My life at CGI, by a cyber security director
I joined the Civil Service straight from school: my mum was adamant that if I wasn’t staying in education I was going to have ‘a proper job’. HM Revenue & Customs (HMRC) had just been rehoused to Telford, close to my hometown of Newport, and so I applied. My first role was a clerical assistant in a tax office.
From tax to technology
It seems almost accidental that I ended up in cyber security. I applied for a role that was being advertised internally in HMRC’s ‘departmental security unit’ when I couldn’t see where my next promotion was coming from in the tax office. I wasn’t actually sure what it involved; I wondered if it involved ‘stopping people stealing things’ and in a way it did.
My initial job involved managing the IT incident reporting across all of the HMRC offices. My role was to log security breaches and spot trends and patterns, so that we could devise new policies and issue new guidance. Back then, along with bogus phone calls, the main source of breaches came from thieves breaking into offices and stealing chips from networked PCs that also contained data.
From public to private
Over the years, I was promoted, but after eight years in the Civil Service I once again reached the position of not knowing what my next step could be; I always have one eye on pushing myself to do something new. At the time we were working with consultants from Logica, now part of CGI. I got on well with them and I liked their approach to work. I asked them ‘how do you become a consultant?’ and they answered ‘send us your CV’.
There was a big culture shock in moving to the private sector, but CGI offered me both flexibility and support. The way in which the business is structured through vertical sectors, and having security working across those sectors, means that our security professionals have a wide range of opportunities. In some businesses, if you are placed in security for oil and gas you stay in that sector, but at CGI you can work across industries. I myself have worked in government, transport and medicine to name but a few sectors.
From consultant to director
There are three broad areas within cyber security. The first comprises the technical analysts, who do what most people think of as cyber security, acting in the hunting-theadversary role. The second is where I sit: in risk and compliance, working with clients to ensure that their business is secure, essentially saying ‘if that is your brief, we need to take these actions’. The third is made up of the technical architects who build the controls, firewalls and so on and monitor their performance to guard against attacks.
I began at CGI as a business consultant and my first project was on business continuity in the face of an attack, which played to my background. I took on more responsibility over the years and I now report to a vice-president. My role is 50% consulting, 50% people management and 50% business development – so it’s busy!
I am still hands-on with client relationships. Yesterday, for example, I met with a client who required some additional security to address risks identified in an audit. I also spend a lot of time developing my people. I lead a team of people ranging from degree apprentices to senior staff who have been here 25 years. I am very aware that the next generation of directors is in my team somewhere and it is my job to coach them. My vice-president recently nominated me as team leader of the year in the FDM everywoman in Technology Awards. I felt honoured and privileged to be thought worthy of nomination and I reached the final.
Impressed by initiative
I get involved with recruitment events at universities and I am impressed when students have used some initiative. At one event, we posed a question to the room about how the participants could further their knowledge and one person said that they were volunteering at a charity to share their cyber skills. I made a note to speak to that person afterwards.
Communication and networking skills have been vital to my success so far. I always advise our graduates to contribute to every meeting they go to, even if it is just to check their understanding of the discussion. I also think that at every meeting or event graduates should add someone new to their network: you could start by saying how useful you found someone’s contribution.
It’s well known that women make up a small proportion of the cyber security workforce. I often go into schools to promote STEM careers and I also created and facilitate CGI’s women in cyber security group. We actively support each other – whether over afternoon tea or a webinar. It is good for the junior members of the company to look through the organisation and see role models: that they can be team leader or director. I am in turn also inspired by our female vice-presidents and Tara McGeehan, CGI UK’s president.