In this week’s episode of The Future of Security Operations podcast, I'm joined by Mollie Chard. Mollie’s career spans 10+ years in technical SOC and leadership roles at organizations like the UK’s Met Office, Capgemini, and OVO. She’s recently accepted a new role as Head of Cyber Guidance & Monitoring at Ofgem, the UK’s Office of Gas and Electricity Markets. A passionate advocate for diversity, she’s also the Chief Advisor for Women in Cybersecurity UK and Ireland.
Mollie and I discuss:
Her career path from arts graduate to help desk technician to security leader
The unique challenges facing the energy sector, from legacy OT systems to tight budgets
Practical ways managers can diversify their talent pool
Some of the lesser-discussed downsides of AI adoption, including LLM biases and threats to human creativity
The importance of accessibility supports for neurodiverse team members
Where to find Mollie:
Where to find Thomas Kinsella:
Resources mentioned:
UK Department for Work and Pensions's Disability Confident employer scheme
More career growth tips from Mollie on the Trident Talks podcast
In this episode:
[02:00] Mollie’s journey from arts graduate to security leader
[04:00] Her previous role developing emerging security talent for CIS UK
[05:00] Tips and techniques for hiring diverse talent
[11:20] The problem with management being the default career path
[15:25] The biggest tech mistake that budget-strapped companies make
[19:23] Solving unique systems and operational technology challenges in the energy sector
[21:30] The ethical considerations and impact of AI for security and other industries
[27:30] Making space in boardroom discussions for diversity and how it can enhance resilience
[32:00] How to stay aligned when working with remote or dispersed team
[35:00] What Mollie thinks cybersecurity will look like in five years
[37:00] AI as a threat to human cognitive abilities within and beyond security
[42:40] Connect with Mollie
TL;DL? Read Mollie’s take on:
What drew her to security after receiving an arts education
“I've got an English language undergraduate degree, and a philosophy master’s, and people go, ‘Well, that has nothing to do with tech. Why did you do it?’ The simple answer is, I’ve always been somebody who has various passions and interests. I was always a techie. I'm a big gamer. I'm a massive geek, but I never knew that I definitely wanted to work in technology. It was never an option that was presented to me 10, 12 years ago."
I enjoy the power of the written word. I love debating life's big questions. I ended up studying philosophy because I didn't want to be doing cybersecurity day in, day out - no matter how much I loved it.
The unique challenges of the energy sector
"When you look at the cybersecurity landscape for energy, you've got a whole mix of different systems, services, and operational technology - the physical side and the technical side. The convergence of those two things for cybersecurity is fairly novel, fairly new. And there's a lot of challenges there. How do you link up those physical systems with those internet-connected systems?”
You've also got the whole regulatory landscape for energy, which is always changing. For me, it was always something that kept me on my toes and meant that no day was ever the same. And that's why I've stayed in that industry.
The philosophy and role of AI in security
“The benefits of AI are vast in terms of low-level manual processing, aggregating various feeds, and deducing decisions off the back of that. That can be great a great application for it. But actually, AI can't deduce business context, and it can't deduce the human context. And there are certain situations that will always require human insight.
If you are in the fortunate position to have full visibility of your tech stack and your supply chain, then absolutely, AI could do it... However, if you don't have all of the visibility of your estate, if you have unknown threats that actually aren't common, then it won't know how to respond. Until AI is able to consciously reason by itself, without that human input, it's got its limitations.”
With security, it’s really key to start small with implementing AI. Start granular, and build it iteratively. Think of the areas where you can get an immediate return - whether it's automation, speeding up a particular process, making something more efficient, aggregating more data, or adding more context.
Practical advice for improving your hiring processes and attracting top talent
"One, stop the habit of regurgitating old or common job descriptions. The industry particularly falls foul of using that same sort of template. Saying, ‘We need you to have X number of years in tech and security,’ for some of the more senior roles is more understandable - obviously, you do need that experience.
But for the entry-level roles, try saying, ‘We’re looking for a logical and analytical mindset, someone with experience in problem-solving and a willingness to get involved. We want somebody who is flexible, adaptable, passionate, hardworking, and thrives in an ever-changing environment. We want somebody who has an interest in cybersecurity and technology.’”
Open the door to somebody that doesn't have a background in cybersecurity or in tech. Encourage them to showcase their transferable skills. It doesn't always have to be professional examples... volunteering can be absolutely key in demonstrating somebody's abilities and somebody's competencies.
Neurodiversity in tech
"If you’re trying to encourage more diverse hiring in terms of neurodiversity within your team, one thing that's particularly important, speaking as a neurodivergent person myself (I have ADHD), is seeing there’s a genuine supportive culture in place, that it's not just all talk. There's a lot of talk within the industry, but do you do it in practice? Do you offer reasonable accommodations for people? Do you offer flexible working? Those things lend well to encouraging a neurodiverse person to think, ‘I would actually truly be supported and valued in this environment. And I don't need to hide who I am. I can be authentic.’ I think that we have got better over the last few years, but I think there's still a long way to go.”
What's really key is making sure your management are upskilled in how to support neurodiverse employees on the ground... You need to be looking at how your neurodiverse people are supported day to day, and that will often come down to how they are being managed. The way around that is not to micromanage them. It's an open conversation.
Listen to more episodes of the Future of Security Operations podcast.