Paramita: Hello and a warm welcome to PwC Luxembourg TechTalk. Last 24th October, at our annual cybersecurity day, one of our keynote speakers was Jane Frankland. Jane is the owner and CEO of Cybersecurity Capital Ltd. and a founding member of Women4Cyber.
For today's episode, I sat down with her just before her speech to talk about cybersecurity but more importantly about women in cybersecurity. Since Jane was in a rush, I recorded our conversation on a smartphone this time. So the audio quality is understandably a bit poor. Please bear with us.
Jane: So I'm talking about securing the future state. I'm going through three things. So it's like looking at the vision. Where do we want to be? What is our ambition from a digital landscape perspective? What are the changes that are coming at us and how do we want it to be? And then I'm looking at the threats.
So what are the internal and external barriers to us making progress and securing the future state. And then I'm looking at the strategy. So what are the practical steps that we can take in order to secure the future state?
Paramita: When you talk about future state, what do you mean? Future state as in the government?
Jane: As in the world. So what is our world going to look like? What is our work going to look like? What are our homes going to look like?
So say, for example, we have got so much change coming at us. And, you know, growth being the common element with that. So we've got more people, more devices, more connectivity and much more data. So we are changing from a scarcity business model and we're moving into an abundant business model. So right now, we've got about 50 percent of the world's population online and we've got in the next, say, 10 years or so, we've got about 90% of the world's population coming online. And then we have lots of connected devices, machines, technologies and so forth. So for me, I like change and I'm excited by it. But I work in security, so I can also see the flip side of that.
Paramita: Very objectively speaking, do you think that we can really have something as a secure state? Is it possible? I mean, why I'm asking is I'll give you an example. I am from India. There's this article that came out recently about India where they're really pushing for digital transformation and everything. And one of the areas where they are really pushing for it is the Social Security. When it comes to cybersecurity, when it comes to failures in security, it's a huge, huge problem. How do you go about doing, you know, implementing security in a country like India?
Jane: So that's a really good question, because it's country as opposed to company. But the way that I like to think about security is it is a state of being. It's a way of thinking. So with anything, you've got to strip it all back and kind of think about, well, you can't have a 100% security. It's just not possible. So we've got to get realistic with it. And a lot of the problems with, say, our situations comes down to language. So we're talking about secure security. That's not our job. Our job is to reduce risk. So our job is to reduce risk in line with, say, the business's appetite for it or the country's appetite for it. So we have to determine what is the ambition, how far we want to go, knowing that we can't secure to a 100%. It's just not possible, but we can reduce the risks. So how... What are the risks? So say if you're looking at a company, what are the assets? What are those assets worth? What do they do? And then so forth. What's the value of those assets, both in financial terms and also kind of operational terms as well... the whole thing.
So with a country, you need to look at that further and then you would be bringing people in to the situation.
Paramita: What kind of profiles you would need? Risk officers? Who are the people that are capable of...
Jane: Who are driving it? Well, that depends on how you want to do it. So my preference is to have combinations. So you might have a key security person. So let's call them a security officer. So chief security officer. But what you're doing is embedding security into the various the company departments. So you've got the ambassador, so that you're spreading the awareness that they know, they understand it, so that they can come to you, but they are empowered. So it's better understanding, better awareness, them accepting the risks with that full understanding driven down from security. So security is across organisations. And so from a country perspective, the more we can embed it into the fabric of our countries and our worlds, the better that we can do.
And think about it, you're a woman, I'm a woman. We see risk in a different way, which is one of the things that I'm talking about. We're naturally attuned to it, you know, so we have this spidey tingling you know. It's wired into our DNA. So we are very aware. No one's a 100%. Nobody gets it right the whole time because we're human. But we bring something else because we have that sixth sense or whatever when it comes to risk.
Paramita: That's very interesting. I'll ask you again, a very naive question, probably. I was looking at the... There's a TED talk on how Brexit happened. The Guardian journalist who actually brought it to light and how the entire fake news propagated and how they were collecting the data... So how can we stop that? Is there a way to stopping the harvesting of data? I mean, we are naive and I know that, you know, we need to empower ourselves. But there's only so much that we can do. Is there any other way?
Jane: My talk today is based on what are the greatest threats? What are our internal and external barriers? They stem from people, you know, so that so everything is linked. So it's very much about empowering our people, educating our people, creating environments of high challenge and high support, which is not code for psychological safety, but it's environments where people do come in. They are developed. They are trained. They are stretched. And because of that, they can cope very well with the changes that are to come. And because of the changes that are so prolific that are coming at us, no one is going to have all of the right answers at the times that we need them. So when an attack is coming and we've not seen it before, no amount of drilling, repeat drilling is actually going to help us to deal with an attack, a type of attack that maybe we've not seen before. So the more varied... say there's been research that's been done about there's not in security, but the more varied the incident, the better that we can deal with these attacks that are new to us, the better that we're prepared. And creating these environments of psychological safety means that, yes, our teams might not have the answer...
Paramita: How do you that? How do you create those?
Jane: The way that I would teach is you have to start with, you know... You're building trust, building your influence, you know, looking at what is your mission, what is your vision, what is your why and living it. So say, when I have created teams in the past, those teams have known that I have had their back. I will do anything for them. But there is an expectation if I ask you to, because you know that you're looked after, because you know that you're safe and secure with me, that occasionally I might ask you to do something which goes above and beyond your call of duty. But because you know that I'll do anything for you and have your back and will keep you safe and guarded and the wolves at bay and things like that, then they'll do it. And they also know that they can come to me for questions or whatever it is. I've got a silly question. Or what about this? Or I was thinking of doing that. That's a great idea. That will work. So they are encouraged, supported and developed, but they're also stretched. So I might throw a problem out to them and say, come back, have a look at it, solve it together. It doesn't matter the fact that they've tried and it will have move forward in some aspect will be meaning that they are growing and developing. So you have to have your... build your influence, build your trust and trustworthiness, and you have to be able to go out there and reach those people. So within your company, because then it becomes a natural approach, very much pulling and attracting rather than pushing and forcing and command and control built on hierarchy and job title. This is built on personal power and personal effectiveness. Yeah, trust and influence. And then you've got to do that outside of your organisation. So it's just if you want to attract the best people to come work for you -- with you -- because we're in the age of working with, not for or under, come and work with me. Then you've got to be able to get that message out. And much of that comes from what do you believe in, you know, your pitch, your vision and actually walking the talk and living it. So being... this is why I quite often talk about personal branding, because it helps you attract the opportunities to you. And it helps with that stakeholder engagement within the organisation at the different levels. So you have to get buy in from the top. You have to build bridges and walk over them and you can't expect people to come to you. You have to first understand what's going on in their world. So say, if I want to understand about comms, I won't come... I won't want you to understand about security. I actually would come and speak to you about what I do in security. I'll come and find out about everything that goes on in your world. What are your challenges? How can I help? And then with reciprocity, you know, you just actually being interested in someone and how can I help you to do. And by seeing it through your lens, that gives me greater perspective and insight into how I can help you. And then you're going to be naturally inclined to say, well, what is it you do? You know, so it's very much... again, I say this in the talk, the fish rots from the head down. So you've got to get those stakeholders, the leaders on board, all the C-levels that you interact with. And then create these cultures as a leader, a team leader, as a C-level and then ideally in the company. So it's not just a case of I'm a leader and I'm facing obstruction here because they're not buying in. So I'm going to go. And by the way, my team are coming with me, even though I've not said follow me, but they will do because I know they're safe and secure and will progress with you and be looked after.
But you've got to really do that within the organisation for you to do a better job and to become known to attract the talents and have that talent pipeline. And then you've got to bring in diversity.
Paramita: A very interesting point right there, because that is so true that we as women, we are tuned differently.
Jane: We are. We're different. And it's OK to be different. And of course, we know from women in business anyway that profits increase, productivity increases, we stay on budget much more compared to homogenous teams. So good things come like, oh, there's lots of research around all of that. But when it comes to security, then just as you said before, we are fundamentally different to men. So men and women are different and it's good to be different. Really good to be different. And it's time to be different, actually, and to embrace this. And when it comes to security, we see risk in a different way. That's the difference. So we are naturally more risk averse to men. And this manifests itself. I mean, there's been like I think just under 200 studies, you know that I picked up looking at how men and women see risk in a different way. And women are really good at assessing odds. And this manifests itself in an increased avoidance of risk. So when you get the two working together, because it's not about women are better than men, just means that we get a better posture on exactly what our risk is. And there's been some interesting research about this just to kind of map it. Here's women looking at risk. And here's men look at risk from a graph perspective. And then let's look at the two together, overlap it, which I found really interesting. So we know that. We know that women are very detailed in their exploration and they are very highly attuned to picking up different patterns of behaviour. So because of that, that helps us spot attacks that are going on. And therefore protect our environment. You know, we talked about almost like the sixth sense. You know the spidey tingly. And we have high intuition. And I mean, these are all like generalisations, you know, coming from research that suggests. But we have high, high intuition. We score highly when it comes to social and emotional intelligence. And we also can remain calm during times of turbulence. So these are skills that are needed for spotting attacks, but also dealing with them when we have an incident. The other thing that's notable with women is that the intelligence increases in a group. So diverse environments make better decisions 87% of the time. But when you have women in a group, the more women there are, the greater the output, the intelligence that comes out from that group. And I'm pretty sure that I would have to check in my book because everything's kind of backed up in the book. But I think that bit came from research that was done in the military in the US. I think that last bit in terms of the collective intelligence.
And what else happens with women? Well, we're compliant. We're compliant of rules and regulations, much more. And that is a good thing because again, if we're working with men, which we are, they might not be, but we can step in. So we're compliant of rules or regulation. We're more embracing of technical controls and organisational controls. So whether we are the voice of conscience or whether we are policing, but we just have these differences. All of these things have come to light from research that has been done. So when you kind of look at men and women and you look at our environment, which is about reducing risk and spotting anomalies and working with people... so from the social skill, the soft skills, then our industry really benefits when we have women in it. But the other thing, of course, is when you get women in... so when we put the spotlight on women and we focus on getting more women, the whole of diversity improves. And the whole cultures improve. Because if you think women are like the canaries in the cage, you know, so that if it's not working for women... what works for women, works for all people. So it's just like making sure that you're getting it right, treating them as here's the canary in the cage, if it's not working for them, then it's not working for our teams. It's not working for organisations. What do we have to do in order to change this so that we can attract and retain through developing and creating cultures and great environments so that we get great output, happy environments. When people are happy, they perform. When they feel safe, they perform. Yeah. So this is what it's about. So and of course we need to bring in the different thinkers. You know, if we look at Winston Churchill, one of the greatest leaders of all time, and what he did with the Second World War. So we were in a stalemate position with the Germans. Great minds on both counts. Stalemate. What he did is he brought in 10,000 people, mostly women, different demographic, age, backgrounds and so forth. And he brought them to Bletchley Park. And what happened? They all got together, thought differently, and ended up shortening the war by two to three years. It's a great example but I think what's interesting is women have typically always been used in times of war. So it's just like not calling us to say... that's helped with the war efforts.
But then we've gone... we've been pushed back to our homes, the families, and we don't need you now. Thanks for your help. But you know, Bletchley Park, you know, a really interesting kind of affair what went on. I mean, the contribution of those women and they weren't allowed to speak about it. They had to go back to their homes. They weren't able to really get any other jobs because we couldn't speak about what they've done. So they, you know, for a long time, you know, and it's just like almost as if it was in vain.
And we know that when women are politically and economically empowered, countries are more stable. So it's bringing them in. And the world is a very hostile environment. It is particularly volatile right now. So... I'm sure I heard I was in Berlin, actually, and I was talking to a woman who... it's an amazing conference, actually, forum. And I think she worked for one of the military organisations. She said, I haven't found any data on this, but when women on negotiating peace deals, the countries are more peaceful for longer. So negotiating peace deals when they're involved. I mean, it's obvious. It's obvious to us. But I think with when it comes to women, although we know that it's the right thing, how dare anyone not treat us fairly just because of our gender? The way to, for us to move forward is to be really strategic and tactical with it and to present this as a strategic business opportunity. And then when we have got the metrics with that which we need to gather, which I'm doing some work on, then we can actually have data driven conversations and say in security, your risk is dropped by this. Your agility increases by this. Your retention rates increase by this. Women are good for business. Bang. As opposed to, it's the fair thing to do.
Paramita: That was my last question actually that you know, that this can actually be, you know, put in the cybersecurity agenda as a threat mitigator. Because it makes so much sense for me. I mean, being a woman, it makes so much sense.
We know it's true that you know when it comes to risk and security and rules and all those things that we have that inherent thing. And, you know, if you have the metrics, if you have the numbers that back it up and...
Jane: Exactly. We have to be smart about this. We are incredibly powerful. You know, we as women, we are so powerful. And I believe in male energies and female energies, yin and the yang and all that. But as women, we are incredibly powerful.
And that's... we haven't been physically powerful and we have been a threat because we are different. That's probably one of the reasons why we've been kept down, but which is a pity because for us just to be alongside or leading ,if that's the right thing to do, we're not looking for a retribution. So for me, it's just that we are incredibly powerful version of the same species. And I think this is our time. We are moving more into our time, more information communications technology. We still are disempowered because of our physical strength. And the years of persecution. You know, burning witches at the stake. You know, and all of speaking up, raising our voices.
So we have to use women strategically.
We come from this... we have this heritage of secure, lockdown. No sharing. Division, silo, mine. I mean, what we need to do is trust and open up and collaborate because we are in abundant business model. There is enough for everyone.
Paramita: Great. So thank you so much again.
Paramita: So that was Jane Frankland. A big thanks to her for her time. I’ll see you in a couple of weeks with my co-host Luis Salerno.
Commmunication, PwC Luxembourg
Tel: +352 49 48 48 5821
Commmunication, PwC Luxembourg
Tel: +352 49 48 48 5821