Cybersecurity is one of the fastest growing industries in tech, yet just a quarter of its employees are women[1] Cheryl Martin, Head of Cybersecurity at Capgemini UK reveals what it takes to forge a successful career in this exciting and ever-changing field — and why more women need to take up the challenge.
You’ve been working in cybersecurity for more than two decades. How did you get into this sector, and what do you love about it?
I came into the field by chance. I started my career back in telecommunications and built and developed secure networks for organisations. I became intrigued by how to keep ‘the bad guys’ out. In fact, when I was a child, I wanted to be a police officer, and I can now see how those things I cared passionately about back then — wanting to make the world a better, safer place — has led me to my role today.
My passion for working in cybersecurity also stems from how rapidly technology changes. New developments like the Internet Of Things and wearable technology means that our data is all over the web, and it’s essential we ensure it’s secure. I love the challenge that brings with it. No two days are ever the same; you have to keep an open mind, look at things in a different way, and come up with ‘rebel ideas’ on a daily basis.
What do you think holds women back from working in this area?
Many women looking in from the outside believe you need to have a technical capability to work in cybersecurity. There are some areas where you do need to understand technical angles — if you’re going to be a security architect, for instance. However, there are a number of areas where you need common sense primarily, and can pick up the security enablers along the way. After all, large-scale cybersecurity events such as data breaches, where users’ private information is stolen, usually occur as a result of human intervention. Someone has clicked on something or disclosed something or done something in the wrong way. That’s why a diverse team of people with different approaches is so important — technology can only do so much.
Does that mean you don’t need certification to move into cybersecurity?
Currently the answer is no, but to stand out amongst all those people starting to apply to work in this field, it is good to have a basic framework. The CISM (ISACA Certified Information Security Manager) is an ideal first-stage certification, while CISSP (Certified Information Systems Security Professional) gives you a good grounding across all the cyber environments. If you’re curious, the CISSP For Dummies book is brilliant, it breaks everything down into easy to understand phrases and terminologies, enabling even the most junior person to understand what cybersecurity is all about. Also, many organisations, such as Capgemini, have a number of training courses that can get you certified.
So once a woman has made her way into the field of cybersecurity, what key attributes does she need to move her career forward?
Always be inquisitive — cybercriminals are constantly looking at new ways to get in, so you need to keep thinking: ‘How am I looking at this? If I was a rebel, how would I do things differently?’ Keep your eyes open to how things are changing in our everyday life and what that means in terms of the security impact on the clients you’re working with and the organisations you’re interacting with. Lastly, never be apologetic — we always seem to start sentences with, ‘I’m sorry’, but we should be confident in our capabilities and our value within the team.
You’re passionate about the importance of diverse teams in cybersecurity; is there a particular skillset you think women bring to the table?
Anyone who has been in an environment where a cybersecurity threat has been realised will know that certain personality traits — whether in a male or female — are exacerbated at the time of a crisis. There will be some people running around like headless chickens, while others are very calmly saying, ‘What do we need to do with this?’ Different people will also have different ways of relating to the various stakeholders within that crisis, so having a diverse balance is essential.
Women in the male-dominated tech space often report struggling with Imposter Syndrome. Is that something you relate to?
Absolutely and my advice for others when they’re feeling that way is: don’t be frightened when you can’t see exactly what your worth is at any given moment. Look at the reason you’ve made it to your current role and question what it is that you can bring to the table. Perhaps it’s to ask certain questions and to agitate the thinking of other people? Also, always keep learning and stay self-informed so if that Imposter Syndrome pops up, you’ll have the arsenal in your kit bag to stand tall with everyone else.
What has been the biggest obstacle in your career, and how did you overcome it?
My biggest obstacle actually turned out to be one of the biggest opportunities. I had a very large transformation programme for a UK insurer who was looking to transform both its data centre, the cyber environment and all its applications. The organisation I worked for at the time initially said, ‘No we can’t do this’. For me that was the wrong answer because I knew we’d done these things before. So, we worked with the UK insurer and gave them a proposition, but they went to a competitor. Normally at that stage we would have gone, ‘Ok we’ve lost it’, but I kept the organisation aligned with the stakeholders and the client, and I worked with them to understand what their business issues were. The moment the competitor was unable to fully support their business issues, we came in and took a multi-million pound deal with a transformation programme that lasted five years. So sometimes you might get a setback, but keep that determination and stakeholder alignment.
What makes Capgemini such a great place to work in this field?
I was attracted to Capgemini because of its seven core values, which have been the same since the organisation was founded in the ’60s — Honesty, Boldness, Trust, Freedom, Fun, Modesty, and Team Spirit. These core values underpin everything we do, which is fundamental; this is an organisation that both talks the talk and walks the walk. Asking questions is not seen as a weakness, but as an opportunity to really find the way forward, and even at my level there’s investment in me as a leader and people I can go and talk to. Despite being part of a 350,000 strong organisation, it feels like I’m part of a community that cares for me as an individual. And in turn, I care for my team.
[1] www.isc2.org/research/women-in-cybersecurity (Approx. 24% of cybersecurity workforce are women)
