Introducing our very own Suzanne Graham, Lead Cybersecurity Consultant

• How did you get into cybersecurity? Why did you choose it?

I didn’t choose Cybersecurity as such.? I started the technology aspect of my career in application development and management of which technical security was a key aspect.? As my career evolved data security and management became more prevalent especially considering the industry areas that I was predominantly involved in ie offender management and policing.? Data security also included physical and personnel security so I developed into ‘Head of Technology and Security’ types of roles.

• Do you think your leadership style as a woman differs to that of a man? How?

As a woman I have been on the receiving end of assumptive behaviours.? I think this has made me more aware of my own prejudices enabling me to challenge myself at times, as well as being aware of assumptive behaviour and prejudices for other people.?? Because I have challenged myself and others who have behaved in a prejudicial manner towards myself, I feel I have developed an ability to challenge in a non-aggressive manner and discuss prejudicial behaviour that I see exhibited by other people (not just men).??

Because of my experiences I think I am also very aware of potential recipients of prejudicial behaviour resulting in identifying potential discriminatory behaviour either within my teams or to team members.

• Why do you think there are so few women in cybersecurity? How could we attract more female interest?

I see the numbers of women increasing (its still not proportional to men) in Cybersecurity which is very positive.? However I think it needs to be discussed in early career years (including schools) but not presented as a programming/technical only subject.? There are many aspects to Cybersecurity such as social engineering, data governance, malicious activity, etc which is likely to attract people from different backgrounds, genders etc.

I also think we should move away from the male/female gender categorisation when looking at Cybersecurity as this categorises individuals who may not consider themselves to be either (bi, trans, pan etc).

• How do you feel the level of diversity relates to success in an organisation? Why?

In my opinion diversity is critical in an organisation that is engaged in an evolving environment such as Cybersecurity.? Cybersecurity is a very much a developing field especially with developments in artificial intelligence that we need a diverse in terms of age, culture, gender profiles to make sure it is reflective and accommodating of a diverse business environment.

• Do cybersecurity roles offer flexibility for working mothers? Could there be improvements?

I’d rather use the phrase working parents rather than just mothers.? Cybersecurity is not a 9-5 role and doesn’t need to be office based.? I think this could be recognised more with individuals being measured performwise on outputs rather than time at a desk.? I think this would enable parents to adjust their working hours around family life but also enable organisations to get the best thinking wise out of employees as not everyone works most effectively between 9 and 5.

• As a woman in cybersecurity, what are the best and worst experiences you’ve encountered?

Worst Experiences

1. Several years ago I’ve was told to ‘shut up because I’m a woman and don’t know what I’m talking about’ in a meeting environment.? The Meeting Chair spoke to the individual outside of the meeting about this.
2. When we were more office based I was regularly asked to take notes of meeting – the assumption being that as a woman I would do the secretarial aspects.? I always said that I was too busy to write up the notes so could someone else do this.
3. I’ve experienced men making decisions outside of meetings and then just being presented with the decisions rather than being part of them.?
4. I was asked at an interview what plans had I made (as a Mother) to enable me to come into work when my children were ill or on school holidays.
5. When applying for some roles I wasn’t being shortlisted for some roles which I felt I should have been based on experience/qualifications.? I stopped using my full name on my CV and referred to myself as S Graham.? I felt that this made a difference and I started to be shortlisted for more roles.

Best Experiences

1. I worked with an organisation to look at prejudicial behaviour in meeting management.? I was thanked after the meeting and told by several men that they didn’t realise until this session the impact of their behaviour.? They noticeably changed their behaviour after the meeting.
2. Working remotely means that you are expected to behave more independently eg write your own notes etc.? It also enables you to manage your own workflow for example being able to take a break or go for a walk when you need to.? I have found that when working remotely you are assessed more on your outputs rather than judged on prejudicial factors.
3. Also you can participate more in discussions because there are ways to make yourself heard rather than interrupting someones talk such as chats or raising a hand so your intent to contribute is visible.
4. Working with organisations to challenge unconscious bias/prejudicial behaviour and as a result individuals challenging and discussing their own behaviour types.
5. When I joined Cyberfort I had been subjected to negative expectations regarding my professional progression.? My line manager at Cyberfort was very encouraging and supportive in terms of my professional capabilities actively supporting me with my professional development.? Due to his support and encouragement I have achieved several professional qualifications and certifications.?

• What advice would you give to a woman today considering a cybersecurity role?

This is guidance I would give to anyone irrespective of gender.

Try not to look a narrow field for your first role.? Try to look at roles that will give you an opportunity to try different aspects of Cybersecurity.?? Its really constructive to bring external experiences/knowledge to a single area of Cybersecurity as your career develops.

Don’t be afraid to ask questions or challenge current thinking.? Theres lots of developmental discussions ongoing in relation to Cybersecurity eg social engineering, physical and personnel security, developments of data usage and management etc.? Every individual has got an experience or opinion to bring to the table.

There will be times when business decisions are made that you won’t agree with.? Provided the decision has been fully evaluated and risk assessed, and you have had an opportunity to provide an input you may just have to accept the decision.

• Have you had a mentor who has inspired you?

I had a male mentor at a previous organisation who provided me with confidence and direction in terms of external memberships such as British Computing Society and ISACA.? He encouraged and supported me to do public speaking about data security.

Recently I’ve been working with our Head of People, she’s been supporting me with ideas as to how to present my thinking and share ideas.

• Life motto?

If there’s something you believe in don’t be afraid to hide your passion about it.?

You may not be listened to initially but there will be someone out there who is willing to support you.

?