In May 2021, Ireland suffered its most catastrophic cybersecurity attack to date. Our Health Service Executive, which manages our national health service of 4,000 locations, 54 acute hospitals, and over 70,000 devices, suffered a Conti ransomware attack from the Russia-based Wizard Spider group.
Almost immediately, the IT systems were shut down and internet access was removed. The HSE is the largest employer in the state with over 130,000 staff, all of whom reverted to using pen and paper with no access to patient records. As it was a ‘double extortion’ attack the attackers had also stolen patient data which they were threatening to release, some of which was published online.
This had a huge impact on patient care as thousands of appointments were canceled. The group demanded €16.5 million in ransom which was not paid but in a surprising turn of events, the gang released the decryption key. The clean-up operation took months and reports of costing up to €500 million, the effects of this attack are still being experienced.
Other opportunistic criminals took advantage of this event and the leaked data, as a pretext for vishing scams. Calling individuals to threaten the release of their medical information and demand money. This attack had an immediate impact on thousands of patients but then rippled to impact other individuals and organizations by forcing them to review their preparedness for such an attack. Suddenly, everyone in the country knew what cybersecurity was.
Ireland is home to the European headquarters of the largest tech companies in the world and has a thriving tech workforce. We are suffering the same cyber skills gap as the rest of the world with nearly half of cyber and infosec roles remaining unfilled. On top of this, many organizations lack a ‘security culture’ and continue to think that cybersecurity is an IT problem rather than everyone’s problem to tackle.
Personally, this attack impacted those close to me by restricting their access to medical services and I received numerous vishing phone calls.
Professionally, I had recently taken on a role as a lecturer to create a Professional Diploma in Cybersecurity with UCD Professional Academy. Due to the attack, the demand for this course was overwhelming as managers scrambled to get guidance on the threats they faced. I am grateful that I can give my students the knowledge and tools for them to improve their organization’s security posture by putting the correct incident responses in place so they can reduce the impact and recover quickly from such an attack.
I left school in the early 90s but going to college was not an option then. Most young Irish people went straight to work or failing that, emigrated. I took a different path by training to be an electrician, a very unpopular choice for young women at the time and still is. I adored the work and working on building sites and after a few years, I decided to go to college, to study electronic engineering, as a mature student. I have been a lifelong learner ever since.
I love learning and I am constantly taking certifications and training. I still strive for equal opportunities for women in trades and STEM.
After graduating I worked as an IC layout technician and Electronics Technician in a college. At this point, I had just had my third child and we faced a common dilemma for young families with spiraling childcare costs. Our solution was also common, as I decided to take some time out to care for my children.
After a couple of years, I returned to work. I sought a role that would work with my family, and I went into IT teaching. This was an excellent fit and I went on to study for a Master’s in Adult Education and took more tech qualifications.
This was a hugely rewarding role as it was ‘second-chance’ education for adults who missed out on their education when they were young. Many students progressed to work or college, to pursue their dream roles.
Moving into Cybersecurity
One time in a class we were discussing progression and the opportunities available to young people now, when I was asked if I had my time again, what career would I choose? I did not hesitate and chose cybersecurity. It was a lightbulb moment and by the end of the day, I had enrolled in a Master’s in Applied Cybersecurity at Technological University Dublin, the same college I had worked in earlier in my career. The program ran for over two years, and I enjoyed every part of it, the pen testing, the secure networks, the programming, all of it.
I learned a huge amount and made fantastic connections. The next year I gave up teaching and started working with small businesses helping them prepare for the impending GDPR. I enjoyed this role and wanted more experience as a practitioner and auditor in the industry, so over the next few years, I got the opportunity to work in some of the top infosec and cybersecurity firms in Ireland. I was very content with my role and did not regret making a career change in my forties. Life was good, then Covid-19 hit.
When COVID-19 hit, I became part of the ‘great resignation’ which was when many of us took the opportunity to take stock and reevaluate our life paths and make a change. Ireland was under lockdown which meant working from home, children home-schooling, and parents needing extra support. While it was a temporary situation, I made some permanent changes by resigning from a role I loved, but it was for the right reasons. I missed teaching and I wanted to build something, a company that would close the cyber skills gap by offering training to professionals to upskill or move into information security and cybersecurity. This is how Fortify Institute came to be. The mission of Fortify Institute is to provide quality cybersecurity, information security, and physical security training to professionals. As a woman and someone who moved into cybersecurity in my 40s, I wanted to offer these training opportunities to women and older people too.
If I could offer advice to anyone considering a career change is to look to cybersecurity and information security. There are so many opportunities and many skills we have acquired by that stage of our lives that are transferable. Other skills can be learned via accessible, affordable training. Often our age, experience, and confidence are a great advantage. Get involved in your local cyber community, it is a brilliant and fun way to grow your network and learn. One of my proudest accomplishments in my cyber career was to deliver a talk on cyber learning opportunities at BSides Dublin 2022, which is a wonderfully, community-focused organization.
My Journey with PECB
When I created Fortify Institute, I looked at the certification bodies out there whom I could reach out to, to gain certification, and deliver certification and education as a trainer. PECB has been a fantastic support to me and Fortify Institute. Through PECB I am a Certified ISO/IEC Lead Implementer, and I became a PECB Certified Trainer which has opened so many opportunities for me.
I enjoy being part of the PECB community to write articles, such as ‘The Role of the Human Factor: Social Engineering’, and contributing to whitepapers, such as ‘Ethical Hacking Whitepaper’ and ‘ISO/IEC 27002:2022 Whitepaper’.
As an SME business owner, this type of industry validation is invaluable and helps me stand out in a crowded marketplace. The PECB community is a fantastic source of support and opportunities. PECB shares my values around inclusivity and reducing barriers to education and training.
One of the benefits of working for myself is that I can give my time to causes close to my heart, such as organizations that promote the industry to young women, career changers, returners, and other underrepresented groups. Volunteering is an opportunity to meet like-minded people who share your vision and see value in the experience, not just financial goals.
As a member of the committee of Cyber Women Ireland, we work to increase girls’ and women’s entry, retention, and return to the cybersecurity industry. Returners are close to my heart as often women have left their successful careers due to overwhelming childcare costs. They make this decision for their families at the time but when their children have grown or their relationships have broken down, they need the support that the dedicated returner program provides to return to work.
As a member of The National Cyber Awareness Task Force, our mission is to create learning resources for frontline workers to support women suffering from techfacilitated abuse such as cyberstalking. This will take the form of online training for police, health care workers, teachers, etc. ENISA, the European Cyber Agency, do fantastic work in researching cybersecurity trends and I am a member of the ENISA Ad-hoc working group for Cybersecurity Markets. ENISA often seeks security experts to join their working groups and it is a wonderful opportunity to contribute to the community and connect with international experts. I mentor those who enter cybersecurity but do not know where to start. It is tough as many do not yet know where they want to specialize.
So, I encourage them to immerse themselves in cyber.
Do some short free courses, listen to podcasts, read the books, watch YouTube classes, sign up for national alerts but most importantly, get involved with the community, network, and volunteer. The rest will come.
What the Future Holds
When I began writing this piece, I questioned whether I was successful. I am extremely fortunate; I am happy and healthy with wonderfully supportive family and friends. Success is subjective and I consider it from a work-life balance perspective.
Not an accumulated wealth perspective. I get to do the job I love in a thriving industry so yes; I am successful. I have recently been shortlisted as Cyber Educator of the Year 2022 in the EU Cyber Awards which I am immensely proud of. I see busy years ahead of me as I scale Fortify Institute and partner with other organizations.
I will continue to learn and keep my skills up-to-date. I will continue to be active in the security community and support and mentor those who are entering the industry. If I can aid you with your success, please connect on LinkedIn.