Introducing women with a deep interest in cybersecurity

Catherine Lee is an APAC Regional Senior IT Risk Management & Cybersecurity Specialist with expertise in Cybersecurity Governance, Risk and Compliance. She has profound experience in leading cybersecurity maturity risk assessment and third party security risk assessment as well as driving cybersecurity transformation roadmap implementation for a wide range of industries including Pharmaceutical, FinTech, Oil & Gas, etc. to ensure necessary security due diligence is in place while enabling innovation.

What brought you to the cybersecurity industry?

Upon graduation, I got a chance to talk to one of my primary schoolmates who had already started her cybersecurity career in a Big 4 consulting firm. As a non-fully IT trained student back then and after deep consideration, I had decided to give it a shot and accept a job offer in the same company. After starting my new role, I realized that cybersecurity was not all about vulnerability scanning and penetration testing. There’s also another equally important area focusing on cybersecurity governance, risk management and compliance which I find myself having a special interest in. I learnt a lot through various engagements/projects and took my first professional certification after 2 years in the industry. I am always grateful for the great opportunity, experiences and people who have guided me in transforming into a cybersecurity practitioner.

What were your defining moments in this industry, and factors or guidance that helped you achieve them?

Taking a career change could be undeniably scary and stressful at the beginning of the journey as the path ahead might be full of uncertainty. It’s totally ok to feel that! However, do not let your fear occupy you for too long until it pulls your back from progressing further into your new venture. Stay positive during difficult times and always be a self-starter keep learning as the cybersecurity landscape and digital space are fast-changing and evolving.

Over the years, I had had the opportunity to volunteer in various cybersecurity initiatives including AiSP Cybersecurity Awareness and Advisory Programme (CAAP) as well as AiSP Ladies in Cyber initiative and collaborate with like-minded professionals to share my thoughts in a series of school talks/ cybersecurity events.

What is it that you loved most about your role?

Being in the 2nd and 3rd line of defense for most of the time in my career, my role is to ensure that the identified cybersecurity risks are being reported to the key stakeholders of the company in a timely manner so that the senior management is having the right visibility and able to make risk-informed decisions. I enjoy the different conversations that are required to prioritize the investment and treatment strategies for the identified cybersecurity risk with the necessary key stakeholders of the company to ensure our company’s business continues to grow and at the same time stays in compliance with the applicable laws & regulations.

Prominent Cybersecurity trends:

What are some of the trends you have seen in the market lately, and what do you think will emerge in the future?

The demand for digital transformation and innovation has been rising more than ever and many companies are migrating to the cloud especially during the pandemic in order to better support the shift of more flexible working arrangements. Some of the top security threats that contributed to the alarming trend of cybersecurity incidents globally are phishing, ransomware, system misconfiguration (especially for new technology or due to lack of skilful resources in the company) as well as cybersecurity risk from supply chain management. As security breaches are getting more and more sophisticated and complex, it is important for us to ensure that appropriate security due diligence and controls are implemented in order for our company to be more resilient to cyber-attacks. The organization is also recommended to look into the adoption of emerging technologies such as AI & Machine learning to automate and improve the security detection and response capabilities.

Females in Cyber Security

What can we do to encourage more women to join the cybersecurity sector?

I think the good way to start is to get a preliminary understanding of what cybersecurity is and what are the available career options in this field. Do not be afraid to reach out and ask questions when in doubt. In addition, having a good mentor could provide tremendous help too as he/she will be able to share his/her experience and guide you through the journey.

Final thoughts

How can you debunk the myth that cybersecurity is only for men? Is there any indication this stereotyping is changing?

Diversity is crucial in cybersecurity as different people with disparate backgrounds bring broader perspectives in building a more resilient and healthy cyber ecosystem. With the increasing efforts from the professional associations and industry partners who step up the games to promote diversity and inclusion in this field, we are seeing more and more great opportunities, conferences, training, funding and mentorship programs in this space. So, my advice is to grab every opportunity that comes up and never stop learning.