Cyber security is like a rugby team – there are such a huge range of opportunities, there’s a place for everyone.
Ellie Hurst, Marcomm and Media Manager of Advent IM, admits she fell into the industry almost “by accident”, but in the last eight and a half years has become a passionate cyber security advocate. Despite not being a maths whizz or coding expert, she’s found her place within the sector – and she’s keen for others to find theirs.
In our interview with Ellie, we discuss the importance of better communication within the sector. Communication doesn’t begin and end with product marketing, she explains. Different functions within a business need to communicate, practitioners and experts need to communicate with each other and with the public, and we all need to inspire the next generation by communicating the wide range of opportunities to girls and young women in schools and universities.
First things first, could you tell us a bit about your journey into cyber and the critical role of communication within the sector?
I’ve always worked in information and communication, but I fell into cyber security almost by accident. I’d witnessed how businesses aggregate data to come up with solutions and noticed a huge gap between the way they utilise data and their ability to protect it. There is also a lack of communication between silos in a business and within the industry as a whole, partly because different, fragmented teams aren’t always sure how to communicate with each other or with the board.
Aggressors communicate and share best practices, tools and knowledge in a way that we don’t. And I genuinely believe that improving our internal and external communication is critical if we’re going to get ahead of the attackers. So when a role came up with the opportunity to increase the level of awareness surrounding data protection and cyber security, I couldn’t resist!
Do you have any tips or advice for young people looking to get into cyber?
From a comms point of view, I would advise aspiring practitioners to be prepared for every day to be a school day, and to put yourself out there and offer yourself as a resource to your business in order to improve and refine communication between security silos. A communications role in cyber security is so much more than just marketing products and services – and that’s what makes it so interesting! Working in comms, you have to live and breathe the industry: you have to be extremely connected.
Looking at the sector more broadly, young people hoping to start a career in cyber should think about joining industry bodies like The Security Institute and CySec, as membership will open you up to new business opportunities and networks, as well as expanding your lexicon. Don’t see yourself as separate – be part of the industry and part of the change. Get involved!
How do you think the industry needs to change to encourage more diverse thinking and ensure there’s a broad range of skills, experiences and backgrounds?
Cyber security functions differently to many other sectors: it’s an inverted triangle. Unlike being a doctor, for example, where you start working as a general practitioner with a broad knowledge base, in cyber you tend to start as a specialist (i.e. pen testing or data protection) and learn other specialisms as you spend more time working in the sector. As a result, it’s sometimes difficult for different silos to communicate with each other.
I believe we need to invert the triangle and build a solid foundation made up of young people who have a great understanding of all the key aspects of security and are able to see how it fits together. There are benefits to starting out with a specialism of course, as it means there are a wide range of paths into the industry, but it’s the gaps between these specialisms that put us at risk from cyber attacks. Some businesses are developing blended, multi-functional security teams which is fantastic, because I believe it’s the direction the industry needs to take.
The way we’re addressing cyber security in education also needs to change, as it tends to be seen as an “extra” that’s bolted on to an IT degree. As the need to protect our data, information and systems grows more critical, we need to respond by making cyber security a core focus both in school and at university.
What can we all do on a personal level to inspire young people to take up a career in cyber?
There aren’t enough female role models within the industry, which is why I never say no to opportunities to engage the next generation. I want to be seen and visible and waving the flag for everyone to join cyber security. The industry is incredibly accepting – not just of women but also of neurodiverse people and those with different backgrounds. There really are such a wide range of opportunities, but as an industry we’re not always very good at communicating this outwards.
There is always something you can do to inspire young people – and it doesn’t need to be big. If you’re invited to speak at a university or a conference, that’s a big thing. But you could also offer yourself as a mentor at a local school, or write some simple collateral for teachers to share with students. You don’t have to be standing on a podium to make a difference. That’s why I’m so keen to engage with industry bodies and institutes, because several offer mentoring opportunities and schemes for students run by industry stalwarts who can offer their experience, knowledge and – importantly – encouragement.
Have you experienced any challenges as a woman working in cyber security?
When I started working for Advent IM, we wanted to make sure our values worked at 3 levels: how we treat each other as colleagues, how we interact with clients and how to ensure everything we do raises the profile and perception of the cyber security industry as a whole.
Working in comms, I’ve had the opportunity to be a driving force for this change, as our values are in every piece of communication we publish and every action we take. As a result I’ve found myself in events and conferences that are male-dominated, so even though there are more women in comms I’m keenly aware of the lack of women in the industry as a whole.
What would you say to young girls to inspire them to take up roles in cyber security?
Be the change you want to see. If you have an interest (or think you might have an interest) in cyber security, you should contact an industry body and find a mentor who can help and support you and find the space that you’re looking for. Every journey starts with the first step, so don’t be daunted. Security is like a rugby team – there’s such a huge range of opportunities, there’s a place for everyone.