For the first edition of my 'Talking Tech’ series, I interviewed Jaspreet Gill, a specialist in Cyber and Technology Risk about her perceptions of the industry and how we can encourage more women to enter the field.
Having moved to Morgan McKinley London to drive the Infrastructure and Security space, I have decided to launch a series of articles where I will be sitting down with Senior leaders in the industry who fulfil high impact roles to learn about their journeys, experiences and insights.
Through this, I am hoping to shed some light on the skill-sets required to be successful in the field. These articles will also provide invaluable career advice and the opportunity for those within the industry to get up close and personal with the professionals who are leading the way in innovating and disrupting the front lines of their Technology landscape.
In my first edition, I sit down with Jaspreet Gill, a specialist in Cyber and Technology Risk and currently the Global Head of Risk ORC Information and Communication Technology (ICT) Group Data Management at BNP Paribas.
Jaspreet Gill is an experienced professional in the financial services industry who has consulted and worked for banking, insurance and asset management organisations. Her background encompasses building new teams and global business functions, regulatory compliance, emerging technologies and governance as well as strategy development for technology and Cyber Security teams.
What made you choose a career in Technology Risk and Cyber Security?
As a child I was encouraged to dream big, work hard and be dedicated to anything that interested me. Whilst I was completing my A Levels, I entered a National engineering competition which made me realise I enjoyed solving complex problems and that I wanted to make a difference in the future. This led me to study Electronic Engineering at University (which was quite rare for a female at the time ). This naturally piqued my interest in technology and over time, as more and more cyber security incidents became headlines, I knew this was an area I wanted to focus on within my career.
What have been your career defining moments?
I don’t think there was one major career defining moment, instead there were a series of small wins that made a big difference over time. For example, early on in my career one organisation I worked for had a security breach. I quickly realised that there was a lack of skills in the security team and it also highlighted the importance of having one. This allowed me to learn more about what was required to build this team in-house and develop the skills needed to ensure the organisation was better equipped to manage similar incidents. It was a great opportunity for me but equally I liked to challenge the status quo and wanted to be the first female in the team, to make an impact and bring fresh ideas.
What factors have been critical to success in your career? What kind of guidance did you have?
What do you love most about your role?
Technology risk and cyber security is about protecting people and organisations from harm but when someone is victimised, discovering who did it, pursuing bad actors and taking preventive or corrective actions. I enjoy sharing and presenting ideas to board members and industry leaders, being able to influence decisions based on what we can learn from incidents and what we can improve is continuously rewarding.
"I would be naive to think I know or would ever know everything about technology risk, cyber security or data. There is always something to learn."
What are some of the key trends you’ve seen in the market and what do you foresee?
In your perspective - what’s the biggest threat to companies presently?
People expect every experience to be fast, seamless, instant, at the click of a button, with increased use of social media and applications. Not developing and adapting organisational technology quickly enough to compete with new industry entrants/disruptors forms a key threat. Technology and cyber risk can help identify technologies and processes to both meet client and customer demands, whilst reducing the exposure and vulnerabilities introduced from any large transformational change.
Other threats are more well-known - regulatory breaches/fines, loss of sensitive/critical/personal data and lack of business resilience in order to respond to an incident; all of which could result in lack of confidence from investors, clients, and employees.
What are some of the most sought after skills in Security?
Security teams all require a variety of skills (from third party technology security, to penetration testers, coders, data analytics, threat intelligence, governance, business resilience and so on). What is key is to find people who have technical skills, alongside strong interpersonal and business skills, for example, the ability to explain technical security jargon to the business in a way that is meaningful so they can make key decisions.
Why is it important to close the Cyber Security gender gap?
We need people with disparate backgrounds because the people we are pursuing, threat actors and hackers, also have a wide variety of backgrounds and experiences; taking people from the same backgrounds will most likely result in the same solutions. Given the huge skills gap in the industry, it makes sense to double the pool of talent.
How could we encourage women to build a career in Security and what advice would you give to them?
As an industry we need to continue working on education, awareness, industry perception, providing support and preventing barriers for entry. In particular:
How can someone with IT experience make a shift into Cyber security - where should the individual start?
While the situation in the Technology industry has improved marginally in recent years, Cyber security and the Tech industry is still a male dominated world - what are your thoughts on this, have you seen an improvement yourself?
There have been advancements towards creating more diversity within Cyber Security and the Tech industry, however I believe there is still more to be done. Not long ago I joined a call where all other participants were male - when I announced myself there was complete silence, I introduced myself again and finally one of the participants kindly informed me that they were expecting a male to join the line. They had honestly admitted the error and after a few giggles we moved on, but it was interesting how there was an assumption of my gender based on my job title. We must continue working on awareness, industry perception, role models and preventing barriers to entry.