Shaketa Welch, Security Culture & Awareness Analyst, Tide, London
Tell us about your journey into the industry.
I left school not knowing what I wanted to do! My classmates already knew what they were going to study at A-levels in order to become Doctors, Vets and Lawyers. I felt anxious I did not have my life planned out like many of my friends by 16. Fast Forward 2 years, and I got into retail banking as a cashier at a well known high street bank. I still didn’t know what I wanted to do, and was working part-time while studying.
One day I was confronted with a fraudster trying to defraud a customer's account and it was at this moment I found interest in anti-financial crime! I decided to study law as a degree whilst continuing to work in banking to give me a foundation to law with a focus on anti-financial crime. I also worked as a Special constable for the MET for a couple of years.
I then pursued a career within a bank's financial crime and KYC units, which was a career dream of mine.
Having worked as a financial crime investigator, I realise how big the world of financial crimes was within cyberspace. I was so intrigued and fascinated. I didn’t know how I would get into this area, but then it became an opening for a new and interesting Security Culture and Awareness role! It was perfect for me, so I applied… and began my cyber security journey in 2021!
Tell us about your current role.
I work at Tide - a business financial platform and the leading provider of digital business banking services in the UK! And here I work as the Security Culture Awareness Analyst for Tide globally.
This is not a role well established within the Cyber Security space, but more and more companies are creating spaces for this much needed role within their organisations. The role itself is an integral part of building a strong Security culture within any organisation. The role moves companies beyond a tick box compliance culture, and into a more human centric behavioural science and analytical culture which helps not only to understand employees everyday security habits, but to also help (with data), to improve not so great habits by education and awareness beyond slides and mundane presentations!
Not only this, but this role is really about educating and coaching people on a personal level about cyber security so people can protect themselves at home, and spread the word, leading ideally to an eradication of unsafe cyber security practices.
I work with Tideans (Tide employees), and business leaders to help champion Security across Tide, as well as co-run a security awareness professionals community outside of Tide to help align the security awareness professionals space.
Salary ballpark - hard to benchmark as there isn’t a huge number of these roles and there isn’t much of a framework. But based on advertised roles, I’ve seen anywhere from £35,000 - £70,000 depending on organisation.
What does a typical day look like?
There isn’t a typical day! 1 day you may be working on global security awareness campaigns for the year, the next, organising activities for Security champions. You may be writing blog posts for Tide members, or working on phishing simulation data. It’s incredibly varied and a lot to do!
The role itself is largely computer based, but having an office and physical presence is a big part of ensuring all Tideans receive and experience Security Culture at Tide. I typically work full time, however, work is flexible, busy periods and quieter periods.
What are your career goals/plans for the future?
I have been thinking about this recently! I mentor a few entry-level security professionals outside of tide, which I enjoy. Perhaps getting back into management within the cyber security space is my next goal.
Ultimately, I want to shout louder about helping people get into cyber security by helping break down unnecessary barriers to entry. More collaborations with other professionals on creating pathways and frameworks, webinars etc.
What is the best thing about working in the cyber security industry?
The sheer range of specialisms! You can go down a technical route, a non-technical route, land somewhere in the middle, amalgamate a few skills and create your own path. It’s a limitless industry and you can set the rules!
What advice would you give to others thinking about pursuing a career in cyber security?
If you don’t meet all of the job requirements, apply anyway! My current role was advertised as a Senior hire, and I applied anyway. I had a lot of transferable skills and something which cannot be measured - genuine passion! This shone through during my interviews which I believe helped my interviews see what I can bring to the table.
What would you say are the 3 most important skills you use in your role, and why?
What do you like to do in your spare time?
Self-improvement in all forms - I like discovering how my mind and body works, and using my discoveries to enhance my abilities or cut out bad habits, to be a better version of myself as often as possible.
On a more basic level, I love the outdoors, so exploring woodlands and nature trails across the country is a hobby. Will I complete all walking trails the National Trust has to offer - hopefully!
Anything else you think would be interesting to add?
I’d like to emphasise that there are not enough black leaders within the security space, and I am yet to meet a security awareness professional/ manager who is black. It’s encouraging for people to see what they’d like to achieve, but since I am not seeing it, I will aim to be 1 of the first.
What do you think we could do to encourage more people into a career in cyber security?
How can the cyber security sector offer better support to retain and progress those currently in the industry?
What barriers have you faced as a woman in the cyber security industry and how did you overcome these?
I work in a male dominated team as many people within cyberspace do, the barriers I face are being misunderstood and not represented at the top.
Men are still paid more, and given more opportunities to progress. Representation is a problem - we need more access to mentors at least.
What barriers have you faced as an ethnic minority in the cyber security industry and how did you overcome these?
Little representation of black people in this space, especially in the UK. I often go to security events and find I am one of few black people there.
I overcome this by continuing to be present, and trying to be active on Linkedin so I can be seen by others. As a result people have reached out to me to learn more.
If you transferred into the cyber security industry from another sector/background, what transferrable skills were the most useful for you?
Not a huge transition - financial crime - cyber security is quite similar, but I also have a lot of experience planning company-wide events and hosting, which played a big part in shaping the tone of this role.