Interviews 20.06.2024

Five Minutes With: A Threat Intelligence Knowledge Manager

Rebecca considers a lack of line in the sand around AI and the gender pay gap two of the industry’s biggest unsolved problems and has a decent argument for why cybersecurity needs to learn from the finance sector

Rebecca Taylor has fallen in love with the cybersecurity industry. With a bunch of award nominations and wins under her belt, she has recently and speedily become a well-recognised name in the sector.

What was your route into cybersecurity? 

I had an unconventional route into cyber with an English and Creative Writing degree. I got my foot in the industry door as a PA. I saw a job-diverse industry and the plethora of skills and routes for progression that cybersecurity offered. So, I took my chance with both hands and ran with it…and I haven’t stopped running yet! With roles in change management, incident command and now threat intelligence, seizing my moment was the best thing I’ve ever done.

If you could retrain for a dream job, what would it be?

I would love to train to have the skills of a chef. I love food, eating out and trying new dishes, but I am rubbish in the kitchen. I’d love to be that person who can grab a bunch of random ingredients and create something magical.

Who do you admire in the cybersecurity industry?

Laura Reilly of Cryo Cyber creates opportunities, visibility, and safe spaces for underrepresented groups to shine together and progress in their cyber roles.

Amelia Hewitt is another individual I admire for her bravery, attitude, and willingness to help. She recently founded a non-profit called CybAid, which offers pro bono support to charities and small businesses with cybersecurity needs.

What’s the biggest misconception about cybersecurity?

The belief that state-sponsored threat actors are only concerned with big organisations and therefore only those companies with big bucks are at risk.  State-sponsored groups operate as an extension of their nation’s governments. Thus their motivations align with the state’s broader economic and border geopolitical goals. This powerful connection means that no entity – whether a corporation, organisation, or individual – is immune if it becomes of strategic interest to the state. The reach and resources that these groups have at their disposal allow them to engage in a wide range of activities, targeting crucial information or infrastructure that serves the state’s agenda.

What’s the best thing about your job?

I help people. Whether it’s within my core role of ingesting threat intel, nurturing it and then distilling it or as an industry mentor and speaker. I fundamentally believe I am helping to make cyber more accessible.

And the worst?

Trying to be patient in the world of threat intelligence can be hard. I can often spend hours mooching through indicators, articles, and dark web searches, but nothing exciting pops out. I can spend weeks designing processes, procedures, and systems, thinking of every possible angle and requirement. This can be challenging as I am very much a ‘start-to-finish’ individual, so I will just keep going until I get the end result, but I think everyone sometimes wants the ‘end result’ to come quicker.

What advice would you give to industry n00bies?

Just go for it! I joined without technical skillsets and a very limited understanding of cybersecurity, but I had drive and passion. Unfortunately, many organisations with junior cyber roles expect you to have significant experience before you even start, so maybe it is about taking alternative pathways, like I did with my PA role, to get a foot in the door.

It’s also worth highlighting the many cyber mentorship opportunities, such as those provided by Reed Technology Women and Empowering You, and alternative cyber training initiatives, such as those offered by Udemy or Plexal. These can help bolster a resume and serve as experience when applying for roles. Do some digging, see what would work for you, and then seize the moments that come your way!

What’s the biggest as-yet-unsolved problem in cybersecurity?

If we consider the human side, problems lie in the gender pay gap, poor representation across industries, struggles with distilling cyber awareness to workforces and managing insider threats.

However, the biggest unsolved cybersecurity problem is deciding where the line in the sand is with artificial intelligence. Nothing officially regulates and manages that line in the sand of what is right and wrong when it comes to AI.

“Nothing officially regulates and manages that line in the sand of what is right and wrong when it comes to AI”

How do we defend ourselves? How might our tech have to change to detect, protect and respond to AI-generated threats?  Where should different industries stand from a morality, ethical and even usage standpoint? Where does the AI accountability lie, especially when an organisation claims ‘the bot did it’, especially if the AI outcome caused human harm? Where is the line in the sand for organisations to say ‘no’ to using AI?

There is an urgency for a resolution on regulating, managing and implementing artificial intelligence.

What industry or sector do you think cyber could learn from?

The Finance sector, particularly in terms of risk management, compliance standards, and the application of complex regulatory frameworks.

The cyber industry would benefit from taking the same stance as the finance sector in leveraging risk assessment models and their applied predictive analytics to identify potential threats and prioritise issues based on their impact on business operations. Additionally, the strong emphasis on compliance in finance, driven by various international regulations such as GDPR in Europe, GLBA in the U.S., and PCI DSS for payment card information, offers a knowledge template many cybersecurity organisations could leverage in protecting, detecting and responding to the threat.

Do you think we’re making progress with improving gender diversity in cybersecurity?

I see more women progressing and succeeding in the cyber world, and I see representation changing slowly but surely. I don’t feel alone. But gender diversity in cyber is by no means ‘fixed’, and SO much more progress needs to be made. Whilst there is now a lot of chat on STEM subjects and the hiring of underrepresented groups into cyber, development and retention remain a consistent problem. Whether it be gender pay gaps, a lack of understanding of what different genders want and need to be successful, whether it be antiquated policies and procedures written by males without female insights, or unconscious biases…there is so much that needs to be discussed and improved on.

What do you wish for women coming into this industry in the future?

I would love for future women to come into the industry, and the fact that they are women goes entirely unhighlighted.

What’s your guilty secret?

Reality TV. We’re talking Love Island, Married at First Sight, Love is Blind, and Made in Chelsea. These shows bring me a lot of joy!

Favourite way to spend a Sunday?

A walk by the river with my husband and kids, coffee in hand. If I can squeeze in a nap when I get home, the day is perfect!

Describe the cybersecurity industry in three words

Protection, Detection, Response.

Rebecca joined Secureworks in 2014 and immediately developed a passion for cybersecurity. In 2022, she moved into the threat intelligence knowledge manager role within Secureworks’ counter-threat unit.

Rebecca advocates for diversity, equity, and inclusion. She frequently speaks at events, supports podcasts, offers mentoring and STEM talks, and creates content. Rebecca recently won ‘security woman of the year’ at Computing’s Security Excellence Awards 2024.

Latest articles

Be an insider. Sign up now!