Senior Information Governance Officer, Tanya Fleming, shares her perspective on undergoing our NCSC-Certified cybersecurity training & how the trainer Amar Singh’s unique delivery style and rich experience helped her refresh her knowledge and prepare herself for a new role.
Cybersecurity is one of the fastest evolving and most complex sub-domains of Information Technology. Very few people can claim that they understand all of its many nuances and are well-equipped to optimise security infrastructure, implement just the right processes and always be ahead of compliance issues, let alone be prepared enough to beat any cyber-criminal in their tracks.
This is why, like many other similarly dynamic and challenging fields, training in cybersecurity is always essential and never enough. No matter how many years one may have spent managing compliance and data security, one can always learn more and benefit from a specialised course.
One of the recent participants from Cyber Management Alliance’s NCSC-Certified Cyber Incident Planning and Response Training is a paragon of the age-old adage that learning never stops. Tanya Fleming, Senior Information Governance Officer at VERITAU, has spent years implementing information assurance mechanisms, governance frameworks, creating policies to ensure compliance, providing consultancy on data protection and leading the Information Security and Incident Management team at her organisation.
Despite all this extensive experience, she was far-sighted enough to know that she would stand to gain tremendously with the world-renowned cybersecurity training delivered by Amar Singh.
Tanya was on the verge of making a career leap. She understood that a training course that would allow her to brush up her knowledge, enhance it with the shared insights of others like her and enrich it with the thought leadership of Amar Singh, would be just the kind of skill enrichment right for her at that crucial juncture.
Explaining her decision to sign up for the training, Tanya says, “I already handle security incidents and data breaches through my current role but I wanted to make sure that my understanding of processes was more aligned with what was happening in the corporate world rather than just within the public sector. By undergoing the training, I wanted to make sure that my methodology was correct, accurate and up to date as I start a new incident handling role.”
Tanya is happy to report that the training met her expectations to the letter. It reinforced the fact that she understood the processes and procedures she was most concerned with and it helped provide clarifications in a areas she felt she was rusty in.
Corroborating her positive feedback for the trainer and the delivery style, she adds, “Amar was very informative while delivering the training and he explained things in a way that’s accessible to anyone who may not even have past experience, through to those who are well-experienced. The fact that he delivers the training gives it a lot of credibility. You can tell that he has had a lot of knowledge in the area.”
Tanya enlists the following as the key aspects that made the training stand out in her opinion:
- Delivered at a great pace
- Trainer understood his audience really well
- Provision of breakout rooms which helped to intimately interact with others and get a flavour of their opinions/different approaches
We asked Tanya to share her biggest takeaway from the training. Interestingly, what she highlighted may be a seemingly simple point, but one that is most often overlooked by data security and crisis management teams – Don’t call an incident a “data breach” until you’re sure that data has indeed been breached.
“The highlight of the CIPR Training for me was that Amar kept a bit of humour through the dry bits and that really maintained everyone’s interest and made the training more effective,” quips Tanya.
More Information on the Certified Cyber Incident Planning & Response Course
The CIPR course is the perfect stepping stone for those who want to understand the basics of cybersecurity. It is also ideal for those at senior executive levels looking to enhance the cyber resilience at their organisations as well as developing their own competencies in planning, detecting and responding to a cyber-crime.
Not only is the course delivered by one of the most renowned cybersecurity trainers in the world, Amar Singh, it comes with a great reference material pack including worksheets, checklists, mind maps and free templates. It is the easiest and most effective way to enhance the efficiency and cyber-resiliency of your staff and make your business more compliant with data breach response regulations.
The world of cybersecurity and to be honest, tech in general, continues to be beleaguered with issues related to gender diversity and underrepresentation. According to a recently-released *report, women will represent 20% of the global cybersecurity workforce by the end of 2019. In the same period, Forrester predicts, 20% CISOs at Fortune 500 companies will also be women.
This figure is far too low and is nowhere near a decent representation of women in the domain. However, the scales do seem to be gradually tipping towards a more balanced position, albeit very slowly. A lot of organisations are reimagining cybersecurity roles and are opening up to the idea of having a diverse pool of professionals with diverse approaches making up their infosec teams.
Interestingly, many of these professionals, who are new to the field and many of whom are women, come from a variety of different backgrounds that have nothing to do with tech. Organisations are realising that the threat actors they need protection from comprise a diverse demographic with different backgrounds and to suitably combat the threats they pose, they need to have teams that also represent such diversity.
Two Boss Ladies of Tech
We recently spoke to two power ladies who don’t just make up the handful of women in cyber, they also represent the changing composition of cybersecurity teams across the globe. Both come from non-technical backgrounds and both lead critical divisions in their roles at Metro Bank. Carole Embling is the Information Security Manager for Compliance while Katarina Puschmann is an IT Risk and Controls Specialist within the IT Governance team.
Their non-technical past, they believe, never comes in the way because cybersecurity today has to do with a lot more than just technical knowledge. Building a robust security posture involves many other aspects such as soft skills, communications, team-building skills, crisis management, all of which cannot be taught and some of which must be innate, putting women at a unique advantage within the industry.
Carole and her 20-year journey in cyber
Carole started her career in IT security at the Royal Mail Group. Having begun as a Post Office Counter Clerk, she started on the path into Information Security by being trained as a junior business consultant back in 1990. She quickly learned the ropes of Information Security as part of a special training initiative and then became part of an integral team providing security consultancy at the Royal Mail Group. She later became an Information Security Manager at RMG and after being part of multiple organisations in the capacity of Information Security Advisor/Manager, she took on her current role as the Information Security Manager - Compliance at Metro Bank.
Carole shares that when she went into the business consultancy role in the 90s, there was an awful lot of discrimination against women and especially a young working mother like her. Most of this discrimination had to do with perceptions and the fact that nobody was used to a woman poking around asking questions about IT security at that time. However, within Royal Mail itself, there was wide acceptance because as an organisation it was very progressive, and this really helped Carole gain confidence to continue doing what she had identified would be the role defining the rest of her career.
Outside of Royal Mail, however, whenever she went for conferences or similar events, she was one of the only women in the room for many years. Carole admits that she’s still an exception and while the number of women in cybersecurity may have gone up on a global level, in smaller pockets there are still only a handful of women that can be seen in such roles. Carole quips that she thinks that she often gets invited to a lot of events related to tech and cyber, not because of her mettle as a professional, but as a token woman.
Fortunately, however, Carole does opine that the trend is changing even if it’s at a sluggish pace. This is in part because women are geared to break stereotypes of the career paths they are expected to take and in part because everyone is realising that cybersecurity is a lot more than just IT security. People are also seeing that given the right training, skills can easily be transferred from one field to another quite seamlessly.
From admin to cyber: Katarina’s interesting career transition
Katarina moved to London about 12 years ago and started working in the hospitality industry and then in the real estate space. She then worked in the HR team of a small IT company and later she took on an executive assistant role. She, in fact, joined Metro Bank, as an executive assistant but she always knew that she wanted to do something more than what this role allowed or had scope for.
It was around this time, when Katarina was deciding her next career move, that somebody in Metro Bank who headed the testing team approached her to work for him, to coordinate the environments team. This was her first IT role which wasn’t particularly technical. Her job was to understand the requests coming through for the environments team for testing. She also had to gauge her teammates’ skill sets to see which requests should go to which team member.
About two years into this role, another colleague at Metro Bank reached out to Katarina to implement certain sets of controls to ensure that the environments that were using certain kinds of data were monitored more closely and, in addition, to see which colleagues were accessing these environments. The implementation of the GDPR made such locational monitoring imperative and this was Katarina’s first exposure to implementing controls and monitoring the access management space. Thanks to this experience, she was asked by the said colleague to take up his job in the IT Governance team, which is the role she is in now.
Katarina now plays a critical role in IT controls management for the bank, providing assurance on control performance. After a recent round of restructuring, she is now also assisting with IT risk management for the bank.
Not technical knowledge, but technical understanding, says Katarina, is crucial to success in the infosec business today. She admits that her journey has been a lot different and a lot easier compared to Carole’s because she had the good fortune of entering the industry after it had already opened up. Katarina leaves no opportunity to reiterate that it’s because of the support of her team, most of whom are men, that she has managed to make a foothold in this space.
Katarina is also part of the networking group – Ladies of London Hacking Society - which supports women in cybersecurity or anyone who wants to learn hacking. The group is growing month by month which obviously demonstrates that women, in the UK at least, no longer perceive cyber or hacking roles as a preserve of men!
Our Thoughts On Women & Cybersecurity Today
While the number of women in cybersecurity is increasing every day, the main position that Katarina and Carole hold is simple – There are tons of jobs waiting to be filled in cybersecurity divisions across the globe. It’s clear that the current picture, that of a male dominated field, is not working that well. The need for watertight security is so high today and the impact of any possible risk on a business’s bottom-line and reputation can be so adverse that businesses are simply looking at roping in able professionals who can add value.
It really doesn’t matter what your color, gender or creed is. As long as you speak a common language, love to learn, challenge yourself, know how to keep your calm when the storm hits and are a hard-working person, you should look at a career in cybersecurity with deep seriousness. It doesn’t matter where you come from and what academic background you hold, if you are dedicated enough to acquire technical knowledge through self-training and have a good team to support you, you can definitely don the hat of a cybersecurity professional. If this means that the needle starts ticking in favour of a more diverse workforce and more women in cyber, then that’s a wonderful bonus!
Our CEO, Amar Singh’s opinion:
Coming from a one-parent family, I witnessed my mother’s struggle to maintain an equal footing in our male-dominated world. When it comes to women, I make no qualms about it - no woman should ever be helpless or subservient to a male, now and in the future. However, I am also a firm believer in merit and meritocracy, regardless of gender or sex, and, currently, there seems to be an urgency to balance the scales in the domain of cybersecurity.
As much as building a strong foundation takes time, building a pipeline of talent and skilled resources takes time too and it has to start from the younger years.
All organisations interested in building a strong and vibrant cybersecurity team must encourage internal upskilling - as Metro Bank did with Katarina. In addition, they must allow talented professionals from diverse backgrounds, including ethnic minorities, to see that taking up a role in cyber isn’t all that complicated. Furthermore, they should encourage existing employees in IT and cyber to help and support others when they embark on a new journey with a new role. However, all of this encouragement and upskilling must be focussed on merit alone, in my opinion, and not on the gender, race, age or creed of the employee in question.
We will continue to reach out to all professionals in our vast network, including women, men and folks from the BAME community amongst others. In a nutshell, everyone in cybersecurity and privacy who has a story to tell and an interesting journey to share, will be featured on cm-alliance.com.
It’s our belief that their stories should be shared with the young and old alike. Their stories can inspire others to widen their horizons and take on challenges that they may not even have imagined confronting otherwise!
**Report by Cybersecurity Ventures