This month we head to Manchester, United Kingdom, to shine the Employee Spotlight on Kirsty Goodman, Cyber Security Specialist.

Kirsty has been keeping our systems safe and our data secure, playing a key role in protecting the business and supporting teams across Vix.

Read on to learn more about Kirsty.

Can you tell us a bit about your background and how you came to join us?

I like to say I took the scenic route into security! My background is pretty varied - from biologist to TEFL instructor; I’ve worn many hats! Vix is my second professional role in cyber security. In my first, I spent four years in consultancy, where I got to experience a variety of projects that basically fit under the umbrella of improving an organisation’s security posture. While consultancy gave me a breadth of experience (security is a big umbrella!), I joined Vix to gain a deeper understanding of security operations from within the organisation. As part of Vix’s security team I get to see what really works in practice and contribute to the decision-making for lasting change. 

Can you tell us a bit about your role as a Cyber Security Specialist - what does a typical day look like?

What I love about my role is how varied it is. A typical day may involve engaging with key stakeholders to implement a new SIEM (a security solution that collects data and analyses activity to protect against threats); carrying out a Data Protection Impact Assessment; working with our pen testing provider to develop a security testing strategy and coordinate all the upcoming tests that need to be carried out; and of course being on hand to assist in the event of an incident. On the horizon, I’d like to look at how we deliver security training and awareness across the company. We know a positive security culture can increase an organisation’s resilience so I’m keen to embed that across Vix also. 

Why is your role so important in a company like Vix?
At Vix we’re dealing with critical national infrastructure so security has to be front and centre. We are subject to high-assurance standards and regulatory requirements, so maintaining the trust of our customers and partners is paramount. Our team helps keep that trust strong by making sure Vix’s systems and services stay secure. 

What trends or technologies are you most excited about in cyber security right now?

I’m pleased that there’s more appreciation of (and consequently investment into) the human factors of security - the NCSC recently published a good article about “putting people at the heart of an organisation’s approach to cyber security”. I’d be remiss not to mention the word du jour, AI - regardless of your opinions on the current state of play, the widespread adoption of AI tools for both personal and professional use presents a security risk, but equally there are exciting developments taking place on the good side of the fight, for example, how AI may streamline the massive amounts of data we need to ingest when security monitoring. But coming back to my first point, whatever the technology, there will always be a human somewhere in the implementation chain, making human-centred security and design critical. 

What first got you interested in cyber security?

It was during the pandemic actually. I became interested in the expanding pool of threat actors in digital spaces with greater accessibility to cybercrime. I’d just finished my masters in international peace and security and had decided to continue my research in security science. Originally, my research interests stemmed from the evolution of human trafficking to online exploitation, but between studies I completed an internship on gender inequality in technology and I was so concerned by the negative reinforcing repercussions of a lack of female representation in tech spaces I eventually decided to take a break from my studies to join the industry myself! 

What advice would you give someone interested in pursuing a career in cyber security?

Cultivate mental resilience and a growth mindset. Working in security can feel inherently negative; risk can never be eliminated so you’re either working on prevention of the bad thing or responding to the bad thing when it inevitably happens. Our brains are also hard-wired for negativity to keep us safe, so that means for your own survival you have to be proactive about recognising all the positive contributions you’ve made. And when things inevitably do go wrong, it’s important to reframe them as collective growth opportunities that ultimately increases organisational resilience as well. 

How do you wind down after work?

Anything creative - reading, movies, theatre, dancing, I sometimes perform spoken word poetry. I also occasionally dogsbody for search and rescue teams and I am a trained women’s self defense instructor - which helps to put things into perspective when I’m having a tough week!