The cybersecurity world is evolving faster than ever, and one thing is crystal clear: diversity and inclusion are not just buzzwords – they’re must-haves for creating robust teams.
In this blog, you’ll hear from a former law graduate turned Cybersecurity Analyst on how her Master’s, which touched upon social media, led her to a career in cybersecurity policy at the Home Office. She tells us all about her graduate scheme experience, her advice to those without a technical background and shares strategies for creating a more inclusive culture in the field.
Let’s dive straight in!
How did your Master’s dissertation on social media’s impact on people’s self-image lead to your interest in cybersecurity policy?
As I delved deeper into the effects of social media and the internet on people’s experiences, I couldn’t help but wonder ‘Should this be regulated? Should there be more policies in place to protect people’s online privacy and security?’. With the lightning-fast growth of the internet in all areas, it was clear that legislation and policy hadn’t quite caught up yet.
Being a law graduate, my mind always leaned toward legislation and policy, and my Master’s degree in Political and Legal Theory only fuelled that fire. As I gained a more theoretical understanding of all things cyber, including social media, I realised I needed more technical knowledge to make a real impact, so I joined a graduate scheme with the Civil Service to get that technical know-how.
What was your experience like in the graduate scheme, and how did it prepare you for your current role as a full-time analyst?
My experience in the graduate scheme was a game-changer. It gave me the perfect opportunity to get hands-on experience with my current team and understand their workflows. Being a Response Manager helped me learn how to write playbooks, consolidate policy and work on business-based objectives. All this experience gave me a better understanding of how we work as a team and our function in the wider UK Home Office.
With this solid foundation, I was able to hit the ground running in my current role as a full-time Cybersecurity Analyst. Understanding what I was signing up for and the work my colleagues do helped me excel and make an impact from day one. I’m proud to say that my graduate scheme experience has given me an edge and set me up for success in my current role.
What motivated you to move on from the graduate scheme and focus on becoming a full-time analyst? How was the transition?
I was craving deeper technical knowledge. So, I took the leap and decided to get hands-on experience in cyber analysis for protective monitoring.
Now, I deal with alerts and provide direct assistance, instead of writing playbooks and consolidating processes.
Luckily for me, I already knew the team and manager I was moving to, so it was a smooth ride. Having supportive peers and colleagues who cheered me on definitely helped me through the process.
What advice do you have for individuals with non-technical backgrounds who are interested in pursuing a career in cybersecurity, and how can they develop the necessary skills and knowledge?
You don’t need a technical background to make it in this field. What I’ve found helpful, however, is critical thinking skills, especially for proactive and reactive cybersecurity roles. Threat analysis, for instance, requires a critical thinking mindset and the ability to think outside the box, considering how an attacker might act or how a vulnerability might be exploited. It’s not about knowing binary coding or Python; it’s about being able to think differently, which is where having people with diverse backgrounds in your team really helps.
There’s still the question of how you get started on the path to becoming a cybersecurity expert. I’d advise taking industry-accredited courses. Not only will they look great on your CV, but they’ll also give you the skills you need to get started. I’d also recommend pursuing topics that you enjoy and find interesting, and the rest will fall into place.
How can cybersecurity companies and organisations work to create a more welcoming and inclusive culture for individuals from diverse backgrounds, and what strategies have you found effective?
The first step is to start having conversations and groups where employees can discuss their unique experiences. This helps to raise awareness about the importance of diversity and how it can be improved.
At my workplace, we have established various networks, such as the LGBT networks, groups for those from lower socioeconomic backgrounds and also women’s groups.
If you’re looking for more inspiration, check out “Off Mute”, a podcast that features conversations with women who have experienced being the only female in a meeting or room. You’ll gain life advice and work experience to help you navigate similar situations with confidence.
And let’s not forget about our managers! We need managers who are conscious of the importance of diversity and inclusion and who are willing to discuss it. They are the best allies, regardless of their own backgrounds. Effective communication is the key to creating a culture that’s welcoming and inclusive for individuals from all backgrounds.
How do you see the field of cybersecurity evolving in the coming years, and what impact do you think diversity and inclusion will have on this evolution?
Automation is on the rise, and we can’t ignore it. We need to get used to using it in our work to deal with new threats that we haven’t seen before. And AI? It’s going to play a major role in this evolution, so don’t sleep on it.
Now, when it comes to diversity, it’s not just about ticking boxes. We need diversity of thought and different perspectives to approach problems in new ways. Critical thinking is essential, and having people from different backgrounds and experiences will help us spot new threats and vulnerabilities that others might miss. That’s why diversity and inclusion are crucial in the cybersecurity field.