Cyber Security with Cairo Malet (#35) | STEAM Powered

Cairo Malet (she/her) is a cyber security professional, specialising in governance, risk and compliance. She currently works for Octopus Deploy, leading their GRC programme. Before moving to Octopus, she spent three years leading risk assessment and remediation at one of the world’s largest mining companies, working with technology across both enterprise and operational environments. Her previous experience includes consulting and internal positions, working with organisations across finance, government, healthcare, telecommunications and resources to assess their security posture and implement policy and process to increase security maturity.  She is passionate about providing pragmatic security advice, increasing female representation in the Cyber Security industry, and Stardew Valley. She also has a degree in International Relations and a CISSP.

In our conversation, we talk about Cairo's indirect journey to cyber security, and what cyber security entails from policy to supply chain cyber security and social engineering.

Show Notes:

[00:00:49] Cairo's pursuit of the social sciences.
[00:02:31] The transition into tech and starting in tech support.
[00:04:02] How tech support turned into cyber security.
[00:06:06] Concern about not meeting the job criteria, by one item only. Michele's note: This old chestnut with women and applying for jobs.
[00:06:49] Having experience in the regulatory and privacy side of things, just not the technical.
[00:07:08] A lesson in how initiative and making yourself available can lead to other opportunities.
[00:07:27] Cyber security has regulatory and compliance aspects as well.
[00:07:58] Also need to be pragmatic and apply context. What is actually relevant to the organisation.
[00:09:13] Process management involves knowing about the process you're trying to manage.
[00:10:54] Governance, risk, and compliance in the context of cyber security.
[00:15:24] Supply chain security.
[00:18:30] Sometimes a bad actor simply has more time and resources to throw at a thing.
[00:19:03] Trying not to be the low hanging fruit and taking an 'assume breach' approach.
[00:19:48] (Dis)trust in the universe, but lock your car.
[00:20:27] Multi-Factor Authentication (MFA): A small inconvenience that can prevent larger inconveniences.
[00:22:37] Having the conversations and taking the time to communicate the concepts.
[00:24:56] On password choice. We kid. Don't use these passwords.
[00:26:38] Sentences and sequences of words are definitely an improvement.
[00:27:01] How Cairo's background in social sciences informs her work in cyber security.
[00:27:53] Research, critical analysis, and effective communication is a significant part of the work.
[00:30:38] Cyber security is relatively new as a field, we need to be able to communicate its relevance and significance.
[00:33:05] Accessibility and visibility in communication.
[00:35:58] Other cyber security concerns of businesses.
[00:36:21] Tailoring guidance to the organisation.
[00:38:55] Social engineering.
[00:40:52] Capture the Flag (CTF) at DefCon.
[00:41:21] Rachel Tobac.
[00:42:21] Stress and urgency can prevent people from being rational.
[00:43:45] The challenges of being good at social engineering.
[00:44:21] Cyber security awareness training.
[00:45:49] Online scams are a numbers game.
[00:47:48] Scams are run as a business as well.
[00:49:27] Motivations in cyber security. Societal and geopolitical factors.
[00:50:13] Considerations in the resource sector.
[00:52:47] Understanding the business, their needs and risk factors.
[00:53:01] Needs of financial institutions vs emergency services.
[00:54:03] The CIA Triad (Confidentiality, Integrity, Availability).
[00:56:31] Bonus Question 1: What hobby or interest do you have that is most unrelated to your field of work?
[00:56:35] Cottagecore and taking up knitting.
[00:57:40] Assoc Prof Rhea Liang (#8) and her crochet.
[00:57:52] Tom Daley's knitting fame.
[00:58:35] Bonus Question 2: Which childhood book holds the strongest memories for you?
[00:58:40] Tamora Pierce.
[01:01:36] The adaptation of Ursula le Guin's Earthsea.
[01:03:29] Bonus Question 3: What advice you would give someone who wants to do what you do? Or what advice should they ignore?
[01:03:34] You need balance between your work and personal selves.
[01:04:55] Get involved with the community.
[01:05:16] Don't let a non-technical background deter you. A broad range o skillsets are needed in this space.
[01:06:21] @hacks4pancakes
[01:06:27] Tanya Janca (@shehackspurple)
[01:06:38] @SwiftOnSecurity
[01:07:02] Finding out more about Cairo and her work.

Connect with STEAM Powered:
Be the first to comment