An Inspirational Mentor Story of Nivedita Newar — Australia

Nivedita (Nivi) Newar is Head of Cyber Security Strategy & Governance at University of New South Wales. She is responsible for the development, delivery and oversight of enterprise-wide cybersecurity policies, risk management, enterprise security architecture, controls assurance, security awareness, compliance, and strategy. She is in a senior leadership position and directly reports to the CISO.

Nivi has previously worked at Vodafone for 4 years as an Enterprise Security Strategy & Architecture Lead where she helped in developing, implementing, and monitoring a strategic, comprehensive enterprise cyber security management program.

Nivi’s educational qualifications include Engineering in Electronics & Telecommunication and MBA in IT (Specialising in Networking, Infrastructure & Security). She has been a continuous learning enthusiast and her industry certifications CISSP, SABSA, CRISC, CISM, ISO 27001 Lead Auditor, AWS-Cloud Practitioner, CCSK, TOGAF and ITIL.

She is also a finalist for Australia’s Most Outstanding Women in IT security at the 2021 Australia Women in Security Awards.

What do you like the most in Cybersecurity field?

The subject of Cybersecurity has a unique property; it requires broad and comprehensive knowledge of people, process, and technology as it is applied to every aspect of life. That is addictive to someone that loves to solve problems, has a research mindset, and has a passion to protect life, asset, and information.

Having said that, Cybersecurity has many tentacles such as governance, advisory, risk management, regulatory and legal compliance, awareness and culture, project management, access management, network security, security operations, incident response, threat intelligence, controls assurance, audit and certifications, pen testing, cloud security and the list goes on.

One can imagine why this field is particularly suited and welcoming to individuals from a variety of backgrounds, having a variety of skillsets, experience, and competencies. From the moment I was introduced to the subject during my post-graduation, I always wanted to pursue a career in cyber.

What motivates you to succeed as a mentor in Cybersecurity field and how would your previous mentee describe you?

For as long as I can remember, I have been the only female in the team until about half a decade ago, when the industry aggressively acted towards bringing about a step change by enforcing gender balance targets for hiring. This situation has always been one of the factors that has continued to drive me to succeed as a mentor. The need for role models and mentorship was identified as pivotal for increasing the number of women leaders in cybersecurity.

The need for solving many problems and challenges through innovative solutions in the Cybersecurity industry that is already challenged with complexity, gender imbalance in female representation at senior management level, rapid evolution of threat landscape and skills shortage inspires me to contribute to Cybersecurity in all ways and to influence the next generation to join the force.

My mentees would describe me a role model that has not only influenced them but has been passionate about effecting a positive tangible change to their cyber security careers through helping them earn their first cyber security certification.

How did you get into Cybersecurity and what do you enjoy most as a mentor in Cybersecurity?

While studying engineering, my favourite subjects were Networking and Security. So, right after graduating, I pursued my master’s, in Networking & IT infrastructure, which included 40% info security subjects. That is where my passion for Cybersecurity originated from and since then I always wanted to pursue a career in cyber. Upon completion of my degree, I was offered an excellent opportunity in Dubai, where I started my career in the satellite communication industry in hands-on network security operations engineer role and progressed to senior engineer roles from 2009–2015.

In early 2015, I received a Permanent Residency for Australia and moved to Sydney. I started my career in Australia as a Networks, Infrastructure & Security Specialist with Microsoft. My first core Cybersecurity role was when I joined Vodafone as Security Specialist reporting to the CISO. I currently work as the Head of Cybersecurity Strategy & Governance at the University of New South Wales.

The thing that I most enjoy as a mentor is the ability to be a catalyst of positive change to the careers of men and women passionate about Cybersecurity.

Why are you interested in being a mentor in Cybersecurity field?

Cybersecurity threats are rapidly materializing owing to the complex, sophisticated and well-funded nation state attacks leading to catastrophic impacts that could make an organization extinct. As a result, Cybersecurity programs are forced to shorten delivery time frames by half to reduce the cyber risk exposure to an acceptable level. Strategic program time frames are now 18 to 24 months instead of 3–5 years.

This change is driving the demand for hiring professionals with “niche” Cybersecurity qualifications, “specific” subject matter expertise and “significant” experience in delivering security solutions within the “specific” industry type. Therefore, even though there are more experienced women aspiring to enter the Cybersecurity professions now, the bar has been set too high due to the current circumstances. However, the industry has not yet fully recognised the new challenge ahead of us.

Women need examples of other successful women role models or influencers in “sustained and upward trending” leadership roles to be able to visualize themselves in one.

There is already an extremely low percentage of under 40 capable female leaders in Cybersecurity senior leadership positions. In addition to that, the percentage of women applying for cyber leadership and managerial roles is incredibly low, and the current situation might further worsen the trend.

Fortunately, there is some flexibility at the mid to junior level roles where hand holding, and training can be afforded. It’s important to note that, the supply of professionals and graduates aspiring for mid to junior roles is too high, leading to competition. The need to solve this specific problem through innovative solutions inspires me to contribute to Cybersecurity industry through mentoring to help females identify their talent and passion, set their direction of travel and enable them in achieving their goals.

How much time do you commit for mentoring, do you need to set aside anytime for preparation and how you manage it with your other priorities?

I have committed 30 mins during lunch time every working day throughout the year 2021 for mentoring. I do not need to set aside any time for preparation as it’s a continuous mentoring approach. There are situations when it does conflict with a priority, but cancelling or re-scheduling the session does not effectively impact the overall goals of the mentee as interaction is more continuous compared to time bound mentorship program.

What is your proudest achievement for mentoring in Cybersecurity and why?

I am very passionate about practicing, advocating, and promoting mentorship within my organization and across the Cybersecurity Industry. My proudest moment was when I received ACOMMs national award in 2020, as a part if a team, for my contribution to “Women in STEM” uplift program called “Code Next” for female school students by promoting Cybersecurity careers, mentoring, presentations, and key-note delivery to girls’ schools across Sydney. I was equally proud to mentor home schooled girls of ages 5–18 for Tech Girls competition 2021, to design and develop a cyber security educational app called “Hackr”, and the team was shortlisted as finalists for the award.

I am also very proud of doing my part in giving back to the society by delivering voluntary free CISM course + exam prep training throughout 2021 every weekday during lunch time to 4 Cybersecurity professionals that aspired for Cybersecurity certifications to be successful in securing a job in core Cybersecurity domains. One of them has passed the exam, two have it scheduled in 2 weeks and 1 is continuing studies. This year I have a bigger plan to roll out the training nationwide.

One of the high points in my career is undeniably being an Australian Women in Security Awards’ finalist 2021 in the category of “Australia’s Most Outstanding Woman in IT Security”. I was honoured to be shortlisted for one of the most prominent national security awards, to be shortlisted alongside the most incredible and influential female Cybersecurity leaders, and to receive national exposure and social media coverage.

Tell us about a time when you were given a tough goal by mentee. How did you handle it?

In January 2021, I met a colleague who was seeking mentorship. She was a general business analyst in my team, however, did not have a core Cybersecurity background, knowledge, and experience. She was very passionate about Cybersecurity, but all core Cybersecurity jobs required industry certifications. She was initially keen on pursuing CISSP, as it was the most in demand certification.

When I started mentoring her, I educated her about the various Cybersecurity functions and together evaluated her interest areas. The assessment results showed that due to her personality and soft skills, she had a higher chance of succeeding in a Cybersecurity governance and risk management area.

So, I introduced her to the ISACA CISM certification, facilitated a free CISM course through my organisation, helped her with exam preparation and real-life scenarios. Today she is CISM certified and works as a Cybersecurity senior business analyst for an Australian government department.

How will you describe an ideal mentee in Cybersecurity field?

In my opinion, there is no such thing as an ideal mentee. If there were, they would not require mentoring and the mentor would not have much to contribute.

Having said that, every mentee should demonstrate passion, commitment and respect for mentor’s time.

Challenges:

What are the challenges for mentors in Cybersecurity mentorship?

The most significant challenge in Cybersecurity mentorship, is finding the right female mentor. Women need examples of other successful women role models or influencers in “sustained and upward trending” leadership roles to be able to visualise themselves in one. However, the percentage of women in Cybersecurity senior leadership roles is very low.

In addition, local female representation in delivering keynotes on material and core Cybersecurity subjects at national Cybersecurity events and conferences also continues to be very low. There is a need to lift the profiles of exceptional and influential women in the sector and shine a light on them through media coverage, awards, recognition, Cybersecurity magazine features, etc. They need to be seen, supported, promoted, empowered but MOST importantly setup for success, for mentees to identify them as role models.

Another challenge is that women are inherently modest and are not found promoting themselves proactively on social media, events and conferences. Women in influential positions must increasingly promote themselves on global professional platforms like LinkedIn, so that it creates an opportunity for proteges to identify someone they admire, someone who has a professional style they want to emulate, a skill set they want to develop or a Cybersecurity field they want to succeed in. Representation is crucial!

Mentoring is a two-way street, meaning traditional mentoring approaches must evolve. When mentor does not explore the opportunities for new skills they can develop from mentees, the relationship is often not as long lasting as in the case of reverse mentoring approaches.

Access to mentorship through established programs is also a challenge. Most major mentoring initiatives require mentors and mentees to enroll for a paid annual membership. Mentorship should be a voluntary, non-profit and a self-less act of guiding, upskilling, and uplifting a mentee. The pairing of a mentor-mentee should be through established criteria such as personal interests, professional skills, geo-location and social values to deliver maximum benefit.

Should mentees prepare anything technical or take any basic courses before joining Cybersecurity mentoring program? If yes, please suggest some courses or links.

The first step in a mentoring program is for the mentor to help the mentee identify where her areas of interest within Cybersecurity domain lie. Only then its is meaningful to take basic courses in specific areas.

Having said that, LinkedIn learning offers Cybersecurity courses such as Cybersecurity Foundations and IT Security Careers and Certifications: First Steps that might be of interest. IT Masters also offers free short courses Free Short Course: Cybersecurity Management | IT Masters

For those interested in e-book reading, I also recommend the following books and more, that can be accessed for free on Electronic library. Download books free. Finding books (au1lib.org):

1. Cybersecurity For Dummies by Joseph Steinberg

2. The Cuckoos Egg Tracking a Spy Through the Maze of Computer Espionage by Cliff Stoll

3. Ghost in the Wires My Adventures as the Worlds Most Wanted Hacker issue 15th Aug 2011 by Kevin Mitnick, Steve Wozniak (Foreword), William L. Simon (Contributor)

4. Cybersecurity and Cyberwar What Everyone Needs to Know® by P.W. Singer, Allan Friedman

5. The Art of Invisibility The Worlds Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data by Kevin David Mitnick, Robert Vamosi

Do you have any suggestions for mentees from non-technical backgrounds?

Whiz-bang technical skills are not the heart of Cybersecurity, and it is not only about hacking. Cybersecurity is about helping people and organisations and keeping them safe.

My general advice for those aspiring for a career in Cybersecurity, including aspirants from non-technical backgrounds is to:

· First research about the full scope of Cybersecurity careers on https://cybersecurityguide.org/careers/

· Identify the career paths that interest you and understand what a day in the life of the job role feels like at the outset and whether it is for you.

· Then reach out to experienced professionals in that specific area in your organisation, professional networking group or via LinkedIn to walk you through what the day-to-day job in those roles look like.

· Based on what stream you want to pursue, find a mentor that can not only guide you but also showcase the relevant people, process and technology elements involved.

· You must also seek opportunities to undertake internships or secondment to get a sense of whether you are passionate about that specific role within Cybersecurity.

Fun Question :)

If you have magic band with one wish, how you will use it for Cybersecurity and why?

If I had a magic wand, I would release a daily Oprah show featuring prominent Cybersecurity women of diverse backgrounds covering all organisational hierarchies on free to air channels in every country in the world. I would also release the 365-day series to all digital media platforms such as Netflix, Stan, Foxtel, Amazon Prime etc. I would do this to not only uplift the profiles of women in Cybersecurity and to give them the recognition they deserve but also for aspiring women to see them as role models and reach out to them.

Share this amazing interview with your network to inspire other mentors and aspiring mentees in Cybersecurity! Recommend the amazing mentors / mentees whose story should be told. Send it at Protegeforcybersec@gmail.com