Cybersecurity is important and something that can’t be ignored. However, it’s also an ongoing process for all organizations, whether big or small, with countless cyber threats emerging and causing destruction worth millions of dollars.
To learn more about cybersecurity, its implications and future, we invited Jane Frankland, the Managing Director of Cyber Security Capital, whose mission is to make the world a safer place by training and enabling diverse talents in the field of cybersecurity.
She is also the author of the book “INSecurity: Why a Failure to Attract and Retain Women in Cybersecurity is Making Us All Less Safe”, which discusses how women matter in cybersecurity because of how they assess and deal with risk.
Without further ado, let’s get to the interview:
Q.1 – What is your story and inspiration behind becoming a cybersecurity professional? As we know you have a non-technical degree.
I went straight into cybersecurity by building my own consultancy. It’s not a normal route but being in my mid-twenties I didn’t want to waste any time. I came from a background in art and design and I’d always viewed technology as being exciting, dynamic, fun, and creative. I saw it as a tool that could be used much like a paintbrush. I saw it constantly changing, just like nature, and it attracted me like a moth to the lamp.
When I started my company, Corsaire, in 1997, although I could have sold anything, the reason I chose to lead with security was really because of image. I viewed it as being intelligent, fun, and glamorous – a bit like James Bond – and it certainly beat selling networking kit or high availability servers.
In early 2000, as I saw the field evolve so I knew we needed to specialize. I saw a gap in the market and picked penetration testing/ ethical hacking. It was relatively new, there were hardly any suppliers, and once again it interested me, so that is the route we took.
Since selling the business I have advised boards and held senior executive positions at several large PLCs, including the NCC Group and now I use my 20-years of experience to help cybersecurity professionals, CISOs and entrepreneurs meet their performance objectives. My big focus, right now, is on increasing the numbers of women in the industry.
Q.2 – How do you see the future of cybersecurity? What are your concerns about it? And do you think people are now getting more aware about the significance of cybersecurity?
I see a future with more women in cybersecurity and where we’re doing a better job of mitigating risk. Awareness is growing, which is good. However, in today’s world cyber threats are becoming increasingly sophisticated which has highlighted not only a skills shortage in cybersecurity but a threat – a lack of diversity – that’s making us blindsided.
Increasingly, the industry is recruiting from the same pool – computer science, technology, and the armed forces or intelligence. While these professionals are needed and hugely valuable, having one type of profile in cybersecurity holds us back. It makes us miss things. If we’re all thinking the same thing, then you could argue that no one is really thinking.
If we look back in history, this was highlighted by Winston Churchill, who realised there was a problem and implemented “Corkscrew Thinking” and brought men and women together in Bletchley Park, and ensured they came from diverse backgrounds. He had authors, like Ian Fleming, who wrote the James Bond books, Alan Turing, who was most likely autistic, and thousands of women who were mathematicians, linguists, chess champions, and good at crosswords.
Some may have been fresh out of school, college, or university. Many believe it was this approach that lead to the Allies winning or war, or at least shortening it by several years. When we’re talking about sectors who commonly suffer from a lack of gender diversity it is likely that there is also a lack of every other type of diversity too as hiring managers usually lack interviewing skills.
Some also don’t have adequate hiring processes, which results in them hiring staff like themselves. They usually defend their actions by talking about “fitting into company culture,” yet this is often just code for hiring in their mirror image.
Q.3 – What measures would you recommend companies to protect themselves from the cyber threats that exist in today’s digital world?
My recommendations would be that we all have to work harder to plug these skills shortages and that means creating a more gender and ethnic diverse workforce. There are currently estimated to be more than 1 million unfilled cyber security jobs worldwide, which reflects a huge cyber skills shortage, or is it a shortage of ability when it comes to recruitment? Opening up your business to recruiting a diverse workforce, rather than sticking to a strict criterion of candidates, opens up a far bigger talent pool which could well include some of the best cyber security brains.
Q.4 – How will GDPR affect and influence cybersecurity?
The GDPR presents a huge opportunity for organisations to cleanse dysfunctional practices, cut uneconomical expenditures, and deliver profits. It enables trust, transparency and data protection to be built or rebuilt, whilst advancing revenues. Smart CISOs are therefore using the GDPR as a business enabler and are seeing it as a means to take their business to the next level.
Instead of focusing on negative aspects, like how much work they’ve got to do in order to comply with the GDPR, they’re embracing it and sharing success stories with their clients, customers and strategic partners. They’re communicating what they’re doing to improve their data protection and how they’re complying with the GDPR. Essentially, they’re using the legislation as a unique selling point
Q.5 – Tell us about your book, what are some key takeaways that you would like to share with our readers?
IN Security is all about why a failure to recruit and retain women in cyber security is making us all less safe. It’s a book for men and women and is fundamentally about performance. We know from research that gender-diverse teams are more productive, innovative and able to stay on schedule, and within budget, compared to homogeneous teams.
Furthermore, when women are at the helm of business, in leadership roles, not only does Gross Domestic Product (GDP) improve, but also there’s more diversity in the workforce, contributions to charities and support of local businesses. And, when women are politically and economically empowered, societies are more stable. But, the reason why women matter so much in cyber security is because of the way they view and deal with risk.
Countless studies have shown that women and men gauge risk differently and by increasing the number of women in security, organisations can gain a strategic and competitive advantage. Women are far better at assessing odds than men, and this often manifests itself as an increased avoidance of risk. As women are typically more risk averse, their natural detailed exploration makes them more attuned to changing pattern behaviors – a skill that’s needed for correctly identifying threat actors and protecting environments. They also don’t fall for attacks that are being written purely for men.
Research also reveals that women score highly when it comes to intuition, emotional and social intelligence. They’re able to remain calm during times of turbulence – a quality that’s required when breaches and major incidents occur. They use their intuitive thinking to make good decisions quickly and without having all of the information, which is a requirement in a world that values speed and agility.
But, as men tend to be more pragmatic with their thinking, what matters is that no one gender is better than another. It’s simply that we’re different, and when we come together to solve problems, we’re able to solve them faster. We progress. We evolve. This book is all about that. It includes hundreds of stories from women and men around the world plus a tonne of data.
Q.6 – There are many security solutions/products in the market and their number is constantly increasing. Do you think these are effective when it comes to basic security?
There are many products and solutions, but they don’t all address basic security practices. Basic security involves so much more than products. It means identifying your organization’s assets and the regulations you need to abide by, plus determining your risk appetite and business strategy in line with them.
Once you’ve done that, you can look at what you need to do in order to mitigate the risk. Products won’t solve the problem. And, you can never have full security. So, you need to decide how much you need and want. Then build a solution with people, processes and technology.
Q.7 – What is your take on Net Neutrality? Many distinguished organizations including PureVPN itself stands for Net neutrality and believes that all internet traffic should be treated equally.
I don’t have a problem with net neutrality as a principle or concept, but I do have concerns about Net Neutrality as legislation or public policy.
Q.8 – There are many cybersecurity experts around the world, but whom do you follow and admire the most?
I’m a huge fan of Dame Steve Shirley, although I’d put her in the tech camp rather than cybersecurity. I also admire Rik Ferguson, Quentyn Taylor, Berin Lautenbach, Tim Anderson, Dr Jessica Barker, Keren Elezari and Graham Cluley.
Q.9 – Is there anything else you would like to add that we haven’t covered in the earlier questions?
Yes. I want to say that cyber is different today. It’s not just a target. It’s a weapon and attack vector. Attacks are transforming from disruptive to destructive. With advancing threats, more connectivity, regulation and workforce mobilization than ever, and a future that’s still having to rely on the technologies of the past – operating systems, computing languages, software environments, which are vulnerable and often unsupported, evolution must occur.
Those involved must re-evaluate and redefine their understanding of threats, risks and solutions and communicate this effectively to the relevant stakeholders. They must be able to answer:
- What threats should we prepare for?
- What risks are involved?
- What processes and procedures should we implement?
- What types of people do they need to help them do this?
- What metrics should we use to measure all of this?
To answer these questions, there needs to be more collaboration and contribution from within our ecosystem – with vendors, solution providers, system integrators, intelligence agencies, first responders – and with other organizations that we may compete with. There needs to be a safe harbour too, where security professionals CAN share without fear of career reprisal from breaking their employment contracts.
Wrapping Things Up
Cybersecurity is a shared responsibility. After all, the war against cyber crime is an uphill battle, which quite frankly, can’t be fought alone. We would like to thank Jane Frankland for taking out time to sit with us and share her stories and expertise in cybersecurity.
Hope you enjoyed reading this interview with Jane Frankland as much as we enjoyed interviewing her, and learnt some valuable insights!