Levelling out the playing field: How networking opportunities expand the reach and diversity of the cyber security sector
Published: 8 Aug 2024, 7:10 p.m.
Creating spaces and opportunities where people can engage with the positive potential of cyber security drives much of Dr Clare Johnson’s work – both as a cyber security specialist in IT consultancy, and as a champion of gender diversity. Prior to joining ITSUS Consulting as Cyber Capability Consultant, she spent almost 20 years working Further Education and Higher Education, so is well versed in the academic as well as the commercial challenges and potential of the field. With funding from CyBOK, backed by the Welsh Government, Clare’s team delivered a series of workshops to local authorities in South Wales as well as Masters’ students from Cardiff University, helping more people to understand and benefit from the project’s core knowledge base.
What drew you to CyBOK and how did you come to be involved with its outreach work?
I was very much aware of CyBOK because the programme underpins some of the courses that I used to deliver when working in HE. When I saw the opportunity to apply for some funding, I was keen to translate my academic experience with the content into something that was relevant in the sector I work in now, which is cyber security for commercial purposes. CyBOK offers an enormously comprehensive body of information that our public sector clients can benefit from. The fact that it’s free of charge and open source also means that this wealth of knowledge can be widely disseminated. The work that we do in the consultancy is focused on networks and infrastructure, and we were aware that for many local authorities, their cyber security posture isn’t as good as it could be – partly because they have limited resources, and partly because without the infrastructure in place, it’s hard for them to keep up with the pace at which cyber security is developing. Our goal was to help them to improve their cyber security knowledge and posture by getting them to consider certain key policies and understand the relevant frameworks.
How did you go about engaging people with CyBOK’s knowledge base?
We wanted to encourage people to think about the potential risks and consequences of a real-world scenario, so we ran an exercise in small groups, working through ideas of how they might mitigate a malware attack by a hypothetical disgruntled employee. We chose to focus on a few key areas that we knew would be relevant to local authorities, including areas that they may not have previously considered – Human Factors, Security Operations and Incident Management, Adversarial Behaviours and Malware and Attack Technologies. We then mapped their discussions to CyBOK, which helped everyone to understand the value of understanding and applying this expertise. Interestingly, when we rolled the workshops out with Cardiff University students, they similarly gained a deeper appreciation of the real-world scenarios, because their prior engagement with the subjects was primarily academic.
Why do you think CyBOK garners so much interest across both the commercial and academic sector?
There is so much information out there that it can be difficult for people to know what they can trust and what they can’t. Having an authoritative source is really helpful. The fact that it is open access plays a big role, as well as the fact that it is a comprehensive resource backed up by experts. People participating in our workshops certainly appreciated the gravitas that CyBOK lends to what we do – instead of us, as consultants, simply advising them that they needed to change their culture and engage with cyber security, they had an engaged understanding of the risks and the potential, and they could see our advice was backed up by expert information.
What impacts have you seen emerge from your work?
The initial event was great because it generated discussions amongst different local authorities who wouldn’t necessarily have spoken to each other. It enabled them to share knowledge as well – where some were at the early stages of their information security journey, others were further down the line and could share their insights. Building those networks for people to talk to each other after that initial event was definitely beneficial. We’ve had conversations since with local authorities who are implementing technologies to support them in observing what’s going on in their networks. That might have happened anyway but running these workshops definitely created an awareness of the need to do that. The local authorities we worked with now have the tools to advocate for their colleagues to apply more of a focus on cyber security. There are complementary resources as well that they can now access, which has been really helpful. For them to see that there are tools and practices that they can implement is critical for the safety of the information that they hold. You’ve written about the skills gap in the cyber security sector. From your perspective as the founder of Women in Cyber Wales, what role do you see CyBOK playing in the effort to address both the skills and gender disparities? I think it comes down to the transparency of the information that’s out there. If you think back to times when an IT technicians would fix a problem with your computer, it used to be a mystery what went wrong and how they fixed it. CyBOK takes away that level of mystery; you can see everything that the experts think you should know about cyber security, which can be empowering for anyone who needs to understand or is curious about a subject. For instance, if you’re going for a job interview that was focused on digital forensics, CyBOK has all the information you need to inform yourself about that. It allows you to find out about the unknown, which is a huge confidence-builder. In turn, that improves how you show up in an interview and your chances of getting a job. In that sense, CyBOK is helping to level out the playing field. The UK Cyber Security Council is using CyBOK for its career pathways, which is another testament to how sound it is.
What’s next?
I’d be interested to explore how we might specifically focus on increasing diversity in the sector. When we run any technical sessions, women often don’t attend because they feel intimidated by the fact that it can still be a male-dominated field. Running technical sessions as part of Women in Cyber Wales is something I’d be interested in, to raise awareness of CyBOK and engage more people in the field. More broadly, there’s a long way to go. Cyber security awareness is improving and that’s a really good start. Companies are understanding that if they have a more diverse workforce then they will tap into more information and experience. The ball is certainly rolling, and anything more we can do to make that cultural shift happen has my support.