The information security team at the Ministry of Justice: Kathryn Cotterell, Chantelle van Wyk; Tina Wakefield (CIO) and Lana Tosic.
Women are underrepresented in the technology workforce in this country and globally.
The Ministry of Justice, however, is leading the way as one of a handful of organisations - public or private in New Zealand - to have a female head of technology.
Tina Wakefield, Chief Information Officer and Deputy Secretary, Information and Communication Technology, joined the ministry two years ago, coming from the Department of Internal Affairs, where she was acting deputy chief executive information knowledge and services. Before that she was general manager government information services and chief information security officer.
As deputy secretary ICT, Wakefield is one of the few government CIOs who holds a Tier 2 role. She is part of the strategic leadership team and part of strategic ICT conversations at board level.
She also has an all-women ICT security team, composed of Chantelle van Wyk, ICT Security Manager (acting), Lana Tosic a Senior Information Security Specialist and Kathryn Cotterell an Information Security Analyst.
Wakefield is on the governance group of the Government Women's Network, the Executive Sponsor for the Ministry's Women's Group and Executive Sponsor for the Ministry's Young Professionals Network.
She says Chantelle van Wyk is a security professional with more than 12 years experience, having come from KPMG. She has worked for Symantec, Rackspace and Striata.
Before moving to New Zealand, van Wyk managed security specialists globally as a global IT and security manager at Striata.
Van Wyk has an MSc Masters in Information Security and numerous technical security qualifications. This supports her balanced perspective between advanced technical skills and the ability to think more broadly about operational problems within an organisation, says Wakefield.
“She integrates the agile/scrum approach in her daily operations and utilises her knowledge from her Prince2 project management qualification, to effectively manage security within the ministry.”
Lana Tosic has specialised in cyber security, information assurance and security working across government, military and commercial industries for 17 years.
Her publications include: New Zealand Security Incident Management Guide for Computer Security Incident Response Teams (CERTs), Carnegie Mellon University SEI and GCSB May 10, 2013; The
NCSC Voluntary Cyber Security Standards for Industrial Control Systems v.1.0 GCSB March 10, 2014; and Industrial Control Systems Cyber Security Framework Independent, July 7 2015.
In the local information security sector her activities include being Founder of IMentor, where she mentors and supports undergraduates and young professionals.
Tosic is a founding board member of iSANZ and is active in the Government Women’s Network, which connects people across New Zealand to achieve a step change that will see women in government achieve their potential.
The third member of the team, Kathryn Cotterell, has been working at the Ministry for two years. She was previously with the private sector as a security consultant and penetration tester, and before that studied Network Engineering at Victoria University of Wellington.
Wakefield says Cotterell provides security expertise in a range of areas, including providing information security advice, performing operational security processes, monitoring the performance of operational security services and incident management and response.
Building more effective teams
In a recent report, Gartner analyst Roberta J. Witty notes that information security, a field where staff are in short supply, women offer organisations a source of talent to address the skills shortages.
Gartner advises security and risk management leaders to enlarge their recruitment pipelines and build the most effective teams, by looking to recruit more women.
“In a field where talent is in short supply, the presence and perspectives of women offer organisations a source of talent to address the skills shortages,” she writes.
In her report Gender Diversity in Security and Risk Management, Witty suggests three ways organisations can expand their security teams.
Partner with primary, secondary and higher educational institutions, to introduce young women to the security and risk management professions.
Change current hiring practices to emphasise competencies such as innovation, adaptability, creativity, business acumen and collaboration. “Technical skills can be taught relatively easily, whereas behaviours and soft skills are harder to change and develop.”
Implement gender-blind recruiting practices and training to mitigate gender discrimination, and use retention practices that promote women to top leadership and executive positions.
Providing work-life balance practices, such as flexible work hours, is a competitive differentiator in the labour market that can help in the retention and recruitment of women.
Witty recommends organisations to incorporate flexibility into every role within the security and risk management disciplines, with practices such as remote work arrangements and flexible hours.
“Flexibility releases the stress of working long hours. This is a reality in many security and risk management disciplines, especially information security and business continuity management,” she says.
Security leaders are advised to work with their respective human resources department to determine the mix of practices that will work best for their organisations.
First and foremost is you get diversity of thought and approach to cybersecurity problems
Women in cyber
Cisco security executive, John N. Stewart, attests to the imperative and advantages of having a diverse cybersecurity team.
“First and foremost is you get diversity of thought and approach to problems,” says Stewart, senior vice president, chief security and trust officer at Cisco.
There have been business studies that show diversity of thought leads to better teams, leads to better outcomes and leads to a better way of working, he says.
“We don’t have enough people in cybersecurity. We have got to make everybody come up with ways to get more people involved.
“It just happens for cybersecurity, there is a demographic that is not really tapped and that is women,” he says.
At the recent Cisco Live 2017 in Melbourne, Stewart says a forum on gender diversity led to a discussion on how to encourage women to work in the IT sector and to choose to focus on cybersecurity.
We started interestingly enough, with a different thesis, he says, on what is holding women from going into ICT. “We actually changed that to what is working, what is succeeding?
“Let us focus on that in our discussions.”
Send news tips and comments to divina_paredes@idg.co.nz
Follow Divina Paredes on Twitter: @divinap
Sign up for CIO newsletters for regular updates on CIO news, views and events.
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.