Diversity in Cybersecurity - Carole Embling & Katarina Puschmann
Date: 2 September 2021
The world of cybersecurity and to be honest, tech in general, continues to be beleaguered with issues related to gender diversity and underrepresentation. According to a recently-released *report, women will represent 20% of the global cybersecurity workforce by the end of 2019. In the same period, Forrester predicts, 20% CISOs at Fortune 500 companies will also be women.
This figure is far too low and is nowhere near a decent representation of women in the domain. However, the scales do seem to be gradually tipping towards a more balanced position, albeit very slowly. A lot of organisations are reimagining cybersecurity roles and are opening up to the idea of having a diverse pool of professionals with diverse approaches making up their infosec teams.
Interestingly, many of these professionals, who are new to the field and many of whom are women, come from a variety of different backgrounds that have nothing to do with tech. Organisations are realising that the threat actors they need protection from comprise a diverse demographic with different backgrounds and to suitably combat the threats they pose, they need to have teams that also represent such diversity.
Two Boss Ladies of Tech
We recently spoke to two power ladies who don’t just make up the handful of women in cyber, they also represent the changing composition of cybersecurity teams across the globe. Both come from non-technical backgrounds and both lead critical divisions in their roles at Metro Bank. Carole Embling is the Information Security Manager for Compliance while Katarina Puschmann is an IT Risk and Controls Specialist within the IT Governance team.
Their non-technical past, they believe, never comes in the way because cybersecurity today has to do with a lot more than just technical knowledge. Building a robust security posture involves many other aspects such as soft skills, communications, team-building skills, crisis management, all of which cannot be taught and some of which must be innate, putting women at a unique advantage within the industry.
Carole and her 20-year journey in cyber
Carole started her career in IT security at the Royal Mail Group. Having begun as a Post Office Counter Clerk, she started on the path into Information Security by being trained as a junior business consultant back in 1990. She quickly learned the ropes of Information Security as part of a special training initiative and then became part of an integral team providing security consultancy at the Royal Mail Group. She later became an Information Security Manager at RMG and after being part of multiple organisations in the capacity of Information Security Advisor/Manager, she took on her current role as the Information Security Manager - Compliance at Metro Bank.
Carole shares that when she went into the business consultancy role in the 90s, there was an awful lot of discrimination against women and especially a young working mother like her. Most of this discrimination had to do with perceptions and the fact that nobody was used to a woman poking around asking questions about IT security at that time. However, within Royal Mail itself, there was wide acceptance because as an organisation it was very progressive, and this really helped Carole gain confidence to continue doing what she had identified would be the role defining the rest of her career.
Outside of Royal Mail, however, whenever she went for conferences or similar events, she was one of the only women in the room for many years. Carole admits that she’s still an exception and while the number of women in cybersecurity may have gone up on a global level, in smaller pockets there are still only a handful of women that can be seen in such roles. Carole quips that she thinks that she often gets invited to a lot of events related to tech and cyber, not because of her mettle as a professional, but as a token woman.
Fortunately, however, Carole does opine that the trend is changing even if it’s at a sluggish pace. This is in part because women are geared to break stereotypes of the career paths they are expected to take and in part because everyone is realising that cybersecurity is a lot more than just IT security. People are also seeing that given the right training, skills can easily be transferred from one field to another quite seamlessly.
From admin to cyber: Katarina’s interesting career transition
Katarina moved to London about 12 years ago and started working in the hospitality industry and then in the real estate space. She then worked in the HR team of a small IT company and later she took on an executive assistant role. She, in fact, joined Metro Bank, as an executive assistant but she always knew that she wanted to do something more than what this role allowed or had scope for.
It was around this time, when Katarina was deciding her next career move, that somebody in Metro Bank who headed the testing team approached her to work for him, to coordinate the environments team. This was her first IT role which wasn’t particularly technical. Her job was to understand the requests coming through for the environments team for testing. She also had to gauge her teammates’ skill sets to see which requests should go to which team member.
About two years into this role, another colleague at Metro Bank reached out to Katarina to implement certain sets of controls to ensure that the environments that were using certain kinds of data were monitored more closely and, in addition, to see which colleagues were accessing these environments. The implementation of the GDPR made such locational monitoring imperative and this was Katarina’s first exposure to implementing controls and monitoring the access management space. Thanks to this experience, she was asked by the said colleague to take up his job in the IT Governance team, which is the role she is in now.
Katarina now plays a critical role in IT controls management for the bank, providing assurance on control performance. After a recent round of restructuring, she is now also assisting with IT risk management for the bank.
Not technical knowledge, but technical understanding, says Katarina, is crucial to success in the infosec business today. She admits that her journey has been a lot different and a lot easier compared to Carole’s because she had the good fortune of entering the industry after it had already opened up. Katarina leaves no opportunity to reiterate that it’s because of the support of her team, most of whom are men, that she has managed to make a foothold in this space.
Katarina is also part of the networking group – Ladies of London Hacking Society - which supports women in cybersecurity or anyone who wants to learn hacking. The group is growing month by month which obviously demonstrates that women, in the UK at least, no longer perceive cyber or hacking roles as a preserve of men!
Our Thoughts On Women & Cybersecurity Today
While the number of women in cybersecurity is increasing every day, the main position that Katarina and Carole hold is simple – There are tons of jobs waiting to be filled in cybersecurity divisions across the globe. It’s clear that the current picture, that of a male dominated field, is not working that well. The need for watertight security is so high today and the impact of any possible risk on a business’s bottom-line and reputation can be so adverse that businesses are simply looking at roping in able professionals who can add value.
It really doesn’t matter what your color, gender or creed is. As long as you speak a common language, love to learn, challenge yourself, know how to keep your calm when the storm hits and are a hard-working person, you should look at a career in cybersecurity with deep seriousness. It doesn’t matter where you come from and what academic background you hold, if you are dedicated enough to acquire technical knowledge through self-training and have a good team to support you, you can definitely don the hat of a cybersecurity professional. If this means that the needle starts ticking in favour of a more diverse workforce and more women in cyber, then that’s a wonderful bonus!
Our CEO, Amar Singh’s opinion:
Coming from a one-parent family, I witnessed my mother’s struggle to maintain an equal footing in our male-dominated world. When it comes to women, I make no qualms about it - no woman should ever be helpless or subservient to a male, now and in the future. However, I am also a firm believer in merit and meritocracy, regardless of gender or sex, and, currently, there seems to be an urgency to balance the scales in the domain of cybersecurity.
As much as building a strong foundation takes time, building a pipeline of talent and skilled resources takes time too and it has to start from the younger years.
All organisations interested in building a strong and vibrant cybersecurity team must encourage internal upskilling - as Metro Bank did with Katarina. In addition, they must allow talented professionals from diverse backgrounds, including ethnic minorities, to see that taking up a role in cyber isn’t all that complicated. Furthermore, they should encourage existing employees in IT and cyber to help and support others when they embark on a new journey with a new role. However, all of this encouragement and upskilling must be focussed on merit alone, in my opinion, and not on the gender, race, age or creed of the employee in question.
We will continue to reach out to all professionals in our vast network, including women, men and folks from the BAME community amongst others. In a nutshell, everyone in cybersecurity and privacy who has a story to tell and an interesting journey to share, will be featured on cm-alliance.com.
It’s our belief that their stories should be shared with the young and old alike. Their stories can inspire others to widen their horizons and take on challenges that they may not even have imagined confronting otherwise!
**Report by Cybersecurity Ventures