Meet our Women in Cyber
Thelma Gombedza: Manager, Risk Advisory - Bermuda
“Security is everyone’s responsibility, women included!”
Cyber Security has become one of the most popular and fast-developing fields in technology across the globe to date. Women currently make up 20% of the world’s population of Cyber professionals. Globally, Deloitte has been collaborating with clients and member firms to promote gender diversity in the Cyber Security industry and working towards closing the gap. Deloitte is working towards equal opportunity in Cyber roles, with over half of our Women in Cyber team across the Caribbean and Bermuda region having diverse roles at a leadership level.
Read Thelma's profile below to learn more about the Women in Cyber, the roles she plays at Deloitte, and how she is making an impact in the Cyber industry right now.
How did you get involved in Cyber Security?
My Bachelor’s degree was in Business Management and IT. I really enjoyed both Business Management and IT, so I was always 50/50 about which career path I would pursue. Ultimately, I was drawn to the ever-evolving world of IT as I knew that it would present a lot of exciting challenges and I was up for it. My move to Deloitte Bermuda came with an increased involvement in the cyber security space. I am involved in cyber security related engagements ranging from information systems audits, red teaming exercises, phishing campaigns, data privacy reviews , business impact assessments, cyber policy developments and reviews against industry best practice standards (NIST and ISO 27001) and ISO 27001 implementation and certification engagements. This has continued to build my interests in the field and continues to inspire me to want to be involved and stay relevant in the space.
How long have you been in Cyber? What developments have you seen over that course of time?
I have worked in Deloitte Risk Advisory since October 2013 when I joined the Deloitte Zimbabwe office and then later joined the Deloitte Caribbean and Bermuda region in May 2018.
With the growing number of cyber-attacks exposing personally identifiable information (PII), concerns about data privacy, management and security have increased. Data privacy is no longer a single component of a security program but has become a program of its own. Regulatory compliance requirements have continued to increase, and organizations have been required to focus more on their data privacy efforts.
I have also seen organizations begin to understand that their efforts to fight cyberattacks are weakened without a comprehensive picture of their entire technological landscape. They’ve begun to understand that in most instances their employees if not well educated about cyber can be their weakest link. As a result, they’ve begun to introduce real time user activity monitoring to have full visibility of every possible threat.
With the COVID-19 pandemic, I have also seen new threats and solutions come about as a result of remote working. Some organizations experienced a sudden shift to a remote workforce and had to ensure they were not left vulnerable to threats.
What trends do you expect to see in Cyber over the next 10 years?
Ransomware will continue to be the biggest threat and financial risk to organizations. I expect to see organizations continuing to prioritize investments in security solutions that help reduce the risks and also plan and test incident response plans to help ensure they are resilient to high-risk attacks. I expect to see industries being more open to sharing information about cyber incidents so they can help each other to be better prepared.
I also expect to see efforts being made to pass legislation that strengthens technological defenses. I expect that governments will consider stopping ransomware payment to ‘chop the head off the snake’ in terms of criminal actors trying to profit from their activities.
What are the most challenging aspects of your role?
Cyber criminals are always one step ahead of us in terms of the sophistication of techniques they use. No organization or industry is ever 100% safe or spared by attackers. The challenge is always trying to make sure organizations continuously up their game in terms of ensuring they have adequate cybersecurity hygiene that can sustain them today and beyond. Controls that may be relevant today may be different from those required next month and the cost of implementation is always going to be a factor for organizations to consider. Another challenge is helping organizations understand that there are a lot of facets to cyber over and above ransomware. There are risks that come about with remote working, the utilization of third parties , moves to the cloud, BYOD etc. and security should be addressed at all the different levels.
It’s important to have the right tone and direction coming from management to ensure cyber awareness is part of the culture and not something we do after an attack or to pass an audit. It’s important to bridge the gap between security and business to make sure cybersecurity initiatives are effective.
Why should more women consider a role in Cyber?
Deidre Diamond, Founder and CEO of the Cyber Security Network in her article on Why we need more women in cyber couldn’t have phrased it any better. She said , “our current need for women in cyber security is no different from when we needed women to work in what were then considered to be stereotypically male roles during WWII. We are again in a time of war; this time cyber war and our adversaries know we are understaffed.”
We don’t know who we are fighting but we know they are well equipped (smart and sponsored) and ready for war. It’s important that we solve the talent shortage and our best option is to increase the number of women in the technology and cyber security fields. The cyber security space is really broad with a lot of aspects to choose from and as women we have no excuse to not be involved.