Carole Theriault is a podcaster, writer and communications consultant focused on the information security industry. With over 20 years of experience in cybersecurity, Theriault is on a mission to help people understand how robust security and privacy are. Full of unbeatable energy, she inspires companies and people to look into the severe security business through the lens of creativity and fun.
Theriault runs Tick Tock Social, a digital consultancy which helps technology firms around the world create compelling content. "I have my own business, but funny enough, I'm terrible at my social media and marketing. I'm like a hairdresser who has bad hair," laughs Carole.
Since having your own company isn't enough, Carole also co-hosts one of the most popular security podcasts "Smashing security". The podcast keeps her and co-host Graham Cluley busy and recently reached over 2 million downloads.
How she got into cybersecurity
"When I was a teenager I used to watch "Another World," a soap opera about professional American women running a top PR agency. Their story was fascinating, and I ended up doing PR but in the security industry. It's essential to dream because you never know how those dreams can shape your future," thinks Carole.
"I studied rhetoric and technical writing at the University of Waterloo in Canada. During my last year of university, I traveled around the UK and fell in love with the multiculturalism and sarcasm," says Carole. After her studies, Carole came back to the UK to join Sophos, one of the most prominent British security software and hardware companies. Armed with her precise technical writing skills, Carole led their documentation team. "But documentation wasn't for me. I had a lot of energy, creativity, and new ideas. Fifteen years ago, cybersecurity was all about blues and greys and serious 'trust us' messages. It was boring. Throughout my 15 years at Sophos, I moved through different teams. Luckily, they believed in me, and I had many opportunities to unleash my creativity, such as display five-meter tall gorillas, which were unheard of at that time. Sophos supported me in being edgy, and that's why I was able to work there for so long," says Carole.
Carole believes that everyone in the industry has an important role to play. Some people build solutions, whereas others need to communicate those solutions and complicated concepts in a way that everyone understands. Those concepts must be clear to individuals who have other jobs and do other things. "I bridge the gap between those two different worlds. My strength is understanding the technology and transforming it to people in a way that is clear and actionable," says Carole.
How can companies explain their products better?
Theriault points out that companies should use less complicated business language. "All those fancy words mean nothing to the average user. If people don't understand what you're talking about, they cannot make a decision. Try a funnel approach and distill your message to the core so people can understand it and choose to learn more if they decide to," says Carole. Theriault describes technology at a tech company as its soul and a unique heartbeat driven by technical teams. She believes that it's crucial to make someone who's never heard of your technology before, understand why it is necessary and exciting. As many famous writers use short words and sentences, there's no need for complexity to be good. Understanding that even if you are a B2B security company, you're still personally speaking to a human being who has their own family and work issues, and doesn't have enough time to give you. Therefore, it's crucial to find out what they need, explain it clearly, and respect their time.
Carole thinks that being an old-timer in a company is both a good and a bad thing. "When you're in a company for a long time, and someone new joins the team, it can shake things up. It can be frustrating when a new person walks in and suddenly gets to make all the decisions, and everyone listens to them. However, it's imperative to welcome new people, embrace their perspective, and listen. When the power play kicks in it can be hard to ignore it, but you should embrace creativity and engage with those risks," says Carole.
Why should we care about security and privacy?
Carole believes that technology has tremendous power for our present and future. People need to be more aware that sharing too much information can hurt them long term. "For example, if a company can get your heart-monitoring information, it might affect your insurance or job prospects later on. We need to open our eyes and think about how to strike a balance between security and privacy. Currently, they're fighting against each other," says Theriault.
"For the last decade, Facebook was asking you to authenticate your identity with your phone number. It addressed security, but what about privacy? As we know, that information might have been sold to other companies. The struggle between security and privacy is something I'm bringing to the forefront in the "Smashing security" podcast. I want to inspire those who aren't necessarily interested in security and technology to learn something new. If after listening to it, people understand why they should turn off their location sharing services on their phone, I've achieved my goal," explains Carole.
However, how can we expect something if we don't ask for it? "People don't demand security for many products, such as baby monitors. They are easy to hack because security isn't baked into them. If people demanded security for it, it would become a center point. Companies put months or years worth of work into technologies that aren't secure. The current situation with security is that we are in a race car without a seatbelt and no airbags. If you're a good driver, you can get through. Until we figure out a way to better safeguard ourselves, we need to be very careful. So that's what I aim to help people do," says Carole.
Insights: getting into the industry
Cybersecurity is one of the hottest technology sectors, and many people want to get into it because they see a stable market and the future for it. It also appears to be exciting and vibrant. However, Carole points out that cybersecurity companies are overwhelmed with compliance regulations and demands from their client base. To fulfill those needs, companies look for really high caliber security professionals. A desire to get into the industry isn't enough. Schools haven't caught up with what cybersecurity companies want. Theriault says that companies need to take a step back and focus on more important and more exciting onboarding programs and recognize smart people because smart people can learn anything.
For students and young professionals, Carole recommends to go to meetups, join related forums, and build friendships with people from the industry. "Don't hesitate to reach out to people, help them, and ask for help. This is how you will build your community. When you do so, people will come your way when they have a job for you. Take extra courses and learn more. If you spend just an hour each day learning something new, you will be amazed by your progress. People want to see that you are determined to learn new skills and get outside your comfort zone," says Carole.
Carole's reading recommendation
"The Age of Surveillance Capitalism" by Shoshana Zuboff. It's an in-depth exploration of the always-connected capitalism's impact on society, politics, business, and technology. It reveals the struggles related to the next chapter of capitalism and the meaning of information civilization. Also, the author talks about how we can protect ourselves and our communities and ensure we are the masters of the digital rather than its slaves.