The cyber “geeks” are now being crowned cyber heroes, and I want to be a part of that movement


This year’s ECSC UK team captain, Sophia McCall, is hoping for gold – and having followed her incredible journey over the past three years, we have a feeling she might just bring it home. We managed to prise Sophia away from her busy training schedule to chat about the upcoming ECSC competition, the importance of role models, and what it’s like to work in such a male-dominated industry.

First things first, tell us a bit about your story to date.

I currently study Cyber Security Management at university. My course is really varied, but mainly focuses on high-level security understanding such as risk management, governance and compliance, business continuity, etc. Everything technical I know, I’ve actually taught myself in my spare time!

I didn’t get into cyber security until about three years ago. Originally I wanted to be a programmer, but after studying software development for two years I decided that perhaps programming wasn’t for me. I knew I wanted to stay in tech, and that’s when my teacher at the time recommended cyber security. My first CTF (Capture the Flag) was about two years ago and I remember feeling pretty bad the entire day because I didn’t know how to solve anything – I could barely use Linux command line! After that, I spent months on end practicing in my own time and trying to learn technical concepts outside of lecture hours. At my first CSC competition a few months later, I qualified for both Masterclass and Team UK in one go… and the rest is history!

In my spare time I speak at conferences and panels, and I’m an ambassador for several school programmes where I speak to the younger generation about how to break into the industry and host workshops on fundamental hacking concepts. This will be my third year on Team UK at the ECSC, and I’m adamant that we will bring home the gold!

Did a particular person or event play a role in your decision to pursue a career in cyber security?

There hasn’t been a particular moment as such, but I’ve definitely met a few inspirational individuals along the way! One of the first talks I attended was delivered by Dr Jessica Barker: it was truly inspiring and definitely influenced my desire to pursue a career in cyber security. I also have my lecturers from college to thank for convincing me to pick a security degree. When I was in college, I was really unsure about what I wanted to do and which path to take, but my lecturers played a massive role in encouraging me to go to university to study security. (Thank you Gruffy, Peggy, Andy and Conrad, to name a few!)

What have you got in store to keep Team UK motivated and at the top of their game in the run up to the ECSC 2019 Finals?

I created a three month training plan to help prepare the team for the competition. In addition to this our wonderful training partners, NCC Group, as well as Immersive Labs, have provided us with invaluable resources for us to utilise – and a couple of training weekends too! I know we will be in a good place for the ECSC in October: our team skill set is incredibly varied and everyone is eager to engage with the training.

As this will be my third year competing in the competition, I’ve tried to tailor our training to focus on topics of interest from previous years. Since the Seniors from our team have all attended the competition before, I have also set up a Junior/Senior mentor system not only for technical support for the Juniors but also for all-round support to ease any worries that our younger team members may have about the competition.

We think you make a great role model for girls out there either considering taking up cyber security/STEM subjects, as well as those who haven’t even thought of it yet. What would your advice be to young girls considering cyber security?

There is a lot of stigma surrounding the security industry. There is still a societal impression of your stereotypical hacker, and this was definitely an issue for me before I joined the industry. As a woman in cyber, I think you have to challenge and break a lot of boundaries.It can sometimes feel quite isolating being the minority gender in a workplace, but I have been fortunate to work for NCC Group this year where that isolation has been mitigated and I feel comfortable and accepted.

I think my biggest piece of advice is probably just go for it! It’s a massive leap of faith, but I’m glad I chose cyber security. In a blog post, I once wrote: “So why would I want to jump into a world where information security professionals are being relied on more and more with every “The hackers are going to win!” news headline? I mean, that’s a lot of pressure. Well that’s because the cyber “geeks” are now being crowned cyber heroes, and I want to be a part of that movement.” I 100% still stick with that. Security professionals are being valued more and more everyday, and soon enough we will be the heroes of the future. As Acid Burn (Hackers 1995) once said… “Never send a boy to do a woman’s job”.

You’ve already built a strong personal brand for yourself online. How important do you think it is to create your own visibility in the cyber security industry?

This is definitely super important! The security industry is extremely connected (pardon the pun) – and creating a personal brand and networking is vital for a “newbie” to the industry.

If you could use your cyber security skills and experience to do anything, what would it be?

I’d love to be a CISO! I absolutely love being technical, but equally I really enjoy the more “business” side of cyber, such as policy development, risk management, etc. A big part of my personality is that I enjoy helping people; it’s one of the reasons I chose to go into security. I also really enjoy being challenged in the workplace and pushing my skills to the limits, so I think a CISO role would be ideal!

And what can we expect to see next from Sophia McCall?

Now that my placement year has ended, the bottom line is that I’m hoping for a successful career in cyber security! I’ve tried to work hard over the past few years to build a stable career in the subject I love, so it’s slightly daunting that in less than a year I’ll be ready for the big wide world!

It’ll be really weird going back to university as my routine will completely change – but completing a placement year has unlocked a drive to complete my studies to the highest standard I can. I’m hoping that in the next year I’ll also be more engaged with conferences and will definitely try to do more calls for papers, etc. By leading Team UK I also hope it will help with my personal brand and hone my leadership and team management skills – which will no doubt be great skills to have when I enter the industry professionally next year. I can’t wait for what the future will bring!

We also quickly caught up with Colin Gillingham, Director of Professional Services at NCC Group, about the company’s commitment to gender diversity and their partnership with the Cyber Security Challenge.

Colin, why is it that NCC Group support the Cyber Security Challenge and what is it about their work that matches NCC Group’s mission?

Our long-standing training partnerships with both the Cyber Security Challenge and initiatives such as the NCSC CyberFirst Girls competition are part of our goal to increase gender diversity in cyber security. Our mission is to make society safer and more secure, but this will only be achieved when the industry is as diverse and representative as the society that we are working to protect.


Sophia has just completed a placement year at NCC Group, do you have any parting words for our team captain?

We’re delighted to have supported Sophia as she blazes a trail for the female cyber professionals of the future. We look forward to following her progress as team UK’s captain at ECSC 2019 and we hope that her passion for the industry encourages even more females to take part next year and to consider a career in cyber.