“The people we need to protect are diverse, so security needs to be diverse” – Australian Women in Security Network founder Jacqui Loustau

Based near Melbourne in Australia, Jacqui Loustau is a cyber security expert with over 20 years’ experience in IT and information security around the world. She founded the Australian Women in Security Network (AWSN) where she worked in her spare time for eight years, until becoming its full time Executive Director in July 2021. The AWSN works to connect, support and inspire talent from diverse backgrounds and industries to pursue a career in security, and aims to increase the number of women working in security.

Jacqui Loustau, Cyber security expert and founder, AWSN

Here, we find out more about Jacqui’s experiences and work in setting up the Network, why diversity is so important to the security community, and how the roles of physical and cyber security are increasingly interlinked. Jacqui was also named on the 2022 IFSEC Global Top Influencers in Security list. 

IFSEC Global (IG): Can you tell us about your previous work in Europe with organisations such as the UK government, NHS and the European Commission?

Jacqui Loustau (JL): I worked as a technical security consultant for 18 years, where I was able to work on different projects that exposed me to different domains of security. For example, implementing an AV management system at the BBC, creating security policies for the UK passport service and performing risk assessments for various Directorates-General for the European Commission, including the physical security for a crisis room.

IG: What specific projects did you work on?

JL: I helped the NHS Choose and Book system obtain information security management system ISO 27001 certification, worked on the IDAM (Identity and Access Management) programme for Shell in London and The Hague, implemented a smartcard PKI system for a UK bank, managed a SAP (Systems Applications and Products) offshore project, ran a SOC2 (System and Organisation Controls) assessment on a security operations centre, recommended and implemented cybercrime fraud controls for a financial institution, and developed a security awareness programme for a bank and its customers. I feel lucky to have gotten a wide level of experience on a real mix of different domains of security throughout my career.

IG: What led you to setting up AWSN?

JL: When I walked into my first security industry event in Australia after 14 years working in Europe, I felt overwhelmed in a room full of men. I found the one other women in the room at that event, and we subsequently started to organise casual coffees or breakfasts before information security events and conferences, helping us and other women to walk in into events together more confidently.

A career in security had been good to me, and I wanted to find a way to get more women interested in the various career options they could pursue. So, I created a LinkedIn group to connect us together, and it grew from there.

IG: Can you tell us a bit about ASWN – its membership and what it does?

JL: It’s a welcoming community that comes together with the mission to connect support, inspire, and increase the number of diverse professionals working in our sector. There are women and men from different backgrounds, different areas of security, different types of organisation (government, academia, corporate, start-ups, defence and vendors), women with zero to 30+ years’ experience, students, and women pivoting to security from other careers.

AWSN has eight chapters across Australia, where we run networking and professional learning events, mentor programmes, training programmes, workshops, career panels, research and competitions.

The AWSN wouldn’t exist without the huge support we have received from the community over the years. The volunteers, coaches, speakers, sponsors, supporters, partners, and members have been a fundamental reason why we do what we do.

IG: How are you working to get more women involved in security?

JL: We work with federal and local government, the private sector, universities, industry groups and Australian start-ups/small businesses to run programmes and research to help women throughout their career journey. We raise awareness of the different security domains, provide a way for women to explore areas of security in a safe environment, and get industry experts, mentors and role models to share knowledge and career journeys.

We also introduce women to technical topics by trained professionals to uplift knowledge and skills, and to connect them to companies looking for diverse talent, and we are increasing the number of women seen at events and conferences through our first-time-speaker programmes. All of this is supported through benchmark data we are gathering alongside longitude surveys, so we can track our progress to share with industry.

The AWSN holds several networking events throughout the year

IG: How is the diversity of security threats met by having a more diverse security community?

JL: We believe that defending, protecting and educating all types of companies, organisations and institutions, and all Australians, requires different minds and types of people. The cybercriminals are diverse, the people we are trying to protect are diverse, so our workforce also needs to be diverse. We continuously need new ways to investigate and solve the ever-changing challenges in our sector.

IG: Is Australia leading the way on women involved in security? How does the UK compare in this?

JL: I’m not sure if we are leading. From my counterparts in UK, however, I have heard that in Australia we are in a very fortunate place where both federal and local government are investing and supporting initiatives to increase the diversity in security professionals and to work together to influence change. This is not something that all countries are fortunate to have, and has made a huge difference in Australia.

IG: Has the proportion of women in security changed since AWSN was set up in 2015?

JL: Yes, and we are about to release some research and study on this topic. We have been working on this with RMIT University, and our contribution to this study is sponsored by the Australian Signals Directorate (ASD). According to the benchmark census data analysed as part of this study, women working in ICT security specialist roles was 19% in 2006, decreasing to 14% in 2011 and 2016.

When RMIT professors Dr Leonora Risse and Dr Maria Beaumont presented this bleak data at a cyber conference in Melbourne in October this year, they showed how the rate of men entering the sector was faster than women. The next day, however, the 2021 data was released, and we are now at 16% in Australia, with a just over a three-fold increase in men’s employment and a near four-fold increase in women’s employment. Small positive steps in the right direction.

“The AWSN wouldn’t exist without the huge support we have received from the community over the years. The volunteers, coaches, speakers, sponsors, supporters, partners, and members have been a fundamental reason why we do what we do.”

IG: Do you think the roles of physical and IT security are becoming more integrated?

JL: Absolutely – you cannot have one without the other when it comes to securing a company. Convergence of both physical and IT security to protect information and people needs to be in every strategy. For example, you could have the best IT security controls in place, but if someone can just walk in the front door and steal/manipulate data, then you have a problem. Likewise, you can have the best security guards protecting your building, but if someone manipulates your access control system or your environment control systems, you have an issue.

From the beginning of AWSN, we have welcomed and encouraged learning from different domains of security. In addition, physical/protective security has been around a lot longer than cyber security, so there is a lot we can learn and apply.

IG: What are the key things people can do to increase their resilience to cyber-attacks?

JL: There are many things people can do to increase their cyber security and resilience to cyber-attacks. I like to refer people to official sources to ensure we are not confusing the public on what they need to do. The Australian Cyber security Centre  (similar to the UK National Cyber security Centre) provides advice to people on how they can protect themselves and their families. When reviewing any advice, consider first what is the most important data/information to you and what the risks are to it, and prioritise protecting that first. Otherwise, cyber security can get overwhelming.

If you work with small businesses or are able to help them with their cyber security, please consider it, as ultimately it will help you and our overall resilience to cyber-attacks. Small businesses are in many of our supplier processes, and them being vulnerable is a risk to everyone.

Find out more about the Australian Women in Security Network (AWSN). 

Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.

Listen to the podcast today