No results found
We are the women in cyber. The few protecting the many. The underrepresented, who over influence. The half of the world, who see the problems differently, who solve them uniquely. We are the women in cyber safeguarding society. Protecting us all. We need more like us. We need more like you.
Across the Cyber practices of Deloitte member firms, we have talented professionals dedicated to the support and advocacy of women in this vibrant industry. From professional development to training, recruitment, and building community with all, Women in Cyber is a diverse community built to encourage, share knowledge, celebrate accomplishments and solve challenges. ”
There's strength and power in knowing you are a part of a community with similar objectives and goals, and a strength and power in a shared identity as cyber professionals, especially when what brings you to cyber are your own interests, lived experiences and voice. This diversity creates a better society.
To continue bringing greater visibility to women in the cyber industry, we are excited to collaborate with The Female Quotient on “25 Women in Cyber”. In this exciting series, get to know these exceptional and inspirational leaders who have made a great impact in the cyber industry as they share their unique journeys.
So, explore our page, ask questions, make connections, and jump right in!
Global Cyber Leader
We need more like us. We need more like you. Join us.
To watch this video and similar content, update your cookie settings to accept, targeting/advertising cookies.
Michelle started her career armed with an electrical engineering degree. Her previous experience in industrial control systems made her realise the need to develop skills to address the cyber threat to critical infrastructure and the industrial environments. She entered the professional world with an adventurous mind looking for new challenges.
"The Ukraine power utility attack in 2015 sparked much concern in the industrial control system/ engineering space. While working as a heavy current electrical engineer, I realised that there was a gap in securing industrial control systems. We did not have enough skilled engineers who understood Cyber security. This meant that we would need to start developing skills to address the cyber threat to critical infrastructure and the industrial environments. I quickly realised that we need cross functional skills to address the emerging threat. There was a gap and I noticed that there were very few females developing in the space, so I decided to develop myself so that I may help address this need. My journey has been challenging as there are very few engineering professionals that have shaped a career in this space which meant I had little guidance. This shortage of mentors, has contributed to my passion for developing talent in Industrial Control Systems Cybersecurity."
"Engineering taught me how to learn and apply critical thinking to solve complex issues. So, in essence it prepared me to deal with a changing landscape. I learnt from practicing in the field that working in cyber security meant that I would need to continuously upgrade my skills. I became aware that cybersecurity cuts across many fields and that being open to learning from different angles and perspectives was something that I would need to do on an ongoing basis."
Within her experiences in cyber security, she witnessed cybersecurity change from being an IT risk to manage to an organisation-wide risk to manage. In her words:
"The main developments that come to mind is the change from cybersecurity being an IT risk to manage to organisation-wide risk to manage. For many centuries, technology has been for the large corporates, as time progresses, we see more individual use and exposure. Specifically in industrial control systems we have seen a major convergence in technology design and implementation. Cloud security and application security; which traditionally was in an area that information technology professionals were concerned about; are now areas that engineering professionals need to be familiar with. We are using these technology deployments to advance safety critical systems"
Michelle believes that developing talent that remains relevant is a continuous challenge in the cyber security space. The changing risk landscape means the following; we need to constantly upgrade our skills to remain relevant, and lastly, we need to create a more accepting environment, one where learning is encouraged, and different skillsets and attributes welcomed. Women need to be given the space to navigate the changing landscape.
"I love being outdoors in nature. There is a beauty that exists there, something we may never experience from behind a computer. Pictures, videos and VR just aren't as impactful as experiencing it in person for me."
About me work
Michelle believes that secure digital business is a way of life going into the future. She uses her engineering and leadership knowledge and experience coupled with her passion for understanding people’s digital behaviours to secure business. Her work experience includes power utilities; which includes nuclear power; cyber security strategy, including operating model design, culture transformation and cyber-risk management.
lead the development of cyber emerging technology services and solutions to help secure business and city strategy as we digitise and leverage Industry 4.0.
Michelle is a professional electrical engineer (Pr.Eng) and Certified Information Security Manager (CISM) endorsed by the international cybersecurity professional body, ISACA. Passionate about risk management, she has achieved a postgraduate diploma at the University of South Africa in applied risk management. Michelle leads multidisciplinary teams to deliver on Industrial and Emerging Technology cyber risk strategy. She is presently serving as a director on the Circle of Global Businesswomen (CGBW) board, where she contributes in a professional technical and leadership capacity.
What impact have you made in your industry/community/cyber
"I chair the South African Institute of Electrical Engineers (SAIEE) Cybersecurity chapter. The chapter objective is to advance the technology and leadership in the Electrical, Electronic Engineering fraternity. We do this by sharing cybersecurity knowledge that assists with solving complex problems such as developing safe and secure Industrial 4.0 systems, smart grids and cities, control systems and process automation. Where possible I speak on panels and coach and mentor upcoming engineers in the field of cybersecurity."
What does a typical day of work look like for you?
As a security analyst, I have a busy and challenging schedule every day. I spend most of my time attending meetings with various stakeholders to discuss the current security status and potential risks. I also analyse security incidents using various tools and techniques to identify the root causes and the impact. Based on my analysis, I prepare and deliver reports and recommendations on how to prevent or mitigate future incidents.
Tell us about the cyber project you're most proud of working on in your career.
I am passionate about every project I take on, and I always give my best to deliver high-quality results. My current project is especially challenging and rewarding, as I can see how fast it is growing and evolving. I am proud of the changes that I have contributed to, and I am eager to tackle the remaining tasks that lie ahead.
What’s one piece of advice you’d give your younger self about getting started in cyber?
Don’t be afraid to ask questions, no matter how stupid it seems, or people think you should know it, just ask. Don’t put yourself in a box because you don’t want to look stupid, keep asking and keep learning.
Tell us about a role model or mentor who has helped shape your career.
I owe a lot to my mother for the person I have become and the career I have chosen. She taught me to appreciate what I have and to never give up on my goals. She showed me that there is always a solution to any problem, even if it is not obvious now. She inspired me to be resilient, optimistic, and resourceful.
How do you stay grounded and take care of yourself?
My upbringing and origins have always been a source of inspiration and motivation for me. They remind me of the values and principles that guide my actions and decisions. They also help me to maintain a sense of humility and gratitude for the opportunities and challenges that I encounter. By keeping in touch with where I came from and how I was raised, I can stay focused and balanced in my personal and professional life.
What does a typical day of work look like for you?
One of the key insights I have gained from working on projects is that they are dynamic and adaptable, rather than static and rigid. As I communicate with clients and understand their needs and expectations, I must adjust the scope, timeline, and deliverables accordingly. This means that I cannot plan my day in advance, but rather be flexible and responsive to the changing demands of the project.
Tell us about the cyber project you're most proud of working on in your career.
The McLarens Rubix Project, it is a huge undertaking that involves collaboration with more than 90 countries. It is a great opportunity to broaden your perspective and learn from different aspects of the project, not just your own module. You get to hear from diverse voices and understand how they cope with their challenges. You also gain a lot of knowledge about the S4 Hana system beyond your specific role. I am looking forward to the go-live moment, when I can reflect on the amazing achievement of rolling out so many countries successfully.
What’s one piece of advice you’d give your younger self about getting started in cyber?
When the unknown arises, adjust your mind sooner than later (don’t delay to adjust)
Tell us about a role model or mentor who has helped shape your career.
I do not have a single role model or mentor in my life. Instead, I try to learn something new from every person I encounter, whether they are colleagues, friends, or strangers. I believe that everyone has something valuable to teach me, and I am open to different perspectives and experiences. I also do not give up easily on my goals and dreams. I know that some challenges may seem impossible at first, but that does not mean they are. With hard work, perseverance, and creativity, I can overcome any obstacle and achieve anything I set my mind to.
How do you stay grounded and take care of yourself?
I love my church and my family. They keep me going. When I meet with the ladies from church, we pray and share what God has done for us. It's so uplifting. Sometimes we have special events on Friday nights, where we listen to inspiring speakers and have fun. Other times we go for walks or hikes on Saturdays, and it helps me relax. I also enjoy spending time with my family, going on outings and road trips. We talk about everything, and it makes me feel better. They are my support system.
What does a typical day of work look like for you?
As part of my new role, I have been undergoing a comprehensive onboarding training program that covers various aspects of the company's policies, procedures and culture. This training is essential for me to perform my duties effectively and efficiently. On a normal day I start with prioritizing my work and start with the most urgent project and engage with stakeholders on various projects.
Tell us about the cyber project you're most proud of working on in your career.
As an IT project coordinator, I had the responsibility of installing firewall servers across all provinces within a tight deadline of three months. I learned how to manage my time and plan effectively to ensure the project's success. I was proud of this achievement, as it was my first time in this role and I met the expectations and delivered the project on time.
What’s one piece of advice you’d give your younger self about getting started in cyber?
Keep learning, don’t chase after money.
Tell us about a role model or mentor who has helped shape your career.
I owe a lot of my interest and knowledge in information security to Eyal Tivet. He was a pioneer in this field and he mentored me when I was just starting out. He always encouraged me to learn new skills and stay updated on the latest developments.
How do you stay grounded and take care of yourself?
One of the things that keeps me balanced is my daughter, who always reminds me of what matters most in life. Another source of relaxation for me is reading Chinese/Japanese fantasy novels, where the characters strive to achieve immortality through cultivation. I find this concept fascinating and inspiring. When I finish a busy day at work and spend some quality time with my little one, I enjoy opening one of these books and escaping into a different world.
What does a typical day of work look like for you?
My typical day involves various tasks and responsibilities, depending on the current workload and priorities. I start by reviewing my emails and responding to any urgent requests or inquiries. Then I focus on the project work that I have been assigned, collaborating with other team members and stakeholders as needed. I also attend meetings to discuss progress, issues, and solutions. I try to help my colleagues with any challenges they might face or learn from their expertise and experience. When there is no work available, I use the time to update my skills and knowledge through training courses or self-study. I always make sure to have a lunch break and stay hydrated. I end the day by touching base with a colleague and checking for any outstanding emails that require my attention before logging off.
Tell us about the cyber project you're most proud of working on in your career.
I can’t single one out, every project is unique and provides it own challenges and accomplishments. However, if there is a project that has challenged me professionally and personally is the Enel Project (Maturity Assessment).
I didn’t like it, but looking back at it, it was the project that taught me the most:
It was a valuable learning experience for me, both professionally and personally. Professionally, I demonstrated my versatility and leadership skills by taking on two different roles, one of which was new to me: project management. I learned how to support and motivate my team, as well as how to cope with uncertainty and challenges. Personally, I gained more confidence and self-compassion by speaking up for myself and acknowledging my limitations. I also realized what kind of work environment and expectations I prefer.
What’s one piece of advice you’d give your younger self about getting started in cyber?
You don’t have to know it all. Most importantly stand up for yourself every now and then and be ok with saying ‘No’. Not everyone has to like you.
Tell us about a role model or mentor who has helped shape your career.
Nombulelo Kambule, she is a remarkable leader and mentor. I first met her in 2018, when she was a senior manager in our team. She impressed me with her expertise, vision, and empathy. Even after I moved to a different department, she kept in touch with me and offered me valuable advice and support in challenging situations. I was delighted to rejoin her team recently and see that she is still the same inspiring and caring person, a natural born leader and professional. I hope to be able to one day embody those qualities that she has as a leader.
How do you stay grounded and take care of yourself?
My family and friends are an important source of support and motivation for me. I value the time I spend with them and the insights they offer me. I also prioritise my well-being by practicing yoga and engaging in physical activity as needed.
What does a typical day of work look like for you?
One of the ways I manage my time effectively is by prioritising the top three most important tasks for the day. I write them down in the morning and make sure I complete them by the end of the day. In between, I also attend meetings and work on project activities, but I always keep in mind my main goals and avoid distractions. This helps me stay focused and productive throughout the day.
Tell us about the cyber project you're most proud of working on in your career.
Deloitte Moja Project was a milestone in the field of S4 Hana public cloud solutions. Our project team members had the opportunity to deliver a cutting-edge solution that few SAP clients have implemented so far. We leveraged our expertise and innovation to meet the client's expectations and deliver a high-quality product.
What’s one piece of advice you’d give your younger self about getting started in cyber?
Be ready for a fast-growing career, there’s lots of opportunities that need you to step in, be involved and learn as much as possible.
Tell us about a role model or mentor who has helped shape your career.
I am grateful for the mentorship of Khumo Mogamisi, who has since moved on from Deloitte. She helped me develop more confidence in myself and showed me how to leverage my potential and opportunities within Deloitte Cyber. She was instrumental in shaping my career path and I appreciate her guidance and support.
How do you stay grounded and take care of yourself?
My career goals keep me grounded and motivated. I always seek help when I face challenges or need guidance from my manager. I believe that asking for help is a sign of strength and professionalism.
What does a typical day of work look like for you?
My daily routine is simple and consistent. I start my day with a healthy breakfast to fuel my energy for work. I spend most of the day at the office, where I focus on my tasks and projects. When I get home, I relax by watching some Netflix shows or reading a book. I try to go to bed early to get enough sleep for the next day.
Tell us about the cyber project you're most proud of working on in your career.
I participated in a GAP assessment of the SEC Cybersecurity Proposed Rule Amendments, which was a novel and challenging project. I conducted extensive research and applied my own skills and knowledge, with the guidance and support of my team. I was very satisfied with the outcome of the project, as the client expressed their appreciation and recognition of my work throughout the process.
What’s one piece of advice you’d give your younger self about getting started in cyber?
Grab every opportunity, even if you think you know nothing and it’s going to be super hard, just know that you can TRY absolutely anything and whether you fail or succeed, YOU WILL LEARN.
Tell us about a role model or mentor who has helped shape your career.
Indra Nooyi is an inspiring example of a successful businesswoman, mother, and wife. She has been candid and truthful about the trade-offs women often face to excel in their careers, which demonstrates that we don't have to do it all, we must just do our very best.
How do you stay grounded and take care of yourself?
One of my core values is to prioritise the activities and people that bring me joy and fulfillment. I believe that life is too short to waste on things that do not align with my purpose and passion. Therefore, I always make time for things that I love, this helps me stay motivated, productive, and happy in my personal and professional life.
What does a typical day of work look like for you?
As a cyber security consultant, I have a busy and varied schedule every day. Here is what a typical day of work looks like for me:
I wake up early and get ready for the day, making sure I have everything I need for my virtual meetings, attend several online meetings with different internal teams and clients. I perform risk assessments and cyber security audits for various clients, I assist the engagement leaders of my projects with any project management related tasks. I read and respond to emails throughout the day, keeping track of any updates, requests, or queries from my colleagues, clients, or managers
Another thing that takes up time in my day is research, I research the latest trends, developments, and best practices in cyber security, as well as any relevant regulations or standards that apply to my clients' industries. My day then ends with me writing report for delivery, where I summarise and present the results and outcomes of my projects
Tell us about the cyber project you're most proud of working on in your career.
One of the most rewarding cyber projects I have been involved in is finding and addressing vulnerabilities and threats for clients that I have evaluated and advised on how to improve their security posture and reduce the risks and gaps in their systems.
What’s one piece of advice you’d give your younger self about getting started in cyber?
“Don’t let the lack of knowledge in a subject or lack of confidence in myself hold me back. Keep pushing”
Tell us about a role model or mentor who has helped shape your career.
I owe a lot to my parents. They have always been there for me, encouraging me to pursue my ambitions. They instilled in me the value of hard work and excellence. They showed me how to dream big and achieve my goals.
How do you stay grounded and take care of yourself?
To balance my life and well-being, I practice my culinary talents and enjoy cooking and baking. I also cherish the moments I share with my loved ones, relaxing with movies, walks, books and dancing to my favorite music after a hectic week.
"I have always had a keen interest in technology and application development. I got to know about ethical hacking when I started working and became interested in understanding it at a deeper level to enable me to design applications that can withstand attacks from hackers. I started by undergoing training and obtaining the CEH certificate. Since then I have never looked back. I see cybersecurity professionals as the Good guys defending organisations and the populace from the bad guys (hackers) a lot like the superheroes in the movies."
Funmilola studied Systems Engineering in college which exposed her to several areas of technology including Machine Learning, Artificial Intelligence and Robotics. The course gave her the necessary exposure to excel in her chosen profession. As a Systems Engineer, she was trained to solve problems, which is very similar to her daily experience where she needs to advise clients that would help them solve their cybersecurity issues.
Over the past few years, Funmilola recognised a marked improvement in awareness and understanding of the fundamentals of cybersecurity and cyberthreats by business leaders. She adds that a few years ago, cybersecurity was viewed as "nice to have" in the business world. However, with several high-profile cyberattacks making mainstream news daily and the myriad of regulatory frameworks being enforced across the globe, more and more people are beginning to appreciate the importance of cybersecurity. She also noticed a significant increase in the frequency, intensity and sophistication of cybersecurity attacks. On the other hand, there has been a tremendous rise in the sophistication of tools and detection mechanisms to combat cyberattacks. In all, she notes that the field of cybersecurity is getting more interesting.
Over the next couple of years, there are three major trends Funmilola can foresee springing up in the field of cybersecurity:
An increased move towards zero-trust architecture: With businesses and individuals now accepting remote working as the primary mode of working, security personnel will grapple with how best to secure the plethora of devices connecting to their organisation's network from different geographies. There will be an increased level of adoption of zero-trust architecture across the business landscape.
Rule-based cybersecurity solutions would gradually go extinct as we witness the continued adoption of machine learning and AI in the cybersecurity domain.
Cybersecurity would be a significant imperative for business survival and any organisation that does not take cybersecurity seriously may have to pay dearly for it.
The most challenging aspect of Funmilola’s role is having to be one or two steps ahead of the cyber-attack curve, which is even more complicated, given the rapidly evolving technology landscape. As a Deloitte cybersecurity professional, she places pressure on herself to be able to provide a meaningful point of view on any burning and topical cybersecurity issue, but she adds that keeping up to date can be very challenging, as what you read yesterday may already be stale today.
She notes the 3 main skills needed in security as having problem solving and research skills and being inquisitive, tenacious and curious.
The best pieces of advice Funmilola had received as a female security professional are:
Always seek to add value (knowledge and skill) to yourself and do not stop learning.
You don't have to give up anything for your career, you can have a successful career and a wholesome life.
Do not be overly critical of your achievements, blow your own trumpet and give yourself a pat on the back.
With regard to attracting more women in cyber Funmilola had the following response:
"We need to catch them young, children in elementary schools should be introduced to cybersecurity and they should aspire to be security professionals just like they aspire to be doctors, lawyers and engineers. A good mentorship program would also help to encourage more ladies. I am excited about this platform and the opportunity."
Funmilola acknowledges that managing time effectively is an ongoing process. She creates prioritised to-do lists and starts working from the most urgent and important. She ensures that she schedules personal and family engagements on her calendar to avoid conflicts.
About her work
Funmilola Odumuboni is a seasoned professional with deep experience performing Cyber Security and IT risk related services for several organisations in several industries including Financial Services, Energy, Manufacturing, Telecommunication and Technology. She has vast experience undertaking security assessments for information technology components, supporting organisations in deploying initiatives to secure their crown jewel technology assets, presenting recommendations to management, developing security policies and procedures, and implementing strategies to help organisations detect and respond effectively to cyber incidents.
Funmilola has delivered papers and presentations at many conferences and events within and outside Nigeria on Cyber Security, Technology and Risk. She is a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Computer Hacking Forensic Investigator (CHFI), COBIT 5 Lead Implementer, ISO27001:2013 Lead Auditor, Certified Data Privacy Solution Engineer (CDPSE), Certified Member of the Business Continuity Institute (CBCI), Prince2 Practitioner and holds a degree in Systems Engineering.
Funmilola Odumuboni is currently the President of the Lagos chapter of ISACA, a non-profit, global membership established in over 80 countries for professionals in Information Systems Audit, Cyber Security and IT Risk Management.
Melanie started her career as a business analyst for Scottish Water in the UK, 9 months later, she moved to Deloitte Namibia as an IT auditor. In Deloitte, she slowly moved up the ranks after obtaining her CISA and CIA certification. She then moved to De Beers as a senior internal auditor. She was there for about three years. She came back to Deloitte to head up Risk Advisory.
Besides the good working culture at Deloitte, there are a few aspects that attracted Melanie to once again return to the company. She found that working at Deloitte presented one with a lot of challenges. Elaborating further that,
“ I'm a person that loves challenges. So it was really about the challenge in trying to help organisations to improve their environments and find solutions for them. So it was, at the end of the day, about being able to make an impact not only on our clients but also on society and on people's careers.”
Melanie believes that the most effective advice she got was: ”You can do everything you set your mind to. The sky is the limit”. She is passing the same message to upcoming young professionals. This is how she puts it:
“ So exactly the advice that I got, the sky's your limits. Don't ever underestimate what you're capable of. You can do whatever you set your mind to. Your mind is what limits you, so if you set a goal and you work towards your goal, you will achieve it. Yeah. I don't know if you've ever heard of the law of attraction. Yeah. What you seek to attain, you will eventually achieve, and even subconsciously, by what you do, how you motivate yourself. Don't underestimate being a woman, it doesn't matter. It doesn't matter what you are or what you look like. But you just set your mind to it. You must be deliberate, deliberate in your actions. The mindset is the most important thing. Your mindset is the most important and don't let people cloud your mind or be negative to you.”
A diverse and inclusive workforce is a key feature of any successful organisation. In industries encountering stereotyping like Cyber Security and many other technical fields – attracting diverse candidates can be challenging. According to Melanie, to attract more women in cyber, we need to remove the stigma and really portray cyber and what it is, it's not about the technical stuff. The most important aspect is to improve the image and profile of the cyber security industry to open up to new talent who would never ordinarily have thought about a career in cyber security. Or who did not know it existed as a career. We need to unpack cyber and explain what it is in more detail. This needs to start at the schools explaining what's cyber, which will in turn get more women studying the right qualifications. Sometimes the best people for a role aren’t just the ones who’ve done it before. It might be someone who brings a fresh perspective and strong set of transferable skills.
A significant challenge that prevents women from career advancement is the lack of childcare support from their employers. This is how she puts it:
“ I think the challenge comes when women have children, they feel that they're not being supported enough, and I think maybe we can support women or children. I also think the women should reach out and say we need support. It's all about just being out there and voicing it if you have any concerns.”
Time management is a big concern for mothers these days. Between kids’ activities, household responsibilities and, for many, the demands of a stressful workplace. Achieving a balance between work and family is important to your success and overall quality of life.
According to Melanie,
“It's all about discipline at the end of the day. You need to set a time for each, and you need to comply with those to make sure that your work doesn't go into your family time, and you know that you have dedicated time for work at the same time as well. So, I think it's very important that you have a proper team, if you have young children, know what the routine is. Separate your work and family life, i.e. don’t answer work emails during family time. Once your family time is done, you know you've had the time with your family. If you still need to work, then clearly communicate that you're still going to work … sign-up late in the evening, or whatever it may be. But at the end of the day, it's really about making sure you have the time for each and having a proper support network. And so therefore, if something comes up and you can't pick your child up from school, or they can't do it, or whatever it may be, or even having the courage to talk, even if it's a client meeting saying, sorry, I have to pick my daughter up. You got to accept this. I mean, we all have lives. And we all have a family that at the end of the day, your family is actually more important. You know that it's really just about making sure that you set those boundaries.”
And that’s not all about Melanie,
“Yeah. I love reading. I probably read a book a week. I yeah, I used to do a lot of horse riding when I was younger. I would really like to get back into horse riding.”
1.About your work (what you do, which area you look after, can include any accolades ) ?
I lead the risk advisory business for Namibia and support the Risk Advisory business in Botswana as well. So that means I look after all risk advisory service lines.
My qualifications are: Bachelor of Business Science with Honours in Information Systems from the University of Cape Town, I am also a Certified Internal Auditor, Certified Information Systems Auditor and a Certified Information Security Manager.
2.What impact have you made in your industry/community/cyber
I believe I have driven cyber awareness at clients but also in the community as I have done numerous cyber awareness sessions at conferences, on radio stations etc. Deloitte Namibia has also published whitepapers and conducted surveys around cyber in Namibia. I believe that cyber is part of a large corporate governance agenda, personally I have also done a lot of corporate governance presentations, surveys and thought leadership in Namibia over the last 5 years.
Urvi is a Director at the Deloitte Kenya office. With an academic background in the fields of Information Systems and Actuarial Science, she started her career in the technology assurance space and believes that this gave her a suitable foundation for where she is now. As her clients began to adopt a stronger stance on their cyber security health, Urvi’s interests grew in the same direction, ultimately resulting in a natural transition to the cyber team. While at university, Urvi spent two years in the Reserve Officer Training Corps (ROTC) in the US and grew an ambition to join the military intelligence. Urvi comments, "I somehow changed track in between firing assault rifles and running endless 2-mile runs!"
Throughout her time in the cyber world, she has witnessed many changes in the industry, including an increased priority for clients to maintain a secure cyber posture, going from being ‘just an IT issue’ to becoming part of the top three discussions in any boardroom meeting or for any C-suite agenda. Urvi has also witnessed a rise in the number of female practitioners in the space.
A challenging part to Urvi’s job is constant change. She acknowledges that change is the case for everything we deal with in the business world, but adds that with cyber security, the stakes are always increasing with more pressure from the external landscape to evolve solutions to keep up with new risks and threats. Clients are also demanding more cost effective and value-adding solutions. She also highlights that balancing the two sides of the cyber security conversation, the technical and non-technical (C-Suite) clients, is always intricate and becomes an even bigger challenge when cyber professionals try to take innovative solutions to clients, addressing problems they may not yet have encountered or considered. However, the biggest challenge, she notes, is always trying to find and retain the best talent in this area. Urvi says that she always wonders if she is doing enough to constantly challenge and appreciate the team she works with.
Urvi encourages everyone to take up opportunities, speak up about personal and professional requirements and make it work for you. She resonates with something her mentor said: “You must wake up thinking about your own career and not leave it to others”. Urvi states that no one will fully understand the various challenges and hurdles a female security professional will deal with, so you should always think about yourself, and what will help you succeed, and don't be shy about discussing that. She adds that once you put yourself first, passion, confidence, always going above and beyond and being resilient will come more easily.
Throughout her experience, Urvi has learned to balance her time across various priorities and be completely honest about what she can and can’t undertake. Sometimes that means passing over opportunities in the interest of family priorities or sacrificing family time for her career. She also maintains time for personal well-being, maximising her work hours at times where she finds herself most productive and building a team that she can rely on at work and at home.
She believes the term ‘cyber everywhere’ is going to become a bigger reality within our lives and will impact clients more broadly. She also believes that Cyber concerns will be top-of-mind for clients across all industries and business domains, taking more priority in far more industries than in the past. The increased convergence of working environments (automation and integration) and the advancements that the future of work will bring will also change the cyber landscape for attack vectors and the defence solutions deployed to mitigate them. Because of the numerous cyber risk organisations, there will be an uptake in leveraging emerging technologies, specifically cognitive and artificial intelligence capabilities to augment cyber solutions.
"In our part of the world, i.e. across Africa, the regulatory landscape will also become more stringent. We see it already with the enactment of data privacy legislation in various African countries and the requirement for mandated cyber security reviews in the East. The responsibility and mandates around ensuring cyber resilience will get more demanding and stricter for organizations. I also see a pick-up in talent and skill in this area. As the external environment evolves, individuals will start upskilling and re-skilling themselves with various areas of specialization within the cyber domains"
Urvi emphasizes the importance of technical skills in cyber for further advancement in the space. She also notes that agility, communication, and boldness are important factors in growing in any field. Security is evolving at a rapid pace so to be successful; you need to be agile and flexible enough to re-skill and upskill to accommodate the landscape changes. She points out that she often witnesses "techies" struggling with communication, especially when outside their depth on the non-technical front. She believes communication is key and foundational for success. Urvi believes that the security field is a tricky area to navigate with dynamically changing demands, requiring a greater need for boldness and confidence to leverage experience one gains to "stand out and stand up" for one's aspirations.
About her work
Urvi has over twelve years of cyber, technology risk and analytics experience gained at Deloitte where she leads dynamic teams across these domains in providing value-adding solutions for clients in the financial services and telecommunications sector. She has led teams across various cyber capability areas including Cyber Risk Management and Compliance, Infrastructure and Application Protection, Vulnerability Management, and Data Privacy and Protection.
She has earned the Certified Information Systems Auditor (CISA) and Certified Data Privacy Solutions Engineer (CDPSE) certifications. Urvi also received the Top 40 Under 40 Women recognition in Kenya which recognises professional women for their ingenuity, performance and durability in their fields of excellence.
Meet the Women in Cyber Alumni
Michelle started her career armed with an electrical engineering degree. Her previous experience in industrial control systems made her realise the need to develop skills to address the cyber threat to critical infrastructure and the industrial environments. She entered the professional world with an adventurous mind looking for new challenges.
"The Ukraine power utility attack in 2015 sparked much concern in the industrial control system/ engineering space. While working as a heavy current electrical engineer, I realised that there was a gap in securing industrial control systems. We did not have enough skilled engineers who understood Cyber security. This meant that we would need to start developing skills to address the cyber threat to critical infrastructure and the industrial environments. I quickly realised that we need cross functional skills to address the emerging threat. There was a gap and I noticed that there were very few females developing in the space, so I decided to develop myself so that I may help address this need. My journey has been challenging as there are very few engineering professionals that have shaped a career in this space which meant I had little guidance. This shortage of mentors, has contributed to my passion for developing talent in Industrial Control Systems Cybersecurity."
"Engineering taught me how to learn and apply critical thinking to solve complex issues. So, in essence it prepared me to deal with a changing landscape. I learnt from practicing in the field that working in cyber security meant that I would need to continuously upgrade my skills. I became aware that cybersecurity cuts across many fields and that being open to learning from different angles and perspectives was something that I would need to do on an ongoing basis."
Within her experiences in cyber security, she witnessed cybersecurity change from being an IT risk to manage to an organisation-wide risk to manage. In her words:
"The main developments that come to mind is the change from cybersecurity being an IT risk to manage to organisation-wide risk to manage. For many centuries, technology has been for the large corporates, as time progresses, we see more individual use and exposure. Specifically in industrial control systems we have seen a major convergence in technology design and implementation. Cloud security and application security; which traditionally was in an area that information technology professionals were concerned about; are now areas that engineering professionals need to be familiar with. We are using these technology deployments to advance safety critical systems"
Michelle believes that developing talent that remains relevant is a continuous challenge in the cyber security space. The changing risk landscape means the following; we need to constantly upgrade our skills to remain relevant, and lastly, we need to create a more accepting environment, one where learning is encouraged, and different skillsets and attributes welcomed. Women need to be given the space to navigate the changing landscape.
"I love being outdoors in nature. There is a beauty that exists there, something we may never experience from behind a computer. Pictures, videos and VR just aren't as impactful as experiencing it in person for me."
About me work
Michelle believes that secure digital business is a way of life going into the future. She uses her engineering and leadership knowledge and experience coupled with her passion for understanding people’s digital behaviours to secure business. Her work experience includes power utilities; which includes nuclear power; cyber security strategy, including operating model design, culture transformation and cyber-risk management.
Lead the development of cyber emerging technology services and solutions to help secure business and city strategy as we digitise and leverage Industry 4.0.
Michelle is a professional electrical engineer (Pr.Eng) and Certified Information Security Manager (CISM) endorsed by the international cybersecurity professional body, ISACA. Passionate about risk management, she has achieved a postgraduate diploma at the University of South Africa in applied risk management. Michelle leads multidisciplinary teams to deliver on Industrial and Emerging Technology cyber risk strategy. She is presently serving as a director on the Circle of Global Businesswomen (CGBW) board, where she contributes in a professional technical and leadership capacity.
What impact have you made in your industry/community/cyber
"I chair the South African Institute of Electrical Engineers (SAIEE) Cybersecurity chapter. The chapter objective is to advance the technology and leadership in the Electrical, Electronic Engineering fraternity. We do this by sharing cybersecurity knowledge that assists with solving complex problems such as developing safe and secure Industrial 4.0 systems, smart grids and cities, control systems and process automation. Where possible I speak on panels and coach and mentor upcoming engineers in the field of cybersecurity."
“I can help you contain a cyber-attack but often there is reliance on other controls like manual operations or backups to effectively recover an organisation.”
Bavani’s studied systems engineering which laid a good foundation for her role in cyber security. She attained her ISO 27001:2013 Lead Auditor and Implementor certification in 2018 which she believes helped to “put the pieces the together”.
In Bavani’s cyber tenure, she has witnessed the maturing of security teams within various organisations, specifically in the migration of many systems to cloud offerings, adoption of privacy laws and regulations and an increase in organised cyber-crime. She has seen bigger budgets assigned to cyber security in the last few years as it has attracted more of the board’s attention. Bavani also notes that OT technologies that used to reside on their own network without access to the internet are now moving towards being remotely available.
Bavani adds that the pandemic has brought on a new way of work and living, with more remote working, online shopping, in-home entertainment and the like. The developments in IoT have introduced additional risks for the home and telecommunications providers will need to improve security on their services to keep their customers.
This new normal also means that everyone needs to be more vigilant and aware of security. OT technologies now more than ever need to be remotely accessible; she expects to see more innovative ways to secure OT environments with minimal impact to production. She believes skills shortages and a lack of sharing experiences will see more organisations adopting Security-as-a-Service offerings/managed services opposed to in-house teams. As IOT and OT technologies evolve, there will be a massive learning curve for cyber security professionals to secure those environments. POPI legislation will affect what security controls organisations implement, so she hopes there will be less unclassified data. People are more aware of their rights with regard to confidentiality of data so organisations will have to step up their controls.
When asked what attracted Bavani to the Deloitte Cyber team, she replied with the following:
“The strong skill set within the team, the people who are more like an extension of my family and of course the brand. I left Deloitte for a year and I noticed that when I told clients at my other organisation that I came from Deloitte, their attitude changed towards me. For me, Deloitte is associated with quality.”
About her work
Bavani leads the Crisis and Resilience practice at Deloitte Africa Risk Advisory. She has over 15 years IT operations experience as an Infrastructure / System Engineer. She has also fulfilled the role of a service delivery manager for the Deloitte Cyber Intelligence Centre SOC service from its inception until 2019.
Angela is a dynamic mother of three and serves as the Business Information Security and Privacy Officer at Nedbank Wealth. She completed a Bachelor of Commerce in Informatics, an area of study which exposed her to a myriad of facets of information technology, and has since completed her Honours and Masters, granting her more specialisation and opportunities.
She believes that opting to study informatics afforded her a baseline understanding of security and a doorway into the security industry. Gaining insight into the domain of cyber security in the 90s wasn’t as straightforward as completing a related degree. Instead, her knowledge was acquired through an eclectic exposure to various aspects of what is now a more established security industry and defined skillset. Her exposures to cyber security came about through her qualifications, software development, and a continued learning experience, allowing her to analyse, manage and work with different technical components.
Her experience in the IT world has been one in which there is “never a dull moment”, and through which she has come to realise just how everchanging the security environment is, granting individuals unlimited growth in both skill and opportunity. Based on this experience, she also believes that the security domain offers one the highest potential to remain relevant as a professional, given the diversity of areas within the industry, the numerous opportunities to make impactful differences, and the constant conversion of curiosity into passion.
Angela believes teleworking will become the new norm with the skills gap remaining a short-term challenge while the demand for these skills continues to outweigh the supply. In her view, mass adoption of cryptocurrencies will increase opportunity for cyber criminals using techniques such as cryptojacking: the use of unauthorised hardware resources to mine cryptocurrencies. With changes in cryptocurrency and large sums of money moving from traditional banks and exchanges to crypto banks, Angela believes that endless opportunities for industrial expansion and skill specialisation, adding that she believes supply chain risk management will remain a relevant risk category within the cyber domain and that the social engineering attack vector will continue to reach unimaginable levels of complexity and sophistication. She maintains that financial gain will remain the most common incentive for cyber criminals and that there will be an increased need for more enhanced controls through regulatory and legislative requirements.
The most challenging aspects of Angela’s role include the following:
Balancing her time between work and home is done through prioritisation. By assessing the risk, Angela believes that there will always be more things to do than what we have time or capacity for, and so we should learn to distinguish the grenades from the rocks, and the rubber balls from the glass balls. We should catch the glass balls first; we can always catch the rubber balls after they bounce back.
Angela believes the role of a mentor is to provide encouragement, help to achieve personal career goals, and experience that cannot be learned from books or theory. Mentors should impart an appreciation of the culture in and the reality of the workplace. Angela’s own mentor helped instil a new perspective, reminded her to check the basics, and aided her ability to understand the organisation’s culture. Most importantly, her mentor maintained a safe environment for her to learn through her mistakes.
Angela's professional advice includes the following:
Lesego Moepi is an Information Security Officer (ISO) at Sanlam Investment Holdings.
“I think Cyber Security chose me. Thinking back to my student days, I don’t think I ever thought I would end up in Cyber Security, let alone to even know it existed. Everyone in my circle was talking Programming, Desktop support, Business Analysis, SAP Support, Lecturing etc. Cyber Security was not a ‘thing’. I was more interested in Business and System Analysis. When I completed my studies, I started applying, a year later without a job in IT, I started sending my CV to everyone, even those companies that were not advertising.”
She found her first few months on the job extremely challenging, after which, she registered for a short course on an Introduction to Information Security and Computer Networks, which is when she started to see a light at the end of the tunnel. Her boss at the time recommended completing the CompTIA Security + which she conquered and helped ignite her passion in the field of security.
According to Lesego, the security domain has moved from being a responsibility of the ISO to being an everyday responsibility.
“Security has evolved quite a lot from being a responsibility of the ISO to being a responsibility for all every day. With the ever-growing Cyber threats and regulations Boards, EXCO teams are finally acknowledging the ISO and adding Cyber Security as a standing item on their agenda. Business users are realising the ISO is not the enemy – we are all fighting a battle against Cyber Criminals.”
With the continued development in cyber security, Lesego expects Cyber Security to be one of the the biggest business enablers with a continuous focus on educating and empowering the ‘human firewall’. She also believes there will be an increased adoption of AI as well as cloud for non-critical systems.
Lesego believes in order to grow in the cyber field, one needs not only a technical background, but also communication skills. The fundamentals of security across various platforms are essential and forms part of your basic toolkit.
Lesego is an optimist, who believes tomorrow can only be better than today.
“You learn your lessons. It’s all about continuous improvement.”
About her work:
Lesego has been working as a Cyber Security professional for just over 15 years with experience in protecting sensitive and personal identifiable information for both private and public sector. Implementing Cybersecurity Resilience, Information Security Management System and providing Information Assurance Maturity. She is skilled in minimising Information Security Risk, ensuring business continuity, pro-actively limiting the impact of a cyber security breach and protecting the crown jewels in accordance with industry best practice, standards, regulation, legislation, and enterprise control frameworks. She has earned Certified Information Security Manager, ISO27001 Lead Implementer and Security + Certifications.
Jeneva is a Consultant at Deloitte Cyber Security Centre (SOC) with over 2 years’ experience. She holds an Honours in Computer Science and has obtained certifications in Splunk Fundamentals 1&2 and Microsoft Azure Fundamentals. She focuses on security event monitoring and reporting on SIEM platforms like ArcSight and QRadar. She had an opportunity to work as part of the SOC response team, responding and investigating security incidents and breaches on various Microsoft products such as Cloud App Security, Azure, Defender Security Center, Defender for Identity, 365 Security and Office 365 Security & Compliance. She has also had experience in the role as a Junior Consultant at the Deloitte Risk Advisory TAA – Assurance in 2018 where she was exposed to multiple IT audit engagements with clients from various industries.
Skills Jeneva recommend having as a SOC analyst include:
1. Having analytical skills to be able to approach problems from multiple angles.
2. Always researching and learning new information, building the natural curiosity that when you see a problem or a new technology, you naturally go to find the answer.
3. Keeping up to date with IT Security trends.
Jeneva acknowledges the following trends coming to light in the near future:
• Cyber will become more involved in our personal and business lives. Looking at where the digital world is now, most of our critical systems are interconnected by computers. In the future, this connection will be stronger, and more decisions will be automated
• Our personal lives will be dependent on virtual assistants, and IoT connected devices will be part of almost every function of our daily lives
• Personal data will reside in cloud computing, where we don’t fully control the dataflow and access to information
Visit the Women in Cyber Africa page for more details.
Noelle initially studied Political Science and History. She completed IT certifications as part of her transition into Information Technology, which provided her crucial technical knowledge. Thereafter, she completed a master’s degree on Military Research and Development in South Africa which provided her with an understanding of national systems of innovation. In addition, she achieved a certificate program in cyber security which helped bring all of her previously acquired skills and roles together.
Noelle’s career began as a researcher working on military topics. She later moved into IT (networking) and then into digital education. The confluence of security and IT attracted her to the growing field of cyber strategy, particularly geostrategic cyber threats as well as training and education pipelines.
Over the past 10 years Noelle has watched cyber security almost explode in terms of importance and interest. Whereas, initially it was a primary concern for the IT Department and now it has become a major global, corporate and societal issue. Noelle expects cyber threats to become far more systemic with significant collateral damage to both public and private entities. In general, cyber-attacks will cause wider, more expensive destruction. Due to global geostrategic fragmentation, the increased weaponisation of cyber-attacks and disinformation will necessitate a higher, more frictionless level of cooperation between the public and private sectors. Advanced Persistent Threat groups will increasingly act as both criminal entities and political proxies. In the commercial environment, cyber security will continue to move beyond its technical dimension and become a mainstream business and management prerogative with softer skills such as digital leadership becoming key.
“Working in Cyber in a developing region requires persistence and a certain amount of innovation in order to overcome both resource challenges and elevate messaging around cyber security and its importance.” said Noelle. “Building effective networks and communities of practice requires long-term commitment and a significant amount of time investment. Added to that, due to capacity constraints, cyber practitioners here need to be ”force multipliers” and able to work across a multitude of fields and levels.”
One of the most challenging aspects of Noelle’s role is staying on top of developments, trends and the latest readings and reports as this involves bridging between all the different aspects of cyber which includes political, technical and training environments.
Noelle advises young women (and men) who want to become successful security professionals to develop an array of skills which encompass technical and soft skills. Furthermore, gain as much exposure to the general cyber security work environment in order to form good foundational knowledge which will lead them to a suitable specialisation.
Lutfiyyah Ahmed is a privacy consultant and assistant manager. She focuses on providing regulatory advice to clients, particularly within the privacy domain and assists in managing cross-functional privacy projects. Much of the work she currently does revolves around understanding business objectives and operations, recommending controls and assisting in end-to-end compliance projects.
The first time she encountered the field in a way she could appreciate it was when she started out as a candidate attorney in the technology, media and telecommunications department at a law firm.
"The fact that in South Africa, privacy is a constitutional right and I got to be a part of furthering that right through assisting clients with privacy and data protection projects in the comfort of being a commercial lawyer gave me a lot of motivation and fulfilment."
Once she joined Deloitte as a consultant, that inspiration and motivation grew through the larger scope of application of the data protection aspects that were much more limited at the law firm, which allowed her to be part of more practical applications, assisting in implementation projects and becoming more involved in awareness initiatives through providing practical training.
Lutfiyyah started her career pursuing engineering, which she believes gave her a good base for grasping the more technical aspects of her current role and assisted in developing critical thinking and detail oriented skills. Her law degree assisted in allowing her to understand and apply requirements from a legal perspective and enhance communication skills through, for example, emphasis on the importance of diction. The combination of the two has given her a great foundation for assisting in developing and delivering on privacy and data protection engagements and obtaining a deeper understanding of the greater purpose to what is required.
The most recent key developments within the privacy and data protection space is the coming into full force and effect of South Africa's data protection legislation and the Cybercrimes Act. Many jurisdictions appear to be prioritising data privacy and protection legislation and initiatives. The need for formal regulation in South Africa had been a gap for many years and the introduction of these pieces of legislation are a welcome starting point. A Draft Data and Cloud Policy has also been released for public comment earlier this year.
Trends Lutfiyyah expects to see in the next 10 years include; an increase in regulation of cybersecurity and privacy and enforcement around data protection as cyber-attacks and breaches continue to increase. With this in mind, regulation often struggles to keep up with the rapid evolution of cybercrimes and therefore businesses are likely to need to ensure that they are keeping up-to-date with the evolution of cybercrimes and continuously monitoring and updating their cybersecurity practices. A positive, is that companies are showing a greater appreciation for awareness initiatives and are rolling these out more often.
"The aspect of my role that I find most challenging is stressing the importance of privacy beyond compliance to some organisations. I believe that because organisations are sometimes so tied up in complying, they forget the purpose of what privacy legislation sets out to achieve and are often blind to the business value that compliance can bring such as increasing trust and efficiencies. Complying with privacy requirements can be a massive task, especially for businesses with little to no previous privacy programmes; however some organisations want to rush compliance and end up getting it wrong. I have seen many organisations implementing a range of policies or security controls without assessing whether such measures are even required. Despite such challenges, wherever I can, I do like to try to spread as much awareness and provide as much assistance as possible to allow organisations to make more informed decisions."
Three skills Lutfiyyah recommends to young professionals to become successful data privacy professionals include:
Multi-disciplinary skills – do not think in silos when it comes to privacy; it is very easy to focus on one aspect but to obtain true value and do privacy correctly, you need to be able to acknowledge that there are a range of elements that are needed to work together. Even if you are not an expert in another discipline make the effort to obtain a foundational knowledge in areas affecting privacy and data protection that may not be within your core capability, in order to bring greater value your main function.
Communication skills – communication is key; actively listening to and understanding your clients' objectives will help you to advise clients appropriately and tailor projects to the clients specific needs.
Agility – being agile in this field is quite important especially in large-scale projects where you may need to change approach and customise solutions based on changing client requirements.
The 3 best pieces of advice she has ever received includes:
When you have a problem, do not dwell on it – accept the challenge and come up with a solution. Some of her most treasured solutioning experiences came out of "problematic" projects which ended up being quite satisfying to complete.
The first rule of any engagement is to understand the question. Sometimes we can be too quick to prepare things but always going back to the root question or purpose is important to ensure that you give your approach the proper direction and achieve the appropriate outcome.
Enjoy the journey!
Lutfiyyah states at the start of her career, she had poor time management skills due to wanting to perfect everything and not wanting to rely on others for help – which, though she was also able to learn a fair amount on her own, ultimately led to a lot of late nights, stress and burn-outs. Through experience, she has learned the importance of reaching out to colleagues to assist in expediating the development of solutions through knowledge sharing; listing, assessing and assigning priorities to workloads; as well as the importance of managing expectations (both clients and internal team). The combination of these has allowed her to manage her time more effectively; while also keeping those working with her happy.
Jeneva is a Consultant at Deloitte Cyber Security Centre (SOC) with over 2 years’ experience. She holds an Honours in Computer Science and has obtained certifications in Splunk Fundamentals 1&2 and Microsoft Azure Fundamentals. She focuses on security event monitoring and reporting on SIEM platforms like ArcSight and QRadar. She had an opportunity to work as part of the SOC response team, responding and investigating security incidents and breaches on various Microsoft products such as Cloud App Security, Azure, Defender Security Center, Defender for Identity, 365 Security and Office 365 Security & Compliance. She has also had experience in the role as a Junior Consultant at the Deloitte Risk Advisory TAA – Assurance in 2018 where she was exposed to multiple IT audit engagements with clients from various industries.
Deloitte’s phenomenal reputation and a cyber team that consists of a diverse mix of cyber professionals across the globe attracted her to the cyber team. Working in cyber meant being constantly challenged, learning and growing. Aided by her technical/industry specific training and qualification, she was able to take on her new responsibilities.
"My studies helped in attaining basic knowledge of networking, operating systems, scripting etc. Joining the cyber team was very challenging but with the knowledge I had from my studies, I managed to quickly understand my role."
Jeneva acknowledges the following trends coming to light in the near future:
Cyber will become more involved in our personal and business lives. Looking at where the digital world is now, most of our critical systems are interconnected by computers. In the future, this connection will be stronger, and more decisions will be automated.
Our personal lives will be dependent on virtual assistants, and IoT connected devices will be part of almost every function of our daily lives.
Personal data will reside in cloud computing, where we don’t fully control the dataflow and access to information.
Jeneva looks up to all women in Cyber security lead roles as they inspire her to know that she can also become a leader in the industry.
Her 3 pieces of advice include:
1. Believe in yourself, you can do anything as long as you put your mind to it.
2. Identify the area you would really love to focus on because cyber security is broad.
3. Always ask questions when you don't understand and do your research.
Jeneva's biggest challenges include working on her technical skills which are required for various platforms as well as constantly keeping up to date with changes in the digital world as cyber threats are increasing and technology is changing every day.
Skills Jeneva recommend having as a SOC analyst include:
1. Having analytic skills to be able to approach problems from multiple angles.
2. Always researching and learning new information, building the natural curiosity that when you see a problem or a new technology, you naturally go to find the answer.
3. Keeping up to date with IT Security trends.
About her work.
Jeneva is a Consultant at Deloitte Cyber Security Centre (SOC) with over 2 years’ experience. She focuses on security event monitoring and reporting on SIEM platforms like ArcSight and QRadar. She had an opportunity to work as part of the SOC response team, responding and investigating security incidents and breaches on various Microsoft products such as Cloud App Security, Azure, Defender Security Center, Defender for Identity, 365 Security and Office 365 Security & Compliance. She has also had experience in the role as a Junior Consultant at the Deloitte Risk Advisory TAA – Assurance in 2018 where she was exposed to multiple IT audit engagements with clients from various industries.
Ronewa’s inspiration for security started when she had to do a presentation on cyber security in one of her third-year courses. That presentation had her wondering why the university did not have a course on cyber security since it’s such a big part of computer systems. Ever since then, she has had an interest in the prospect of protecting organisations' digital assets and intelligence from security breaches.
Ronewa studied Electrical and Computer engineering where she obtained hundreds of classroom hours in Networking, Computer Sciences and Electronics. These modules are foundational in understanding cyber security concepts. She has been building on the knowledge she has gained from university ever since joining the cyber security team.
Over the course of her time in cyber, Ronewa has seen that digital transformation has rapidly been pushed by COVID-19 and the need to move individuals working in offices to working remotely from their homes. Over the two years, she has experienced companies paying more attention on their remote working solution to reduce the ever-expanding attack surface. In addition to that, she has witnessed ransomware (delivered via social engineering tricks) being the weapon of choice for cyber criminals, this resulted in companies doing more social engineering awareness campaigns.
Cyber Security is constantly evolving as the cyber-attack surface increases. According to Ronewa, the most challenging part of being in cyber security is continually learning, unlearning, and relearning however this is makes cyber security exciting.
Ronewa recommends that young women (and men) that aspire to be security professions focus on technical aptitude (basic network skills), cyber security concepts, hands on experience (e.g. get your hands dirty with Capture The Flag), paying attention to detail and have a desire to learn. The best advice Ronewa has received is, ‘your mind is your only limitation; you can do everything you set your mind to’.
To attract more women to cyber security Ronewa believes that cyber security must be introduced as a possible field of study to high school/primary school girls. One thing she realised was that cyber security was not introduced as a field kids can look up to doing, mainly because they do not understand what we do in the field. We can start campaigns to introduce girls to the cyber security field.
To manage time effectively Ronewa keeps a mental ‘to do list’ daily where she plans tasks based on priority which also includes the amount of time the task should take to complete. She takes advantage of her most productive time of the day to get the most done during that period. Furthermore, she makes sure to have small wins daily that will result in a bigger win at the end.
Ronewa is her happiest when she does something that sparks her creativity. She cannot commit to one hobby as she enjoys running, exercising, cooking, hairstyling, hiking and arts and crafts.
Ronewa Ndou adds over 2 years of experience to her role as a consultant at Deloitte. She joined Deloitte as part of the Cyber academy in 2019 and since then, has been part of the Infrastructure Security service line which provides a highly specialised and professional cyber security service to ensure the availability, integrity and confidentiality of IT systems. Prior to joining Deloitte, Ronewa completed her BSc Eng. Electrical and Computer at the University of Cape Town. Ronewa’s role involves conducting Internal and External Vulnerability Assessment, Web application Assessments, Wi-Fi security Assessments, Social Engineering assessments, Device Secure Configuration Reviews and Remote Working Reviews.
Ronewa is part of the group of ladies that are helping drive the Women in Cyber initiative which helps and empowers women to succeed in the cybersecurity field. She believes she has helped raise awareness to Phishing Attacks at clients through Social Engineering assessments that are designed to educate and train employees to prevent socially engineered attacks.
About my work
"Ronewa Ndou adds over 2 years of experience to her role as a consultant at Deloitte. She joined Deloitte as part of the Cyber academy in 2019 and since then, has been part of the Infrastructure Security service line which provides a highly specialised and professional cyber security service to ensure the availability, integrity and confidentiality of IT systems. Prior to joining Deloitte, Ronewa completed her BSc Eng. Electrical and Computer at the University of Cape Town. Ronewa’s role involves conducting Internal and External Vulnerability Assessment, Web application Assessments, Wi-Fi security Assessments, Social Engineering assessments, Device Secure Configuration Reviews and Remote Working Reviews."
What impact have you made in your industry/community/cyber?
"I am part of the group of ladies that are helping drive the Women in Cyber initiative which helps and empowers women to succeed in the cybersecurity field. I believe I have helped raise awareness to Phishing Attacks at clients through Social Engineering assessments that are designed to educate and train employees to prevent socially engineered attacks."
Theresa is a Senior Consultant in Cyber Risk. She enjoys Cyber Security as it is a career that is not repetitive and structured. She completed her undergraduate degree with majors in both Information Systems and Finance and Investment. Thereafter, she completed her Honours in Information Systems which taught her how to work in unstructured projects and expanded her analytical skills. Her analytical, critical thinking and problem-solving skills are demonstrated within her involvement in advisory and assurance projects. She has also gained experience from working in various industries such as the finance, mining, logistics, transport, food, manufacturing and telecommunications industries. She is committed to providing quality work and growing her career in the cyber security field. She believes that it is important to be a well-rounded security expert as everything interlinks in cyber security. Over the course of her time in cyber she witnessed more companies moving their infrastructure to the cloud. This is how she put it.
“There have been various trends in the cyber security space over the years. More and more companies are moving to the cloud and thus starting to realise the importance of cloud security. Companies are also improving their security posture of their remote working practices (which came about because of the pandemic)”
Furthermore, she expects more South African companies to automate their cyber security controls in order to detect and respond to cyber events more effectively and efficiently.
Cyber security is a fast paced field that that requires time management, The most challenging aspects of Theresa’s role is implementing a work-life balance, working on new challenging deliverables, studying and keeping up to date with the latest trends/news. Theresa believes the following should be done to attract more women to cyber security.
Offer training and support to women
Training should not only be technical but soft skills
Promote the cyber security path to women in high school and university as not everyone knows how to enter this career path
Create a gender-inclusive culture.
Calista is passionate about cyber security as the complexity and breadth of the field keeps her mind curious and energised.
“IT is predominantly male-dominated making it difficult for aspiring females to grow in this field. A woman getting her voice heard and advancing her career takes longer than male counterparts as, by nature, men promote other men as this is what is familiar and has been the norm. Times are changing though as more and more women are taking up space in this area. In order to attract more women in cyber and IT, it is important to find male sponsors that are already thriving to support upcoming women. In addition, the organisation should create awareness around the women that have potential and can excel in this profession”.
To become a successful security professional, Calista believes that one should do the following:
Get the foundation in order to understand the field and get the right education and qualifications
Focus on your communication skills, both verbal and written. Your skills can only take you so far but your ability to communicate clearly will take your career further.
Build a sound network of like-minded professionals and mentors. This will assist in accelerating your career.
Her career in the field of IT happened as a consequence of the degree she studied. Growing up, she never saw herself pursuing a career in IT. Her dream was to be a Pharmacist, despite meeting the criteria to study in this field, she could not get a place to study pharmacy at the only university she had applied to for studies. The next best option that came to mind was studying Computer Science despite her limited knowledge of this field. The course curriculum sounded exciting and was closely aligned to her strengths.
“It is amazing how things worked out in the end. I now hold a BSc Honours in Computer Science. This foundational phase of my studies helped me understand the fundamental building blocks of technology”.
As technology advances and most environments become more and more complex, Calista anticipates more regulatory requirements to protect information assets. During this complexity, Calista also anticipates that cyber security will not stand as a separate field but rather be embedded in all aspects of technology and businesses to allow for the management of the cyber risk. Finally, she also anticipates an increase in the number and sophistication of cyber-attacks.
About her work
Calista is a Senior Manager in Cyber Risk Services within Africa Risk Advisory. She has more than 10 years’ experience in leading the delivery a broad range of Cyber and IT assurance engagements including but not limited to Cyber capability and maturity assessments, SWIFT CSP attestations, ISAE 3402 reviews, IT Governance reviews, IT Risk assessments, Internal and External IT audits. Calista has worked across multiple industries including Financial services, Manufacturing, Automotive, Life sciences and healthcare, Hospitality and Mining. She holds a BSc. Honours in Computer Science and is a Certified Information Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) and also holds the Microsoft Azure and AWS Cloud Foundations.
Click below to access the latest articles and media from Deloitte Cyber
Learn how Deloitte’s Women in Cyber campaign is building a community of women cyber professionals to help cultivate more diversity in an industry with millions of open jobs.
Read more
In an ever-changing digital landscape, the only certainty is that cybercrime will continue to grow. An increase in cybercrime means a need for more Cyber Talent – there will be a reported 3.5 million open cyber positions in 2021.
Read more
The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called "Wisdom From The Women Leading The Cybersecurity Industry," we had the pleasure of interviewing Emily Mossburg, Global Cyber Leader at Deloitte.
Read more
Rene talks about zero trust, trends in security breaches, sustainability in cyber, and encouraging women to enter the cyber industry.
Read more
Trust is the cornerstone of every relationship. It’s the foundation for each interaction you have with employees, vendors, supply chain partners and customers.
Whether you’re handling transactional or personal data we ensure that it’s gathered ethically, managed with integrity and properly safeguarded. From this basis of trust, we help you ensure all the ways you work, collaborate and engage with stakeholders, remaining sustainable and secure as you grow.
Read more
We need more like us. We need more like you. Join us.