Much like the cyber security landscape, careers can be a bit unpredictable. Over the past 10 years, I have been on a largely untravelled career path and I’m honoured to have been part of the ever-evolving world of cyber security and internet governance.
At 19, I went to Art School to become a documentary-maker. I had just completed a year of an undergraduate programme in European Law and Communication and my heart just wasn’t in it—I knew I’d be better suited to a more creative environment.
I made the right choice; documentary practice was a creative outlet that I enjoyed, but it also allowed me to see the world from a very different perspective. One of the key skills you learn while making documentaries is identifying stories and establishing relationships of trust with the owners of those stories. If you couldn’t crack that, you couldn’t tell anyone’s stories – there’d be no story to tell.
I did some commercial work around the world for a couple of years, but decided I to needed to learn some more, so I took a creative internship at an ICT4D (Information and Communications Technologies for Development) Foundation and never looked back. It was the catalyst for my journey, because from there, I moved onto Internet Governance, then to cybercrime mitigation and then more broadly cyber security capability building for nation states, working with senior government officials.
‘My Art School skill of establishing relationships of trust really served me well. Cyber security, the jargon, the discourse, and the strategy – these are all premised on the ability to establish trust’
I think this is where my Art School skill of establishing relationships of trust really served me well. Cyber security, the jargon, the discourse, and the strategy – these are all premised on the ability to establish trust. Throughout most of my roles, I worked alongside very intelligent people with incredible academic backgrounds, but none like mine. Lawyers, computer scientists, engineers, economists but never creatives with an Art School background.
If you’re wondering what national cyber security capability and capacity building is, essentially it refers to the ability of a nation state to achieve cyber resilience i.e. being able to mitigate and respond to threats flexibly and, in the case of more mature countries, respond to threats proactively and strategically.
When we talk about a nation’s capability to respond to cyber-threat, we don’t simply mean a technological consideration of capability. We also include considerations that look at a national plan to continuously improve whatever capability a nation may possess at a time. We include a civil society consideration that looks at the awareness of society at large and whether their levels of digital hygiene are as embedded in a similar way to that of brushing our teeth. We look at education, and the ability for people to have access to cyber security and digital related education, as well as access to professional development. We look at the capability of the criminal justice system to effectively prosecute crime and process electronic evidence. We look at standardisation for security, international standards and international collaboration between countries which all contribute to a nation’s cyber risk management.
I count myself very lucky to have worked in more than 60 jurisdictions. I have reviewed more than 40 national strategies, spoken at more than 40 high-profile international events, including some hosted by the United Nations, Council of Europe and many more. I am a co-author on the first and second editions of Oxford’s Cybersecurity Capacity Maturity Model for Nations as well as co-author of Oxford University Press’ Handbook on Cybersecurity(2021).
I am currently at a digital risk consultancy, Protection Group International, where I work directly with governments and multilaterals with the sole aim of advancing the world’s capability to manage global digital risk. I am excited about the opportunities we have to be part of such a vital part of our constantly innovating world.