The IT Security Guru’s Most Inspiring Women in Cyber Awards aims to shed a light on the remarkable women in our industry. The following is a feature on just one of the many phenomenal women put forward for the 2021 awards. Presented in a Q&A format, the nominee’s answers are written in their own words with minor edits made by the editor for readability.
This year, the awards are sponsored by KPMG and Beazley.
Bronwyn Boyle, CISO at Mambu
What does your job role entail?
I’ve recently joined Mambu as Chief Information Security Officer, accountable for the security of Mambu’s banking-as-a-service platform and of the broader organisation. I’ll also be supporting security across the broader ecosystem of customers that are utilising Mambu to open up financial services, promote innovation and support financial inclusion across underserved communities across the globe.
How did you get into the cybersecurity industry?
I started my career as a software developer, cutting Java code and working on the first wave of digital banking services, back in the DotCom era. At the time, developers received very little support or training on security – it was seen as someone else’s problem and often bolted on at the end of the development lifecycle. This didn’t sit well with me, so I decided I’d better upskill – I took a year out to study an MSc in Security & Forensic Computing, and the rest is history..!
What is one of the biggest challenges you have faced as a woman in the tech/cyber industry and how did you overcome it?
The lack of female role models, particularly when I was first starting out. I was frequently the only woman and struggled to make my voice heard. I overcame this by actively seeking out inspiring female role models (I’ve been lucky enough to have worked with a number of formidably talented women) and by getting involved in female networking communities. I also learned to silence the “imposter syndrome” voice and speak up, and to create psychologically safe spaces in meetings that encouraged contributions from all individuals.
What are your top three greatest accomplishments you have achieved during your career so far?
Supporting the security of the open banking ecosystem
My recent role at the Open Banking Implementation Entity has given me an amazing opportunity to support the open banking ecosystem by helping improve the security of the 600+ companies enrolled in open banking.
I’m particularly passionate about supporting smaller organisations and third-party providers (TPPs) who may not have the resources or subject matter expertise relating to cyber and fraud risks. I’m proud to have designed and delivered a number of initiatives to better help these organisations and support the overall security of the ecosystem, including:
- Creation of tailored good practice on security and counter fraud, to accelerate maturity and understanding of new entrants to the open banking ecosystem.
- Providing tailored threat intelligence to TPPs, to ensure they can keep track of the evolving threat landscape.
- Hosting thought leadership sessions to upskill open banking participants on key security and fraud best practices. Our last session was on Threat Modelling, with Adam Shostack, and was a great success!
- Building a trusted community, the Security & Fraud Working Group, to collaboratively address emerging threats and share best practices. As a result of my work in maturing this community and furthering trusted relationships with organisations such as the Cyber Defence Alliance, the SFWG is now collaborating together on coordinated responses to security and fraud events, allowing earlier intervention, minimising the blast radius of incidents and reducing fraud.
- Creating focused security awareness messages that can support TPPs and promote secure user adoption, while fostering the safety and security of the ~4m SMEs and consumers using open banking products and services.
Fostering closer alignment of security and counter-fraud to prevent customer harm
I’ve been focused on driving closer alignment between security and fraud for many years, given their inter-relation and the opportunities to prevent customer harm by cutting across siloes. I’m happy to have achieved a number of successes in this area, including:
- Creation of the Counter-Fraud Fundamentals certification scheme with IASME. This first-of-its-kind scheme provides a mechanism to upskill organisations on best practice fraud controls and gain certification by evidencing they have these controls in place. As well as fostering customer trust, the scheme is driving industry standardisation of counter-fraud controls.
- During my time at Lloyds Banking Group, I drove increased alignment between Security, Digital Banking Fraud and Financial Crime teams by breaking down silos, embedding mechanisms to share upstream and downstream intelligence and fostering collaboration.
- As Director of Information Risk Management at Barclays, I won an industry award for my fraud awareness campaign “Faking it”, which aimed to empower front-line customer-facing staff in recognising and challenging fraudsters and cybercriminals, resulting in a 125% increase in fraud reporting.
Promoting secure use of social media
As the recent Facebook revelations clearly demonstrate, we need to do more as a society to ensure social media is used securely. I’ve long been an advocate for this approach, and was proud to pioneer secure, approved use of social media during my time at Barclays. Recognising that the bank’s policy was prohibiting safe engagement on social media and was inhibiting the business, I proactively engaged with Barclays HR Director to secure a mandate from ExCo to develop and implement a social media governance framework and implement controls for secure and safe adoption (e.g. policies, technical controls for ensuring safe social engagement, access management framework etc.). I’m also currently focused on a number of education initiatives covering the secure use of social media, as well as engaging with schools and industry stakeholders.
What are you doing to support other women, and/or to increase diversity, in the tech/cyber industry?
I actively mentor a number of girls and women looking to break into the industry or further their careers. I’m currently working on a number of education initiatives, to promote cyber security practices and ensure girls see tech/cyber as an attractive career opportunity. At Mambu, we’re committed to creating a culture where everyone belongs. We believe in full-spectrum diversity, inclusive of gender, ethnicity, orientation, ability, nationality, religion, background, and culture.
What is one piece of advice you would give to girls/women looking to enter the cybersecurity industry?
Yes you can! Believe in yourself, embrace the challenge and take your seat at the table to help make the world a better place!