For this episode, I had the opportunity to interview Fleur Chapman, chief operating officer for ITC Secure. Although she more recently joined the cybersecurity field, her analytical and project management skills, her background in economics, finance, and even speech and drama, have contributed to her current role running operations at a global cyber security services company. Be sure to watch the full video to hear the full interview. Below are some highlights and resources that she shared.
Using Her Analytics and Project Management Background
Chapman came into cybersecurity when she was recruited to her role due to her experience as a technical project manager and consultant in previous roles. With her education in finance and econ, and a teacher’s diploma in speech and drama, she started her career in the public sector, working for the Ministry of Education in New Zealand.
She described one of her roles for the Ministry of Education where she led the implementation of the first births data matching programme in NZ. Analytical by nature, she enjoyed interfacing with software developers, third-party vendors, internal and external stake holders, and realized her passion for quality and delivery.
She earned IT service management certifications and ran projects overseeing operational teams, transactional data systems, delivering strategy and policy initiatives, transformational change, data privacy, identity and access management (IAM) solutions, and regulatory compliance programs.
At one point, she managed the technical assurance program for Transport. She said it was a huge challenge, but she wasn’t satisfied. She wanted to go further than project or program management, and she wanted a more strategic role in the private sector.
She was a contractor delivering managed service projects when she started working with ITC Secure. She worked on several projects, including implementing governance risk and compliance (GRC) for a large customer, and she worked on incident response services for a remote security operations center (SOC). This experience helped her move to an internal role as programme director, and then she was head of compliance. She also set up their risk and compliance function, GDPR, and governance model, and then become their Chief Operating Officer.
Security Challenges and Goals
Her role is broad – she helps global customers with risk and compliance, and she works on internal information security, legal and operations. Operations includes 24×7 managed services, the SOC, the network operations center (NOC), governance, and their platform team.
Her biggest challenges: the skills shortage, evolving threat landscape, ever changing technologies, and thinking about third party risk.
“If you miss something, you’re remembered for what you missed, not the constant good stuff that you’ve caught. You have to make sure you have robust processes in place, as well as everchanging technologies, keeping up to date with technological advancements, offering more to customers for less.”
For third-party risk, she said they are constantly reassessing their third parties, direct and indirect suppliers. “We are judged by the suppliers we use and the threats we expose.”
People, Process and Technology
“We have to think about confidentiality, integrity and availability of the information – it’s vital. The key thing for our business is to prevent sensitive info from falling into the wrong hands.”
So her background in the public sector with process and procedures is helpful with fundamentals around change management, incident management, access control, and authorization.
“Procedures underpin how to provide your best services. We can guarantee services with confidentiality and integrity,” she said. “Humans make mistakes, so minimizing risk comes back to standardizing, documenting, managing and monitoring. It’s a constant challenge. There is no blame culture. People will make mistakes, but how do you identify them and learn. You can identify opportunities to improve services and operational security.”
Advice and Resources
Chapman has experience taking on roles to rescue failing projects due to constraints around timeframes, costs, or mistakes that people have made. Her advice:
“Be confident in yourself and your ability. There is no challenge too great, never be afraid to ask for guidance from your leaders or your peers,” she said. “I’ve had situation where I had to tell myself to step back, take a breath, pause, and think before your next course of action, never respond straightaway to the email that angered you. Not to sweat the small stuff, know what to let go of, and what to push.”
While this is useful advice earned from experience that you can’t learn from a book, Chapman mentioned that she is an avid reader for advice and inspiration. Two recent books she recommends:
- The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity
- Unapologetically Ambitious
To listen to the full interview, click here.
Be sure to also visit our Women in Cybersecurity page, where you can view past episodes and connect with us to hear more inspiring stories in future shows!