Things seem to be moving in the right direction, but I feel like more outreach is needed. It’s important to have role models and see women succeeding in cyber security.

In an industry where technologies and strategies evolve week to week, building tech skills and soft skills early on can make all the difference. Cyber Security Challenge alumna Izzy Whistlecroft believes that the more industry exposure and technical experience young women receive, the more likely they are to have the confidence and skills they’ll need to work in a sector like cyber. Izzy has just completed her first year working at NCC Group and attributes her success to cyber challenges like the European Cyber Security Challenge (ECSC).

Read the rest of our interview with Izzy below.

What (or who!) first got you into cyber security?

My first experience of cyber security was a course I took as part of my undergraduate degree. Following on from this, I decided to pursue a security-related internship, then went on to do a Cyber Security MSc. During the time I spent at university, I got involved in a number of CTFs and other events, including those run by the Cyber Security Challenge. Competing in The European Cyber Security Challenge as part of Team UK and having the opportunity to network with a wide range of people within the industry led to an interview at NCC Group – which is where I’m currently working!

Tell us a bit more about the events you took part of – what did you learn, what did you love and why do you think they’re important for young people?

I learned a huge amount taking part in cyber security challenges – both soft and technical skills. They’re a fantastic way of exploring the industry and learning key skills you can take with you to university and into work environments. I recently used some of the knowledge I’d gained from one of the scenarios in a Cyber Security Challenge event when dealing with an issue for a client.

A particular event highlight was the fake court trial at the BT Masterclass, which involved being an expert witness and being grilled by a panel of real barristers (who were thankfully being nice!). I also loved the Barclays, Bank of England, and NCC Group events, which involved diagnosing and remediating issues within various networks.

When did you start working at NCC Group? How are you finding the role?

I started at NCC Group just over a year ago and I love it. I spent six months in the graduate program which involved learning all the skills required to be a consultant. Since then I’ve been working as a Security Consultant for various clients in a number of different locations. Although travelling can be unpredictable and tiring (early mornings in surprising locations!), the work is extremely diverse and offers loads of opportunities for growth.

What is it you love about the cyber security industry?

I like that the industry is constantly changing and no two days in my job are the same. I’m often challenged to think outside the box when I’m on client engagements – especially when I see technology I’ve never encountered before. I regularly meet great people from the industry and I feel like I have a lot of friends and support within the sector. This cyber security industry is an incredible place to learn new things, see new places and meet new people!

How do you find being a woman in cyber security? Have you encountered any challenges?

Whilst there aren’t many female consultants in general, it’s fair to say that the number is increasing. There has been the rare occasion where I’ve felt patronised by people but all this has done is increase my determination to succeed and prove them wrong, and they’re greatly outnumbered by really supportive friends and colleagues!

What do you think we can do to encourage more girls to study STEM subjects and choose careers in tech? Do competitions like CyberCenturion and the Masterclasses help?

Things seem to be moving in the right direction, but I feel like more outreach is needed. It’s important to have role models and see women succeeding in cyber security. Events and competitions are also important – I definitely benefited from Cyber Security Challenge events such as the Masterclass as they increased my confidence and made me feel welcomed by the industry. The events also introduced me to a diverse range of employers whom I hadn’t considered previously and expanded my employability.

What three pieces of advice would you give to other young women thinking about pursuing a career in cyber security?

  1. Just go for it! Don’t be afraid to apply for the companies you would like to work for and don’t let yourself be put off. Don’t let anyone say you can’t do it. I have colleagues who have come to security from a really wide range of backgrounds – it can be a huge advantage to think about issues and problems differently when you’re trying to hack things! But also don’t forget to pace yourself – security has a huge learning curve when starting out and it’s easy to feel disheartened and overwhelmed, so don’t be afraid to reach out for advice or help.
  2. Make use of the resources available – there are plenty of learning materials available online which can help young people gain additional skills.
  3. Try to get involved with the community if you can – there are loads of great conferences, including the free BSides conferences. Some areas have local Def Con Groups and events like the ones run by Cyber Security Challenge are all great for building a network.