-->
Produced by - Lucy Kippist
Edited by - Morgan Sebastian-Brown
Interviewers - Carrie Kwan and Lucy Kippist
Guest - Ailie Houlihan
Loved this episode of Mumbition The Podcast? Find out more from our special guest.
From Care to Cyber
Ailie Houlihan (00:01):
People are the first line of defence against cyber threats. Yet we often see this industry and the role of cyber security as a realm of ones and zeros. It's not... People are what have drawn me into this industry. By protecting our community through cyber security, we protect people, livelihoods, privacy, and like my past life as a nurse, I derive great joy and honour in getting to be a part of that. As a cyber security professional, day in, day out, I work with organisations of all sizes to increase security posture and help them to ensure their cyber associated environments are secure.
Lucy Kippist (01:26):
So there was an article in the Australian Financial Review not long-ago that profiled the four most prominent women. Cyber security roles in big corporations in Australia, and one of them, Lynwen Connick and she's the ANZ Head of Cyber Security, was quoted saying, People sometimes think it must be stressful or difficult or they have to be very specialised or have a particular mindset to work in security and actually it's great fun and really enjoyable." That was certainly what came across in our chat with Ailie Houlihan and her experiences in this space on Mumbition this week. Carrie.
Carrie Kwan (02:03):
Totally agree Lucy and I'm a huge advocate for women in these roles, in these types of sectors, whether it's in corporate or their own business for the added insights that they bring. And perhaps from an alternative emotional intelligence perspective, as we know from all of our chats with Mumbition guests, women really do bring a unique approach to risk management and it's actually something that they're really good at. Even when you think about motherhood, we are weighing up decisions. We've got our radar on for risk all the time.
(02:40):
So we're so excited to get stuck into this conversation. And we started by asking Ailie, who is one of the CyberCX cohort, what led to her career change from nursing into the cyber security industry.
Lucy Kippist (02:55):
So Ailie, your story is a little bit different to some others that we've shared on Mumbition so far because you've not started a business but you've set out on a bit of a career change and you're diving into a brand-new chapter of learning. So, can we kick off by you sharing a little bit about CyberCX and what drew you to the idea of the cohort and the learning experience?
Ailie Houlihan (03:20):
Absolutely. Before I joined CyberCX and for a number of years I was actually a registered nurse, so I'd studied, and I worked and specialised in acritical field in nursing. So, I was in anaesthetics whereby I worked in theatres with people who are in very stressful situations a lot of the time or needing large amount of support and technical in its own right, obviously medically technical, but a very critical area of work. And after having children, welcoming my second especially, what I was seeking to find in trying to transition away from nursing is a better work-life balance, but something that still challenged me and that I was able to utilise the skills that I had honed in my career in nursing. So I worked with people every day. I enacted change in individual's lives. I was able to be a really concentrated part of helping people.
(04:27):
And so, in looking for another career path or a new industry, what was out there, those were things that I really wanted to find as well. I was fortunate because my husband works in the cybersecurity industry already, and so I was privy to the industry as a whole. He works in a very separate kind of area that I do now, but it was getting to see his work-life balance, especially as we came into Covid and going, "Whoa, I like the look of that. That looks fantastic."
(05:10):
But also, he was so passionate about what he was doing, I could see that he had so much joy and that he was also able to help people. And so, it was through this that I dove into exploring cybersecurity and what I might be able to bring to this industry, where I would be able to utilise my skills and what really it could bring to my life as well. And because of that and understanding the industry through a secondary lens, my understanding was that it's quite hard to get in, especially in entry-level type roles. A lot of roles require five years minimum experience. And so, I launched into study and just thought I just need to start building up experience and some background behind me.
(06:07):
Obviously coming through a nursing career, all of that is tertiary study. So that's where I went to look. As I was really in the first semester of my master's degree, I was doing some research around what other experiences or internships and bits of learning that I can add to my formal studies that will help me get my foot in the door. And it was almost perfect happenstance that I came across the advertisement for CyberCx, this we will train you on the job entry level positions. You don't need to have had experience in the past and apply. And I remember looking at the advertisement and thinking, this is too good to be true.
(07:00):
This is like they're asking for all of these skills, these soft skills, these things that I have from a life experience that I can bring to the table. And so I absolutely threw my hat in the ring having already in some ways been aware of CyberCx, I knew of it within the industry. I was just so excited when I then got an interview and then a position to get to launch into this new world.
(07:32):
And where I was able to enter into the industry and really was given this incredible opportunity was within the CyberCx Academy. So launching when I first started, so I was a member of the very first cohort of the academy. We're now just welcome our fifth cohort of the academy. And CyberCx stood up this option to have entry-level individuals from a range of backgrounds come in, bring their life experience and skills, be matched to roles and learning within cybersecurity and give this foundation fundamentals training from the ground up.
(08:20):
And so what happened with that was throughout in initial phases, we went through a training programme which then split off from this foundation cybersecurity centric training to more practise specific training where we were able to hone skills specific to either the technical or non-technical realms that we entered into. And from there we went straight onto on the job working on the tools per se, being able to enact change and work with our clients from data. And what's been so incredible, especially with the academy programme itself, is that you're supported from the start. So there is many, many people who have come in with no previous experience. I was fortunate that I had already been studying a master's in cybersecurity. I'd been aware of the industry and exposed to it in different ways. And so some of the things weren't full surprise for me, but there was definitely areas that I'd not come across before and we were just supported through the entire training phase to then be ready for on the job work.
Lucy Kippist (09:46):
Sounds great. You mentioned before that you've got two children as well as doing this, and I know we often ask our guests here on the podcast what they've had to stop doing in order to get to where they are. So what are some of the things that you had to stop doing in order to transition into this part of your career?
Ailie Houlihan (10:06):
And it's a really interesting question and it gave me food for thought to take a moment to reflect, especially on the last two years. So I've worked with CyberCX for 18 months now. So I've been in the industry for a little while now and I've been very fortunate not to have to sacrifice very much, but what I did have to sacrifice in my nursing career was far, far greater. The time, the weekends, on-call, long shifts, high stress, mental health, all of those things.
(10:45):
And for me, walking away from that was really hard because it is something that I had connected my identity to. But coming into this new industry where I still work long days, I still have some stress and things like that, but I get to have this new work-life balance I feel that I've only gained in coming into cybersecurity. I mostly have my weekends back now. The biggest sacrifice has been having to couple my university studies with full-time work. And so I guess the time balance is where my biggest sacrifice is occurring at the moment.
Carrie Kwan (11:31):
So Ailie, a big portion of our listeners here, they are small businessowners and typically don't have large teams behind them and certainly probably don't have the luxury of a IT department, and yet a lot of their businesses are actually enacted online. So they might have a presence on social media or the might have e-commerce sales. I'm wondering if you could shed a bit of light, and I know one of the answers already in terms of the programme that you've just mentioned, but for a small business owner, how should we be approaching cybersecurity and what are perhaps some simple things that we can do to build knowledge in this important space?
Ailie Houlihan (12:18):
So there's some really key simple practical things that can be built into business processes that will increase your cybersecurity profile. So, a few key simple ones are implementing multifactor authentication. So I know that a lot of, especially small businesses may only be ran from a single computer and maybe a mobile phone. Multifactor authentication where you can, can be switched-on, whether it be Facebook, Instagram, or some very commonly used platforms under your own control.
(13:00):
So where you can, implementing this added barrier, this added layer of security to your processes to help secure your own data is absolutely a very practical thing to do. A great story I have, recently a friend reached out and said, "I keep getting emails asking me to confirm to get into this account." And I said, "That is somebody who has your credentials and this is multifactor authentication, working in real time blocking somebody fromactually getting through. So you need to go in, you need to change your password and you need to do these other options."
(13:41):
And if they did not have that extra layer of security in place, whoever had those credentials would've been able to get in immediately. So adding an extra layer of defence, very, very important. Utilisation of password managers is also a really easy implementable option for any business and foray individual, in fact. There's some really great password vaults available to you and I can share some links for your listeners to be able to follow both the multifactor authentication steps, some really great options for password management.
(14:25):
And this is a tool where it will securely store your long and complex passwords that you have for all of the different required platforms that you might use. So utilising different passwords, utilising long and complex passwords can get very tricky and you don't want to be writing them down and you don't want to be using the same ones all the time. So employing a password management system where you only require one password to go in, everything is maintained securely encrypted, and it will deal with entering in the passwords into where you need to go and you won't need to remember all of the different complex passwords that you use.
(15:11):
Another really easy and implementable option is making sure that you have antivirus and anti-malware software installed on your computers, that you are regularly scanning and that you are regularly updating any firmware software requirements that your system's requesting. So every time that pesky little notification comes up, there's new updates available for your device, do them. They are patching vulnerabilities that the service provider have noticed and have come up with a fix for. And so making sure that you're on top of doing those is really, really important.
(15:55):
So another way that businesses can protect themselves online is being really aware of what it is that they're posting and the data and the information that's included in that posting. Something that we see threat actors do is utilise a term called social engineering, where they get information often that they can find openly online and utilise that to create an attack called a phishing attack. This can be very specified to you, utilising knowledge that they've found about you online. And sometimes that can be, especially from a business perspective, things that you've utilised in your advertising.
(16:46):
An example that I have is somebody had posted images to their business profile, which could quite clearly see their location behind them. They then started to receive these phishing emails which created urgency, utilising this information of their location to click on a link to be able to respond to a request. That link included ransomware and locked down their business. A key takeaway is being aware of the extra information that's incorporated in advertising or especially in small businesses. Sometimes we will take images in our homes of the products, but that extra information can be utilised against you and it's a key thing that we should be aware of when posting online.
Carrie Kwan (17:47):
There's some amazing tips there. And I hope that everyone's been taking a few notes because they are really simple things that can make a big difference to protecting our businesses online. Now, let's take it from your point of view in terms of what you're learning at CyberCX at the moment. You're in the world of, it literally has the word risk to it, it's a cyber risk. How has that changed your perspective on the concept of risk and then also thinking that you have maybe put in some place, some processes to protect yourself in that new context of risk?
Ailie Houlihan (18:25):
Well, cyber security at its core is about risk management. And so what we do to understand and explain how to mitigate it is the same and very similar to what I was doing in nursing. We look for vulnerabilities, we understand what the issue is and we figure out and explain how we're going to reduce that risk. And by no means am I a hacker in a hoodie. I'm sure, as you can see, I couldn't hack my way out of a wet paper bag if I tried to, I would give it a go and I could definitely leverage some skills, but it's a common misconception in cybersecurity and realistically people are our greatest defence, but it's also where our greatest risk lies. So this has been a really core, I guess, conceptual shift for me that ultimately it's not about the ones and the zeros, it's about how people interact with cyber security and with environments especially online.
(19:40):
And so a large part of what we do, and especially at CyberCx with our clients, is understand their risk appetite, so what exactly they're willing to accept, what is absolutely unacceptable in terms of risk online and what are the reasonable steps we can take to mitigating and reducing that risk. So what may be a useful example is for me and my husband, we are willing to share photos of our children on our personal social medias online. We do this because we understand that we have got those particular platforms locked down.
(20:36):
We know exactly who's on them and we are sharing them with our close personal community. I wouldn't, however, share those kinds of things on public platforms. For example, LinkedIn, where I'm not always a hundred percent sure who may be able to see what I post and share and therefore I am understanding what I'm happy to accept as a risk because on my personal social medias, I'm able to control who sees what, but I won't accept the risk of sharing that kind of data on more public platforms.
Carrie Kwan (21:19):
Yeah, fascinating insights there, especially when we know that sometimes the lines get blurred between your business identity and your family identity and just a great reminder that we do actually have a lot within our control, those settings that may seem like a bit of a... It's like privacy terms and conditions. I have people who love reading everything in a privacy terms and conditions document, and I have people who don't even, they're like, "Where do I click accept?" They haven't even glanced over it. Great points there. Now, at Mums & Co we talk about harmony as this triangle of ambition, livelihood, and wellbeing. We have all these parts which are really part of our identity, important parts, and we always try to make them harmonise with each other. Could you describe the shape of a good life for you?
Ailie Houlihan (22:16):
Absolutely, and I think I've touched on it earlier, but really in pursuing a career change, it was all about finding that work-life balance for me. But for me, a part of that work-life balance was feeling fulfilled and challenged and having the opportunity to be ambitious in my career. And so I think that the ambition to be able to grow a career, to be able to be successful in a career and feel that, be acknowledged for it, be able to comparatively feel growth within my own personal life, I think that's really what shaped a good life for me. Having the ability to feel fulfilled at work, to be able to see where my ambition can take me and to understand that the career opportunities that are available to me now are just boundless.
Lucy Kippist (23:20):
Finally, we just wanted to ask you... Anyone listening today who's been inspired by your story and keen to delve a little bit more into CyberCX themselves. What are you guys promoting right now that might be of interest to the women in our community?
Ailie Houlihan (23:36):
Absolutely. So with the academy, we've just welcomed cohort five. They've started in the past couple of weeks, but cohort six for the academy at CyberCX. Applications open on the 4th of December this year, and we'll close on the 9th of January for participants to commence on the twenty-fifth of March. So this such a great opportunity. We recently, cohort four actually was a all-women's cohort, so we welcomed women from all plethora of backgrounds and really it has brought such a wealth of knowledge and background experience to our practises across our entire company actually. But CyberCX really is walking the walk in terms of supporting women in entering cybersecurity. We have some huge statistics requiring the cybersecurity workforce to grow in the coming years and women in cybersecurity is just going to be key to that. So the next academy cohort opening soon for anybody who's interested, please feel free to reach out and we can absolutely have a chat.
Lucy Kippist (25:03):
Great. Sounds fantastic. Now last question is in the spirit of women supporting women who are the Mumbitious, that's a Mums & Co term for mothers who are unapologetically blending their ambition and their motherhood that you'd like to say hello to?
Ailie Houlihan (25:19):
First and foremost, Annalise McDowall. She's an executive director within the strategy and consulting practise and industry lead at CyberCX. She's a mother of two and an inspirational leader and mentor. She's a support, a champion of the women and the mothers, but our practise as a whole to grow and learn and has been instrumental in the support of both myself but the Greater Academy associates who have joined the practise. Another would be Rosemary Driscoll. She's the executive director of the academy at CyberCX.
(26:08):
She has been driving this training programme from Day Dot, building it from Scratch. I've been fortunate as a member of the very first cohort for the Academy to have watched it progress and grow. It's learnt from mistakes and just worked through to be an incredible programme that it is now, and she has really supported every single one of us. We've welcomed 200 associates to CyberCX through the academy programme and she connects with all of us and really she has been a phenomenal support, also a mother of one and juggling allthe things.
(26:58):
The other shout out that I really want to make is to the other mothers who have joined both myself in cohort one and future cohorts that have come through that have been those comrades that we've worked together. We've understood the struggles. We are learning new content. We are every day facing sometimes what feels like a fire hose of new information. And having those comrades to be able to understand the struggles, understand the juggle have been just an incredible support.
Lucy Kippist (27:36):
Thank you for joining us on Mumbition today. And if you'd like to find out more about CyberCX, you can connect with Ash Warburm on our Mums & Comembership directory or head to cybercx.com.au. We hope today's story has inspired you and we'd love to help support your business. At Mums & Co. We help women in business grow. Our four tiers of membership, provide strategic advice, access to deep networks and opportunities to be more visible. Head over to mumsandco.com.au for more details or book a one-to-one member chat today. And if you've enjoyed this podcast, please make sure to like and review. It helps other women in business find us so we can help support their business journey too.
Harry (28:22):
What's your best tip about cyber safety?
Ailie Houlihan (28:26):
Talking about cyber security and safety online is such an important conversation to have. I know for me, my children understand how to use a tablet device almost by osmosis. I haven't had to sit down and teach them where to go to find things, they seemingly just know how to do it. But further to that, we need to have conversations about being safe, not clicking on things that the don't understand, not clicking into applications or when a message pops up, understanding that there needs to be boundaries and limits.
(29:05):
And when something does pop up that doesn't make sense, instead of following and clicking that particular link or whatever it may be, to bring it up, to talk to mum and dad, to talk to caregivers or whoever's nearby an adult, to understand what's happening and ensure that the safety and the security, both of the device, but of the family is going to be maintained through being open and communicating about it.
Carrie Kwan (29:37):
We hope you've enjoyed this episode of Mumbition The Podcast by Mums& Co. Head over to the show notes now for anything you might have missed. Mums & Co is Australia's most caring business network for women. To find out more about our Mums & Co membership visit mumsandco.com.au. This podcast was produced by Lucy Kippist and edited by the wonderful Morgan Sebastian-Brown of Browntree Productions and Co-hosted by Carrie Kwan, co-founder of Mums & Co. And Lucy Kippist, our community manager. We'd love your feedback, so please rate, review and share Mumbition so that we can reach more business owning mothers and their co just like you.
Lucy Kippist (30:18):
And if you'd like to be considered as a guest for next season ofMumbition The Podcast, you need to become a member of Mums & Co. Drop us anemail to hello@mumsandco.com.au, or check out our website for the premiummembership details at www.mumsandco.com.au.