CyberWire Daily - Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes]
Episode Date: March 26, 2024Head of Cyber Governance with Red Sift, Dr. Rois Ni Thuama shares the circuitous route of her career into cyber governance. She notes the route "looks really clean, but actually it was a bit more Jer...emy Bearimy." While at Trinity College, Rois was moved to be part of history unfolding in South Africa and pause her studies. While there, she began making music videos and wildlife documentaries. Upon her return to London, Rois started working in corporate governance and risk at a music technology startup. This ignited her enthusiasm for startups. She now works in a company with several coworkers from that tech startup doing cyber governance. Rois advises law students of many ways into the industry including doing coding, learning risk management, and understanding privacy legislation, and then "just get into the game." We thank Rois for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
Hi, my name is Dr. Roshni Homa, and I am head of cyber governance with Redshift. My earliest recollection of knowing what I wanted to do
was wanting to be a police officer,
or I wanted to be a detective.
Well, that's my earliest memory of a career.
My other earliest memory is before I could read.
I didn't understand what reading was.
And my mom explained to me, she said, well, you know, if you write something down and then you leave a room, somebody else can come into a room and then they will know your idea.
And that just blew my mind.
And I thought that everybody who could read must be amazing.
And that once you knew how to read, you just wouldn't stop.
I was born in England and we lived there till I was about seven.
And then we moved to Ireland, which is where my parents are from.
It was pretty typically Irish, big families, lots of parties.
I remember growing up and the parties being in the house
and the best bit was wanting to sneak back down
and listen to the adults talking.
That's something that I like about the environment that I get to work in now. I get to work and listen to really interesting people talking. I mean, I don't think we change that
much from when we're kids. You know, I wanted to be a police officer. I say that when I was a kid, but I'm not sure I would
have passed the fitness test, you know. So, yeah, I wanted to do law, but I ended up going to Trinity
College in Dublin and studying philosophy for a bit. I had thought initially that I'll do philosophy
and then I'll go ahead and I'll do law. But then I read a book. I actually
read a couple of books. South Africa was going through this change. The Truth and Reconciliation
Commission was going on in South Africa. That was unprecedented. So I took myself off to South
Africa to be part of, I felt like, history unfolding. I'm not quite sure how I ended up making music videos
and wildlife documentaries, but this is relevant.
When I left South Africa and moved to London,
there was a music technology startup in London.
And because of my experience working in the music industry, I ended up getting a job with a company called Shazam.
my entry into technology and startups and governance and risk management. Bizarrely enough, 20 years later, some of the guys that I worked with at Shazam are the company that I'm
in now. So my sort of my beginning of my career in technology and governance and risk management is where I am now.
But it's been a circuitous route and that looks really clean.
But actually, it was a bit more Jeremy Beremy.
So if I take myself back to my Shazam days, the culture in that business was very geared toward good corporate governance.
But that wasn't an expression that people used in the business.
So all of those principles of like accountability, responsibility, transparency, discipline, fairness, All of that was evident and observable
in that business. And I didn't know what it was I was seeing. I just knew that this was the ethos
of a place that I wanted to work in. They ignited my enthusiasm for startups. It's really clear to me
the value that they could bring, not just to the business and the stakeholders and the investors, but actually to society.
Moving it from that concept to reality is just very, very exciting.
I went back and did my master's and my PhD, and then I did it in governance, and we had the financial crisis. And so from there, I moved into cyber governance because I could see that cyber was becoming more and more a significant corporate risk.
And it was being dealt with at a technical level.
And I think those guys did a really phenomenal job. But, you know, we keep hearing that
businesses need to have a holistic approach. That means that you need all hands to the pump.
So there are times when lawyers need to lead conversations. There are times when technical
people need to lead conversations. And there are times when HR people, the operations need to lead conversations, there are times when technical people need to
lead conversations and there are times when HR people, the operations, need to lead those
conversations. But people need to be well-versed and they need to have a really good, deep,
foundational understanding of what it is they're going to talk about before they take the floor, if you like.
At the moment, what I'm doing is I am doing an awful lot of research.
So there's been this paradigmatic shift, in my view,
in how cybersecurity has been perceived.
There's a couple of bits of legislation that are going to drive a different way of thinking about it. This is a novel approach in that what they've done in this piece of legislation
is that they are requiring the board to train themselves up and to become part of a deeper
conversation with respect to the business's operational resilience. We've already learned that this could have a ripple effect.
And so that's what I'm spending my time doing.
In 2022, they reckon we will have a deficit of 3.5 million personnel across the cybersecurity sector.
So there will be a lot of vacancies.
And for anybody who's looking to get into it, so you apply the same rules. And that's a really good foundation for anybody wanting to get into cyber governance.
If you have a law degree, then my recommendation would be then you can go any one of many routes.
So, you know, you could do a bit of coding.
There are very few lawyers that do coding.
Go and learn risk management,
really understand the privacy legislation
and then just get into the game. Thank you. Staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions
designed to give you total control,
stopping unauthorized applications,
securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.