In this day and age, it’s no secret that women are underrepresented within the field of cybersecurity, making up approximately 11 to 25 per cent of the workforce. We want to bring more awareness to careers in cybersecurity and shine a light on women currently working in the industry, like Susie Jones.
Every day, business owners are hearing about the cyber risks threatening their business. But with the rate of change in cybersecurity accelerating, many smaller businesses are simply being left behind by an industry designed to solve the problems of larger enterprises. These small businesses are some of the most at-risk and underserved parts of today’s economy, despite being the backbone of every society. Finding a way to help business leaders take back control of their risks is where Susie thrives.
Susie Jones is the CEO and Co-Founder of Cynch Security and is an experienced cybersecurity, risk, insurance and innovation leader passionate about solving cybersecurity challenges faced by small businesses. She is also Victoria’s Cyber Strategy Mission 2 Expert Advisory Panel Member and Cyber Industry Advisory Board Member at RMIT University.
In this Q&A, we discuss with Susie her entry pathway into cybersecurity, her journey co-founding Cynch Security, common misconceptions about starting a career in cyber, and advice for women interested in breaking into the field. We also talked about the cybersecurity challenges small businesses face today and what these businesses can do to be better protected from looming cyber threats.
To kick things off, what did 5-year-old Susie want to be when she grew up?
For the longest time I was 100% sure I was going to be a lawyer – I only changed my mind when I realised as a teenager that I might not always win, even if I was right, and so the idea lost its charm!
There have been varying studies over the years in Australia that suggest the percentage of women working in cybersecurity floats around 11% to 25%. Tell us about how you ended up working in cybersecurity?
I started my career in insurance and risk management, and climbed the corporate ladder using that expertise. It was that expertise that led me to meeting my now co-founder, Adam, at my previous employer.
We realised that by combining my risk management and business acumen with his technology and cybersecurity expertise we could create a really powerful solution to a very human problem.
We will do an introduction before this but could you tell us a little bit about Cynch Security and your current role?
At Cynch, we are dedicated to supporting small business leaders to build cyber resilience, or what we call cyber fitness. Our core product is a cyber risk management SaaS platform that translates all the complexity of cyber into plain language, actionable steps that those without technology backgrounds can implement themselves. We also support large organisations that have a large number of SMB suppliers to measure and improve their third party cyber risk.
As CEO, I lead our business operations, sales and customer success.
What motivated you to start your own cybersecurity company in the first place?
In a prior role at my previous employer I was fortunate to be invited to speak to a number of small business owners who had suffered a data breach. Their stories of the emotional impact those breaches had on them as well as the financial loss showed me the human side of cybersecurity, and once we came up with an idea of a solution we just had to take the leap.
In your opinion, what are the most significant cybersecurity challenges faced by small businesses today? How can they better protect themselves from cyber threats?
The biggest challenge in my opinion is that in order to avoid an incident the business needs to get it right 100% of the time, whereas the cyber criminals only need to get it right once. That’s why we talk about building and maintaining cyber fitness. Because the fitter a business is when they fall victim, the easier it will be for them to recover – just like with physical fitness.
Small and scaling businesses often lack dedicated IT departments and resources. What are the practical and cost-effective measures you recommend to enhance their cybersecurity position?
Password management and access control is fundamental – if an attacker can’t get into your accounts through a virtual front door, they are more likely to either move onto another victim or they will need superior skills in order to find another way in. Reusing the same password across multiple systems is as damaging as leaving all the windows and doors of a building unlocked and open – make the criminal have to work for it.
How do you recommend small businesses approach employee education and training to foster a culture of cyber security awareness?
Openly talk to your team about security and scams that you’ve seen around. Share examples of phishing emails, provide password management software. Basically, be intentional about your security.
Can you share more about your journey as a woman working in cybersecurity?
99% of the time my gender has no impact on my working life. I think it may have been different if I’d started my career in this industry, but I didn’t. I experienced much more sexism and gender bias against me when I was working in insurance and risk management.
What is your advice for women looking to break into the field of cybersecurity?
If you’re changing careers, then lean into whatever skills you have already developed and look for roles where you can use them also. If you’re just starting your careers, then look at the roles being advertised and seek out skills listed.
Are there any specific educational paths, certifications or general resources you recommend to upskill or get support / meet people in the field?
Attending conference are a great way to get access to a variety of people in difference security fields, so I’d recommend that over formal training for most.
What do you think are some common misconceptions people have about a career in cybersecurity? What do you wish more people knew?
That you have to be a technologist to add value in this industry and it’s just not true. I’ve known plenty of people who were great with computers but couldn’t make in the security, just as I know plenty of people like myself who are successful without a tech degree.
With the rapid advancement of technology, what emerging trends or areas of cybersecurity are you particularly interested in right now?
I know there’s a lot of investment going into access management and control and I think this will continue for many years to come.
What steps can be taken to encourage more women to pursue careers in cybersecurity and increase gender diversity in the industry?
The language used by many in the industry is overly complex and unappealing to many women. We need to talk like normal humans if we’re going to be able to convince more women that the field is interesting.
What is your favourite piece of advice you’ve been given?
When you feel like you don’t know what you’re doing, remember that everyone else is just making it up as they go along too.
And just for fun… What is your favourite way to waste time online?
Watching movie trailers!
Want to join our thriving community of digital-loving, career-driven, diversity-championing humans and get access to exclusive members-only opportunities? Join the Women in Digital Membership today! Click here to learn more.