Tell us about you?
I live with my partner and two Border terriers in Cork, however, up to late last year, I spent just a little over 19 years studying and working in Waterford.
Your background and journey to Cyber Security?
I qualified with a BSc in Commercial Software Development from Waterford Institute of Technology and immediately after finishing college I was fortunate to get a full-time role as a Service Desk agent. The role was to provide technical support to Global employees in a financial services company at their Waterford office. After which I progressed into management leading various teams on the Service Desk. Throughout that time I took a brief change of roles and managed an International Investments team. Returning to the desk for a couple of years and progressed to Senior Manager, which I really enjoyed, however, I wanted to come out of my comfort zone and try something different.
What is your typical day in Security Architecture and Planning?
My day can be a mixed bag of technical, business, and financial. I work in the Security Architecture and Planning team, which involves working with the Architect on the security roadmap to ensure that a service or product that we are assessing meets the security needs of the organization. That means working with various Security and IT teams, Legal and Finance teams, as well as vendors.
What are the challenges women are facing in Cyber Security?
Depending on what you read, women make up between 11% – 14% of the global cyber workforce. We need to encourage more young girls to embrace their technical sides, and support them in their development.
What I commonly hear from women within the industry is they feel like they are being underestimated regardless of their qualifications. There are great intentions out there to encourage more women into Security and some men are truly authentic supporters, but there’s still some unconscious bias going on that needs to be addressed. Good news for future professionals, there’s a whole bunch of us challenging this every day, and we need supporters and allies to address these biases when they see them.
Job descriptions – The industry needs to get better at writing more gender-neutral job descriptions. We know that this increases the talent pool and helps to bring a diverse set of candidates. All of which have the potential to benefit the organization.
Lack of awareness around the different roles – There are great opportunities for people with diverse skill-sets. Software engineers, data scientists, project managers, business system Analysts, Operation Managers, Strategic analysts, Security Analysts, Psychology and behavior analytics, Fraud and Financial analysts, Mathematicians, Network and Infrastructure specialists, the list goes on. Malicious characters are always trying to find a way inside, we need people to understand how to protect, defend, manage, analyze, and implement security controls.
Tips for women entering Cyber Security?
Talking to someone in the industry can be very beneficial. Search the Meet-Up site/app for security groups in your area. I follow Cork|Sec and to be honest I felt slightly intimated before I went to my first event, but they were very welcoming and their goal is to help you learn. Definitely make a point in speaking to the organizers and let them know you are interested in a career in security.
If you are thinking about switching careers, one tip is to talk to someone in your security department at work if there is one. This is how I changed careers and it started with a conversation with one of the directors, explaining my interests, what I thought my strengths were, and to see if any of those matched.
There are some great cyber women on social media who I follow that have helped me along the way. Jenny-Radcliff is also known as @PeopleHacker on Twitter and has a Human Factor Security channel on YouTube. She explains things well, particularly if you haven’t a background in security.
Women In Security Podcast by Lifen Tan has great interviews with some of the top women in Security. It’s new but she’s getting great guests with really helpful insights on how to pursue a career within security.
Don’t underestimate your abilities, bet on yourself, you will be surprised. You don’t have to be an expert at each area of security, and as someone coming from the outside, I’ve noticed patterns within security where you begin to talk about the same things repeatedly and suddenly it all makes sense.
How can we encourage girls to opt for Cybersecurity studies?
Security and Privacy are now a crucial part of the operations of a business. Daily, you hear of a new breach across all industries, so to me, security needs to be a module in business, financial, science, and IT courses. We need to widen the net to attract more people to work within the industry, and take advantage of the business opportunities within Security.
There are multiple types of roles within Cyber Security that require diverse skill sets and thinking. Whether that’s in management, project management, red team/blue team, operations, or strategic planning, there’s a whole range of areas people can study.
I do some education awareness programs with colleges and what I have found is that some of the young women in those courses took a chance on security, some with no IT background, and some who are returning to the workforce after time away. Others have a passion for IT and they want to develop their skills further. It’s really a mixed bunch, but they all signed up for the courses to learn something different and exciting.
If third-level education is not the path for you, try a FIT apprenticeship program. I’ve recruited previous students from FIT and those students have been very successful in their roles. You can also take online courses or use Cybrary which provides free online courses.
A lot of colleges have open days, make sure to approach the IT Security department to ask about their course. If you are in transition year and need to do work experience, ask someone you know who works in IT or security if you can get some experience, and if you don’t know anyone, send an IT security firm an email and express your interest.
You mentioned you work remotely – how easy or challenging is that?
Working from home suits me, because of the type of work that I do. I spend a lot of time in meetings with colleagues and vendors across North America and I also need to spend time researching vendors and services. Our company is great in that it provides me with tools that enable me to work remotely. I rarely feel disconnected because of these tools.
However, I still like to connect back with my colleagues so I visit the office a couple of times a month. To be honest, when I moved back to Cork I was worried I may have to leave my role, as I like the company I worked for, the people, and what I was doing. I was very fortunate to have a supportive management team. It was great because I could still work for them and they didn’t have the expense of recruiting someone else.
I would say working from home doesn’t suit everyone and not every job is suitable for work from home. There are times when I do miss the office environment, but you adapt.
One of the first things you need to learn is to adjust the way you communicate. If you are used to seeing people face to face daily, you need to make an effort to communicate more, and likewise so does your manager. Check-in with close colleagues, call them rather than email. Make sure that when there are meetings planned that you send a message to the organizer before the meeting to let them know you are dialing in remotely so you are not missing any pre-meeting conversations.
Always being online. Initially, I felt like I always had to be available so I could respond to someone’s messages immediately, for fear that they thought I was slacking, which is a quite common feeling I hear from people when they first work from home. However, you don’t work like this in the office and you soon realize that’s not manageable. There will be times you will need a 10-minute breather after a really intense meeting.
I get more done when I work from home as I don’t have as many interruptions which is a positive, especially if we have a deadline or I have a lot to do. However, I am quite clear about my finish time. If I have a late meeting, then I start work later, or I decline it/reschedule it. It’s actually easier to leave the office at home than the office at work.
Stay involved. I like to keep up to date with company news and take part in company events. I’ll also try to align my days in the office with company events or when executive leaders are visiting. I also make a point of setting aside time to meet up with people for a quick catch-up, especially with those I mentor.
I designed my office space at home. So it’s set up the way I like it and it’s spacious. If you are working from home, here’s a good tip, buy a decent chair! Don’t use the kitchen chair, it’s going to hurt your back. Personalizing my workplace was something I enjoyed doing and I enjoy the time I spend in my home office.
Better for the environment, better health – I’m not driving to work that often so fewer emissions, and I’m also not adding to that very large line of traffic! I’ve also started walking during my lunch breaks, which helps me to break up the day. A quick 15 -30 minute walk can do the world of good for your mental health, as it can break up your workday. I’d recommend you do this in the office too if you can.
How do you manage your work-life balance? What keeps you sane? Any hobbies?
Yes, you definitely need your time away from everything, whether that’s work or taking care of family, I’m a big advocate of taking time out for yourself. You can’t give back if you are not refueling yourself.
You need to define what is acceptable for you and what your limits are with work. Whether that is to finish at 6 pm every day, with the only exceptions being the critical issues. If there’s a critical issue every day, then that’s a problem and you need to have a good chat with your manager.
I have a retired gelding that I love spending time with. I used to participate in Riding club activities with him which meant I was very busy in the evenings and weekends. I love being in the outdoors and especially enjoy walking in the countryside with my two energetic border terriers. I spend a lot of time thinking so walking definitely helps me make sense of everything.
I’ve recently discovered the joy of podcasts too, I know, I’m late to the game. On occasion I inadvertently find myself listening to my partner’s podcasts, which are typically Arseblog or IGN. I’m not a fan of football, but I can definitely say that Arsenal is hoping for the top four again this year! The IGN podcasts are actually quite good, especially when they attend events like the DICE summit or E3.
What advice can you give to companies who haven’t adopted remote work for their employees?
I work for a global company and our IT teams have worked very hard to ensure our employees can work anywhere any time. This has been such a positive in our company and it makes you feel like you are working for a company that trusts its people, is modern in the way we work and the tools we use has access to talent in a global environment and makes an effort to ensure those working remotely feel included. One of the biggest advantages is that if you live in one of the larger cities and you have an hour commute to work each way, working from home 1-2 days during the week can save on those commute times and puts less stress on the person traveling.
Give your employees the tools to do their jobs effectively. Ensure you provide the technology to work remotely, some of the basics like VPN, Softphones, Web Conference tools, instant messaging tools are essential. Make it easy to work remotely and ensure that the tools you put in place perform at a high level with strong security and that you train your employees on how to use those tools.
Educate and build awareness programs for your employees about keeping secure while working remotely. Make sure they know about not connecting to untrusted/ unsecured Wi-Fi networks, e.g. free Wi-Fi at the airport or coffee shops. Look out for shoulder surfers, or people listening to your phone conversations in public places.
If you have doubts, implement a work from the home pilot with some departments and monitor the results of both the employees and managers. Make sure to set the pilot up for success and work with the teams to define the expectations of the pilot. Give it about 6 months as managers and employees learn how to work in a new way.
Interview with Fiona Murphy, Information Security strategic initiatives & Cyber Women Ireland Co-Founder.
A Day in the Life of a Cyber Security Professional interview by Dina Vyapuri.