Given my current role as a Senior Expert in Vodafone’s cyber security team, you’d probably expect my qualifications to be very technical, but they’re actually not. Prior to this role, my skill set was built on project, policy and procedures management - I’d always worked in banks or consulting companies. However, I have always maintained an interest in tech. Each job had me dipping more and more into the cyber security realm, so when I joined Vodafone’s cyber security team, I caught on to things pretty quickly.
After nearly a decade in relatively ‘stiff’ working environments, I am thoroughly enjoying Vodafone’s open and flexible culture. I love not having to put on a formal, serious ‘work personality’. I have definitely taken the right step to work in a company and team where I can really be myself which makes work easier in general.
How cyber security is organised
An organisation’s cyber security strategy is built on what’s known as the Three Lines of Defence (3LoD) model.
The first line lies with the business processes. They provide secure products and services and are responsible for the management of risks. The second line - where cyber security falls - provides expertise, support, and monitoring, and also challenges the first line on their risk management. The internal audit acts as a third line of defence for independent and objective assurance and advises on how to better achieve an organisation’s security goals.
As you can see, we rely on a mix of technological skill and great communicators working together across many different departments to keep the big picture together, and our organisations and products secure.
Since starting in this role, I’ve been passionate about playing my part in security and awareness training. I’ve been working on a project that starts with a target audience definition, and then we create different campaigns for them. From the top, at the Executive Committee level, down to the Application Owner level, we have segmented the content and presented it live. Everything is communicated in a way that is tailored to the specific audience. As a result, everyone at Vodafone understands their responsibilities better and can implement the right security measures more effectively. This benefits not only our organisation, but our customers and society, as a whole.
Supported at Vodafone
Everyone here has the hybrid option to work from home and the office, which makes our environment as flexible as we are.
From a professional development perspective, the opportunities to upskill and keep learning are tremendous. All security team members are encouraged and supported to get our ISACA's Certified Information Security Manager (CISM) certification. We also hold regular ‘Insight Sessions’ where we discuss the latest cyber security developments inside and outside of Vodafone and receive access to self-learning portals like O’Reilly and LinkedIn Learning. Additionally, our internal learning platform offers structured courses (e.g. Cloud Security), and we have a great buddy and mentoring program in place.
Of course, the support isn’t just professional alone. We have so many employee networks that you can get involved with such as our LGBT group, women4women or Fathers@Vodafone, just to name a few. I think you can achieve great things by being authentic, and at Vodafone, we are truly able to be ourselves. This is a great way to work.