This is a BIG one guys! Introducing my hero... Dr Jessica Barker. I was fortunate enough to attend the Cyber Security Insights camp at the University of Birmingham, where Jessica was speaking. It was an incredible talk and I was in complete awe of Jessica's calm and cool demeanour. I cheekily Tweeted her after the talk and asked if she would like to take part in the series and she said yes! What an inspirational, interesting and kind woman. Jessica has been able to fuse psychology, sociology and cyber security to make one bad ass career and start up her own consultancy, Redacted Firm. As if that isn't enough, Jessica has appeared on the news several times talking about cyber security and she also has an PhD from the University of Liverpool. We're talking serious goals here people, and I am so honoured to have her on my blog!
"I specialise in the human side of cyber security and am the co-founder of a cyber security consultancy company, Redacted Firm. At Redacted Firm, we address the human, technical and physical elements of cyber security: cyber insecurity is often about where people meet technology, and this is the focus of our work. My work in cyber security has always centred on helping organisations understand what their culture is like, the extent to which people understand the importance of cyber security and follow policies and procedures. A core part of my role is communicating about cyber security, so taking complicated technical messages and translating them so that non-technical people can understand and relate to them. At Redacted Firm we do a lot of behavioural-change training, for example on social engineering, which takes advantage of human, technical and physical weaknesses and is one of the biggest forms of attack targeting organisations at the moment."
Tell us a little bit about your journey into a technology-based role.
I’ve been working in cyber security for seven or eight years now. I was finishing my PhD in Civic Design (my thesis was a mix of sociology and town planning) when I was headhunted for a cyber security consultancy. That firm was focused on the defence sector and looking for someone who could look at cyber security from a different, more human perspective. I worked with them on assessments of cyber security maturity in organisations and then ran cyber security awareness-raising training. In many ways it was a fantastic opportunity, working at a very senior level with really big clients. Working in the defence sector was also extremely beneficial for understanding cyber security on a deep level.
About four and a half years ago, I set up my own consultancy and worked with a fantastic range of clients, from SMEs to huge multi-national firms on a variety of projects from data protection to cyber security investigations and to cyber security communication programmes and awareness-raising training.
One issue that I have always identified and wrestled with in the cyber security industry is how siloed it is. The problems of cyber insecurity generally manifest as a combination of human behavior, technical issues and physical vulnerabilities. However, these problems are often managed in narrow terms: people will look at technical problems and overlook human factors, or vice versa. My partner and I set up Redacted Firm in response to this issue, bringing our expertise in the human, technical and physical elements of cyber security together.
How do you personally use technology in your day to day?
I would be lost without gps! I love music so use spotify a lot and I like twitter for chatting to people about cyber security news. I’m constantly trying to get better at engaging on LinkedIn, but I don’t find it as intuitive or enjoyable as twitter. I talk to friends on whatsapp and am always drowning in emails.
How do you use technology in your job role?
My work is all about understanding how businesses and individuals use technology, how this can be exploited and what can mitigate those problems.
What have been the best learning resources for you?
I’d highly recommend websites such as cybrary and pluralsight for training. The cyber security community is fantastic for sharing information and learning resources, so finding people who share your interests or work in an area that you want to know more about and following them on Twitter or LinkedIn will help you find resources that are helpful. I also find conferences such as bsides, steelcon and IRISSCON are a great way to learn more and stay up-to-date. There are regular meet-ups across the UK too, such as DC4420 in London, DC441452 in Gloucester, DC44141 in Glasgow and DC44131 in Edinburgh. Attending talks and meeting people at these events is a great way to learn, but so is giving a talk yourself. I do a lot of conference speaking and media appearances talking about cyber security, and truly believe that the best way to make sure you know a topic inside-out is to explain it to others. If you can’t explain something to someone else, that’s usually because you don’t fully understand it yourself (aka the Feynman Technique).
As a woman, do you think you have faced any challenges that a man would not face in your position?
Some of the sexist comments I’ve received have really shocked my boyfriend and my male friends in the industry. For example, people who don’t know me or the work I have done, have accused me of only getting opportunities because I’m female. Others have assumed that I started working in the industry because my boyfriend works in the same field; of course, no one has ever questioned whether he works in the industry because I do. One of the most surprising and disappointing things is that this sexism doesn’t only come from men, but from some women, too.
However, the sexism I have experienced has been far, far less common than the support and encouragement I have received from both male and female peers. I regularly speak at global events about my work: in the last year I have spoken in Malaysia, Canada, Estonia, Sweden, Germany, Spain, Norway, Switzerland and many more incredible places. I was first encouraged to speak about my work in cyber security by male conference organisers who were fantastic advocates for me and my work. When you have one bad experience, it can be hard to remember the twenty good ones that preceded it, but it is so important to focus on the allies.
What HAS been your biggest challenge so far?
Running your own company can be exhausting. I work very hard and rarely take a day off. When I first started working for myself, I was doing everything: from admin to marketing to business development to the actual client-facing work which paid the bills. It is challenging, but hugely rewarding.
With regards to technology, what do you think will be our biggest barrier to success in the future?
Cyber security is interesting, because everything changes and yet nothing does. New vulnerabilities emerge all the time, but the core themes of cyber insecurity generally stay the same, and have done for decades. So, the challenges we will face in the future will be the same ones we face now: legacy IT, flat networks, difficulties patching complex organisations, and human factors which encourage people to underestimate cyber risks and which make us susceptible to social engineering.
Who makes up your support squad?
Nicola (@CyberGoGiver) and Ian Whiting at Titania are lovely people and truly inspirational in their work and their approach to running a business. Friends like Zoë Rose (@5683Monkey), Scott Helme (@Scott_Helme), David Prince (@RiskObscurity) and Per Thorsiem (@thorsheim) are people in the industry who I not only admire, but chat to regularly about all sorts of work-related issues. Others such as Brian Honan (@BrianHonan), Adrian Davies (@adrian_adavis) and Lance Spitzner (@lspitzner) have been great supporters and champions of my work. Everyday, my partner FC (@__Freakyclown__ ) supports, encourages and inspires me.
What’s your favorite piece of advice to offer entrepreneurial/techy women?
Illegitimi non carborundum
Thank you so much for taking the time to complete my interview Jess, it means the world!