I have always had an interest in how applications function and how they are developed, which led to me to obtain my bachelor’s degree in Computer Science. As an Information Technology Auditor, I acquired a better appreciation for the risk my clients faced and aided them to identify security gaps, to create a stronger control environment within the organization. As dependency for technology increased, this opened new risks for my clients. Ensuring I had the tools to support, train and assess my clients’ cyber risks, opened the door for my involvement.

When I joined Deloitte in 2008, I was able to see cyber in action over the years. During 2017, I obtained the Certified Information System Security Professional Designation (CISSP) and in 2020, acquired a Master of Business Administration with a Specialty in Cyber Security. As my educational goals were achieved, I was able to support non-technical clients and community members to understand cyber security and to appreciate the necessity for cyber training at all levels.

In the earlier years, cyber was truly overlooked. It was an area that only information technology professionals were responsible for and it was not appropriately funded. Since then, more attention has been given to cyber especially as businesses have been directly impacted by cyber breaches or have watched similar organizations highlighted publicly for security breaches. Regulations have also been put in place to put more focus on the protection of personally identifiable information and increased the need for more levels of business to get involved in cyber.

The cyber-attacks have already increased in sophistication. If you look at phishing emails today, determining the level of authenticity requires more training and vigilance to identify. The persons who receive these emails are rarely security professionals, but the results could be detrimental to the entire business. Phishing emails are just one of the things that will require tighter vigilance. Quantum computing is a trend that will bring a different level of security needs, as the current cryptography we know today will require a significant boost to protect data. To brace for these potential attacks, businesses will need to increase cyber monitoring to detect security breaches and respond as quickly as possible.

The most challenging aspects of my role is still the lack of attention given to cyber preparation. Reactive approaches are still prominent, and business are left in a panic when a breach does occur. Governance bodies may not always have sufficient expertise to advise on the business’ cyber needs and therefore contribute to the lack of attention cyber receives.

As we’ve seen, cyber is in just about everything. We see it in how businesses support their customers and staff, and in how persons share information with one another around the world. Consider how the entire world has shifted to utilize more virtual workspaces in 2020. The need to protect information requires more resources to support cyber security at all levels. More women should consider a role in cyber to aid in filling the skills gap, and to increase the ratio of women holding key cyber roles. In addition, as businesses evolve to incorporate cyber into more of their operations, women must ensure that they are capable to evolve into these new roles as they are created.