Cyber security spotlight on... Nicola Whiting, NeuroCyber
08:00 Tuesday, 14 December 2021
UK Cyber Security Council
Nicola Whiting MBE is Interim CEO of NeuroCyber, a Community Interest Company responsible for promoting the benefits of neurodiversity in the UK cyber sector and helping to develop supportive cultures through policies and practices for neurodivergent people. At November's event to launch NCSC and KPMG's 2021 report, Decrypting Diversity, she represented NeuroCyber during the panel discussion about the report. Afterwards, we asked Nicola to share her personal experiences in cyber as an autistic woman.
Describe for us your route into a cyber security career. Was it planned?
I had left a career in cyber security to pursue a career in jewellery design. I originally had no intentions of returning to the industry but some friends persuaded me to join their early-stage company, Titania. It was supposed to be short term, to help them with building a team - but 12 years later I'm the company co-owner, with expertise in multiple fields and a strategic advisor to government.
Does working in cyber security meet the expectations you had for it before you started? How has it changed?
If I added up my various posts in cyber, it totals about 20 years in the industry. During that time, I think some areas have definitely become better: there's more opportunity for women and marginalised groups than there were before, and more understanding on what inclusivity and equity looks like. We still have a way to go, though; I still see good people leaving our industry due to discrimination and career progression barriers. As an industry we've worked hard to "know better" – now we must "do better".
Were there any particular challenges or obstacles that you’ve needed to overcome?
Like many women in tech, I've had to deal with Imposter Syndrome - but it’s worth framing that as a reasonable response to the impact of subconscious bias in our industry. There's lots of evidence that women face more questioning on decisions than their male peers, which tends to breed self-doubt. In response, we often overcompensate on preparation, which can lead to higher levels of burn-out.
The personal upside of this for me was a massive drive to continually learn, to be an expert in my field and be able to contribute - which has benefited both me and the organisations I serve.
What's your career highlight to date?
If I could name only one of numerous highlights, it would have to be receiving an MBE for my services to International Trade and Diversity. Another two that stand out are receiving the Sparky Baird Award from the US Military magazine SIGNAL for strategic insights in AI and cyber warfare, and being named the Cyber Citizen of the Year in the National Cyber Awards.
What advice would you give to somebody considering a career in cyber?
That it's a fantastic industry to join as it's constantly evolving and has so many career avenues to explore.
How do you keep your skills up to date?
I constantly learn, whether through formal study courses, white papers and articles or from the contributions of industry peers in the government advisory bodies I support. As an Autistic I benefit from my ability to process information differently, too. I love making connections between all the disparate sources of learning and coming up with new ideas or ways of doing things.
What do you think is likely to be next phase of your career in cyber?
My ambition is to help UK Plc and the cyber security industry achieve their aim of being global leaders in innovation and resilience - though increasing diversity and harnessing the benefits of eradicating group-think.
What single thing you would change about the cyber sector?
That we focus on "Inclusion by Design" (for our people and teams) as much as "secure by design" – because ultimately they are both key factors to our success. Driving cultural change is a collaborative process and we should fully embrace the principles of NAUWU (Nothing About Us Without US) to be successful.
NeuroCyber, the Cyber Neurodiversity Network, comprises industry volunteers led by a Board who are, or have connections to, brilliant neurodivergent people. It aims to improve career outcomes for neurodivergent cyber security practitioners, to enrich the sector and positively impact the cyber skills gap in the UK.