January 2020: In this month's edition, Jacqui Kernot, Cybersecurity Partner at EY, shares her story.1/28/2020 Throughout 2020, this mini-series will interview leaders from around the globe to discuss areas of cybersecurity. The purpose is to help students and those new to the industry gain perspective and guidance from professionals in the field. These interview insights aim to kick-start or re-energise your career journey in cybersecurity.
In this month’s feature, Jacqui Kernot, Cybersecurity Partner at EY, shares her story about:
These are her insights. What drives your passion for cybersecurity? “Finding your purpose and what you are passionate about is always a journey. Some find this earlier in their career than others. Near the beginning of my career I was enjoying my many cybersecurity roles and had not spent much time thinking about my purpose. I had amazing jobs that involved technology. I was exposed to challenging projects and had beautiful places to explore. Over time I identified my purpose to disrupt the patriarchal system we have in place today to build a better environment for humans to live and work. Cybersecurity is a great place for this because its disruptive nature. We are always disrupting ourselves or being disrupted. We must have the agility and capability to make wholesale changes quite quickly to keep pace with the adversaries. People in cybersecurity are known to have the flexibility and diversity of thought that may not be as common in other business units. We often find structured processes and technology builds across verticals; whereas cybersecurity, by the very nature, is quite unstructured. Cybersecurity will continue to serve as a perfect starting point when we look to disrupt the way we work.” What cybersecurity challenges should we be solving today for a better tomorrow? “People are thinking about future challenges, but there are many ideas and concepts we are still wrapping our heads around. Enable Ease of Use. We have had this perspective that technology is something you use. For example, if an end user needs their computer fixed, they go to IT. We have created technology and built clunky systems with inflexible or non-integrated user experiences. This has promoted a view of cybersecurity as an enforcement mechanism. We must lift our game in cybersecurity to make technology easy and seamless to use. This costs money; however, to design a system with a simple user interface (UI) is not significantly different than one without it. The future of cybersecurity is bright as more products on the market are rolled out with better UI and seamless integrations with our IT environments. Empower the First Line of Defence. Our end users are not our biggest problem. Rather, they are often our first line of defence and can be an organisation's greatest solution. We must shift this paradigm by working alongside our end users and educating them with increased emphasis for how we design and deploy cybersecurity awareness. This will help empower the end user. We will consistently face more issues if we continue to design controls that are too clunky to use and explaining to an end user how they cannot do X or Y. Listen First, Act Second. We cannot be arrogant about how we design secure systems, and we should not serve as the police officers. We must become better listeners and view our end users as part of the extended team rather than part of the problem. In cybersecurity, we have several technology-focused individuals and often miss out on those with people-related skills. These are critical skills for cybersecurity teams to improve their ability to speak the same language as the business. This will enhance our perception as an enabler rather than a blocker. We would see a monumental shift of organisation’s cybersecurity posture if our purpose was to empower our business units and align our cybersecurity objectives with their goals. This will help more than any single technology or project.” What advice would you give to your younger self when searching for cybersecurity opportunities? “Toxic work cultures exist. It is interesting as a female in technology. I speak with many women and we, by nature, tend to internalise problems more frequently. There is gender bias within technology and how each person approaches a problem or issue. I would tell my younger self to:
Who has inspired you during your career? What about each was so motivating? “Over the years I have had many inspirational people in my life - less so formalised mentors and more so people, coaches and leaders who have helped me along my career journey. I have been very fortunate to have great experiences with numerous clients that fostered informal mentoring that have supported me during points of my career. As I reflect, two distinct individuals stand out. Terrie Anderson, Country Manager for Australia and New Zealand at Forescout. When I met Terrie I happened to find myself in a toxic work environment. I vividly remember her saying ‘Jacqui you are awesome and will continue to do amazing things’ and here I was thinking to myself I could not do anything right because of the negative workplace culture I was in at the time. This was incredibly important and motivating to have another person view me for who I was. She would continue to mentor me over the years. Her support empowered me to shift my mindset rather than continuing to blame myself, lose self-confidence or to not take that next step. Marie Cabrera, Vice President at IBM. I had previously been exposed to a toxic culture where I had been used to doing things on my own, which is not a great way to work. I remember her saying to me 'Jacqui you are fantastic - I want you on my team. However, you must understand that you are at IBM now. We do not work as individuals. You are part of this team.' At the time I did not quite understand her message; though, after reflecting I realised I was unable to trust my colleagues in my previous environment. She was instrumental to help me develop this collaborative workplace model.” What recent regulatory changes may impact the resilience of cybersecurity? “The Australian Prudential Regulation Authority's (APRAs) Prudential Standard CPS234 is an excellent piece of legislation centred around cybersecurity that takes a strategic position and provides a high-level approach for resilience. While the framework is creating thought-provoking operational questions, it is driving boardroom accountability and their responsibility for cybersecurity. We cannot control all data breaches; however, if the Board can demonstrate their organisation's cybersecurity implementation practices then we are taking positive steps forward. For the longest period, we often found organisation's making statements like 'what can you do, we were breached!' and this practice is not sufficient anymore. We are moving in the right direction for cybersecurity.” Cybersecurity is intriguing, in-demand by the market and considered as an excellent career starter. Please be on the lookout for next month’s issue of Decoding Cybersecurity: Interview Insights with Leaders as the journey continues.
1 Comment
|
AuthorElliot is a Senior Manager in the EY Cybersecurity practice. Elliot enables organizations to build in risk thinking from the onset, enhancing global innovation with confidence. He leads global teams to reduce response times and minimize the impact of security incidents by building and operating mature security, logging, monitoring, alerting, and incident response practices. He successfully led response to and recovery from complex security incidents, such as data exposures, third party compromises, and vulnerability exposures, by coordinating across large enterprises through effective incident response procedures to minimize business impact. Archives
April 2020
Categories |