In this episode for The Pivot podcast, we welcome Jane Frankland!
Jane is a tech entrepreneur, book author, international speaker, and passionate women’s change agent. She is the founder of the IN Security Movement and the author of In Security: Why a Failure to Attract and Retain Women in Cybersecurity is Making Us All Less Safe. With more than 25 years of experience in the field, Jane has built her own penetration company and held senior executive roles at information technology organizations.
Today she is represented by The London Speaking Bureau and is committed to establishing women in security as a standard, not an exception, through her consulting services, training programs, media appearances, speaking engagements, and the Women in Cybersecurity Podcast.
In this episode, Jane dives deep into the current landscape of the cyber world, elaborating on the challenges and presenting potential solutions. She discusses the ‘enabler’ knowledge gap between people in cybersecurity and company shareholders, the obstacles that women face when trying to get their foot in the door of the industry, and many more.
The Pivot: Your New OSINT and Infosec Podcast 🔗︎
Brought to you by Maltego, The Pivot is your OSINT and infosec podcast that dives deep into topics pivoting from information security to the criminal underground. Through The Pivot episodes, we aim to share insightful information for beginners and seasoned investigators alike, shedding light on all things OSINT and infosec from an insider’s perspective.
Each episode features one or two of Maltego’s Subject Matter Experts as the host and an external expert, researcher, or industry leader invited to share their projects, stories, experiences, and advice.
Where to Listen to The Pivot? 🔗︎
The Pivot podcast is available on Spotify, Apple Podcast, Google Podcast, and the Maltego YouTube channel. Each episode is 45 to 60 minutes long and is released on the 15th of every month. Stay tuned with us for more updates!
Tell us a bit about yourself! 🔗︎
Jane: My name is Jane, and I work in cybersecurity. I’ve been in the industry for 25 years. I came into the industry starting my own penetration testing company, and I’ve never met anyone who’s done this. It’s absolutely crazy because my background was actually art and design.
After graduating, I fell pregnant with my first son. I’ve got three kids and started working as a designer. I had an agent, and everything was going well, but the money wasn’t coming in. Thus, I was encouraged and decided to change my career. I entered sales, which was also something that I thought I’d never do as an introvert.
I’d always been interested in technology, so I ended up falling into technology by meeting a new boyfriend. We started a company together, and I suggested leading with security since it was something that I was interested in. That’s how I started in the industry, and everything was built from there.
Tell us what you are up to these days! 🔗︎
Jane: I work as a consultant, as a trainer, as a speaker, and also as an influencer. As a consultant, sometimes I go into companies and work with leaders to help them better perform by building performing teams or attracting and retaining more women. From time to time, there’s training and workshop involved to sharpen certain skills and help people become more aware of things like, Why is this important? Why does it matter? What’s in it for me? In general, I help them build awareness and boost certain skills in terms of the consulting and training aspect.
For talks, I’m typically engaged as a keynote speaker. I’ll go in and open events, go onto a panel, facilitate a panel, or even host a whole event at times. That’s how I work as a speaker. As an influencer, I work with big brands by writing to get eyes on what they’re doing or drive my network to an event or a promotion. I only work with brands who believe in the mission I’m working on and meet my criteria.
Aside from all of that, I have the IN Security Movement, which followed on from my book. It’s about how we can improve the current situation so that we are all winning, and the solutions come from research. We don’t have great data or enough data on some situations. For instance, I did some research on events and looked into areas like what happens at events, how targeted women are from a harassment perspective or inappropriate behavior perspective, and how women want to speak at events.
I also act as a voice for the voiceless. I’m self-employed, so I’m able to be more free sometimes with how I communicate. There’s a lot of silencing going on, and people are afraid of or not allowed to express themselves, so a lot of people contact me and say, “This is happening. Help me.” I’ll bring that awareness without naming people out into the market so that there’s more understanding rather than misunderstandings.
What got you into this world of cyber? Did you have a proper foundation that helped or propelled you to where you are? 🔗︎
Jane: I trained as a textile designer, so I see trends and patterns, which come easily to me. I was never a hands-on hacker, although I built a hacking or penetration testing company. Through observing the trends, I can see where the market is going and things of that sort, which is useful for me. I could have gone into the technical part if I’d wanted to, but to be frank with you, I’ve resisted doing that. It’s kind of intriguing to me. I’ve chosen not to do that because I enjoy people and more of the business side to it.
It’s interesting to bring this up due to someone I spoke to recently. I met an amazing woman in the UK, and she talked about the business side of cyber. What she was saying was particularly interesting to me that cyber is actually in the wrong category. It’s been placed in technology. Nevertheless, it should be placed in business, and if we were to do that, perhaps some of our challenges for budget or even recruitment would enhance. For me, it’s always been about the people side and the business side of things that’s been more interesting than being like a hands on techie.
What do you think the gap is in terms of getting shareholders to understand that people in cyber are enablers for business in case of an attack? 🔗︎
Jane: I think we need to expand our thinking capabilities, polish our understanding and awareness, and prevent from becoming so rigid. We need to understand the business much more. There are several aspects in cyber that are very narrow. We are in our little bubble where all we can see is risks around us. The work is coming from that at the moment when you look at how under-resourced many of us are, the attacks that are taking place, and all the opportunities for attackers. It’s even more concerning because there’s so much pressure, demand, and burnout on cybersecurity professionals right now and from a leadership perspective as well.
Same for the business side, too. They need to understand it from us. There should be a meeting between the two or the multiple stakeholders to inform all parties as to what exactly we are doing. Then, we can come together, sort out a problem, and decide who is accountable or not for the given risks. That’s what I would say, better understanding from all parties. There’s an intermediary involved in that. Some companies do have the luxury of being the bridge builder, moving projects on, and helping with that flow, whereas others don’t.
You’ve dedicated yourself to exposing and growing people in the industry. What is that like, and what are the challenges you face? 🔗︎
Jane: I do a lot of development, leadership training, coaching, and mentoring a whole variety of people to evolve. I would say I absolutely love that work because I never know what I’m going to get, and that requires me to think creatively and support the people involved. I love seeing people develop, improve, and just fly. It’s so rewarding, and it makes me proud to have even been a part of their world.
I’m all about relationships. People say to me, “You genuinely care.” I genuinely do because I am a people person, so I love interacting with people and finding out about them. I’ve put 356 women through my the IN Security scholarships to attend Black Hat in Europe, which is about a value of nearly half a million US dollars. What’s amazing is, for me, when women come back and say, “It literally changed my life. I can’t thank you enough.”
Those little stories really keep me going. It isn’t easy to be an entrepreneur in terms of what I’m doing. I’m breaking ground all the time, and there’s no one there to catch me when I fall. There isn’t because I’m a leader of my business. I’m making decisions and taking risks based on signals that I get from the market, having conversations, looking at trends, and also following my intuition.
One of your biggest focus points is empowering more women in the industry, giving them a stronger foothold in the industry, or getting their feet in the door. What has that been like? 🔗︎
Jane: I’m like an ambassador wherever I go. I look for talent and be the ambassador for cyber. I’m not pitching every person that I see, but I’m listening out for clues. I’m always on the lookout for people who could come into our industry. It’s built into my DNA. What I found with this work is that it’s quite hard to get people into the industry. The media reports say that we need to get more women into the industry. However, there are existing blockers. If you are a woman, it’s not uncommon for you to find that it might take you a year or longer to get into the industry. It’s still a challenge.
Be prepared for it to be hard to enter and for you to have to jump through certain hoops in order to do that. One woman that I met at an event was a vet and highly qualified. I want to be specific with this, not a veteran, but a vet, someone who has practiced and been educated for seven years. It’s one of the most difficult degrees to get into because you need all of the sciences and everything. I had a talk with her, and she was very interested and would like to join this industry.
I enabled certain things for her, gave her more information, introduced her to certain people, spoke at events as well as promoted and connected her to other people. She had to come in as a coder and go into software development in order to move into cyber because no one in cyber would take her on. It was that much of a challenge, and sometimes you are going to have to weave your way into security in order to get into it. It’s not as easy as it should be.
How do women face more challenges getting into cyber and what can be done to alleviate that? 🔗︎
Jane: It’s really important not to make women wrong. It’s very easy for leaders or hiring managers to say, “We don’t have enough women. There aren’t enough women in the industry.” Then they blame women for the lack of women. The women are there. Women want to come into this industry. I want to be clear on that. We’re doing better when it comes to raising awareness by going into schools, speaking at events, and having articles that are in different papers or magazines. We’re informing early entrance, whether they’re kids in school, in college, university, or even younger women wanting to pivot, telling them, “This is how diverse an industry it is. Come join us. We need you.” Still, we can do more of that. We can always extend our reach and hone our message.
The biggest problem that I see is the recruitment aspect. It’s about enabling women in this case to come into the industry and reflecting on the hiring process like, how biased is it. There’s an unconscious bias toward men. The more you understand that you are biased – because that’s how you’re wired as a human being, the more likely you will be able to de-bias your processes and refine the job specs, the messaging, or the interview process.
But also, women do maybe need to take that step forward and be more courageous when looking at a job spec and say, “Ok, I don’t have that, but I’m going to apply.” Or if they recognize that they are hesitating, they need to reach out to someone that could be a mentor or someone else in the industry or in that company and say, “Look, do you really need that?” Looking from a different angle, women need a support system around them, which often stems from having a network. Just go and build the network, make the connections, and have a support system in place through mentoring or camaraderie support.
There’s More! Listen to Our Full Interview with Jane! 🔗︎
If you have found those interview snippets interesting, don’t miss out on the complete version!
Listen to our full interview with Jane to learn more about:
- How companies should refine their job specifications to attract more women to the cybersecurity industry
- Why it’s important to have a diverse and inclusive company structure
- What is Jane’s perspective on the risk analysis disparity between men and women and what is causing the difference
And much more!
Check out Jane’s work on Twitter!