We spoke to Jennifer Cox about transitioning between roles and the skills needed to succeed in the evolving cybersecurity space.
“My interest in cybersecurity developed during my 11-year tenure at a tech company, where I transitioned from an entry-level role into a senior technical position”, said solutions consulting manager at Rippling and the Ireland director for Women in Cybersecurity (WiCyS), Jennifer Cox.
“Starting in the support centre, I eventually became the IT coordinator, managing a wide range of responsibilities. From onboarding new users to implementing new infrastructure. While I thoroughly enjoyed the work, I eventually reached a point where I felt limited in terms of growth and learning opportunities.”
Drawn in by its fast pace and ever-evolving nature, in 2016 Cox made the decision to pivot into the cybersecurity sector, where the challenges and innovations ensured there would always be something new to learn.
“This fast-paced environment keeps me engaged and motivated, as it offers endless opportunities for growth and prevents stagnation, which was something that was key to my decision.”
Cox noted that the entire cybersecurity sector could benefit greatly from increased rates of diverse talent, as employees with broader skillsets and the willingness to learn are crucial to companies innovating in the modern era. A critical issue, she explained, lies within the current education system.
“Cybersecurity is not adequately integrated into school curriculums, leaving the next generation of professionals at a disadvantage. The rapid pace of technological change also makes it difficult for educators to stay current.”
While companies are becoming more aware of their responsibilities, there is still a significant gap when it comes to understanding emerging risks in hot topic areas, for example AI and large language models. Without an education and continued awareness, Cox explained organisations will struggle to implement effective defence and protection measures.
Trendy upskilling
As the cyber sector continues to adapt to an increasingly digitised and connected world, Cox stated that a significant trend that has emerged is the use of artificial intelligence among all groups, even those with minimal technical expertise. The problem is that this has also created a world in which the barrier to entry for creating convincing phishing campaigns, deepfake videos and synthetic audio has lowered.
“These tools, which were once accessible only to highly skilled attackers, are now available to virtually anyone,” she said. “This makes traditional low-hanging threats, such as phishing emails and text scams, far more sophisticated and accessible, amplifying the risks for individuals and organisations alike.
“There is a growing need for accessible education on AI and cybersecurity for both professionals and businesses. As AI continues to shape the threat landscape, organisations must prioritise upskilling their workforce and implementing proactive defenses. Without widespread education and awareness, many businesses remain vulnerable to increasingly advanced attacks.”
Foundational knowledge
While it is vital that professionals in cybersecurity jobs engage with new and emerging skills, to stay up to date, Cox further explained that a knowledge of the basics is an absolute must. For example in areas such as cyber hygiene, network infrastructure knowledge, password management and employee education.
However, she is of the opinion that the most significant challenge in the industry right now revolves around how soft skills are implemented into wider company training strategies.
“You can hire the most technically skilled professionals, but if they cannot effectively communicate their strategies and solutions to others within the organisation, or if there isn’t at least one person capable of bridging that gap, it creates a major hurdle,” she said. “This lack of communication can have significant consequences for an organisation’s overall security posture.
“The one constant in cybersecurity has always been employee awareness and resilience. Unfortunately, many organisations still rely on outdated training methods, like generic 30-minute video modules once a year, which are insufficient.
“Training needs to be immersive, relevant and applicable not only to workplace scenarios but also to personal cybersecurity practices. This gap in effective education is a significant shortcoming in the industry today.”
Ultimately, Cox is of the opinion that, while organisations have a responsibility to ensure that the workplace is safe, secure and can provide access to extensive training, there is also an expectation of personal responsibility.
Employees, for their own sake, as well as that of the wider company and indeed any connected external systems, must understand that they play a vital role in protecting organisational assets. “Comprehensive education and awareness, not just for IT professionals but for all staff, are essential to fostering a culture of shared responsibility in cybersecurity.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
