Dr. Jessica Barker is a global leader in the human nature of cybersecurity. Named as one of the top 20 most influential women in cybersecurity in the UK, Jessica co-runs Cygenta, and also serves on several boards such as ClubCISO, SANS European Security Awareness Summit and Black Hat European Executive Summit.
I met Jessica at a quirky cafe in London where she shared her story over a cup of Earl Grey tea and a halloumi salad. Jessica surprised me saying that after her first degree in sociology and politics she didn’t even consider a career in technology.
How she got into cybersecurity
“I worked in urban regeneration looking at issues of inclusion, diversity and how deprived areas can be revitalised. Doing my Master’s degree in research methodologies and PhD in civic design, I delved into town planning, economics, sociology and engineering. I looked at the growth of the internet economy and what that meant for places and people”, says Jessica.
Jessica laughs that when she was first headhunted for a cybersecurity job, she googled what cybersecurity was. “Eight years ago the government in the UK seemed to be focusing on cybersecurity more, so I got intrigued and took the job. I loved learning about security. Back then people looked at it from a very technical perspective, but my focus was people”.
Jessica explained that cybersecurity was the perfect mix of technology and people. "All of my degrees contributed well to a career in cybersecurity. Sociology was about understanding people and social structures. In cyber security, you need to grasp why people do what they do, and how you can influence that in a positive way. Now I analyse companies’ cultures and different subcultures, look into the patterns of behavior and create spaces for people to learn. Civic design involved looking at organisations and places in a human-centered way and taught me to better understand and shape communities."
Positive approach to security
Barker brought positivity into the industry and we couldn’t thank her enough for that.
“There is a positive change in the industry where more companies embrace security and acknowledge it as an enabler rather than a threat."
Jessica explained that when you work with people, and try to influence change, negativity isn’t engaging. The power lies in empowering people. “Once I led a security awareness session and there was a woman who was very nervous. She said she didn’t understand technology or security and mentioned she was a cause of a security incident before. She felt very intimidated and was scared to share her experience. However, to me she was the most valuable person in the room. It’s important to create a safe space for people to understand security and learn from their mistakes. If people don’t grasp security, it's because those communicating it aren’t doing a good job. Instead of terrifying about the latest scams and endless insecurities, encourage people to ask questions and provide steps and knowledge to go through security risks. That will mitigate most of the problems,” says Jessica.
Why optimism is important
One of Jessica’s favorite books is “The Influential Mind” by neuroscientist Tali Sharot. The author talks about the optimism bias, and how most people (about 80%) are wired towards optimism when they think about their personal life.
“We never think that something bad will happen to us. It feeds into people thinking that they won’t get hacked. You can give people all the statistics in the world but optimism bias will remain. If you tell people the bad news, they will still think it might happen to other people, but never to them.”
Despite of a culture of cynicism in the industry, optimism is important. “When I looked into a timeline of cyber security progress, all I could find were timelines of flaws, malware and ransomware. It’s a useful knowledge but there is nothing to chart success in the industry. There are a lot of problems in cybersecurity, but also there is a tremendous progress. If things aren't perfect it doesn't mean we shouldn’t celebrate success and share information in a more positive way,” adds Jessica.
Advice to your younger self
Sometimes it can be tough to bring in new perspectives in a field which is dominated by hard core technology and men. I asked Jessica what advice she would give to her younger self. This is what she said.
Understand and take pride in the value of background diversity. Don’t feel that you don’t belong there and fight for your human-centric approach to cybersecurity. It will take time for people to get it, but they will. Be confident because having different skills and knowledge will shape the industry in a positive way. To have more people from diverse groups, you have to ‘see it to be it’.
It isn’t just about technology. Focus on marketing and communicate your message so that people better understand cybersecurity.
Focus on your niche. Although it’s great to learn as much as you can in such a big industry, your role is as important as others’ even though you’re one of the first. Take pride in it and own it. You might feel down, helpless and lost, but your passion will help you work through the negative side of the industry and gain acceptance for what you do. Your passion and skills will help you achieve success.
What lies ahead
After talking about the past, we also looked into the future. “The future of cybersecurity looks bright. I believe the industry will keep growing and there will be more jobs opening. The importance of diversity will grow and there will be more focus on awareness in organizations and focus on culture. We'll see more people from psychology, communications, sociology and education taking up roles focused on the human side in cybersecurity to bring in valuable changes,” says Jessica.
Jessica’s reading suggestions
Twitter is the most valuable resource to receive the latest cybersecurity news quicker than anywhere else. Jessica follows @J4vv4D, @lspitzner, @KimZetter, @BrianHonan who all share interesting security news. She also receives Zack Whittaker's weekly newsletter with industries’ stories of the week.
Podcast “Smashing security”, by Graham Cluley and Carole Theriault, makes cybersecurity fun and interesting to listen to.
Jessica loves reading “outside of security”, especially behavioral economics books and articles to understand why people do what they do, and how to influence their psychology.
Top 3 security tips
Keep your devices up to date. Updating your software is about security making sure that you are protected against vulnerabilities that have been patched.
Set up two factor authentication on your accounts. It's not perfect, but it adds another layer of security. Don’t rely only on your password.
Use a a password manager. It makes life a lot easier. Try the most recommended ones such as KeePass, Dashlane, LastPass.