When I was younger, I hadn’t a clue you could invest in a career in cyber security – and now, to have the power to change that for the next generation, well that feels quite powerful.

Sophia McCall recently scooped the SC Magazine award for Cyber Security Student of the Year 2020 – and that felt like the perfect time to catch up with the ECSC 2019 Team Leader and all round Cyber Security Challenge UK superstar to get her perspective on pursuing a career in cyber security, and find out a bit more about her fundamentals to becoming successful young woman in the industry.

Welcome back, Sophia! Congratulations on collecting the SC Award for Cyber Security Student of the Year 2020 – what an outstanding achievement and well-deserved accolade.

Thank you so much! I’m truly humbled to win this award, and it’s the perfect ending to my  undergraduate studies. I was thrilled to win Student of the Year, the award ceremony was also  unique and definitely one to remember, with COVID-19 everything was virtual – but nonetheless incredible!

We think you make a great role model for girls pursuing STEAM subjects. What would your advice be for girls considering cyber security?

I think my biggest piece of advice is probably just go for it! There is still a societal impression of your stereotypical hacker, and while this was definitely an issue for me before I joined the industry, I’m glad I chose cyber security.

In a blog post, I once wrote: “So why would I want to jump into a world where information security professionals are being relied on more and more with every “The hackers are going to win!” news headline? I mean, that’s a lot of pressure. Well that’s because the cyber “geeks” are now being crowned cyber heroes, and I want to be a part of that movement.” I 100% still stick with that. Security professionals are being valued more and more everyday, and soon enough we will be the heroes of the future.

As a woman in cyber, I think you have to challenge and break a lot of boundaries. It can sometimes feel quite isolating being the minority gender, but I have been fortunate to work for the NCC Group during my university placement year (and will return there to start my graduate position in September) where I feel comfortable and accepted.

The truth is, the industry needs much more of the female perspective. As Acid Burn (Hackers 1995) once said… “Never send a boy to do a woman’s job”.

And you’ve talked to us previously about your involvement in school programmes as an advocate for cyber security and advice on breaking into the industry. Were you always inspired to pursue a higher education path in cyber security?

I didn’t get into cyber security until about four years ago. Originally I wanted to be a programmer, but after studying software development for two years I decided that perhaps programming wasn’t for me. I knew I wanted to stay in tech, and that’s when my teacher at the time recommended cyber security. My first CTF (Capture the Flag) was about three years ago and I remember feeling pretty bad the entire day because I didn’t know how to solve anything – I could barely use Linux command line! After that, I spent months on end practicing in my own time and trying to learn technical concepts outside of lecture hours.

At my first Cyber Security Challenge UK competition a few months later, I qualified for both Masterclass and Team UK in one go… and the rest is history!

I have recently finished my degree from Bournemouth University in BSc Cyber Security Management. My course was really varied, but mainly focused on high-level security understanding such as risk management, governance and compliance, business continuity.

You’ve already built a strong personal brand for yourself online. How important do you think it is to invest time in becoming a visible figure in the cyber security industry?

This is definitely super important! The security industry is extremely connected (pardon the pun) – and creating a personal brand and networking is vital for a “newbie” to the industry.

When I was brand new to the industry, I often looked up to women in security that had strong personal brands and that were active in the community. Because of this, it’s something I aspired to do and “mirror” in a way – I could see the importance in engaging with the community as well as professional bodies, and utilising these connections has definitely helped me become the budding security professional I am today. In addition to building a supportive network, I also take every opportunity to engage with younger generations and audiences. When I was younger, I hadn’t a clue you could invest in a career in cyber security – and now, to have the power to change that for the next generation, well that feels quite powerful.

I’ve participated in Cyber Security Challenge UK’s school programmes to help inspire young people to consider a career in security, and in my placement year I also supported the NCSC with their Cyber Schools Hub programme.

If you could use your cyber security skills and experience to do anything, what would it be?

I can definitely see myself becoming a Chief Information Security Officer (CISO). I absolutely love being technical, but equally I really enjoy the more commercial side of cyber security, such as policy development and risk management. Helping others is a huge part of my personality; it’s one of the reasons I chose to pursue this path. And I love a challenge where I have the chance to push myself beyond my comfort zone and skill set, because for me that’s the best way to learn and improve.

And what can we expect to see next from Sophia McCall?

My immediate focus will be starting my role as a Junior Security Consultant at NCC Group in September, and getting my career off to the best possible start. Alongside this I hope to complete a few industry certifications to support my professional skill set, and I’ll continue to work on the Security Queens brand with my good friends, Sarah and Morgan.

As three women in cyber security, Sarah, Morgan and I saw an opportunity to create a platform that would help fellow “n00bs” like us feel supported and welcomed into the industry. We’ve all experienced the feeling of isolation that comes with the gender imbalance in security, and were keen to do our bit to prevent anyone else feeling put off by the perceived lack of diversity. The mission behind Security Queens is to help encourage a more inclusive cyber security industry, and this is just the start. Right now, we’re focused on the blog – but keep an eye out as we hope to break into the conference circuit in 2021 and beyond.