At times, Nicole Braun was the only female Qualified Security Assessor (QSA) in the entire country of New Zealand. In our 2021 podcast series debut, Nicole explains how she found success in the payments industry, against all odds, and why she thinks there are encouraging signs that a gender shift is coming.
How did you get started in the payments industry? What led you to that career choice?
Nicole Braun: Getting started in the payments industry was a bit of a winding road to get from where I started to where I am. I always really enjoyed technology, but I didn’t expect to end up in the technology field. When I was in primary school, we started learning how to code, but after a few years they really didn’t teach technology at our schools anymore, so I fell away from using it for more than really basic things. Then when I went to university, my dad recommended that I do a second degree in addition to law. I agreed and I found Information Systems as something that fell under the Business School but sounded really interesting without needing a really technical background.
I kept studying law and picked up elective subjects that related back to technology when they were available, so I studied things like intellectual property. And when I finished that degree, the opportunity came up to continue my study in the technology field and I completed a post-graduate research project that led me into my PhD, which focused on factors that motivate home users to take steps to protect their security in the absence of any organizational mandates.
At the end of my PhD, I was presenting my research at an ISACA conference and my future employer heard my talk and reached out through a mutual friend, and that was the first time that I had ever heard about PCI DSS. And it was an area that just clicked because it fit in really naturally with my desire for research and investigation into things. And so, a few conversations later, I found myself working as a security consultant for Confide and I started tagging along on assessments with our other QSAs to learn about PCI. And, six and a half years later, I’m now the Associate Director of Security here.
Has anyone been a role model for you in shaping your career path?
Nicole Braun: I think I would have to say that my mother has always encouraged me in whatever I’ve been doing. When I was young, she made sure that I had access to any materials or information that focused on science or technology. There were no topics that were off-limits for girls. And so, she always encouraged me whether it was math, science, or art. I got to experience all of it and, while she might not have directly guided where I went in my career, what I knew was that I always had a backer, which meant that when I told her about the next certification exam or how I was working towards something, I knew I was always going to have someone who believed in me, which really let me take the chances that I did to help me get to where I am today.
What would you say is your proudest accomplishment in your career to date?
Nicole Braun: The proudest accomplishment in my career to-date has been becoming a QSA and the reason why that’s been such a proud moment is because when I joined Confide, I didn’t have the necessary experience to qualify as a QSA right away. This was well before the Associate QSA program started. Over the next few years, the qualification requirements changed and so what happened was it felt like it was a bit of a moving goalpost and there were certainly a few occasions where I wondered if I would manage to get there.
But, during that time, Confide helped me to get experience in the various areas whether it was risk, development, or security. They always made sure that there were opportunities that I could focus my work on to help build up the skills and prerequisite requirements that were necessary to become a QSA and overall, just be better at what I do. So, when it finally got to the point where I had passed my CISM exam and I was able to attend the QSA course and validate all of that experience that I had been working towards, it was absolutely one of the proudest accomplishments I’ve had in my career.
Do you notice a lack of women in technology and, if so, why do you think that is the case?
Nicole Braun: Okay, so I’ll start with that question about if I notice a lack of women in technology and the answer is absolutely. I’ll give you a couple of examples. At my QSA training, I could count the number of women on less than one hand. I think there were three of us booked in that course. At my ISO 27001 lead auditor training, I was one of two women there. I can go through an entire assessment and never run into another woman in the areas that we spend the most time on in our assessments.
To give you a little bit more context for how these fit into the New Zealand context, there is already a small group of people in technology. That group gets smaller as you look at the number of people who are involved in security. Even smaller when you look at the number of people in payments. And an even smaller number of people in payments compliance. There have been times where I was the only woman QSA in the entire country. So, I think it is safe to say that there is a real lack of women involved in payments and compliance, especially in New Zealand.
And why do you think that is the case?
Nicole Braun: I think that if it were an easy question to answer, we probably wouldn’t be having these discussions. Actually a few years ago, I was talking to a researcher at Victoria University of Wellington and she was asking some of these same questions and I think they’re hard questions but if we don’t answer them and we don’t ask them, we can’t do better.
I think that there’s a few different things. One is that we need to encourage more people to follow the things that interest them. But in order to do that, we need to make sure that people are exposed to technology not just at a young age but throughout their education. We need to help make sure that people are aware of the different roles in technology and payments that are out there. There’s more than just becoming a developer and I think that part of that is what discourages people because they’re not aware of the different types of roles that are available. And finally, I think at the heart of it, there’s a cultural change that needs to happen. There are certain roles that are heavily gendered, and I think that a cultural change is the hardest thing to affect because it has to happen at multiple levels. We must change the culture where women are discouraged from taking certain roles because of their gender and we must encourage and foster an environment where all people have the confidence to take chances and pursue paths that may not have been open to them before.
Many women in the tech industry have felt that their gender has affected the way that they are perceived or treated. Have you ever been in a situation like that and if so, how did you handle it?
Nicole Braun: I would be incredibly surprised if people haven’t found themselves in these sorts of situations. I have multiple examples of the sorts of situations that I’ve found myself in. For example, I’ve answered the office phone, explained who I was, and then they asked to talk to someone who actually knows about PCI like one of my colleagues. I was a senior security consultant at the time. I’ve been in assessments and asked questions only to have people answer my male colleague instead. I’ve had people accept the same response from my colleagues when those same responses have been questioned from me. In fact, sometimes I’ve prepared the responses that my colleagues have used. And, for me, the only thing that I can do in these situations is to continue to be professional. I can’t control how someone else views me. I can only control how I react in a situation.
What advice would you impart to other women about how to succeed in the payments industry or in a technology-based field in general? Is there anything you wish you had known?
Nicole Braun: I think the best advice that I can give people for succeeding in the payments industry is to take chances and embrace challenges, especially when you are given the support and opportunities to do so. But at the same time, you can’t wait for those opportunities and sometimes you have to make them yourself. It doesn’t mean that everything will always turn out but try to take chances where you can. Always continue learning. Always continue trying new things. It’s the only way that we can do better and help people in the field.
One thing I might just like to mention is how I like to approach PCI because I think that this might be a little bit different. One of the things that I always like to focus on when we are talking about PCI with people is to understand how we can help them. For me, the goal of PCI is not necessarily to tell people that there is one right way to do something. It’s about finding a way to understand how you can do things better. And, for me, helping people do things better is what makes my day worth it in the end. And that’s what I really enjoy about the role that I’m in.
What do you see, or hope to see, as the future for women in technology roles or the payments industry?
Nicole Braun: What I really hope to see is a time when we look back at these sorts of questions and think about how different things were and see the difference in opportunities that were available now versus in the future. I think that what I’m starting to see is that, although there’s not a lot of women involved in security and technology in New Zealand at the moment, that number is growing. I’m really encouraged by a security team that I’ve been working with recently where the entire team is women. It’s a really rare thing to see and I think that the fact that they are capitalizing on that has been really great and some of the key people in the payments area in New Zealand are women. We are starting to see more programs aimed at supporting women in the industry and helping to get women involved in STEM. What I’m hoping to see is these programs actually continue to grow and be supported and that, over time, we’ll start to see a shift. We’ll start to see more people exploring the roles that they can have in technology and payments.