The IT Security Guru’s Most Inspiring Women in Cyber Awards aims to shed a light on the remarkable women in our industry. The following is a feature on just one of the many phenomenal women put forward for the 2021 awards. Presented in a Q&A format, the nominee’s answers are written in their own words with minor edits made by the editor for readability.
This year, the awards are sponsored by KPMG and Beazley.
Shehnaaz Sonde, Senior Manager – Cyber Response Services, KPMG
What does your job role entail?
As part of KPMG’s Cyber Response Services team, I help numerous clients to recover from cyber-attacks. As a senior manager, I manage some of our biggest and most complex client engagements within incident response, utilising not only our UK resources but KPMG’s global network of member firms.
My role also involves performance management and I have 3 appraisees that I do this for. This involves helping them to create and meet their goals and objectives annually, annual performance reviews and supporting their wellbeing needs. Additionally, I’m part of the FS Cyber leadership team and therefore responsible for growing the KPMG cyber practice as well as the wellbeing and development of people in the team.
Additionally, I champion diversity and inclusion, specifically leading our Women in Security agenda. I’m building a network for women to come together and discuss topics of importance such as imposter syndrome, challenges that we face, etc. I am also a mentor for junior colleagues and I am currently helping 4 colleagues define and progress their cyber security careers.
How did you get into the cybersecurity industry?
Unfulfilled by my role in IT infrastructure and intrigued by seeing so many major cyber-attacks being reported in the press, I embarked on some cyber security training courses in my spare time to start building my skills and knowledge in the area so I could make a transition into cyber. About 6 years ago, an opportunity arose for me to move into InfoSec project management allowing me to begin my cyber security career. In that role, I was denied the opportunity to move into a more hands-on role that would have allowed me to expand my skills further and decided it was time to move on, which led me to KPMG.
I wanted to do more exciting things in cyber, and a move into cyber incident response allowed me to do just that as I found my passion and excitement for dealing with crises and helping clients in some of their darkest hours. After all the challenges, it was great to finally be in a role that I enjoyed and find something I’m truly passionate about. There’s an incredible sense of reward and accomplishment from helping clients get back on their feet and ultimately, saving people’s livelihoods.
What is one of the biggest challenges you have faced as a woman in the tech/cyber industry and how did you overcome it?
Sexism – being told women can’t be technical; technical skills can be learned but you can’t learn the softer skills. Being bullied and harassed, senior-level directors making sexual remarks in an open office, being told women get promoted because of the feminist movement, being overlooked for promotion in favour of a man, not being taken seriously because I’m a woman, everything being turned into a battle when it comes to delegating and asking for tasks to be completed.
For the best part, I didn’t let much of it get to me. But some of the issues felt like personal attacks at times and these were the most difficult to overcome. Throughout it all, I’ve remained persistent and true to myself and the cause. My work and delivery to clients always came first and through perseverance, I was able to build resilience. Over time, I have learned not to take things so personally – still a work in progress!
I went through counselling when I felt I needed it which helped me to see things from a different perspective. Being naturally inclined to bottle things up, I learned to talk about things, speak up and seek advice, which I’ve found power in doing. One of the biggest things I have learned is that it’s usually not about me, it tends to always be about the other person and their own internal struggles. Knowing and really believing this makes a huge difference and allows me to step back from the situation and take stock. Everyone struggles and is dealing with things that others don’t know about. Understanding this has allowed me to move forward from the hard times.
My message to others would be to never give up something you truly believe in. Believe in yourself and your abilities, if anyone tries to bring you down, let them do just that…try, but don’t let them win. Show your strength and be proud of it. Always speak up and speak your truth, don’t be afraid to seek help and advice, I can hand on heart say it can make the difference between staying and leaving a job you love.
What are your top three greatest accomplishments you have achieved during your career so far?
- Having been through many challenges throughout my career, the transition into cyber security itself and then into a deeply technical discipline such as incident response and finding success in it; Especially, following denial in my previous job to a more hands-on role to help build my skills. I didn’t get the support I needed back then, but I did it anyway!
- Finding my passion – moving into incident response has been awakening for my career. I’ve been involved in so many exhilarating and challenging cases which I have been genuinely proud to provide assistance with to our clients. It’s something I am passionate about and really enjoy. I feel I’ve rightfully earned my place in a dynamic and high achieving incident response team through the work I’ve delivered to all the clients I’ve worked with, and through re-energising our relationship with our largest key incident response client.
- Achieving promotion to senior manager within KPMG and leading my team to many operational successes. Being part of the leadership for the cyber response services team has allowed me to help my team grow and perform at a high level, delivering quality to our clients. Knowing I’m playing a part in helping others become successful is rewarding.
What are you doing to support other women, and/or to increase diversity, in the tech/cyber industry?
As outlined above, I am the lead for KPMG UK’s Women in Security initiative. My passion for this arises from knowing there is still so much to do to change the perceptions and hard ingrained thinking that still haunts our society today when it comes to women in technical careers.
I am bringing together a community within our cyber team that provides support, networking, knowledge-sharing and opportunities to speak on topics close to people’s hearts, including sharing stories of women’s career journeys. Meetings are held once a month where we either have a guest speaker, choose a topic for discussion or someone does a presentation on something that they do or enjoy. One of the key objectives of this community is to provide support to junior colleagues who may be struggling with something and don’t know where to go, what to do or don’t have anyone to talk to in their time of need. This is something that’s very close to my heart as I’ve been in numerous situations where I’ve not known what to do and been afraid to speak up out of fear of negative repercussions. The initiative also supports external events such as this awards event and collaborations with other companies to host events to discuss women’s careers and help recruit more women into cyber security.
In addition, I am also a mentor within KPMG’s ITs Her Future network, mentoring 4 junior women from different technical backgrounds. It’s been great to be able to make a difference in these women’s careers and share my experiences and knowledge to help ensure they can avoid some of the challenges I’ve faced over the years.
What is one piece of advice you would give to girls/women looking to enter the cybersecurity industry?
Just do it! Cyber security is one of the most exciting areas in the technical field. There are so many different aspects to it from pen testing and incident response to strategy, privacy, and risk. In my role in incident response, there is such an adrenalin rush and excitement when a major incident comes in and we have to help the client through one of their toughest times. No two incidents are the same. Every case is different and comes with its own excitement and challenges.
I could not recommend a better career than cyber security, there are so many opportunities and it’s a growing area within the technical field that is crying out for skills and people. If you are interested, my advice would be to absolutely go for it! What are you waiting for? Come and join the fun and help shape the future of cyber and your career!