The IT Security Guru’s Most Inspiring Women in Cyber Awards aims to shed a light on the remarkable women in our industry. The following is a feature on just one of the many phenomenal women put forward for the 2021 awards. Presented in a Q&A format, the nominee’s answers are written in their own words with minor edits made by the editor for readability.
This year, the awards are sponsored by KPMG and Beazley.
Alison Dyer, Group CISO at Urenco
What does your job role entail?
I’m responsible for all aspects of cyber security and information governance across Urenco’s operations in 5 countries. Urenco provides Uranium enrichment services and nuclear fuel products for power generation. The technology it operates is valuable, protected technology under nuclear non-proliferation agreements and is highly regulated.
As CISO, I have built a new function and a small team delivering both business-as-usual security operations and also an extensive improvement programme that will raise the bar on Urenco’s InfoSec capabilities. I’ve worked closely with the four government regulators and also with the intelligence agencies to understand and respond to the increasing threat to our critical national infrastructure. We partner with business teams to develop the business, ensuring new initiatives are secure by design.
The CISO role at Urenco is a broad role. In addition to protecting the internet-facing business IT networks, there are extensive regulated OT plant environments with legacy technologies. Information Governance plays a large part in the role. Both in ensuring correct information handling when collaborating with classified and export-controlled information, and also delivering the compliance activities under GDPR.
How did you get into the cybersecurity industry?
My career started in engineering and progressed into IT working for GSK for 16 years in a variety of IT roles. I completed a 3-year global assignment in Asia with GSK and on returning to the UK 10 years ago, took a programme and project portfolio role. One of the programmes in that portfolio was the new Information Protection programme and I moved into the programme lead role. I had no experience in information security at that time, but had a reputation for delivery and understood the business operating model.
The programme expanded rapidly growing to a £100m programme deploying to over 100 countries. I structured the programme and built the execution capability needed to deliver this large transformation programme. In doing so, I fell in love with cyber security – a niche subject area allowing for technical depth while still allowing the variety of working with all business areas.
By the time the new permanent CISO was recruited 2 years later, I knew I wanted to work in cyber security. I agreed to stay on to run the programme on the basis that GSK would sponsor my master’s degree in Information Security at Royal Holloway. I graduated with Distinction in 2016 and continued to lead GSK’s programme consolidating the theory from university with the practice of implementation. In 2018, my mentors indicated that I was ready for my first CISO role and I moved to Urenco in July 2018.
What is one of the biggest challenges you have faced as a woman in the tech/cyber industry and how did you overcome it?
The isolation that I feel as a female CISO. Often as a CISO, you are the lone voice raising risks to people who sometimes don’t want to hear them. Working in such a male-dominated industry, my voice is not only the lone voice but also a different female voice. Personal resilience and internal strength are essential to my success. These are built through a network of friends and mentors who support me and build my confidence.
What are your top three greatest accomplishments you have achieved during your career so far?
- Setting up a Global IT Centre in Kuala Lumpur, Malaysia for GSK and growing it from start-up to 270 roles in 2 years.
- Establishing GSK’s Information Protection programme and developing the execution capability and programme governance to deploy £30m+ of security investment each year.
- Creation of Urenco’s Information Security function from start-up. Hiring a diverse, talented team. Building strong external relationships with regulators and intelligence agencies needed to defend and protect critical national infrastructure.
What are you doing to support other women, and/or to increase diversity, in the tech/cyber industry?
Diversity starts at home, and to have diversity, you must create an inclusive working environment where everyone can thrive and fulfil their potential. I believe in leading by example, building a diverse team – both in thinking and also other aspects of diversity such as gender, ethnicity and disability.
I have mentored a number of amazing women over the past decades. Since moving into cyber security, I have supported many ‘Women in Security’ initiatives – speaking at networking events and sharing my experiences and lessons learned. Openly sharing my mistakes in the hope that the next generation of women in cyber security will be able to avoid them!
I developed a case study on how to build a gender-diverse information security programme which I presented at ISF Congress.
Most importantly, I continue to work in a highly technical environment, in the male-dominated nuclear industry, being a visible female leader. I lead the CISO working group for the UK civil nuclear sector and I am a member of the Cyber Security Oversight Group (run by BEIS).
What is one piece of advice you would give to girls/women looking to enter the cybersecurity industry?
Don’t let anyone stop you from fulfilling your potential and achieving your goals. Surround yourselves with a network of strong women who you can turn to when things get tough. A network that will build your confidence when others seek to knock it down.