We get to know Katy Hinchcliffe – Littlefish Head of Cybersecurity, who talks about her career path and her most memorable achievement.
What would you describe as your most memorable achievement in the cybersecurity industry?
Winning Security Leader of the Year at the Women in IT Excellence awards in 2019. I was over the moon to make the finals but winning was a great surprise.
What first made you think of a career in cybersecurity?
It wasn’t something I really knew anything about. I did a degree in Animal Science and was applying for generic management roles after I had decided my career wasn’t with animals. I got my first job as an Information Security Officer implementing BS7799 (the precursor to ISO27001) at a government agency. From there, I have worked in many information security and service management roles.
What style of management philosophy do you employ with your current position?
In the past, I have always admired leaders who use a mixture of different leadership styles to get things done. I try to replicate that style agility and match it to different situations. My core leadership style is decisive, supportive, loyal and fun. I enjoy solving problems as part of a team and I’m happy making difficult decisions. My goal as a leader is motivating a team of people to achieve great things, whether that be setting up a new function, implementing a new technology or responding to a cyberattack.
What do you think is the current hot cybersecurity talking point?
I think the current hot talking point for cybersecurity at a strategic level doesn’t particularly change. The focus is always around deploying appropriate controls while enabling businesses to achieve their objectives. The balance between security risk and business needs continues to present a challenge, especially in a world where technologies and therefore threats are evolving so rapidly.
How do you deal with stress and unwind outside the office?
I enjoy exercising (running and HIIT workouts) to clear my mind when stressed and being creative doing crochet (making blankets and decorations/toys).
If you could go back and change one career decision what would it be?
I am not sure I would specifically change anything. My career path has never been particularly deliberate or targeted, but I have taken opportunities as they have arisen. All of my roles and experience have given me some skills that I continue to draw on today. My roles outside of core security functions (as a Service Manager and an Infrastructure Architect) have been particularly valuable for me to be able to see the wider picture and understand challenges from other perspectives.
What do you currently identify as the major areas of investment in the cybersecurity industry?
For many years, investment has been focused on technologies. However, I see time and time again organisations are not getting the benefits they have been sold without the right service and support model. These single point technology solutions are not a silver bullet – if they were, then we would have solved the issue of cybersecurity by now. Key factors are the people and processes that support the technology and I see that as a major area of investment.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?
I think there is a different cultural approach to security risks across different regions. I recognised this when working at a global aerospace organisation – the US were much more risk adverse whereas the APAC region had a very high tolerance for security risk. I think these natural cultural differences in approach to risk propagate to how cybersecurity challenges should be tackled across the globe. There is no doubt about it, that single holistic technology solutions are key for global organisations. However, ensuring processes underpinning the use of technology are understood and, where required, adapted to suit regional differences is a good basis for ensuring cybersecurity controls are perceived in the right way.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
The COVID-19 pandemic has brought with it some challenges – mainly the move to such a high volume of remote working. The technology to support this model has presented increased security challenges related to patching, support and the natural protection that an office environment provides has been realised. I think the coming year will force much more focus on optimising remote working models as organisations embrace this approach and security controls that enable this, such as Zero Trust will be accelerated.
What advice would you offer somebody aspiring to obtain a C-level position in the security industry?
Find a great network of peers working in a range of different organisations. I call upon my network regularly for advice and have built a mutually beneficial network. I have found my experience in roles outside of core security functions instrumental in me making balanced and informed security decisions in my current role as I am able to see challenges from other people’s perspectives.