Q&A: Making security part of your organisational culture, with BHF’s Megan Pentecost
Wed 19 Feb 2020 | Megan Pentecost

What was your earliest ambition?
My earliest ambition was to be an astronaut and discover the mysteries of space. I even spent one of my Summer school breaks studying space and requesting additional information from NASA.
I think I’ve always been curious about how we’ve gotten to where we are and what else is out there to be discovered that we don’t know about yet.
What is your current ambition?
To attend Space Camp!
Kidding aside, my current ambitions are to keep learning and to get more people interested in cyber security, in terms of both understanding how various skills are transferrable to cyber security roles and how to secure their own personal data. There is room in information security for everyone.
What does a positive security culture mean to you?
To me, a positive security culture is about how engaged individuals are with security, recognising its importance, and understanding what good security looks like.
I believe positive security culture is built through relationships. I want people to ask our team questions, to feel it’s a safe space to discuss issues and to feel that we’re working as a partnership to achieve positive outcomes.
What is one cyber security myth that frustrates you?
That it’s solely the Information Security team’s responsibility to make organisations secure.
There are definitely policies, procedures and training which are required from the security team, as well as being subject matter experts on cyber security, but the responsibility doesn’t stop there. We need collaboration with other teams to secure our organisations. We need every user to understand potential threats and how to react should they encounter one.
How do you practice cyber security at home?
At home it’s about the basics such as ensuring my programs and drivers are up to date, backing up my important documents and photos and running internet security products. I use a password manager. Most of my social media accounts are set to private. In terms of my family and friends, I let them know about current scams and answer any questions they have about cyber security such as understanding how one of their accounts may have been hacked. I try to share my knowledge where I can.
What is one of the biggest challenges facing cloud & cyber security professionals today?
The speed of change in technology and ensuring we’re keeping up with how new technologies work and how best to secure them.
What excites you most about the future of the industry?
The focus shift I’m seeing into human behaviour, maybe it’s my degree in psychology or maybe it’s my love of analysis, but it’s interesting to see where investigation into this area of security will lead the field and what will develop from our understanding of human factors and behaviour. I’m hoping it will lead to things like better detection of insider threats and how we can better encourage, support and retain talent in the cybersecurity.