Image Source: The Symes Report - Leadership of our times. (2019) Issue 5.
Privasec's GRC Consultant Vivienne Mutembwa was featured in Symes Group's Leadership of our time Report 2019 - Women in Leadership. Read more here:
1) Can you describe your role/work and where and what you studied?
I am a Consultant in the field of Cyber Security, Governance, Risk and Compliance. I assist public and private organisations in achieving their business or service delivery and technical security objectives.
My work includes conducting cyber security health reviews and risk assessments, developing organisations’ security policies and procedures as well as assisting entities to comply with information security legal and regulatory requirements.
The ultimate aim is to provide guidance and recommendations to support the information security decisions of business leaders. This is in addition to enabling organisations to intentionally embed security into operational efficiencies and modernisation or transformation.
I studied at the University of Cape Town in South Africa and hold a Bachelor of Commerce with majors in Economics and a Bachelor of Commerce Honours in Financial Analysis and Portfolio Management.
2) Why is Cyber Security so important? And specifically, why is it important to you?
Cyber security has become a core component of the modern global society. There is a phrase ‘If you're not online, you don't exist’, and it’s hard to disagree with this when we are in the era where we have digitised or digitalised the way we live, learn, work and play. The opportunities are endless. However, not everyone has good intentions or integrity and you only need to read the daily mainstream news to understand what I mean. There are risks associated with participating in the digital economy and therefore when organisation prioritise cyber security, they are acknowledging the existence of these risks and seeking to manage them.
Cyber security is important to me because I believe the digital economy has provided social inclusion in terms of access to financial services, healthcare, education and community development initiatives. When an organisation has a cyber security related challenge, of course there is the macro impact but there is also the micro impact because these are real people affected and therefore it becomes personal.
When people are equipped with the knowledge, understanding and resources they become in the context of an organisation, the strongest security asset. As individuals they can also better protect themselves.
3) What trends are you seeing in Cyber Security at the moment?
I would say the trends are closely related. Security leadership within the C-suite globally has emerged and I believe this is in response to specific cyber risk and the need to take responsibility and address it at the executive level. There is also an increase in legal and regulatory requirements concerning personally identifiable information, financial and medical data. These laws and regulations are in response to the surge in cyberattacks and cyber fraud and the need to ensure organisations are held accountable. In addition, there is also a rise in the exploration of and participation in cyberwarfare which usually has a significant impact beyond the target. We also have the widespread use of the Internet of Things where everything is connected via the internet included watches, baby monitors, domestic appliances, pacemakers and even the electricity grid. This means almost every aspect of our lives is exposed to the internet and the attack surface or opportunities for hackers is continuously growing.
4) What should organisations be thinking about when it comes to Cyber Security?
Organisations should be investing in their strongest security assets which is their people and customers. As I mentioned before, when individuals are equipped with the knowledge, understanding, motivation and resources they become in the context of an organisation the strongest security asset. The focus should be about embedding a security culture that sticks. This requires support and influence for programs from the top of the organisation. Investment in security awareness should not only inform users about the policies and standards of the entity but also take it a step further and bring the greatest value, which is influencing decision making and providing the motivation for secure behaviour. This should be a focused and intentional exercise that evolves according to the threat landscape. The investment in people ultimately forms a key pillar in an organisation’s cyber resilience.
5) Why is female representation in this industry important? And what can be done to increase it?
I think that sometimes we can be naive to the fact that women’s liberties are still relatively new in our societies. There is plenty of work to be done to change some mindsets of both men and women. For decades women were confined to certain roles in societies and moulded into stereotype thinking. We need to make the apparent liberties that exist into actual realities in our societies and in our industry.
Having women in the industry is good for business because diversity in perspectives, leadership, and experience does payoff. During WWII women had to take on the jobs that were traditionally reserved for men. Campaigns such as ‘Rosie the Riveter’, the wartime personification of a strong female, were introduced. Today we find ourselves in a different kind of warfare and therefore we need to implement the same strategies and encourage more women into the industry.
There are various initiatives run by organisations and individuals, that encourage the participation of women in the industry and provide support for those who are passionate and willing to invest the time and work. Knowledge is power and therefore it comes down to sharing and increasing the awareness of these initiatives.
At the same time, I also think it’s not only about women. It’s about the fact that we need to reflect our society in general in the industry in order to better serve the cause. Imbalance comes results from focusing on one thing and not understand how the bigger picture works. Hackers do not all have the same backgrounds, but they do have the same intention, to be malicious. If we apply the same principle to those working in the industry, then we should also be from disparate backgrounds and only need to share the same intention. In this way we have a higher chance of winning.
6) Is there anything else you would like to talk about or share with our readers?
There are a few things that come to mind from my cyber security career journey so far and they are:
- It’s important to have the support of friends and family but remember to also value your professional relationships – the most valuable thing someone can give you is their time.
- Keep learning – the depth and breadth of this industry is astounding! Be open-minded during the learning process.
- Know your value – this is not only about knowing what you bring to the table but also your potential because a lot of times people, and I believe women in particular think “ I don’t have this therefore, I can’t do that” but the reality is you also need to think of your potential and then be determined to work towards fulfilling it! It’s sometimes about the mindset.
- Put up your hand – volunteer and be prepared for that opportunity. Calculated risks are worth it because you get to own them, and you are more likely to be in it to win it!
- Pay it forward – this is your industry. You can be a part of shaping its future.
- Always remember where you came from – this allows you to have humility and stay grounded. Humility is not about viewing yourself as valueless, it’s about remembering to see and acknowledge other people.
- You will never truly enjoy success until you have tasted failure and remember the measure of success is not always universal.