Information and cybersecurity is a continually evolving field. As enterprises become increasingly digitalised and as a result, the entire global economy has shifted towards service-based, cloud-enabled models. Now, the demands placed on a cybersecurity solution have never been more challenging to satisfy. This has become increasingly significant in the wake of coronavirus with people working remotely and therefore businesses are exposed to more threats online.
Amanda Finch, CEO of the Chartered Institute of Information Security (CIISec) started her career at a time where cybersecurity challenges were in their infancy and companies were only just beginning to become reliant on the internet.
Starting her career at Marks and Spencers, Finch explained that she “fell into” information security with little knowledge of the industry, helping the company begin its cybersecurity journey. Just over 30 years later, Finch is now CEO of CIISec and has developed the institute into what it is today.
Having changed “enormously,” Finch’s role as an Information Security Manager allowed her to learn and evolve with cybersecurity challenges. Speaking about the role when she started, Finch explained: “It was an extraordinarily simple world. It was lovely to start when information security started. It's got incredibly complicated. But, if somebody told me then that we'd be looking at things like state-sponsored activism, really serious organised crime, and all of the other problems that we have to deal with I wouldn’t have believed them. It was just a very, very simple world. I don't know if it's ever been an easy job, but it was obviously a lot easier then and I've had to evolve with the various iterations that have happened.”
“Information security was nothing like the scale that it is now,” she added.
From her role at Marks and Spencer to being CEO at CIISec, Finch has always worked in a largely male-dominated environment and she “could often be the only woman at a conference which could have had up to 150 people,” explained Finch.
Although she did argue, “certainly in the early days’ people remembered you, so you had an advantage from that point of view.”
Reflecting on her position as a female in a male-dominated space, Amanda explained that it was something she accepted, and that she was less phased than other people about being a woman in a very male-dominated environment. “I hope I've been a role model for people.”
Throughout her career diversity initiatives have been gaining traction. Finch noted that she “wishes” she was able to do more to encourage women into the cybersecurity field. She said: “When you reflect on how male-dominated it is, especially with the staff shortages that we have within the profession, you realise that the profession really needs to reflect society and, there's more than 50% of women so, therefore, we need to aspire to get to that point where we do in fact reflect society.”
Keen for the information security industry to reflect society, Finch has been part of different initiatives and events to promote women and minorities in this field. Although recognising their importance in increasing diversity in the industry, Amanda said: “I'm hoping that we won't have to have them because it will just be sort of like an anachronism, but at the moment, I think it's absolutely important because the biggest thing we need to do is attract more women into security.”
Lending to the success of her career, Amanda was voted by the members to be a non-executive director of ISP, the forerunner of CIISec. “At some point, we needed a CEO,” she explained.
“As I was working part-time and semi-retired at that point. The board said, would you look after it while we're thinking about what we need to do?'' They never went out and looked for anybody else. So I sort of had that thrown onto me as well. But, it's been a labour of love and it’s been a privilege to do it and there's no other job like it in the profession.”
Read the full story HERE
From an infrastructure perspective, 2U is actually in a really good state because we have a lot of infrastructure as code deployment builds, so have many security guardrails built into those CI/CD pipelines