Best Place for Women to Work in Security​

WINNER - IAG

IAG is the best place to work for women in security in Australia because we have a supportive culture which celebrates diversity, promotes innovative programs that help women build their careers, includes forward-thinking leaders who champion women in security every step of the way and has a genuine commitment to flexibility. 

For women, it provides a variety of career pathways, empowering them to begin in protective security or cybersecurity, then develop according to the interests and passions they discover along the way. 

Outstanding role models Testament to IAG’s commitment to women in security are its many outstanding female role models in leadership positions at all levels. These range from; Natasha Passley, Executive Manager of IAG’s Cyber Security Portfolio, to Rebecca Winfield, Manager of Protective Security Operations and Delivery, to Elaine Muir, Manager of Corporate Security Education and Awareness. 

These brave, brilliant, articulate women invest an abundance of time and effort into mentoring the women in their teams, encouraging them to take on more challenging responsibilities, and side-step into new areas. This is reflected in the gender diversity of so many of IAG’s security teams. 

During the past few years, women who’ve joined the Corporate Security Group from non-technical backgrounds include a graphic designer, a copywriter, and a marketing expert, all of whom now play key roles in raising security awareness throughout IAG. 

At IAG, flexibility isn’t just a buzzword; it’s a way of being. All employees enjoy ample choice when it comes to scheduling hours, job sharing, working from home, shortening the working year—and every other flexible solution imaginable. 

This means that women are in prime position to achieve the work-life balance that suits them; in other words, women are fully supported to kick their career goals while meeting other commitments, such as raising children. In keeping with this, all employees are entitled to 14 weeks’ parental leave, and to a year-long career break—be it to raise children, study or pursue some other goal—then return to their original role. Then there’s the Kids at IAG school holiday care program, which provides free vacation care for school children aged up to 12 at every major IAG office. In addition, all employees receive one day of paid leave per year to spend volunteering with an organisation or program of their choice, as well as paid first aid and CPR training. 

Further, IAG helps women to prepare for the future financially, by providing above industry standard superannuation (13%) to all employees, as well as financial literacy programs in superannuation and retirement. Professional development for women in security IAG knows that education and training are key to women getting ahead. 

Opportunities available to women in security at IAG include one-to-one mentoring, study leave, leadership coaching, and secondment programs. Every employee receives annual funding for education, enabling them to pursue interests and passions.

When women in security at IAG need support—be it emotional, mental, or social—there are plenty of places to find it. IAG follows strong discrimination and harassment policies and offers support for LGBTQI employees, as well as those experiencing transgender transition. 

There’s also CARE, IAG’s Coaching, Advice, Resilience and Encouragement Program, plus tailored support for anyone experiencing mental health issues or domestic violence issues

HIGHLY COMMENDED
NBN SECURITY GROUP

With strong policies, transparent practises and a dedicated diversity and inclusion team, NBN is the best places for women to work in security.

The company’s Diversity and Inclusion Policy (publicly available since March 2017) sets out a ‘zero tolerance for disrespect’, and identifies gender as one of five D&I focus areas. To improve the representation of women in senior management, NBN set a target of 30% of women in senior management by 2020 and to include female representation in all interview panels. Our performance against these targets is publicly reported in the NBN annual report. Within the NBN Security Group, three of the seven General Managers are women and 33% of the broader management team are women. 

Flexible work options are available to all NBN staff including; 

  • Working from Home – practised by all staff to support COVID-19 social distancing arrangements, but was commonly used beforehand 
  • job-sharing arrangements – championed in the Security Group by two female General Managers (the first job-share arrangement at this level at NBN); and 
  • flexible hours. Practices supporting parental responsibilities (which often impact women to a greater extent than men) are also in place. NBN’s Parental Leave Policy ensures staff and/or partners get required time and support when there are new additions to the family unit, which includes same-sex, sole-parent and adopting family units. A stand out feature of the NBN parental leave policy is the option of ‘work four days, get paid for five’ or ‘work three days, get paid for four’ for six months after returning to work.

In addition, the NBN Carer’s policy was recently updated to support staff who are working from home with children, or who have caring duties.

Within the NBN Security Group team, women have regular access to in-house and external security training; are encouraged to participate in internal and external speaking opportunities; as well participate in a variety of secondary development/employment opportunities for women (most notably arrangements for a female security intelligence manager to teach at Deakin University as Professor). Graduates and Interns (including a collaboration with Box Hill Tafe) have always been strongly supported by Security Group and continue to have strong female representation, which helps ensure the NBN’s security talent pipeline.

NBN has provided me with more opportunities for professional development and growth than any of my previous roles – which is a big call, as I’ve been lucky to work in some incredible organisations in my career. I’ve been strongly supported by Security Group’s leadership in both my personal aspirations and in my ambitions for creating an innovative, top-of-class team. At the same time, a people-first culture has made nbn a genuinely great place to work, and I’m proud to be part of a team that sees strength in diversity, cares about its people, and constantly strives to be better.’ Professor Min Livanidis, Manager of Security Intelligence Centre

Best Student Security Leader​

WINNER - SKYE WU

Skye is a real role model for women in security and the cybersecurity discovery domain. She is technically competent, a visionary and advocate for diversity – particularly those women just starting out in security. 

She has been volunteering her time in assisting with developing the AWSN Cadets for 2 years while working full time in the Telstra discovery team as a cybersecurity investigator. 

The Australian Women in Security Network’s Cadets program is an outreach program for female Tertiary students and early career professionals. The program connects participants to a variety of professional development opportunities and to explore different careers in cybersecurity, through workshops and information sessions. 

(https://www.awsn.org.au/index.php/awsn-cadets/ )

She is now the National Program Manager for this program which is now in Melbourne, Brisbane and Canberra. 

Skye regularly speaks on podcasts and at conferences and is an active blogger at www.skyewu.com She gave guidance to the existing and new certifications at VUT and talked to the students about careers in cyber. 

She was also interviewed as part of their ‘Inspire’ speaker series. She is not afraid to challenge the status quo and has helped shift the way we think about cybersecurity discovery and investigation today.

Security Champions​

WINNER - ELAINE MUIR

Elaine Muir is Manager of Corporate Security Education and Awareness at IAG within the Corporate Security Group. 

Elaine is responsible for raising security awareness throughout IAG and its subsidiaries, reaching more than 17,000 employees. Just a few months into the job, she took IAG’s Security Awareness Month Roadshow around Australia and New Zealand, visiting seven cities along the way and having conversations with more than 1,500 staff members. Elaine has significantly uplifted IAG’s security education and awareness program through improvements to the phishing simulation program; promotion of Game of Codes, which teaches secure coding to IAG’s developers via a gamified platform; improvements to IAG’s dedicated Security Website, which breaks down security complexities into everyday language; the development of metrics dashboards that enable visibility of staff behaviours; and consistent, engaging communications that gain traction throughout the business. Simultaneously, Elaine has built strong relationships with multiple teams and industry partners, optimising engagement for all initiatives. 

Beyond championing security in her various roles, Elaine has taken the message further—into the media. When the introduction of the NBN raised security concerns, Elaine organised stories in top-tier media, including the ABC’s Four Corners, the Australian, and the Sydney Morning Herald. Further, Elaine became a champion of pregnant women facing discrimination or unfair treatment, when, after being made redundant without a payout while on maternity leave, she took her story to her local MP. This led to a doorstop interview with then-Labor leader Kim Beazley, which ran on 2GB, the ABC, the Channel 10, the Sydney Morning Herald, and the Age. 

Many of Elaine’s team members have progressed to senior director roles in international companies. Elaine stands out as a security champion for her generous investment of time and effort in others. This means, not only ensuring that her team members develop their talents and careers, but also that they achieve a work-life balance that optimises their well-being. 

‘Elaine is very effective at engaging with people. She works out what matters to them, and speaks to their heart and individual challenges. She’s an open, honest communicator, who’s always ready to help others, to share her experience with them, and foster their progress. She’s a very strong advocate for security.’ — Laura Lees, Head of Information Security APAC, Link Group. 

HIGHLY COMMENDED - LAURA JONES

Laura Jones drives security agenda, executes security imperatives, drives user awareness and training. She installs governance and matured security preparedness across the organisation. She is an excellent communicator and active volunteer.

Laura established governance and process to ensure security by design. Each project needs to consider cybersecurity resilience as its core deliverable. Laura will review and accept project initiation and review deliverables against set cyber objectives. At the same time, Laura will educate project team members on the importance of cybersecurity measures, ways they can be embedded, threats and most common vulnerabilities. She is passionate about educating people in the process to move the needle on our cybersecurity posture.

Laura conceived and runs a security awareness program with a focus on personal cybersecurity and resilience for people to relate to kind of threats, risks and mitigation actions they and their families can take to protect their privacy and data assets. This approach nicely extends into protecting company data assets. Feedback from the program is great. We see much more awareness amongst staff. We also have examples of staff reaching out to our cybersecurity team as soon as they spot any suspicious activity.

Frequent communication with real-life examples recognising the right behaviours amongst staff drives more engagement and understanding that cybersecurity is our joint responsibility.

She defined a clear path and aspiration to get cybersecurity maturity improved over time. She drives the program through a mix of governance, measures, control objectives with the involvement of the Executive team. She made sure cybersecurity is part of company Health, Safety, Quality and Environment program and that it is not an IT stand-alone initiative.

We formally measure security effectiveness and efficiency each quarter and report this back to the executive and corporate teams. Our path of improvement ever since Laura joined our team stands out visibly in the group. Our approach and maturity amongst the highest in the group with the best outcomes vs investment.

Ever since Laura joined the board, our relationship with group cyber teams has changed. Laura set up joint projects and identified areas where it makes much more sense to invest on global level e.g. SOC. Laura established a close relationship with the international community and is driving cybersecurity design for our global organisation.

Immediate outcome of close collaboration across teams is the selection of standard products across cybersecurity domains which allow us to standardise globally, create a notion of following the sun cybersecurity team, easily plug into SOC, share, monitor and implement best practices. In case of issues, we can refocus country teams to remediate issue in another geographic area. This would not be possible if we worked in a silo

Best Female Secure Coder

WINNER - CHEN YU

Chen Yu is a Specialist Engineer in the Adaptive, Response and Engineering Team within IAG’s Cyber Defence and Response Team. 

Chen’s key responsibilities include developing cyber threat detection logic, in order to improve detection capability, as well as developing automation and orchestration tools, in order to improve response efficiency. 

As a Specialist Engineer, Chen plays a key role in numerous of IAG’s activities. Recently, she developed code and workflow on ServiceNow, an internal process which identifies new regulations and obligations, then ensures that IAG remains compliant in a fast-changing landscape. Chen integrated ServiceNow with Data Loss Protection (DLP), in order to improve DLP’s response capability and reduce the manual workload of IAG’s analysts. In addition, Chen played a vital role in the onboarding of Office365 logs, which involved logic development of anomaly detection, in order to increase visibility; and in the automation of a proxy, which has improved efficiency significantly. 

IT Security Barrier Breakers

WINNER - MELISSA MISURACA

Melissa, a ‘non-techie’, specialises in cybersecurity culture programs particularly making the cybersecurity concepts and strategies easily accessible to non-technical audiences. 

Melissa champions “Security Culture as a Service” for Kroll where she has led security culture and awareness programs for dozens of clients across various sectors. The service blends non-technical with technical domains to ensure behavioural change is at the forefront of cybersecurity programs. It’s a unique offer in the market. It provides businesses with a security culture specialist if they lack those skills internally or need immediate, on-demand support.

The service provides guidance to those who are working to overcome barriers such as a lack of management support for security culture, the pressure of time constraints or the common issue of “where do I start?”

Virtually every security compromise can ultimately be traced to a human factor. It puts the focus on the human risks most relevant to an organization, whether they are industry-related or role-based risks.

Melissa has also been busy working across industry groups and collaborative projects to raise the profile and reinforce the importance of security culture for all organisations.

She has provided support virtually to Fitted for Work,  pro bono,  to help the non-profit understand cybersecurity risks stemming from covid19 scams. 

  1. Industry collaboration- SME for Swinburne Uni “Cyber Security for Leaders” course for managers who have a non-technical background.
  2. JUL 2018 to present – Strategic Projects Adviser to AWSN. Collaboration and support for AWSN.
  3. 2017 SIT annual conference –committee volunteer
  4. 2017 & 2018 – Panels- Cyber in Business Festival, IOT Festival Melbourne 
  5. 2017 – Host  Security Culture & Metrics:” SIT breakfast 
  6. AUScert 2018 (Tutorial) Security Culture Strategy
  7. AISA 2018 -Security Culture presentation 
  8. 2018- current – Special Projects and Innovation stream- adviser for AWSN
  9. 2019- SME / multimedia contributor for Swinburne University Cyber Security for Leaders course
  10. 2020- graduated from Harvard University – Kennedy Business School with ” Cybersecurity Risk in the Information Age ” course
  11. AISA 2020- will present on Security Culture at the 2020 virtual event
  12. 2020 – Fitted for Work – pro bono support for helping the non-profit understand cybersecurity risks stemming from covid19 scams 

Blending communications and strategic skills enabled her to address a gap in the market. She wanted to ensure that innovative and creative security culture programs set a new standard in the industry vs tick-box compliance.

HIGHLY COMMENDED - SHELLY MILLS

Shelly joined UQ about 1.5 years ago and has had such an incredible impact.

UQ is currently running two significant programs of work. An IT Security Program and an Enterprise Data Governance Program.

As part of this and the similarity of these programs, we have embarked on a joint Cyber and Data Awareness Campaign. Shelly’s ability to create engaging, relevant artefacts to support these campaigns is what has really made the difference and contributed to the success of the campaign. Her ability to use storytelling techniques and change management skills has directly translated into a change of behaviour in our end users.

It is unique and innovative because we are no longer talking about general cybersecurity or data governance controls. We have seen plenty of examples where organisations choose to ‘just’ purchase some training that is made mandatory, or sticking some posters in the lunchroom. Shelly’s approach is different. Her philosophy is that we need a culture change. People need to change in their personal life and care about their personal data, privacy, cyber risks at home if we want meaningful changes in the workplace. The artefacts she creates are aimed to change peoples attitude and behaviour at home and at work.

It is reshaping the IT security environment because we see a genuine change in behaviour in our end users. We have seen a significant increase in ‘operational’ requests (rather than our project work) because people are getting it. They are asking for more targeted questions and are addressing any shortcomings in their respective organisational areas.

I can summarise it in 2 bits for Shelly.

    1. Passion
    2. Hard word.

Shelly didn’t study data governance or cybersecurity. She didn’t come in as an expert in these fields.

But it’s her passion into creating a safer world that is making her such an asset to our organisation. The projects are better because of her. She will somehow become an expert in a couple of days because she puts in the hard work to understand the problems and find sustainable and long terms solutions.

I would love to say it’s because she reports to me! But the truth is, she genuinely cares about making the world a safer place, in her own way. We jokingly make fun of Shelly how she is such a geek. Her hobbies are listening to data privacy podcasts and reading cyber magazines on the weekend. It’s her passion, and it’s very infectious!

Best Champion of Women in Protective Security/Resilience

WINNER - REBECCA WINFIELD

Current responsibilities Rebecca is Manager of Group Protective Security Operations and Delivery within IAG’s Corporate Security Group, a converged cyber and physical security function. At IAG, Protective Security encompasses physical and international travel security, as well as threat, incident, and emergency management.  Rebecca’s responsibilities include leading IAG’s national contracts in manpower, electronics security technicians, and international travel security—all traditionally male-dominated areas. When COVID-19 hit, Rebecca led IAG’s protective and international travel security response, providing support to IAG’s COVID-19 Crisis Response Team. Now, as IAG prepares to reopen its sites, Rebecca leads the security workstream within IAG’s COVID-19 Return to Work Committee. 

Previously, Rebecca worked for eight years in IAG’s Crisis Management and Business Resilience Team. Her responsibilities included coordinating IAG’s Group Crisis Management Team, driving reviews to meet changing needs, chairing the Business Resilience Community of Practice, developing Group Travel Protection Guidelines, executing IAG’s first Business Continuity Awareness Week, and delivering Annual Group Risk Conferences.

Rebecca is a mentor and role model—at IAG and beyond. She is one of IAG’s first women to become a Member of the Business Continuity Institute (MBCI), and, recently, was nominated for Game Changers, IAG’s accelerated leadership program for women. Rebecca is a committee member and facilitator of IAG’s Women in Risk Forum Working Group, which invites industry experts to discuss relevant issues–from breaking down gender barriers to strategies for mental and emotional overload. At one forum, Rebecca gave a Ted X-style guest speech, in which she shared her story and that of her mum, former Austrade COO, and explored pathways for women in security, particularly the importance of diversity and role models. 

In July 2019, Rebecca facilitated IAG’s first Women in Security panel, as part of IAG’s inaugural Protective Security Awareness Week. The panel featured female experts from Virgin Australia, NBN and IAG, who discussed diversity and the changing nature of women in security. Promoting flexibility Rebecca’s dedication to women in security is evident in her team, with its gender equity ratio of 50%. She encourages team members to work flexibly to enable the right work-life balance. Rebecca also promotes access to IAG’s support networks—be it for mental health or domestic violence issues. As a subject matter expert, Rebecca provides security support for Kids@IAG, which provides free, onsite school holiday care. 

Beyond IAG, Rebecca works hard to increase opportunities for women. She is one of just three female members of the Forum of Australasian Security Executives (FASE), within which she is a member of Women in Security and Resilience (WISR). WISR raises the profile of women in security, by joining forces with AWSN to connect, support, and inspire women in corporate security and resilience, as well as ensuring that discussions at FASE are informed by women’s voices. 

Recently, Rebecca facilitated a visit to a local high school to speak to students interested in security. Last year, with the support of the foundation of one of IAG’s partners, she took her passion to another school—in India. Rebecca is in a unique position to demonstrate that a variety of pathways is available, having worked as a chartered accountant in a top-five accounting firm, then in operational risk at an international bank, before becoming a protective security leader. Rebecca is a role model for women who are interested in security but feel unsure about taking a new direction. 

What Rebecca’s colleagues say: ‘Rebecca is really inspiring in terms of all the work she does, in her everyday job, and in terms of her leadership, from helping other women in security (like myself) to build their skills, to building respectability for women in security, generally, by advocating.’ — Amanda Pitrans, Protective Security Analyst, IAG. ‘Rebecca inspires respect among everybody. She’s incredibly calm, logical, and highly-skilled at crisis management.’ – Craig Millar, Executive Manager, Group Protective Security.

AWSN Award 2020

WINNER - MICHELLE PRICE

Australia’s cybersecurity industry is in safe hands with Michelle Price. 

As CEO of Australia’s peak cybersecurity body, AustCyber, Michelle is building and developing an ecosystem of world-class solution providers. 

Her work is tireless but she never stops. 

I have had the privilege to know Michelle since 2017 and her achievements over that time have been enormous. She has taken a small team, led from the front and from experience and is now surrounded by a rapidly growing team that extends to all states in Australia. 

A few of her most compelling and outstanding accomplishments are as follows:

  • Developing the world’s first National Security Strategy Risk Framework (adopted by the OECD) drafting the 2016 national Cyber Security Strategy as well as developing most of its initiatives and securing their funding including the initiative that caused the creation of AustCyber
  • co-writing the world’s first Cyber Security Sector Competitiveness Plan
  • co-developing world leading cyber security industry impact measurement and revenue/ jobs analysis
  • building AustCyber, designing the national network of Cyber Security Innovation Nodes and programs such as GovPitch, designing the sector’s first ever ‘ideation to export’ knowledge infrastructure to sustain sector growth, leading year-on-year larger trade missions to key overseas markets, directly shaping and supporting the growth of over 100 of our 300+ cyber security companies

In an industry that is incredibly tough and mentally taxing, Michelle has demonstrated professionalism, innovation, and leadership with a high level of grace. Her achievements as mentioned earlier have showcased how she has led many innovative initiatives and has inspired many. She has always made sure that these innovative initiatives are done in an inclusive way. She constantly challenges the status quo in a constructive and meaningful way, not accepting good, but striving for great. She has been supporting young people, in particular women, to feel confident to pursue their interests and passions as well as older people to feel comfortable around new and emerging technologies and ways of working. 

What inspires her to continually strive for excellence is seeing the country thrive. Michelle is very passionate about ensuring potential is realised and delivers community benefit through the journey, by inspiring people to care about cyber security – less about the threats and more about the opportunities that come from the country being a trusted place to do business and a safe place to live our preferred lives. This is embodied in the passion for young people leaning in, supporting entrepreneurs to shine and small businesses to grow.

She not only inspires people but has the respect of anyone that works with her. 

HIGHLY COMMENDED - JO STEWART-RATTRAY

Jo is a demonstrated leader, passionate about the IT security industry and has spent her life’s work educating and mentoring others to inspire future generations of professionals. 

Jo has over 25 years’ experience in the security industry. She consults in risk and technology issues with a particular emphasis on governance and security in both the commercial and operational areas of businesses. 

She provides strategic advice to organisations across a number of industry sectors, including banking and finance, utilities, manufacturing, tertiary education, retail and government. In addition to her full time consulting position, Jo volunteers at least 8-to-10 hours each week to industry associations to help educate and mentor others, displaying an inspirational level of leadership, and supporting strong collaborative relationships between a number of industry professional bodies, such as that between ISACA and the Australian Computer Society (ACS). She has risen to the highest levels of leadership, having previously sat on the ISACA International Board of Directors as Vice President and Director for seven years, was the past chair of the ACS’s South Australia Branch Executive Committee, and also served on the Society’s National Congress. 

Jo has mentored over 25 IT professionals, including myself. In 2006, as President of Women in Innovation & Technology in South Australia, Jo obtained funding for a mentoring program for young women in male-oriented areas of study whilst in the final year of their degree. This programme was extremely successful and ran for more than five years. On the international stage, Jo has made outstanding contributions to the security industry and its development through her tireless work to support the needs of women, indigenous and isolated learners in the fields of information security and governance, through the ISACA SheLeadsTech program.

Jo played a key role in the founding of SheLeadsTech, a global advocacy, mentoring and education initiative that works to empower women in the technology workforce. Closer to home, she has led yearly professional development activities for information technology and security professionals in Papua New Guinea (PNG) to ensure they were able to complete the required number of professional development hours to maintain their credentials. She has also mentored two of the PNG chapter presidents and is still a chapter board mentor today. Jo is a pioneer in the security field and a passionate advocate for increasing the number of women and men working in technology and leading strong firms. She consistently displays her determination to raise the bar for our industry.

Most Promising Newcomer in any areas of Protective Security/Resilience

WINNER - AMANDA PITRANS

Amanda is the Protective Security Analyst in IAG’s Group Protective Security Team, within the Corporate Security Group. Her key responsibilities include data analysis, intelligence gathering, review and presentation of key metrics, and administration. Just 26 and at the beginning of her career, Amanda has already demonstrated incredible promise. She’s played a key role in IAG’s industry-leading response to the COVID-19 pandemic, holds two degrees with distinction averages from a top Australian university and is currently Acting National President of the ASIS International Young Professionals Network, a security industry body. 

Since the COVID-19 pandemic began in December 2019, Amanda has been crucial to IAG’s response, working with both IAG’s Group Protective Security Team and IAG’s dedicated COVID-19 Crisis Response Team, in order to keep nearly 13,000 employees safe, connected, and productive. Amanda has been responsible for gathering in-depth COVID-19 related intelligence, as well as providing daily advisories, which have become IAG’s source of truth.

Male Champions of Change

WINNER - DARREN KANE

A couple of months ago in our weekly nbn Security Group Senior Leadership Team meeting, I raised these awards for discussion and it was very quickly agreed that we have some great stories to share and amazing people to nominate.  I suggested that alongside our nomination for the ‘best place for women to work in security’, we should nominate our boss Darren Kane, nbn’s Chief Security Officer, as a ‘male champion of change’.  He immediately responded that any award we nominate for is as a team as all our achievements are ‘our’ achievements and not ‘his’. But I’ve gone ahead anyway and will have to hope it doesn’t impact my next performance review.

This personal nomination should be read alongside the one for the ‘best place for women to work in security’ that we compiled for the team submission as each and every one of our successes has been underpinned by decisive and compassionate leadership.

I have spent the last five years trying to start a family before finally welcoming our daughter last year after a hard slog of IVF and miscarriages. Throughout that time I felt entirely comfortable sharing what I was going through, and hoping for with Darren. At every step of the way, he made it clear that all he wanted for me to do was to prioritise trying to have a baby over everything else.  

That compassion and support speaks volumes about the kind of leader Darren is.  It’s sadly still the case that many women (and men) are made to feel like they have to hide their plans to have children to avoid being marginalised in the workplace.  I never felt like that and without a doubt his attitude made what was already a very emotional and stressful experience that much easier.  

Before I came back to work from parental leave, Sarah Hosey (who covered my role while I was away) and I proposed a part-time job share for my return to work plan to allow us both to spend time with our young families whilst continuing to operate in a senior leadership role.  Darren was instantly supportive of the idea and within a couple of months it was all approved and official.  I don’t know of any other Security Group in Australia that has two female GMs job sharing.  

Darren’s leadership is rare – it’s real and compassionate, no BS, no games and underpinned with integrity and a commitment to making the way we work better for everyone so that we enjoy and are proud of our role in making nbn Australia’s most trusted and secure network.

Without doubt, the environment we have created that encourages women to thrive and succeed is the result of many people’s efforts but without a strong leader championing and prioritising that change, none of what we have achieved would have been possible. I’ve been part of the NBN Security Group for nine years and it’s no coincidence that all the big changes to the way I feel as a woman in the team have happened over the past five years since Darren joined the organisation.

HIGHLY COMMENDED - MATTHEW WILSON

When Matthew Wilson co-founded Penten in 2014, his vision was for a cybersecurity company that valued gender equality in such a way that it would become part of the fabric of the company. Matthew does not just talk about equality; he tirelessly fosters it. 

And it’s not just because he feels it’s right for women, it’s also because he believes that the diverse nature of cyber threats requires an equally diverse response. Women, he says, must have a voice in any strategy. He and the Board have set an ambitious goal of having a 50:50 gender ratio at Penten and they request monthly updates on statistics and initiatives that drive our inclusive work environment. To date, women comprise 22% of Penten’s workforce—almost double the average for cybersecurity workforces throughout the Asia–Pacific region. 

Matthew also believes in changing the conversation around the stereotypes of women’s roles as employees and as carers. He models positive behaviour, often bringing his children into work, and being open and honest about his own challenges with the work/life balance. 

Matthew has championed our generous employment conditions that include unlimited paid carer’s and sick leave, unlimited paid family and domestic violence leave, and 26 weeks of paid parental leave. He also drove our listing as a work180-endorsed workplace in recognition of our initiatives that cultivate a diverse workforce and one where women feel they can excel. 

Matthew sent a company-wide email for International Women’s Day. We choose to share it because it speaks to Matthew’s personal approach and commitment far better than anything we could write: 

This Sunday is International Women’s Day, it is a time each year that I reflect on what I am doing and its impact on people around me. Upfront I want to say thank you to the Women here at Penten. I am in awe of each and every one of you who have trusted us to understand, support and be better. We see you, we hear your challenges, even though I have not experienced it, I understand and promise to continue to improve … to be better. 

You have had to fight hard and we will absolutely recognise and support you. 

Please expect much of us here and be surprised that we do even better. 

International Women’s Day is a time to reflect on gender bias. We are all constantly surprised by the biases we see in the world we live and work. Be it arguments about operating systems, phone manufacturers, games consoles or even star wars versus start trek (which is not a real argument obviously). But becoming awake to gender biases is something that you can’t unsee. Sadly for me, it was not a fairy tale revelation and I am not proud to say that it took me much of my life before I finally observed and understood. But once I saw the barriers the average woman faces, that they are more significant than the average man, I chose not to walk past them. I chose Respect, I chose to be better and I am so proud that we at Penten have decided to make this a part of who we are, that is part of our values. It takes effort, but it’s not hard to be observant and respectful. We at Penten know that together is better.”

Best Higher Education Program for Young Ladies in Security

WINNER - THE SCHOOLS CYBER SECURITY CHALLENGES

Just 24% of the global cybersecurity workforce includes women. And in Australia, that statistic is even lower – just 19%. The reasons for this are varied and include problems with specific practices and policies in our sector that exclude, marginalise, or disadvantage women. There are also unhelpful stereotypes about cyber which deter women from considering pathways into the field. The solutions to this are equally as varied and will take systemic and organisational change. This change begins in our schools and universities.

In schools, we need to ensure girls at pivotal stages are supported to choose STEM subjects that equip them with the foundational technical skills they need to pursue cyber in later stages of their education. By encouraging more school-aged girls to persevere and flourish in STEM, we will widen the pool of young women entering into tertiary degrees and specialised courses in security.

We also need to break unhelpful stereotypes about the cybersecurity sector because, in reality, it is a vibrant place where professionals have the opportunity to positively impact others and the society in which we all live. The best place to make the most impact is in schools where we can engage girls early in their education experience to inspire them and support them through engaging learning content and by presenting them with female (and male) role models they can relate to.

The Schools Cyber Security Challenges is Australia’s only curriculum-aligned security skills program targeting schools. The program is led by the Australian Computing Academy (University of Sydney) and powered by the industry and government partners Commonwealth Bank, Westpac, ANZ, NAB, BT Global and AustCyber. The program provides high school teachers with resources to support the teaching of cybersecurity concepts, and to inform students of career opportunities in the field.

The Challenges are classroom-ready and aligned with both the Australian Curriculum: Digital Technologies and the ICT Capability. The challenges feature engaging content paired with videos starring real-life security professionals from all of the partnering organisations. Industry mentors actively help teach security concepts to students while also sharing their own career journeys.

To date over 100,000 Australian students nationwide have enrolled in the program across all states and territories. Currently, ~49% of enrolled students identify as females which is fantastic given the program’s aim of engaging girls at pivotal ages when they typically opt out of STEM-related subjects. https://aca.edu.au/projects/cyber-challenges/

 

HIGHLY COMMENDED - University of Queensland - Girls Do Cyber

Diversity is a fundamental philosophical principle in UQ’s approach to security. Gender diversity is critical, with cybersecurity being historically male-dominated, and this motivates our programs such as Girls Do Cyber, and our new Hewlett Packard Women in Cyber Security master’s scholarship program.

Beyond gender, thought and discipline diversity is also critical – a comprehensive cybersecurity response requires a wide range of skills and expertise. This is another foundational principle behind UQ’s cyber security education and is reflected in our Girls Do Cyber program.

By involving people from different academia and industry, involving university students and senior staff, male and female in the teaching of our program, we aim to deliver engaging training to help the girls see how diverse cybersecurity is.

The program is delivered through several different types of support, interactive learning activities (detailed below) and eschews one-way lecture/classroom style delivery.

After introductions and welcomes, the young women first work through the Australian Signals Directorate (ASD) Cyber Experience program – an interactive, online program that allows students to explore the diverse range of skill sets and career paths within the Cyber Security industry, and the ASD in particular. The program explores five different career journeys at ASD in technical, leadership and investigations roles, and allows the students to understand the educational pathways towards them, and understand how their own skills, abilities and interests are relevant.

This is followed by a facilitated discussion of what they have learned, both about themselves and cybersecurity more broadly.

Continuing the girls are introduced to some interactive challenges on topics such as cryptography and web security. The girls work through the activities with support from UQ Cyber Squad tutors. Participants self-select their activities based on their interests and skills, and this choice is supported by discussions with the program facilitators. When time permits, participants can undertake multiple challenges.

Finally, we run an interactive panel discussion with a range of cybersecurity experts featuring women actively working in the space, where they talk about their experiences and take questions from the participants. We seed the discussion by asking panellists to describe their roles, what they do, and how they got there. Our speakers have varied backgrounds and career pathways, and this often leads to lively and entertaining discussion, while also demonstrating the importance of having people with diverse backgrounds working with cybersecurity.

All too often, tertiary education is about enrolments, course viability, administration and assessment. Girls Do Cyber, and the other high school outreach programs we organise, give us an opportunity to connect on a more personal level with our future professionals. We know from experiences in other outreach programs that by inviting the students to meet with university students, staff and industry representatives, the girls will get a personal experience that is highly engaging and feel personal. The program also provides us with an opportunity for us to learn from the girls– what are their preconceptions about the sector, and why do they hold them? What are their experiences in STEM education at school? And finally, it is an opportunity for us to share our passion and excitement for the sector that we have made into our careers. Our panellists, drawn from practitioners and academics within and beyond the university in a range of different relevant disciplines, invariably enjoy the experience as well.

With Girls Do Cyber we aim to dispel certain myths that permeate the sector. Namely, that is primarily a male occupation, and that deep technical IT skills are the only pathway. These two myths intersect in powerful ways to discourage young women from careers in cybersecurity when in truth the sector desperately needs thought and skills diversity.

SPECIAL RECOGNITION AWARD - OxCC

0xCC is a free training conference for women, by women. We provide a multitude of 2-day training for attendees to choose from varying in subjects from red, blue or purple team disciplines in security by trainers who have both years of experience in their field and have had experience facilitating training – most of our trainers regularly teach workshops and/or teach training professionally outside of 0xCC.

The 0xCC 2020 training line up included Malware Analysis and Reverse Engineering by Noushin and Negar Shabab, Exploiting Network Protocols and Devices by Kylie McDevitt, Introduction to Binary Exploitation by Marisa Emerson, Cloud Network Security by Franca Moretto and Security for Software Developers by Erica Anderson. 0xCC also includes networking events and talks, our speakers for this year were Jo Zhou, Jacqui Loustau, Melody Lei, Marina Samokhina and Sarah Young covering a range of topics from advice to technical deep dives into post-quantum cryptography.

All organisers, trainers and attendees identify as partially as wholly as women. We believe that this is important because it is hard to be what you cannot see and there are plenty of technical women out there and we want to promote and provide role models that girls and women can look up to as well as for attendees to build networks so they can help more junior attendees, find attendees at similar levels to grow within the industry or find mentors to help them on their journey in infosec.

We’ve had attendees who range from just finishing senior school (Grade 11 & 12) to women who are CTOs and we have a travel grant program that will pay for the flights and accommodation extended to women in Australia and New Zealand that are unable to attend due to financial circumstances. We believe that financial situations should not be a barrier to further education and opportunities for their passion and we do our best to fulfil grant requests. In 2019, our inaugural conference, we awarded 6 travel grants.

Too often you hear stories about sexual harassment, belittling, exclusion, and the general ignorance that ends up alienating minorities. Having only graduated university 4 years ago, our founder is all too familiar with such behaviours and how helpless one can feel without support. 0xCC hopes to create a foundation for improving diversity and professional culture in security to get more women interested in security and retraining women we already have in security by facilitating quality training and networking. We want to encourage and support women in cybersecurity and aim to be a space where all women feel welcome and at ease to enjoy, share knowledge and further their learning in a field, they are passionate about.

0xCC hopes it is a place that can wash out the bad taste of negative experiences and make way for lasting friendships and networks as well as facilitate the opportunity for attendees to learn or try fields of cybersecurity they are interested in.

Best Volunteer or Not -for-Profit

WINNER - GLADYS ROUISSI

Gladys has been a quiet achiever and unsung hero in the not for profit space for a number of years. Her most recent focus has been the ISACA SheLeadsTech Ambassador for the Sydney Chapter of ISACA. 

The past 3+ years Gladys has driven a focus on delivering opportunities to women in security and the broader risk management industry. This had included the delivery of multiple successful International Women’s Day events.

Gladys is a Director and the current ambassador for SheLeadsTech for the ISACA Sydney Chapter. SheLeadsTech is a program, which seeks to increase the representation of women in technology leadership roles and the tech workforce through raising awareness, mentoring and coaching and building alliances. In her current role (and previous positions including that of President of the Board) Gladys has been integral in developing programs for the chapter that focuses on gender equality and supporting women in our industry. Gladys has held a number of positions with other industry organisations such as the Risk Management Institute of Australasia (RMIA) and the Australian Computer Society (ACS) over the years. Through these roles, she has driven an increase in skills and knowledge across the industry through the coordination and delivery of joint Professional Development opportunities including International Women’s Day events. 

In addition, Gladys has been a supportive mentor to myself and many other women and men in the industry. Gladys also recognises that the industry benefits through increased diversity. Some of the events have also had a focus on educating or including students, including joint sessions with Coder Academy and offering heavily discounted and free tickets to students.

Gladys has made a cognizant effort to ensure that the chapter events and professional development sessions offer something different for the IT security community. She has been generous of her personal time, dedicating many hours per week, to ensure that these events are delivered successfully and provide value to participants. Gladys is constantly questioning what can be different to increase further engagement and provide an opportunity for members to discuss diversity issues, career enhancement and education.

With many years of volunteering experience, Gladys has been driven by giving back and understands the benefits of sharing her experiences along with coordinating others to share. Gladys has a strong foundational knowledge that by sharing one’s knowledge one also gains that of others. She has a passion to share and learn. She also has a strong sense of community.

Gladys has been the driving force for the successful delivery of ISACA Sydney Chapter International Women’s Day and special events. Through these events, Gladys has been a major advocate for increasing the representation of women in the technology, cybersecurity and leadership roles. Gladys is also recognised as a Women Innovation Network (WIN) Ambassador at Zurich. As part of her role at RMIA on the Certification and Professional Development committee, she is building their Continuing Professional Education (CPE) program.

Most Outstanding Career Contributor in any areas of Protective Security/Resilience

WINNER -KYLIE McDEVITT

Kylie is a Technical Director at the Australian Signals Directorate and the co-founder of  BSides.

Canberra is considered the largest hacker forum in Australia and Kylie was the first female casual lecturer in cyber at UNSW, Canberra.

After recognising the lack of female representation at hacker conferences, Kylie instigated the first female meetup in Australia at BSides Canberra 2016. Hackerchix is now a staple of BSides Canberra, where women come together before the conference. By 2019, Kylie designed the Hackerchix dragonfly logo and gave away programmable badges for attendees and over 200 women now attend BSides Canberra compared to 10-20 when Kylie first started attending events.

Kylie was the first female Technical Director in the ACSC. In this role, she drove the technical and strategic direction of the Emerging Technology & Engineering section. She continues to lead in the agency, committed to ensuring her technical staff are gender diverse.

Furthermore, Recognising the lack of visible women in her workplace, Kylie set up a Women-in-STEM network early on, for colleagues to discuss relevant matters and share opportunities. In 2018, Kylie was pivotal in changing the gender language in the Australian Government’s Information Security Manual. As a result of changing ‘man-in-the-middle’ to ‘person-in-the-middle’, ASD is replacing all non-inclusive gender language in its technical publications and since then, other organisations, both nationally and internationally have begun to adopt the similar language. 

Kylie most recently built and delivered a Network Security training course to the 2020 0xCC Conference – a technical training conference for women by women. The training ran over two days and delivered technical content to 25 female students in a virtual environment.

Since being awarded the 2019 AWSN IT Security Barrier Breaker, Kylie has continued to run CSides Monthly Security meetups as a virtual offering, organising and running monthly security meetups in Canberra for the last 7 years. These are free and open to anyone with an interest in technical security topics. Due to COVID-19, Kylie migrated these monthly meetups in 2020 to an online offering. Approximately 100 people log in every month to participate.

Kylie presented at AISA Melbourne on 5G security and IoT security. She taught Cyber Defence postgraduate training at UNSW Canberra, including moving half the course to an online offering due to COVID-19 restrictions.

Kylie is a passionate, humble role model and continues to support her peers, consciously increasing the diversity of the teams she builds, actively mentoring and supporting women in the computer security industry.

The One to Watch

WINNER - DAISY WONG

I wish to nominate Daisy Wong, Cyber Culture and Engagement Lead at the Department of Premier and Cabinet as a one to watch. 

Daisy is a big supporter of Australian Woman’s Security Network and is one of the chapters leads for Melbourne. Daisy has been volunteering with AWSN for quite some time now and actively encourages other fellow women in cybersecurity to join AWSN. 

In her current role, Daisy is responsible is to build, run and own the cyber engagement program, and support the uplift of cyberculture and awareness across Whole of Victorian Government (WoVG) to enable staff to better identify and manage cyber risks. Daisy has been an exceptional contributor to the WOVG cybersecurity team. 

In a span of 6 months, Daisy has successfully organised and led monthly meetings with internal comms teams at the Department of Premier and Cabinet to ensure Cybersafety key messages are consistent across all Victorian government departments. Developed and ran face-to-face training sessions which focused on the top human risks identified across (WoVG). Successfully developed, and implemented a Cyber Safe Training pathway to provide targeted training for specialists – Risk advisors, IT Professionals, Communication advisors and Executives. 

Daisy has been exceptional in engaging with stakeholder at all level across WOVG and with other industry partners.

I am sure Daisy will continue to deliver amazing results in uplifting cyberculture and awareness not just in Victorian government but outside as well.

HIGHLY COMMENDED - SHAMANE TAN

Shamane is an absolute powerhouse mechanism in our industry. 

In her current role as the Chief Growth Office at Privasec, she develops and executes awareness strategies to promote the industry’s growth by ensuring that cyber risk is part of the business strategy. Her voluntary work and passion in building the cybersecurity community have single-handedly brought together more than 3000 industry leaders including aspiring new cybersecurity professionals. With the Cyber Risk Meetup platform that she has built in her spare time, she has organised huge events with hundreds turning up across the four states in Australia, bringing C-level and CISOs to share their insights with the community. 

Despite COVID, she didn’t stop there, in addition to her current workload, she adapted her community meetups to the digital platform, bringing in senior leadership from overseas to inspire and exchange knowledge with the Australian community. Some examples include the first female CIO for the White House in the US, and success and failure stories of the first US state government CISO, and many more.

She is also a podcast host of the ‘Mega C-Suite Stories’. She has additionally set up chapters internationally in Singapore and Japan, running virtual hackathon and cyber mentoring programs. 

Her TEDx talk has inspired many to go for their dreams too, and her global virtual ‘Cyber Risk Leaders’ book club has allowed different guests around the world to contribute to current cybersecurity affairs and thought leadership conversations. 

(Her TedX talk https://www.youtube.com/watch?v=y6V9mOa_Sbs)

Shamane is definitely one to watch in this space!

 

SPECIAL RECOGNITION AWARD - ESHAAL ALI

Eshaal Ali is a 9-year-old with a passion for cybersecurity. 

She believes cybersecurity should be a fundamental component of all technology and the way it is used, especially online platforms. 

Kids, through their use of social media and online games, are more prone to cyberbullying, which can be traumatic and difficult to escape. 

Eshaal wants to expand the cybersecurity awareness of others with a focus on protecting personal information and identity. 

She wants to spread this message to kids so that the next generation can think cyber safety as a key first step towards using or creating any technology.

Best Security Certification Provider

WINNER - (ISC)2

(ISC)is the largest nonprofit association of certified cybersecurity professionals in the world today, with over 150,000 members in more than 175 countries and with over 2,900 members in Australia. (ISC)2 offers a number of cybersecurity certifications including the CISSP (leadership and operations), SSCP (security administration), CCSP (cloud security), CSSLP (software security) and HCISPP (healthcare security).

(ISC)2 certifications reflect:

  1. strong familiarity with the Common Body of Knowledge (CBK) for each certification, which is compiled and maintained by the corps of cybersecurity professionals who have demonstrated hands-on experience within the domains of each certification
  2. paid and verified industry experience commensurate to each certification
  3. strict adherence to an industry code of ethics that seeks to create a safer and more secure cyber world

Whilst there are numerous organisations across Australia that trust (ISC)2 certifications, promote them and fund their adoption for their staff, including both at the government as well as the private sector, a number of regional case studies illustrate this in action including NTT across the Asia-Pacific and the Tokyo Metropolitan Police Force in Japan.

(ISC)2 also administer the Center for Cyber Safety and Education which is a registered charity and aims to ensure that vulnerable members of the community including young children and seniors have access to a variety of educational resources to help them stay cyber safe. The Center has partnered with the creators of the famous Garfield cartoons to create valuable content and resources that seek to help children understand and address online privacy, cybersecurity and cyberbullying. The Center also administers cybersecurity education scholarships including a category specifically for women seeking to make a career in cybersecurity. 

The Common Body of Knowledge (CBK), which underpins each of the (ISC)2 certifications, is written, updated and maintained by certified (ISC)2 members. Underpinning the CBK content for each certification is a regular Job Task Analysis that is undertaken for each to ensure that the skills covered in each certification are relevant to industry needs. This is also reflected in the fact that (ISC)2 certifications map to the NICE Framework (https://www.isc2.org/NICE-Cybersecurity-Framework-Map), with mapping of (ISC)2 certifications to the Australian Government’s Cyber Skills Framework currently in progress. 

In Australia, (ISC)2 certifications are highly regarded by the government sector, examples of which include:

  1. The Australian Signals Directorate including (ISC)2 certifications as pre-requisites for the IRAP program and recognising a number of (ISC)2 cyber security certifications, including the CISSP, SSCP and CISSP-ISSMP under the Australian Signals Directorate Cyber Skills Framework.
  2. (ISC)2 certifications being taught by UNSW Canberra to Australian Defence Force Academy recruits
  3. The Victorian Government recommending (ISC)2 certifications to cybersecurity and IT public servants through the Deed of Standing Offer Signed with (ISC)2

(ISC)2’s mission is to create a safer and more secure cyber world. In Australia, (ISC)2 has formed a strategic partnership with AISA (the Australian Information Security Association) and works closely with TAFE, universities and high schools to ensure that IT security is considered as a viable and valuable career option for young women and men across Australia.

(ISC)2 certifications illustrate deep knowledge and experience, meaning that the certifications are valuable and credential holders are sought after and highly employable. (ISC)2 certifications are Australian Standards approved under AS/NZS ISO/IEC 17024, recognised as prerequisites for the Australian Government’s IRAP programme, recognised by the Australian Computer Society as part of the Certified Technologist / Certified Professional accreditation and also recognised in the United States under the DoD 8140/8570 scheme and in Singapore under the NICF. In the UK and in Europe, the CISSP certification is rated at the Regulated Qualifications Framework (RQF) Level 7 standard, the same level at which university-based master’s programs are also accredited. 

As part of the (ISC)2 commitment to the development of cybersecurity skills increasing knowledge and experience amongst its member community, (ISC)2 publishes a number of research studies including the annual Cybersecurity Workforce Study, as well as a Women in Cybersecurity Study and a COVID-19 Cybersecurity Pulse Survey. In addition, (ISC)2 members have access to the Professional Development Institute (PDI) which allows members to complete over 30 free continuing professional education courses earning the member CPE’s. Complementing this are the numerous other offerings that provide greater insights into security and new perspectives including Security Briefing Webinars, the annual Security Congress conference, (ISC)2 chapter events, the (ISC)2 Online Community, the InfoSecurity Professional Magazine and Safe and Secure Online resources for members to teach children and seniors.

Unsung Hero

WINNER - GYLE DE LA CRUZ

Long before Gyle migrated to Australia, she has always been an advocate for security awareness and diversity and inclusion. Having experienced sexism and racism in the workplace, she understood the difficulties that women faced in surviving and thriving in the industry. Gyle grew up during a brutal dictatorship in a country riddled with all the natural calamities happening on a frequent basis. She has survived wading through dirty floodwaters, drinking potentially radioactive Coke and the Y2K bug. Before moving to the tech industry, she trained as a psychologist.

Currently, she works as a Cyber Threat Analyst for Cyber Research NZ where she works from home 100%. Gyle dela Cruz has worked for more than 16 years in the tech industry. She has a multi-cultural and multi-disciplinary background. She is passionate about contributing to the cybersecurity industry and wants to empower everyone in understanding how their actions can create a safer cyber world. In her spare time, she volunteers for different cybersecurity events.

In her previous roles as a technical instructor and consultant, she untiringly helped and encouraged her female trainees/students to understand the technology and spent extra hours providing help. She has and continues to help women with their questions on how to get into the cybersecurity field and how to write a more tech-focused resume. While in graduate school, she encouraged the few women in her class to continue by providing tips on how to balance full-time work and graduate studies. She also provided useful feedback in terms of research papers she came across that are related to her classmates’ work. She cheers and collaborates with other women in CTFs (Capture the Flag event). 

Last year, as part of the Project Friedman initiative, Gyle spoke in AISA Cybercon on using our cybersecurity skills and knowledge to protect and defend our loved ones and communities. This year she has given various talks on mental health, psychology and purple teams to diverse groups in order to help them understand how such diverse topics have implications in succeeding in the cybersecurity field. 

She often volunteers her time, without fanfare, to various causes like encouraging the next generation to consider cybersecurity as a career. She volunteered to go to the regional schools to talk about her career as part of Victoria’s Digital Innovation Festival 2019 and volunteers frequently with the Kids SecuriDay group. She also volunteers with Trace Labs as a regular judge for the events, frequently staying up all night to help vet submissions for missing persons and guide participants into improving their OSINT skills. 

In her current work as a Cyber Threat Analyst, she not only monitors and responds to security threats, she provides valuable security insights to her company’s clients by integrating the technical understanding of attacks and human behaviour. Recently, she has also helped various individuals on Facebook who have been subjected to cloned Facebook profile account attacks, by securing their digital lives. This is in the wake of the new anti-terrorism bill in the Philippines where a digital troll army has targeted student activists and people who are critical of the current repressive government. Gyle doesn’t talk much about these various things she does out of privacy and security concerns. This is why I feel that she deserves this Unsung Hero award. Her work is not always publicly acknowledged.

HIGHLY COMMEND - FATEMAH BEYDOUN

To me, the word “hero” stirs up thoughts of selflessness, unflappable resilience, and an unwavering desire to help others. 

Heroes are imperfect — as we all are — but they are good to their core, and actively seek ways they can support others, lift spirits and improve their environments. The above also describes Fatemah Beydoun. 

Ever since her days at AISA, she has been an unstoppable force for positive change, diversity, and making the cybersecurity industry more inclusive for everyone. At the same time, she displays humility to a fault, shunning the spotlight and insisting it is just the right thing to do, not something to celebrate. 

While that may be true in 2020, we know there is more work to be done – and it is people like Fatemah that remain committed and show what is possible when looking beyond the surface to find the perfect fit for the business. Secure Code Warrior operates at near-parity for males and females in our cohort, and Fatemah is a constant pillar of empathy and support. 

She is completely results-driven, championing that flexibility, freedom, and the right to be yourself produces the best work and happiest people. She is right, and our business thrives on that culture of acceptance and individuality – after all, filling a room with backgrounds, opinions, and experiences that are the same as your own is not conducive to true innovation. 

Fatemah is a prime example of great leadership in the Security Industry. She is the first leader who I have worked for who is a constant advocate, always encouraging me to develop and take on more. This quality is displayed to all people at Secure Code Warrior as she is approachable, humble and encouraging. I have seen her promoting and highlighting others within the organisation, while rarely promoting herself.

Fatemah is my hero, and I am grateful for her every day. If every cybersecurity business had a person like her, I think we would see the rapid positive change that keeps pace with such an ever-changing landscape. She is the future.

Fatemah has forged a successful career as a woman in tech. She is a mentor, leader and inspiration to women across the security space, she is well known for her knowledge, diverse expertise and ability to relate to people across all levels of the industry. She has been pivotal in forming connections and relationships within the space and is well known for her advocacy and promoting the professional and personal development of both men and women. Fatemah is an inspiration as she effectively juggles being the mum of a small child whilst navigating a global leadership in a fast-paced and demanding role. She is very humble with her achievements and I believe this award would be awesome recognition for all that she does within the sector.

Fatemah is the very definition of a quiet achiever, an absolute pillar of the security community who gives so much of herself without ever seeking accolades or recognition for her enormous efforts. Working tirelessly in the background, she is making a tremendous impact on women in security, both in Australia and overseas. 

She leads by example, serving as inspiration for many younger females in the industry. She has grown her team with a strong, balanced female presence that genuinely represents diversity, equality and a safe space for women to be heard and supported in their roles. I am grateful for her exceptional skill, drive, and motivation in growing a more secure digital future.

Australia's Most Outstanding Woman in IT Security

WINNER - JENNIFER STOCKWELL

Jen Stockwell is Telstra’s National Cyber Security Adviser. In this role, she has pioneered new ways of conducting industry and government cooperation on the biggest cybersecurity issues facing the nation. 

Jen has a background in intelligence and speaks six different languages, she is a creative thinker who approaches problems differently which is reflected in the make-up of her teams which are gender, technical, age, and culturally diverse. 

She leads specialised teams covering law enforcement liaison, public policy, national security, strategic intelligence and critical infrastructure security. 

Jen works to inform and advise Telstra’s board and executives on the most pressing national cybersecurity issues facing Telstra and the nation. 

This includes supporting our CEO as he serves as the Chair of the Federal Government’s 2020 Cyber Security Strategy Industry Advisory Panel. She is passionate about evidence-based policy and leads the provision of advice to the government on legislative and policy formation that is grounded in real-world threats facing our customers. 

Working at Telstra, our network size and visibility provide us with an incredible opportunity to make substantive and meaningful change to Australia’s security. 

Every day Jen drives ‘big-picture’ initiatives that aim to make the lives of everyday Australians more secure. Our CEO recently spoke publicly about one of these programs, Telstra’s ‘Cleaner Pipes’ initiative which automatically blocks millions of malware communications every week as they try to cross Telstra’s infrastructure. This reduces cyber threats to millions of Telstra’s customers, including some of our most vulnerable, stopping the theft of personal data, financial losses, fraudulent activity before they can take place. 

As one of the most senior women working in Cyber Security at Telstra Jen is often asked to mentor and guide younger women. Despite her tremendous workload, she is extremely generous with her time and activity mentors many young women in the cybersecurity community both within and outside Telstra. 

Jen is also very active within the Australian cybersecurity start-up community and provides mentorship through CyRise. She is a well-respected and rare type of people leader who understands her subject matter deeply, can communicate risk and reward to senior internal and external executives and trusts and empowers her team members to thrive and grow. 

She also manages to undertake this whilst raising two kids under five! 

She is an inspiration to us and truly deserving of this recognition.

HIGHLY COMMENDED - NATASHA PASSLEY

Natasha Passley is Executive Manager of the Cyber Portfolio at IAG. She commenced this role in 2016, following two decades in various risk, technology, and security management roles in the finance sector. 

Since late 2016, Natasha has been responsible for a ground-breaking security uplift program involving 50+ projects. This ambitious task has facilitated a range of security capabilities across IAG– from endpoint software, data loss prevention, and vulnerability management, to CPS234 compliance, advanced behaviour analytics, and endpoint telemetry. As a direct result of Natasha’s work, IAG has increased its NIST maturity rate by an average of three points. 

Key to success has been Natasha’s establishment, development, and management of an exceptional team, dedicated to improving security and ensuring compliance. Not only is this team filled with high-performing security professionals, but it also breaks down gender barriers, being comprised of 60% female and 40% males. 

Relationship-driven leadership Natasha’s role demands a combination of an agile and structured methodology, in order to achieve an effective balance between agile project delivery and strict governance requirements. Given that the security uplift program affects IAG’s 13,000+ employees, as well as thousands of partners, consultants, and third parties, across Australia and New Zealand, this is no easy feat. In mastering the balance, Natasha has developed mutually beneficial relationships with multiple stakeholders, from senior management and board members to regulators. 

 “She is known for her clear, open dialogue; reliable approach, outcome focused attitude and genuine commitment to long-term relationships and engagement” .The gender diversity of Natasha’s team is evidence of her tireless and highly successful championing of women in security. At the heart of Natasha’s approach is her dedication to investing time and energy in her team members, ensuring they discover potential areas of interest, find the courage to take new directions, and follow rewarding career development plans. 

“Natasha helps women from non-security backgrounds to move into security project management, where they may gain exposure to many aspects of the security industry. At least two of Natasha’s female team members are currently on this path, with the goal of moving into new areas. 

Natasha also regularly mentors interns who provide fresh ideas, while enjoying the opportunity of experiencing project management. Natasha is a committee member and facilitator of IAG’s Women in Risk Forum Working Group, which invites experts to discuss issues relevant to women in risk and security–from breaking down gender barriers to strategies for mental and emotional overload. 

In 2019, Natasha was part of IAG’s inaugural Women in Security panel, held during IAG’s first Protective Security Awareness Week, where she appeared alongside fellow female security experts from Virgin Australia and NBN discussing diversity and the changing nature of women in security. 

In 2017, Natasha was one of 20 women invited to take part in Game Changers, IAG’s accelerated leadership program for women. 

Natasha holds a Master of Information Systems from the University of Wales Institute, and a Bachelor of Honours Degree in German and French from the University of London. She is also CISM, PgMP, and ISO27001 certified and is completing a course for future CISOs at the Cyber Leadership institute. Before joining IAG, Natasha held a variety of senior program management positions across Technology, Risk and Security in the Financial Services industry in both the UK and Australia. Natasha is deeply involved in various communities and industry initiatives. 

She collaborates as a member of ISACA, AISA, Australian Women in Security, PMI, and Women on Boards, and regularly attends industry events and conferences, often sharing her knowledge through presentations and papers. 

Natasha provides monthly mentoring to females from a variety of backgrounds, through which she provides guidance and support to aspiring female leaders

What others say: ‘Natasha makes all efforts to regularly stay in touch with individuals to offer support and to connect on a personal level. She provides organisation and division-wide updates to ensure her team remain informed, and always recognises achievements and hard work where praise is due. Especially during COVID-19 she has reinforced messaging around being active and taking breaks for mental and physical health and has organised a weekly social catch up on WebEx with the entire team, so we can chat about items other than work.’ – Ayben Oz, Test Lead, Cyber Shield. 

Australia's Most Outstanding Woman in Protective Security/Resilience

WINNER - CHRISTINA ROSE

HIGHLY COMMENDED - ASH FRADLEY

As a national provider of critical infrastructure and Government Business Enterprise, the importance of which has never been as prominent, nbn has an enormous focus on the security of our network, our infrastructure, our assets more broadly and our people.
 
Our nominee, Ash Fradley, is the Manager of the nbn Security & Emergency Response Centre (SERC), one of the nation’s most complex Physical Security monitoring centres, responsible for monitoring and protecting nbn’s significant expanse of infrastructure, people and assets across Australia.
 
Ash Fradley started her security career more than 17 years ago working within various critical security roles, which included several years at the Victorian County Court where she led & coordinated security & emergency response activities and incident management from Security Command Centre.
 
The Melbourne City Council coordinating physical security and local laws assets & incident management, along with other major organisations such spirit of Tasmania, Crown Casino, and Melbourne’s Federation Square.
 
As an outsourced employee to our partner security company, in 2012 Ash worked with the nbn Agency Security Advisor to start what was then called the Physical Security Operations Centre (PhySOC). In the ensuing years, and critically as a recognition of the great work Ash and her team had done, Ash was offered a full-time role at nbn as the Manager, PhySOC.
 
The PhySOC steadily built a reputation within nbn as the go-to point, the trusted partner, the safe hands for supporting other parts of the business. Over time Ash and her team took on multiple additional Security, and non -Security-related services to support the wider business. In 2018, recognising the growth in services that this operations centre was providing, the increased accountability and the much more significant value that was being provided to nbn, Ash rebranded her department changing the name of the PhySOC to the Security and Emergency Response Centre (SERC) which we felt better represented the breadth of services the Centre now supplies. As the Manager of the SERC, Ash is accountable for the 24 x 7 security management of an enormous range of assets, people and incidents including but certainly not limited to:
 
Management of CCTV and Access control across circa 60 offices, 11 Satellite Earth Stations and 10 Large Aggregation Nodes (very much like a large datacentre), over 122 third party sites which house our infrastructure and are monitored by our own CCTV systems, over 2500 Fixed Wireless Towers and tens of thousands of roadside nodes and pillars.
Planned and Ad Hoc Security Patrol / Static Guard dispatch & management
Incident Response – Bespoke processes involving internal and external stakeholders to monitor & respond to large scale metal and battery theft from nbn network infrastructure*
Management of the nbn Security Hotline which is available to employees in crisis or emergency situation*
Tracking, monitoring and responding to incidents which may impact our overseas travellers*
Management of our fleet vehicle (now over 800 vehicles) and office reception duress alarms and responses to the same
Monitoring and support of our extensive field workforce working after hours*
Management of our Police enquiry hotline*
Security Incident Triage and Investigations Support
First level support and monitoring of our extensive electronic key management system which is in over 170 sites nationally.
 
In parallel Ash has managed the SERC function through a major technology uplift and the pandemic, each requiring particular skill sets focused to achieve minimal operational impact, and at the same time achieving project and business continuity goals. The technology uplift required the integration of 16 applications into one platform to allow for single sign-on, shorter training cycles, and improved operator performance.
 
In response to the pandemic, Ash dispersed her team across multiple locations in an effort to minimise any direct effects the outbreak could potentially have on her team while maintaining managerial oversight and minimising adverse operational impacts.
 
In this role, Ash has demonstrated a solid understanding of not only the nbn security function (especially personnel, travel and physical security as well as incident management processes) but also Facilities, HSE, Fleet and Employee Relations.
 
Ash’s drive to uplift her own understanding of the wider Security Group functions and their interlock with her own team saw her undertake a 6-month secondment into nbn’s Cyber Security Operations Centre as a Data Loss Prevention analyst, during her secondment Ash was able to assist in uplifting the DLP function through process improvement.
 
Ash and her team continually interact with stakeholders at all levels, inside and outside of nbn, including retail customers, our service delivery partners, law enforcement and members of the public to name a few. Customer centricity is core to Ash’s values and beliefs as well as her team’s and this is evident in the constant feedback they receive on a regular basis.
 
Since starting with nbn in 2012, Ash also started, and continued to grow, her own family of 3 children.
 
Ash has enormous accountability and does this job to an extremely high level of professionalism.
She is very well respected within both the Security Group and more broadly within the company. We are very proud to nominate her for the most outstanding woman in protective security/resilience.

 

People's Choice in IT Security

WINNER - SMITHA ANILKUMAR

In her role as Senior TAM, Smitha consistently provides sound and measured cyber security guidance, prioritising what we need to focus on for the biggest risk buy-down and providing great reporting and metrics to measure our progress.

  • Smitha pioneered a reporting methodology that makes it easy for the client to understand their security posture. This methodology is not used anywhere else in the Cyber Security landscape in Australia. 
  • Smitha champions the causes of “early career” IT/Cyber Security, encouraging and mentoring young people in careers in Cyber Security 
  • Smitha is active in the Women in IT/Cyber Security communities in Australia.
  • Smitha has progressed from being in a rather ‘internal dark room’ type role as a SOC Analyst, to being in a ‘strategic client-facing and engaging role’ and a ‘trusted advisor’ as a Senior Technical Account Manager of the Security Division of NTT Ltd. 

Smitha is an important bridge between cybersecurity departments and NTT’s Managed Security Services and SOC; and also curates a range of technical cybersecurity findings, reports and threat information that the SOC generates, into business-relevant and consumable presentations for senior-leadership and executives. 

Her methodology provides leadership and helps to advance the security posture of clients and drives ongoing service improvement of NTT’s Managed Security Services. 

Smitha is also active in promoting and advancing causes related to the development of Women in Cybersecurity, through the encouragement and mentorship of young people to participate in a number of industry bodies and communities.

 

People's Choice in Protective Security/Resilience

WINNER-YASHEMIL MATUTE ALVAREZ

As a cybersecurity professional, you must provide ongoing assistance to the organisation to embed security culture and manage information risk more strategically, in all levels of the organisation. I cannot talk about individual achievements as security is teamwork, and every day we are part of the digital transformation through the enhancement of the business opportunities and landscape. However, given the evolving nature of the COVID-19 outbreak, the WA Police Force’s needed to adopt and enabling several ICT solutions to respond to this unprecedented circumstance rapidly. 

One of the solutions was G2G Pass. In response to the COVID-19 pandemic, the State Government of Western Australia and the Commonwealth Government implemented a range of travel restrictions that affect travel into and across WA. The travel border restrictions prohibit entry into and travel across WA by any person other than an exempt traveller. This solution was delivered two days after the travel restrictions were imposed.

Throughout this business attainment, I demonstrated leadership and excellence to assist on the identification of security risks that could potentially impact the WA Police Force operations and reputation through the launch of a mobile application that record the travel movement across WA, and the enhancement of the paper-based process ensuring compliance and assurance activities on the exempt traveller application process. 

Likewise, as a cybersecurity professional, you must continue server and embed how to manage security on business initiatives; during this initiative I:

  1. guide the design, development and deployment of security architectures, instilling security standards and implementing innovative countermeasures. 
  2. monitor the effectiveness of the security standards, process and controls. This means, addressing considerations such as whether controls are working as intended, is the data secured, and the information is appropriately handled. 
  3. Identify and communicate the value to protect Agency assets. 
  4. Understand and broadcasting the implication of new or emerging technologies, and threat landscape. Helping to identify Cyber Risk that may arise as the business attain a strategy.

As an advisor, I drive the Agency to improve its security decision making and risk mitigation capabilities continually. During the development of the G2G PASS solution, I addressed the Agency needs to focus on addressing cyber threats and creating a risk-based strategic roadmap to align efforts with Agency risk appetite. I educate, engage and align stakeholders with increasing security awareness concerning privacy, data security, data protection, data retention, legal provision, user disclaimers, data ownership, etc. 

 

I believe that to have inspiration; you need mentally motivated to create, influence others and provide advice. I love what I do. I have passion and determination to learn and be up to date about cybersecurity matters and why it is crucial to support the business mission continually, to instigate transitional changes, educate or inspire others. 

Keeping in mind what this is important for the business, you will not fail to integrate the business and security strategy, educate, advise, inspire future cybersecurity risk leaders and contribute to the digital transformation. 

For example, when you are writing a Cybersecurity awareness advisory, you should engage people on what you want to transmit, similar to a marketing campaign:

  •         Why is this important?
  •         Why is this important for me? and 
  •         What do I need to do to protect the business, myself and others?

These responses can drive emotions, and emotions drive human behaviour. A Cybersecurity professional should be a leader capable of creating emotional connections on the work/projects that he/her is involved in. Similarly, when the leader shares their personal experiences, this demonstrates that everyone can face cybersecurity behaviours and challenges, this also demonstrates authenticity on the message that you want to transmit and help others to surmount similar hurdles.

My personal growth always has been influenced from leaders that can drive my knowledge, and challenge me to enhance my abilities. During my professional career, I selected a work environment where:

  • the culture to continuous improvement is embedded,
  • Providing mentorship is a powerful tool in determining what people value and how they should conform. 
  • And where communication and stories to create emotional connections promote shared accountability. ‘

 

I have overcome several challenges during my professional development here in Australia. As an outsider, women, and no native speaker, you need to demonstrate every day, not only your professional value, skills, experience, break barriers, and stereotypes. These difficulties have never demotivated my passion for providing advice, educating or for doing my work. However, these are my pillars to get inspiration to become a recognised cybersecurity professional, apply for jobs, go to an interview, or simply provide assistance about the cybersecurity landscape without preconceptions and to help to break paradigms. 

I have recently been appointed to acting in a high position, and I always doubt that I will touch this position on my life here in Australia, due to all the industry’s patterns, especially in an organisation conquered by men. I cannot lie that it is frightening to talk in a board meeting just full of men. But all these experiences in my mind have given me the strength to overcome my fears and exhibit why I am here, break walls, standard and demonstrate that I am capable not only to cover a temporary vacancy. I am capable to fill the position and enhance the excellence of the WA Police Security and Risk Division.

 

According to her colleague, “Yashemil Matute Alvarez is an outstanding cybersecurity professional who has led an impressive career. 

 

She is the first woman Chief Information Security Officer in Western Australia and has demonstrated expertise across governance, risk and compliance. Her success should be inspirational to all women in security. 

 

Prior to joining WA Police Force, Yashemil had previously run her own cybersecurity business in Venezuela before moving to Australia. Her attitude towards security and helping others has taken her across a number of industries including consulting, education and law enforcement. It would have been very difficult with the language barrier to build a career in Australia. 

 

Her self-motivation, passion and commitment to the team are commendable and inspirational. Her technical competence and ability to identify and communicate the business risk has enabled her to communicate cyber risk effectively.

 

She is a wonderful person who has gone up the information security ladder through hard-work, courses, certifications, experience, etc. 

 

She has had the privilege and the meritocracy of being part of many of the most prestigious businesses in Australia and internationally such as PwC, BBVA, Curtin University, WA Police. 

 

Even more, she rose in the information security field from internal audit through the assistant manager, which shows her commitment and knowledge in the field. 

 

Throughout her professional career, she has helped the businesses she had worked in to develop their information security capabilities. Even more, has helped to shape teams while helping colleagues, helping to shape information security field. 

 

Finally, she has never been involved in any wrongdoing, on the contrary, she has always fought against all kind of injustices and prejudices, showing commitment, integrity and work ethics, which is the based for a better workplace in and out information security, inspiring other to shape a better world.”

Acts of Bravery & Courage

WINNERS - CHRISTINA ROSE & CATHERINE DOLLE-SAMUEL

  1. How is the individual or organisation/group going ‘above and beyond’ to protect the lives of others during the COVID-19 crisis? 

Catherine has been involved in monitoring and responding to COVID since December 2019, when indications that a virus maybe transmitting within Wuhan, China.

As a Business Continuity and Resilience Specialist at The University of New South Wales (UNSW), Catherine has been in the frontline of their response, especially when one of the first COVID positive cases was a student at her University living temporarily in residence.

https://7news.com.au/lifestyle/health-wellbeing/unsw-confirms-third-coronavirus-case-but-says-it-will-not-close-its-doors-to-students-c-749529        17 March 2020

In addition to having to deal with challenges and fears of writing new policies and procedures, Catherine had to deal with potential of racism, maintaining the privacy of a COVID case, personal welfare fears of students and employees and the COVID impact generating significant budget cuts and job losses.

These images share details of the timelines and some of the challenges for Catherine and others working at UNSW to deliver the best outcomes for that significant community. Catherine has been sharing the lessons identified and learned through COVID pandemic to date to assist other business continuity managers to better prepare and secure their businesses for similar challenges such a positive COVID test in their workplaces.

  1. How is the individual or group showing leadership, bravery and commitment to helping people and the country during the coronavirus pandemic?

Catherine had ‘to keep a cool head’ when the first COVID positive case was confirmed for a UNSW international student, one of the first COVID cases in NSW and Australia.

Catherine briefed the C-Suite meeting as a Crisis/Incident Management Team with daily briefings for months. She was working with a new Director of Risk as her manager. Dealing with great uncertainty and limited information about how best to manage this student COVID case in terms of work health and safety, racism, privacy, inexperience of the health system at that point, fear of other students and employees and more.

Had Catherine not found the best solutions community spread could have easily ‘gotten away in her large university community with many international students and students in residence. All Australians were protected by the wise choices at UNSW with no ‘community spread’ of COVID identified as being sourced from there.

  1. How has the individual or group overcome challenges to provide leadership in the face of adversity and help protect their fellow Australians

Catherine had to maintain a cool head, provide wise advice with limited information to her C-Suite. Fear of the unknown was rife, especially early in the pandemic. UNSW found themselves front and centre early in the COVID pandemic with one of the first confirmed cases in NSW and Australia.

Had Catherine and her C-Suite did not manage this first COVID confirmed case, well. The outcome could have been increased fear for students and employees; racism; privacy breaches and even community transmission beyond the UNSW residence, where the student was living on a temporary basis. The good choices made by Catherine and others at UNSW saved NSW and Australia from more community spread of COVID.

  1. What are some of the ‘lessons learned’ from giving selflessly and helping to protect lives during the global pandemic?

Catherine immediate appreciated the risks to the privacy of the first UNSW COVID confirmed case and the potential for racism and increased fear of COVID amongst for students and employees at UNSW.

Like many executives, and business continuity managers, securing their businesses in the most COVID Safe possible configuration, has come at a significant personal cost – exhaustion!

When a crisis occurs, the first resource to be exhausted in usually command and control. Catherine has no alternate and neither does her boss, the Director of Risk.

  1. How will your achievements or those of the group – whether on the frontline protecting human life at airports and hospitals; behind the scenes fighting cybercrime; or creating a system of prevention and recovery from the crisis – build safer communities for the future?

Catherine has worked tireless with many colleagues at UNSW to develop and maintain a COVID Safe workplaces and residences. Failure to manage UNSW case zero had the potential to increase community spread within their campuses, but also throughout Sydney, NSW and Australia.