Gender diversity in the security industry is improving. According to the latest ISC(2) figures, the percentage of women in cybersecurity is around 24 percent, with an increasing number being appointed in leadership positions.
It is widely agreed that one of the most important factors in encouraging more women to enter the industry in the first place — or, indeed to make a career switch over to cybersecurity — is the existence of role models. The digital event at which the winners were announced, last night on 28 October, hosted by IT Security Guru, was made possible by the support of sponsoring companies keen to promote the role of women in cyber, with BT Security and Kaspersky platinum sponsors, BAE Systems AI and KnowBe4 gold sponsors, and ISC(2) the silver sponsor. See video here: https://www.itsecurityguru.org/women-in-cyber/
This list aims to call out the most inspirational women in the industry today as voted for by our panel of judges. The judges themselves *(see bottom of page) do not appear on the list, but were selected due to their own part in championing the role of women in cybersecurity and helping to increase diversity in the recruitment process and beyond – and are of course inspirational figures in their own right.
The judges made their nominations, nominations were also accepted via the IT Security Guru website, including self-nomination, then the judges got to pick their top 25, with those getting the most votes winning – though we extended the list to 26 due to several tied votes. The winners are not ranked so the results below are in no particular order:
Lindy Cameron, CEO, National Cyber Security Centre
The COVID-19 pandemic has led to an increase in cyber-attacks on businesses and consumers, making the National Cyber Security Centre (NCSC)’s role more important than ever. As new CEO of the NCSC as of October 2020 with a brief of overseeing the organisation’s response to hundreds of cyber incidents each year, Lindy Cameron is at the heart of this. Cameron has an impressive CV including two decades’ experience in national security policy and crisis management. She started her career in the private sector with McKinsey and has served across government at home and overseas. While she has only just arrived at her current role, the appointment itself is inspirational.
Sarah Armstrong-Smith, chief security advisor at Microsoft
Sarah Armstrong-Smith has an inspirational CV, having held roles at the London Stock Exchange and Fujitsu. She’s now chief security advisor in Microsoft’s Cybersecurity Solutions Group, working with strategic customers across Europe to help them evolve their security strategy and capabilities to support digital transformation and cloud adoption.
Armstrong-Smith has a background in business continuity, disaster recovery, data protection and privacy, as well as crisis management. Combining these elements allow her to holistically understand the cybersecurity landscape, and how this can be proactively enabled to deliver effective operational resilience.
Eliza-May Austin, founder and director, Ladies of London Hacking Society
Austin is founder and director of Ladies of London Hacking Society, an organisation dedicated to providing opportunities and a welcoming space for women to develop and hone the technical skills critical for success. Austin is seen as inspirational by her peers, hence her well-deserved place on this list, but she is against the idea of women-only lists and awards because she thinks they hinder the progression women have made in the industry.
“Pitting women against one another in a subsection of an already small industry confuses me,” she says. “It’d be great if we could get to a place where we recognised good work regardless of what reproductive system someone has.”
Austin thinks diversity of opinion, thought, and backgrounds is incredibly important and beneficial to creativity in teams. “Prioritise that, and you’ll end up with a diverse range of people anyway.”
Chani Simms, founder, SHe CISO Exec
An IT professional of over 17 years, Simms is a passionate entrepreneur, C-level advisor, vCISO, ISO27001 and IASME auditor, Cyber Essentials assessor and specialist in helping organisations to implement and manage information security and data protection programmes.
Simms comes from a technology background, having worked at IBM UK and as an independent consultant in IT infrastructure security, as well as co-founding Meta Defence Labs in 2015.
Simms’ own experience and passion for the industry led her to create the SHe CISO Exec — a platform on a mission to bridge the gaps in the industry by empowering a diverse talent pool of emotionally intelligent cybersecurity leaders.
Holly Foxcroft, neurodiversity consultant, associate lecturer cybersecurity lecturer, Chichester College, STEM apprenticeship executive and cybersecurity lead at Highbury College
Foxcroft is an associate lecturer at Chichester College teaching a blend of technical and non-technical cybersecurity subjects and developing future curriculum to include cybersecurity modules.
Parallel to this, she is a neurodiversity consultant working alongside schools, colleges, individual support, parents and companies. An advocate for inclusion, Foxcroft tirelessly works to create an equal platform and champion neurodiverse individuals and offer people opportunities to start a career in cybersecurity. She is currently in her final year at Portsmouth University, where she is conducting research to understand neurodiverse cybercrime offenders to offer support and guidance to practitioners.
Adenike Cosgrove, director, international product marketing, Proofpoint
Cosgrove is a diversity champion who believes that the more the cybersecurity industry includes new and varied viewpoints evolved from different life experiences and backgrounds, the better-informed it becomes.
By day, Cosgrove is a cybersecurity strategist for Proofpoint, driving product marketing strategy across European and Asia Pacific markets. She is also elected vice chair of the DMARC.org ‘authindicators’ working group, tasked with developing a means of providing consistent indication of message authentication to end user recipients, which also led to the launch of email specification BIMI.
Lisa Forte, partner at Red Goat Cyber Security
Forte is inspirational both in her day job and outside of it — she’s a mountaineer, aiming to attempt to climb Mount Everest in May 2021. On top of her current role as partner at Red Goat Cyber Security, Forte also co-founded the Cyber Volunteers 19 initiative — a 3,000 strong force of volunteers helping hospitals around Europe stay secure during the pandemic.
Forte started her career working for companies that put armed guards on merchant vessels to protect them from Somali pirates. She moved into UK counter terrorism intelligence and then into one of the UK Police Cyber Crime Units. She co-founded Red Goat three years ago to provide social engineering and cyber-attack exercising expertise to companies around the world.
Forte hosts a popular vlog, Rebooting, as well as starring in several documentary films and is currently filming a TV series for a UK TV channel.
Dr Victoria Baines, visiting research fellow at Oxford University, a visiting fellow at Bournemouth University School of Computing
Dr Baines is a leading authority in online trust, safety and cybersecurity. She also provides research expertise to several international organisations, including Interpol and the Council of Europe.
As well as being a trained musician, Dr Baines is co-host of the Cyber Warrior Princess podcast, which aims to demystify cybersecurity for a popular audience.
Prior to her current role, Dr Baines was Facebook’s trust and safety Manager for Europe, Middle East and Africa. Before joining Facebook, Victoria led the strategy team at Europol’s European Cybercrime Centre, where she was responsible for the EU’s cyber threat analysis. She designed and developed the iOCTA, Europe’s flagship threat assessment on cybercrime, and authored “2020, scenarios for the future of cybercrime”, which was the basis for a successful short film series of the same name. She’s currently writing a book on security rhetoric.
Sharon Barber, chief Security officer, Lloyds Banking Group
The cyber threat landscape is evolving all the time, especially for those working in the critical financial sector. Barber is at the helm of this as chief security officer for Lloyds Banking Group, a job she’s held since 2017 after joining the bank in 1985.
As part of her role, Barber heads up the Group’s chief security office division responsible for cyber, physical and information security activities. She leads the operational resilience strategy and implementation for the group, working closely with regulators and government. She also leads the group’s incident response to the COVID-19 crisis.
Jenny Radcliffe, social engineer
Known throughout the industry as a “burglar” for hire, Jenny Radcliffe is a social engineer, hired to bypass security systems through a mixture of psychology, con-artistry, cunning and guile. A regular on the speaking circuit and multiple TEDx contributor, Radcliffe has spent her career talking herself into secure locations, protecting clients from scammers, and leading simulated criminal attacks on organisations.
Radcliffe’s focus on the “human” side of security is reflected in her podcast “The Human Factor” which sees her interviewing industry leaders, bloggers, experts, fellow social engineers and con-artists about security and preventing people from becoming victims of social engineering.
Elizabeth Denham, information commissioner at the ICO
Responsible for issuing fines to companies that breach the General Update to Data Protection Regulation (GDPR) since the regulation came into place in May 2018, Denham is fully committed to increasing consumer trust in what happens to their personal data. Of course, this means ensuring companies are transparent with the public about how personal information is used, and Denham has already launched investigations into Yahoo, Camelot, WhatsApp and Facebook.
She previously held the position of information and privacy commissioner for British Columbia, Canada and assistant privacy commissioner of Canada.
Neira Jones, Consultant, speaker, and NED in the United Kingdom
An engaging speaker and advisor, Jones is a renowned expert on payments, fintech, regtech, cybercrime, information security, regulations and digital innovation. With more than 20 years in financial services and technology, Jones believes in change through innovation and partnerships and always strives to demystify the hype surrounding current issues.
Jones is also 1st Advisory Committee member for PCI-Pal and chairs the advisory board for mobile innovator Ensygnia. She is an ambassador for the emerging payments association and a friend of the Global Cyber Alliance.
Her clients span industry sectors, including financial services, fintech, retail, legal, consulting, information security and technology.
Rowenna Fielding, head of individuals’ Rights & Ethics at Protecture
Having previously worked in IT and infosec, Fielding is now a self-confessed data protection anorak. With interests including records management and knowledge management, Fielding is always keeping watch on data protection developments so she can analyse and explain them for others.
An outspoken advocate for consumer privacy, Fielding often comments about businesses’ approach to the EU Update to Data Protection Regulation (GDPR). Fielding also holds the ISEB Certificate in Data Protection and holds the IDM GDPR Award.
Mivy James, digital transformation director and head of consulting at BAE Systems Applied Intelligence
Currently digital transformation director and head of consulting at BAE Systems Applied Intelligence, James has 25 years’ experience in the tech industry working in both government and finance sectors.
Having started her cybersecurity career as an analyst/programmer, James now works with UK government departments on their digital transformation strategies with a particular slant on security and enterprise architecture.
She is an advocate for STEM careers and the founder of her organisation’s gender balance network and also collaborates with UK clients on their own balance initiatives. In addition, she has been instrumental in changing the line-up for defence IQ speakers, which was previously all male.
Siân John, MBE, chief security advisor EMEA at Microsoft
COVID-19 has resulted in employees across the world working from home, and that’s seen digital transformation and a remote working become a major focus for Microsoft. As chief security advisor EMEA at the company, John has been instrumental in working with customers rapidly adapting the way they implement security. John also leads the EMEA security advisors who work with Microsoft’s customers to help them to develop their cybersecurity strategy and best practices.
She was awarded an MBE in the Queens New Year’s Honours List for 2018 for services to cybersecurity. She is a fellow of the Chartered Institute of Infosecurity, and chair of both the TechUK cybersecurity management committee and the digital economy advisory board for the UK Research Councils.
Jacqui Chard, deputy director for defence and national security National Cyber Security Centre
The National Cyber Security Centre’s role is more important than ever as the COVID-19 pandemic sees a deluge of phishing emails from criminals and foreign adversaries looking to steal valuable company IP and cash. That’s without considering the additional threat from spies intercepting critical government data.
In her role at the NCSC, Chard, who has worked at GCHQ and across government for 30 years, is responsible for ensuring that the UK has the sovereign capability to secure information and communications transfer nationally. This allows government at the highest level to conduct its business securely.
Diana Moldovan, UK Cyber Operations Lead for Aviva and board member of SHe CISO Exec
A mentor, speaker and expert in cybersecurity, Moldovan leads the incident response and threat hunting team at Aviva. She is passionate about giving back to the community and supporting people who want to start a career in cybersecurity, and collaborates with different organisations such as the NCSC and STEM Social to support schools and students.
A diversity advocate, Moldovan is also a board member of SHe CISO Exec. She is CISSP, GCIH, GCIA, GSEC and PRINCE2 certified professional with nine years of experience in the cybersecurity industry and often attends conferences and speaks on panels to share her expertise.
Professor Alison Wakefield, professor of criminology and security studies, Cybersecurity and Criminology Centre, University of West London
Alison Wakefield, PhD CSyP FSyI, is chair of the Security Institute, the UK’s largest member association for protective security professionals, and professor of criminology and security studies at the University of West London, where she is a member of the executive of UWL’s cybersecurity and criminology centre and course leader of the professional doctorate in policing, crime and security.
Wakefield has also written several award winning papers and books: For example, she won an Emerald Outstanding Paper 2018 award for the co-authored paper ‘Confronting the “fraud bottleneck”’ in the Journal of Criminological Research, Policy and Practice. Her books include Selling Security: The Private Policing of Public Space, The Sage Dictionary of Policing, and Ethical and Social Perspectives on Situational Crime Prevention. Her fourth book, titled Security and Crime: Converging Perspectives on a Complex World, in 2021.
Gemma Moore, co-founder and director of Cyberis.
Moore has over fifteen years’ experience in the security consultancy industry, helping customers across sectors assess their risks and improve their security. Her focus includes infrastructure and application penetration testing, information risk assessment, due-diligence compliance auditing, network forensic analysis and simulated targeted attacks.
Moore is also chair of CREST’s Penetration Testing Steering Committee which has recently seen her run workshops and hosting webinars as part of CREST’s Access to Cyber Security Day. The workshops focused on good practice in recruitment to help encourage more women in security, with Moore looking into whether anything that government, industry or academia has done to encourage more women into the industry has made a difference, and if not why not?
Didar Gelici, cybersecurity risk manager, Travelex
Gelici is a multi-talented cyber security and data privacy professional working as a cyber risk manager by day, at the same time moonlighting as an active volunteer for security communities she finds closest to her heart. She has 12 years of governance risk compliance experience in the finance industry and is part of the Ladies of London Hacking Society and SHe CISO Exec among other projects.
Gelci says she is passionate about sharing knowledge and experience, and she wants to help make others feel welcome and enthused about the industry. Her pet hates are ineffective third party risk management practices and ignored data privacy rights.
Dee Deu, CISO, Xoserve
Deu has an impressive CV with over 14 years of diverse senior leadership experience spanning multiple industry sectors including banking, financial services, manufacturing, automotive, insurance, retail, real estate and utilities.
She was the first CISO of British Land, the UK’s largest property development and investment company, where she built, established and led the new function. She’s now joined Xoserve serving the UK’s gas industry as CISO, re-defining and embedding the security and privacy functions.
Deu prides herself on her holistic and people-centric approach to customers, stakeholders and suppliers. She focuses on raising awareness through thought leadership, transparency, knowledge transfer, strategy and transformation and also mentors others to support them in their roles.
Poppy Gustafsson CEO of Darktrace
A well-known name in the industry, Gustafsson is CEO of Darktrace, a company that has reached a US$ 1.65 billion valuation in under five years while she has been at the helm. She’s also a qualified chartered accountant having previously served as the company’s CFO. Prior to Darktrace, Gustafsson held financial controller positions in the technology and venture capital sector. In the Birthday Honours 2019, Gustafsson was awarded an OBE in recognition of her services to cybersecurity. Her focus now is taking Darktrace forward to a future that includes red teaming and cyber risk analysis executed by AI.
Jayne (Snelgrove) Meir, assistant chief constable, West Midlands Police
Currently assistant chief constable at West Midlands Police with responsibility for the crime portfolio, Jayne Meir has been hugely successful since starting her career at the Metropolitan Police in 1996. At the Met, she was involved in numerous operations, including supporting the response to the July 7 2005 terrorist attacks and coordinating counter terrorism policing for the 2012 Olympic and Paralympic Games. Meir has been widely praised for her role as Head of Fraud and Cyber Crime leading MPS enhanced service – FALCON (Fraud and Linked Crime On-line).
Meir transferred to West Midlands Police in 2016 to become the local policing commander for Wolverhampton. She then became director of intelligence in 2018, before being appointed as an assistant chief constable in May 2019.
Indra Joshi, director of AI at NHSX
As the clinical lead for NHS England’s Empower the Person portfolio, Dr Indra Joshi oversees the national citizen-facing digital initiatives within the NHS with a focus on evidence, data, digital health standards and policy for AI.
Her impressive breadth of experience spans policy, governance, digital health and marketing, national project strategy and implementation. At the same time, Dr Joshi is the clinical director of One HealthTech — a network that campaigns for the need and importance of better inclusion of all backgrounds, skillsets and disciplines in health technology.
In addition to her position as vice chair for the British Computer Society (health), Dr Joshi is an international speaker and consultant on digital health and a trained emergency medic.
Colleen Rose, UK CISO at Barclays
Rose has worked at financial giant Barclays since 2018, when she joined the firm as infrastructure controls officer and CISO. She’s now CISO of Barclays’ UK arm, where she is responsible for security including protecting the firm against cyber-attacks amid challenging COVID-19 conditions. Prior to Barclays, Rose spent 14 years at Unilever, where she held several senior roles encompassing security as well as IT.
Elizabeth Murray HSBC, Cyber Security Awareness, Culture and Training, HSBC Operations
A military veteran, Murray became HSBC cyber lead after a successful 20-year career. While in the military, Murray became the first female tactical air traffic controller, an air defence missile gunnery instructor and held the role of military project manager in a high-tech simulation training facility. It was this last role where she says the skills she now employs in cyber in the banking world were honed.
Specialising in education, Murray uses expertise as a suicide first aid instructor, human resilience specialist and mental health first-aider to deliver human factors led, diversity and inclusivity aware training.
While there was a limit to the number of winners that could be included in the digital event, several women missed out by just one vote and while they are equally inspirational, for the purposes of this event, they are our Highly commended:
Zoe Rose, cybersecurity specialist, Cisco champion and certified Splunk architect
Leigh Anne-Galloway, cyber security resilience lead at Positive Technologies
Helen Rabe, global CISO, AbCam
Elisabetta Zaccaria, founder of Secure Chorus
Annabel Berry, CEO, Sapphire
Cath Goulding, CISO, Nominet
Jacqueline De Rojas CBE, president, TechUK
Obviously a different set of judges would have had different opinions, as this selection is subjective, based on the views of the judges, but we are confident that our judges are of sufficient stature that, while they may have left out people you would like included, and some individual judges’ favourites missed out, all the women in our final list are worthy winners. Our judges are:
*Judges:
Jane Frankland, Cybersecurity Influencer & more, Independent
Nicola Whiting MBE, Chief Strategy Officer, Titania
Becky Pinkard, Chief Information Security Officer, Aldermore bank
Kate O Flaherty, Cybersecurity Writer, Forbes, Wired UK, Infosecurity, The Times, IT Security Guru
Deshini Newman, Managing Director, EMEA (ISC)², Inc.
Amanda Finch. CEO, CIISec
Mandy Haeburn Little, CEO, BRIM Business Resilience International Management
Clare Johnson, Founder, Women in Cyber Wales, & USW
Emma Philpott MBE, CEO, IASME
Tony Morbin, Editor in chief, IT Security Guru
Dr Jessica Barker, Co-CEO, Cygenta
Emma Smith, Global cyber security director, Vodafone
Yvonne Eskenzi, Director, co-founder, Eskenzi PR & Marketing
Lynn Studd, Director, security BT