Welcome to WiCyS June 2024!

Join us as we move into the second half of 2024! Welcome to WiCyS Australia Affiliate’s newsletter and community, where we work together to attract, promote and retain women in cybersecurity! 

In this issue:

• Coffee, networking, advancing together, and the chance to Win WiCyS Membership for a year! – Join us on 20th June as we meet and network in cities across Australia

• WiCyS Events coming soon: Let’s talk about salary in Cybersecurity

• WiCyS Profile: Natasha Kramarenko - my career journey, supported by WiCyS

• WiCyS Profile: Divya Sangar - We spoke with Divya Sangar, Enterprise Security Architect with CyberCX, on her career, her journey, and her guidance and hopes for women in cybersecurity

• Active Reading by Associate Professor Elena Sitnikova PhD, BE(Hon), CSSLP, SFHEA

• Resources – some items that the WiCyS Australia team think might be useful!

Coffee Meet up - June 20th 

Meet us and other professionals, students, and colleagues, in cities across Australia!

Join us for our coffee catchup in Melbourne, Sydney, Adelaide or Canberra on June 20 for an opportunity to network, empower each other, break barriers, and pave the way for future generations of women in this dynamic field. Free coffee for WiCyS Members, and an opportunity to win a 12 month membership!

See this testimonial from Deyan, who is a recent graduate just starting on the cybersecurity path:
The WiCyS coffee morning was a great learning experience for me as a recent graduate. It gave me the opportunity to chat with industry professionals and ask about in-demand skills and experiences, career development and mobility advice, and about workplace culture at different companies I’m interested in. I’ve also found the coffee mornings are a great way to grow my professional network; the more informal environment is perfect for friendly chats!

Win a WiCyS Membership
If you are interested in starting or furthering your career in cybersecurity, would like the opportunity to expand your network, or are simply interested in meeting some like-minded people who have an interest in cybersecurity or IT, do not miss our upcoming coffee morning!

Use the links below to sign up for this excellent and free event:
Canberra https://www.eventbrite.com/e/wicys-australia-networking-coffee-morning-canberra-tickets-907490256787
Melbourne https://www.eventbrite.com.au/e/wicys-australia-networking-coffee-morning-melbourne-tickets-907494750227
Sydney https://www.eventbrite.com.au/e/wicys-australia-networking-coffee-morning-sydney-tickets-907499243667
Adelaide https://www.eventbrite.com.au/e/wicys-australia-networking-coffee-morning-adelaide-tickets-907506204487

Let's talk about salary in Cybersecurity  

Let’s talk about salary in Cybersecurity.  Wednesday 7th August 7-8pm

Jasmine McCrudden and Paul Jenkins, Cybersecurity Recruitment Specialists from the Decipher Bureau and Fiona Byrnes, President WiCyS Australia Affiliate take us through salary expectations for cybersecurity and GRC roles in Australia as well as recent industrial changes for Gender Pay Equality.  Where to get the latest industry and employer insights before you make your next career move.

To register for these events, and to stay on top of other upcoming events, check out our WiCyS site here: https://sites.google.com/wicys.org/wicysaustralia/events  

WiCyS Profile: Natasha Kramarenko 

Recently our affiliate President Fiona Byrnes spoke with Natahsa Kramarenko on her career journey, her training and up-skilling, and her experience with WiCyS. Here is what she had to say:

I love IT, it was my major at uni and I worked all my life in this industry. But after over a decade of experience in different areas, including technical translation, quality assurance and people management, I was looking for new direction. This is when I found out about Women in Cyber Security (WiCyS) and their SANS Security Training Scholarship. Without much hesitation I decided to sign up and try. The program was aimed to help women who want to pivot their career to cyber security and presented and number of stages/challenges which would lead successful candidates to SANS training courses. As a result of my participation, I’ve completed 2 SANS courses and to my big surprise was offered a job. My training was in the cloud security area, and it gave me real confidence when starting in new position as DevSecOps Lead. I was very excited to apply my knowledge in practice and help mature software development security practices in my company. Together with my team we’ve worked on OWASP SAMM framework implementation, improving security posture in application development, securing SDLC, introducing vulnerability management process, and even running companywide incident response exercise. I am feeling very lucky to get this opportunity and to see that hard work and determination do pay off. In March 2024 I became a finalist of Women Leading Tech awards and had amazing celebration evening with my team and other talented women in tech.

To anyone who is considering career change, especially to cyber security, - please know it is possible, and there are great initiatives, like Women in Cyber Security (WiCyS) which are there to help you. It is always worth trying even to understand if you really like it or not. And if you do – there are ways to get there. 

WiCyS Profile: Divya Sangar 

WiCyS Profile: We spoke with Divya Sangar, Enterprise Security Architect with CyberCX, on her career, her journey, and her guidance and hopes for women in cybersecurity

Tell us a little bit about yourself and your career to date

I grew up in Fiji and had very keen interest in computers from an early age. I pursued my Bachelors in Physics & Computing Science. I recall in my last year of University doing a Networking course and became really interested in this area. Fortunately, my fascination with Networking persisted as I started my career in Telecom Fiji and then a number of Telcos in Australia. In 2014 I joined Equinix as they were building their first Datacentre in Melbourne. This opportunity granted me invaluable insights into the intricacies of Datacentre construction and operations , particularly in understanding global connectivity requirements where latency is critical and also multi-cloud architecture. In 2017, I transitioned to Microsoft, where I became part of a core team supporting Azure Networking business in Asia. This experience was enriching, as I witnessed firsthand the evolution of connectivity and the burgeoning era of cloud computing. It was particularly thrilling to contribute to the launch of ExpressRoute services in new regions and witness the release of innovative Networking and Security solutions. I also gained experience working with Telcos across Asia. Presently I am working as an Enterprise Security Architect at CyberCX and building my experience in Cybersecurity. This role allows me to continue building upon my knowledge and experience in this rapidly evolving field.

Do you have any anecdotes or interesting stories to share about your experiences?

In the early stages of my career, it was quite typical and normal for me to find myself as the only female in the room, with a noticeable absence of female role models in senior technical positions. Nowadays, it surprises me when I encounter similar situations. The increased focus on mentorship and leadership programs for women has already begun to shift representation, and it’s encouraging to witness this change and the strong allyship in this initiative.

What messages would you have for women who are trying to achieve a goal in the cybersecurity industry?

• Build your Network – I find inspiration in conversing with professionals in this industry, learning about their journey and understanding the keys to their success in their respective roles.

• Join a community – Communities such as WiCyS offer abundant opportunities for upskilling and networking. Participating in these groups can provide valuable connections and resources to support your career growth.

• Giving back – Consider giving back to the community by mentoring or inspiring others in their career journeys. Being open to conversations with individuals who reach out and sharing your own experiences can have a profound impact on others.

Do you have any hopes for the cybersecurity industry or women in general?

I believe our industry is moving in the right direction by emphasizing the significance of Diversity and Inclusion and fostering open conversations about it. My hope is that these efforts will pave the way for more women to assume leadership positions in senior roles.

Active Reading 

Active Reading by Associate Professor Elena Sitnikova PhD, BE(Hon), CSSLP, SFHEA

The Australian Department of Home Affairs has recently developed and released guidance materials on Incident Response Planning (https://www.cisc.gov.au/resources-subsite/Documents/ecso-guidance-incident-response-planning.pdf) and Cyber Security Exercises (https://www.cisc.gov.au/resources-subsite/Documents/ecso-guidance-cyber-security-exercises.pdf). For declared Systems of National Significance (SoNS) (https://www.cisc.gov.au/resources-subsite/Documents/cisc-factsheet-systems-of-national-significance-enhanced-cyber-security-obligations.pdf), for whom incident response planning and cyber security exercises are a mandatory obligation under the Security of Critical Infrastructure Act 2018 (SoCI).

Regardless of the business size, critical infrastructure organisations must be equipped with a clear understanding of ‘what to do’ and ‘who to call’ during a cyber incident and must be well-placed to respond, in the face of rising cybersecurity threats.  These industry and government organisations are encouraged to have incident response plans in place, and to regularly test those plans via cybersecurity exercises.  The attached guidance materials provide best practice advice on ‘what good looks like’ for both incident response planning (pg. 11 onwards) and cyber security exercises (pg. 10 onwards). These materials will help you understand Australian initiatives and address the following questions:

• What are the Systems of National Significance?

• What does SoCI stand for, and What is the SOCI Act?

• What is an Incident Response plan?

• List the eight-criteria from the recommended framework.

• What is the reasoning behind the provided government guidance for the organisational Incident response planning?

• What is a cybersecurity exercise?

• What is included in the evaluation report?

Cybersecurity Resources

WiCyS Global has a fantastic list that includes free training whether you are beginning your cyber journey or are a seasoned professional – https://www.wicys.org/resources/free-online-learning  

The International Digital Policy Observatory is a publicly-accessible database curated by a team of researchers based in Sydney. They track changes in digital regulation worldwide, and regularly update their database with links to articles and legislation related to misinformation, cybersecurity, AI, etc. The list was last month, but this is certainly something to keep an eye on in future: https://www.idpo.org.au/visualise

Contact Us

Please feel free to get in touch with our team, and send any suggestions you might have to help us and our community!

Contact us by clicking here!

Membership

To take advantage of the full benefits of WiCyS, register as a global member! Send an email to our WiCyS Australia team if you are interested, to take advantage of what our community can provide.

Global membership will enable you to network with more than 6,100 members across 69 countries, and give you access to many more benefits!