Over the last 20 years, I’ve seen cyber security practitioners and consultants having an increasingly vital role to play in society. Their job is to secure the world – its future.
Jane Frankland, Founder of Cyber Security Capital and the IN Security Movement, tells us about her unusual journey into the industry and gives us a whole load of useful tips for surviving and thriving in cyber security.
Tell us a bit about your journey into the industry – did you have a previous career? Did you have formal training or any work experience in the field?
I went straight into cyber security by building my own consultancy. It’s not a normal route but being in my mid-twenties, I didn’t see any limitations. Having graduated in art and design, I’d always viewed technology as being exciting, dynamic, fun and creative. I saw it as a tool that could be used much like a paintbrush. As it was constantly changing, just like nature, it attracted me like a moth to the lamp.
When I started my consultancy, Corsaire, in 1997, I chose to lead with security because it was intelligent, fun and glamorous – a bit like James Bond – and it certainly beat selling networking kit or high availability servers. Then, early in 2000, as the field evolved, I instinctively knew we needed to specialise. Recognising a gap in the market, I picked penetration testing. It was relatively new and there were only a handful of suppliers offering the solution.
What are your top tips for those looking to get into the industry?
Security has an extremely diverse ecosystem and the people within it are good fun, interesting and loyal. They range from right-brain and left-brain thinkers to techies and business execs. And, the environment is one of constant learning and challenges. To succeed you need a growth mind-set, as nothing stands still. You also need to ensure that you’re open minded, learn from the stance of a beginner, can adapt fast, and are surrounded by people who will lift you higher.
When you’re looking to get into cyber security, I recommend building your personal brand and networking profusely. By doing this, you’ll increase your chances of finding a mentor or sponsor. Sponsors are particularly useful as they propel career development, especially when they’re a person of influence within a company. Unlike a mentor, a sponsor acts as an advocate, using their knowledge, expertise and connections to advance the career of their protégés.
Finally, read my bestselling book, IN Security!
What are three of the top traits you should have to work in cyber security?
Firstly, you need to be driven and passionate about security, risk mitigation, protection and freedom. Cyber security is inherently interdisciplinary and diverse. It involves knowledge in technology, psychology, finance, business, risk, law and regulation. So it doesn’t matter whether you are skilled with people, administration, management, education, or technology.
The second trait that’s imperative is ethics. We must be sure that those who work in cyber security are ethical, honest and full of integrity, as they have to ensure the confidentiality of information, so that individuals, businesses and countries are protected from cyber criminals, cyber terrorists and cyber warfare.They should also share the values of the company they want to work in, as this builds a strong culture. When I’m building teams I look for people who share my values of empowerment, freedom, kindness, solidarity, gratitude and collaboration.
Thirdly, we need people who can think creatively and who’ll approach problem solving with a beginner’s mind. Having this trait enables us to approach new situations inquisitively and without judgement. It facilitates advancement.
Finally (am I allowed a fourth?), we need people who have stamina, resilience, agility, an ability to synthesise and to communicate. To survive and thrive, practitioners need to be able to solve tough problems, know how to connect security issues to business priorities, handle sensitive issues with integrity and difficult conversations with grace. They’ll also need to acquire good influencing skills, so they can gain support and buy-in from stakeholders within the organisation and change behaviour with employees. And, they’ll need to be able to build solid relationships with vendors whose products they’ve implemented.
Anything else you’d like to say to inspire women into this sector?
Yes! I’ve got three top tips.
My first tip is to build your network in cyber security. It’s well known that women have weaker ties than men to colleagues and cohorts both at work and outside, but expanding your network increases the likelihood of being referred for jobs and helps you tap into wider sources of information, which will help you expand your thinking and solve challenges with confidence.
My second tip is to build your visibility via personal branding. Never be afraid to shine. When you’re known and seen by people within your organisation and outside of it you open up more opportunities. Top students and employees don’t necessarily do better because of their natural ability, but because they get more attention or receive better opportunities, working conditions and compensation.
My third tip is to attract an influential sponsor. Sometimes this results naturally from building your personal brand and network, but sometimes you’ve got to set your intention at the start and approach it strategically. Sponsoring women has many benefits, and helps women who are working hard and playing by the rules to get noticed and promoted. It enables women to make broader and more strategic contributions to their organisations. Plus, it circumvents gender stereotypes and the double bind – where women are penalised for exhibiting self-promoting behaviour which is considered acceptable in men – because sponsors are able to reward their protégé’s talent and speak up on their behalf.