Features Hub

Q&A: Making security part of your organisational culture, with BHF’s Megan Pentecost

Wed 19 Feb 2020 | Megan Pentecost

Megan Pentecost is an experienced information security professional working in the charity sector after many years analysing and designing systems in the US financial sector. She engages with multiple teams across her organisation to select and implement secure solutions, establish information governance and manage security risk. With a background in psychology and business analysis, Megan has a keen interest in the human and behavioural side of information security, alongside introducing technology based solutions to continuously improve performance and manage risk.

What was your earliest ambition?

My earliest ambition was to be an astronaut and discover the mysteries of space. I even spent one of my Summer school breaks studying space and requesting additional information from NASA.

I think I’ve always been curious about how we’ve gotten to where we are and what else is out there to be discovered that we don’t know about yet.

What is your current ambition?

To attend Space Camp!

Kidding aside, my current ambitions are to keep learning and to get more people interested in cyber security, in terms of both understanding how various skills are transferrable to cyber security roles and how to secure their own personal data. There is room in information security for everyone.

What does a positive security culture mean to you?

To me, a positive security culture is about how engaged individuals are with security, recognising its importance, and understanding what good security looks like.

I believe positive security culture is built through relationships. I want people to ask our team questions, to feel it’s a safe space to discuss issues and to feel that we’re working as a partnership to achieve positive outcomes.

Megan Pentecost - Information Security and Data Compliance Manager, British Heart Foundation

What is one cyber security myth that frustrates you?

That it’s solely the Information Security team’s responsibility to make organisations secure.

There are definitely policies, procedures and training which are required from the security team, as well as being subject matter experts on cyber security, but the responsibility doesn’t stop there. We need collaboration with other teams to secure our organisations. We need every user to understand potential threats and how to react should they encounter one.

How do you practice cyber security at home?

At home it’s about the basics such as ensuring my programs and drivers are up to date, backing up my important documents and photos and running internet security products. I use a password manager. Most of my social media accounts are set to private. In terms of my family and friends, I let them know about current scams and answer any questions they have about cyber security such as understanding how one of their accounts may have been hacked. I try to share my knowledge where I can.

What is one of the biggest challenges facing cloud & cyber security professionals today?

The speed of change in technology and ensuring we’re keeping up with how new technologies work and how best to secure them.

What excites you most about the future of the industry?

The focus shift I’m seeing into human behaviour, maybe it’s my degree in psychology or maybe it’s my love of analysis, but it’s interesting to see where investigation into this area of security will lead the field and what will develop from our understanding of human factors and behaviour. I’m hoping it will lead to things like better detection of insider threats and how we can better encourage, support and retain talent in the cybersecurity.

Join Megan at Cloud & Cyber Security Expo London, 11-12 March, ExCeL London

Making security a part of your organisational culture
12 March
10:55 – 11:15

Experts featured:

Megan Pentecost

Information Security and Data Compliance Manager
British Heart Foundation

Send us a correction Send us a news tip