DISABILITY INCLUSION: SEEING DIFFERENCE AS STRENGTH P8
SUPPLY CHAIN DATA BREACHES AND WHAT YOU AS AN INDIVIDUAL CAN DO
YOUTH-LED CO-CREATION: THE NEXT WAVE OF SECURITY THINKING P30
SAFE KIDS, STRONG COMMUNITIES: WHY CHILD PROTECTION IS A SOCIAL ISSUE, NOT JUST A FAMILY ONE P72
Fresh off the back of an Easter long weekend, I’ve been thinking about bridges. Not the steel and cable kind, but the ones we build between people, stories and sectors. The quiet, often unseen, work of connecting worlds that don’t always speak the same language, but clearly share the same mission: safety, trust and inclusion.
This edition of Women in Security is a celebration of those bridge builders. Individuals, teams and organisations who aren’t just leading in their own lanes, but linking industries, philosophies and generations in ways that reshape what leadership looks like in security. They’re creating networks where cross‑pollination isn’t an afterthought, it’s the point.
In Disability Inclusion we reframe what accessibility means in practice, spotlighting innovators designing adaptive technology and workplaces that recognise neurodivergence as creative capital, not a problem
to be managed. Youth‑led Co creation brings together high school teams, student collectives and early‑career builders reshaping cyber from the ground up. Their ideas may be raw, but their clarity about the future of online safety is unmatched.
And in Empowering Children & Parents in Cybersecurity we’re reminded that security starts long before job titles. Through family‑focused workshops, digital safety storytelling and community‑scaled campaigns, women are designing frameworks that turn fear about online risks into confidence, curiosity and shared responsibility.
We’re also delighted to hear from our regular columnists, including Mandy Turner, Craig Ford, Lisa Rothfield‑Kirschner, Madhuri Nandi and Karen Stephens. They’re joined by: Jay Hira, reflecting on strength, belonging and the responsibility that comes with leadership; Adriana Jones, who builds a bridge between cybersecurity, children and parents; Jo Stewart‑Rattray, who asks why security needs more
people who connect the dots; Lisa Ventura, exploring the convergence of AI and cybersecurity; Marina Toailoa, on safe kids and strong communities; and Simon Carabetta, with a serendipitous insight that lands in just the right part of the issue.
Throughout these pages you’ll meet Eloise Taylor, Pooja Agrawal, Chinenye V Ugochukwu, Deveka Lingam, Adeola Odunlade, Malini Rao, Dr Margarita Bel, Natasha Garner, Aleyna Doğan and Shivani Bhavsar as they share their journeys into security. You’ll also hear from students Jerica Macaraeg, Lindsay Coudert, Nataliah Alcala‑Maharaj, Akshaya Sridharan, Ishrat Qureshi and Nokutendaishe Masuku whose voices help shape the future of the field.
This is, in many ways, a bridge‑building issue; not just about the people who cross the chasms, but also about
those who construct the bridges. Welcome to the women and men who are building the next chapter of security, together.
PUBLISHER, and CEO of Source2Create
www.linkedin.com/in/abigail-swabey-95145312
aby@source2create.com.au
KATIE WILSON ABIGAIL SWABEY
by Abigail Swabey, Publisher of Women in Security Magazine and Katie Wilson , Head of Marketing and Communications at Australian Disability Network
We talk a lot about resilience in security; the systems that keep running when everything around them breaks. But resilience isn’t just a design principle, it’s a human one. If you want stronger teams, start by looking at how they include differences, not how they flatten them out.
Disability inclusion used to live in the compliance binder. Accessibility policy? Tick. Closed captions? Tick. Ramp? Tick. Those things aren’t unimportant, but they’re not the point. What’s shifting now, slowly but surely, is a move from helping to listening. Accessibility is not charity. It’s design. When you make things easier for people who process or interact differently, you usually make them easier for everyone.
It’s a bit like a code review. The bug you find when testing an edge case often reveals something bigger about the whole system. Inclusion works the same way.
I’ve met developers shaping authentication tools with visual prompts for people who struggle with memory recall. It turns out, most users love them. I’ve met managers trialling quiet zones because open‑plan chaos burns everyone out. I’ve met trainers
rewriting content into audio or visual formats because attention works differently across different brains. These aren’t ‘special conditions’. They’re smart adjustments that make the workplace more human.
I sat down with Katie Wilson, Head of Marketing and Communications at Australian Disability Network, who has recently also taken on responsibility for technology, to ask: when you think about disability inclusion in security, what does it actually look like in practice, beyond policy and compliance?
“Disability inclusion in security looks much the same as it does in any other function,” Katie says. “It comes down to whether an employee is genuinely set up to succeed in their role. That means clear expectations and the right tools and environment to meet them.”
In practice, it’s about asking the right questions. Are security information and event management (SIEM) platforms tested for compatibility with screen readers and other assistive technologies? Do security operations centre (SOC) teams provide written runbooks and structured handover notes alongside verbal briefings? Are incident
response processes designed so that someone who communicates differently can contribute fully, not just be present? These are the kinds of practical barriers that determine whether someone can do their job well.
IBM, one of The Australian Disability Network’s (AusDN) founding members, offers a strong example. It has run a formal neurodiversity program since around 2015, covering hiring, onboarding and ongoing support. It stands out as being very practical: clear, simplified instructions through internal tools, noise‑reduction solutions, flexible onboarding and AI‑based tools that represent complex information in simpler formats. Over 13,000 employees have completed neurodiversity acceptance training. The program spans cybersecurity, AI, data analysis and software development, not just corporate‑looking roles. IBM frames this as access to talent and different ways of thinking. That, Katie argues, is the shift the security sector needs to see more of.
“The shift that matters is moving from a model where neurodivergence is something an employer ‘manages’ to one where it’s recognised as part of how someone thinks and works."
So, what do organisations get wrong, even when they want to get it right?
“The good news is that most organisations genuinely want to get this right,” Katie says. “Where they tend to get stuck is treating accessibility as a checklist or a one‑off action.”
Ramps and captions are important visible changes. But the organisations making the most progress are the ones that look further at digital systems, internal tools, workflows and culture. Even more importantly, they move from talking about accessibility to talking with people who have lived experience. The best outcomes at AusDN come from organisations that bring people with disability into the design and testing of their systems, not just consult them after the fact.
It also helps to reframe what constitutes accessibility. It’s not about “making work easier,” and it’s not an exception to how things normally run. It’s about removing barriers so people can do their work effectively. When organisations land on that framing, accessibility stops feeling like a cost and starts looking like what it is: better design that improves systems for everyone.
In the security world, hyperfocus, pattern‑spotting and a willingness to question the status quo are not nice‑to‑haves; they’re often core capabilities. That’s why neurodivergence can be a powerful asset if it’s recognised as such.
Katie says this is a growing focus for AusDN. Its research on co‑designing neuroinclusive, neuroaffirming workplaces highlights how neurodivergent employees describe their strengths: hyperfocus, detailed and precise work, creative and big‑picture thinking, and how they have the courage to question the ways in which things have always been done. In security, those are not soft skills; they’re central to threat detection, analysis and response.
“The shift that matters is moving from a model where neurodivergence is something an employer ‘manages’ to one where it’s recognised as part of how someone thinks and works,” she says. One research participant
put it simply: “My employer does not manage my ADHD. I do.”
Workplaces that focus on outcomes rather than rigid processes see neurodivergent employees thrive. In security, that could mean measuring an analyst’s work by the quality of their threat assessments, not by whether they followed a standardised workflow that doesn’t suit how they process information. The goal is to design the work around results, not around a single way of getting there.
The real opportunity for security teams is to stop thinking of neurodivergence as an edge case and start recognising it as cognitive diversity that strengthens how a team detects, analyses and responds to threats. When the environment is set up well, everyone benefits.
What kinds of workplace changes make the biggest difference for disabled and neurodivergent professionals?
“The ones that are built into how work is designed, not bolted on after someone asks,” Katie says. AusDN’s Pragmatic Universal Design framework uses universal design principles as a north star, but focuses on practical, achievable steps organisations can take now.
In practice that means treating flexible work arrangements as standard, captioning meetings by default and testing digital tools for accessibility before they’re rolled out. It also means rethinking how performance is measured, so it reflects outcomes rather than conformity to a single way of working.
One of the strongest findings from AusDN’s research is that manager capability is the single biggest difference‑maker. When managers know how to have an open, straightforward conversation about what someone needs to do their best work and when that conversation is treated as routine rather than exceptional everything else follows. The research found that 81 percent of employers identified lack of
manager training as their top challenge in supporting neurodivergent employees. That’s a clear place to start.
The gap between intent and action is often in the middle layer. Senior leaders will say the right things. Policy documents can read well. But the translation into practice of how teams are structured, how tools are procured, how meetings are run, how performance is assessed; that’s where inclusion lives or dies.
AusDN’s neuroinclusion research found that 77 percent of employers said they were working on improving neuroinclusion, yet only 30 percent offered alternative formats to standard recruitment assessments, and half of recruitment teams rated themselves as only “slightly confident” in providing adjustments for neurodivergent jobseekers. The intent is there. The capability and consistency need to catch up.
Leaders set the tone for what’s expected. When a senior leader openly uses captions, talks about flexible working as standard, or asks “What do you need to do your best work?” in a team setting, it signals that these conversations are part of how the organisation operates, not something exceptional.
"The real opportunity for security teams is to stop thinking of neurodivergence as an edge case and start recognising it as cognitive diversity that strengthens how a team detects, analyses and responds to threats. When the environment is set up well, everyone benefits."
The same research found that 38 percent of employers identified a lack of executive support as a barrier to prioritising neuroinclusion. The organisations moving furthest are the ones where leaders model it, not just endorse it. That means being visible, being curious and being willing to say publicly: “we haven’t got this right yet.”
It also means resourcing inclusion. It cannot be sustained on goodwill alone. It needs a budget, dedicated capability and a place in leadership and board‑level reporting. When inclusion is part of how an organisation governs and measures itself, it stops being a side initiative and becomes part of how the business runs.
AI can be both a lever for inclusion and a source of new barriers. AusDN is currently co‑designing a framework with its members on ethical and inclusive AI, because the tension between the promise of AI and the risks it poses for people with disability is real.
On the positive side, AI is delivering genuinely useful tools: better speech‑to‑text, real‑time captioning, adaptive interfaces and new ways of processing information that remove longstanding barriers. But on the other side, many AI systems are built on datasets and design assumptions that exclude people with disability entirely; from recruitment algorithms that screen out candidates based on speech patterns or gaps in employment history, to automated systems that aren’t tested with assistive technologies.
Late last year, Katie co‑facilitated a roundtable at the Remarkable Tech Summit on AI and workplace adaptations. The message was clear: people with disabilities need to be in the design process, not just consulted after the fact. If AI is going to be a force for inclusion, it has to be built with, not for, the communities it affects.
Katie is also open about the small shifts she’s starting to see. The fact that this article is being written at all that a security‑focused publication is framing disability inclusion as a strength, not a compliance topic says something about where the conversation is heading.
Representation on screen is another area of momentum. “You can’t be what you can’t see,” she says. Netflix, in Heartbreak High , cast Chloe Hayden, an autistic actor, as an autistic character, and the portrayal is layered and human. SBS crime drama Code of Silence stars Rose Ayling‑Ellis, a deaf actor, in a role where her skills drive the plot. And Nine’s broadcast of the Paris 2024 Paralympics carried Inclusively Made accreditation, meaning people with disability were involved both behind and in front of the camera. That kind of structural inclusion in how content is made, not just who appears is where the real change happens.
At a practical level, automatic captions in video conferencing and flexible work becoming standard post‑COVID are changes people with disability had been requesting for years to remove barriers to their participation. Smart organisations are building on those shifts, not rolling them back.
“Start with listening. Talk to your people with disabilities. Find out what’s working and what isn’t. You’ll almost certainly find that the barriers are more practical and more fixable than you expected.”
For organisations that want to be more inclusive but are unsure where to begin, Katie’s advice is straightforward.
“Start with listening. Talk to your people with disabilities. Find out what’s working and what isn’t. You’ll almost certainly find that the barriers are more practical and more fixable than you expected.”
Then pick one concrete thing. Don’t try to overhaul everything at once. If your procurement process doesn’t include accessibility criteria, fix that. If your managers don’t know how to have an adjustment conversation, train them. If your careers page isn’t accessible, redesign it. Progress comes from action, not from strategy documents.
“And connect with organisations that can help,” Katie says. AusDN exists specifically to support employers on this journey, working with organisations at every stage of maturity. You don’t need to have it all figured out before you start.
Different ways of thinking are not threats to manage. They’re the reason anything ever gets better. When security teams treat neurodivergence and disability
Diverse minds make better systems. Teams that think differently spot different weak points. That’s how safer cultures, and safer societies, get built.
As Katie puts it: “Inclusion doesn’t have to be complicated. Test your tools for accessibility. Write clearer job descriptions. Ask your team what they need. Pragmatic universal design starts where you are, with what you can change today.”
Disability inclusion isn’t another KPI. It’s about the kind of culture we want to build. In a field obsessed with finding what’s hidden and predicting the unseen, maybe it’s time to turn that instinct inward, and notice the minds sitting right beside us, often overlooked but essential.
www.linkedin.com/in/katie-wilson-b55a1910/ www.australiandisabilitynetwork.org.au
AMANDA-JANE TURNER
Adjunct Lecturer School of Social Science (Cyber-Criminology) Cybercrime is big business, thanks to technical advancement and interconnectivity creating more opportunities. This regular column will explore various aspects of cybercrime in an easy-tounderstand manner to help everyone become more cyber safe.
Thanks to increased reliance on software as a service (SaaS), outsourced providers and supply chain dependencies any individual or entity can be significantly harmed by cyber threats, indirectly and in ways outside their control. SaaS is a prime target for cyber criminals because compromising a service can compromise a wide variety of entities and individuals using it.
Here’s what you can do if your personal information has been breached because of compromise of a third party SaaS or a supply chain.
You cannot put the genie back in the bottle: your data is out there. What you can do is reduce the damage and be extra vigilant to make yourself a much harder target in future. Think about what has been, or may have been exposed. Look at how you can secure your accounts and protect your identity. And warn your network.
Depending on the information compromised, consider the following tips, but remember: not all steps will be relevant in each situation. The right response is dependent on the data the breached service held and the data that was exfiltrated.
Criminals often use breached data for credential stuffing; trying your email/password combination on other sites. If there is a risk a password was compromised, think how you can make your credentials harder to misuse. For example:
• change passwords for impacted accounts.
• use unique passwords for every site (a reputable password manager will help with this).
• turn on multifactor authentication (MFA) wherever possible.
• use authenticator apps instead of SMS, if these are available.
Because personal information can be used by a criminal to open accounts or take out loans in your name, or otherwise impersonate you, consider the following actions:
• in Australia, contact IDCARE. It provides free, confidential advice and can help you develop a recovery plan.
• consider placing a credit ban (temporary freeze) with credit reporting agencies.
• monitor your credit report for unknown loans or accounts.
• enable transaction alerts on bank accounts.
• review statements weekly for unfamiliar activity.
• report anything suspicious immediately.
Understand that your information could be used in phishing, invoice scams and voice based scams, either aimed at you, your colleagues or people you know. Criminals may pretend to be companies you use, pretend to be the SaaS that was compromised offering you help, or may impersonate you to target your contacts.
Protect yourself by:
• treating all unexpected emails/texts/calls with caution.
• never clicking links or downloading attachments from unknown or urgent messages.
• verifying requests via a separate channel.
• keeping your network informed.
Once data has been compromised it can circulate for years, even come back in ‘combo’ data dumps, or be used repeatedly by criminals for phishing, invoice scams or other crimes. Having your information in a data breach can be challenging and distressing, but it is important to know what you have control over, what you can do and how to make yourself a hard target.
Stay safe everyone.
www.linkedin.com/in/amandajane1
www.empressbat.com
I S N O W A I S A ' S N E W I S N O W A I S A ' S N E W
P U B L I S H I N G P A R T N E R P U B L I S H I N G P A R T N E R P N G R N
Click here to read the newest edition of Cyber Today
Risk Consultant at KPMG
For Deveka Lingam, a Technology Risk Consultant, the journey into cybersecurity was not defined by a single moment of certainty, but rather by a gradual realisation of the world’s growing dependence on digital systems and the profound consequences when those systems fail.
“My interest in cybersecurity began at university where I started recognising just how dependent our daily lives are on digital systems and how easily real people can be affected when those systems fail,” she reflects. “That realisation felt both intimidating and energising because it made me aware that the work done in cybersecurity genuinely protects something much bigger than any single organisation.”
What began as curiosity soon evolved into purpose. Drawn to the dynamic nature of the field, Deveka found herself motivated not only by the intellectual challenge, but by the opportunity to contribute to a space that lacked diverse voices. “I became increasingly motivated by the lack of women’s voices in cybersecurity and the opportunity to contribute to an area that needed more representation and diversity
of thought,” she says. “Over time my focus evolved from simply analysing breaches to building trust through prevention, governance and resilience.”
Her path into cybersecurity was far from linear. Initially aspiring to study law, her interests shifted into business before eventually leading her to information systems and, ultimately, cybersecurity. “Everything unfolded gradually rather than through a fixed plan,” she explains. “As I gained exposure to different security topics, I slowly discovered where I could add value, and that clarity came through experience rather than certainty from day one.”
Like many entering the field, Deveka faced early uncertainty particularly coming from a non technical background. “Cybersecurity seemed so technical and far removed from anything I had studied before, especially since I came from a marketing background,” she recalls. “It was easy to compare myself to others who already had years of technical exposure and assume that I didn’t belong.”
However, it was this very misconception that she learned to challenge. “What helped me overcome that uncertainty was realising that cybersecurity is a field that needs people who bring communication, critical thinking and problem solving just as much as deep technical skill,” she says. “Once I understood that the field values a wide range of strengths and that different backgrounds can be an asset rather than a disadvantage, I felt more confident stepping into it and finding my place.”
Navigating the early stages of her career also meant confronting the overwhelming breadth of the cybersecurity landscape. “One of the most
“I would tell my high school self that cybersecurity is not nearly as boring or rigid as it might seem from the outside."
challenging aspects of entering cybersecurity as a student or graduate is stepping into the field during a time of constant change,” she explains. “There is not always clarity about what direction to pursue and the uncertainty can make it hard to decide where you fit.”
Rather than rushing into a specialisation, Deveka chose a different approach grounding herself in fundamentals while remaining open to possibility. “I learned to approach this by focusing on the fundamentals and staying open minded rather than trying to choose a path too early,” she says. “With time, practical exposure helped me understand the areas that aligned naturally with my strengths and interests.”
Today, her work reflects that mindset balancing technical understanding with human centred thinking. She sees the future of cybersecurity as one that will demand not only innovation, but adaptability and empathy. “In the next two years I anticipate seeing forms of quantum related cyber threats emerging,” she notes. “I also expect a major rise in AI empowered bots and the misuse of them, because both attackers and defenders are increasingly relying on automation and machine intelligence.”
Yet, for Deveka, the most pressing concern lies in how these advancements intersect with human behaviour. “The emerging threat that concerns me most is the misuse of AI and technology,” she says. “AI has the potential to make attacks more convincing, more targeted and harder for the average person to detect. Social engineering powered by AI, sophisticated phishing and automated exploitation all worry me because they target the human side of security rather than just systems.”
Despite the complexity of the field, she remains grounded in what truly matters growth, mentorship and meaningful contribution. When considering career progression, her priorities extend beyond compensation. “Beyond salary, I would look closely at whether the role offers mentorship because learning from people with experience is one of the fastest ways to grow,” she explains. “Early career roles should help build long term capability through growth, exposure and guidance rather than focusing solely on compensation or immediate output.”
For those just beginning their journey, Deveka offers a perspective she wishes she had embraced earlier. “I would tell my high school self that cybersecurity is not nearly as boring or rigid as it might seem from the outside,” she says. “It is an ever evolving field where the work can actually protect people and even save lives through the systems it secures.”
She also emphasises the importance of transferable skills. “I would remind myself that strong analytical and communication skills are just as important as technical ones because they help translate complex problems into practical solutions,” she adds. “Those abilities can make you incredibly valuable in the field even before you gain deep technical experience.”
As the cybersecurity industry continues to grapple with a global skills shortage, Deveka sees both challenge and opportunity. “The skill shortage is creating a lot of opportunities for graduates but it is also raising expectations,” she says. “Organisations want people who can adapt quickly, take initiative and apply their knowledge in practical ways from the start.”
Her journey is a testament to the power of persistence, adaptability and self belief in a field that is constantly evolving. In an industry often defined by technical complexity, Deveka Lingam is helping to shape a more inclusive and human centred future one where diverse perspectives are not only welcomed, but essential.
www.linkedin.com/in/deveka-lingam
What begins as curiosity can often become something far more powerful and for Shivani Bhavsar, that curiosity evolved into a purpose driven career in application security. Drawn initially to the growing presence of cyberattacks reported in news articles and online platforms, she quickly recognised the deep connection between technology and everyday life, and the urgent need to protect it.
“My initial interest in cybersecurity was sparked by curiosity,” she reflects. “I would often read newspaper articles and online reports about the rising number of cyberattacks and their impact on individuals, businesses, and governments. That made me realise how deeply technology is connected to our daily lives, and how important it is to protect it.”
What started as an interest in understanding threats gradually matured into a commitment to building secure systems from the ground up. Today, her work spans application security, secure development
practices, vulnerability management, and mentorship areas that reflect not only technical depth but a broader sense of responsibility.
“Over time, I became more interested not just in understanding attacks, but also in learning how systems can be secured from the ground up,” she explains. “Today, that interest has matured into a career focused on application security, secure development practices, vulnerability management, and mentorship. I now see cybersecurity not only as a technical field, but also as a responsibility to help build safer digital environments and prepare the next generation of professionals.”
Turning that passion into a profession required deliberate action. Shivani understood early on that curiosity alone would not be enough; she needed to build both knowledge and community. Immersing herself in online spaces such as LinkedIn, Discord communities, and cybersecurity forums, she began shaping her understanding of the industry while connecting with like minded professionals.
“I have learned that overcoming cybersecurity challenges requires both technical depth and communication skills. That mindset has helped me turn challenges into opportunities for growth and impact.”
“In the early stages of my journey, I knew that interest alone would not be enough. I needed to actively build knowledge, skills, and connections,” she says. “These spaces helped me discover learning resources, career pathways, and a community of like minded professionals.”
Alongside this, she committed to hands on learning, strengthening her technical foundation through platforms like Udemy and Coursera while exploring vulnerability assessment, ethical hacking, and secure coding. Her academic journey at Concordia University, where she pursued a Master’s in Information Systems Security, added further structure and depth, while internships and early roles allowed her to translate theory into practice.
“Those early steps built the confidence and discipline that eventually led me into application security, teaching, and community leadership,” she notes.
Like many in cybersecurity, Shivani’s path was not rigidly defined. While her early interests leaned toward bug bounty hunting and offensive security, her career evolved organically as new opportunities and experiences broadened her perspective.
“My journey was a combination of both intention and organic growth,” she explains. “In the beginning, I was especially drawn to bug bounty hunting and offensive security but over time, my path expanded naturally.”
That evolution has led her to a multifaceted career where she not only works in enterprise application security but also teaches and mentors aspiring professionals, an extension of her belief that cybersecurity is as much about people as it is about technology.
With the ever changing nature of cyber threats, adaptability has become one of her greatest strengths. She highlights that one of the most complex aspects of her role is the constant evolution of challenges, requiring both technical expertise and a flexible mindset.
“In cybersecurity, the same approach rarely works for every issue, because threats, technologies, and business environments are constantly evolving,” she says. “Rather than relying on one fixed method, I try to understand the root of the problem, evaluate the context, and choose the approach that best fits the situation.”
“I have learned that overcoming cybersecurity challenges requires both technical depth and communication skills,” she adds. “That mindset has helped me turn challenges into opportunities for growth and impact.”
Reflecting on her journey, Shivani shares the importance of practical experience, adaptability, and persistence advice she would offer to her younger self.
“Practical skills matter just as much as academic knowledge,” she says. “Cybersecurity is a field where real world problem solving, curiosity, and hands on practice make a huge difference.”
She also encourages aspiring professionals not to feel overwhelmed by the breadth of the field, but instead to start small and build consistently.
“Do not be intimidated by how vast cybersecurity seems at first. Start small, stay consistent, and keep building. The journey becomes clearer with every step.”
For those entering the field, she underscores the importance of strong fundamentals networking, operating systems, Linux, security principles, risk management, and secure coding paired with practical exposure and an openness to explore different specialisations.
“Cybersecurity is a vast and multidisciplinary field,” she explains. “The best university preparation combines strong fundamentals, hands on practice, and the flexibility to specialise over time.”
Despite the demands of the industry, Shivani is equally intentional about maintaining balance, recognising that long term success depends on sustainability.
“I believe that balance is not just important for personal well being, but also for professional effectiveness,” she shares. “By managing my time consciously and prioritising both productivity and well being, I am able to maintain that equilibrium.”
Her approach includes setting clear boundaries, disconnecting from work when needed, and making time to recharge an often overlooked but essential aspect of a high performance career in cybersecurity.
To stay ahead in such a fast moving field, Shivani embraces continuous learning through a combination of industry news, community engagement, hands on practice, and teaching.
“Cybersecurity is constantly evolving, so staying current is not optional, it is essential,” she says. “My strategy is a combination of continuous learning, community engagement, and practical application ensuring that I remain both informed and effective.”
From a curious reader of cyberattack headlines to a dedicated application security professional and mentor, Shivani Bhavsar’s journey is a testament to the power of persistence, adaptability, and purpose. Her story not only highlights the diverse pathways within cybersecurity but also reinforces a powerful message: that building a safer digital world is a shared responsibility, one that begins with curiosity and grows through commitment.
www.linkedin.com/in/bhavsarshivani
“Cybersecurity is constantly evolving, so staying current is not optional, it is essential. My strategy is a combination of continuous learning, community engagement, and practical application ensuring that I remain both informed and effective.”
Aleyna Dogan
Senior Cyber Threat Intelligence Analyst - SOCRadar
Aleyna Dogan’s journey into cybersecurity did not begin with certainty or confidence, but with a moment of doubt that could have easily defined her path.
“I couldn’t answer a simple question in my first cybersecurity interview,” she recalls. “It was a topic I thought I knew, but I couldn’t answer it, and when I left the interview, my confidence was seriously shaken.” For a time, she questioned whether she truly belonged in the field at all.
What followed, however, would become a defining turning point. A friend’s blunt but honest advice reframed her perspective entirely. “It’s good that you were rejected. Now you know what rejection means. Now you need to learn how to be accepted. You can keep crying if you want, or you can move forward.” Reflecting on that moment, Aleyna acknowledges its impact. “It was harsh, but exactly what I needed. If I hadn’t sat down at my computer that day and continued applying, I might not be here today.”
That decision to keep going laid the foundation for everything that followed. Years later, she would achieve a milestone that stood in stark contrast to that early rejection. “I might not have become a woman who, years later, placed first in a competition with thousands of participants and felt proud of it,” she says.
Aleyna’s introduction to cybersecurity began during her university years while studying computer engineering. A newly formed cybersecurity club sparked her curiosity, even though she initially felt unsure of where to begin. “At the beginning, I didn’t know where to start, but the field caught my interest,” she explains. With guidance from an experienced club president and a willingness to explore, she gradually found her footing and began shaping her direction.
As her interests developed, Aleyna focused on three key areas: Network, Cyber Threat Intelligence (CTI), and Security Operations Centre (SOC). While pursuing internships in these fields, she also found herself drawn into the demanding world of software development. “Software courses at university were quite intensive, and I started getting interested in full stack web development and did freelance projects,” she says. For a time, this led her away from cybersecurity but not entirely. “I realised I had already developed a security mindset through coding. This awareness led me back to this field, but this time I was much more conscious and determined.”
That renewed focus paid off. After pushing past her initial interview setback, she secured her first internship in CTI, where everything began to align. “I truly enjoyed analysing threats, understanding attacker behavior, and working with real cases,” she shares. Following her internship, she joined SOCRadar as a part time CTI analyst, balancing work alongside her studies. “Balancing university and work was challenging but highly rewarding.” Over time, that role evolved into a full time position, solidifying cybersecurity not just as an interest, but as a career.
A defining aspect of Aleyna’s work has been her deep engagement with the attacker’s perspective. “In the CTI field, progressing only with technical data is
often not enough. Analyses without understanding the attacker’s mindset remain incomplete,” she explains. Her work on the dark web further reinforced this understanding. “Thinking from an attacker’s perspective became one of the most valuable parts of my job. Over time, what truly makes a difference in this field is not what you know, but how you think.”
Her approach to growth reflects this philosophy. While she values certifications, she is clear about their limitations. “I believe that certifications are useful, but I have experienced that they are not sufficient on their own. In the CTI field, the more cases you see and analyze, the more you improve.” She credits Capture The Flag (CTF) competitions with sharpening both her technical and analytical abilities. Her dedication culminated in a remarkable achievement. “As a result of these efforts, I completed a cybersecurity academy organised by a bank in Türkiye, where approximately 4,000 people applied, by finishing in first place.”
Looking back, Aleyna is candid about what she wishes she had known earlier. “I wish I had started in this field earlier,” she reflects, before turning her focus outward to encourage others, especially women considering cybersecurity. “Most of the time, we may hold ourselves back in technical fields or think that we are not good enough. One of the reasons for this can be that we did not have the same opportunities in terms of access to technology and guidance from an early age.” Despite this, her message is clear and empowering. “This field offers far more opportunities than we think. That is why I believe that, as women, we need to take a more active role in cybersecurity, be more visible, and be more active. To exist in this field, it is not about being perfect, but about continuing.”
Alongside the intensity of her role, Aleyna has also learned the importance of balance. “After the social isolation of the pandemic, I started to add more conscious routines to my life,” she says. Simple habits, such as stepping out for a coffee or going for a walk, have become essential moments of reset. “Buying myself a coffee outside and going for a walk has become one of my most important habits where I clear my mind and recharge.”
In her day to day work, she remains committed to staying current in an ever evolving field. “Cybersecurity is a field that requires staying constantly up to date,” she notes, highlighting her use of platforms like Urlscan and VirusTotal, as well as small automations to improve efficiency. Beyond her professional responsibilities, she is equally passionate about making cybersecurity more accessible to others. “I believe that accessible resources are important for those who are new to this field,” she says, pointing to free tools and learning platforms as valuable entry points.
Her commitment to giving back extends to sharing her knowledge openly. “On my personal blog, I share CTF solutions, machine analyses, and cybersecurity articles. Even if the content I write benefits just one person, it becomes a great source of motivation for me.” For Aleyna, this reinforces a deeper truth about her work. “Because for me, cybersecurity is not just a job, but also a passion and a hobby.”
As she looks toward the future, she remains pragmatic about emerging technologies. “Artificial intelligence does not create entirely new types of attacks, but rather makes existing attacks faster and more scalable,” she explains, particularly noting its impact on phishing and social engineering.
For those just starting out, her advice is grounded in experience and clarity. “Memorising information is not enough. Moving forward without understanding the logic behind a topic will leave you weak in real scenarios. What matters is not how much you know, but how well you can apply it.”
Aleyna Dogan’s journey is a powerful reminder that success in cybersecurity is not defined by flawless beginnings, but by resilience, curiosity, and the decision to keep moving forward especially when it would be easier to stop.
www.linkedin.com/in/aleyna-dogan margheritaviola.com
Cybersecurity Professional (SOC Analyst)
Adeola Odunlade’s journey into cybersecurity did not begin with a long standing technical ambition or a carefully mapped out career plan. Instead, it started with a moment of curiosity one that many might overlook. “My interest in cybersecurity didn’t start in the usual way,” she reflects. “It actually began during one Cybersecurity Awareness Month. There was so much content everywhere at the time, conversations, posts, and campaigns, and it really caught my attention.”
What could have remained a passing interest quickly became something more intentional. Adeola chose to lean into that curiosity, enrolling in an introductory course that would ultimately reshape her path. “What started as a simple attempt to just learn something new quickly became something I genuinely enjoyed,” she says. “The more I learned, the more I realised this was a field I could see myself growing in.”
That early spark evolved into a defining opportunity when she was selected for the CyberGirls program
by the Cybersafe Foundation. It was here that her foundation in cybersecurity was solidified. “Through that experience, I received structured training and mentorship, which really shaped my foundation in cybersecurity and gave me the confidence to pursue it professionally,” she explains. What began as curiosity transformed into purpose. “It is no longer just about curiosity. It is about impact, a way to protect people, organisations, and the digital spaces we rely on every day.”
Like many entering cybersecurity, Adeola quickly realized that interest alone would not be enough. The transition into a professional career required discipline, sacrifice, and consistency. “One of the most pivotal steps I took was committing fully to continuous learning,” she says. “I knew early on that cybersecurity was not a field you could approach casually.” She immersed herself in foundational knowledge, balancing theory with hands on labs and simulations. “There were periods where I had to give up sleep, spend long hours studying, and consistently push myself beyond what felt convenient.”
"Cybersecurity can feel overwhelming when you are just starting out. There were moments when I questioned whether I was on the right path. I learned to manage those doubts by focusing on progress rather than perfection, breaking things down into smaller, more manageable steps and celebrating the little wins along the way. Seeing people who had once been in my position, gave me reassurance that it was possible.”
but I also continuously improve my analytical skills so I can think critically beyond the tools,” she says. Over time, she has come to embrace a key truth that many in cybersecurity learn through experience: “You do not need to know everything. What matters more is knowing how to approach a problem, where to look, and how to respond effectively under pressure.”
Her path into this technical role was not without hesitation. In fact, Adeola initially envisioned herself in a less technical area of cybersecurity. “When I first started, I was actually leaning towards GRC because I was a bit intimidated by the technical side,” she admits. “I assumed it would be too complex or difficult for me.” But exposure and experience gradually shifted her perspective. “I discovered that I not only understood the technical work but genuinely enjoyed it, the investigations, and the problem solving aspects made the work exciting for me.”
Yet, her growth was not shaped by technical learning alone. Community played an equally critical role. “I made a conscious effort to connect with others in the field, attend events, and learn from people ahead of me,” she shares. Reflecting on her early journey, she credits “continuous learning, community, intentional sacrifice, and staying consistent” as the pillars that transformed her ambition into reality.
Today, as a SOC Analyst, Adeola operates at the frontline of cybersecurity an environment defined by urgency, complexity, and constant change. “One of the most challenging aspects of my role is dealing with the constant flow of alerts while trying to quickly distinguish between what is a real threat and what is just noise,” she explains. The pressure is relentless, requiring both speed and precision. “The volume can be overwhelming at times, and the pressure to make the right decision quickly is very real.”
To navigate this, she has developed a mindset that balances structure with adaptability. “I rely on established processes for investigation and triage,
Moments of doubt were inevitable, particularly in the early stages. “Cybersecurity can feel overwhelming when you are just starting out,” she says. “There were moments when I questioned whether I was on the right path.” Instead of allowing uncertainty to take hold, she reframed her approach. “I learned to manage those doubts by focusing on progress rather than perfection, breaking things down into smaller, more manageable steps and celebrating the little wins along the way.” Support from the community once again proved invaluable. “Seeing people who had once been in my position, gave me reassurance that it was possible.”
At the core of Adeola’s journey is a deep appreciation for learning not just as a phase, but as a constant. She emphasises the importance of strong fundamentals for anyone entering the field. “A strong understanding of networking makes it much easier to understand where vulnerabilities can exist and how attacks happen,” she explains. She also highlights operating systems, security principles, and problem solving as essential areas, alongside an often overlooked skill: communication. “Being able to explain risks, findings, or incidents clearly is just as important as the technical side.”
Looking ahead, Adeola is clear eyed about the future of cybersecurity. “Over the next two years, I believe automation and AI will have one of the biggest impacts,” she notes, acknowledging both the opportunities and risks they present. She also points to the growing importance of cloud and identity security, as well as the increasing sophistication of social engineering attacks. “More and more attacks are focused on exploiting users, credentials, and access controls,” she says, reinforcing the need for a broader, more adaptive security mindset.
Despite the demands of her role, Adeola finds genuine fulfilment in the work she does. “The aspect of my current role that brings me the most satisfaction is knowing that the work I do contributes to protecting systems, organisations, and people,” she shares. It is this sense of purpose, combined with her love for problem solving, that continues to drive her forward. “There is something very fulfilling about taking something uncertain or potentially risky and helping make sense of it.”
Equally important is her commitment to balance in a field that can easily consume one’s time and
“There is something very fulfilling about taking something uncertain or potentially risky and helping make sense of it.”
energy. “I have learned that rest is not optional. It is necessary,” she says. By setting clear boundaries and prioritising time to recharge, she ensures sustainability in both her career and personal life. “When you take care of yourself properly, you think more clearly, respond better under pressure, and show up stronger in your role.”
Adeola’s journey has also been shaped by the power of community and representation. She credits organisations and individuals who are actively working to make cybersecurity more accessible. “The cybersecurity community has had a huge influence on my career,” she says. “It reminded me early on that you do not have to figure everything out alone.”
As she looks to the future, she remains focused on growth, both practical and professional. Certifications such as Security+ and CySA+ are part of her plan, but she is clear about their role. “Certifications are most valuable when they support real skill development. My goal is to keep building in both areas so that my growth is not only visible on paper, but also reflected in the quality of work I can do.”
For those considering a transition into cybersecurity, her advice is grounded in realism and encouragement. “Start with the fundamentals and give yourself time to build a strong foundation,” she says. “Be patient with yourself… if you stay curious, persistent, and willing to learn, progress will come.”
If she could speak to her younger self, her message would be simple yet powerful: “Do not be intimidated by how complex cybersecurity seems, you do not need to have everything figured out to get started.”
Adeola Odunlade’s journey is a testament to what can happen when curiosity is followed with intention, when doubt is met with persistence, and when growth is supported by community. It is not a story of instant certainty, but of gradual discovery, one that continues to unfold with purpose, impact, and quiet confidence.
www.linkedin.com/in/adeolaodunlade
by Abigail Swabey, Publisher of Women in Security Magazine
There’s something electric about watching a new generation take ownership of security. They aren’t waiting for permission. They’re building from the ground up. Patching, testing, coding, advocating teaching themselves and each other as they go.
In the past, youth programs in cyber were about awareness; now they’re about co creation. High school teams at the AustCyber YouthTech Challenge are designing real world solutions for data misuse. Student collectives through the ACS Foundation’s Big Day In are turning ideas from hackathons into fully fledged privacy apps. And initiatives like AWSN’s Girls in Cyber Program are proving that early exposure isn’t just about skills; they’re about identity, confidence and belonging.
These ideas might be raw, but they carry something rarer: clarity. Talk to these teams and you’ll hear how firmly they connect security to humanity. They care about digital ethics and social safety as much as firewalls and code. For them, cybersecurity isn’t just locking things down; it’s keeping people open and protected at the same time.
There’s a group in Tasmania running school workshops on online boundaries. A Melbourne university team is building tools that teach
parents about privacy through games. An early career engineer from Queensland is developing authentication for visually impaired users, because, in her words, “security shouldn’t punish difference.” None of this fits neatly under corporate structures yet, and that’s precisely what makes it fresh.
Youth brings boldness. It asks awkward, necessary questions: why cyber awareness talks stop at Year 10, or why most incident response training assumes adult literacy. It wants to rewire how we teach risk, not as something to be feared, but as an attribute of digital citizenship.
And when you pair the energy of youth with the wisdom of seasoned mentors, something remarkable happens. Intergenerational mentorship stops being about transferring knowledge and becomes genuine creative exchange. Experienced practitioners bring structure and reality checks; young innovators offer speed, imagination and the audacity to ask, “why not?” Together the young and the wise design new ways forward.
Across Australia, that partnership is growing. Through UNSW’s SecEd Lab and government backed Digital Trust youth initiatives, students are working side by side with professionals to test emerging security tools and rewrite the narrative around tech leadership. The results? Faster experimentation, community driven solutions and a feeling that the future of cybersecurity is co written, not inherited.
For established professionals, the challenge is to make space. Renewal isn’t replacement, it’s recognising that younger voices aren’t disrupting the field, they’re expanding it.
Because the future of online safety isn’t just waiting in universities; it’s already being built in classrooms, community halls and garages across the country.
I sat down with four industry leaders involved in a range of programs across Australia to gather their perspectives on the matter.
For Palo Alto Networks’ CyberFit Nation a series of online cybersecurity workshops for “Australians and New Zealanders, from early childhood to the boardroom,” youth led co creation is not a side note, it sits at the centre of the work.
At the heart of the initiative is a simple idea: cybersecurity should be accessible to everyone, not just experts. Since its launch in 2021 the focus of CyberFit Nation has been on giving Australians of all ages the skills to navigate an increasingly complex digital world. But what makes the model stand out is the way young people are being brought into the design process.
A strong example is the upcoming Grandparents’ Kit. Rather than creating something for older Australians in isolation, Palo Alto Networks worked with students to help co create the content. That shift matters. It means the material is not only technically sound, but also simple, practical and grounded in the way real families talk about digital safety.
The need is real. Older Australians are increasingly being targeted, with scam losses rising sharply. That makes the role of younger family members even more important. When teenagers help explain threats in plain language, cybersecurity stops being a specialist issue and becomes part of the household conversation. It becomes a shared responsibility. And that is far more powerful than a one off awareness campaign.
What young people bring to this work is not just enthusiasm, it’s real time digital intuition. They are often the first to experience emerging technologies such as generative AI, which means they see both the opportunities and the risks as these unfold. They also understand usability in a way organisations sometimes overlook. If a security measure is clunky, disruptive or too complicated, they know it will fail in practice, no matter how strong it looks on paper.
That perspective is valuable because it keeps security close to everyday behaviour. It reminds the sector that the most effective solutions are not always the most complex ones. They are often the ones people can actually use.
The strongest opportunity for intergenerational collaboration, from this view, sits in the space between young people and older Australians. A teenager’s digital fluency paired with a grandparent’s life experience can create something technology alone cannot: trust. That trust becomes the foundation for conversations at home, where cyber safety is no longer separate from family life, but part of it.
The organisational lesson is just as clear. If young people’s voices are to be heard, they need to be involved early, while ideas are still forming. Participation alone is not enough. The shift has to be from consultation to influence. Young people also need to see what changed because of their input. Otherwise, engagement becomes symbolic, and symbolic does not build momentum.
In practice, good youth engagement looks ordinary, and that is the point. It might be a student noticing a deepfake or suspicious message and then explaining the warning signs to a friend, parent or grandparent. That is where learning moves beyond awareness and into action. The impact is then no longer limited to one person. It spreads through families and communities.
Jacqui Loustau, founder and CEO of AWSN, says young people contribute in ways that are often more direct than many expect.
“I’m continuously surprised by the perspectives and questions young people bring,” she says. “Their thinking is often practical, simple and grounded in real use.”
For Jacqui, that practicality is part of their strength. Young people are digital natives, but not in a vague or fashionable sense. They understand what technology actually does for them, where it helps, where it gets in the way and where systems fall short. That makes them useful co creators, not just learners.
She sees this in the small but telling ways young people interact with technology. Some are quick to show how they got around game system security for extra credits. Others help shape security awareness sessions that connect effectively with their generation. They are not passive participants. They are active testers of ideas, and they are unafraid to speak plainly when something does not make sense.
That willingness to challenge is what makes youth led ideas valuable. If organisations want to build security solutions that people can use without frustration, then young people need to be involved. They often see simpler, more intuitive approaches where others have overcomplicated things. They also help keep ideas relevant to the times, which matters not just for future preparedness, but for trust.
Jacqui points to a cybersecurity education session with primary school students as a reminder that insight does not wait for adulthood. An eight year old asked why systems need to ask for personal information. A ten year old asked why false data could not be entered instead of true when information is requested. Another asked whether writing information on paper would make it safer from hackers.
“These questions reflect the depth of critical thinking already emerging at a very young age,” she says. “They challenge longstanding assumptions about how security systems are designed.”
For Jacqui, the opportunity for collaboration across generations is obvious. Different generations use different applications, adopt different technologies and communicate in different ways. Those differences should be treated as strengths, not obstacles. When multiple generations are around the table, different ways of thinking emerge naturally and complement one another.
She offers a clear example. AWSN’s Gen X team developed security education materials for primary and secondary schools, then
handed the brief to a Gen Z student. The student transformed the content into something far better than expected: simple, engaging and genuinely relevant to the audience.
Had the team done it alone the uptake would likely have been slower and the material less effective. Experience matters, but so does freshness. In this case, the intergenerational collaboration not only accelerated the work, it lifted the outcome.
The lesson for organisations is that young people need environments where they can speak up, ask questions and challenge ideas safely. They need context, guidance and room to explore. They also need communication that fits how they work, which may mean being more concise, more informal, or using messaging instead of meetings.
Just as importantly, organisations should avoid isolating young voices by bringing in only one. Having multiple young participants creates peer support, confidence and a stronger collective perspective. That is what meaningful inclusion looks like. Not token presence, but real participation.
Associate Professor Leanne Ngo, Director of Student Engagement and Employability at La Trobe University’s School of Computing, Engineering and Mathematical Sciences, sees youth co creation already happening in real time.
“Young people are already contributing to real security outcomes, not in theory, but in practice,” she says. “When they are trusted with responsibility, they step into it.”
At La Trobe that trust is built into both the curriculum and student led ecosystems. Through the Women in Cybersecurity Student Chapter, the Cybersecurity Society and other technology and AI focused groups, students work with industry and community organisations to design and deliver real world solutions. These could be community cyber clinics improving digital safety or applied projects addressing organisational IT challenges. Students are not just
learning cybersecurity, they are applying it.
What makes their contributions especially valuable is the way they understand lived digital experience. Young people know how technology is actually used. They know how people trust it, respond to it and make decisions in real time. In a field shaped increasingly by social engineering and human behaviour, that kind of insight is essential.
“Technical capability alone is not enough,” Leanne says. “Effective security depends on understanding people.”
She sees this in teaching and outreach all the time. When students are given the chance to contribute through cyber clinics, industry projects or peer led initiatives they identify risks, behaviours and user challenges that more traditional approaches sometimes miss. This is where mentorship becomes critical. With support from peers and industry professionals, students begin to move from participation to leadership. They gain not only knowledge, but judgement.
The biggest opportunity for collaboration, in her view, sits at the transition point between education and employment. Internships, work integrated learning, industry projects, entrepreneurship and start up environments all matter because they give young people the chance to work on real problems and engage with professionals across different stages of their careers.
These experiences also widen the view of what cybersecurity can be. Not every role is technical. Some sit in human factors, governance, risk or leadership. Young people need to see that breadth early so they can understand where they fit and how they can contribute.
Leanne is clear that mentorship remains central, but it has to be more than advice. It needs to provide strategic insight, practical guidance and a genuine pathway forward. The system works best when education, industry, community and innovation pathways are connected, not siloed.
Her view of good youth engagement is similarly systemic. It is not a program, it is a connected system. The challenge in cybersecurity is not a lack of interest. It is a lack of continuity between outreach, education and workforce entry.
At La Trobe that continuity is supported through early exposure, student leadership, industry engagement and early career pathways, backed by research into what drives participation and progression. The scale is significant too, with initiatives reaching over 100,000 high school students, more than 600 women and non binary individuals, and over 215 students through work based learning placements.
As learning accelerates, particularly with AI, engagement must evolve with it. Simply providing access to knowledge is no longer sufficient. What matters is how we support people to apply that knowledge, develop judgement and move into meaningful roles.
Without connected, evidence led pathways, Leanne warns, we do not just lose interest. We lose capable people.
And that, she says, is where the real gap is to be found. “It is not only a capability gap. It is a recognition gap. We expect young people to be job ready, while hesitating to give them the responsibility that would help make them so.”
For Marina Azar Toailoa, founder of the Mummy Safety Project, youth led co creation extends beyond cybersecurity into the broader work of community safety.
“At Mummy Safety Security Project we strongly believe that young people are not just the future, they are the present,” she says. “They deserve to be empowered, heard and actively involved in creating safer communities.”
Marina’s focus is grounded in the lived reality of the environments young people move through every day. School settings, online spaces, peer pressure,
bullying, community tensions and social challenges are all part of the picture. Young people understand these pressures in a way adults often do not, because they are living them.
That is why their input matters. When youth are invited into workshops, forums, mentoring programs and community safety initiatives, they can help identify risks early and shape solutions that are relatable and effective. They bring ideas with energy, but also with an understanding of what will actually land with their peers.
She is especially clear that youth engagement has to be enjoyable, not just informative. Young people learn best when learning is interactive and fun. They respond to experiences that feel relevant and practical, not lectures delivered from a distance. That is one reason community based approaches can work so well. They create a sense of connection as well as learning.
Youth led ideas are valuable because they bring authenticity, relevance and innovation. Marina says adults should not assume they always know the answer. Young people often see trends, pressures and emerging risks before organisations do. They also think differently, bringing fresh minds and modern perspectives to older problems.
Whether the issue is cyber safety, youth crime prevention, mental wellbeing or community inclusion, youth perspectives can help shape solutions that resonate with other young people. And when young people feel heard, they are more likely to stay engaged and grow into leaders themselves.
For Marina, the strongest opportunities for collaboration come when lived experience meets wisdom. Young people bring energy, insight and innovation. Older generations bring guidance, life experience and professional knowledge. That combination can be powerful, in schools, sporting clubs, shopping centres, local councils, mentoring programs and community events.
This is where intergenerational work becomes more than a concept. It becomes a practical way to bridge understanding, reduce stigma and create stronger pathways for youth development, crime prevention and safer communities.
She is also direct about what organisations need to do. Tokenistic consultation is not enough. Young people need to be met in the places where they already are schools, youth centres, sporting grounds, shopping centres and online communities. They need to be listened to properly, not just invited into a room for appearances.
That also means creating youth advisory groups, involving young people in decision making and paying them where appropriate. Most importantly, it means acting on what they say. Young people know when they are being heard and when they are being used for the appearance of inclusion. Action builds trust. Nothing less will do.
Good youth engagement, in Marina’s view, is inclusive, consistent, empowering and enjoyable. It looks like workshops, sport, mentoring, leadership opportunities and community events where young people feel safe, respected and inspired. It gives them belonging and purpose.
At the heart of it all is a simple belief: when young people are empowered, they are more likely to choose positive pathways, protect themselves and others and step into leadership with confidence.
Across all four contributors, the message is strikingly consistent. Young people are already shaping security. They are not waiting to be invited into the future. They are helping build it now.
What they bring is not just energy or optimism. They bring practical intelligence, lived digital experience, community insight and the courage to question assumptions that older systems have left untouched. In return, they need more than praise. They need real pathways, real responsibility and real influence.
That means opening internship doors to more than just computer science students. It means pairing mentors across generations. It means funding youth projects as prototypes with value, not school exercises to be admired and forgotten. It means inviting young people into panels, roundtables and leadership spaces early, when what they say still matters.
Cybersecurity has always been about anticipation. These young builders already see what comes next. The sector’s task is not to catch up to them. It is to make space beside them.
Because safety is not static. It keeps changing. And the next translation is already being written—by the generation that is growing up inside it.
• Open internship doors to multidisciplinary backgrounds, not just computer science.
• Pair mentors across generations, not just hierarchies.
• Treat youth projects as prototypes worth funding, not classroom exercises.
• Include young builders in panels, awards, and roundtable representation matters early.
• Support grassroots competitions like AustCyber YouthTech and ACS Big Day In, where creativity meets real‑world testing.
Co-Founder & Chief Product Officer at Kreesalis
Pooja Agrawalla, widely known as “The IAM Girl,” is a cybersecurity leader and product builder at Kreesalis, focused on identity, trust, and governance. With over 24 years of experience, she has spent her career bridging the gap between robust security and digital innovation. Her work centers on rethinking identity beyond access management—positioning it as the core of modern security, risk, and compliance.
In a field often defined by firewalls, alerts, and breaches, Pooja Agrawalla’s journey into cybersecurity has been shaped not by what was broken but by what appeared to be working perfectly.
“Most security failures I’ve seen had one thing in common. Nothing was broken. The identity was valid. And yet, something didn’t add up,” she reflects. It is this quiet inconsistency, this gap between correctness and consequence, that would come to define her path and ultimately her purpose.
Pooja did not set out to become what many now recognise her as: “The IAM Girl.” In fact, there was
a time when she intentionally stepped away from identity and access management (IAM), seeking to broaden her experience across other areas of cybersecurity. But no matter where she turned to fraud investigations, compliance reviews, or security incidents she found herself circling back to the same root cause. “No matter the context, everything kept tracing back to identity,” she says. “In many ways, I didn’t choose IAM, it kept choosing me.”
Like many in the industry, her journey began without a fixed roadmap. Early in her career, she immersed herself in IAM programmes, focusing on provisioning, access control, and compliance. At the time, IAM was often treated as a background function necessary, but rarely strategic. Yet Pooja’s curiosity pushed her to look deeper. Across organisations, she began to notice a recurring and unsettling pattern: “Systems were functioning as designed. Controls were in place. Access was technically correct. And yet, outcomes were not always aligned.”
That observation became a turning point. “The issue was not access, it was trust,” she explains. It was a realisation that shifted her entire perspective. Valid identities, even those with legitimate permissions, could still introduce risk when their behaviour went unexamined. Whether it was insider activity, third party access, or routine approvals, the real challenge wasn’t gaining entry, it was what happened after.
From that moment on, identity ceased to be a technical layer and became something far more significant. “Identity was no longer just a control layer. It became the centre of trust, risk, and accountability,”
she says. This reframing allowed her to see IAM not as a niche specialism, but as the foundation of modern security.
Her growing expertise led her to design and implement IAM programmes across enterprise environments, working closely with teams to strengthen their security posture. Yet despite the diversity of organisations and systems, the same issues persisted. “Access granted but not revisited. Approvals becoming routine rather than risk aware. Exceptions accumulating without clear ownership. Non human identities remain under governed.” These weren’t isolated problems, they were systemic.
Driven by a desire not just to fix gaps but to rethink the system itself, Pooja made a pivotal transition from practitioner to builder. As Co Founder and Chief Product Officer, she stepped into entrepreneurship with a clear mission: to redefine how identity functions in a world of increasing complexity and accelerating threats.
Today, she sees the cybersecurity landscape undergoing a profound transformation. “We are witnessing a fundamental shift from access to trust, from compliance to continuous proof, from static controls to adaptive, real time validation,” she says. In this new paradigm, identity is no longer a backend
process; it is the very foundation upon which trust is established and measured.
Her insights are particularly relevant in an era shaped by artificial intelligence, automation, and the rapid growth of non human identities. The challenge, she believes, is no longer simply about granting access, but about continuously validating it. “The biggest risks today are not external threats trying to break in. They are already inside operating through identities we chose to trust.”
Despite her depth of experience, Pooja’s advice to the next generation remains grounded and refreshingly simple. “Focus less on roles, and more on problems worth solving,” she says. It’s a philosophy that reflects her own journey, one driven not by titles, but by curiosity, persistence, and a willingness to question assumptions.
Looking ahead, she is certain that the future of cybersecurity will be defined by how organisations manage identity. Not as a checkbox exercise, but as a dynamic, living system of trust. And if her journey is anything to go by, the answers will not lie in what is visibly broken but in what quietly doesn’t add up.
www.linkedin.com/in/pooja-agrawalla
Executive Leadership at the Forefront of Cyber and AI Security, Human-Centric Innovation, and Strategic Transformation
At a defining moment of global technological transformation where accelerated innovation, rising cyber complexity, and the expanding influence of artificial intelligence are reshaping the world, Dr Margarita Bel stands among a distinguished class of leaders guiding the future with clarity, intelligence, and purpose. Her journey reflects the emergence of a new leadership paradigm, one that unites strategic vision, technological depth, and an unwavering commitment to human centered progress.
A Harvard Fellow, Oxford AI alumna, and a scholar recognised by both the Ministry of Science of Ukraine and the Polish Government, Dr. Bel’s path is marked by exceptional academic rigor and international distinction. Her work spans cybersecurity, AI security, innovation, and strategic transformation, positioning her at the intersection of disciplines that are defining the digital age. Her career is a carefully built architecture of knowledge, leadership, and impact.
Dr Margarita’s academic journey has been instrumental in shaping her multidisciplinary perspective. Through research roles at globally respected institutions, including Harvard, University of Warsaw, Tel Aviv University’s Blavatnik Cyber Research Center, and Taras Shevchenko National University of Kyiv, Dr. Bel developed a deep intellectual foundation that continues to inform her work. This combination of applied expertise has enabled her to approach cyber and AI challenges with both analytical precision and strategic foresight.
In industry, Dr. Bel has demonstrated remarkable executive momentum across diverse leadership roles. As Chief Innovation and Validation Officer at Easy Cyber, she contributes to the advancement of next generation cybersecurity capabilities, focusing on innovation strategy, validation frameworks, and the development of trusted technologies. Her work reflects the growing need for credibility, adaptability, and resilience in cyber and AI systems at an enterprise level.
Her leadership experience also includes serving as Director of Business Development at TrustPeers Cyber on Demand, where she played a key role in strategic growth, and as Head of Projects at Check Point Software Technologies Ltd., gaining hands on experience within one of the world’s most recognised cybersecurity organisations. These roles strengthened her ability to bridge innovation with operational execution, and strategy with tangible results.
Beyond industry, Dr. Bel has made significant contributions to institutional development. As Director of Cyber Training at IsTec Cyber Security & Advanced Solutions, she had been shaping the next generation of cyber professionals, while her role as Associate Professor and Head of the Department at the Kyiv State University, Institute of Information Technologies, further expanded her expertise in organisational leadership and transformation. These experiences reflect Dr Margarita belief that true progress lies at the intersection of technology and human understanding.
At the core of Dr. Bel’s leadership is a defining conviction: technology achieves its highest value when guided by intelligence, responsibility, and human purpose. Her work consistently emphasises that cybersecurity and AI are not isolated technical domains, but interconnected systems that must align with trust, resilience, communication, and societal well being. This philosophy has become a signature of her leadership, one that positions her as a key voice in shaping a future where innovation serves humanity.
Dr Margarita’s international outlook further amplifies her impact. Across academia, industry, and cross border collaboration, Dr. Bel has contributed to initiatives that connect institutions, experts, and innovation ecosystems worldwide. Her ability to bridge the scholarly and the operational, the technological and the human, distinguishes her as a leader of uncommon range and influence.
As a thought leader, her contributions extend into critical conversations about AI, cyber psychology, and the evolving relationship between humans and intelligent systems. Her recent publications, including “AI Security: Why It Must Become a Strategic Priority” (2026), “From AI Risk to Human Resilience: Building a Human-Centric AI Operating System” (2026), “Talking to Machines: What Communication with Sentient AI Could Mean for Humanity” (2025) and “Sentient AI: The Dream, the Hype, and the Real Possibilities” (2025), reflect her unique ability to explore complex technological questions through both strategic and philosophical lenses. Dr Margarita’s work challenges conventional thinking while opening new pathways for understanding the future of intelligent systems.
For women in cybersecurity and AI, Dr. Bel’s journey carries powerful significance. She represents not only excellence and achievement, but visibility and forward momentum in fields that are shaping global security and transformation. Her story demonstrates that women are not only participating in these domains, they are leading them, redefining them, and setting new standards for what leadership looks like in the digital age.
Reflecting on the philosophy that guides her work, Dr. Margarita Bel shares:
“For me, cybersecurity has always been larger than technology alone. It is about protecting trust. It is about enabling institutions to grow securely. It is about helping people navigate complexity with confidence. Today, as AI continues to accelerate digital transformation, “I believe this human centered dimension has become even more important. Cybersecurity, AI, innovation, and leadership must move together” she explains.
As a woman in security, I also believe representation matters. Visibility matters. Voice matters. Many women bring extraordinary expertise, strategic thinking, and leadership to this field, and each story shared helps expand the horizon for others. I’m happy through my journey to encourage more women to step forward, lead boldly, and recognise that their perspective is needed in shaping the future of security and technology.
My advice to others is clear: keep learning, keep building, and keep trusting the value of your unique path. Careers evolve. New opportunities emerge. Disciplines intersect in unexpected ways. What matters is to stay committed to excellence, remain open to growth, and lead with both intelligence and humanity.
The future of security will be shaped by leaders who understand technology deeply and people thoughtfully. I am honored to contribute to that future through cyber and AI security, innovation, validation, academy, strategic transformation and I remain inspired by the responsibility and possibility of this Mission.”
Dr. Margarita Bel’s journey is a powerful reflection of leadership at its highest level globally informed, intellectually grounded, and deeply purposeful. As cyber and AI continue to shape the architecture of the future, her work stands as a guiding force, demonstrating that the most meaningful progress is achieved when innovation is aligned with humanity.
www.linkedin.com/in/dr-margarita-bel
Eloise Taylor Senior Manager, Security Operations
Eloise Taylor’s cybersecurity journey was anything but conventional, and that is precisely what makes her story resonate. Now a Senior Manager in Security Operations, her journey began far from command centres and incident response calls. “When I first moved to Canada, I worked in retail because that’s what was available to me on a temporary visa,” she reflects. “From there I moved into HR recruitment, which paid the bills but left me feeling disconnected from where I actually wanted to be. I knew I wanted to be closer to tech, I just hadn’t figured out how yet.”
The turning point came when she joined a defence and technology consulting organisation as a cyber project manager. It was here that the pieces began to fall into place. “Starting as a cyber project manager gave me visibility into almost every area of security, and over time I started to understand what actually excited me about the field,” she explains. “I was drawn to the investigative nature of security work piecing together fragments of information from different sources until a bigger picture starts to form. Think of it like building a murder board in a crime thriller,
connecting the dots until something clicks. That instinct toward finding the story in the data is what made me realise I had found the right industry.”
Unlike many who feel pressured to fast track their way into cybersecurity through expensive certifications, Eloise took a more measured and accessible approach. “I didn’t go out and spend thousands on certifications straight away. I started with affordable courses just to get comfortable with the language of security, because you can’t have meaningful conversations in a field when you don’t understand the vocabulary.” That foundation gave her the confidence to immerse herself in the community, though not without hesitation.
“I remember walking into early events and wanting to be invisible. I felt like a fraud like I shouldn’t have been there, and that if anyone asked who I was or what I did, they’d immediately know I didn’t belong,” she admits. “So I kept my head down, sat in on the talks, and absorbed as much as I could.” Over time, her perspective shifted. “What I eventually learned is that being honest about where you are gets you a lot further than trying to perform expertise you don’t have yet. The security community is genuinely welcoming when you lead with curiosity rather than pretending to know things you don’t.”
Like many entering the field, Eloise faced moments of doubt and rejection. “Constantly,” she says candidly. “And the rejection that comes with trying to break into a new field is genuinely hard. You can be doing everything right and still hear nothing back, and that wears on you.” It was one pivotal interview that changed her trajectory. “I just decided to be completely honest. Not because I was trying some clever strategy, but because the energy in that virtual room felt safe, and I didn’t want to inflate myself and then fail on the job. So when I didn’t know something, I said how I’d work it out rather than pretending I already had the answer.” That authenticity paid off. “That leader saw my transferable skills and my willingness to grow, and they took a chance on me.”
Eloise never followed a rigid career plan, and she believes that flexibility became one of her greatest strengths. “No clear plan at all. I didn’t have a dream job title or a five year roadmap. I followed opportunities, said yes to things that made me a little nervous, and paid attention to what energised me versus what drained me.” Security operations, she explains, wasn’t a destination she had mapped out. “It’s somewhere I ended up because I kept moving toward what felt meaningful. Looking back, that flexibility was an advantage. Rigid plans can close you off to opportunities that don’t fit the box you’ve drawn for yourself.”
Reflecting on her younger self, Eloise offers a perspective grounded in self trust rather than hindsight correction. “Honestly I wouldn’t tell her to ditch geography and start coding. I was completely absorbed in its extreme weather, geology, all the nerdy things and I wouldn’t change that for the world.” She sees a clear thread now. “That curiosity and analytical thinking, the desire to understand complex systems and find patterns in them, quietly carried into everything I’ve done since. You don’t always see the through line until you look back.” Her advice is simple but powerful: “What I would tell her is to keep following the path she enjoys rather than the one that’s expected of her.”
Looking ahead, Eloise sees a shift that will redefine the profession. “We’re all becoming engineers whether we signed up for it or not, and I think that’s a good thing,” she says. “The ability to automate, script, and build is becoming essential across security roles, not just for developers.” This evolution, she notes, goes deeper than tools or programming languages. “It’s not just about picking up Python. It’s a fundamental shift in how security professionals approach problems.”
Despite the technical demands of the field, Eloise credits her success not to tools or titles, but to people. “The community, without question,” she says when asked about the biggest influence on her career. “There’s something about the security world I didn’t expect when I first came into it. People here
genuinely want each other to succeed.” Over time, those connections have become anchors. “You run into the same people at different points in your career, and each time you’re both a little further along. It’s a bit like catching up with friends you only see once a year, except those conversations often shape your direction in ways you don’t fully appreciate until later.”
Today, her greatest accomplishment comes not from personal achievement, but from the growth of those around her. “Leading my team,” she says without hesitation. “When someone lands a project they were nervous about, or shares where they want to take their career over the next few years, that hits differently than any personal milestone I’ve reached.” For Eloise, leadership is deeply personal. “It’s those specific conversations where someone realises they’re more capable than they thought they were. That never gets old.”
That perspective was shaped, in part, by experiencing the limits of pushing too hard. “There was a period earlier in my career where I was working around 80 hours a week. I hit a wall frustrated, exhausted, not having time to eat, and most importantly missing time with my daughter.” It was a moment that forced her to reset. “Security will take every hour you give it if you let it, so you have to be intentional about protecting the hours that belong to the rest of your life.” Now, her priorities are clear. “For me that’s weightlifting, travelling, watching football, and above everything else, being present for my daughter. Those aren’t things I fit in around work. They’re what makes the work sustainable long term.”
Eloise Taylor’s journey is a testament to the power of curiosity, honesty, and adaptability. It is a reminder that there is no single path into cybersecurity, and that sometimes the most meaningful careers are built not by following a plan, but by learning to recognise the patterns along the way.
www.linkedin.com/in/eloise-j-taylor
Senior Cybersecurity Architect
Chinenye V. Ugochukwu, a Senior Cybersecurity Architect, describes her journey into cybersecurity as one driven by curiosity. “I first found my way into cybersecurity out of pure curiosity. I started my career in a financial institution, working in an IT systems control role, and that’s where I began paying closer attention to how systems were secured and how risks were handled. The more I learned, the more I realised I wanted something more challenging and meaningful. That curiosity eventually pushed me to move into the IT security team within the same organisation.”
The transition into security was not without challenges. “It was a completely different role, and I had to quickly build both technical and governance knowledge. But as I settled in, everything started to click. Cybersecurity felt dynamic, impactful, and deeply tied to keeping the business resilient,” she reflects. Her career path has since spanned multiple organisations and disciplines, including Identity and Access Management, Application and Data Security, and Security Architecture. “Each role added a new
layer to my understanding and strengthened my interest. Over time, I developed a much broader view of the field, from hands on operational security to governance and strategic design.”
Early in her career, Chinenye credits her growth to curiosity driven learning and hands on experience. “One of the most pivotal things I did was ask questions. Working in a small team really helped there was always something happening, and learning was very hands on. As new challenges came up, I had the chance to observe, get involved, and gradually take on more responsibility. That practical exposure made a huge difference. It helped me build confidence and gave me a much deeper understanding of cybersecurity concepts beyond what I could have learned from theory alone. Looking back, that curiosity driven approach, being willing to ask, watch, try, and learn, was what transformed my initial interest into a real professional path in cybersecurity.”
Like many professionals in the field, Chinenye has faced moments of self doubt. “In the first few years of my career, I didn’t really struggle with uncertainty.
“One of the most pivotal things I did was ask questions. Working in a small team really helped there was always something happening, and learning was very hands-on. As new challenges came up, I had the chance to observe, get involved, and gradually take on more responsibility. That practical exposure made a huge difference."
Everything felt new and exciting, and I was learning quickly enough that I didn’t stop to question myself. But as time went on and the responsibilities grew, I started experiencing moments of self doubt. That’s when imposter syndrome began to creep in. I’d catch myself wondering whether I was doing enough or if I was even on the right path.” Her strategy for overcoming this was steady, incremental progress: “I focused on taking things one step at a time. I grounded myself in continuous learning, building my skills, asking questions, and staying close to the practical work that helped me grow. That approach slowly helped me rebuild my confidence. Those moments of uncertainty actually strengthened me. They pushed me to stay intentional about my growth and helped shape the strength I rely on today.”
Chinenye’s career unfolded organically rather than along a rigid plan. “When I started my journey in cybersecurity, I didn’t have a clear picture of the exact roles I wanted to pursue. I began in a small team where we handled a wide range of security responsibilities. After about two years, I moved into a more structured environment where roles were more defined. My path unfolded quite organically from there, shaped by the opportunities and challenges I encountered along the way.”
Reflecting on what advice she would give her younger self, Chinenye emphasises mindset and support: “Believe in yourself, no matter what anyone thinks. Cybersecurity is a journey, and nobody steps into it already knowing everything. Self doubt and external noise only slow you down, so trust your abilities and stay focused on your own growth. I’d also remind myself to pay attention to the kind, supportive people, the ones who see your potential and help bring out the best in you. Most importantly, with the right mindset, anything is achievable. Stay curious, keep learning, and stay open to new challenges. You can build the career you want. The path doesn’t have to be perfect; it just has to be yours.”
Chinenye is also deeply thoughtful about the future of cybersecurity. “One major concern is the rise of deepfakes and identity deception. As AI driven voice and video generation becomes more sophisticated, attackers can impersonate executives, employees, or trusted partners with alarming accuracy. Another trend is the growing challenge of continuous threat exposure. Modern environments cloud services, APIs, third party integrations constantly expand the attack surface. Continuous Threat Exposure Management is becoming essential, giving organisations the ability to identify vulnerabilities and risks in real time. Regulatory pressure is also a significant factor. Cybersecurity is no longer just a technical issue; it’s a governance and accountability issue.”
“Believe in yourself, no matter what anyone thinks. Cybersecurity is a journey, and nobody steps into it already knowing everything. Self‑doubt and external noise only slow you down, so trust your abilities and stay focused on your own growth."
“Mindset makes a significant difference. Anyone can transition into cybersecurity, regardless of their background. The field accommodates a wide range of skills, including governance, risk management, compliance, communication, and analysis."
When considering career moves, Chinenye looks beyond salary: “I pay attention to the company structure, where cybersecurity sits within the organisation. Inclusion is also a major factor, especially in how the organisation supports women in cybersecurity. I also look closely at the learning and development opportunities available. Cybersecurity evolves quickly, so continuous learning isn’t optional, it’s essential.”
Mentorship has played a key role in her journey. “One of the biggest influences on my career came very early, when I started working as an IT Security Analyst. My manager gave me tasks I didn’t initially know how to solve and encouraged me to research, experiment, and figure things out on my own. Mentorship from professionals like Liliia Karpenko, Zechariah Akinpelu, and Kim Sylvie helped shape my perspective and strengthen my confidence. Their support helped me navigate career decisions, broaden my knowledge, and continue growing within the cybersecurity field.”
Chinenye also shares the importance of balance. “Maintaining a healthy work/life balance is really
Craig is an experienced cyber security professional with various qualifications including two master’s degrees. He is the Head Unicorn (co-founder and director) of Cyber Unicorns, in which he acts as a vCISO to clients such as Baidam Solutions, Wesley Mission, PCYC, Hungry Jacks and Ipswich City Council. He was CTO (Chief Technology Officer) for Baidam Solutions between January 2022 to June 2023, where he led the technical services team, helping to build out the internal services capability for Baidam. Craig was QLD chair for AISA for two years until he was appointed to the national board of directors in December 2022.
Cyber Unicorns was born out of a need to make a difference. In July 2023 I stepped away from a great job as CTO with an absolutely amazing team who I still call family (Baidam). I still love what they do, what they believe in, and I still support their mission whenever I have the opportunity to do so.
Why did I leave a safe job, one I loved with a team I truly admired? It was simple: I had to.
Okay, maybe it was not that simple, but let me tell you why I created Cyber Unicorns and what we have been up to. Through this story my decision to leave Baidam might make more sense.
In July 2023 I decided to end my role as CTO of Baidam and to create Cyber Unicorns. The company had one purpose, and a mission I needed to stand up for; a mission that was, and still is, part of who I am. It drives me to get up and work hard every day. Not for money, not for ego, not because I think others feel I should.
My role is to educate children, parents, teachers, seniors and everyone in between. Why? Because to truly make a difference in this world, we need to teach everyone how to be safer in the online world. We don’t need everyone to be cybersecurity professionals. That’s not what it’s about. It’s about developing life skills that can help us all stay safe in the modern world we need to navigate.
Learning to be safe in this world is as important as learning to swim. We all (most of us anyway) learn to swim. So, if we find ourselves in a situation where we are in water and need to save ourselves, we can. If we can’t swim, our chances of survival are very low. It’s that simple.
Most of us learn to ride a bike. We learn to walk before we learn to run. Cybersecurity needs to be one of these primary skills. As soon as they start to interact with any digital platforms—games, phones, apps—at home or at school, every child needs to start being taught how to navigate the online world rather than being let free and left to work things out the hard way.
Cyber Unicorns has attacked this challenge from several angles. First, we have the books. The Shadow World is an amazing resource to help parents and schools educate children (and themselves) on the dangers of the digital world. It has 19 topics: sextortion, cyber bullying, online gaming, and many more.
We have donated more than 8,000 copies to schools around the country to do our part in ensuring that children have access to this resource. And we have not stopped there.
Cyber Unicorns now also has a cyber education course aligned with the Australian National
Craig is a published author with three different book series – ‘A Hacker I Am’ cyber education series, ‘Foresight’ is his Cyberpunk/hacker fantasy novel series and then there is ‘The Shadow World’, a co-authored kids cyber education book. He is a freelance cyber security journalist and is a regular columnist with the Women in Security Magazine, as well as a freelance contributor for Cyber Today, Top Cyber News, SecureGov, Careers with STEM and Cyber Australia magazines.
Curriculum available on our online education platform that schools across Australia (and the world) can access and use to teach children and school staff. It links video topics to required learnings and references further education via The Shadow World to provide learning beyond the course itself.
The current course is designed for primary (junior) school students but is being expanded to provide coverage through to senior levels. This is a resource that has been missing for schools, students and parents. Now they have it.
In addition, we have educational material for parents, seniors and the general public. We also have additional exciting capability in development that will expand our offerings, because I need to make a difference in this space. And, with all of you helping
me get this material into the hands of the children who need it, maybe I will succeed.
So, I hope you now understand why I made that crazy decision to step out of my comfort zone, to take a dive off the cliff and give this everything I have to help the next generations (and some of the, current, older generation) be as safe as they can be, understand the risks and the things they can do themselves.
www.cyberunicorns.com.au
www.linkedin.com/in/craig-ford-cybersecurity
www.facebook.com/CyberUnicorns
www.instagram.com/cyberunicorns.com.au
by Jo Stewart-Rattray , Oceania Ambassador, ISACA
In cybersecurity and digital trust we often talk about skills shortages, emerging threats and new technologies as though they are separate challenges. Increasingly, I think they point to the same underlying problem: too often, we still work in silos.
Security can sit apart from business strategy. Governance can be treated as something separate from technology. Leadership pathways can be narrow and hard to access. And too many capable people, particularly women and others from underrepresented communities, are still left on the edge of a profession that needs their perspective. What we need is not only more talent; we also need more people who can connect the dots.
For me, bridge building has never been an abstract idea. It has been made real by the people and communities I have worked with over many years.
I have had the privilege of working alongside ISACA chapters in Papua New Guinea, mentoring
women aspiring to leadership roles and supporting professional networks in places where access to opportunity was not always easy. I have also worked with women in Africa who were building careers in technology and governance while overcoming barriers that were both professional and deeply personal.
In all of these settings the issue was never a lack of talent. More often, it was a lack of access: to networks, to visibility, to leadership opportunities and to people who could say, with conviction, “You can do this, and you belong here.”
As Ruth Bader Ginsburg said: “Women belong in all places where decisions are being made. It shouldn’t be that women are the exception.”
That is where bridge builders come in. They help people move from capability to opportunity. They make sure good people are not overlooked simply because they are not already in the room. They also make our profession stronger by broadening the mix of voices shaping it.
This matters even more today, because our profession is under pressure from every direction. Artificial intelligence is changing the way organisations operate. Cyber threats continue to grow in scale and complexity with geopolitical uncertainty all around. Many organisations are still struggling to find and keep skilled people. At the same time, women remain underrepresented across technology and cybersecurity, particularly in senior roles. That is not only disappointing; it also has practical consequences.
When teams are too narrow, blind spots grow. When systems are designed without a broad range of perspectives, bias can be built in rather than designed out. We are already seeing that happen in areas such as AI where uneven representation can shape the way tools are developed, applied and governed. If we want secure, trustworthy systems, we need more diverse voices helping shape them.
We also need people who can work across disciplines; people who understand that, in the real world, cyber, audit, risk, privacy, governance and business strategy do not sit in neat, separate boxes.
One of the most effective ways to build those connections is through mentoring. Throughout my own career, mentoring has made a real difference. I have seen how the right advice at the right time can shift someone’s confidence, broaden their view of what is possible, or encourage them to put themselves forward for an opportunity they might otherwise have ignored.
I have also seen the value of professional communities such as ISACA and initiatives such
as SheLeadsTech, which create opportunities for women to connect, learn from one another and build confidence in their own leadership.
But we should be honest, mentoring on its own is not enough. People also need sponsorship. They need leaders who will back them, recommend them and make room for them. Advice matters, but so does advocacy and practical assistance to make a difference for individuals.
If we want more diverse leadership in security we cannot simply tell people to be confident. We have to make pathways more visible and more accessible.
We also need to think more broadly about where security talent comes from. Some of the strongest people I have worked with did not begin in cybersecurity. They came from governance, audit, operations, technology education, compliance
“Women belong in all places where decisions are being made. It shouldn’t be that women are the exception.” Ruth Bader Ginsburg
and other adjacent fields. They brought a different way of thinking, and that made teams better and more robust.
That is especially important in regional and rural communities where traditional career paths are not always available. Technology can help open doors through online learning, certifications, mentoring and global networks. But access to those opportunities still depends on people being encouraged and supported along the way.
This is one reason bridge building matters so much. It helps turn potential into progress and challenges the idea that there is only one ‘right’ path into the profession.
Inclusion is sometimes spoken about as though it sits alongside the real work. In my view, it is part of the real work. A professional community that draws on a wider range of experiences, backgrounds and ways of thinking will be better equipped to respond to risk, adapt to change and make sound decisions.
Those differences include gender diversity, of course, but they also include cultural diversity, neurodiversity, regional perspectives and diversity of thought.
Creating that kind of community takes deliberate effort. It means making workplaces more accessible. It means paying attention to who gets heard and who gets overlooked. It means making sure leadership reflects more than one kind of career path or communication style. Most of all, it means listening properly to people whose perspectives may be different from our own and learning from them.
As the profession continues to change I believe one thing is becoming clearer: security will not be strengthened by technical capability alone. It will be strengthened by people who can connect disciplines, connect communities and connect generations.
That means moving away from siloed thinking and recognising that cybersecurity, governance, risk and emerging technologies shape digital trust together. It also means recognising that the profession will be better served when more people can see a place for themselves in it.
ISACA has long played a role in bringing together professionals across these areas, and that matters. But building bridges is not the job of one organisation alone. It is something all of us can do in our own teams, networks and communities.
Each of us can help make this profession more connected. We can each make a difference. That might mean mentoring someone early in their career. It might mean recommending a capable colleague for an opportunity. It might mean bringing together two people who should know each other, or creating space for a different voice to be heard.
Security is, and has always been, about more than systems and controls. It is also about people, trust and the choices we make about who gets to participate.
Jo has over 25 years’ experience in the security sector. She consults in risk and technology issues with a particular emphasis on governance and cybersecurity as a director with BRM Advisory. Jo is the Oceania Ambassador for global IT professional association, ISACA, and an ISACA Hall of Fame inductee. Jo is the former Vice President, Communities of the Australian Computer Society and Ambassador of the National Rural Women’s Coalition. She regularly provides strategic advice and consulting to the banking and finance, utilities, healthcare, tertiary education, retail and government sectors.
www.linkedin.com/in/jo-stewart-rattray-gaicd-4991a12
by Abigail Swabey, Publisher of Women in Security Magazine
Recently, I’ve had to run a mental reset for myself. As the CEO of a boutique media house running projects like the Australian Women in Security Awards, publishing magazines like this one and simultaneously managing client events and campaigns all year round, I’ve found myself physically and mentally drained and running on autopilot, even though I have some absolutely unbelievable staff.
This year feels like it’s moving at breakneck speed with curveballs being thrown at me from all directions. I’ve simply not had the space to pause, see things clearly or process what’s happening. It could also be the fact that I’m still working at a crazy pace trying to prove my value and feel like I’m getting nowhere.
While I’m still mid‑journey on finding answers to what quietness and reset mean for me, I keep thinking about you all: women in security holding complex roles, leading teams and showing up under pressure every day. So, instead of keeping these reflections to myself, I wanted to share what I’m learning, and
the small, but deliberate, mental resets I’m building into my routine. This article is about reclaiming your mind, heart and body when you’re in the thick of the security game, and using that reset as a quiet act of leadership, not a luxury.
Women in security are used to being ‘on’: heads‑on‑screen, phones buzzing, threats brewing just out of view. The job demands mental agility, emotional stamina and physical resilience, often in environments that still feel like a minority space. That constant, high‑alert state is exhausting. It shows up as late‑night scrolling, “one more email”, skipped lunches, fractured sleep and a gnawing feeling you’re running on fumes.
A mental reset isn’t about ‘fixing’ stress overnight. It’s about creating deliberate, repeatable shifts in your mental, emotional and physical habits so you can show up for the work, and your life, without burning out.
Cybersecurity and physical security roles are high‑pressure, 24/7, high‑stakes and often under‑resourced. Research shows cybersecurity professionals regularly report elevated stress, fatigue and burnout, which can impact personal life, relationships and long‑term health. For women in security, those impacts can be combined with under‑representation, imposter‑taste‑in‑the mouth moments, and extra emotional labour: being the ‘first female this’ in the room, explaining your expertise twice and navigating cultures that still don’t always feel like they were built for you.
A mental reset begins with acknowledging that you’re not just tired, you’re drained in multiple dimensions. The good news: when you reset your mind, your emotions follow, and your body catches up faster.
Mental health in security is no longer ‘nice‑to‑have’; it’s an operational requirement. Tired brains misread alerts, miss nuances in logs and struggle with complex decision‑making, which can quietly erode your organisation’s cyber resilience.
Here’s what a simple mental reset can look like.
• Scheduled ‘off‑brain’ windows: 15–20 minutes in the day where you step away from screens, passwords, patches and inbox chaos. Use this time for a walk, a short, guided meditation or a non‑tech conversation.
• Ritualised transitions: create a clear ‘end‑of‑shift’ moment. Close your laptop, write one ‘done’ list, shut a door or listen to a specific song, so your brain registers that you’re not still on‑call, even if the phone is nearby.
• Boundaries around ‘always‑on’ culture: turn off non‑critical notifications outside working hours, insert ‘focus blocks’ in your calendar, and communicate those boundaries with your team so you’re not the only one protecting your mental space.
For a woman in security, creating space for your brain is also a quiet act of leadership. When you visibly protect your headspace, you give others permission to do the same.
The emotional load in security is heavy: ongoing risk, breach after breach, seeing your peers dismissed, and the pressure to prove yourself over and over again. Many women absorb this quietly, translating it into stress, irritation or numbness.
An emotional reset is about naming it without judgment.
• Short check‑ins with yourself: at the end of the day, ask: “What did I feel most today — frustrated, proud, exhausted, invisible?” Just naming the emotion diffuses some of its power.
• Vocalising needs: share honestly with a trusted peer, partner or coach; “I’m burnt out on incident‑response Sundays” or “I feel like I have to work twice as hard to be heard.”
• Creating safe spaces: seek or build communities; internal women‑in‑security groups, informal chats, mentoring circles—where you can be honest about mistakes, doubts and wins alike.
Emotional reset is not a weakness. In security, it’s what keeps you self‑aware, empathetic and less likely to lash out or shut down under pressure.
Long shifts, cursor‑hand tension, bad posture, caffeine dependence and skipped meals subtly but steadily erode your physical resilience. And when your body is compromised, your mind and emotions follow.
A physical reset can be as simple as:
• Micro‑movement practices: 5–10‑minute stretch or mobility routines between incidents, or a brisk 10‑minute walk after a big meeting.
• Hydration and nourishment that feels like a reward: keeping a good water bottle and snacks that feel like self‑care, not punishment.
• Sleep hygiene: a consistent wind‑down routine. No screens, low light, maybe a short meditation, sound bath or journal entry to signal to your nervous system that the threat level has dropped, even if the world hasn’t. My all time favourite is a 20 minute sound bath. It helps me reset and empties my mind for rest.
When women in security start treating their bodies as part of their ‘defence strategy’, not decoration or afterthought, they show up sharper, calmer and more sustainable long‑term.
A mental reset isn’t an indulgent ‘self‑care moment’ separate from your security work; it’s integrated into it. Healthier minds notice anomalies earlier. Calmer emotions recover from setbacks faster. Stronger bodies keep you alert through long shifts and incident responses. And when women in security normalise reset practices, they quietly reshape the culture around them turning “you have to be on‑call all the time” into “we protect our people while we protect our perimeter”.
This issue of Women in Security Magazine is a reminder: you don’t need to wait for a breaking point to reset. You can start small, one clear boundary, one honest conversation, one 10‑minute stretch, one night of proper sleep and let that be the first line of defence you reinforce.
For the past four years , Source2Create has proudly delivered Women in Security Magazine to the industry free of charge , championing diversity, inclusion, and the incredible contributions of women in cybersecurity. As we continue to grow, we now need partners to help us sustain and expand this vital platform.
By supporting this package, you’re not just backing us—you’re investing in the magazine, its community, and the future of women in security. To ensure we can keep delivering this high-value publication, we’re introducing a nominal fee for $900 Ex GST, an exceptional package that provides extensive coverage and visibility.
LISA VENTURA
by Lisa Ventura MBE FCIIS, Chief Executive and Founder, Unity Group Solutions Limited/AI and Cyber Security Association
There is a conversation that urgently needs to happen in organisations around the world, and it is not happening anywhere near fast enough. In boardrooms, in technology departments and in risk committees, artificial intelligence and cybersecurity are still being treated as separate disciplines with separate teams, separate strategies and separate budgets. This division is not just inefficient. It is dangerous.
I have spent years working at the intersection of these two fields, and the gap between them remains one of the most urgent and under discussed problems in our industry. When I founded the AI and Cyber Security Association (AICSA) as the world’s first global trade association focused specifically on AI security convergence, I did so because I could see the industry needed a dedicated space in which to build a bridge between AI and cybersecurity. Without it, I could see organisations would continue to expose themselves
to a category of risk that neither their AI governance teams nor their security teams were fully equipped to address individually.
Consider what the threat landscape looks like in 2026. Threat actors are using AI to generate highly convincing spear phishing emails at scale, to create deepfake audio and video that can bypass identity verification, and to automate vulnerability discovery in ways that dramatically accelerate the pace of attacks. At the same time, organisations are deploying their own AI systems, often rapidly and with insufficient security review, creating new attack surfaces that traditional cybersecurity frameworks were never designed to address.
Yet, in many organisations, the team responsible for AI governance is focused on ethics, compliance and model fairness while the cybersecurity team is
focused on network security, endpoint protection and incident response. Neither team has full visibility of what the other is doing, and neither has been given explicit responsibility for the space in which their disciplines overlap. That overlap is exactly where some of the most significant risks now live.
Convergence is not simply about getting AI teams and security teams to talk to one another, although that is a necessary starting point. It is about fundamentally rethinking how organisations structure their approach to risk when AI has become both a defensive tool and an offensive weapon.
In my book, Artificial Intelligence in Cybersecurity, published by Kogan Page on 3 April 2026, I explore how the relationship between AI and security is evolving across every dimension: from the way AI is being used to detect threats and automate response to the ways in which adversaries are exploiting AI to make their attacks more sophisticated and more scalable. What became clear throughout my research for the book was that the organisations best placed to manage this landscape are those which have made a deliberate and structural commitment to convergence at leadership level.
They have appointed people who can speak both languages. They have ensured AI deployment decisions have security review built in from the start, not bolted on afterwards. When they integrate a new large language model into a business process they assess the security implications of that integration with the same rigour as the commercial or operational implications.
For women working in security the convergence of AI and cybersecurity represents both a challenge and a significant opportunity. The skills that make exceptional security professionals the ability to think systemically, to communicate risk in human terms, and to build relationships across organisational boundaries are precisely the skills required to navigate and lead convergence.
Women in security have long been bridge builders, often out of necessity. We have had to build credibility and trust in environments that did not always make it easy to do so. We have learnt to work across disciplines, and to find common ground between people who do not naturally share a frame of reference. Those are exactly the capabilities that convergence requires.
The AI security space is nascent so there is real opportunity to shape its direction. The governance frameworks, the professional standards and the shared vocabulary of this converged discipline are still being written. Women who position themselves at the intersection of AI and security whether through their work, their advocacy or their continued professional development will be the architects of this new converged discipline.
If you are wondering where to start, the answer is closer than you think. Begin by learning the language of the other side. If you are a security professional, invest time in understanding how AI systems are built, deployed and governed. If you work in AI governance or data science, invest time in understanding the threat landscape and the security controls your organisation relies upon. Whichever your discipline, you do not need to become a deep expert in the other. What you require is sufficient understanding to ask the right questions, and to know when to bring the two disciplines together.
At an organisational level, advocate for structures that make convergence possible. Push for AI deployments to include security review. Raise the question of who in your organisation is responsible for AI enabled threats, and whether that responsibility is clearly defined. These conversations are not always comfortable, but they are necessary.
The bridge between AI and cybersecurity will not build itself. It requires intent, structural commitment and professionals who are willing to stand in the space between the two disciplines and hold them together. That is bridge building in its truest sense, and it is one of the most important things our industry can do right now.
@cybergeekgirl
www.linkedin.com/in/lisasventura/ www.facebook.com/lisasventurauk
www.instagram.com/lsventurauk
bsky.app/profile/cybergeekgirl.bsky.social
You can find examples of the talks she done previously and of interviews, panel discussions and moderating/chairing events on her YouTube channel: www.youtube.com/@CyberSecurityLisa
x.com/AICyberSecAssoc
www.linkedin.com/company/aicybersecassoc
www.facebook.com/aicybersecassoc
Lisa Ventura MBE FCIIS is Chief Executive and Founder of Unity Group Solutions Limited and Founder and CEO of the AI and Cyber Security Association (AICSA). Her book, Artificial Intelligence in Cybersecurity, is published by Kogan Page (April 2026).
SIMON CARABETTA
By Simon Carabetta, National Cyber Security Training Advisor
On the 26th of January 1970, legendary folk duo, Simon and Garfunkel, released their seminal hit album, Bridge Over Troubled Water . The album has sold over 25 million copies worldwide, making it one of the best selling albums of all time. At the time of its release, it was the best selling album ever,
However, at the end of 1970, the year in which the album was released, Elvis Presley covered the title song in his 12th studio album, That’s The Way It Is . He performed the song live soon after, with Paul Simon in attendance. Immediately after this performance Simon uttered the words, “How the hell can I compete with that?”
Which brings me to the point of this piece, in my favourite cybersecurity industry publication, Women in Security Magazine. That point is: we shouldn’t compete. We’re not in this industry to boost egos, boost salaries, boost our professional profiles. We choose cybersecurity because it’s a purpose, a mission if you will. There is no ‘I’ in cyber, but there is a ‘Y’.
Why cyber? We choose the mission because it’s important. We defend organisations and individuals from the many present threats; threats that are
becoming far more nefarious and harder to defend against. Simply put, we keep people safe. That’s the ‘why’.
Back in 2019 I was lucky, and privileged enough to gain my first role in this industry, which has been my home for the past seven and a half years. I transitioned from high school teacher to cybersecurity awareness trainer. (Okay I’ve told this story many, many times but it links to my article, trust me.)
In 2020 I was even luckier. I was offered the role of project and engagement coordinator with AustCyber, which became the CyberWest Hub. I loved that role, and still look back fondly on the times when I had opportunities to help build and grow our industry, not just in WA, but throughout Australia. I got to work with startups, academics, not for profits and very cool cybersecurity professionals, some of whom have become lifelong friends.
In 2021 I even had the amazing honour of being awarded the Male Champion of Change title at Source2Create’s own Australian Women in Security Awards, a title I still hold proudly and dearly. And I vow to continue advocating for change in cybersecurity every day.
It was during this time that I made one major mistake: I let my ego get in the way and dictate my direction. I resigned from my role believing that something bigger and better was out there. It wasn’t.
It took me a good two years of soul searching in the industry to finally come to the realisation that everything I was doing, every job I applied for, every time I involved myself in industry events, every time I spoke about past achievements was ego driven.
Was I building bridges? Perhaps some, inadvertently. But was I intentionally building them? No, I wasn’t.
I kept seeing others achieve and I kept asking myself the same question my namesake asked (apparently, I was named after Paul Simon): “How the hell can I compete with that?” Now, in 2026, I’m more settled, more about building bridges (yes, I have also burnt some, but that’s a story for another time) and I’m more about guiding others over troubled waters to the safe shores of a cybersecurity career.
But let’s go back to Elvis’ rendition of that famous song and the lesson we can take from Paul Simon’s reaction. Simon and Garfunkel are still widely
regarded as one of the greatest song writing duos of all time. Elvis Presley is also widely regarded as one of the greatest rock stars and singers of all time. Was Elvis a great songwriter? Not really. Did Simon and Garfunkel have flair and rock star appeal? Not really.
Each was a master of their own area within the wider music industry. Similarly, we should all recognise that we each have our own specialisation and area within cybersecurity. This isn’t to say we stay in that lane all the time, but that we should certainly never gatekeep our domain.
My last message in this article is to say to each and every cybersecurity professional out there today: build a bridge and guide others. Take down the walls and gates that isolate your specialisation.
We’re all members of a team. There is no ‘I’, but there is a ‘Why’. Ask yourself every single day before work: why cyber? That will help you drop your ego at the door and be the team player we all desperately need in our industry.
www.linkedin.com/in/simoncarabetta
Tara Dharnikota CISO at Victoria University
Alana Lundy CIO and CISO for Depar tment of Social Services
Helen McLeish Chief Cyber Security Officer at East Metropolitan Health Service WA
Jackie Montado Chief Digital and Technology Officer at Wesfarmers Industrial and Safety
Maxine Harrison CISO from Depar tment of Energy, Environment and Climate Action
Cairo Malet Senior Manager / Deliver Lead - Cyber Security Services at Fujitsu
James Ng CISO at Insignia Financial
Sam Fariborz CISO at David Jones
Meagan O'Mahony Director of Security at Zip Co
Sana Rashed CISO at HSBC
Mona Sidhu Cyber Security Education and Awareness Manager at NSW Depar tment of Education
Principa Co at Deci
Sharin Yeoh Technical ISO at Systematic
Amazon
Tams ICF Exec Diversity Coachi
sy Wong of Security areness at edibank
McCrudden al Recruitment nsultant ipher Bureau
Derek Winter CISO at UNSW
Jenna Whitman Head of Security Operations and Deputy CISO at Vocus
Doris Tidd CISO at Intellihub
John Taylor Group Executive | CIO | CTO | CISO
a Hammoud nal Security ger - APAC at Web Services
sin Jowett cutive Coach & Consultant at ing To Thrive
Neha Sharma Industry CISO
Nikita Newell CISO at Lendlease
Tamsyn Harris Director of Scam Prevention at Optus
Dr Greg Adamson CISO at Depar tment of Transpor t and Planning
Hayley van Loon CEO of Crime Stoppers International
Kate Raulings CISO at Environment Pro tection Authority Victoria
Tharaka Perera CISO at Estia Health
Lukasz Gogolkiewicz Head of Cyber Security for Accent Group
Peter Gigengack Director Cyber Security | Capability at the Depar tment of the Premier and Cabinet of WA
Roxanne Pashaei Director Cyber Security Operations at Western Sydney University
Wayne Rodrigues Board MemberMembership Director at ISACA Melbourne Chapter
JAY HIRA
by Jay Hira , Cyber Director – Financial Services, KPMG
A reflection on strength, belonging and the responsibility that comes with leadership.
I grew up believing that strength was something you earnt on your own.
Where I came from, survival shaped that belief early. You worked harder. You aimed higher. You learnt to compete, because falling behind often meant disappearing altogether. For years, I carried that mindset with me. I believed progress came from persistence alone, from finding the right door and pushing until it opened.
Then, one afternoon, that belief fractured.
I was twelve years old, sitting beside my grandmother in an autorickshaw on the way to the hospital. I had fallen from a terrace while trying to prove I was stronger than my friends. For a brief moment, I had felt powerful. That feeling disappeared the instant my wrist hit the ground.
She was quiet for most of the ride. When I finally tried to explain myself, she stopped me.
“A show of strength,” she said, “is not flying like Superman or fighting to win. Strength lies in building a strong community of people around you. That is the superpower you need to learn.”
I heard the words, but, at that time, I did not understand them. It took years, and being in many rooms where decisions were made, for their meaning to become clear.
We like to believe that hard work is sufficient, that talent rises and that merit speaks for itself. These are comforting beliefs. They are also incomplete.
I learnt this the hard way. Capability and commitment are rarely the problem. Progress stalls when people do not know the rules because no one has taken on the responsibility of explaining them, when their voice is present but not weighted, when decisions are shaped elsewhere by those already closest to power.
Access, I have learnt, is not the same as belonging.
Being invited into the room does not guarantee you will be heard. Being present does not mean you participate in decision making. Representation without influence is fragile, and often fleeting. Belonging requires something more enduring than representation; it requires agency.
For a long time, I waited for the doors to open. Eventually, I realised that waiting was a choice I had made.
What changed was not my ambition, but my understanding of responsibility. Progress does not come only from individual contributions. It comes from people who choose to widen the path for others; quietly, consistently and with intent.
Sometimes that means bringing someone into a conversation from which they have been excluded. Sometimes it means speaking a name in a room from which that person is absent. Sometimes it means explaining rules that have never been written down, but always enforced. These moments rarely attract attention. They are also the moments when careers change direction. This is the work that shapes cultures.
I am acutely aware that I did not succeed alone. There were people who spoke for me before I had a voice. There were people who trusted my intent before others trusted my credentials. There were people who used their influence, not to advance themselves but to create space for me to advance. Their actions stayed with me long after those moments had passed. I carry those memories with me.
This is why I mentor with intent, not optics. It is why I sponsor rather than simply advise, and why I pay attention to who is missing when decisions are being made. It is also why I invest time in making cyber security simpler and more accessible, not as a charitable gesture, but as a commitment to participation.
Because, once you see where the gaps are, neutrality is no longer an option.
My grandmother taught me that strength is proven, not through individual wins but through the communities we build. Years later, I understand her with greater clarity.
When doors don’t open for you, building the bridge together is not an act of defiance, it is an act of leadership.
www.linkedin.com/in/jayhira
Jay Hira is a cyber security practitioner, lifelong learner, and advocate for inclusion. With nearly two decades of global experience, he has helped more than 100 organisations transform cyber risk into opportunity by making security simple, accessible, and a driver of growth. Known for his pragmatic, people first approach, Jay simplifies complex challenges to deliver actionable advice that empowers teams and strengthens resilience. He values diverse perspectives and believes the best solutions arise from collaboration and continuous learning. Jay’s experience spans across the spectrum of attack, defence, architecture, governance, strategy, and transformation, with a strong focus on building high performing, inclusive teams. He simplifies security, inspires authentic leadership, and ensures security serves as a force for good in every organisation.
by Adriana Jones, Engineer, Cybersecurity Advocate and founder of The Innocent Souls Project (TISP)
Before transitioning into cybersecurity I worked in construction. With a background in civil engineering I’ve always been fascinated by how bridges function. At their core bridges connect two points and enable weights to be carried safely between these points. But what makes them truly effective is not just the connection, it’s the precision. Every structural component must work in unison. If one fails, the entire system is compromised.
Cybersecurity faces a similar challenge. If we are to build a meaningful bridge between cybersecurity and the broader community, particularly parents, educators and children we must understand that there is no single solution to the problem. We are dealing with a system, one that requires multiple components working together seamlessly to ensure information is not only transferred but understood, trusted and applied. This is the foundation of The Innocent Souls Project
It was founded with the mission to translate cybersecurity into something practical and accessible. It focuses on making digital safety tangible for those who need it most. The reality is that traditional cybersecurity frameworks were never designed for everyday families or early childhood environments, yet these are the frontlines where risk is rapidly increasing.
Most cybersecurity initiatives fail at the first step: they speak at people, not to them. Parents, carers, educators and childcare professionals are often expected to manage digital risks without having the technical background to do so. Treating them as one group is a mistake. Each has different responsibilities, different levels of exposure to technology and different pressures.
For example:
• a parent may struggle with managing screen time and social media risks.
• a childcare worker may handle sensitive data without understanding data security principles.
• an educator may be responsible for guiding children’s digital behaviour without formal training in cybersecurity.
Children, however, represent the most critical, and vulnerable, audience. Their interaction with technology is not just technical; it is behavioural and psychological. They are exposed to risks such as grooming, manipulation and social engineering long before they have the cognitive ability to recognise such risks. Addressing these risks requires more than awareness; it requires early, age appropriate intervention.
Once the audience is understood, the next challenge is to communicate effectively with it. Cybersecurity language is often complex, technical and inaccessible. Translating it into something meaningful requires creativity, strategy and a deep understanding of human behaviour. This is where The Innocent Souls Project differentiates itself. It incorporates a multi layered approach to ensure cybersecurity practices are adapted.
• For children. The project has developed audio based storytelling tools designed to subtly introduce concepts like online grooming and social engineering. Rather than relying on fear based messaging these resources help children develop, understand and retain critical thinking skills.
• For educators and childcare professionals. The Innocent Souls Project’s CyberSafety Program addresses a major gap in the sector: limited awareness of cybersecurity, data privacy and digital risk. It equips professionals with practical knowledge aligned with their duty of care, enabling them to identify and respond to both online and offline threats.
• For parents. The project delivers targeted content that highlights the realities of children’s exposure to digital platforms. It goes beyond awareness, guiding parents towards decisive, informed actions to protect their children in an increasingly complex online environment.
Even the best message fails if it is delivered poorly. Different audiences absorb information in different ways. A one size fits all delivery model is ineffective, particularly in cybersecurity awareness. The success of any initiative depends on meeting people where they are, both intellectually and emotionally.
The Innocent Souls Project prioritises accessibility over complexity, engagement over instruction and practical application over theory. By combining
storytelling, education and behavioural insight, the project ensures information is not just received, but acted upon.
Children are growing up in a digital environment that evolves faster than the systems designed to protect them. While industries invest heavily in securing infrastructure and data, the human layer especially within families and early education remains critically underdeveloped. This is the gap. It is precisely where The Innocent Souls Project operates.
The project is not just an awareness initiative. It is a structured approach to embedding cybersecurity thinking into everyday life, starting with those who are least equipped yet most at risk.
If we do not achieve this goal the repercussions will be far from theoretical. They will manifest as real human consequences affecting the most vulnerable among us. The Innocent Souls Project is dedicated to preventing this from happening in our society.
au.linkedin.com/company/tisp-the-innocent-souls-project
www.instagram.com/tisp_project
theinnocentsoulsproject.com.au
by Marina Azar Toailoa, Founder of the Mummy Safety Security Project
I began the Mummy Safety Security Project because I worked on the frontline and witnessed too often the harm that can be inflicted when children are exposed to risk.
In real life abuse, grooming, neglect, exploitation and preventable safety failures do not occur in isolation. They occur in homes, online spaces, schools, neighbourhoods, transport settings, community venues and other everyday places where adults and systems are meant to recognise danger and respond early.
Through analysing security incidents and the gaps that allowed offenders to cause harm I came to one clear conclusion: child protection is not only a parenting issue or family concern; it is a broader social responsibility that requires education, vigilance and collaboration across the whole community.
This understanding is consistent with leading child protection frameworks. The United States Centers for Disease Control and Prevention (CDC) states that preventing child abuse and neglect depends on creating safe, stable, nurturing relationships and environments, and that everyone has a role to play.
UNICEF similarly explains that violence against children occurs in every country and across all segments of society, and that coordinated action from governments, schools, justice systems, health services, community organisations, parents and the media is required to counter it.
In Australia, the Safe and Supported national framework recognises that keeping children safe means strengthening families, supporting communities and addressing the wider systems that place children at risk of harm.
These perspectives make one thing very clear: when a child is harmed the problem is rarely limited to one household. Often, social silence, weak safeguards, poor communication, missed warning signs or system failures allow the danger to spread.
One of the greatest myths in child protection is the belief that ‘good families’ naturally keep children safe and that everything else is a private matter. In reality many children who experience harm come from families who love them but do not always have the information, support or confidence to identify risk early.
Some parents do not know how offenders manipulate trust. Others feel uncomfortable discussing body safety, online safety, boundaries, consent, secrecy or coercive behaviour in age appropriate ways. Some assume their child will automatically speak up if something is wrong, even though fear, confusion, shame, loyalty or grooming can keep children silent for long periods.
That is why education matters so deeply. Child protection becomes stronger when parents are empowered with practical knowledge and when children are taught, in age appropriate ways, how to recognise unsafe situations, trust their instincts and seek help from safe adults.
This is the heart of my work. The purpose of the Mummy Safety Security Project is to protect children through education and collaboration. I teach children age appropriate ways to stay safe and I empower parents to continue those safety conversations at home. My approach is shaped by real life frontline experience, not theory alone.
I have seen how small oversights can become major vulnerabilities, how offenders identify opportunities, and how communities often react only after a tragedy instead of before it. Being a voice for the voiceless means refusing to wait until harm is visible beyond doubt. It means helping adults understand that prevention is not fear based parenting; it is informed, calm, practical protection built into everyday life.
A community that takes child protection seriously does not place the burden on parents alone. It asks whether schools are teaching protective behaviours clearly and consistently. It asks whether sporting clubs, faith communities, childcare settings and youth organisations have strong safeguarding practices and adults who know what warning signs to look for. It asks whether neighbours, extended family members and local leaders know how to respond when something feels wrong.
It also asks whether services are connected enough to respond before risk becomes a crisis. The CDC notes that communities can support child safety by increasing access to childcare and education, creating safe supervised spaces, supporting evidence based parent education and discouraging violence more broadly.
These are not small additions to family life; they are part of the protective environment every child deserves. Importantly, child protection is also a question of culture. UNICEF highlights that communities must tackle harmful behaviours and social norms, not only individual incidents.
When societies minimise children’s fears, excuse predatory behaviour, normalise secrecy, ignore online exploitation or dismiss disclosures because they are inconvenient they create the conditions in which abuse can continue. In contrast, strong communities create cultures where children are believed, parents are supported, professionals are accountable and safety education is normal rather than optional. In such communities, protective conversations happen before an emergency.
Adults understand that child protection is active, not passive. They know that silence protects offenders while informed collaboration protects children. The Australian Safe and Supported national framework is especially valuable because it links child safety with prevention, early intervention, stronger workforce capability, shared decision making and culturally safe responses.
This linkage matters, because communities are not all the same, and protection strategies must be responsive to lived realities. Families experiencing disadvantage, trauma, disability, violence or social isolation may face additional barriers to safety. Aboriginal and Torres Strait Islander children and families, in particular, must be supported through culturally informed, community led approaches that address both present risks and the effects of past system failures.
Therefore a serious social response to child protection does not simply demand that families ‘do better’; it invests in the conditions, supports and partnerships that make safety more achievable.
The messages at the centre of this article are simple but urgent. Safe children are created by strong communities. Families remain central, but they cannot, and should not, carry this responsibility alone. If we want to reduce harm we must educate children without frightening them, equip parents without blaming them and build communities that recognise risk early and act together. We must listen to lived experience, learn from real world incidents and close the gaps that offenders exploit. Above all, we must remember that many children cannot advocate for themselves. They depend on adults to notice, to teach, to speak and to act.
That is why I continue this work. Through the Mummy Safety Security Project I aim to bring real life insight, evidence based safety education and collaborative action into the spaces where children and families need them most.
Protecting children is not a side issue, and it is not a responsibility that begins and ends at the front door of one home. It is a social duty. When we treat it that way, we do more than prevent harm. We build safer children, stronger families and stronger communities for everyone.
www.linkedin.com/in/marina-azar-toailoa-66259511a
www.instagram.com/mummysafetysecurityproject
by Melanie Ninovic, Student Engagement Coordinator for Grad Girls at
Not for profit organisation Women 4 STEM has been delivering programs to increase the participation, retention and advancement of women in STEM since 2005.
One such initiative, Grad Girls, is designed to inspire and empower female and gender diverse students to explore careers in STEM. After ten successful years in Victoria, the program has now been launched in Sydney, officially commencing on 15 April.
The approximately 40 students participating in the program’s inaugural year will have the opportunity to:
• develop their personal and professional skills, build their personal brand and create standout job applications.
• receive guidance on career pathways.
• network with industry leading sponsors through partner led events and a dedicated careers expo.
• connect with like minded students and professionals.
• gain valuable insights into their chosen industry and graduate job ready.
At the official launch students had the opportunity to meet and hear from talented industry professionals.
The event opened with Melanie Northrop, program director, who described the experiences students can expect in the year ahead: a wide range of events, networking opportunities and ways to connect with the program’s volunteers, all of whom have careers in STEM.
We then heard from Canva’s Jasmina Zito, threat intelligence and red team lead, who described her unconventional journey into cybersecurity, the challenges she faced along the way, and who gave some insights into her current role.
Following this, students had the opportunity to connect with our partners: Clicks IT Recruitment, Motorola Solutions, IAG, Cognizant and Logicalis. They offered valuable career advice, industry insights and practical tips on applying for graduate programs.
The launch also provided students with support in building their professional brand: photographers on site captured headshots and volunteers assisted with LinkedIn profile development.
One of our volunteers, Melanie Ninovic, moderated a panel exploring the many pathways into and through a career in STEM. She was joined by Amy Berridge, Motorola Solutions, Helisha Patel, Logicalis; Nita Norman, IAG and Aditi Jain, Cognizant.
The panellists shared their diverse career journeys. Some had roles in agriculture and some in retail. Others had considered entirely different paths, such as accounting.
A consistent message throughout the discussion was the importance of embracing opportunities as they arise, rather than holding back due to self doubt. The panel discussion highlighted that many women often lack the confidence to advocate for themselves, particularly in professional environments.
At its core, the purpose of the Grad Girls program is to inspire, educate, and empower female and gender‑diverse students to pursue and succeed in STEM careers.
Grad Girls would like to extend a sincere thank you to all the volunteers and partners who contributed to this significant milestone. We look forward to an exciting year ahead.
www.linkedin.com/in/melanie-cybers
Karen Stephens is the co-founder and CEO of BCyber. After more than 25 years in financial services, Karen moved into SME cybersecurity risk management. She works with SMEs to protect and grow their businesses by demystifying the technical aspects of cybersecurity and helping them to identify and address cybersecurity and governance risk gaps. She was named inaugural Female Cyber Leader of the Year at the 2023 at the CyberSecurity Connect Awards in Canberra and has been a finalist in 2024 and 2025 in the Australian Cyber Awards for Cyber Security Professional of the Year - Professional and Financial Services.
a magical, but mindful, experience
Back in 2024 I posed a question common in many families: “How young is too young to start a cyber safety journey?” My answer has not changed: “ You are never too young to begin.”
Cybersecurity isn’t only about complex code; it’s about modelling good cyber behaviour and building habits that protect our children’s privacy; now and in the future.
When my children were young, I often found myself serving as the family chauffeur for kindergarten playdates. My music, deemed ‘cringeworthy’, was turned down so as not to upset young ears. However, this meant I was privy to back seat conversations, which went something like this:
Child A: Did you want to play <insert well known game>? (NOTE the visitor had brought along their own wi-fi enabled iPad — I have no words!)
Child B: No. My Mum won’t let me.
Child A: Why?
Child B: Randoms!
Child A: Randoms? What are Randoms?
Child B: I don’t know, but my Mum doesn’t like them, so neither do I.
I can only guess that this was the result of my regular “if you don’t know someone in real life, you don’t know them online” rant (I mean, discussion). So, while the message had been finessed, the underlying theme was clearly being absorbed.
As parents and/or guardians we are the primary privacy custodians for our children. While it is natural to want to share milestones like births, first days of school, graduations, etc on social media, we must be mindful of the digital footprint we are creating for our children.
So, welcome to the new job you didn’t know you had: that of the Family Privacy Custodian (FPC) You’re now playing the long game for your child’s digital future. So, before you hit ‘share’, run through this checklist to ensure you are putting their data privacy first.
WARNING: By asking these questions, you are choosing a path that, while perhaps not always the most popular, is the safest for a child’s digital journey.
The ‘starter’ FPC pre-post checklist (You can add your own items)
• Does your post reveal hidden identifiers? Even if your child’s face isn’t clear, check if the background shows your home address, car licence plate, school name, sports team or other identifier.
• How will their future adult self feel? Ask yourself if this image or story is something they would be comfortable having a future employer or partner seeing ten or twenty years from now.
• Am I playing the long game? Remember; once information is online, it is pretty much permanent. Consider if a specific moment needs to be public
or if it should remain a private family memory.
• Could your post be used for ‘unauthorised activities’? Be mindful that photos and information can be harvested by people you don’t know for purposes you would never condone.
• Have I considered the deepfake risk?
Acknowledge that personal information and images can now be easily and realistically manipulated by AI.
• Is this an oversharing trap? While a wish to share news like births or graduations is understandable, evaluate if you are sharing too much detail about your child’s daily routine or year group.
And while I’m on my soapbox…
Empowering your children means moving beyond ‘policing’ towards modelling good behaviour. Children are more likely to follow the rules when they see their parents and/or guardians doing the same. Here are practical ways to guide your family’s cyber journey.
• Respect age minimums. Social media platforms have age requirements for a reason; stick to them.
• Use parental controls wisely. Frame parental controls as a helpful tool for safety rather than a restriction to ‘work around’.
• Prioritise password hygiene. Teach children the importance of strong, private passwords from the start.
• Establish tech‑free zones. Create boundaries such as keeping devices out of bedrooms.
The internet can be a magical place of wonder, but it requires a foundation of safety. By starting the discussion early and putting data privacy first you are giving your children the tools they need to navigate the digital landscape with confidence. After all: you can never be too young to start your cyber safety journey.
www.linkedin.com/in/karen-stephens-bcyber
www.bcyber.com.au x.com/bcyber2
karen@bcyber.com.au youtube.bcyber.com.au/2mux
by Holly Bretherton, Industry Initiatives Manager, ACS and Senior Responsible Officer, Cyberpath
Australia is on the cusp of one of the most significant transformations the cybersecurity profession has ever seen. CyberPath , a national pilot program funded through the Australian Government’s Growing and Professionalising the Cyber Security Industry program, is reshaping how cyber capability and standards are defined, assessed and recognised.
The initiative is led by the Australian Computer Society (ACS) in partnership with the Australian Information Security Association (AISA), the Australian Cyber Collaboration Centre (Aus3C) and, critically, the Australian Women in Security Network (AWSN), a strategic consortium partner that helps ensure diversity and inclusion are embedded from the ground up.
At its core, CyberPath is building a national professionalisation framework that will:
1. define clear cyber roles and competencies.
2. establish recognised learning and career pathways.
3. validate practitioner capability through assessment and accreditation.
4. reduce barriers to entry and support diverse talent.
5. align Australia with international standards and workforce expectations.
Unlike traditional accreditation schemes, CyberPath is a once‑in‑a‑generation opportunity to shape what it means to be a cyber professional in Australia. It is designed to be industry‑led and community‑driven, ensuring practitioners, career changers, students and skilled migrants all have a voice in shaping the future workforce.
Women remain significantly under represented in cybersecurity and systemic barriers such as unclear roles, hiring practices, inconsistent expectations and non inclusive cultures continue to limit participation and progression. RMIT research, based on 2021 Census data, estimated women represented 17 percent of the Australian cybersecurity workforce.
CyberPath has the potential to directly address challenges through:
• Creating clarity where ambiguity harms women
Ambiguous job titles, inconsistent expectations and informal hiring practices often disadvantage women, especially those entering via non traditional pathways. CyberPath can provide clarity, transparent competency expectations and standardised assessment models, reducing bias and leveling the playing field.
• Recognising diverse pathways into cyber
Many women enter cyber through career changes, adjacent roles or self directed learning. CyberPath’s support for recognition of prior learning (RPL) and recognition of prior experience (RPE) ensures capability beyond formal qualifications is recognised.
• Embedding diversity and inclusion by design Unlike frameworks that retrofit inclusion, CyberPath integrates inclusion from the beginning. AWSN’s role as a consortium partner ensures women’s voices shape every stage of development.
• Reducing imposter syndrome through clear standards
Ambiguity fuels imposter syndrome. Clear competency frameworks help practitioners understand what ‘good’ looks like, providing confidence and direction: particularly important for women who often face additional confidence barriers.
CyberPath is not being built behind closed doors. It is an iterative, collaborative, national effort that depends on broad participation. The program’s consultation strategy spans educators, employers, practitioners, career changers, DEI groups and more. Women must be active participants in this process for several reasons.
• Ensuring standards reflect women’s real experiences
Women often face barriers such as limited access to mentors, biased promotion practices, carer responsibilities and reduced access to sponsorship or professional development. Without women’s input, these realities risk being overlooked.
• Influencing how competency is defined and assessed
Assessment models can unintentionally reinforce bias. Women’s involvement is critical to ensuring assessments are inclusive, flexible and reflective of real world capability rather than narrow definitions of expertise.
• Shaping learning pathways that support women’s progression
The program’s mandate includes reducing barriers to entry and retaining diverse talent. Women’s lived experience is essential to designing pathways that are flexible, accessible and supportive across career stages.
• Defining what leadership looks like in a professionalised workforce
CyberPath can strengthen professional identity, career progression and recognition. Women must help define what leadership and lateral progression looks like in a professionalised cyber workforce so that pathways are not built around outdated or exclusionary norms.
While the framework is still being codesigned, several principles are emerging as critical to ensuring inclusivity.
• Clear, portable, recognised credentials
Competency based accreditation provides external validation and portability across employers, particularly valuable for women returning from career breaks or transitioning into cyber.
• Inclusive learning and assessment pathways
Flexible evidence portfolios, recognition of informal learning, neurodiversity affirming assessment practices and reasonable
adjustments support women balancing multiple responsibilities.
• A national standard that reduces bias in hiring and promotion
Standardised role definitions and competency expectations reduce reliance on subjective hiring practices, ‘culture fit’ assessments, and informal networks.
• Strengthened professional identity and reduced attrition
CyberPath can strengthen belonging and reduce isolation, factors that disproportionately affect women. CyberPath can give people a clearer sense of who they are in their work, strengthening belonging through common standards, language and values.
• A platform for women’s voices and leadership AWSN’s leadership role as a consortium partner signals that women are central to Australia’s cyber capability, providing visibility and influence for future generations. This visibility matters.
CyberPath represents a rare opportunity to build a national profession from the ground up. It is a living framework, shaped through ongoing consultation, and its success depends on broad participation. Women across the ecosystem are encouraged to be part of the CyberPath journey and to help define it.
REGISTER EOI’S AND STAY INFORMED HERE:
cyberpath.acs.org.au
CONTACT THE CYBERPATH PROGRAM TEAM AT:
cyberpath@acs.org.au
AUTHOR'S DETAILS:
www.linkedin.com/in/holly-bretherton-9852978
Madhuri is a cybersecurity leader with nearly two decades of experience across strategy, governance, risk, compliance, product and engineering. She was recognised with a Global Cyber Security Leader of the Year award. She holds a master’s degree in cybersecurity digital forensics and serves as head of security at Nuvei and as chair of the AWSN board. She is the author of the Cyber Smart book and creator of a cybersecurity awareness framework. She is known for her strong voice in inclusive leadership, mentorship and community building.
Security does not fail in isolation. Failure often begins in the spaces we do not pay enough attention to: between teams, between intent and execution, and between what we design and how things actually work. In those spaces, what is missing is rarely another control, it is a connection. This reflects broader industry patterns. The 2024 Data Breach Investigations Report by Verizon shows that more than two thirds of breaches involved a human element, reinforcing the argument that many security challenges are not purely technical but rooted in how people, systems and decisions interact.
In cybersecurity we spend a lot of time strengthening systems, but the work that makes those systems effective is quieter. It is translating risk assessments
into decisions, turning policy into something teams can follow, and making sure that what is designed holds up in the way people really work. That is bridge building.
I have seen bridge building play out in different ways over time. In one instance, a control was technically in place, access reviews had been completed, reports had been generated and everything appeared compliant. However, when we looked closer, the reviews were happening without full context. Teams were approving access without clear visibility, and ownership was not well understood. No individual control measure was broken, but these control measures were not achieving their goals.
Bridge building in cybersecurity is often misunderstood. It does not entail collaboration or communication alone. It requires the intentional connection of risk to business decisions, governance to day to day operations, and accountability to clearly defined ownership. Without these connections, even well designed frameworks struggle to deliver outcomes.
One of the most common examples of the lack of these connections is in governance. Controls are often treated as comprising policies to be documented and requirements to be met. In reality, governance works only when actively lived.
In one case, third party risk assessments were being completed consistently, vendors were providing evidence, policies were being reviewed and compliance requirements were being met. However, there was limited visibility into how these controls were being maintained over time. So we moved from a one time validation approach to ongoing governance by introducing periodic monitoring, clearer ownership across teams and simple dashboards to track control effectiveness. The control itself did not change significantly, but how it was sustained did.
Bridge building also shows up in the make up of conversational groups. In many organisations, decisions are made in spaces that are not always visible and often the same voices dominate. Bridge building requires intentionally elevating voices that are not always represented in these spaces to ensure decisions are shaped by a broader range of experiences and perspectives.
This bridge building includes recognising different ways of thinking and working and creating environments where diverse cognitive and accessibility needs are not just accommodated but are valued. I have seen the impact of bringing the right people into the room early. In one case, a project was progressing with strong technical direction but
security considerations were raised only at later stages. By involving a broader set of voices earlier, including those closer to delivery, the conversations changed. Risks were understood sooner and solutions became more practical and easier to adopt. It was not a major structural change, just a shift in who was included and when.
Similar gaps exist outside organisational environments. Awareness of cybersecurity is growing, but understanding does not always keep pace. Many people know risks exist but few feel confident navigating them. Whether it is parents guiding their children or individuals making decisions about privacy and digital behaviour, there is often a gap between knowing and doing. Bridging that gap does not require complexity. It requires clarity and the ability to translate security into something people can relate to and act upon.
If there is one thing I have learnt it is that progress in cybersecurity does not always come from building more. It comes from forging connections between existing components, more clearly, more intentionally and in a way that people can sustain.
www.linkedin.com/in/madhurinandi
Lindsay Coudert is currently studying a Bachelor of Counter Terrorism, Security and Intelligence (Cyber Security) at Edith Cowan University
Bachelor of Counter Terrorism, Security and Intelligence (Cyber Security) student at Edith Cowan University
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?
I usually start by breaking the stereotype of cybersecurity being just a ‘hacker in a hoodie typing fast on a keyboard,’ which is what most people see in movies, along with the “we’re in” once they break into the mainframe. I explain that the field is actually incredibly diverse and that there are roles that are highly technical, analytical, investigative, and even strategic.
I highlight the thrill of uncovering cyber threats, protecting critical information, and solving complex puzzles that can have real world impact.
To make it relatable, I often share experiences from our Student Cybersecurity Club at ECU especially through CTFs which has multiple categories to fit different people’s skill sets which helps people understand that there are places for a variety of interests.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
When I first considered cybersecurity, I, like many others I have to be honest, imagined it as hacking in a black hoodie, typing furiously on a keyboard what movies often portray. In reality, the field is much broader and more dynamic than that stereotype. There are technical roles, but also analytical, investigative, and communication focused roles. Discovering Digital Forensics and Incident Response (DFIR) has been especially exciting for me because it allows me to combine my love for solving crimes with cybersecurity. This broader understanding has made my journey much more enjoyable and fulfilling.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice
I aspire to work in Digital Forensics and Incident Response ideally within an intelligence agency. My motivation comes from a deep fascination with forensic investigation, understanding crimes, uncovering hidden evidence, and solving complex puzzles. In high school I aspired to be a medical examiner and unfortunately situations came up with family issues, but when I found cyber security through TAFE and I found myself really enjoying the Forensics in the Advanced Diploma and it was a way for me to satisfy that dream but in a different sector so computer crimes instead of homicides which really satisfied that opportunity of investigating and solving crimes.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
I was really lucky and incredibly fortunate to get such a large amount of support from my friends, especially those I met through the cyber security industry and have started my university journey
with. They were really supportive and encouraged me every step of the way especially when things got difficult.
My family on the other hand didn’t take it well because it went against the fact that they wanted me to work with horses they wanted control over me, but I had such a large support network I made it happen and I made it work, I loved what I study at Tafe, it’s what drove me to pursue a Bachelor’s and even the possibility of a Masters by Research down the line.
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. For me the most memorable event would have to be when I started to attend RedRoom weekly events at ECU, it’s been so beneficial in my Capture The Flag journey we competed in the Australian Cyber Games in both 2024 and 2025 where the teams I was on
finished 10th and 13th respectively, in 2024 I was the only TAFE student on the team, which made that placing on a nationwide level even more meaningful. They have been incredible and I was nominated as their Industry Liaison when we first decided to have our executive committee so the amount of trust that was placed in me to help them kickstart the club on their journey as their own official club was something I was really proud of.
What aspect of your cybersecurity studies excites you the most, and why?
My favourite aspect of my current course is the digital forensics and Incident Response; I haven’t yet done that unit at university. I have done it as a part of my TAFE studies. It is an area of work I find where you have to be curious and enjoy diving deep into investigations which is something I really enjoy doing, especially since I love reading my true crime or about air crash investigations. I really enjoy picking
LINDSAY COUDERT
up things to read and listen to and finding out what happened and how it happened, the why if there is any. Especially with the focus on Intelligence in the course I am doing which rewards finding information that is turned into an actionable report.
Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?
I am very active in the cyber community particularly with organisations such as AISA, Students of Cyber and STOTM where I am one of the current members of the administration team members. It’s been really beneficial to be in these communities. You learn more from conversations with people around you than you realise you do. It’s also been very beneficial to our club as we have managed to get some guest speakers which has been beneficial to our members. I’ve helped organise a guest speaker for AISA WA, and I was able to use my social networking for the ACS Foundation, where the WA Manager came to do a LinkedIn and Resume writing workshop for RedRoom.
What is your preferred source for staying informed about cybersecurity trends and general information?
Podcasts especially Darknet Diaries, Click Here, Risky Business, Hacked to name a few. I love my podcasts; I love listening to something as I am on the train or studying. My favourite of those is Darknet Diaries. I really enjoy the way Jack presents and the way he brings in the investigators, the perpetrators and his overall ability to explain a scenario . For blogs and websites, I follow CrowdStrike’s reports, Krebs on Security, and the hacker news. But I would go to podcasts typically that’s usually going to be my first source of information.
Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?
I have done a bit of looking at the start of my career, unfortunately it hasn’t been the best a bit of a mixed bag, especially with the private sector I always run into the same issue of not being qualified enough because I didn’t go to university, or I run into the issue of coming from a background as a blue collar worker so I don’t have the ‘traditional’ customer service. For the public sector and government agencies my experience has been really good I haven’t had a single problem apart from being in Perth and the agency I had done an interview for didn’t have a Perth office and being a dual citizen they had no idea when they could guarantee my clearance would be completed so it would mean dropping from my degree but I found the process a lot more positive and was a lot more hopeful than going to private where I could not even get an interview.
www.linkedin.com/in/lindsay-coudert-729696287
in
Are you a student passionate about shaping the future of security? Do you have innovative ideas and insights to share with a global audience? Join us in contributing to the Women in Security Magazine and become a voice for the next generation of security leaders!
Gain valuable exposure: Reach over 11000 subscribers globally and showcase your expertise to industry professionals.
Make an impact: Share your experiences, challenges, and aspirations to inspire others and shape the future of security.
Let us know you are interested. We will send you a series of questions of which you can choose which ones you would like to answer. Submit those back to us in an email. We will then edit to be a concise and flowing edited Q&A.
Don't miss this opportunity to be part of a vibrant community of students driving change in the security industry. Contact us today to learn more about how you can contribute to the Women in Security Magazine!
Contact: jane@source2create.com.au
NATALIAH ALCALA-MAHARAJ
Currently pursuing a Master’s in Cybersecurity, Hacking and Cybercrime Investigation at University of Trinidad and Tobago. Also pursuing GIAC, GSEC, and GCIH at the WiCyS Security Training Scholarship in partnership with SANS
Master’s in Cybersecurity, Hacking and Cybercrime Investigation student at University of Trinidad and Tobago
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?
About a year and a half ago, cybersecurity wasn’t even on my radar. My background is in Medical Laboratory Technology, and my exposure to IT was pretty limited. It all started with a simple curiosity about coding, and somewhere along the way, that curiosity led me into the world of cybersecurity. What immediately drew me in was just how broad and ever changing the field is; there’s always something new to learn, and no single path looks the same.
When I try to explain cybersecurity to people who aren’t familiar with it, I usually start by clearing up a common misconception. It’s not just about “stopping hackers.” It’s really about understanding systems on a deeper level how they work, where they’re vulnerable, and how they can be both protected and, if you’re not careful, exploited.
I used to picture cybersecurity as something intense and fast paced, like what you see in movies. And while there are moments like that, the reality
is often much more subtle. A lot of the work is analytical, paying attention to patterns, noticing when something feels off, and thinking like an attacker to figure out where the weak points might be. It’s a mix of problem solving, critical thinking, investigation and yes, quite a bit of coffee.
What I love most is that no two days are exactly the same. Whether it’s digging through logs, spotting unusual behaviour, or responding to a potential incident, you’re constantly being challenged to think differently and adapt. There’s always something new to uncover, which keeps things interesting.
I also like to remind people that you don’t need a traditional tech background to get into cybersecurity. I’m proof of that. If you’re curious, willing to put in the effort, and open to learning, there’s absolutely a place for you here.
For me, cybersecurity is exciting because it pushes you to think deeply, solve real world problems, and keep growing every step of the way. That’s what makes it such a rewarding path.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
When I first considered studying cybersecurity, I expected a clear and structured path, one where I could complete a defined set of courses and emerge fully competent in the field. However, my experience has been quite different.
I quickly realised that cybersecurity is an incredibly diverse field, made up of many specialties, each with its own pathways, tools, and certifications. From defensive roles focused on monitoring and protecting systems, to offensive roles that simulate attacks, to areas like threat intelligence, governance, and even hybrid functions like purple teaming, there is no single path that defines the field.
Initially, this felt overwhelming, as there was no obvious “right” route to follow. Over time, though, I began to understand why the field is structured this way. The attack surface in cybersecurity is vast and constantly evolving. In simpler terms, threats come from many different directions, and attackers use a wide range of methods. Because of this, defenders must be just as diverse, specialized, and adaptable in their approach.
This experience also taught me the importance of understanding where you want to operate within the field. Rather than trying to learn everything at once, I’ve learned to focus my efforts on areas that align with my strengths and interests.
What initially felt overwhelming has become something I now appreciate. The diversity of cybersecurity is what makes it both challenging and rewarding, and it has allowed me to approach my learning with more clarity and intention.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
Upon graduation, I aim to begin my career as a Security Operations Center (SOC) analyst, with the long term goal of progressing into incident response.
I’m drawn to this path because it focuses on real time threat detection and investigation. The idea of monitoring systems, identifying unusual activity, and understanding what is happening behind the scenes is something I find both challenging and engaging.
Through my hands on experience, I’ve discovered that I enjoy working with logs, analysing alerts, and piecing together events to understand system behavior. It feels like solving a puzzle, where patterns, anomalies, and small details reveal the bigger story.
This interest is also reflected in my CyberGEN. IQ assessment results, which showed a strong alignment with defensive operations and analysis. In particular, my ability to detect patterns and identify anomalies stood out as a key strength, which naturally aligns with the work done in a SOC environment.
Starting in a SOC allows me to build a strong foundation in monitoring, detection, and analysis, which I see as essential for progressing into incident response and handling more complex security events over time.
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
One of the most influential factors in shaping my journey in cybersecurity has been my involvement with Women in CyberSecurity (WiCyS), but that impact is best understood in the context of where I started.
progress through study and on practice, there were still moments of uncertainty about whether I truly belonged in the field.
Becoming part of WiCyS marked a turning point for me.
What impacted me most was the environment. It genuinely felt like a community where people want to see you succeed. That level of support and encouragement played a significant role in helping me build confidence in myself and my abilities.
Through WiCyS, I’ve had the opportunity to connect with professionals, attend events such as the WiCyS Conference, and gain insight into the different paths within cybersecurity. Seeing others who have successfully transitioned into the field made my own goals feel more attainable.
It also gave me greater clarity in terms of where I see myself. Exposure to different roles, particularly within defensive security and incident response, reinforced my interest in pursuing a SOC role and continuing along that path.
Overall, WiCyS has had a lasting impact on both my confidence and my direction. It has not only supported my growth, but has also shown me the importance of community in navigating a field as broad and evolving as cybersecurity.
“I’m also incredibly grateful for the mentors and peers within the WiCyS Security Training Scholarship, whose guidance and support continue to play an important role in my journey.”
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. One of the most meaningful experiences in my cybersecurity journey so far has been being selected for the Women in CyberSecurity (WiCyS) Security Training Scholarship program and honestly, it’s something that still feels a little surreal to look back on.
Coming from Trinidad and Tobago, opportunities like this, especially ones that offer access to world class training and certifications aren’t always easy to come by. So being part of this program meant stepping into spaces and learning environments that I might not have otherwise had access to, and that in itself was incredibly powerful.
What made the experience even more special was the journey through it. It wasn’t just a one time selection. I had to work through multiple stages of challenges and assessments, and with each step, I could feel myself growing. Advancing through several tiers and eventually being selected as one of just 65 participants globally for the final stage was a moment I’ll never forget.
A big part of the program involved Capture the Flag (CTF) challenges, which really pushed me outside of my comfort zone. I had to think critically, troubleshoot problems I’d never seen before, and apply what I was learning in real, practical ways. In one of the international CTFs, I even ranked among the top performers which meant so much to me, especially considering I came into this field without a technical background.
Reaching the final stage also opened the door to advanced SANS training and certifications, which are so highly respected in the cybersecurity space. Having access to that level of learning felt like a turning point in my journey.
But more than the achievements or the milestones, what this experience really gave me was confidence. It showed me that I’m capable of tackling complex challenges, learning at a high level, and standing alongside people from all over the world.
It genuinely changed how I see myself in this field. I’m no longer just trying to find where I fit in cybersecurity, I’m actively creating my place in it.
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
Cybersecurity is a rapidly evolving field, and while my academic program provides a strong foundation, it cannot fully keep pace with the speed at which new threats and technologies emerge.
That said, it has equipped me with something just as important, a way of thinking that helps me keep
up with that pace. Through my studies, I’ve learned to approach systems from both a defensive and attacker perspective, while understanding how layers of security work together.
This has helped me move beyond seeing security as a fixed set of controls, and instead think about how those controls might be tested, where gaps could exist, and whether a system would hold up when challenged. That way of thinking makes it easier to adapt to new threats, because you’re not just relying on what you’ve learned, but how you apply it.
At the same time, I’ve learned that staying aligned with the current threat landscape requires going beyond the classroom. The field evolves in real time, which makes it important to stay informed about emerging threats, trends, and current events.
To support that, I actively engage in hands on practice through security labs, Capture the Flag (CTF)
challenges, and training programs. I also make a conscious effort to stay up to date through industry news, research, and community discussions.
I see my academic program as a strong foundation, but my ability to keep pace with the field comes from combining that foundation with continuous learning, practical experience, and staying actively informed.
What is your preferred source for staying informed about cybersecurity trends and general information
I rely on a combination of threat focused reporting, cybersecurity news platforms, and community driven insights to stay informed.
I regularly follow The DFIR Report for detailed breakdowns of real world incidents, which I find especially valuable for understanding how attacks unfold in practice. I also use BleepingComputer and The Hacker News to stay up to date on current vulnerabilities, breaches, and emerging threats.
In addition, I review cyber threat intelligence (CTI) reports and follow insights from SANS Institute, which provide deeper visibility into attacker behavior and evolving threat trends.
I also benefit from being part of the Women in CyberSecurity (WiCyS) community, where discussions and shared experiences offer valuable, real time perspectives from others in the field.
I find that combining these sources gives me both real time awareness and a broader understanding of how threats evolve, which helps me connect real world threats to the concepts I’m learning.
Considering the holistic requirements of a future role, do you see the need for additional training in non‑cyber skills, such as interpersonal communication or management? If yes, why?
Yes, I do see the need for continued development in non technical skills, particularly in areas such as communication, collaboration, and decision making.
While technical knowledge is essential in cybersecurity, the ability to communicate effectively with different audiences is just as important. This includes being able to translate technical findings into clear, meaningful insights for non technical stakeholders, especially senior leadership and executive teams.
In many cases, decisions around risk, response, and resource allocation are made at that level. Being able to communicate in a way that helps leadership understand the impact of a threat, and the importance of certain actions or investments, is critical.
I’ve come to understand that strong communication can directly influence how quickly and effectively a threat is addressed, as well as how organisations prioritise security overall.
I also see value in developing skills such as time management, adaptability, and the ability to remain composed under pressure, as cybersecurity often involves working in fast paced and high stakes environments.
Overall, I believe that technical and non technical skills go hand in hand. Developing both is essential not only for performing well in a role, but for contributing effectively to decision making and strengthening an organisation’s overall security posture.
www.linkedin.com/in/nataliahalcalamaharaj
Bachelor
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest?
I’d describe cybersecurity as a bit like staying one move ahead in a high stakes game. You’re constantly thinking, analysing, and adapting, trying to anticipate what might come next and how to respond before it even happens. That’s what makes it so engaging. There’s always something new to learn.
But what really draws me to it is the purpose behind the work. It’s not just about technology; it’s about protecting people’s data, their privacy, and their trust. In a world that’s becoming more digital every day, being part of that feels meaningful, and honestly, really rewarding.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
Like many people, when I first considered studying cybersecurity, I had a very surface level understanding of what it involved. I thought it would be about learning how to “hack” things like social media accounts which, as it turns out, is far from the reality.
In practice, my experience has been much more foundational and holistic. I’ve built strong skills in networking and programming, which form the backbone of understanding how systems operate and where vulnerabilities can exist. I’ve also explored areas I didn’t initially expect, such as cybersecurity laws and data protection regulations. This broadened my perspective beyond just technical analysis and coding and helped me understand the ethical and legal responsibilities that come with working in this field.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
I aspire to secure a role as either a SOC Analyst or a Penetration Tester. Both roles appeal to me because they are highly technical and provide the opportunity to continuously develop and apply hands on cybersecurity skills.
What motivates this choice is my desire to build a strong technical foundation early in my career. As a SOC Analyst, I would gain experience in monitoring, detecting and responding to real time threats, while penetration testing would allow me to think like an attacker and proactively identify vulnerabilities before they can be exploited.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
My family was very supportive of my decision to pursue cybersecurity. They had always recognised my interest in computers from a young age so moving into a tech related field felt like a natural progression.Initially, I had planned to study software engineering. However, everything changed when I had the opportunity to job shadow a cybersecurity professional at a bank in Zimbabwe.
That experience gave me real insight into the field, and I was immediately drawn to it and I knew it was something I wanted to pursue.
My parents were very encouraging of the shift. They recognised that cybersecurity is a rapidly growing area within IT with strong career prospects and opportunities for continuous development. Their support made the transition feel even more affirming and it gave me the confidence to fully commit to this path.
Who or what has been the most influential factor in shaping your journey in cybersecurity so far, and how has it impacted your career aspirations?
One of the most influential factors in shaping my cybersecurity journey so far has been my involvement in the Deakin University Cybersecurity Association. Being part of a community of passionate and driven students has had a significant impact on both my personal and professional growth.
Through the association, I’ve had the opportunity to attend workshops and networking events that have deepened my understanding of the field and exposed me to real world insights. Beyond learning, it has also given me the chance to step into leadership spaces, contribute to initiatives and collaborate with others who share similar goals.
This experience has not only strengthened my technical and professional skills, but it has also shaped my career aspirations by showing me the importance of community, continuous learning and giving back within the cybersecurity industry.
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. One of the most memorable moments in my cybersecurity journey was attending AISA CyberCon
Melbourne 2025. Being surrounded by like minded individuals and immersed in such an energetic, inspiring environment really stood out to me.
The workshops challenged me and expanded my thinking and the experience as a whole motivated me to keep pushing forward in the field. Around the same time, I also connected with Australian Women in Security Network and Women in CyberSecurity Australia, which made it even more meaningful. Engaging with other women in cybersecurity and learning from their journeys gave me a strong sense of encouragement and belonging.
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
While I am currently seeking entry level opportunities and aiming to secure an internship over the summer, I have been actively building practical experience outside of my academic studies.
I regularly engage in hands on learning through platforms such as TryHackMe and Hack The Box, where I work through real world scenarios to strengthen my technical skills. In addition, I attend cybersecurity workshops, networking events and industry conferences, which have helped me gain practical insights and stay connected to current trends in the field.
The cybersecurity industry offers various certifications from different organisations. Have you pursued, or do you plan to pursue any of these certifications? If so, which ones, and what factors influenced your choice?
NOKUTENDAISHE MASUKU
I am currently working towards obtaining the ISC2 Certified in Cybersecurity (CC) and I plan to attain the CompTIA Security+ by the end of the year.
At this stage, I’ve been focusing on attaining free and entry level certifications, as I am still a student and mindful of financial constraints. However, this has not limited my commitment, instead it has encouraged me to be strategic in choosing certifications that provide strong foundational knowledge and industry recognition.
Both ISC2 CC and Security+ align with my goal of building a solid technical base and preparing for entry level roles in cybersecurity, while also setting the groundwork for more advanced certifications in the future.
Given the rapid evolution of cybersecurity threats, do you feel that your academic program adequately keeps pace with the industry’s current landscape?
To some extent, yes. I believe my academic program does a strong job in building foundational knowledge, particularly in areas like programming and networking which are essential for understanding cybersecurity at a deeper level.
While the content is still valuable, it could benefit from more frequent updates to reflect current industry trends and emerging threats.
What aspect of your cybersecurity studies excites you the most, and why?
One of the aspects I’ve enjoyed the most in my cybersecurity studies so far is computer forensics and network forensics. I find it particularly exciting to analyse data and uncover what has happened during a security incident.
It feels like solving a puzzle and piecing together evidence from different sources to understand how an attack occurred and what its impact was. This investigative side of cybersecurity really resonates with me as it combines technical skills with critical thinking and attention to detail.
Conversely, which aspect of your studies do you find least interesting or useful, and how do you navigate through it?
While I recognise their importance, I find advanced programming units such as data structures and algorithms and object oriented programming less engaging. I understand the concepts and their relevance but they don’t capture my interest in the same way as more security focused topics.
more advanced cybersecurity
for improvement in keeping
That said, I approach these areas with a growth mindset, knowing they form a critical foundation for problem solving and technical depth in cybersecurity. I stay disciplined, focus on understanding the core concepts and remind myself of how these skills support my broader career goals.
Considering the holistic requirements of a future role, do you see the need for additional training in non cyber skills, such as interpersonal communication or management?
If yes, why?
In my case, I feel I am already actively developing these skills through my involvement in student
societies and the broader cybersecurity community. I regularly attend networking events and engage with professionals across various cyber communities in Melbourne, which has significantly strengthened my interpersonal communication and relationship building abilities.
By consistently putting myself in these environments, I’ve already seen a noticeable shift in how I interact with others. I am now more confident, articulate and intentional in my communication.
While there is always room for growth, I believe my current experiences are equipping me well with the non technical skills required for a future role in cybersecurity.
Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?
Yes, I am actively engaged in the broader cybersecurity community and it has been a key part of my journey. I am involved in the Deakin University Cybersecurity Association where I’ve had the opportunity to contribute, learn from peers and engage in initiatives that support student development.
Beyond university, I am also a member of Australian Women in Security Network and Women in CyberSecurity Australia. Through these communities, I not only attend networking events and workshops but I have also participated in mentorship programs offered by both organisations.
These mentorship experiences have been especially valuable, as they’ve allowed me to learn directly from industry professionals, gain guidance on navigating my career and better understand the skills required to succeed in cybersecurity.
Have you actively sought employment opportunities in the cybersecurity field, and if so, what has been your experience with the application and interview process?
Since the beginning of the year, I have been actively applying for entry level IT and cybersecurity roles including help desk positions and cybersecurity internships. While I haven’t received responses from many applications yet, the experience has given me valuable insight into the competitiveness of the field.
One challenge I’ve encountered is that securing internships as an international student can be more difficult than I initially expected. However, I’ve chosen to view this as part of the journey rather than a setback.
I remain committed to improving my chances by focusing on my studies, expanding my network and continuing to build my technical skills through side projects and hands on practice. I am determined to stay persistent, keep applying and make the most of every opportunity as I work towards breaking into the industry.
www.linkedin.com/in/nokutendaishe-masuku-1228b429a/
Jerica Macaraeg currently studying a Bachelor of IT (Networking and Cybersecurity) alongside a Bachelor of Business (International Business) at the University of Technology Sydney (UTS)
Bachelor of IT and Bachelor of Business student at the University of Technology Sydney
In a casual conversation with someone unfamiliar with the field, how do you articulate the excitement and potential of a career in cybersecurity, aiming to spark their interest? What excites me most about a career in cybersecurity is getting to look beyond the headlines. When you see something like “57 million users exposed in a data breach,” it’s easy to focus on the number but what really interests me is everything behind it. The layers of nuance, the systems and controls that were in place, the gaps that were exploited, and the broader picture of how mature the organisation’s security posture really was. There’s always more to the story than what’s reported, and understanding that deeper context is what makes the field so fascinating.
I’m also really drawn to the human side of cybersecurity. Social engineering, in particular, highlights how much psychology plays a role in security. Understanding behaviour, decision making, and what motivates an attacker adds a completely different dimension to the work; it’s not just technical, it’s deeply human.
What I love is that cybersecurity constantly challenges you to think critically and creatively. Every
day, you’re solving problems, building strategies, and finding new ways to protect organisations. You get to see how businesses respond under pressure, how they navigate crises, and the difficult decisions they sometimes have to make like whether to pay a ransom while balancing financial, legal, and reputational risks.
At its core, cybersecurity touches everything. It underpins how organisations operate and how individuals protect their personal privacy. And for me, that constant opportunity to learn, adapt, and make a real impact is what makes this career so exciting.
Reflecting on your initial perceptions of cybersecurity when you first considered studying it, how does the reality of your experiences today compare?
When I first started thinking about a career in cybersecurity, I genuinely believed I had to know everything. Offensive security, defensive security, incident response, digital forensics, GRC you name it. I thought I had to master it all, and at the same time decide whether I was going to be on the “red team” or “blue team” before I’d even graduated. I even felt like I should already be great at hacking and keeping up with CVEs every night. It was overwhelming, to say the least. The industry felt so vast that I didn’t know where to begin or what to focus on.
Now, in my fourth year of university and working as a Security Analyst intern, my perspective has completely shifted. I’ve come to understand that it’s not about knowing everything, it’s about building a balanced, threat informed mindset. At university, there’s often this idea that you have to pick a side red or blue as if those are the only paths. But over time, I’ve realised it’s so much broader than that. Seeing how different areas of cybersecurity connect made me realise there are so many ways to contribute, including roles that aren’t always deep in the tools day to day.
What really stood out to me is how valuable it is to understand both perspectives. You don’t have to fit neatly into one box bringing together elements of both offensive and defensive thinking gives you a much richer, more well rounded approach to problem solving.
I’ve also learned that, despite all the technical complexity and jargon, cybersecurity is ultimately about people. There’s always a human element at the centre whether it’s the attacker, the defender, or the end user. And within organisations, I’ve seen how cybersecurity can sometimes be misunderstood. It’s often viewed as a cost or a blocker, something that slows things down, rather than an investment that protects the business and the people behind it. That shift in perspective, understanding both the technical and human sides has been one of the most important lessons in my journey so far.
Upon graduation, which specific cybersecurity role do you aspire to secure employment in, and what motivates your choice?
I’d like to be in the GRC and Strategy and Consulting space. What motivates me is the impact I can bring to organisations to develop strategies that actually operationalise controls beyond ticking boxes for compliance and embedding attitudes that see cybersecurity as an investment from top to bottom. I see myself as a leader that guides business decisions and helps shape effective mitigation strategies.
When you decided to pursue a career in cybersecurity, how did your parents, peers, or career advisors react? Did you encounter any opposition, and if so, how did you navigate those challenges?
Growing up in an Asian household, throughout high school, my parents planted ideas of my future job occupation from being a doctor, nurse and virtually anything related to health. At the end of Year 10, I
was convinced I wanted to study ophthalmology and plastered the 97.50 ATAR that was required to study it on my wall.
In Year 9 and 10, I did take a subject called Information Software Technology, and it was creating my first HTML/CSS website on my Favourite RNB Artists that made me want to do something in tech. Even so, at the back of my mind, I thought of the alternative reality of pursuing health. So, in Year 12, when I put my course choice in through UAC, even though my first choice was IT/Business, my second option was a Bachelor of Occupational Therapy.
I was very close to pursuing health, but I knew I wanted to find out how I wanted to leave an impact on the world on my own. My parents were initially worried about job security and competition in a saturated field, but this didn’t stop me. They didn’t have a strong opposition at all and were mainly just looking out for me. They supported me nonetheless because they understood that as their daughter, I would do what I set out myself to do. When I found out there were only 17% of women in cyber in Australia in 2023, I gleamed at the challenge and also the intrigue as to why that was the case.
Recount the most memorable or significant event in your cybersecurity journey to date, highlighting why it left a lasting impression. The most significant event for me so far is probably being able to give back to the student community through becoming the 2026 Director of Partnerships at the UTS Cybersecurity Society. Although I had attended their events throughout my earlier uni years, I felt reluctant to join the executive team because it was largely male dominant students interested in the offensive side.
Fast forward to the end of my third year of university, I had garnered a year of experience in the cyber industry through my Security Analyst Internship, and nearly two years of my other internship in technology consulting. It was through these two internship experiences I gained confidence and believed in myself to use my skills to give back to the student community. I had spent years talking to people by then, both clients and customers in my hospitality and retails jobs as a teen. So, I knew I could do the same in connecting companies to sponsor our society, bring industry experts to the students and develop educational collaborative workshops with them.
It continues to leave a lasting impression on me because I decided to take this role on a whim, and it’s been a blast so far. As the primary liaison for the UTS:CSEC with our sponsors, we continue to have fortnightly meetings to develop our event plans for the year. As our society hosts
weekly events, recently, I helped coordinate a Women in Cybersecurity Career Panel where I was also a panellist. This was a significant moment for me, as it was my first time speaking publicly on a career panel, and it was a fulfilling experience speaking with amazing women in the industry as well as sharing my insights to the students. It was a major success with over 80+ students in physical attendance!
Beyond your academic studies, what practical experience have you gained in the field of cybersecurity through employment or internships?
I am currently working an internship as a Security Analyst Intern at Skylight Cyber, a boutique consulting firm, in the Strategy and GRC Team. With a year in, I’ve helped support the delivery of bespoke cyber risk and governance services. These include doing a Board tabletop exercise, creating an incident response playbook for phishing and managing the risk register and third party risk management for a BAU client. I’m also learning a lot on different security frameworks and standards, and how organisations view them against their security maturity.
What aspect of your cybersecurity studies excites you the most, and why?
This isn’t everyone’s favourite, but honestly, it’s learning what’s under the hood. Learning networks, DNS, TCP/IP and how packets travel across the internet. I find it super interesting because you learn how a webpage gets from a server to you as the client. Doing hands on labs like using Cisco Packet Tracer for subjects like Network Security and learning how to configure Linux and Windows systems in Network Servers is especially fun. This is what intrigues me because it’s not just pure magic, and learning how that works ties really well to learning how this infrastructure gets exploited in my cybersecurity studies.
Are there specific aspects of your cybersecurity studies that you find particularly
challenging? If so, what are they, and how do you approach overcoming these challenges?
The most challenging aspect for me is balancing work with full time study. For me, it came down to being intentional with how I prioritised my time. Adjusting my priorities meant that although I wouldn’t get my lecture notes done that particular week, I’d always carve out time where there were less assignments to absorb foundational topics I found relevant in my course.
By studying both IT and business subjects, I would plan each semester based on projected workload. For example, this semester, a subject I wanted to focus on really learning was Network Security. This meant choosing other subjects that either had less workload or balancing it with a creative subject like International Marketing. In terms of organisation, I find that going analog and having a physical planner keeps me accountable on events, classes, and assignments coming up. I keep it fun by having monthly quotes and using creative liberation to decorate around my monthly and weekly spreads!
Do you believe there are areas in cybersecurity that deserve more emphasis in your coursework or areas that could receive less focus?
I’d say the GRC space could use a little love. The main attraction of pursuing cyber as a university student tends to be the glamourisation of hacking and what looks good in a demo. In my study experience, I couldn’t really gauge how security frameworks and standards were used or why they were important beyond compliance.
Considering the holistic requirements of a future role, do you see the need for additional training in non cyber skills, such as interpersonal communication or management?
If yes, why?
100%. You can have all the technical knowledge and skillset in the world, but if you don’t know how to
communicate that to a non technical audience, especially people in leadership who make business decisions for the organisation, it will be hard to differentiate yourself from individuals that can. It’s through harnessing your soft skills and having the tact to guide leadership to make informed decisions that have a ripple effect on the whole company. Say for example a pen tester. If a pen tester cannot translate an organisation’s vulnerabilities, why it matters or what it even means to them, how can leadership even decide whether budget and resource needs to go to fixing those vulnerabilities as opposed to other innovative projects that they know to bring more revenue and opportunities for the business? So yes, for sure!
Are you actively engaged in the broader cybersecurity community? If so, what has been your involvement, and how has it enriched your experience?
Other than joining the UTS Cybersecurity Society as the Director of Partnerships, I’ve gone to conferences like Bsides, participated in AWSN events and created relationships in the industry through coffee chats. I’ve also started a Tik Tok/Instagram account to document my journey as a Woman in Cyber, sharing my insights from ‘How to break into cyber’, to Day in my Life’s and work outfit inspo! It’s been enriching, because I’ve got to meet so many talented individuals in the industry, build my network and also share what I know to other fellow students.
www.linkedin.com/in/jericamacaraeg
LISA ROTHFIELD-KIRSCHNER
Author of How We Got Cyber Smart | Amazon Bestseller
Olivia, Jack, Roy and Johnny: part 2, the group chat that went too far.
In part one of this story (issue #29) Olivia and Jack’s cousin, Roy, used his own face to unlock his brother Johnny's phone and gain access to Johnny’s friends in order to invite them to a surprise birthday party for Johnny.
The story highlighted the security vulnerabilities of biometric authentication, specifically how face ID can be bypassed by siblings or individuals with similar facial structures. It served as a cautionary tale about the importance of digital privacy and the necessity of multi-layered security and as a warning on the dangers of abandoning a strong, unique passcode in favour of convenience.
Part 2:
The morning after Roy confessed to hacking into his brother Johnny’s phone, the mood at Paradise Cove shifted. The guilt had lifted, the settings on Johnny's phone had been updated and Roy was back to buzzing with party energy. He had the numbers. He had the plan. All he needed to do was get the word out.
"Right," Roy said, spreading a crumpled notepad across the kitchen bench. "I've got nine contacts: basketball crew, tennis mates and a couple of Johnny's school friends. I'll just make a group chat, send the details, and we’re kinda done."
Olivia peered up from the book she was reading whilst eating her cereal. "Make sure you double-check who you're adding before you hit send."
"Yeah, yeah," Roy said, already typing.
He did not double-check.
In his rush, Roy copied the numbers from his notepad into the new group chat and sent off a message that read: "SURPRISE PARTY FOR JOHNNY — Saturday 4pm at our house, 14 Rembrandt Drive. Don't tell him!! Bring bathers. Roy."
He put the phone down, feeling chuffed with himself. Olivia gave him a thumbs up. Jack went back to his peanut butter toast.
Forty minutes later, Roy's phone started pinging.
The first few replies were normal. "Sick, I'll be there!" and "Don't worry, lips are sealed.” The usual stuff. But then came a message from a number with no name attached.
"Hey, who is this? How did you get my number? What party?"
Roy's jaw dropped and his face went red. He scrolled back up to the group and checked the phone numbers against his list. Somewhere between copying numbers
off the notepad and pasting them into the chat he had included one wrong digit, a number that belonged to a stranger.
"Olivia," Roy said, his voice very quiet and very flat.
She was at his side in seconds. She read the screen. Then she read it again.
"Oh no," she said.
"Oh no is right,” Jack agreed.
The stranger, an adult named Sean, was very confused about why he'd been invited to a child's birthday party. He had now seen Roy's full message, including the home address and all the other group members’ details.
"Sean now knows where we live," Roy whispered.
"Sean is probably fine," Olivia said, though she didn't sound entirely sure.
"The point isn't Sean," Jack said, sitting down slowly. "The point is that you sent
our address to someone you don't know. You didn't check. You just sent it."
The three of them sat with that for a moment. It was the same uncomfortable feeling from the day before, the one that had crept over them while watching Johnny sleep. They knew they were in a sticky situation. They realised something had gone a little too far, a little too fast and couldn't easily be undone.
Roy removed Sean from the group chat and sent him a separate, deeply apologetic message explaining the mix-up. Sean, to his credit, replied with a simple "No worries mate, happens to the best of us" and that was that. Crisis contained, but only just.
That afternoon, when their parents came back from the markets, Roy told them straightaway. He didn't wait for dinner this time.
"I made a group chat for the party and I added the wrong number by accident," he said. "A stranger got our address."
Their father set down the grocery bags slowly. "Did you check before you sent it?"
"No," Roy admitted.
Their mother pulled up a chair. "This is actually a really common way that private information gets shared with the wrong people," she said, without a trace of told-you-so in her voice. "It's not just about strangers having bad intentions. Sometimes it's just a typo. One wrong number and your home address, your plans, your photos; they're out there with someone you've never met."
"Sean seemed nice," Roy offered.
"Sean was nice," his mother agreed. "But you didn't know that when you hit send."
Johnny, who had been listening from the hallway, wandered in and sat on the bench. "So first you got into my phone," he said, looking at Roy with a raised eyebrow, "and now you've been handing out our address to strangers. Solid week mate."
Roy put his head on the table.
The party, for the record, was brilliant. Johnny walked in on Saturday afternoon to a backyard full of his favourite people, a mountain of food and a banner that Olivia had hand-painted. He was genuinely, completely surprised. Roy had pulled it off.
But the four of them agreed, quietly, that the real lessons of that summer holiday had nothing to do with cake or balloons. They had learnt, in the most hands-on way possible, that digital tools move fast. Sometimes faster than you can think, and that one small, careless moment is all it takes for private information to end up somewhere it was never meant to go.
Top tips for staying safe in group chats and sharing information online
Group chats are a great way to stay connected, but it pays to pause before you hit send.
• Always double-check your contacts. Before adding people to a group chat, verify each number or username carefully. One wrong digit can mean a stranger is reading your private plans.
• Never share your home address in a group chat. Even if you trust everyone in the group, you can't control who screenshots or forwards a message. Only share your location details privately with people you know well.
• Think before you type. Once a message is sent, you can't always take it back. Even if you delete the message, someone may have recorded it or taken a screenshot.
• Keep group chats small. Bigger groups are harder to control in terms of who sees what. Only add people who genuinely need to be there.
• If a stranger ends up in your chat, remove them immediately. Then let a trusted adult know, especially if any personal details like your address or school were shared.
• Talk to a trusted adult if something feels off. If you receive a strange reply or if you feel that a stranger has seen your information, tell a trusted adult straight away.
www.linkedin.com/in/lisarothfield-kirschner
howwegotcybersmart.com
How We Got Cyber Smart addresses cyber safety, cyber bullying and online safety for elementary school-aged children.
Lisa has partnered with Cool.Org , and her content is found on the Department of Education website .
1. KATIE WILSON
Head of Marketing and Communications at Australian Disability Network
2. AMANDA-JANE TURNER
Author of the Demystifying Cybercrime series and Women in Tech books. Conference Speaker and Cybercrime specialist
3. DEVEKA LINGAM
Technology Risk Consultant at KPMG
Application Security
5. ALEYNA DOGAN
Senior Cyber Threat Intelligence Analyst - SOCRadar
6. ADEOLA ODUNLADE
Cybersecurity Professional (SOC Analyst)
7. POOJA AGRAWALLA
Co-Founder & Chief Product Officer at Kreesalis
8. DR. MARGARITA BEL
Executive Leadership at the Forefront of Cyber and AI Security, Human-Centric Innovation, and Strategic Transformation
9. ELOISE TAYLOR
Senior Manager, Security Operations
10. CHINENYE V. UGOCHUKWU
Senior Cybersecurity Architect
11. CRAIG FORD
Head Unicorn – Cofounder and Executive Director, Cyber Unicorns. Australian Best Selling Author of A Hacker I Am, Foresight and The Shadow World book series. vCISO – Hungry Jacks, Wesley Mission, PCYC and Baidam Solutions
12. JO STEWART-RATTRAY
Oceania Ambassador, ISACA
13. LISA VENTURA MBE FCIIS
Chief Executive and Founder, Unity Group Solutions Limited/AI and Cyber Security Association
14. SIMON CARABETTA
National Cyber Security Training Advisor
15. JAY HIRA
Cyber Director – Financial Services, KPMG
16. ADRIANA JONES
Engineer, Cybersecurity Advocate and founder of The Innocent Souls Project (TISP)
17. MELANIE NINOVIC
Student Engagement Coordinator for Grad Girls at Women 4 Stem
18. KAREN STEPHENS
CEO and co-founder of BCyber
19. MARINA AZAR TOAILOA
Founder of the Mummy Safety Security Project
20. HOLLY BRETHERTON
Industry Initiatives Manager, ACS and Senior Responsible Officer, Cyberpath
21. MADHURI NANDI
Madhuri Nandi, Head of security at Nuvei, AWSN Board Chair, author of Cyber Smart
22. LINDSAY COUDERT
Bachelor of Counter Terrorism, Security and Intelligence (Cyber Security) student at Edith Cowan University.
23. NATALIAH ALCALA-MAHARAJ
Master’s in Cybersecurity, Hacking and Cybercrime Investigation student at University of Trinidad and Tobago
24. NOKUTENDAISHE MASUKU
Bachelor of Cybersecurity student at Deakin University
25. JERICA MACARAEG
Bachelor of IT and Bachelor of Business student at the University of Technology Sydney
26. LISA ROTHFIELD-KIRSCHNER
Author of How We Got Cyber Smart | Amazon Bestseller
By Palo Alto Networks
From undergraduate students to mid-career professionals from different countries – have asked for my advice on how to get a job in cybersecurity. They are all passionate about learning a new skill set, be it coding, policymaking or a foreign language. Their passion makes me smile and feel galvanized to help them and keep learning new aspects of cybersecurity.
By Anna Collard
We’ve long defined cybersecurity as the technical discipline of protecting networks, data and systems. But when viewed through a geopolitical lens, then this definition is no longer sufficient. What we are dealing with today goes beyond protecting organisational data, to protecting economies, sovereignty, and increasingly, human perception.
By Pivot Point Security Blog
Large language AI models (LLMs) like GPT-5 and Claude 4.5 typically rely on text, conversational chat, and/or voice/audio prompts to interact with users. The most dangerous cyber threats currently targeting LLMs are prompt injection attacks that use “social engineering” style techniques embedded in prompts to trick the AI into overriding its built-in safeguards.
By asvin GmbH
Thanks to AI, we are at a turning point where traditional, reactive security models are not only outdated but dangerously inadequate. The speed at which attackers operate with the help of AI is no longer measured in days, hours, or minutes, but in seconds and milliseconds.
By Medium-Lavanya Bandla
I’m still learning about system security, so when I came across a recent incident involving Vercel, I tried to understand it in simple terms.It made me realize how modern systems can be vulnerable in unexpected ways. Instead of being a direct hack, this incident shows how attackers can move step by step through different systems.
FROM
By Forta(Katrina Thompson)
We all know where vulnerability management fits into an overall security strategy; it provides the raw data that analysts use to figure out what’s wrong and what needs to be fixed. The problem is, traditional VM stops there –leaving analysts to do all the work.
By Huntress - Rachel Bishop
We’ve got a problem in cybersecurity that needs to be addressed—and it has to do with accessibility.
We know that women make up a woefully small percentage of cyber pros. While women comprise around half of the total workforce, they make up less than 25 percent of the global cybersecurity workforce. Why?
By iforisk Today(Uma Ramani)
Wars are becoming more frequent, and are no longer only kinetic. They are just as active in the cyber world, with impacts much larger than can be imagined. This also leads to state-sponsored hacktivists targeting the critical infrastructure of nations.
By Cisco-Gergana Karadzhova-Dangela
Welcome to the Cisco Women in Cybersecurity’s blog series, where we highlight the stories of the mentors who have inspired and advocated for the careers of those in our community. This series seeks to show the importance of allyship, connection, and how different the journeys can be into a career in cybersecurity.
By BlackFog( Rebecca Harpur)
When you give an AI agent shell access, file system permissions, email credentials, and persistent memory, you have basically built a data exfiltration pipeline that runs 24/7 without human oversight. The ClawdBot incident made that clear: plaintext credential storage, exposed control panels, and over 135,000 instances reachable from the public internet.
By CyberSN
As we approach 2026, businesses face a rapidly evolving cyber threat landscape. From ransomware to AI-driven threats, organizations must adopt strategies that address both technical and workforce vulnerabilities. Deidre Diamond, Founder and CEO of CyberSN, stresses the importance of integrating workforce well-being into cybersecurity planning to stay ahead of emerging threats.
By LogPoint' Blog
Over the past years, digital sovereignty has moved from policy discussion to operational reality for security teams across Europe. For security leaders, service providers, and public sector organizations, this is no longer theoretical. It shows up in audits, procurement processes, customer contracts, and board-level risk discussions. At guardsix, we see this every day.
With Alice Violet Cyber Made Human: the podcast demonstrating how fascinating and accessible cybersecurity is once you remove the complex language barrier.
New episodes every three weeks!
With Kim Bromley and Chris Morgan
Want to hear what industry experts really think about the cyber threats they face? ShadowTalk is a weekly cybersecurity podcast, made by practitioners for practitioners, featuring analytical insights on the latest cybersecurity news and threat research. Threat Intelligence Analyst John Dilgen brings extensive expertise in cyber threat intelligence and incident response, specializing in researching threats impacting ReliaQuest customers.
With Anthony Caruana and Bek Cheb AUSCERT is Australia's pioneer Cyber Emergency Response Team, proudly a part of The University of Queensland. We help our members prevent, detect, respond and mitigate cyber-based attacks.
With Aorthi Afroza, Lola Garden
Producer/Network Hot Girls Cod
Join Aorthi & Lola, two young women working in the tech industry in New Zealand, as they break down coding concepts & stereotypes.
With Cyber queen
Welcome to Cybersecurity
Uncomplicated with Cyber Queen! This podcast makes cybersecurity easy to understand for everyone. Whether you're new to tech or a pro, we cover practical tips, data privacy, cloud security, and more to help you stay safe online. Hosted by Cyber Queen, a cybersecurity educator with 100k followers, each episode brings expert advice and real-life insights on succeeding in cyber security.
With Maddie Regis, David van Heerden and Landon Miles
Go from monotonous to autonomous IT operations with this series. Hosts from Automox, the IT automation platform for modern organizations, will cover the latest IT trends; Patch Tuesday remediations; ways to save time with Worklets (pre-built scripts); reduce risk; slash complexity; and automate OS, third-party, and configuration updates on all your Windows, macOS, and Linux endpoints. Automate confidence everywhere with Automox.
With Caitriona Forde, Fadzayi Chiwandire and Ben Aylett Perth's first Cyber Security industry podcast.Aimed at anyone wanting to learn more about Cybersecurity how it affects their work, home and world around them.Local and international Cyber and Technology news, interviews and events
With Graham Cluley Smashing Security isn’t your typical tech podcast. It serves up weekly tales of cybercrime, hacking horror stories, privacy blunders, and tech mishaps - all with sharp insight, a sense of humour, and zero tolerance for tech waffle.
With The Grugq and Tom Uren
Our second podcast feed, featuring three short news bulletins every week, the Between Two Nerds podcast hosted by The Grugq and Tom Uren, and the Seriously Risky Business podcast about public cybersecurity policy and intelligence.
With Holly Grace Williams Hacked Off demystifies the world of cybersecurity. Hosted by Secarma's Managing Director, Holly Grace Williams, it features weekly interviews delving beneath the headlines of the latest hacks, breaches and vulnerabilities, providing expert advice on how to stay safe online. This podcast is brought to you by global cybersecurity and penetration testing company, Secarma.
With Jennifer Aspesi and Danielle Burton Welcome to the Dell Technologies Power2Protect podcast! Tune in and listen to experts in the field and discover newsworthy updates on Dell's latest and greatest Data Protection and Cyber Security offerings.
With Bryan Brake, Amanda Berlin and Brian Boettcher
A podcast about the world of Cybersecurity, Privacy, Compliance, and Regulatory issues that arise in today's workplace. Co-hosts Bryan Brake, Brian Boettcher, and Amanda Berlin teach concepts that aspiring Information Security professionals need to know, or refresh the memories of seasoned veterans.
Authors // David Meece and Emily Zakkak
This book throws open the doors to the world of IT and Cybersecurity, celebrating over 100 accomplished women who have carved their own paths in these dynamic fields. It's not just a chronical of their achievements, though each story delves into the unique challenges they faced, offering invaluable insights and stereotypes. But the true mission here goes beyond personal triumphs
BUY THE BOOK
Authors // Jane LeClair and Denise Pheils
Provides a basic overview of the status of women in the cybersecurity field.
BUY THE BOOK
Authors // Caroline Wong
In The AI Cybersecurity Handbook, author Caroline Wong examines AI’s impact on both offensive and defensive cybersecurity strategies. Wong explains how artificial intelligence has transformed the way cyberattacks are carried out and how technology professionals prepare for and defend against them.
BUY THE BOOK
Author // Anthony Kraudelt
A comprehensive, experience-driven guide that reveals why individuals and groups compromise digital systems. Drawing on more than two decades of frontline law-enforcement investigations, the book explains the psychological and contextual forces that drive cyber-crime, from financially motivated ransomware gangs to ideologically driven hacktivists and nation-state actors.
BUY THE BOOK
Author // Lisa Ventura
From the trials of overcoming personal struggles to the triumphs that shaped her into a recognised and celebrated individual, Lisa's poetry explores themes of resilience, loss, identity, and the power of hope. Each poem offers a glimpse into the emotional highs and lows of her journey—from the depths of adversity to the light of self-discovery and empowerment—along with real life observations of key events such as the Twin Towers terrorist attack and the Aberfan disaster of the 1960s.
Author // Amanda-Jane Turner
Do you use computers, smart phones and the internet? If you do, please read this book and help protect yourself from cybercrime.There is no solely technical solution to fight cybercrime and neither is there a solely human solution. That is why everyone who uses technology and the internet need to have at least a basic understanding of what they can do to help protect themselves in cyberspace.
Authors // Ivette Smith
"The Dark Web and Scams" by Ivette Ibarra Smith is an in-depth guide to understanding the dark web and various cyber scams, aiming to improve personal cybersecurity. The book covers several topics, starting with an exploration of the dark web—demystifying its role as both a space for illegal activities and a haven for privacy-focused individuals such as journalists and whistleblowers.
Author // Craig ford
I’ve spent my life in the shadows. Watching systems crack, secrets spill and lies unravel with a few keystrokes. Hacking was never about power for me. It was about survival. From a really tough start in life, through to surviving on the streets, I learnt how to do what was needed. My gift in the hacker world is erasing everything, leaving only a glimmer, a hint of what once existed.
Author // Madhuri Nandi
Manas, the Cyber Champion: A Fun & Essential Guide to Online Safety for Kids & Teens
The digital world is full of exciting adventures but also hidden dangers. From social media mishaps to online scams, children face risks that can impact their privacy and safety. That’s where Manas, the Cyber Champion, comes to the rescue!
Authors //Jayme Simmons
The Cyber Time Tracker series follows Codey and his cyber companion Cypher as they travel through time to face the biggest digital threats in history. Each adventure introduces young readers to cybersecurity concepts through exciting stories, friendly characters, and a glowing hourglass that never stops counting down.
Authors // Kumud Kumar And Veena Kumari
Are you concerned about online safety for children? Are you struggling to teach your kids how to stay safe online? Look no further! .
"Guardians of the Digital Realm: A Bedtime Storybook on Cyber Safety" , This children's book focus on cyber safety, offering a positive, fun, and entertaining way to educate kids about internet safety, cyber bullying, social media, and online presence.
Author // Lexington Burnstone
Every day, children encounter scams, unsafe content, and strangers who pretend to be their friends. The Kingdom of Cybersecurity turns important lessons into a magical adventure that explains online and cyber safety in a way that helps young learners truly understand.
The Cyber Security Threat Intelligence Researcher Certification will help you acquire the skills needed to find out who is behind an attack, what the specific threat group is, the natio VISIT HERE
Prepare for a new career in the high-growth field of cybersecurity, no degree or experience required. Get professional training designed and delivered by subject matter experts at Google and have the opportunity to connect with top employers.Organizations must continuously protect themselves and the people they serve from cyber-related threats, like fraud and phishing. They rely on cybersecurity to maintain the confidentiality, integrity, and availability of their internal systems and information.
VISIT HERE
Cyberattacks have surged by 71% and are predicted to continue increasing. This alarming statistic highlights the continued demand for cybersecurity professionals. Jumpstart your cybersecurity career with this introductory IBM course, which introduces you to fundamental cybersecurity concepts, threats, and preventive measures.
This course introduces real-time cyber security techniques and methods in the context of the TCP/IP protocol suites. Explanation of some basic TCP/IP security hacks is used to introduce the need for network security solutions such as stateless and stateful firewalls. Learners will be introduced to the techniques used to design and configure firewall solutions such as packet filters and proxies to protect enterprise assets. VISIT HERE
Begin your journey into cybercrime with this cyber crime free course. Explore the various types of cyberattacks faced by organizations today. Understand the intricacies of cybersecurity threats and discover practical preventive measures. Whether you're new to the field or seeking to broaden your knowledge, this course provides essential insights to empower you in defending against cyber threats.
VISIT HERE
Most organizations plan for routine operations, but what happens when unexpected events overtake the routine? This course examines contingency planning used to prepare for and manage non-normal operations, including cybersecurity incidents – like hacking attempts, web site defacement, denial of service attacks, information disclosures; a well as other natural and man-made cybersecurity disasters.
VISIT HERE
Gain knowledge on how to recognize risks, implement safeguarding measures, & career insights as you address the current changing cyber threats. Join our cybersecurity essentials course and learn vital skills of digital protection.
VISIT HERE
SOC Analysts are the front line of defensive security operations and one of the most in-demand roles in cybersecurity. This career path will prepare you to become an entry-level SOC Analyst.
VISIT HERE
The impact of technology and networks on our lives, culture, and society continues to increase. The very fact that you can take this course from anywhere in the world requires a technological infrastructure that was designed, engineered, and built over the past sixty years.
VISIT HERE
This is CS50's introduction to cybersecurity for technical and nontechnical audiences alike. Learn how to protect your own data, devices, and systems from today's threats and how to recognize and evaluate tomorrow's as well, both at home and at work. Learn to view cybersecurity not in absolute terms but relative, a function of risks and rewards (for an adversary) and costs and benefits (for you).
VISIT HERE
You will have the opportunity to explore the Stanford Online platform, meet the instructors, watch sample videos, and try out featured exercises from the full-length courses.Remember, this preview is just a small sample of all this program has to offer. Exploring this preview does not earn a certificate, but it will help you evaluate whether the full program is a good fit for you. If you’re ready to take the next step in your career, the complete program offers a comprehensive and transformative learning journey.
VISIT HERE
The OPSWAT Academy Introduction to Critical Infrastructure Protection (ICIP) course introduces the fundamentals of cybersecurity within Critical Infrastructure Protection (CIP) and the essential services that support national security, economy, and public health and safety.
FULL TIME ITALY
MAIN RESPONSIBILITIES:
As part of the Regional Cybersecurity organization, you will support the assessment of the cybersecurity posture across Italy by conducting periodic cybersecurity maturity and risk evaluations. Working closely with Business, IT and Operations stakeholders, you will contribute to the analysis of applications,
infrastructures and operational environments, applying structured methodologies to assess risks related to confidentiality, integrity and availability.
FULL TIME AUSTRALIA
KEY RESPONSIBILITIES:
• Develop and execute strategies to enhance the customer’s cyber resilience, including prevention, detection, response, and recovery measures.
• Lead and mentor a team of cybersecurity professionals, fostering a culture of continuous improvement and innovation.
• Conduct risk assessments and vulnerability analyses to identify and address potential threats and weaknesses.
• Collaborate with stakeholders to design and implement incident response and business continuity plans.
FULL TIME NEW ZEALAND
IN THIS ROLE, YOU WILL:
• Build and nurture relationships with key stakeholders in client organisations
• Identify and convert new opportunities to support clients achieving their business outcomes through applying effective cyber expertise
• Lead and deliver cyber engagements from shaping through to implementation
• Take accountability for programme outcomes, timelines, and budgets
• Evaluate customer’s emerging threats and cybersecurity trends to adapt strategies and technologies.
• Ensure compliance with relevant regulations and industry standards and prepare reports for senior management and regulatory bodies.
• Oversee the development and execution of tabletop exercises and simulations to test resilience capabilities.
• Contribute the growth and direction of Deloitte’s national Cyber practice including bringing new cyber services and offerings into delivery with clients
• Apply strong commercial acumen to contribute to running of the practice effectively and profitably
• Work closely with our Technology & Transformation leaders to deliver integrated outcomes
• Support and develop high‑performing delivery teams across the Cyber practice
FULL TIME SOUTH AFRICA
KEY PERFORMANCE AREAS
Cyber Security
• Develop, implement, and monitor a strategic cyber security program to protect enterprise IT assets.
• Manage the implementation of effective incident response and recovery plans, enabling the organization to quickly respond to and recover from security incidents.
• Ensure the governance structure and processes for the department are reviewed and manage the implementation thereof.
• Manage the alignment of technology governance with corporate governance.
• Manage the development of periodic reports on operational excellence and cost reductions achieved.
• Oversee risk assessments regarding cyber security and penetration testing.
• Manage the development of cyber security awareness training for the organization.
FULL TIME INDIA
YOU ARE
• Someone who demonstrates advanced analytical thinking to assess complex risks and architect effective, scalable solutions.
• Able to Communicate with clarity and influence across technical teams, business stakeholders, and leadership.
• An experienced collaborator able to drive secure outcomes and foster a culture of shared responsibility across cross functionality teams.
• Experienced with responding effectively to evolving threats and technologies, guiding others through change.
• Highly responsible, taking full ownership of initiatives, ensuring accountability and follow through across teams.
• An analytical thinker who will adhere to and help refine team processes, contributing to operational maturity.
FULL TIME UNITED KINGDOM
JOB DESCRIPTION
The successful candidate would be:
• Working with Sub Command risk managers and risk owners to better understand their risk areas and the funded activity taking place to manage cyber risk exposure across the Command.
• Maintain professional competence and learning and development
• Analyse the cyber risk assessments and mitigation plans to identify common themes, gaps and make recommendations for action.
• Provide advice and guidance to Sub Commands on cyber security and resilience risks and issues.
• To drive the adoption of Stream amongst the Command and Sub Commands ensuring accurate risk reporting and escalation where required.
FULL TIME FRANCE
MAIN MISSIONS
• Governance :
• Design and maintain the Cybersecurity Framework (policies, standards, and guidelines) to ensure it remains up to date with the evolving threat landscape and L'Oréal needs.
• Ensure applicability of the framework by ensuring that policies are realistic, technically feasible, and tailored to the operational constraints.
• Ensure the cybersecurity framework remains fully aligned with operational security activities and other cross functional workstreams
• Work with compliance team to design and implement the effective deployment strategy of security policies within Zones and Platforms
FULL TIME HONG KONG SRA
KEY RESPONSIBILITIES
• As the top security leader of the company, the CSO is fully responsible for formulating and implementing the company's overall security strategy, building a comprehensive, systematic, and compliant security system covering digital currency exchange, payment business, and global operations. This role will lead the security team to identify, assess, and mitigate all types of security risks (cyber security, physical
• Assist cybersecurity managers in understanding and implementing the framework requirements within their specific contexts.
• Provide guidance and support in tracking the resolution of non compliance issues or audit findings, ensuring long term improvement.
• Ensure Cybersecurity Framework is well known and understood by the team.
• Report KPI.
security, data security, operational security, compliance security), ensure the company's business complies with global security related regulatory requirements, respond to security incidents efficiently, and maintain the company's security reputation and user trust.
FULL TIME UNITED STATES OF AMERICA
IDEAL CANDIDATE PROFILE:
The ideal candidate is a hands on technical leader who thrives in fast paced environments, loves solving complex technical problems while building team capability, and operates with urgency and accountability. You are equally comfortable writing Splunk queries, designing security architectures, coaching team members through technical challenges, and presenting to executives. You understand that this role requires both rolling up your sleeves to do deep
technical work AND developing others. You embrace the reality that cyber security leadership requires commitment beyond standard hours. If you are looking for a role where you can make strategic impact through a combination of personal technical execution and building a high performing team, this is the opportunity.
DATA PRIVACY AND PROTECTION ‑ CYBER GRC PROFESSIONAL ‑ CYBERSECURITY | EY
FULL TIME GREECE
TO QUALIFY FOR THE ROLE, YOU MUST HAVE
• Master’s Degree, or equivalent, in Information Security, Cyber Security, Information Technology, Informatics, or other similar and technical areas
• Evidence of self motivation to continuously develop in the areas of cybersecurity
• Good organizational and time management skills with the ability to prioritize and complete multiple complex projects under tight deadlines
• Ability to translate security issues into business risks
• Excellent interpersonal skills and ability to work effectively within a team at all hierarchical levels
• Willingness to research client inquiries and emerging issues, including regulations, industry practices, and new technologies
FULL TIME UNITED ARAB EMIRATES
KEY RESPONSIBILITIES:
• Monitor external and internal threat environments to identify emerging risks.
• Collect, analyze, and correlate indicators of compromise (IOCs), adversary tactics, techniques, and procedures (TTPs).
• Produce intelligence reports, briefings, and dashboards for stakeholders.
• Experience, knowledge and strong interest in information and cyber security domains are essential for this role
• Experience on Data privacy, implementation of data protection and privacy programmes to ensure confidentiality and security of personal data, addressing regulatory requirements
APPLY HERE
• Develop and tune SIEM correlation rules and detection use cases.
• Support incident response teams with contextual threat intelligence.
• Integrate threat intelligence feeds into SOC platforms (SIEM, SOAR, TIP).
CYBERSECURITY L2 SENIOR ASSOCIATE | PWC ACCELERATION CENTER MANILA
FULL TIME PHILIPPINES
RESPONSIBILITIES
• Contribute to threat intelligence initiatives
• Manage vulnerability assessments and mitigation
• Analyze and solve complex cybersecurity issues
• Mentor and support junior team members
• Maintain elevated standards in cybersecurity practices
• Build and strengthen client relationships
• Develop a deeper understanding of cybersecurity within the business context
• Navigate complex situations to enhance personal and technical growth
APPLY HERE
We need your support to continue this important initiative into its 8th year.
JOIN US IN MELBOURNE FOR 2026
The 2026 Awards will be hosted in Melbourne. To ensure this initiative continues, we invite you to partner with us as a sponsor.
Your sponsorship will help us continue to celebrate and elevate the achievements of women in security across Australia.
Packages available from $6,000 to $50,000 Custom packages tailored to your organisation’s needs
To discuss how you can support and sponsor next year’s awards, please reach out to Aby at Aby@source2create.com.au .
We look forward to partnering with you to make the 2026 Australian Women in Security Awards our best yet.