Did you enjoy school?
I always loved school, but it was university that I really enjoyed. Studying programming was the most rewarding part of my school career, and throughout my bachelor’s degree in computer science and then my master’s, the act of creating and problem solving brought a great sense of accomplishment for me. I am constantly learning and believe that there are some great online resources for security professionals to teach themselves new skills.
What qualifications do you have?
I have a BEng degree in Computing Science from the Hong Kong University of Science and Technology, and an MSc in Computer Science (Information Security Stream) from the University of Hong Kong. In my role, I am a CREST Registered Penetration Tester, OffSec Certified Professional, and an OffSec Certified Expert³ with the OSCE3.
Has your career path been a smooth transition, a rocky road or a combination of both?
My career path hasn’t been rocky, thank God, but it is definitely a winding one. I worked as a project manager for five years, but it didn’t ignite my passion. That’s what motivated me to start my masters’ degree in the information security stream of computer science, which truly broadened my horizons and introduced me to the world of cybersecurity and offensive security. I now know that that is where I am supposed to be, and offensive security fascinates me to this day.
What specific challenges do you see women facing in the industry?
In my experience of the cybersecurity industry, women are welcome, but it is no secret that they are underrepresented, particularly in leadership positions.
I started my work in Hong Kong and have moved to the UK in the last year. Across both regions, I have seen the impact that family responsibilities can have on women’s careers. I have worked with many talented women who excel in their careers, but some have had to step back from their career to take care of children or elderly parents. While these domestic priorities can still be very fulfilling, and should be shared between women and men, it is a shame to see women’s careers impacted by these expectations. I hope that this is something that all industries can come to be more accommodating of so that women aren’t only presented with a binary choice between continuing their careers and caring for their loved ones.
What is the best career advice you can give to others?
Don’t underestimate yourself. I was raised to believe that if you fail to do something, it is probably because you are not trying hard enough. Trust yourself, try again, and try harder.
If you had to pick one mentor that had the biggest influence on you, who would it be?
This is a really difficult question, but I can’t think of a more impactful and inspiring person in my life than my mother. She was a brave and determined woman, who barely finished primary school and became a single mother when I was just two years old. As a sole caregiver, she built a furniture business to earn more money, and as the business grew, she earned an HGV license to deliver more goods. Later, she started to learn financial planning, earning herself a Million Dollar Round Table (MDRT) qualification and Court of the Table (CoT) certifications, becoming successful in yet another field.
My Mum can always step out of her comfort zone, and she raised me to share the same drive and self-belief. What better mentor can you have than a powerful woman who believes in herself?
From where do you draw inspiration?
Although I love my job, I draw most of my inspiration from holidays and breaks. Downtime helps me to reset my brain and get new ideas, whether that’s a two-week holiday or just going for a walk when I can’t quite find vulnerabilities for a pen-testing client.
What is the biggest challenge you have faced to date?
Being a penetration tester is a constant challenge: my job is to solve problems that my customers don’t know exist. Customers don’t like to receive an empty report, so when I am working with a diligent organisation that does regular penetration testing and remediated security gaps, it can be very hard to find new vulnerabilities. I find that keeping up with cybersecurity news is vital for my work, keeping an eye out for the latest vulnerabilities and attack methods. If I still get stuck, I take a break and then when I come back, I try harder.
What qualities do you feel makes a good leader?
Gratitude and appreciation are crucial to good leadership. I’ve never worked with anyone who doesn’t like to be appreciated, and communication, compliments and showing gratitude for a hard job well done helps to strengthen bonds within a whole team.
From a work viewpoint, what has the last 12 months been like?
The last 12 months has been full of change and challenges for me personally. Moving to the UK from Hong Kong was a big culture change, and I certainly had to adapt to a new working style. But ultimately it has been a really rewarding experience, my UK customers are really collaborative and appreciative, and it is a very relationships-driven culture.
What would you say are the biggest tech-based challenges we face today?
AI is an unavoidable one. There is no denying that AI is a very impressive and convenient tool, but we in the security industry are seeing a growing threat that businesses just aren’t ready for. We are starting to see the impact of AI on phishing attacks, generating realistic videos and voice scams that could trick even the most suspicious users. AI scanning tools can scan systems and find vulnerabilities in a fraction of the time that hackers can. And once access has been gained by bad actors, AI can help them to analyse a company’s traffic and data to find the most sensitive data, or most critical servers, finding the best routes for exploitation. I don’t use AI in my work, because passing any sensitive data through these tools can be incredibly risky, but I know that on the other side of the cybersecurity fight, bad actors are adopting AI faster than ever.
What can be done to encourage more women into the industry?
Flexible working is a great way to alleviate the pressures that women unfortunately still face today. When a woman, or anyone, can choose when, where, and for how long they work, they have far fewer limits on their ambitions in both the professional and personal sphere.
Give us a fact about you that most other people wouldn’t know.
Although I love tech and gadgets, I will always choose a physical book over any kind of e-reader. You can’t beat the experience of a good book, and it’s the one thing I hope modernisation never changes.
