Author: Charley Nash

This year’s Global Cyber Summit at the International Cyber Expo boasted an impressive array of speakers from across the public and private sectors, curated by the team at SASIG. The overarching theme of this year’s Global Cyber Summit was ‘resilience’. One notable talk that called for greater industry resilience was Digital Secure By Design on day two. 

The session, chaired by Ciaran Martin CB, Oxford University Professor and Former CEO of the National Cyber Security Centre (NCSC), explored the Security by Design initiative, which is supported by the UK government and seeks to transform digital technology and create a more resilient and secure foundation for future tech.  

The discussion centred around the question: How do we design a more robust ecosystem that is not susceptible to the vagaries of patching and zero-day vulnerabilities? With speed to market a priority for most organisations, and a lack of regulation to control the security of this process, software and hardware are often sent to market as insecure. Security by design should be the base standard for software and hardware development. 

Speakers on the panel included Agata Samojlowicz, Deputy Challenge Director at DsBD, Michelle Kradolfer, National SBD Manager, Police CPI, and Jake Verma, CTO of Quantaco. 

Why is the Secure by Design initiative important? According to Kradolfer, it’s important that “ecosystems of devices” (across home and work) are secure for people, organisations and countries. This must be done in collaboration with manufacturers too. Samojlowicz noted: “computers are currently insecure by design”. 

The strong case for building securely by design is hard to ignore. Standards are becoming increasingly more important in all sectors, so why not standardise and regulate the building of software and hardware? The industry surely has a responsibility to protect consumers. Kradolfer notes that there are already “too many insecure devices out there”. 

The panellists did think that IoT security is making progress though. Earlier this year, the UK became the first country to legally mandate cybersecurity standards for IoT devices. Under the Product Security and Telecommunications Infrastructure (PSTI) mandate, manufacturers will be legally required to build security protections into any product with internet connectivity. Part of this means banning default passwords, as well as requiring manufacturers to publish vulnerability disclosure policies for reporting security flaws, provide mechanisms for securely updating software, and state minimum periods for providing security updates. 

The panel discussed why organisations want security by design to be taken seriously. For many organisations providing services, cost is a key factor, despite cybersecurity being everyone’s problem. The cost of regular patching is expensive, resource intensive and time consuming. There’s pressure and demand from end users on computer processing unit (CPU)  architecture makers to build securely to reduce costs for end users. There’s also a desire for organisations to know that their entire supply chain is meeting specific requirements, reducing risk. The recent CrowdStrike incident is a good example of this. 

The panel argued in favour of a regulation and a consolidated market, which would in turn boost innovation. Why? Because manufacturers can’t be compelled on an individual basis without regulation pressure and/or standards. It’s easier to cut corners – and cheaper. Without litigation, there’s no drive for change. 

Another example of a good government-led secure by design initiative is CISA’s aptly named Secure by Design. According to their website, secure by design means: 

“Products designed with Secure by Design principles prioritise the security of customers as a core business requirement, rather than merely treating it as a technical feature. During the design phase of a product’s development lifecycle, companies should implement Secure by Design principles to significantly decrease the number of exploitable flaws before introducing them to the market for widespread use or consumption. Out-of-the-box, products should be secure with additional security features such as multi-factor authentication (MFA), logging, and single sign-on (SSO) available at no extra cost.”  

However, the panel stressed that it’s necessary that the markers of what it means to be ‘secure’ are laid out clearly, leaving no room for interpretation. Organisations and manufacturers must understand at which point they can say a product is ‘secure by design’. It must also be laid out clearly where organisations should start. Physical security organisations are less good at this than cyber, despite physical security becoming more digitally connected. This mindset is hard to change. 

Final takeaway? There are standards for everything (food, banking etc.), so why not the security of hardware and software? Secure by design seems like a natural place to start. Regulations that build confidence and are widely accepted will make devices more secure and strengthen the entire supply chain. 

The post Secure by Design: The (Necessary) Future of Hardware and Software appeared first on IT Security Guru.

The question of how we can stop great hackers from turning to the dark side is an age old one. Resources are tight, budgets tighter. This question was reimagined by the team at The Hacking Games for a panel session at this year’s International Cyber Expo on the brand new Diversity & Skills Stage, led by Fergus Hay, Co-Founder and CEO of The Hacking Games, and Daan Dia, Co-Founder of The Hacking Games.

The panel also featured Chris Kubecka, Senior Cyber Security Advisor at Elemental Concept, and Tim Grieveson, Senior Vice President and Global Cyber Risk Advisor at Bitsight, who shared their thoughts on the future of ethical hacking, rooted in lived experiences. Kubecka, for example, was arrested at the age of 10 at her school library for hacking the US Department of Justice. 

A key theme of the panel was the importance of embracing talent. However, it’s crucial to make sure that talent doesn’t start or end up on the wrong path. The Hacking Games team see “hacking as a creative thinking mindset” that needs to be tapped early. The industry needs to find, embrace and nurture talent earlier. However, it’s imperative to educate kids on the full breadth of opportunities available, which can be hard. Fortunately, children are inquisitive naturally, the panel noted, but we need to channel the right enthusiasm in the right places.  

The panel also noted the success of existing school initiatives like Cyber Warriors, educational resources that teach cyber concepts to students developed by the Cyber Security Research Group at the University of Southampton in association with the NSCS. 

The panel speakers also noted that ethical hacking is a hard sell. It can’t compete with the glamorised Hollywood images of the hooded hackers in dark basements plotting world demise. Black hat hacking is still a crime – and a significant one at that. Ethical hacking has an image problem; it’s not ‘sexy’, but it is, undeniably, cool. Social engineering is a real job and you only have to read Jenny Radcliffe’s People Hacker book to see how cool it really is!

So why do young people turn to cybercrime? White hat hacking doesn’t pay well (necessarily). This needs to change, according to Grieveson, who thinks that attitudes to cyber budgets should change in line with increased responsibility, litigation and the changing threat landscape.   

What can the industry do to make sure kids don’t fall down the wrong path? Mentorship, for one. Having positive mentors can open doors to (legitimate) employment and opportunity for talented people. The panel noted that the industry needs to do more in this space, else we risk missing out on the next Steve Jobs who, after all, earned the seed capital to start Apple through hacking. 

The Hacking Games also announced during the session that they’re working to ‘gamify’ cyber for kids, striving to meet them where they’re at (notably TikTok, Minecraft and Roblox). The organisation has set out to reinvent cyber education for a new generation, acknowledging that traditional programmes are a turn off for kids. They’re doing this through integrations with popular online gaming platforms and by creating engaging video content (like documentaries and reality shows). 

The final takeaway? Hackers are not underground. They’re in suburban homes. Kids are an asset and should be seen as such. 

The post Start ‘Em Young: Setting Would Be Black Hat Hackers on a More Ethical Path appeared first on IT Security Guru.

Cybersecurity has a burnout problem. This is not new (or surprising) news per se, but we, as an industry, are certainly getting better at talking about it. The first step, they say, is admitting that there’s a problem. The next? Examine the scope and impact of the problem before thinking about how to solve it. Such were the key themes of a panel discussion, Combatting Burnout to Protect Both Your Data & Your Ethics, led by Andrew Rose, CISO of SoSafe, at this year’s International Cyber Expo.

At this year’s Expo, panel discussions and keynotes on the brand new Diversity & Skills Stage focused on topics affecting the people within the cybersecurity industry. Burnout is, undeniably, a pertinent topic in this area. With threats getting more frequent and more sophisticated, a perfect storm for unhealthy work cultures has emerged – and burnout is an unfortunate, but almost inevitable, by-product. Cybersecurity is already a thankless career and now professionals are having to work overtime to stop threats. It’s tiring keeping the status quo.   

During the talk, Andrew Rose was joined by Chris Denbigh-White, CISO of Next dlp, and Jasmine Eskenzi, Founder and CEO of The Zensory, a popular wellbeing, productivity and habit management app. What was particularly moving about this panel discussion was hearing from real-world practitioners on their experiences, as well as the experiences of their peers, of burnout first hand. The advice given by the speakers came from a place of true empathy, a crucial element of building a healthier workforce. The panel session strived to destigmatise burnout and it did just that. 

The session began with a short guided breathing exercise led by Eskenzi. The audience was invited to hack their senses and enter a state of focus. It is thought that there are many powerful benefits of an act as simple as taking a deep breath, one of those even includes significantly reducing phishing risk. The science behind why is a whole other article. 

Firstly, the discussion focused on how leaders can recognise the signs of stress and burnout within themselves and their teams. For CISOs, they noted that the signs of burnout may manifest as partaking in ‘self-protecting decisions’ to reduce overwhelm and burden. This could look like non-disclosure, avoidance or taking shortcuts. These acts undermine trust, a fundamental cornerstone of cyber. They noted the ethical challenges and choices that are thrown up by environments of high stress. Cutting corners is not only risky, but reckless. Yet, there’s only so much time to get work done. 

CISO Denbigh-White noted that stress and burnout don’t happen in a vacuum. Rather, it affects the whole team and presents a larger issue. He noted that real change must happen within and that, as a CISO, you have to look after yourself to be able to look after an organisation. You can’t lead a team if you don’t look after yourself properly. But what does he advise that business leaders do to reduce burnout and, in turn, cyber risk within their organisation? 

  • Listen to staff – create a workplace where staff feel able to talk about their feelings, emotions and struggles, as well as any security concerns. This must be a safe space, free of judgement.
  • Embrace automation – where possible, embrace automation to reduce burden on wider security team. 
  • Delegate – Empower staff to take on tasks with full trust. There’s a reluctance to take executive decisions with a fear of litigation and blame looming large. 
  • Recognise staff efforts – Celebrate the achievements of the whole security team. Celebrate when things go well.
  • Create a positive security culture – create a safe space for people to voice their concerns about security, without blame. 

Ultimately, the speakers noted that organisations must create safe environments where employees are able to learn and grow, with guardrails that allow them to thrive safely. A strong security stack inevitably takes some of the stress away from security teams and relieves pressure. They noted that security must be done alongside the wider industry, with clear lines of communication open. A collaborative mindset is key.

The takeaway? Strong security postures that support security teams build organisational resilience. Denbigh-White says: “Resilience is a team sport” – resiliency is best achieved when we have a support network. We need other humans; stress leads to isolation. 

 

The post Banishing Burnout: Data Security Hangs in Balance in Cyber Wellbeing Crisis appeared first on IT Security Guru.

A new report by ISACA reveals that cybersecurity teams across Europe are under immense pressure. Over half of European cybersecurity professionals (52%) believe their organisation’s cybersecurity budget is insufficient, while 61% say their teams are understaffed.

The strain on cybersecurity teams is taking a toll on their well-being. 68% report that their role is more stressful now than it was five years ago, primarily due to the increasingly complex threat landscape. In fact, 41% of respondents say they have experienced more cyberattacks in the past year, and 58% believe their organisation will likely face an attack within the next 12 months.

To mitigate the risks posed by these growing threats, organisations must invest in their cybersecurity teams. This includes hiring qualified professionals, providing adequate training, and allocating sufficient resources to ensure that teams are equipped to respond effectively to cyberattacks.

Chris Dimitriadis, Chief Global Strategy Officer at ISACA, said: “In an increasingly complex threat landscape, it is vital that, as an industry, we overcome these hurdles of underfunding and under-staffed teams. Without strong, skilled teams, the security resilience of whole ecosystems is at risk – leaving critical infrastructure vulnerable.”

Despite the need for skilled teams to protect businesses, 19% say that their organisation has unfilled and open entry-level positions available, and 48% have unfilled open positions which require experience, a university degree, or other credentials. These figures have dropped only a few percentage points (from 22% and 53%) since 2023, pointing to an ongoing struggle to fill open positions.

Over half of respondents say that soft skills are lacking the most amongst today’s cybersecurity professionals. Of the soft skills in question, 54% feel that communication skills (e.g. speaking and listening skills) are most important, followed by problem-solving (53%) and critical thinking (48%).

Dimitriadis added: “The cybersecurity industry will massively benefit from a diverse range of people – each with different skills, experiences, and perspectives. This is the key to plugging the skills gap. Once talent enters the industry, businesses can then train and upskill new entrants on the job with cyber certifications and qualifications.”

Mike Mellor, Vice President, Security Engineering at Adobe, who sponsored the research, said: “With the increasing frequency and sophistication of cyberattacks, it’s essential for organisations to adopt secure authentication methods to strengthen their defences. Adobe believes that fostering a deep security culture among all employees through anti-phishing training, combined with stronger controls such as zero-trust networks protected by phishing-resistant authentication are essential in safeguarding any organisation.”

The post Over Half of Cyber Professionals Feel Their Budget is Underfunded appeared first on IT Security Guru.

Community is exceptionally important to the team at the IT Security Guru. We believe that building community and supporting one another is where our industry thrives, that’s why we’re platforming charities, initiatives and networks that work within the industry, as well as the wider community.

One great example of this is the InClusive InCyber initiative run by the team at LT Harper, headed up by Aymun Lashari, the cyber recruitment organisation’s Head of Community.

What is InClusive InCyber’s mission?

InClusive InCyber aims to create a safe, empowering space for women in cybersecurity to connect, share knowledge, and support each other’s growth in a traditionally male-dominated industry. Our mission is to foster inclusivity, promote diversity, and build resilient networks that enhance professional development while advocating for gender equity in cybersecurity.

How did you get started? Where did the idea come from?

The idea for ICIC came from really listening to our clients and candidates at LT Harper, about their experiences of feeling underrepresented in cybersecurity spaces. We recognised the need for a close-knit, supportive community where women could share their challenges and successes, we initially started off with a group of 10 women, and now our latest event in London had over 100 participants! Just by starting small, intimate breakfast gatherings, we created a platform for candid conversations and deep connections.

Why are communities like yours so important for the industry?

Communities like ICIC are incredibly essential. We provide women with the support, resources, and networking opportunities they need to thrive in an industry where they are often misunderstood. The breakfasts also offer a platform for raising awareness about the challenges women face and the value they bring to cybersecurity, contributing to a more inclusive and innovative workforce.

What do you hope that the future of the industry looks like?

Ideally I would hope to see a cybersecurity industry where diversity is not just an afterthought but a core strength. We’re becoming equal in most markets – so why not tech, and why not cybersecurity? This needs to be an industry where women and other minority groups are equally visible, valued, and given leadership opportunities. The future I envision is one where inclusion drives innovation and resilience.

How can people get involved?

People can get involved by following LT Harper on LinkedIn, as well as joining our women’s group on LI called InClusive InCyber, they can attend our events, or simply engage in conversations around diversity and inclusion in cybersecurity. We welcome allies who are committed to supporting women and other underrepresented groups in the field!!

Anything you want people to know?

My main focus is definitely that I want people to know how allyship is critical in breaking down barriers in cybersecurity. By working together, we can create a more diverse and inclusive industry that is stronger, more innovative, and better equipped to tackle the challenges of tomorrow.

LT Harper will be bringing InClusive InCyber to the International Cyber Expo on the 24th September 2024. The breakfast morning will feature a panel discussion on risk taking. The event is invitation only and can be registered for here.

The post Community Corner: InClusive InCyber appeared first on IT Security Guru.

International Cyber Expo is once again teaming up with CrisisCast, to deliver their renowned immersive demonstrator experience, alongside exhibitors at this year’s highly anticipated event. Held at Olympia London on the 24th and 25th of September 2024, the Expo will showcase cutting-edge solutions and thought leadership in cybersecurity.

CrisisCast, known for simulating crisis environments to address emerging security challenges, will offer visitors a unique opportunity to step into the shoes of an Executive Board navigating real-life cyberattacks. Attendees will gain first hand experience of the psychological pressures faced by both attackers and decision-makers, while also observing recommended response strategies for various cyber scenarios.

As cyber threats are constantly changing, it is clear to see that an increasing number of people are fearful of the UK’s ability to combat these threats. A recent survey, conducted on behalf of International Cyber Expo, showed that a staggering 78% of people in the UK are worried about the reliance global organisations have on IT systems and software providers. The CrisisCast Immersive Demonstrator gives visitors the chance to see how organisations are able tackle the latest cyber threats, like those that are feared by the public.

At the event, leading cybersecurity exhibitors will collaborate with CrisisCast to simulate and respond to real-time cyber attack scenarios on stage. Leveraging CrisisCast’s advanced film and stage techniques, this immersive experience—featuring skilled actors and renowned production teams—will bring highly realistic crisis management simulations to the International Cyber Expo.

Joining the CrisisCast team on stage will be an impressive line-up of exhibitors, including:

  • On day one, Security HQ, METCloud, Legit Security and Safenames
  • On day two, Cyber Chain Alliance, Zurich Resilience and Cofense

The CrisisCast Immersive Demonstrator joins an already impressive line-up of things to see and do at this year’s International Cyber Expo. The Global Cyber Summit, which will run across both days of the event, will be focusing on a range of relevant topics from emerging technology to geopolitics, crime and disinformation. Similarly, The Tech Hub Stage will showcase the newest innovations hitting the market, giving visitors a unique opportunity to speak to vendors first hand.

The CrisisCast Immersive Demonstrator can be found at Stand N30.

To register for FREE as a visitor: https://international-cyber-expo-2024.reg.buzz/glonal-cyber-summit-press-release

The post Real-Time Cyberattack Simulations Take Centre Stage at International Cyber Expo 2024 with CrisisCast appeared first on IT Security Guru.

It has been announced that Check Point Software has joined as a sponsor for this year’s Security Serious Unsung Heroes Awards. Check Point joins KnowBe4, Hornet Security, ThinkCyber, Pulse Conferences and The Zensory as key sponsors of this year’s event. The awards are also supported by Computer Weekly, Security On Screen and the IT Security Guru. 

The Security Serious Unsung Heroes highlight the exceptional talent within the UK’s cybersecurity community, recognising professionals who excel in their field, often without recognition. From frontline defenders and innovative leaders to educators nurturing future talent, these awards celebrate those making a difference. The focus extends beyond technical expertise, honouring individuals championing diversity and promoting employee wellbeing within the industry. By recognising these contributions, the awards aim to elevate the cybersecurity sector and inspire future achievements.

“In a rapidly evolving digital landscape, it’s the people who make the difference in ensuring our safety. The Security Serious Unsung Heroes Awards are a testament to the resilience and expertise of those who protect our cyber infrastructure,” said  Emilie Beneitez Lefebvre, Head of Public Relations Asia Pacific & Japan , EMEA & LATAM at Check Point Software. “Check Point is thrilled to be a sponsor this year, as we believe in the importance of recognising and celebrating the unsung heroes who make the UK a safer place for all.”

Entries are now open, which includes filling in a short form detailing why the person deserves the award. Nominations will remain open until 5pm on the 6th of September 2024, before closing for review by an esteemed panel of judges.

The awards are judged by an esteemed panel of respected industry figures. So far judges include:

  • Jenny Radcliffe, author and world-renowned people hacker
  • Shan Lee, CISO at DocPlanner Group and 2023 CISO Supremo winner
  • Yvonne Eskenzi, lead organiser and director of Eskenzi PR
  • Javvad Malik, lead security awareness advocate at KnowBe4
  • Rebecca Taylor, Threat Intelligence Knowledge Manager at Secureworks and 2023 Diversity Champion winner.  
  • Tim Ward, CEO of ThinkCyber
  • Emilie Beneitez Lefebvre, Head of Public Relations Asia Pacific & Japan , EMEA & LATAM at Check Point Software
  • Irvin Shillingford, Regional Manager Northern Europe at Hornetsecurity 

Nominees, nominators, and their guests are then invited to a celebratory evening hosted on the 16th of October 2024 at St Barts Brewery in London to coincide with Cybersecurity Awareness Month. With thanks to sponsors, the Security Serious Unsung Heroes Awards are free to enter and to attend, setting it apart from other industry awards.

“People are, and always have been, at the heart of the cybersecurity industry. However, with so many threats and so much technological development, it can be easy to lose sight of the great people behind the scenes keeping us all safe. The cybersecurity community is full of people who are passionate about keeping businesses and the public safe from the threat of cybercrime, at any cost, and it’s important that we celebrate them as the heroes that they are,” said Yvonne Eskenzi, Co-Founder and Director at Eskenzi PR. “The Security Serious Unsung Heroes Awards are a brilliant way for us to give back to and celebrate the efforts of the cybersecurity community!”

  Categories this year include:

  • Cyber Writer
  •  Godparent of Security
  • Data Guardian
  • CISO Supremo (sponsored by Hornet Security)
  • Security Avengers – Best Team
  • Best Educator
  • Best Ethical Hacker/Pentester
  • Rising Star
  • Security Mentor
  • Best Security Awareness Campaign (sponsored by KnowBe4)
  • Diversity Champion
  • Cybersecurity Wellbeing Advocate (sponsored by The Zensory)

For more information, visit: https://www.securityserious.com/unsung-heroes/

To nominate, visit: https://docs.google.com/forms/d/e/1FAIpQLScFLluWtvLjwN_2YFC8GqZDezURF3aVAWKaetJpVlsvrEZABA/viewform?usp=send_form

Irvin Shillingford, Regional Manager Northern Europe at Hornetsecurity said: “We are pleased to be supporting this year’s Security Serious Unsung Heroes Awards. It’s important that we come together as a community to celebrate the incredible individuals and teams who keep us safe. We’re particularly proud to be sponsoring the 2024 CISO Supremo category. CISOs are at the forefront of keeping organisations safe, but are under increasing pressure. It’s imperative that we recognise the exceptional work that these individuals do to protect their organisations and the wider public.”

Tim Ward, CEO of ThinkCyber, said: “I’m delighted that ThinkCyber is sponsoring this year’s Security Serious Unsung Heroes Awards. These awards highlight the incredible efforts of cybersecurity professionals who tirelessly work behind the scenes to protect our digital world. At ThinkCyber, we believe in the power of recognition and the importance of celebrating those who make our industry stronger, more secure, and more inclusive. It is an honour to be part of this initiative that shines a light on the true heroes of cybersecurity.” 

Rebecca Taylor, Threat Intelligence Knowledge Manager at Secureworks  – “I am delighted to be a judge for this year’s Security Serious Unsung Heroes Awards. Winning ‘Diversity Champion’ in 2023 was a game changer for me, not only opening doors to new opportunities and relationships but giving me the confidence to keep pushing hard in my career, and for diversity, equity and inclusion across cybersecurity. I am excited to pass this – and the joy that comes with the awards – on.

I cannot wait to see the amazing pool of nominees and I am sure it will be no easy task whittling them down to the finalists! Please do nominate, whether it be an amazing individual, an organisation, or a self-nomination! All those making a difference in cyber deserve to be seen, heard, appreciated and celebrated.” 

Javvad Malik, the lead security awareness advocate at KnowBe4, expressed enthusiasm for sponsoring and judging the Security Serious Unsung Heroes Awards. He highlighted the importance of the event in recognizing the exceptional efforts within the cybersecurity community. Malik stated, “We look forward to sponsoring these awards every year to draw attention to the work that the industry and end-user organisations are doing throughout the year to educate employees and raise awareness among the public around dealing with cyber threats. In a year that’s been marked by yet more ransomware attacks, rampant phishing campaigns and the gaining pace of AI, it’s a welcome reprieve to celebrate the efforts made to keep the UK a safer place to do business.”​

 

 

The post Check Point Joins Esteemed Sponsors of Security Serious Unsung Heroes Awards 2024 appeared first on IT Security Guru.

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Ones to Watch winners selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are written in their own words with minor edits made by the editor for readability and where relevant, supplemented with additional commentary by their nominator.

In 2024, the awards were sponsored by BTThink Cybersecurity Ltd. and Plexal, with Eskenzi PR, Assured and Women in Cybersecurity UK & Ireland Affiliate as partners.

What does your role entail?

Currently, as the founder of my cybersecurity startup, TisOva, I am deeply invested in our mission to protect students from online scams. My role as an early-stage and solo founder encompasses a diverse range of responsibilities essential to our startup’s success. I dedicate a significant portion of my time to conducting thorough customer research and engaging with students and stakeholders to understand their needs and challenges comprehensively. Nurturing relationships with universities and other partners is crucial, as it fosters collaborative partnerships vital to product development and adoption.

Participating in accelerator programs has been pivotal in my journey as a first-time tech startup founder, especially as an immigrant in a new country. These programs offer invaluable guidance and insights into building a successful startup. I am always on the lookout for accelerators aligned with our product offerings, technology, and industry.

Securing investments for our company is also a crucial responsibility. From crafting compelling grant applications to developing pitch decks and engaging in conversations with potential investors, I am actively involved in seeking funding opportunities to fuel our development and growth. Additionally, I am actively involved in the development of our product and lead a multinational team of engineers, requiring effective communication, product and project management, mentorship, and collaboration to execute our mission successfully.

Building brand awareness and attracting customers are essential components of our startup’s success. I develop and execute marketing strategies, leveraging social media, content marketing, and partnerships to reach our target market and drive engagement.

Actively participating in industry events and conferences keeps me informed about industry trends, market intelligence, and helps forge strategic partnerships. I also seek guidance from mentors and advisors to refine our strategies.

Beyond my role as a founder, I am deeply committed to advancing cybersecurity through mentorship and advocacy. As a STEM Ambassador with STEM Learning and a CyberFirst Ambassador for Wales, I inspire young adults to pursue STEM careers and champion diversity, equity, and inclusion initiatives, particularly for women and within the black community. I also leverage my Education, Study Abroad and Tech YouTube Channel to do same.

Furthermore, I leverage speaking engagements to share insights on Tech & Cybersecurity, STEM education, Online safety, DEI, International Students and Girl Child education. Through these efforts, I aim to drive positive change within the industry and beyond.

What made you consider a career in cybersecurity? How did you end up in your current role?

It’s fascinating how seemingly ordinary moments can shape our destinies. For me, it all started with watching the American series ’24.’ with my family. I found myself captivated by the character of Chloe O’Brian at the Counter Terrorist Unit. Her ability to navigate criminal cases from behind her computer screen ignited a curiosity within me that would shape my future path.

Despite the absence of a cybersecurity major in Nigerian universities at the time, I pursued my passion by obtaining a Diploma in Computer Science Education, followed by a Bachelor’s degree in Computer Science. Determined to achieve my cybersecurity goal, I relocated to the United States as an international students to pursue a Master’s degree in Cybersecurity with a concentration in Cybercrime investigations from the University of Alabama at Birmingham (UAB).

Whilst studying, I worked as a Cybercrime Investigator at the UAB Computer Forensics and Research Laboratory, collaborating with tech giants, financial institutions, and law enforcement agencies. It was during this time that I delved into the intricacies of cybercrime investigation and my passion for online safety soared.

My professional journey led me to roles as a fraud investigator at BBVA and as a Technical Specialist for a leading Motorola hardware and software manufacturer, Minim. However, my journey took an unexpected turn when I witnessed firsthand the devastating impact of online scams on both domestic and international students, including my mom. This experience propelled me to leverage my expertise in cybersecurity to address this pressing issue.

In 2023, fueled by a desire to make a tangible difference, I made the bold decision to relocate to the UK on an Innovator Visa, embarking on a new chapter as the founder of TisOva—a cybersecurity startup with a mission to safeguard students from online scams and enhance their online safety.

What advice would you give to new starters?

To new starters, I encourage you to adopt a mindset of possibility and perseverance. Embrace the belief that anything is achievable with determination and dedication. Don’t disqualify yourself from opportunities before trying; apply for roles that interest you within the industry, and don’t fear rejection. Each application is an opportunity for growth and learning. And, if there’s no seat for you at the table, make one!

Embrace curiosity and continuous learning. The cybersecurity landscape is constantly evolving, so staying updated with the latest trends, technology, and threats is essential.

Furthermore, identify problems in the cybersecurity sector or within your community that resonate with you, and take action to solve them or participate in Capture The Flags (CTF). This not only creates tangible impact but also serves as a valuable learning experience and conversation starter with potential employers or mentors.

Additionally, build in public. Leverage platforms like LinkedIn to connect with industry professionals, engage in meaningful conversations, and build your network.

This is one that I personally struggled with. Don’t hesitate to ask for help or seek out mentorship opportunities when needed. Seeking guidance and support from others in the industry can provide valuable insights and accelerate your learning journey as you navigate your career paths. Remember, people are often willing to help, but they can only do so if you reach out.

Lastly, find ways to give back to the community. Volunteer for conferences, mentor colleagues or aspiring professionals, and share resources or opportunities that could benefit others. Contributing to the community not only enriches your own experience but also fosters a culture of collaboration and growth within the industry.

What’s the biggest misconception about cybersecurity that you’ve found?

One of the prevailing misconceptions in cybersecurity is the belief that older people are more susceptible to online scams. Contrary to this belief, students are increasingly vulnerable to various cyber threats, including phishing scams, identity theft, and financial fraud. Shockingly, young adults aged 34 and under are nearly five times more likely to fall victim to scams than older demographics and 1 in 3 students have encountered a scam in the UK.

At TisOva, we are committed to addressing this misconception and shedding light on the significant risks that students face in the digital age. By raising awareness about the unique vulnerabilities of young adults to cyber scams, we aim to empower students with the knowledge and resources they need to protect themselves online. Through our innovative scam detection technology and educational initiatives, we strive to create a safer online environment for students everywhere.

What do you wish you had know when you were starting out in cyber?

Reflecting on my journey in cybersecurity, there are a couple of things I wish I had known when starting out. Firstly, I wish I had understood the dynamic nature of professional relationships. I’ve come to understand that relationships, even those built on mentorship, may evolve. While mentorship and guidance are invaluable, it’s essential to recognize when a professional relationship is no longer serving its purpose. While it can be challenging, especially as a mentee, it’s okay to walk away from such relationships and seek new opportunities for growth and support. Embracing this understanding has allowed me to prioritize my well-being and professional development, fostering healthier and more meaningful connections within the cybersecurity community.

Secondly, I wish I had known earlier in my cybersecurity journey that not every aspect of cybersecurity is a perfect fit for me. Initially, I believed I needed to have expertise in every aspect of Cybersecurity, which would be an unrealistic expectation. Understanding and embracing the specific areas within cybersecurity that genuinely resonate with my interests and passions helped me focus my energy on areas where I could make the most impact. For me, the excitement and fulfillment lie in cybercrime investigations, and I am thrilled to be leading a startup aligned with this passion.

So for new starters, don’t be afraid to explore different aspects of cybersecurity early on in your journey. Trying out various roles and specialties can help you discover where your true interests and strengths lie, ultimately guiding your career path toward fulfillment and success.

 

The post #MIWIC2024 One To Watch: Valeen Oseh-Ovarah, Founder and CEO of TisOva first appeared on IT Security Guru.

The post #MIWIC2024 One To Watch: Valeen Oseh-Ovarah, Founder and CEO of TisOva appeared first on IT Security Guru.

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Ones to Watch winners selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are written in their own words with minor edits made by the editor for readability and where relevant, supplemented with additional commentary by their nominator.

In 2024, the awards were sponsored by BTThink Cybersecurity Ltd. and Plexal, with Eskenzi PR, Assured and Women in Cybersecurity UK & Ireland Affiliate as partners.

What does your role entail?

My role as a Co-Founder and Director of CyberWomen Groups C.I.C. allows me to work with students nationwide, empower them and bring new opportunities, helping them to develop in their careers. I aim to showcase the incredible work and achievements of students throughout the UK and bridge the gap between university and industry. As part of this role, I support each branch executive team to meet their goals and run branch events throughout the academic year. Further, I am passionate about enhancing the cybersecurity experience for future cyber professionals coming through university.

Concurrently, as a graduate cybersecurity engineer at Leonardo, I aim to enhance my skill set and explore the different areas of cyber. In this role, I rotate through projects, working with a range of topics spanning from network security to security policies and beyond. As a cybersecurity engineer, I work within a dynamic environment, collaborating with numerous teams across the industry, and working with a diverse range of technologies. This experience has allowed me to gain a broad understanding of the field.

Additionally, I was part of the UK Cyber 9/12 Strategy Competition 2024 organising team. This competition is an incredible way for students to gain hands-on experience with cyber policy in an exciting and dynamic environment.

What made you consider a career in cybersecurity? How did you end up in your current role?

I developed an interest in cybersecurity whilst studying for my computer science GCSE. I was passionate about learning new concepts and wanted to put these skills into practice by taking part in Capture the Flag competitions (CTFs). As well as this, I was interested in social engineering and how this plays a pivotal role in cyber-attacks. I often attended talks by industry speakers, sharing their experiences as a social engineer, which fuelled my interest in pursuing cybersecurity as a career.

This interest led me to pursue an undergraduate degree in cybersecurity at the University of Warwick. Throughout my time at university, I couldn’t ignore the clear gender gap, which was prevalent in my course, with less than a 6% representation of women. To make a change and to empower women studying cybersecurity, I, as part of a team, co-founded the initiative CyberWomen@Warwick. This initiative led to my role as Co-Founder and Director of CyberWomen Groups C.I.C.; a non-profit organisation which aims to empower women and bring new, exciting opportunities for university students interested in cybersecurity. Alongside this, I am a graduate cybersecurity engineer at Leonardo, where I continue to develop my skills and contribute meaningfully to the ever-evolving landscape of cybersecurity.

What advice would you give to new starters?

The main advice for new starters is, don’t be afraid of imposter syndrome. Cybersecurity is a vast industry with a lot of new and evolving concepts, don’t feel like you have to know everything from day one. Imposter syndrome is a common experience, even among seasoned professionals. Seek guidance and support from those around you, networking is an invaluable way to meet those with different experiences and gain a broad knowledge of different roles and experiences in cyber. There’s a wealth of knowledge to be gained from collaborative learning and shared experiences. Further, be prepared to continue learning, cyber is a dynamic industry where the landscape is constantly evolving. There are numerous incredible resources you can use to upskill and keep up with new and developing concepts. However, while there are loads of ways to learn, I think it is important to say don’t feel like you need to learn everything at once. There is a lot to learn, and your understanding will come with time. Embrace different ways of learning, gain hands-on experience by trying new projects, and simulations, and participate in events like capture-the-flag competitions to expand your skill set and explore different areas of cybersecurity.

What’s the biggest misconception about cybersecurity that you’ve found?

There is a big misconception that you must have a very technical background to have a career in cybersecurity. In reality, there are many different areas and roles that require a range of skill sets. Soft skills are very important to develop as you will need to be able to communicate with many different people across the industry. Further, cyber is not an isolating career; I thought I would be sitting behind a computer for most of the day, but this is not the case. You have to collaborate and communicate with other teams in many different roles. Therefore, whether you’re outgoing or more reserved, there’s a place for you. Another big misconception is that this is an impossible industry to get into. This is not the case, there are many pathways to enter cybersecurity, whether you are a new starter or looking for a career change. Numerous roles exist within cybersecurity, each offering opportunities for individuals from different backgrounds to contribute their unique skills and perspectives.

What do you wish you had know when you were starting out in cyber?

Starting out in cyber can be very overwhelming, there are a lot of new skills and concepts to grasp. I wish I had known about the number of amazing resources available for beginners which will guide you to understanding complicated concepts. These resources are invaluable, especially when starting your first CTF or technical challenge. Additionally, I wish I had recognised the value of community early on; there are so many incredible communities and initiatives in cyber that bring people together, fostering supportive environments which allow people to upskill and learn from each other. Collaborating and utilising a community can be especially useful when starting out with new challenges. For example, joining a CTF team not only gives you the chance to develop teamwork skills but also exposes you to diverse perspectives and problem-solving strategies, which is invaluable in your journey into cybersecurity.

The post #MIWIC2024 One To Watch: Jenny McCullagh, Graduate Cybersecurity Engineer at Leonardo and Co-Founder and Director of CyberWomen Groups C.I.C first appeared on IT Security Guru.

The post #MIWIC2024 One To Watch: Jenny McCullagh, Graduate Cybersecurity Engineer at Leonardo and Co-Founder and Director of CyberWomen Groups C.I.C appeared first on IT Security Guru.

Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024’s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee’s answers are written in their own words with minor edits made by the editor for readability and where relevant, supplemented with additional commentary by their nominator.

In 2024, the awards were sponsored by BTThink Cybersecurity Ltd. and Plexal, with Eskenzi PR, Assured and Women in Cybersecurity UK & Ireland Affiliate as partners.

What does your job role entail?

Everything. Create and deliver quality cybersecurity training and education. I work with training providers, organisations and individuals. Currently delivering professional diplomas in cybersecurity, postgraduate diplomas, industry certificates with partners EC-Council and Cloud Security Alliance. I spend a lot of time supporting the Cybersecurity community. I’m a member of an ENISA ad-hoc working group, a member of the Cyber Ireland Business Growth Committee. I’ve recently embarked on a Professional Doctorate to investigate the challenges faced by micro SMEs and cyber resilience. I am constantly learning and adding to my skill set. I love what I do and feel very privileged to be able to do it.

How did you get into the cybersecurity industry?

My journey into cybersecurity started with a strong foundation in technology and education. I began my career as an apprentice electrician, then studied electronics while working as a technician. Eventually, I found myself in a role in computer services at a college.

Teaching in further education introduced me to diverse learners, fueling my belief in accessible and flexible learning. This ethos would later lead me to found Fortify Institute, with a mission to make cybersecurity education available to all.

The idea of cybersecurity came up during a conversation with adult learners, prompting me to pursue an MSc in Applied Cybersecurity. Graduating with top honors, I seized opportunities in Ireland’s growing cybersecurity sector, especially after the onset of GDPR.

With the pandemic, I reassessed my career and realised my passion for teaching was still strong. Combining this with my expertise in cybersecurity, I founded Fortify Institute in 2022, offering flexible training solutions.

As an entrepreneur, I’ve dedicated time to various initiatives, including volunteering and community involvement. I’m also pursuing a professional doctorate, focusing on research that benefits the cybersecurity community and Ireland’s national security. Through these efforts, I aim to make a positive impact while empowering others in the cybersecurity field.

My Success Story Jan Carroll

Jan Carroll

What is one of the biggest challenges you have faced as a woman in the tech/cyber industry and how did you overcome it?

While instances of sexism have been rare in my direct experience, one of the biggest challenges I’ve faced as a woman in the tech/cyber industry is balancing career growth with raising a family. To navigate this, I made the decision to transition into teaching when my children were small. This allowed me to prioritise my family while still staying engaged in the industry.

Now that my children are more independent and don’t require as much of my time, I’ve found the time to start my company, Fortify Institute. This journey has not only allowed me to fulfill my professional aspirations but has also empowered me to contribute to the growth and diversity of the cybersecurity industry.

What are you doing to support other women, and/or to increase diversity, in the tech/cyber industry?

I’m constantly striving to do more in supporting women and increasing diversity in the tech and cybersecurity industry. I founded, Fortify Institute, with the goals to close the cyber skills gap and boost diversity. Currently, our student groups boast a 30% female representation. I actively mentor women in cyber/tech, guiding them on their professional journeys.

Additionally, I use my platform to write blogs encouraging women to consider cybersecurity careers upon their return to the workforce. I collaborate with Zerodays.ie and the Irish squad of the European Cybersecurity Challenge to recruit more women, organizing CTF boot camps for girls and young women.

In partnership with EC-Council, I advocate for free Certified Cybersecurity Technician Scholarships for women. I’m also a proud member of WiCyS UK & Ireland, furthering our mission of empowering women in cybersecurity.

Outside of direct industry involvement, I’m part of AwakenAngels, an angel investment syndicate investing in female-founded tech companies. Personally, as a mother of two daughters, I’m committed to raising them with the belief that they can pursue any career they desire, whether in tech or beyond.

Ultimately, I aim to lead by example, demonstrating that it’s never too late to embrace new challenges and learning opportunities, regardless of sex or background.

What is one piece of advice you would give to girls/women looking to enter the cybersecurity industry?

Don’t hesitate—dive into the cybersecurity industry with enthusiasm. With so many diverse roles available, you have the freedom to explore and find what truly resonates with you. And remember, it’s okay to switch paths if you discover a different aspect of cybersecurity that interests you more.

Be kind to yourself along the way. It’s natural to feel like you’re ‘winging it’ at times, but that’s all part of the learning process. Embrace challenges as opportunities for growth and don’t let setbacks discourage you.

Don’t feel pressured to meet every single job requirement perfectly. Cybersecurity is a field where hands-on experience and a willingness to learn often outweigh job specs. So, focus on showcasing your strengths and passion for the field, and the rest will follow.

Lastly, read Invisible Women by Caroline Criado Perez and get the men in your life to read it too.

The post #MIWIC2024: Jan Carroll, Managing Director at Fortify Institute first appeared on IT Security Guru.

The post #MIWIC2024: Jan Carroll, Managing Director at Fortify Institute appeared first on IT Security Guru.