Ahead of Cloud & Cyber Security Expo at ExCeL London on 8-9 March, Robin Bylenga spoke with Techerati on the human element of cybersecurity, the skills shortage, and diversity.
Robin is the Information Security Awareness, Education and Communications Lead at DWS Group. She will join a panel at Cloud & Cyber Security Expo on the importance of active threat detection.
> Get your free ticket
What is the most significant challenge facing cybersecurity professionals in 2023?
“We are always facing advanced and more sophisticated attacks through phishing, particularly on mobile devices and business email,” said Robin, whose focus is largely on the human factors and internal threat management, which are often the weakest links.
“A lot of the time, we are playing catch-up. More and more aggressive attacks are happening where we least expect them. We are busier, we have so much going on in our lives and there is so much noise with our mobile phones, laptops, and other devices,” added Robin.
It is important for people to stay alert at work, but to also be mindful of their fatigue because this can be when you are most at risk.
What is the biggest cybersecurity opportunity for business leaders?
For Robin, there is an opportunity to educate and help colleagues protect their company and themselves.
Robin recalled a particular discussion with a colleague: “He said ‘I don’t know why you’re bothering me with security, isn’t that your job?. But I think of this quote by Jenny Radcliffe, The People Hacker, ‘I don’t need to break into your locks… I just need one person’.”
When asked whether the attitudes of her former colleague still exists in workplace cultures, Robin believes it has changed to a healthy belief that everybody’s job is security.
“When you are responsible for developing a culture, it is not an overnight process. It takes at least 18 to 24 months. It is critical to align security culture goals with business goals. Security cannot get in the way of a functioning business because people want to do their jobs and they want to do it well.
“Security should be a blame free, not accountability free culture. What we really want is to build a culture of reporting.”
> Watch the full interview with Robin
Does the cybersecurity skills shortage really exist?
Robin believes the cybersecurity skills shortage is a misnomer, as there are many talented individuals of all backgrounds that are interested in this line of work.
“I think we are not communicating correctly with our HR departments and writing the correct job descriptions. We are asking too much on CVs and paying too little. We have all seen the job descriptions that want 10 years of experience in one program, but it has only been around for five years. You want all this experience and a CISSP that takes five years to get.
“We have got to have a ‘get real’ discussion. I have a lot of colleagues that have had a hard time finding positions, so I find it shocking every time I hear ‘skills shortage’. If so, why? If your company is having such a hard time finding positions, I would take a look inside,” said Robin.
Part of the key to tackling any believed skills shortage is through embracing diverse talents of all gender, age, ethnicity, sexuality, and background.
“When we talk about diversity, it’s not just ticking boxes, it’s not just making sure that we all have someone to talk to at lunch. It is about bringing in different viewpoints.”
Robin recognised the importance of in-person events like Cloud & Cyber Security Expo as a place where building networks and speaking to people who have different perspectives is good for business.
“I hope that I can bring value to to this conversation and I’m really excited to be a part of it,” added Robin.
