Name: Liz Banbury
Job Title: Global Head of Information & Cyber Security & Risk
Company: Standard Chartered Bank
Tell us an interesting or fun fact about you:
I can speak some Cantonese.
What drew you towards a career in cyber security?
Nothing drew me. I fell into it by accident when joining ANZ bank December 2012 as a junior project manager on a program to deploy an uplifted on-line banking platform to Singapore, Hong Kong and China. I was asked, from a knowledge base of zero to manage all the regulatory requirements, compliance with internal standards and risk for the program. Fell in love with it.
What do you enjoy most about what you do in the industry?
The change. It does not stay constant for a single day. The challenges from working in a large multi-geographical, cultural organisation with layers of differing legacy systems and complexities and having to juggle huge varieties of stake-holders together with keeping policy and standards and a risk type framework to industry standard and best practise.
What things are the most challenging in your role?
Managing the different requirements from stakeholders against the same set of controls.
Have you come up against any challenges or roadblocks and if so, what were they and how did you overcome them?
Yes many. Top of the list is managing the conflict between technology, best practise and regulatory/industry requirements vs organisation capacity and capability and business investment funding priorities. Managed mostly via thorough research, building on subject matter expertise and through on-going dialogue with the key persons/teams impacted by any change to policy.
What have been your career defining moments?
Re-structuring the entire Policy framework to allow for the automation of control implementation and control effectiveness and compliance monitoring.
What changes have you seen in the cyber security industry in the time that you have been in it?
A more matured environment where we first went from understanding what cyber security is and the varying domains and complexities within the domains to a move towards using more advanced and sophisticated tooling and Automation and to some extent AI in order to keep up with changes to the internal and external environments.
What trends or changes do you think we will see in cyber security in the next 10 years?
Cyber Security will become more as one with Qualitative Risk Assessment rather than being considered as 2 separate entities. GRC tooling and mapping between Policy and the Regulatory environment will mature, allowing for more complex scenario-based assessment to be made for you.
How much job demand have you seen for cyber security professionals, and what things to you think will shape this demand in the coming years.
It is a growing industry and as the amount of Information is ever-growing [big data] and the amount of regulation defining what information is important and how to protect is growing, this is a trend that is set to continue for the time being. This is especially true as for now much of what we do still requires a significant amount of manual effort.
Has the coronavirus pandemic impacted on your career, and if so in what ways?
Yes, my working day is longer and busier. A combination of everyone being at home, of staff now having requirements which are counter to ‘normal’ policy and from regulators who are starting to bring out updated circulars around the ‘working from home’ environment.
What soft skills do you think are important for women in cyber security to have?
The ability to talk to stake-holders on all levels, whether that is the platform engineers who deploy and secure the products to the bank, or at board level when presenting the bank’s approach to risk assessment and management. To a certain extern security, at a senior level is a ‘sales pitch’. You need the stakeholders to be on side and committed to the security and resiliency of the bank.
Why do you think more women should consider a career in cyber security?
It is a good career. Dynamic, interesting and has many facets. If you like a challenge and are open to learning and being in an environment with multiple dimensions then it is a very rewarding career choice.
What advice would you give to a women looking to make the move into cyber security?
I think it is important to do your research. Talk to people who are already in cyber security. As mentioned it is rewarding but in my opinion, you do need to be able to thrive on good stress. Hard decisions often must be made and you must be able to have the courage of your convictions and stand by your decisions. Your rationale for your decision is very important and must hold up to your internal stakeholders [the business] and to your external stakeholders [Regulators and Auditors]
In your perspective – what are the biggest cyber security threats to companies presently?
Date Leakage is still by far the biggest threat. Most companies now have mechanisms in place to deal with DoS attacks, Malware attacks and so forth, but Information is still the biggest sought-after asset and there are so many vectors, or avenues by which information can be obtained.
Do you think it is important to close the gender gap in cyber security and if so, how do you think this could be done?
Yes. Men and women tend to have very different thresholds particularly when it comes to risk and I think that balance of thought together with an equal knowledge base is important, particularly when judging policy for the organisation.
Read Liz’s chapter and others in “The Rise of the Cyber Women: Volume 1″, available now via the links below:
About Liz Banbury
I’ve spent approximately 15 years working in Technology within the Financial industry and started out in JPMorgan working in the back-office settlements systems and progressed to Release/Environment management.
I have now been in the Information Security space for 8 years firstly as the Security, Risk and Compliance Manager on a global online and mobile banking infrastructure project which progressed to Regional Portfolio manager for Information Security & Technology Risk with the Information Security Office and now as the Global Head of Information and Cyber Security & Risk. I am CISSP [Certified Information Systems Security Professional] certified and have been a member of (ISC)² since 2016
I’m passionate about what I do and particularly interested in people and the impact that behaviour and culture has on our security holistically. Cyber Security is a very interesting, dynamic, fast moving, fast changing area where I feel that each individual should have a certain basic level of knowledge in the key threats we face and controls that need to be put in place to safeguard themselves and their assets both at home and in the workplace.
Since leaving school I have been fortunate enough to have been able to travel a fair amount and have spent 20 years living in Asia, first in Hong Kong and more recently in Singapore, returning to London June 2017.