I’ve always been interested in technology, so a career in IT was an obvious path for me. I like to explore how new technologies behave in practice and understand the principles behind them. Ultimately, my inquisitive nature and enthusiasm for technology led me to pursue a career in cybersecurity. It was new and complex, and required a lot of creativity – which one might not always expect from an IT job. Working as a consultant, I tested the resilience of companies’ IT systems and gave advice on vulnerabilities. I could see exactly what was needed to improve security, so it was a natural next step to help protect an organisation from the inside. 

 

To protect our clients’ wealth, the IT security team works to monitor and continuously improve our systems. We ensure the services we provide to our clients are robust, secure and regularly tested. This requires what we call a zero-trust principle, which we follow when designing our environments and security controls to create multiple layers of defence. We focus on three areas: prevention, detection and mitigation. We conduct training scenarios to practise our response and recovery processes. 

 

It can be a challenge to balance innovation with security. As we implement new technologies, we have to consider our risk appetite. We want to enable the organisation while also protecting it. If you go too far, you risk blocking innovation, and if you don’t do enough, you can introduce too much risk. I respect the way my team searches for this sweet spot every day. Now, it’s AI; a few years ago, it was about cloud adoption, and in a few more years, it will be something else.