Introducing women with a deep interest in cybersecurity

Dr Magda Chelly is a world-renowned cybersecurity professional. She has actively built cybersecurity strategies for companies and provided guidance on topics from governance and security architecture to security operations as a Certified Information Systems Security Professional (CISSP) and Certified Information Security Officer (S-CISO). Her vast industry experience comes from taking on roles ranging from IT consultant to Information Security Officer and most recently, Head of Cyber Risk Consulting at Marsh Asia, where she developed a quantitative measure for cyber risks and built on their risk identification and risk transfer capabilities.

Now Managing Director and founder of her own company – Responsible Cyber, which had a valuation of SGD7 million as at April 2020 – Magda continues to drive cross-industry excellence with her technical and communicative expertise in cybersecurity, risk quantification and cyber insurance. A much sought-after keynote speaker, she has established her own unique brand in a male-dominated field and is continually looking to do more for her women in tech compatriots through the non-profit organization – Women on Cyber chapter in Singapore – she founded and leads.

But perhaps her most groundbreaking contribution to the cybersecurity ecosystem in Singapore is her pivotal role in the development of IMMUNE SRCM, a SaaS platform that automates and guides the management of third-party cyber risks. This future-proof solution will revolutionize the way businesses approach cybersecurity – as a business risk, and not just an IT problem – in an increasingly digitized world.

What brought you to the cybersecurity industry?

Provide some insight into how you ended up working in this profession. E.g, Was it because you realise you loved solving puzzles? Or was there a particular moment or event that made you believe you were made to join? Or was there someone who inspired you?

It's hard to pinpoint a single event, but I'd say it was a combination of things.

I discovered my passion for cybersecurity the first time while researching my doctoral thesis. However, my research was not linked to cybersecurity, but localization indoors. I was researching for an alternative solution to GPS, due to its challenges. The applications for indoor positioning are varied and can include anything from tracking the location of employees in a factory to helping customers find their way around a retail store. It can also be used for security purposes, for example by tracking the movement of people inside an office building or tracking who is in a particular area at any given time.

There are a few different types of indoor positioning. One common approach uses Bluetooth to detect devices that are near to a given point in order to calculate their position. Other methods use ultrasound, infrared signals, or magnetic fields. Each has its own advantages and disadvantages, but they all aim to provide a way of determining the location of objects or people inside a building.

I think what really got me hooked was when I read about all the different ways hackers can exploit systems and how companies were trying to defend themselves against these attacks. It was like an arms race between the good guys and the bad guys, and I wanted to be on the side of the good guys. So eventually, it became my passion, and I've never looked back.

My career in cybersecurity however did not start immediately as I quickly realized upon graduation that cybersecurity was not the focus for those in the private industry during my 7 years in Paris. Companies were not mature and were focusing on digitization rather than security. My flair for communications saw me taking on several non-technical and technical roles, cutting across sales, pre-sales, and business development before eventually moving into my field of interest and starting as a Cybersecurity Evangelist.

What were your defining moments in this industry, and factors or guidance that helped you achieve them?

Provide some insights into what defined your success / what got you to the place you are in today. And/or what steps you took to get you here. Was it someone, or some people? Was it tenacity? Or were you just at the right place at the right time?

There have been many defining moments in my career in cyber security, but a few stand out in particular.

Early on, I was given the opportunity to support cyber awareness initiatives. This was a pivotal moment for me because it showed me that I had a talent for understanding how systems worked and for helping others learn about security.

Later, when I was working as the Regional Business Information Security Officer at a large financial institution, I was responsible for protecting the company's networks and data from cyber threats during a merger with another organization. In this role, I developed a very good understanding of the risks related to mergers and acquisitions.

My work as a consultant for various traditional industries such as insurance, banking, digital and services, made me working with a wide range of people — from CEOs, C-suite executives, and members of the board of directors to start up founders. The exposure and varied experience would later give me the unique advantage of being able to understand both business and technical perspectives and to bridge the critical communication gap with business stakeholders – a challenge that CISOs contend with on a daily basis.

Armed with an unwavering passion for cybersecurity, I set out to build a cyber-resilient ecosystem in Singapore by founding my own cybersecurity start-up with my co-founder and CTO Mikko Laaksonen in 2016.

What is it that you love most about your role?

Money aside, there must be a reason why you’re still in this profession and go to work every day. What is it that motivates you? Is it the type of projects you work on, or the people you get to interact with, etc?

My role may be ever evolving (as things usually are in a start-up), but what remains is my passion for cybersecurity and lifelong learning. No two days are ever the same. One day you might find yourself coming head-to-head with frontend coding and the next you could be meeting with potential investors. I love the variety and the challenge that comes with being my own boss, the gratification that comes from being able to bring fresh ideas into existence and see them come to fruition. It's not always easy, but it's definitely exciting. And, I wouldn't have it any other way.

I love having the opportunity to learn new things every day and then share that knowledge with my team. It's also very satisfying to see the team grow and develop their skills.

In addition, I really enjoy working with clients and helping them solve their cybersecurity challenges. Cybersecurity is such a rapidly changing field, so there's always something new to learn. I find it very rewarding to be able to help clients stay ahead of the curve and protect their businesses from cyberattacks.

Prominent Cybersecurity trends:

What are some of the trends you have seen in the market lately, and what do you think will emerge in the future?

This is a broad question. The trends can be centred around anything from regulatory, or industry changes, geopolitical, or even right down to what’s closest to you in your daily work. So for example, if you’re a cyber data scientist, you have seen automation take on a stronger role in analysis. Or if you’re in security operations, it could be around organisations now having greater emphasis in proving the efficacy of their technologies and so on so forth.

There are a few key trends in the market that I have seen lately. One is the increasing demand for cybersecurity solutions. Businesses are becoming more and more aware of the need to protect their data, and as a result, we are seeing a lot of growth in this area. Another trend is the move towards cloud-based solutions. More and more businesses are moving away from traditional software models and instead turning to the cloud for storage and processing power. This shift is largely due to the fact that cloud-based solutions are more cost-effective and easier to manage (It has its own challenges too).

Regulatory bodies in countries like the UK and Singapore have introduced a Cyber Essentials scheme to encourage a de-facto cybersecurity standard for businesses. Currently, uptake is slow as most organizations still require an external push to get certified. As the already faltering trust that consumers have in how their data is being collected, handled and processed continues to take a dive, more stringent regulation will be introduced. Certification will not be an option then. To prepare for this, organizations ought to implement basic security measures to shore up their defences against some of the most common cyber threats plaguing us.

Finally, I think we will see a lot of growth in the area of artificial intelligence in the coming years.

Females in Cyber Security

What can we do to encourage more women to join the cybersecurity sector?

This is another broad question. You can provide opinions or suggestions on what more can be done for school-going children, or mid career switches etc.

Or, if you believe enough is already being done to encourage females to join, then you can change the commentary to something along the lines of what can women do differently in cybersecurity, vs men. Or, do equally well to secure tomorrow’s digital economy.

There are a few things that could be done to encourage more women to join the cybersecurity sector.

One thing that could be done is to provide more information about the field and its opportunities. This could be done through various forms of media, such as television, radio, or print. Additionally, events and programs could be held to bring awareness to the field and inspire more women to enter it.

Another way to encourage more women to enter the cybersecurity sector is by providing support and mentorship opportunities for them. There are many successful women in the field who would be happy to share their knowledge and experiences with up-and-coming professionals.

We need to continue to celebrate the women who are already making waves in this field. It is harder for young girls to visualize a future if they have not seen anyone succeeding in it previously. On the other hand, when young girls can see and observe women rising on their own terms, it grows their ambitions. They believe it is possible, it makes them dream further.

I made it my mission to help girls dream tech by sharing widely on my lived experiences as a woman in a male-dominated field. I also created an avenue through which young women can seek career advice and share their concerns.

Additionally, networking opportunities could also help connect aspiring female cybersecurity professionals with experienced mentors in the industry.

Final thoughts

How can you debunk the myth that cybersecurity is only for men? Is there any indication this stereotyping is changing?

This segment is your round up or summary. So this segment is flexible. In other words, you can change the question for “final thoughts” to fit your own narrative.

If you’re not sure how to round up, you could either answer this template question. Or, you could provide final words of wisdom/advise to someone who is new to the profession and wishes to join.

There are a few ways to debunk the myth that cybersecurity is only for men.

First, to effectively change the narrative, we need to push forth a new one: tech is not only for geeks; it is for anyone with the passion, talent, and tenacity to succeed, and that includes women.

The stereotype is slowly but surely beginning to change as recent years have seen a surge in women taking up this important and exciting profession and these same women are increasingly making their presence and expertise known. If you are passionate, never give up. The rest will follow.

Second, you can start by pointing out that cybersecurity is not just about protecting computers and networks from attacks. It's also about protecting people - including women and children - from the harmful effects of cybercrime.

Finally, you can talk about the important role that women play in the cybersecurity field. Women make up half of the global population, so it makes sense that they should be playing a key role in defending our digital infrastructure.