During this year's AISA national conference, now renamed as the Australian Cyber Conference, a panel discussion with Lynwen Connick from ANZ, Rachael Falk from Telstra, Michelle Price from AustCyber and Vanessa Pegueros from DocuSign discussed their careers and what can be done to ensure there is diversity in our cybersecurity workplaces.
The discussion, moderated by EY's Georgina Crundell started by asking each of the panellists how they started their careers in cyber security. Despite the way our education pipelines work, it was clear that there's no single right way to laugh a career as a cybersecurity professional. For example, Pegueros' career started when the was the company she was working at had a security assessment completed on a wireless network only to discover things were not quite as secure as expected. Called into her boss' office, she received the equivalent of a battlefield promotion to director of security to fix the problem.
Falk, on the other hand, has a fondness for solving problems and puzzles. As a corporate lawyer with Telstra, she's been involved in several data breaches and decided on a short term secondment to work as a bridge between the technology and business sides of the company. She is now several years into that 12-month secondment!
The path less travelled was also taken by Connick. She fell into her IT career after moving from the Bureau of Meteorology to the Australian Signals Directorate and has worked with government on the national Cyber Security Strategy before moving to become the most senior infosec professional at the ANZ Bank.
Anyone telling you there's a single path to becoming a cybersecurity professional or that that you need a specific set of tightly defined skills may not be offering the best advice.
When it comes to those skills, there was a consensus among the panellists about the importance of curiousity, problem solving, psychology and design thinking. All four panellists singled out curiousity as a an undervalued skill, noting it was often "untaught" as students progressed through the education system. All four speakers also said there might be too much focus on purely technical skills. For example, Price noted that toddlers can use digital device effectively because they have learned to imitate adult behaviours. When a young child knows what passcode to enter and access a parent's device, that is a form of "hacking".
For example, Falk said she had not ever been a coder but that has not stopped her from being a highly effective security executive. By being curious and choosing challenging jobs she liked, Falk forged a successful career. Connick agreed saying it was important to do jobs you love as there are lots of different jobs in cyber.
Diversity is not just about gender added Connick. We need people at different ages and stages of their careers as well as gender, culture and skills. By reselling people as they develop and move through a career, providing them with the skills they need as they need them you can help people progress through their career. Price added that it's important to not see careers through the lens of the past. During the post war era, careers were seen as long term plans where there was, more or less, linear progress from entry level to leadership positions if you had the skills and stayed long enough.
Today's workforce is more likely to be seeking a "series of life experiences" Price said.
That's important to consider. Falk noted the importance of finding a set of different mentors, a kind of "board of advisors" who could provide guidance and support when you need it. She also noted that your career doesn't suddenly evaporate if you take a break from full-time work. But you can continue to use your skills, perhaps in short term or part time consulting roles during different seasons in life.
When it came to older workers, all four panellists said there were substantial benefits in retaining and attracting more experienced campaigners. For example, Falk noted that more experienced operators tend to be calmer in a crisis and have strong grounding in the important area of governance. Connick concurred, sailing that cyber is sometimes unpredictable and maturity hols ride out the storms. By ordering more flexible work arrangements, it's possible to retain those skills, support older workers in passing them on and give younger workers the oportunity to learn from older mentors.