Encouraging Girls into a Career in Technology and Cyber Security; Interview with Helen Barge, Managing Director of Risk Evolves

Helen Barge is a woman with a solid pedigree in risk management and cyber. She spent 20 years working at IBM, 12 of those years as Governance Risk and Compliance manager for the UK and Ireland and now brings her wealth of knowledge and experience to her own management consultancy, Risk Evolves which she founded in 2015.

Helen is passionate about inspiring young people, especially girls, to find out about careers in cyber security and technology. She chatted to us about the challenges of updating the image of cyber security to make it attractive to young women.

What is your motivation to inspire the next generation?
Schools is an area that I get very passionate about, the role models that girls see in tech are rarely inspiring for them and consequently, we haven’t got enough women in technology. It has been proven again and again that the more diverse the work force, the better it is for business. A team that consists of individuals with varying experiences, thought styles and approaches to problems, create a dynamic atmosphere where innovation can flourish.

I go into schools and talk to girls who are in the year when they are choosing their GCSEs and ask them about their perceptions about a career in cyber. They look at me with scorn and say, ‘boy’, ‘geek’, ‘nerd’, ‘programming’, ‘dull’, and ‘boring’, so cyber still has an image problem.  I see my role as breaking down those stereotypes and telling girls that it doesn’t need to be any of that. We talk about digital footprint analysis, profiling, psychology, crime prevention. I use videos and current stories to explain the opportunities and you can see the penny beginning to drop, it is not what they perceive it to be.

Tell us more about the work you do with the students at the Cyber Resilience Centres?
I represent the Federation of Small Business (FSB) on the Advisory Group of the West Midlands Cyber Resilience centre. As part of this role, I volunteered to have my digital footprint analysed by the Student Services Group within the CRC. The students there are helping to raise people’s awareness about privacy. They are doing this by demonstrating just how much information can be found about someone by searching publicly available information on the internet.
I limit my personal digital footprint, and only really have a professional presence online. It was very interesting, however, to see demonstrated to me what could be found out about me, using friends from Facebook, the births and deaths register, and posts I’ve liked on Twitter. I was shocked when they pieced together information about my whole family including my children, the schools they went to and their dates of birth.

This project has prompted conversations about the staff vetting for some of the companies that we work with. Out of all the current checks, few look at someone’s social media footprint, and this leads to the question, if you are going to be bringing people in, to handle sensitive data, what do you really know about them?

Can you tell us why your business chose to certify with both Cyber Essentials and IASME Governance?
It could be argued that as a consulting company, we don’t need to certify ourselves. However, when I set the company up, it was with the strong ethos that we’d never ask a customer to do something which we ourselves weren’t prepared to do. Equally, IASME Governance is a management system that any business can adopt and will add immediate value to how they manage data. We know first hand about some of the challenges that implementing any kind of certification can bring. In regards to IASME Governance, it is massively under rated, and I’d love to see more companies do it.

What are the largest security concerns for Risk Evolves?
We don’t actually sit on a lot of personal information, so a data breach would not be catastrophic except for the embarrassment factor. Considering what we do, a significant attack against our company would damage our professional reputation.

Both internal risks and external risks are important in a risk assessment, but something that can often be overlooked is the supply chain. This is not only your suppliers, but their suppliers too, and like every other chain, it is only as strong as its weakest link. In reality, this means a business needs to really examine the integrity of its supply chain and ensure that every one of their suppliers is doing what they’re doing. In order to manage our reputational risk, we make sure that every single one of our suppliers has Cyber Essentials as a minimum.

What advice would you give to a young person interested in going into a career in cyber security?
Go for it! Embrace the changes that you see, accept challenges, and always be inquisitive. I entered the IT industry back in the late 80’s and the role that I did then (working in peripheral operations at Natwest, loading tapes on to devices) disappeared years ago. My role has changed so many times in the intervening years because I’ve been curious about new technologies and have been prepared to move to new companies. Evolving risks are always accompanied by new opportunities.