Interview – Epic Women in Cyber

Intro

Hello, I’m Diane, I’m from the island of Malta and am really honoured to be part of this blog featuring such amazing women! Something about me — I am currently leading a team of cybersecurity professionals in a technology company within the gaming industry. As the Director of Information Security, I am responsible for the organisation’s product and corporate security and its overall security strategy. My favourite part of the job is leading my team, seeing them grow as individuals and professionals and supporting them as they do so.

My area of expertise is information risk management, and using the awareness of risk to prioritise and maintain focus when it comes to implementing cybersecurity controls within an organisation.

I am a firm believer in mindfulness and self-awareness, I think that they are key to personal and professional growth. In my spare time I like to read and I love to taste new cuisines. Recently I’ve also started learning photography, and I’m loving every second of it.

How did you get into the cybersecurity field?

It was totally by coincidence. I studied IT at university and started working as an IT consultant and auditor at PwC straight after, not really knowing where the road would take me. I remember being in a PwC training course, where they were showing us how an audit programme is built, why certain controls are audited and why certain systems were chosen for a specific audit. It all boiled down to risk within the context of the organisation being audited, risk to information and technology fed into cyber security controls and decisions. That is where my love for information risk management and information security started.

After doing my Masters in IT, Management and Organisational Change in Lancaster, I then started my first job focusing solely on information security. It was intense, as the business was super diverse, but I loved every minute of it. That’s the thing about information security; it can be applied differently in every business, depending on the operations of the organisation and its risk appetite. You need to really understand the business to decide what to prioritise and how to build your information security strategy, and that’s the reason why I enjoy it so much. It’s diverse and ever-changing.

What are the main challenges in this field?

I would say that one of the main challenges in this field is mainly linked to the fact that the scope of cybersecurity is so wide. As professionals we need to ensure the protection of processes, people, physical premises, information and the underlying technology.

What then amplifies the challenge further is the fact that technology is continuously evolving, and with new technologies come new threats and vulnerabilities that can be exploited to cause harm. It’s as if bad actors never sleep, we hear of a new attack or an evolution of one on a daily basis.

All in all it can be quite overwhelming, and I think the key is to be ready to adapt to the constant changes and accept the fact that you cannot do it all. What’s important is that you maintain an awareness of your risk, and prioritise against it. And be open to learning, everyday, because what you know today might be extinct tomorrow!

What are the things you’ve learned being a woman in cybersecurity?

Lately, I’ve been trying to not focus so much on the fact that I am a woman. I want to be part of the cybersecurity world, and I worked hard to be where I am today. I deserve to be part of the field, as much as any man.

From my experience starting out, it can be a bit overwhelming to notice that most of your peers are men. I remember attending a conference in my first few months of work, just out of university, and all the attendees bar one were men. It can be intimidating when you look around the room and at first glance, realise that you cannot relate to most of the people there. However, with time I’ve gotten used to that, I’ve learnt to look past the gender of the people around me and just own my voice. I’ve learnt to speak up and share my ideas.

My focus is that of risk management, I am not a highly technical person in that I have never been a security engineer configuring or implementing systems myself. I look at things from a different lens to the technical community within information security. This was something that used to hold me back, really magnified my imposter syndrome. It doesn’t anymore. I’ve realised that what I have to say is also important, that looking at information security from a business and risk management point of view, is as important as talking about implementing security in technologies.

All expertise matters and us cybersecurity professionals, men and women need all the help we can get. We should not focus on what differentiates us i.e. gender and areas of expertise. We need to stick together and focus on what binds us, our common objective of protecting our organisations and our information. We all need to do our part to ensure that our field grows in diversity and show all young women, and men, that there is a place for anyone in the field who is passionate about contributing to it.

What advice would you give to women who would like to join the industry?

I would encourage them to read about the field, see what interests them and then go for it. The cybersecurity industry is such a diverse field, and we need more women joining it. I joined a Think Tank by Somi Arian last week, and Lisa Forte was talking about how women look at risk differently to men, not better just differently. We need that kind of diversity in our field. The more diverse we are, the stronger we will be as an industry.

If you’re thinking of joining the cybersecurity field, start learning about the various areas that make up the industry and get your hands dirty trying things out. It’s only through experience that you will learn what you like and what you’re best at. Don’t let anyone or anything hold you back from trying, believe that there is room for all kinds of knowledge, talent and experience.

If you need someone to talk to, always happy to discuss — ping me on LinkedIn or send me an email on mail@dianeabela.com.

Who are your role models?

There are a lot of people I admire, people like Julie Sweet, Roberta Metsola and Simon Sineck. However, I would say my role models are my parents. They’ve believed in me all my life and taught me my core values. They showed me the importance of being kind and respectful to everyone around me, never focusing on anyone’s gender or race. A person is a person, and they should be respected. From my parents, I learnt the importance of discipline, grit and hard work.

Most importantly, they never treated me any differently because of my gender. They always pushed me, as they did my brother, to be the best person I could be. I hope that as I grow I am also able to have this kind of influence on the people around me.

If you could go back in time to your first days in the industry, what would you do differently or tell yourself?

The first thing I would tell myself is to be patient. To allow myself to learn and experience things. Not to push myself so hard and give myself more time to grow. It is ok to not know how to do things, it is ok to say that out loud, it is ok to own the fact that you are still learning. I would give myself the time and the space to do that, as I do now.