We interviewed Jaspreet Gill, a specialist in Cyber and Technology Risk about her perceptions of the industry and how we can encourage more women to enter the field.
Women in Cyber Security
We sit down with Jaspreet Gill, a specialist in Cyber and Technology Risk and currently the Global Head of Risk ORC Information and Communication Technology (ICT) Group Data Management at BNP Paribas.
Jaspreet Gill is an experienced professional in the financial services industry who has consulted and worked for banking, insurance and asset management organisations. Her background encompasses building new teams and global business functions, regulatory compliance, emerging technologies and governance as well as strategy development for technology and Cyber Security teams.
What made you choose a career in Technology Risk and Cyber Security?
As a child I was encouraged to dream big, work hard and be dedicated to anything that interested me. Whilst I was completing my A Levels, I entered a National engineering competition which made me realise I enjoyed solving complex problems and that I wanted to make a difference in the future. This led me to study Electronic Engineering at University (which was quite rare for a female at the time ). This naturally piqued my interest in technology and over time, as more and more cyber security incidents became headlines, I knew this was an area I wanted to focus on within my career.
What have been your career defining moments?
I don’t think there was one major career defining moment, instead there were a series of small wins that made a big difference over time. For example, early on in my career one organisation I worked for had a security breach. I quickly realised that there was a lack of skills in the security team and it also highlighted the importance of having one. This allowed me to learn more about what was required to build this team in-house and develop the skills needed to ensure the organisation was better equipped to manage similar incidents. It was a great opportunity for me but equally I liked to challenge the status quo and wanted to be the first female in the team, to make an impact and bring fresh ideas.
What factors have been critical to success in your career? What kind of guidance did you have?
- I believe it’s incredibly important to have a host of mentors, sponsors and coaches. Many believe this should be provided by your line manager, however some of the best mentors I've had have been individuals across organisations, in addition to my line managers.
- Success is not achieved in isolation and I believe the teams I have worked with have been instrumental. They bring a host of ideas and differing perspectives to overcome obstacles and streamline processes and there is always a lot to be learnt from the people around you.
- Having a positive mindset has been essential. Having ambition, loving what you do, being open to change and opportunity as well as being adaptable has been key for me. For example, as technology is evolving there is a need to be continuously learning, staying up-to-date and even making predictions ahead of the latest developments.
What do you love most about your role?
Technology risk and cyber security is about protecting people and organisations from harm but when someone is victimised, discovering who did it, pursuing bad actors and taking preventive or corrective actions. I enjoy sharing and presenting ideas to board members and industry leaders, being able to influence decisions based on what we can learn from incidents and what we can improve is continuously rewarding.
"I would be naive to think I know or would ever know everything about technology risk, cyber security or data. There is always something to learn."
Prominent Cyber Security trends:
What are some of the key trends you’ve seen in the market and what do you foresee?
- There has been a change in mindset and awareness of people with regards to technology and cyber risks, from those within the business, to shareholders and board level. Therefore, there has been a greater shift and more importance placed on protecting organisations against these risks.
- The sophistication and skills of attackers will only continue to develop. Previously, there were only single individuals but now we hear of more organised cyber crime. Organisations will need to consistently develop their skills and defence against these strengthened attack vectors. The more complex our technological ecosystem (with IoT, machine learning, chat-bots, data lakes, block-chain to name but a few), the more challenging it becomes to address both systemic and new risks.
- The increased use of technology and manipulation/exposure of data needs more regulatory scrutiny and oversight, which requires organisations to place greater importance on compliance. As there is no single regulatory body or set of requirements globally, navigating these requirements becomes challenging too.
In your perspective - what’s the biggest threat to companies presently?
People expect every experience to be fast, seamless, instant, at the click of a button, with increased use of social media and applications. Not developing and adapting organisational technology quickly enough to compete with new industry entrants/disruptors forms a key threat. Technology and cyber risk can help identify technologies and processes to both meet client and customer demands, whilst reducing the exposure and vulnerabilities introduced from any large transformational change.
Other threats are more well-known - regulatory breaches/fines, loss of sensitive/critical/personal data and lack of business resilience in order to respond to an incident; all of which could result in lack of confidence from investors, clients, and employees.
What are some of the most sought after skills in Security?
Security teams all require a variety of skills (from third party technology security, to penetration testers, coders, data analytics, threat intelligence, governance, business resilience and so on). What is key is to find people who have technical skills, alongside strong interpersonal and business skills, for example, the ability to explain technical security jargon to the business in a way that is meaningful so they can make key decisions.
Importance of Women in Cyber Security
Why is it important to close the Cyber Security gender gap?
We need people with disparate backgrounds because the people we are pursuing, threat actors and hackers, also have a wide variety of backgrounds and experiences; taking people from the same backgrounds will most likely result in the same solutions. Given the huge skills gap in the industry, it makes sense to double the pool of talent.
How could we encourage women to build a career in Security and what advice would you give to them?
As an industry we need to continue working on education, awareness, industry perception, providing support and preventing barriers for entry. In particular:
- Don’t be intimidated and be willing to take on challenges. Say “yes” to opportunities! Initially I always thought I needed 100% of the skills to be the “perfect” fit for a role. As I had some experience in the area, one opportunity I was given soon after joining BNP Paribas Group, was to lead the build and mobilisation of a global network of data protection officers, in response to GDPR. Taking on this role allowed me to learn more about business operations and the regulatory requirements.
- Find mentors and coaches who will help you come up with ideas on how to navigate the industry.
- Go to conferences, meet-ups and read books to understand what others may have done in similar situations. I’m very thankful to have mentors, both male and female, who provide guidance, answer questions and point me in the right direction.
- Look for internal opportunities and make your intentions known. Early on in my career, I found a number of times where I would shy away from asking for what I wanted and so I missed opportunities. There may be a gap in skills within your organisation and you may be perfect to fill the position as you already understand the business and its culture.
- Be willing to continuously learn. Everyday there is a challenge and opportunity to learn something new. Even the most technical person in the room needs to continue learning to stay up to date with new technologies. If you are naturally curious and willing to think unconventionally, this would be a great career move.
How can someone with IT experience make a shift into Cyber security - where should the individual start?
- Share your intent to move from IT to Cyber security when looking for a new role
- Look for certifications specific to the cyber security skills required
- Identify a mentor or a coach who can help
- Read about the latest developments in the field
- Be willing to take on a learning curve and be adaptable
- Have a risk awareness mindset and the ability to think of alternative solutions
While the situation in the Technology industry has improved marginally in recent years, Cyber security and the Tech industry is still a male dominated world - what are your thoughts on this, have you seen an improvement yourself?
There have been advancements towards creating more diversity within Cyber Security and the Tech industry, however I believe there is still more to be done. Not long ago I joined a call where all other participants were male - when I announced myself there was complete silence, I introduced myself again and finally one of the participants kindly informed me that they were expecting a male to join the line. They had honestly admitted the error and after a few giggles we moved on, but it was interesting how there was an assumption of my gender based on my job title. We must continue working on awareness, industry perception, role models and preventing barriers to entry.