September 1, 2019 is International Women in Cyber Day. On the blog, we profile Emma Sutcliffe, Head of Standards for the PCI Security Standards Council and member of the PCI SSC senior leadership team.
How long have you been at the PCI SSC and what is your role?
Emma Sutcliffe: I have been at the PCI SSC for a little over nine years. During that time I have had several roles that center around overseeing a number of the PCI Security Standards, including the PCI DSS and PA-DSS, and now Software Security. I have chaired a number of PCI SSC working groups, including the Technical Working Group (TWG), 3D-Secure (3DS) Working Group, and Tokenization Working Group. In those roles I work closely with the payment brands and affiliate members to develop standards, supporting documentation, and guidance papers. I have also presented at conferences in North America, Europe, and Asia Pacific.
As of August 1, 2019, I now lead the Standards Team at the PCI SSC. In this new role, I will be leading the PCI SSC team that works with PCI SSC payment brand representatives, Participating Organizations and other industry leaders to develop and maintain comprehensive standards and strategies that will empower organizations to better secure payment data and the supporting infrastructure. I am excited about this new challenge and look forward to leading such an outstanding team of professionals dedicated to making payments more secure.
How did you get started in cybersecurity? What led you to that career choice?
Emma Sutcliffe: Cybersecurity, which we used to call information security, has always held a great interest for me. I started in IT as a system administrator with a small events-management company, and it wasn’t long before I realized my passion for learning and understanding the security side of the business. I was fascinated to learn about the different types of attacks and scope of criminal activities, as well as the extent to which it was happening on a global scale. I really wanted to be involved and help turn the tide in some way. I reached out to my manager who suggested some local courses that started me on the path to my cybersecurity career.
The cybersecurity field has changed a lot since then. The volume and sophistication of attacks has grown to the point where cybercrime can affect every person on the planet. So too, the technologies and mechanisms used to counter and mitigate against these threats have evolved to be more effective. One of the great benefits of working in cybersecurity is the opportunity to work with ever-evolving technologies. Another is being able to work with an incredible group of skilled professionals who are dedicated to supporting the fight against cybercrime.
What do you see in the future for women in the cybersecurity industry?
Emma Sutcliffe: According to Cybersecurity Ventures, there will be up to 3.5 million cybersecurity job openings by 2021. Women currently make up only 20% of the cybersecurity workforce. That is up from a mere 11% in 2013, so while there is progress being made every day in our industry, there are still a lot of career opportunities for women in cybersecurity. I would expect the number of women to continue to grow in our field and across technology jobs in general. At the PCI SSC North America Community Meeting in September we will be hosting a track called “Closing the Gap with Diversity in Payment Security” where global payment security experts will discuss these challenges in the industry. During the meeting, we will be announcing initiatives aimed at supporting diversity within the payment industry. I also expect more organizations will follow in this direction, as women currently represent a large untapped resource for the future of cybersecurity.
What is often forgotten are the benefits that a diverse workforce provides. A team of people with different backgrounds and perspectives is better equipped to identify solutions than a team made up of people with common backgrounds and experiences. Hackers and cybercriminals also come from all types of backgrounds, and having a variety of perspectives and experience is good for protecting your organization.
What advice would you give to young women who are interested in a career in cybersecurity?
Emma Sutcliffe: My first piece of advice would be to not buy into the stereotype that cybersecurity is a “masculine” profession. Women make great leaders in the cybersecurity world. I know because I work with many women who are a critical part of our stakeholder community. For anyone thinking about whether to get into cybersecurity, I would encourage you to take the first step to find out more about the different options and opportunities. There are many online resources where you can find more information about your area of interest. Gaining education and experience in cybersecurity is a great starting point. There may also be local community services available to provide guidance. For those interested in payment security, the Council offers entry level courses as well as more advanced trainings and certifications. The PCI Awareness and PCI Professional courses are good options for those looking for entry-level payment security training.
I also recommend seeking out an expert or mentor who can help you access new opportunities, and don’t be afraid to ask questions. There are also a number of professional groups that are focused on supporting women in cybersecurity. Groups like Women’s Network in Electronic Transactions (WNET) and many others offer the chance for women to come together and help each other raise awareness and network with industry leaders. Finally, don’t be intimidated by the fact that the cybersecurity profession has traditionally been a male-dominated domain. That trend is rapidly changing and women are needed now more than ever in this space.