Tell us about your role and responsibilities within your organization.
My work primarily focuses on building a team that serves as a force multiplier to our cybersecurity vision with concentrated attention to enterprise needs within specific focus areas [like the public sector]. Within Sophos, I lead the global field CTO team, a highly experienced group of executive-level cybersecurity experts, who are also accomplished researchers, innovators, entrepreneurs, and spokespeople within their domains. For my role, I am the “field CTO for the public sector,” so I focus on most of my work on government and education.
What inspired you to take up a career in the security field?
I joined the tech world as a systems administrator and web developer. After working with startups, I had the chance to be part of the engineering team that migrates NASA’s applications to the public cloud. A very big project: just moving NASA’s “flagship portal” of nasa.gov, which contains around 200,000 pages of content, took about 13 weeks. After this, I joined another startup where I helped clients automate IT workflows, including complex security controls. I developed an open source tool that automated security benchmarks during this time. It was this experience that inspired my initial work in security.
How do you tackle challenges in your job?
There are different types of challenges. They are typically either challenges regarding insufficient knowledge or constraints. In both cases, the options are to reduce the impact of the challenge, remove the challenge altogether, or work through the challenge. Regardless of the preferred option, it’s always important to me to ensure a fast feedback loop regarding the approach I decide to take. These feedback loops tell me whether or not I should address the challenge differently based on observable facts. My common approach to this system is by formulating a hypothesis: “Given what I know to be true, I will attempt Y-approach,” where the approach is developed independently or with a team. Then, an equally important part of that hypothesis is defining indicators of success and failure. What does it look like for Y-approach to have succeeded? What are the failure indicators? The idea is to make it easy to try the next hypothesis without falling victim to sunk costs or other traps. This approach allows me to address challenges in my work effectively.
Why is it important to have a diverse workforce in this field? How does it benefit cybersecurity?
In cybersecurity, information sharing is critical to problem-solving and providing the best protection to defend against cybercriminals. By having diversity in skill, gender, background, and much more, we have a more holistic way of developing the best possible outcomes for solving a problem, whether it’s in cybersecurity or other team development efforts.
How can organizations pave the way for a future of female cybersecurity leaders?
Embracing the concept of female cybersecurity leaders starts at the top as a company mission. This also includes ensuring that performance reviews and the hiring process is structured and consistent to support all individuals objectively.
What would be your advice for someone who wants to start a career in cybersecurity?
To start a career in cybersecurity, review the different aspects of the field to get an overview. There are a lot of different niches, so it’s good to learn a little bit about a lot, first, and when you find an area that is interesting, go all in.
What unique challenges and opportunities do you face in today’s world, and how have you navigated these challenges to achieve your professional goals?
Recently, I’ve been appointed as the leader of Sophos’ inaugural global Field CTO team. I’m excited about the opportunity to make an impact on our mission of improving security outcomes. Within this function, I think about large-scale challenges such as increasing economic constraints or even the growing impact of ransomware on critical infrastructure organizations. The way I navigate this, in the context of my professional goals, is to optimize for maximum outcome probability. In practice, this means that I try to look for a primary goal (even in the short term) that will make other objectives less critical or unnecessary.
What can tech players do to support and promote the participation of women in the digital economy?
More than before there are resources to facilitate getting more women into tech. These resources are seemingly everywhere, including for young girls in school, women in college, women transitioning careers, and even for those of us already in the industry. In addition, organizations are now capitalising on their female workforce by organizing internal groups and programs dedicated to women and externally by using them as ambassadors or key speakers during conferences tailored for women [WiCyS is my favorite!].
Your message to younger generations who are aspiring to become future tech leaders.
Don’t think about your career in terms of, “I want to be a leader,” it reduces your chances of success. Think about your work in terms of being part of a journey to help others in a meaningful way while remaining true to your values and principles. Focus deeply on enjoying the process of growth of your knowledge, and let time and experience develop your opinions and objectives organically. Do this, and over time you will inevitably end up in positions where you can lead others toward a common goal.
Do you see less women working in the IT or Telecom industry? Give reasons for both yes or no?
No, I think it’s the opposite. There are more women now in IT, even in cybersecurity. More than before there are resources to facilitate encouraging women to pursue technology careers. These resources are seemingly everywhere, including for young girls in school, women in college, women transitioning careers, and even those already in the industry. In addition, organizations are now capitalizing on their female workforce by organizing internal groups and programs dedicated to women, and externally by using them as ambassadors or keynote speakers during conferences.
What initiatives are your company taking to empower women to join the tech industry?
Sophos has a wonderful group of women within an internal resource group called Sophos Women in Tech [SWiT] and it’s fantastic. Initiatives within the group include addressing gender pay gaps at a global level, promoting STEM among school-aged girls, and facilitating mentorship and training for women within the company to improve their skills in areas in which women often have less experience or confidence [Such as negotiating]. It’s truly impressive.