As Cybersecurity month continues, we turn to some women who are making their mark on the industry. Irish cybersecurity expert Jan O’Carroll is one of many females who has dived head-first into the cybersecurity world. Jan is one of the most experienced women in the industry, having worked as CTTF Ambassador ICTTF (International Cyber Threat Task Force) being a member of ENISA and ad hoc Working Group Cybersecurity Market (AHWG CM) Cyber Women Ireland and The National Cyber Awareness Task Force. She is also founder of the Fortify Institute, an organisation in Ireland that focuses on providing cybersecurity and information courses for professionals.
According to Wearetechwomen.com, women make up about 24 percent of the cybersecurity workforce. In addition to this, recent statistics reveal only ten percent of information security professionals in the US are women, with fewer than one percent holding executive positions within organisations. That in mind, we spoke to Jan about how she has built her successful cyber career, the biggest threats we can expect in 2024 and the many ways that companies can become more cyber aware.
How did you first get involved in cybersecurity?
I’ve always worked in tech. When I left school, I worked as an electrician. Then, I went to college to study electronics and worked in computer services. I took a break to start my family, and when I returned to the workplace, I went into teaching technology to adults. One day, we were discussing what job we would have done if we had our time again, and I was asked what I would do. I didn’t hesitate; I said I would like to work in cybersecurity. It was a lightbulb moment for me, and by the end of that week, I had enrolled in a Master’s in Applied Cybersecurity. One year later, I left teaching to work in cybersecurity full-time.
What is it that attracts you to working in the industry?
What attracts me to the industry is that it’s constantly evolving, and you can never get bored, as there are so many different roles and areas to gain expertise. It also helps that it’s a well-paid and respected occupation with plenty of opportunity. I love being part of the cybersecurity community as it’s a wonderfully supportive environment. I am involved in groups such as WiCyS (Women in Cybersecurity) and the National Cyber Awareness Task Force, which creates resources to support people who are victims of tech-facilitated abuse such as cyberstalking.
In your opinion, what are the biggest cybersecurity challenges companies face?
I think the biggest challenge facing companies is the relentless onslaught of cyber threats such as malware and ransomware. Organisations need to know the attacks are persistent, so they should prepare for the ‘when’ they get attacked, not ‘if’ they get attacked. At the very least, organisations should implement MFA, have a patching and backup strategy, train their staff in cyber awareness and have a cyber incident plan for when attacks happen. This will ensure they survive and recover from an attack and minimise further damage. The ongoing struggle to find and retain cybersecurity talent exacerbates these challenges and can often leave businesses vulnerable to increasingly sophisticated attacks.
What advice would you give to someone looking to develop a career in such a space?
Most of the people I encounter are career changers. The challenge they have is to laterally move into cyber without reducing their income. I advise them to get the support of their current employer and move into a cyber role. If this is not possible, I advise jobseekers to network, network, network. Get involved with the cybersecurity and infosec community. I advise those starting out to attend conferences, be active on social media, and participate in Capture the Flag (CTF) events. They can also join local chapters of industry groups and gain some sought-after certifications. I think it’s important to show a passion for the field and constantly add to your skills.
Can you tell us a bit about the Fortify Institute? What is it exactly, and how did you go about setting it up?
I was part of the ‘great resignation’ during lockdown. I didn’t think I’d miss teaching, but I did. You can actually see the huge skills gap in cybersecurity. So, I combined my two passions of education and cybersecurity to start my own company, the Fortify Institute. At Fortify Institute, we create a range of courses which we deliver live online. Topics include cybersecurity, Information Security, Cloud Security, Ethical Hacking, Cyber Awareness, Returner Programs, etc. All courses are student-focused and engaging. We also partner with industry certification bodies such as CompTIA, EC-Council, CSA & PECB. I am so lucky to do what I love and champion causes close to my heart, such as supporting more women and other underrepresented groups in the industry.
What are the pros and cons (if any!) of working in cybersecurity?
The pros of cybersecurity are that it is so dynamic and you have to stay up to date and constantly learning, which I love. The cons would be…the threat of burnout as the workload is such that those in the industry are often overworked and stressed. I think it’s so important to maintain a work-life balance.
If you had three pieces of advice for your younger self, what would they be?
Advice for my younger self would be to remember that life is a journey, not a destination.
I have always worked in male-dominated spaces at a time when sexism was rife and vocal. I would tell myself that I have as much right to be there as anyone and that I wasn’t taking ‘a man’s job’.
What do you believe are the biggest cybersecurity threats we will face in 2024?
Some of the largest would be AI-enhanced attacks. I expect AI-driven cyberattacks to become more sophisticated, targeting vulnerabilities with speed and precision. Also, supply chain vulnerabilities could prove a huge threat. I think supply chain attacks could continue to rise as attackers exploit weaknesses in interconnected ecosystems. Finally, I think humans are a threat, and I believe cyber awareness among staff is critical to ensuring the strength of the first line of defence.
In your opinion, how can companies become more cyberaware?
I think companies need to create a security culture in organisations so that they are embedded every day. Businesses must ensure that everyone knows the threats and tactics used by attackers and understands their responsibility and part to play in preventing attacks. Organizations need to create cyber-aware citizens rather than cyber-aware workers, as there is a huge overlap in our professional and personal lives. I find we are all more invested if we know that cyber awareness will benefit ourselves, our families and our communities.
And finally, what’s next for you?
I plan to grow my business further, increasing the course offerings at Fortify Institute. I’ll also continue to be active in the cybersecurity and business communities while championing the causes close to my heart. I will continue to prioritise work-life balance, staying healthy through running and playing on a women’s Gaelic football team, which we’re proud to sponsor! Additionally, I’m proud to support Team Ireland as they participate in the European Cyber Security Challenge in Norway this October.