
Cyber Skills Gap, Life at Tessian
Tessian Officially Named a 2021 UK’s Best Workplaces™ for Women
by Tessian Thursday, July 1st, 2021
We’re excited to announce that Tessian has been recognized as one of the top three medium-sized companies in the UK’s Best Workplaces™ for Women for 2021.  Our Human First value, its commitment to Diversity, Equity and Inclusion (DEI), and its Employee Resource Group (ERG) for women – Tes-She-An – are just some of the reasons why people love working at the company. This recognition confirms that:  Tessian is a great workplace for all employees, including women. Tessian recognizes that women represent a valuable talent pool in increasingly talent–constrained industries such as cybersecurity and technology.  Tessian lives up to its company values of ‘Human First’ and ‘We Do the Right Thing’, as its leaders make meaningful changes to improve their ability to recruit, retain and nurture top female employees.
Education and training have been foundational first steps in Tessian’s DEI strategy. We partnered with Jeff Turner, former International Learning and Development Director for Facebook, to deliver company-wide training around diversity, unconscious bias and inclusion. We’ve also taken the time to establish our long-term DEI roadmap – which includes a diversity recruitment strategy across all hiring levels, expanding the entry-level talent pool by creating junior jobs for people entering the tech industry, and prioritizing the development of future leaders through well-defined growth frameworks across the company. 
In addition, Tessian’s ERG group – Tes-She-An – provides a space to support all employees who identify as women, celebrate their achievements, and help each other “shine even brighter” by focusing on career progression. The group runs monthly workshops for women, and invites inspiring external guests who are leading the charge in creating equal opportunities in the tech industry, to speak to employees. Importantly, these events do not operate in a closed network. They’re open to the entire company – not just women.  As a result of these initiatives and programs, 99% of Tessian employees surveyed by Great Place to Work® agreed that people at the company are treated fairly regardless of their gender.  Paige Rinke, Head of People at Tessian, says: “We are so proud to be recognized as a Best Workplace for Women and hear first-hand from our employees that our initiatives to create an inclusive workplace are resonating. One of our core values is Human First, and we’re committed to ensuring every employee feels supported and valued, and to improving gender and ethnicity representation across all levels of seniority at Tessian through our DEI efforts. “Why? Because empowering our people to thrive in an inclusive environment and challenging the status quo to create more equal opportunities in the tech industry is, ultimately, the right thing to do.”  Benedict Gautrey, Managing Director of Great Place to Work® UK, explains: “We’re delighted to recognize so many great organizations in this fourth year of the UK’s Best Workplaces™ for Women list. The issues affecting women in the workplace, particularly what we’ve witnessed in the face of the pandemic including parity of pay and advancement opportunities, continue to be important topics. “What our 2021 UK’s Best Workplaces™ for Women clearly show is the positive impact their practices have on business. As a result, they are better able to attract and retain women of talent, encouraging them to develop professionally and personally, and in turn, contribute exponentially to the success of the organizations they work for.” Want to work at Tessian? See if we have a role that interests you today.
Read Blog Post
Cyber Skills Gap
3 Reasons Hackers Could Help Bridge the Cybersecurity Skills Gap
by Tessian Tuesday, April 28th, 2020
There are currently over 4 million unfilled positions in cybersecurity. The question is: Why? To find out, Tessian released the Opportunity in Cybersecurity Report 2020. Based on interviews with over a dozen practitioners from some of the world’s biggest and most innovative organizations (including Google, KPMG, and IBM), survey results from hundreds of female cybersecurity professionals, and quantitative research from the Centre for Economics and Business Research, we revealed that: There’d be a $30.4 billion boost to the industry’s economic contribution in the US and a £12.6 billion boost in the UK if the number of women working in cybersecurity rose to equal that of men A lack of awareness/knowledge about the industry is the biggest challenge female cybersecurity professionals face at the start of their career The industry has a major image problem. Women working in cybersecurity believe a more accurate perception of the industry in the media would be the biggest driver of new entrants  A different perspective of the same problem While we examined the growing skills gap in cybersecurity through the lens of the disproportionately low percentage of women currently working in the field, we were recently introduced to a different perspective. Hackers’.  HackerOne released The 2020 Hacker Report earlier this year and, on April 21, Tessian welcomed Ben Sadeghipour, the platform’s Head of Hacker Education, to present the key findings from the report during one of our Human Layer Security Virtual Roundtables. The message was simple: Hackers can (and do) help bridge the cybersecurity skills gap.  Now, by combining highlights from The 2020 Hacker Report with our own Opportunity in Cybersecurity Report 2020, we’ve identified 3 key reasons why hackers have the potential to make a positive impact on the industry. 
1. Hackers have the skills the cybersecurity industry needs When asked why there’s a skills gap in the industry, 47% of those women surveyed said it’s because there’s a lack of qualified talent. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Likewise, 33% of women currently working in cybersecurity say that a lack of requisite skills was the biggest challenge they faced at the start of their career. This came behind a lack of clear career development paths (43%) and a lack of awareness/knowledge of the industry (43%). !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); While a greater emphasis on STEM subjects in primary/high school, more apprenticeship programs, and cybersecurity-specific curriculums at universities would certainly help, we need to look beyond formal education. According to HackerOne’s report, “Most [43%] hackers consider themselves self-taught… since formalized cybersecurity engineering educations have yet to become common, bug bounty programs and public VDPs give promising hackers the ability to quickly learn, grow, and contribute to everyone’s increased security.” What’s more, hackers are putting these self-taught skills to use, with 78% of hackers saying they’ve used or plan to use their hacking experience to help them land a job. On top of that, the majority of hackers (59%) say they hack as a hobby or in their free time and 27% describe themselves as students.  That means a large percentage of hackers could, in theory, transition into cybersecurity. It’s important to note, too, that different cybersecurity roles attract different types of talent. We asked our survey respondents to identify the skills needed to thrive in different roles, and the results demonstrate how diverse the opportunities are. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");  
2. All hackers aren’t “bad” While a lack of requisite skills is perpetuating the skills gap, 51% of the women surveyed in Tessian’s Opportunity in Cybersecurity Report 2020 said that a more accurate perception of the industry in the media would encourage more women into cybersecurity roles. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Hillary Benson, Director, Product at StackRox and one of the contributors to our report summed it up nicely when she said, “People hear ‘cybersecurity’ and think of hackers in hoodies. That’s a bit of a caricature, maybe with some legitimacy to it—and that was even part of my own experience—but that’s not all there is.” Unfortunately, this “caricature” of hackers tends to be negative as pop culture and headlines about nation-state hacking groups have conditioned us to associate hackers with criminal or solitary activity. HackerOne even commissioned a survey of over 2,000 US adults to gauge their perception of hackers.  The survey found that 82% of Americans believe hackers can help expose system weaknesses to improve security in future versions. However, a nearly identical share said they believe hacking to be an illegal activity.  But, hackers feel confident this perception is changing for the better, with:  55% saying they see a more positive perception from friends and family 47% saying they see a more positive perception from the general public 38% saying they see a more positive perception from businesses 35% saying they see a more positive perception from the media
3. Hackers already have a strong community 23% of Tessian’s respondents said that a lack of role models was a challenge they faced at the start of their career, and a further 26% said that more diverse role models would encourage more women to enter cybersecurity roles. The impact of role models is even more important for the younger generations. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Hackers already have a strong community. Katie (@Insider_PHD) was quoted in HackerOne’s report saying “The community is super encouraging. The community is super willing to help out. It’s, as far as I’m concerned, my home.”  Likewise, Corben (@CDL) was quoted as saying “Being part of the hacker community means the world to me. I’ve met a ton of people. I’ve made a ton of friends through it. It’s really become a big part of my identity. Everyone who is a part of the community is bringing something important.” Beyond that, 15% of those surveyed got interested in ethical hacking because of online forums or chatrooms.  The bottom line is: Mentorship is important. Role models are important. Community is important. Unlike cybersecurity professionals – specifically female cybersecurity professionals – hackers have these things in abundance. Cybersecurity is more important now than ever Data has become valuable currency and ransomware attacks, phishing scams, and network breaches are costing businesses and governments billions every year. And now, with new security challenges around remote-working and a marked spike in COVID-19-related phishing attacks, cybersecurity is more business-critical than ever before. While we should continue encouraging gender diversity in cybersecurity, we should also encourage other types of diversity as well. The field is wide open for a range of educational and professional backgrounds…including hackers.  Challenge perceptions, make an impact.  Learn how cybersecurity professionals kick-started their career   So, what is cybersecurity actually like? It depends on your role within the field. And contrary to popular belief, the opportunities available are incredibly diverse.  To learn more about how the 12 women we interviewed broke into the industry, read their profiles. #TheFutureIsCyber
Read Blog Post
Cyber Skills Gap
Key Takeaways from Tessian’s Cybersecurity Skills Gap Webinar
by Tessian Tuesday, March 31st, 2020
In case you missed it, Tessian released the Opportunity in Cybersecurity Report 2020 earlier this month. In it, we examine the growing skills gap in cybersecurity through the lens of the disproportionately low percentage of women currently working in the field.  While the report was released in time for Women’s History Month and addresses the issue of gender bias in the industry, we found that it’s actually inaccurate perceptions of cybersecurity that are preventing people from considering the opportunities available. So, how can organizations tailor recruitment efforts to help candidates overcome this barrier to entry? To find out, we invited three of the contributors to the report to join Kelli Hogan, Tessian’s Head of Marketing Communications, for a webinar: “Cybersecurity skills gap: talent shortage or image problem?” You can view the full webinar here, and we’ve compiled the key takeaways for you in this blog. Cybersecurity is an incredibly diverse field Cybersecurity isn’t limited to hackers, developers, and engineers.
This is perhaps best demonstrated by the women themselves.  Carolann Shields, the former CISO at KPMG, is something of an industry veteran, having driven more than fifteen large-scale company-wide cybersecurity initiatives throughout her career. But, she didn’t study anything related to computer science. Instead, she earned her degree in Business Studies before starting down her path to cybersecurity. On the other hand, Hayley Bly, a Cybersecurity Architect at Nielsen, earned her Bachelor’s Degree in Computer Science almost four years ago and is currently working towards her Master’s of Science in Cybersecurity. Finally, Tess Frieswick, who earned her Bachelor’s Degree in World Politics with a minor in Islamic World Studies, became interested in cybersecurity after learning about Russian bot interference in the 2016 US presidential election. She recently started a new job as a Client Success Manager at Kivu Consulting after spending a year working at Uber as a security analyst. Learn more about their backgrounds by reading their profiles on our blog.  Organizations should enable internal recruitment as well as external recruitment  While most of us think of recruitment outside of our organization when we consider growing our security teams, Carolann has, throughout her career, made a point to look internally first.
Importantly, internal recruitment was only possible because of the environment KPMG created through job shadow programs and other initiatives that encouraged cross-functional movement and communication between teams.  Internal recruitment can do more than just fill vacancies, though. It also gives other individuals and even full departments a chance to better understand the function of cybersecurity teams which, in turn, helps build a stronger, more positive security culture.  Collaborative and open environments attract new talent We know from our research that creativity and collaboration rank in the top five skills needed to thrive in a cybersecurity role, but it’s clear that these are also attractive traits in an organization to applicants. That means if you want new, diverse talent, you have to communicate the scope of the opportunity, the open-mindedness of senior executives, and the organization’s overall propensity to engage with new ideas.  COVID-19 means more for cybersecurity than just a transition from office-to-home Given the current climate, it’s no surprise that the conversation turned to COVID-19.  When asked by an audience member during the live Q&A what the outbreak meant for the future of cybersecurity, all three of the women were steadfast that the impact goes far beyond just the transition from office-to-home, especially as attackers are taking advantage of the situation with opportunistic phishing attacks. 
But, this doesn’t just impact professionals in client services. Organizations are relying more heavily on cybersecurity teams to lock down internal systems and networks. The question is: Are teams going to have to do more with the same resource? Or will teams expand as necessary? Increased remote-working could mean more opportunities in cybersecurity  According to Carolann, it’s inevitable that this sudden transition necessitates a larger security team. 
Now more than ever, organizations have to recruit new and diverse talent in order to not just fill the 4 million vacancies that already exist, but to accommodate the increased reliance on cybersecurity teams to help us all safely transition to remote-working. For more insight on how to improve your recruitment efforts, listen to the webinar. #TheFutureIsCyber
Read Blog Post
Cyber Skills Gap
Introducing Tessian’s Opportunity in Cybersecurity Report 2020
Wednesday, March 11th, 2020
Despite higher-than-average salaries, the opportunity to solve real-world problems, and unlimited growth potential, there’s a skills shortage in cybersecurity. In fact, the cybersecurity workforce needs to grow by 145% to meet the current global demand.  That’s over four million unfilled jobs. But, there isn’t just a skills gap. There’s also a gender gap, with women making up less than a quarter of the workforce. The question is: Why? To find out, Tessian: Worked with the Centre for Economics and Business Research to analyze the economic impact if the number of women working in the industry equaled the number of men Surveyed hundreds of female cybersecurity professionals in the US and the UK with Opinion Matters Interviewed over a dozen practitioners from some of the world’s biggest and most innovative organizations – including Google, KPMG, and IBM –  about their own experiences. To download the full report, click here.
An economic boost worth billions Today, the cybersecurity industry contributes $107.7 billion in the US and £28.7 billion in the UK, and that’s in spite of four million job vacancies. So, what would happen if we minimized both the skills gap and the gender gap, and the number of women working in cybersecurity rose to equal that of men? Our research reveals that we’d see an economic boost of $30.4 billion in the US and of £12.6 billion the UK, bringing the total contribution of the cybersecurity industry up to $150.8 billion and £45.7 billion in each respective country.   But, without a clear understanding of the challenges women currently working in the industry faced at the start of their career, organizations and governments will continue to struggle with recruitment.  And the challenges aren’t necessarily what you’d expect… Cybersecurity has an image problem While it’s easy to cite the gender gap as a barrier to entry – especially with 66% of women in cybersecurity agreeing there is a gender bias problem in the industry – it actually isn’t one of the biggest challenges women currently working in the industry have faced.
Instead, women cite a lack of awareness or knowledge of the industry and a lack of clear career development paths as the biggest challenges, meaning a general demystification of the industry is required to encourage new entrants. What’s more, 51% of women believe more accurate perceptions of the industry in the media would encourage more women to explore cybersecurity roles. This came first, beating out a more gender-balanced workforce, equal pay, and cybersecurity-specific school curriculums. So, what is the industry actually like? Read the full report to find out the top 5 skills needed for a range of cybersecurity roles, including CISO, network engineer, data scientist, and risk & compliance. You can also read the profiles of each of our contributors which prove there is no “stereotypical” cybersecurity professional.  The industry is future-proof Demystifying the industry truly is essential, especially because the industry is one of the most important today, with over half of those surveyed saying that they joined for exactly that reason. But, it’s not just the opinion of cybersecurity professionals.  In fact, the global cybersecurity market is booming, having grown 30x in the last 13 years. That’s because cybersecurity professionals are solving real-world problems and are making a positive impact doing so. After all, data has become valuable currency and ransomware attacks, phishing scams, and network breaches are costing businesses and governments billions every year.
Perhaps that’s why the vast majority of women surveyed feel so stable in their jobs; 93% saying they feel secure or very secure working in this industry. Unfortunately, though, without encouraging more people to join the industry, professionals will struggle to keep pace with the ever-evolving threat landscape.  The cybersecurity industry – like all other industries – requires diversity to thrive. And we don’t just mean gender diversity. The field is wide open for a range of educational and professional backgrounds, from psychology majors to business analysts and just about everything in between. Read the full report to learn more, including: How opinions of the industry differ based on age, company size, and region The economic impact the industry would have if the number of women working in cybersecurity equaled the number of men and the wage gap was eliminated The five most important developments in the cybersecurity industry today Resources – including cybersecurity groups, female empowerment groups, and industry-specific certifications to help you make a start in the field Challenge perceptions, make an impact.  #TheFutureIsCyber
Read Blog Post
Cyber Skills Gap
Opportunity in Cybersecurity: Q&A With Shamla Naidoo From IBM
by Tessian Tuesday, March 10th, 2020
Shamla Naidoo – who has 37 years of industry experience in technology and security – is currently leading C-Suite strategy and integrating security with digital transformation at IBM, where she previously served as the Global Chief Information Officer. Having held Senior Officer roles at Starwood Hotels and Resorts, WellPoint, and Northern Trust, she’s a true veteran in the industry and has used her professional and personal experiences to help mentor and motivate teams and individuals across departments within all the organizations she’s served.  Earlier in her technology career, she earned degrees in Information Systems and Economics (her fail-safe!) and, afterwards, went on to receive her Juris Doctor degree.
Q. Describe your role as a CISO in 300 characters or less. A CISO’s job is to protect an organization’s brand and reputation by managing cybersecurity threats. Protecting a corporation’s digital footprint supports business growth enables the acceleration of innovation. Q. How did you get started in cybersecurity? This is my 38th year working in technology and initially, security wasn’t a separate function, role or organization; it was completely integrated. As a developer, my job was to write code that worked and that included working in a secure way.  As a network engineer, I built networks, in a secure way. I never envisioned security would become a free-standing profession. But, after almost 20 years of integrating security into my technology roles, I realized Security was becoming important and that I was actually knowledgeable on the subject. Not because I had a security title at that stage, but simply because I had done it before. Q. What does this integration of tech and security roles mean for the cybersecurity industry? There’s now an entire ecosystem for security and because of that, you can participate without having technical skills or a hardcore technical background. You can now become a security expert without ever having written a line of code in your life; you can become a security expert without ever having built any kind of technology solution. It’s really expanded the opportunities for career paths in security. Q. Do you think people are aware that technical skills aren’t necessarily required to succeed in cybersecurity? There’s still a lot of mystery surrounding what exactly a profession in cybersecurity entails. The information isn’t that forthcoming. It’s not clear or simple to understand. This requires us to demystify the opportunities and talk about them not just in business terms, but in relatable terms.  Perhaps we’re just missing the mark on how to market jobs in this industry… Q. Do you think that the industry has an image problem? To many people, cybersecurity equates to – and is limited to – someone in a hoodie bent over a keyboard in a dark room. That’s not the case at all. If we don’t expand beyond that, we’ll lose out on even more people in the industry. Q. How did your role as a CISO enable you to champion the industry and the people in it? I believe leaders take ordinary people and enable them to do extraordinary things. I have been able to do that; I’ve been able to mentor and coach people to be better versions of themselves, better professionals, better employees, more productive, more engaged, better community leaders…  My goal is to help people connect hard work and aspiration.  Sure, you could go out and read a book on cybersecurity, but if you don’t understand the vocabulary or the required outcomes, and you don’t understand what impact these types of roles can have, you miss the plot. If you can contextualize it, it becomes real quickly.  When I coach people, I ask them to pick a person who they aspire to be. I ask them to tell me their name. You learn best by observation! If you can pick a person and you can visualize the role you want, it’s more attainable. If it’s a role that you want to have rather than a person you want to be like, then find the role you want, seek out the person doing that role, and try to understand what led them to that position. What do they know? How did they prepare? What do they deliver?  How are they recognized for it? That research will help you to create a roadmap of how to get there. This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from KPMG, Nielsen, Funding Circle and more. #TheFutureIsCyber
Read Blog Post
Cyber Skills Gap
Opportunity in Cybersecurity: Q&A With Hayley Bly From Nielsen
by Tessian Monday, March 9th, 2020
Hayley Bly is a Cybersecurity Architect at Nielsen, where she’s worked since graduating from the University of Miami with a Bachelor’s Degree in Computer Science almost four years ago. Since starting her career, she’s championed the industry by going back to her alma mater for recruiting events to raise awareness about cybersecurity and has participated in events in collaboration with Women in Technology International (WITI). She’s also found time to further her education and is currently working towards her Master’s of Science in Cybersecurity.
Q. Describe your role as a Cybersecurity Architect in 300 characters or less I build tools that our incident response team uses. This could be implementing a vendor tool or building something from scratch. We do both, and this includes designing how the tools are made, implemented and deployed throughout the larger company.   Q. Since your educational background seems so focused, have you always been motivated to pursue a career in cybersecurity? My parents both worked in banking software so I’ve always been around it. They both really pushed me to explore a career in the field but – you know how it is – I fought it. I never wanted to pursue it just because they told me to do so; I wanted to decide my own path. That’s why I actually applied to college as Pre-med. But, my senior year of high school, there were no other electives to pick so I chose the computer programming class and, of course, fell in love with it. Once I was accepted into the Pre-med program at the University of Miami, I threw them for a loop and asked if I could change my focus to Computer Science and never looked back.  Q. How did you transition from more general Computer Science to cybersecurity specifically? I thought I was going to be a software developer up until I started at Nielsen straight out of college. Since then, I’ve really found my home in cybersecurity.  The team I work with and my managers are absolutely incredible. They have had something to do with every single career decision I’ve made thus far, because the work others do really inspires me. Especially when I first started, their work opened my eyes to how much I didn’t know and what really goes on behind the scenes in a company.   When you’re working in cybersecurity, you’re not just writing code all day. You’re actually dealing with real-world problems and it’s up to you to prevent, detect, and respond to incidents by finding or creating solutions. Q. What do you think would inspire more young women to enter into the field? I think just bringing more awareness to the fact that you can really create your own success. I was let in the door without any real cybersecurity skills or experience and was given the opportunity to prove myself, and I have. It’s a jump-in-and-figure-it-out-as-you-go type of field and people shouldn’t be afraid to do that. Cybersecurity isn’t about who you are or what degree you have. It’s about what you can do, what problems you can solve, and how well you can work with other people to get the job done. You don’t have to play politics because your work speaks for itself. I love that. Q. Do you have any recommendations for resources or groups that might be a good first-step for anyone interested? Meetup.com is a great way to connect with local people who are interested in the same things you are and, speaking specifically about cybersecurity events, people can pique their interest and learn, but in no-pressure situations. And that’s really important. I think sometimes when you’re first starting out at something it’s easy to feel self-conscious or nervous about really getting involved, and these events can give newcomers a chance to try something they haven’t before without any fear of being wrong or feeling out of place.  This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber
Read Blog Post
Cyber Skills Gap
Opportunity in Cybersecurity: Q&A With Hillary Benson From StackRox
by Tessian Sunday, March 8th, 2020
Hillary Benson is the Director, Product at StackRox and has an incredible background in government and military intelligence. She holds two degrees, including a Bachelor’s Degree in Management Science with a focus in Finance from Massachusetts Institute of Technology and a Master’s Degree in Security Studies with a focus in Terrorism and Substate Violence from the Georgetown University Walsh School of Foreign Service. Additionally, she is a Master’s candidate in Computer Science at The Johns Hopkins University. But, her experience isn’t limited to her education. She started her cybersecurity career at the National Security Agency, where she spent almost six years as an intelligence analyst, technical collector, and product leader. She moved into the private sector as a red team operator and has shifted gears in the last three years to focus on building product at a leading container security company called StackRox.
Q. Describe your role as a Director, Product in 300 characters or less My job is to distill business opportunity into a technical vision and development roadmap for our flagship security product, the StackRox Kubernetes Security Platform. We’re building a product that enables security practitioners to rethink their approach to security by leveraging container technology. Q. Your background – both educational and professional – seems very focused. Have you always aspired to have a career in this industry? From a very young age I had an interest in technology, security, the military and intelligence. I can certainly tie all the threads from those interests to where I’ve ended up, but I wouldn’t have been able to predict that my path would look the way it does.  I generally attribute that to the fact that the most interesting opportunities are usually the most difficult to predict, and I am constantly searching for the next interesting problem to solve. My approach to life can lead me down very unexpected rabbit holes. Q. What professional experiences have guided your career path the most? Certainly NSA had a huge impact on my career direction. I landed there by luck, really, after shotgunning online job applications. I applied on the right day, they picked up my resume, and before I had even graduated I was in the clearance process.  I joined as an Intelligence Analyst and participated in a program that allowed me to rotate through a number of offices within NSA to get experience in different disciplines. I gravitated toward technical analysis and collection. That track led me to Tailored Access Operations and stoked my interest in offensive security. The rest is history. Looking back on my career up to this point, many of the contributions I’m most proud of took place during my time with NSA. At certain times, I had an extreme sort of impact that you can’t replicate in the commercial world. From a business perspective, though, I’ve learned more in the last two years than I ever hoped for and am extremely proud of the product that my team has built at StackRox. Q. Since you’ve sampled a lot of different disciplines within cybersecurity, do you think people tend to have a narrow view of the industry and the jobs available in it? People hear “cybersecurity” and think of hackers in hoodies. That’s a bit of a caricature, maybe with some legitimacy to it—and that was even part of my own experience—but that’s not all there is.  A lot of what you do as a security professional involves bridging gaps between security teams and the development and operations teams. So much of the job is convincing people that the security risks you find are worth fixing. You can’t do that if you only have technical skills; you have to be able to talk to people and to influence them. Q. Do you need certifications or a degree to get those skills? Actually, of all the things to get into without formal education or training, there seem to be a lot of people who either cross-train from other fields or enter security without any formal education. Which is pretty awesome, I think. It’s not uncommon to hear someone say something like “Oh, I studied psychology, then took a year off and painted, and now I’m a penetration tester”.  There are many people in security who gained the knowledge and landed a job without a formal degree. A lot of the folks I’ve worked with were independent and curious problem-solvers—I think not in small part because a lot of them fought their way into their role by proving their competence in the field. You don’t necessarily have to take the traditional route and get a four-year degree. If that works for you, great. But if you’re looking to switch careers or you’re confident in your specific passion for the security industry, there are other ways to get the requisite technical skills.  The OSCP is a great training ground for aspiring penetration testers who want to nail down the basics. Joining a bug bounty platform like HackerOne or Bugcrowd is an excellent way to get hands-on experience with finding bugs in the real world. And almost nothing beats learning to code—what better way to understand how security issues materialize when building software but to try to build it for yourself? This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber
Read Blog Post
Cyber Skills Gap
Opportunity in Cybersecurity: Q&A With Swati Lay From Funding Circle
by Tessian Thursday, February 6th, 2020
Swati Lay, who has more than 20 years’ experience in software development and information security, is the Chief Technology Officer (CTO) at Funding Circle, a peer-to-peer lending marketplace that allows the public to lend money directly to small and medium-sized businesses. Her interest in cybersecurity was piqued at 16-years-old with a course on Number Theory and Cryptography and, having earned her Bachelor’s Degree in Electrical Engineering and Operations Management from Princeton University, Swati started her career at Merrill Lynch in New York as a software developer.  Since then, she’s held leadership positions both at scale in larger enterprises and in higher growth environments, including retail banking at Barclays Bank and gaming, where she was the Director of Information Security at Betfair, what was then a FTSE 250 gaming operator.
Q. Describe your role as a CTO in 300 characters or less. I’m responsible for all of Funding Circle’s technology capabilities globally. Q. You’ve been apart of the larger cybersecurity industry for over 20 years. How did you get involved initially? My first real introduction to cybersecurity was a Number Theory and Cryptography course I took when I was 16-years-old. While I was so fascinated by the subject, I remember thinking that I wasn’t the strongest from a math- perspective and that, because of that, I just wouldn’t be able to get a job in this industry. Fast forward several years later, I’ve graduated from Princeton University, am working at AT&T as a Systems Engineer, and I started to realize that there are actual applications of cryptography in the business world. Importantly for me, its application in the business world is more focussed on implementation rather than the math behind it, so I was able to really get my head around it.  A colleague of mine at AT&T moved to Merrill Lynch to an Information Security team and asked me if I’d be interested in coming along. The rest is history! For me, it really was fulfilling a childhood dream. Q. Why did you initially write off the industry as an option for you? It just seemed so far out of reach. I didn’t understand what skills were required, in part because cybersecurity really wasn’t its own, standalone industry yet.  What’s even more sad, though, is that’s still the case for many people today.  Despite the industry being more defined than it ever has been, there’s still a lot that needs to be demystified to really get people interested and involved. Q. If you were discouraged based on preconceived notions about the industry, what skills and interests can you point to that are actually necessary to thrive in a cybersecurity role? I think people view cybersecurity as a black art. But, it’s really not that obscure! There’s an incredible range of opportunities available, and not all of them require technical skills.  Yes, when you consider more general engineering, technical skills are paramount. But when you think about management roles, you need communication, collaboration, vision, etc.  Then, you look at cybersecurity more broadly. What you really need is the ability to communicate risk in a way that enables decision-makers to do their job.  People don’t always understand the work you’re doing or why it’s important, and that can make you second-guess yourself. That’s why we need people who are willing to do some really deep problem solving, people who are willing to dive into deep issues and not be afraid to have a contrary point of view.  You have to be smart. You have to be disruptive. That’s why it’s so important that we diversify the population of people working in cybersecurity. We need to round out our teams and encourage more than just technical skills. If we don’t, the implications will be quite severe, especially because we’re not just protecting financial institutions and governments anymore. Companies across industries – small, medium, and large – have seen the value in building out cybersecurity functions.  Q. Does your senior role enable you to empower more people to explore the opportunities available in cybersecurity? I think every person in senior leadership in cybersecurity wants to empower more people to explore these opportunities that are available. A big piece of that is role models. You have to see it to be it!  I remember when I was 12-years-old,  someone mentioned an Ivy League school to me and I thought “I’ll never be able to do that!” It wasn’t until I saw people who had the same background and upbringing as me going to these schools that I finally thought I could do it, too. That’s why now – especially because I’ve been so fortunate throughout my career and have had so many incredible opportunities – I want to show the next generation that they can have those same experiences.  This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, KPMG, Nielsen and more. #TheFutureIsCyber
Read Blog Post
Cyber Skills Gap
Opportunity in Cybersecurity: Q&A With Amy Johnson From Herbert Smith Freehills
by Tessian Tuesday, February 4th, 2020
Amy Johnson is the Information Security Manager at Herbert Smith Freehills, an international law firm with headquarters in both London and Australia. She’s worked in cybersecurity for over six years and started her career as a Lead Investigator at Freshfields Bruckhaus Deringer. Before entering the cybersecurity industry, she worked in Human Resources. While she doesn’t have a formal education that’s focused on cybersecurity, she’s earned five certifications to-date, including her Certification in Information Security Management Principles (CISMP), Certified Information Security Manager (CISM), Certified Data Protection Officer (CDPO), ISO 27001 Implementer, and Certified Information Systems Auditor (CISA).   Next, she’ll aim to earn her Certified Information Systems Security Professional (CISSP) qualification.
Q. Describe your roles as a Security Manager in 300 characters or less. I monitor system user behavior and I review client security requirements and questionnaires. I’m very much forward-facing and part of my job is to guide the firm and our people on how to work with information and technology in a safe and secure way. Q. How did you get started in this industry?  I don’t have a background in cybersecurity. I actually studied HR and worked in that industry for years. About two years into working at Freshfields Bruckhaus Deringer, Mark Walmsley, who was the CISO at the time and still is, started creating a new group called the Information Security Group (ISG).   At that point, I was ready for a career change. I wanted to do something that wasn’t just exciting every day, but different every day. The idea of protecting people, investigating threats, and creating training materials about the evolving risks in information and cybersecurity really, really interested me.  I decided to go for it and got the job! I was the Lead Investigator there for about five years. Since then, I’ve earned different certifications and have really catapulted myself into a more senior position that I’m in now at Herbert Smith Freehills. Q. Did your previous experience help prepare you for your first role in cybersecurity? Monitoring/ investigating systems can be a sensitive subject which means you have to be hyper-aware of data privacy laws, etc. That’s something I was able to bring to the table because of my previous experience.  But, to really be successful in a cybersecurity role, you have to be familiar with not just the current threats, but the new and evolving technologies. You have to stay on top of that. I didn’t get that exposure until I started. I also didn’t have any technical skills when I started. I learned on the job, which – to me – is far better than going to study.  Cybersecurity is really about putting what you know into practice. Q. Do you have any thoughts on why women only make up a quarter of the cybersecurity workforce? A lot of women in tech might not see cybersecurity as a suitable career path because it is considered quite a masculine profession. That’s probably ingrained at a very young age. It’s important to not be discouraged by that, though. Bear in mind, I came from a HR background; that’s a field where you’ll often work in a team that’s all women. Moving into this industry, I’ve often been the only woman within the teams I’m working in. But, that doesn’t mean I don’t feel like I belong. I don’t find men that intimidating!  Women can be just as successful in this industry and opportunity, recognition, and progression are absolutely available to those who work hard. Q. In terms of progression, do you feel like a career path to a more senior position is clear?  To be very honest, I’m already very proud of how far I’ve come in the last 10 years. When I first moved to London, I was making significantly less than I’m making now. I’ve consistently worked my way up the ladder since then. I’d still really like to learn and grow more within this industry and I certainly have dreams of being a CISO or a head of a department eventually. But, the opportunity for growth can really depend on how big your department is. Cybersecurity is still growing, and not all organizations have large teams which means you may not necessarily see what your next step will look like or what skills you need to develop to take that next step. It can be hard. But, the skills you get at any one organization are really transferable. This profile is a part of the larger Opportunity in Cybersecurity Report 2020. Click here to download the report and click here to read more profiles of women in cybersecurity, including professionals from IBM, Funding Circle, KPMG and more. #TheFutureIsCyber
Read Blog Post