Cyber Security is an ever-evolving industry, as technology changes so quickly and international hackers get ever more devious! The future is exciting and full of opportunities as Cyber Security is likely to become embedded in every industry. We asked 16 women working in Cyber Security what they think the future holds, and you may be surprised by their responses. Scroll down to look into their crystal balls and find out where the industry may head.
Emma Lovell, Senior Manager – Cyber Security Governance at Woolworths Group: Cyber security is now becoming front of mind for businesses as we’re shifting into a more digital world. The recent COVID-19 situation has seen industry move entire businesses to operate remotely, in some cases overnight. This fast pace of change and disruption is an accelerator for innovation. That is the new normal. So what does this mean for Cyber Security? Innovation lives in the light and the shadows – industry and organisations need to evolve their cyber security capabilities as fast as ‘the bad guys’ are seeking new ways to defeat them. As the threat surface continues to expand, we need to improve technology, processes and how we prepare our people. Work can be anywhere and anytime – and certainly has been for me over the past couple of months. We need to evolve our thinking about security to move beyond the office, the corporate network and corporate devices – a distributed, low trust technology landscape is a fixture of our cyber security future. Just like industry embraces design for manufacturing, we need to promote ‘secure by design’ principles. A cyber security team that eats last in the technology value chain can’t possibly influence the recipe – and that is what is needed most now. I expect we will keep raising awareness about security as an innate quality of solution and process design. This doesn’t mean that cyber security is more important than understanding user requirements and innovating at speed – it just means that security is part of everyone’s job.
Stacey, Cyberspace Warfare Officer at Australian Defence Force Australian Defence Force cyber teams work diligently to protect Defence networks and intelligence from digital threats Technological advancements will widen the realm of cyber security, providing more avenues of attack and defence. Cloud based data storage will continue to grow and data analysis will become the focus of many defensive systems. This will provide even more interesting and complex career opportunities.
Corporal “K”, Electronic Warfare Operator, 138 Signal Squadron, Australian Army (Reserve) and Lieutenant “N”, Cyberspace Specialist Support Team Member, 138 Signal Squadron, Australian Army (Reserve) Due to the nature of their roles, their names are protected. Australian Defence Force cyber teams work diligently to protect Defence networks and intelligence from digital threats: This is a very hard question to answer because the cyber security field is so new and things have changed so quickly. 10 years ago, cyber security barely existed as its own field. However, world events in the last few years have catapulted cyber security into public awareness. Over the next 10 years, public attention towards cyber security issues will only continue to increase. Younger generations are growing up in a world were having a passcode for your phone is as normal as having a lock on your front door. Some of the ‘mystic’ around cyber security will fall away. However, it will remain an important field and one that is integrated into every other industry. Whether its utilities, transport, government, healthcare or private businesses – as long as an organisation uses computers and cyber-criminals persist, there will be a need cyber security professionals.
Helen Rabe, Global Director of IT Security, Abcam UK: I do believe that we will see a maturity in the management of cloud-based security as more companies transition to native cloud-based infrastructures to meet the continuing need for the ever-evolving agile approach. This strategy changes the threat landscape and how security will deal with these risks and is forcing us to adjust the way we structure our security teams and develop their skill sets. In line with this, the rapid adoption of machine learning by businesses is going to push for SOAR (Security Orchestration, Automation & Response) to become more advanced and for security teams to adopt far more automation in their processes and support services.
Martha McKeen, Executive Manager Cyber Outreach at Commonwealth Bank: I’m expecting that as cyber matures as a sector and discipline we will see more of a focus on adopting proven business and delivery practices that help deliver security at scale. You’ll see cyber security leave the ivory tower and begin to work more closely with other parts of an organisation. I think we will see an increased focus on instilling security mindsets and driving cyber accountability across all teams within an organisation. Only when everyone views security as part of their day-to-day will we truly shift the dial on making our organisations more secure and resilient. Hopefully with these changes we will see more women viewing themselves in security roles, or perhaps becoming security champions, in their own right regardless of what their role is or what team they sit within.
Gyle dela Cruz, Cyber Threat Analyst at Cyber Research NZ: There will be more diversity in the cyber security field in the next 10 years. As we become more interconnected, more attacks will come from different parts of the world. Diversity in terms of language, cultural background and ways of thinking will help in defending our infrastructure. A keen understanding of human behavior will also be required in order to create human-centric secure systems.
Akshaya Kalyan, leading the IAM Managed Services team in Cyber Intelligence Centre at Deloitte: With more and more cloud-based SaaS platforms coming into the picture as underlying technologies, Cyber Security will move to the next level and become a niche skill in the market. There is no business which is not touched upon by Cyber Security making it more in demand. For example, logins for internet banking with biometrics will have a behavioural detection on top of it. Artificial intelligence will take over the market for proactive threat detection. Cyber Security will become a service-based suite needed by every business as a mandate.
Nicola Hermansson, Partner – Consulting at EY: There will be more females in cyber and more females in CISO roles. The role of the CISO will require a balance of understanding technology, business leadership and boardroom influence. There will be an increased focus on the human aspects of cybersecurity – transforming people, not just technology. There will be more focus on making security simple, accessible, reasonable – an enabler rather than a blocker, built in rather than bolted on. There will be more focus on response rather than protect – the attackers will get in, so let’s be prepared when they do. Senior leaders/ board members will be more aware of the risks and asking more of the CISO/security team.
Tanya Mears, Director – Cyber Security at EY: Like many business areas, automation and analytics are key trends within the cyber security space. Organisations are looking for tools and techniques to sift through large volumes of data and automate largely manually tasks, in order to improve accuracy and efficiency of their processes. We also expect to see greater integration of security services, as well as a focus on enhancing end user experience to make the processes not only more effective, but also seamless for the end user.
Shiva Mierczak, Security Engineer at J.P. Morgan, Australia and New Zealand: The future is the cloud, and the battlefield between attackers and security teams is changing rapidly. Cyber security is a must for any organisation and the cost of companies ignoring this is high. The field continues to evolve and it is critical to stay one step ahead. We need systems that are distributed, immutable and ephemeral, something that the cloud provides.
The increase in cyber-attacks in the wake of the COVID-19 pandemic has created new vulnerabilities for criminals to attack. The sudden onset of work-from home following COVID-19 pandemic, and the widespread lifestyle and workplace disruption that will result in permanent change, makes organisations a target. Many employees have had their attention drained and productivity challenged by the escalating health crisis, and for many, the unexpected impact of home schooling. Cyber criminals exploit people’s natural tendency to take shortcuts in such an environment.
Sarah Young, Azure Security Architect at Microsoft: We’re going to need more cyber security people for a start! It’s already begun but I expect to see more automation and machine learning put into repeatable security processes so that security professionals can concentrate on the more interesting things that require a real person to look at it and investigate (certainly not automating people out of a job, just saving people from boring, repetitive things!). I also expect to see an increase in maturity for DevSecOps and (hopefully) some agreed upon best practices about how organisations can implement security processes into dev ops.
Bronwyn Mercer, Cybersecurity Consultant at Microsoft: From a cybersecurity perspective, I expect that the maturity and pervasiveness of technology will provide more opportunities for attackers and challenges for defenders to protect communities and organisations against cyberattacks. Offensive cyber capability is officially recognised as a domain of warfare and is often exercised by nation states in advanced attacks. Therefore, I expect there will be a lot of focus on cybersecurity from a geopolitical perspective and an emphasis on growing Australia’s cybersecurity workforce to deal with advanced attacks against the public sector, private sector and critical infrastructure.
Adeline Martin, Cyber Security Operation Analyst at Origin Energy: Cyber security has gone from sitting to one side in technology to being a central business issue and function and the cyber security profession will increase in visibility and importance. Data is increasingly important and cyber security as an industry will continue to evolve as threats becoming more and more sophisticated. Even in just five months of large-scale remote work our profession has come to the fore to facilitate new ways of working and it’s really exciting to be a part of it.
Jane Hogan, Manager Information Security at QSuper: For years we cybersecurity professionals have been saying “security is not just a technology issue, it’s a business issue”. I expect that over the next 10 years, this principle will become embedded in the way we think about and do business, regardless of the size or type of organisation. The cyberthreats that keep us employed continue to grow in sophistication and volume, and while that can be quite an overwhelming thought, it also makes the future exciting – you can never stand still in security – it is an ever-evolving domain. To effectively deal with these increasingly sophisticated threats, it is critical that we are diverse in our ways of working and our solutions. This can only come from a security profession that has a diverse set of skills and backgrounds.
Emma Leith, Chief Information Security Officer at Santander UK: Cyber security needs to truly be at the heart of all technology designs, engineering and operations, with everyone in the organisation taking accountability for security of their business processes. This is the change we need to see. The industry will continue to grow into a respected profession just like other professions such as Law, Civil Engineering and Accounting. In terms of trends in the next 10 years, I foresee the disruption caused by cyber security attacks continuing to rise and hence the importance of cyber continuing to grow. It is becoming extremely lucrative for criminals. Cyber security is already a concern for global and small to medium sized organisations, for governments, for societies and for individuals. I expect this trend will continue to pick up pace leading to a fast moving and immensely exciting career path.
Jasmin Brain, Cyber Assurance Lead at Woodside Energy: As the global digital footprint increases businesses will be forced to look at simplification of technology for cost cutting measures, but also make them more secure and robust. As more of our vital infrastructure comes online, we need to strike the balance between availability and security. The increase in digital attacks, data breaches involving customer and personal information and ever-changing ransomware threats, means the cyber landscape is increasingly multifaceted. I think the role of AI on both the attack and defence sides will play a pivotal role in coming years. Rising global and economic tensions will only fuel attackers (state sponsored or not), whose ability to create new threats will take equally advanced solutions to detect them. The rise of mobile and IoT devices as security risks will also continue to be a major trend in cyber – especially with critical infrastructure and process control domains.
Catherine Burke, Lead Compliance & Security Analyst at TfGM (Transport for Greater Manchester) UK: The next 10 years are going to be interesting in Cyber Security, this is because cyber threats are always constantly changing in both scale and sophistication, as technologies continue to evolve.
The views expressed in this article are the views of the author, not Ernst & Young. This article provides general information, does not constitute advice and should not be relied on as such. Professional advice should be sought prior to any action being taken in reliance on any of the information. Liability limited by a scheme approved under Professional Standards Legislation.