I was never one of those youngsters who map out their career plans in great detail. Truth be told, one of most vivid memories from childhood is watching a movie called 'Reach for the Sky', which was about the Second World War fighter pilot, Douglas Bader.
Its tale of resilience and winning against the odds was enough for me to want to join the Royal Air Force and become a pilot. I thought that if I couldn't be a pilot because I wear glasses, then maybe I could take up another role on RAF stations and be shipped around the world every couple of years.
This meant that I wasn't really fussed about what I would do at university because the RAF would train me after graduation, right? And so I ended up doing marketing at the University of Staffordshire - I can highly recommend the drum and bass nightclubs - but alas, I couldn't join the RAF because I'm partially deaf, and that medically disqualified me. And so I decided to pursue a career in marketing instead.
It took me about six months after graduation to find a proper marketing job. Unfortunately, these things can take time, particularly as I was competing against others who had a degree and who had completed a year in industry as well.
Just do IT
I went into IT marketing specifically. Not only was it a more lucrative area, but I've also always been drawn to fixing things. My dad is an engineer - he used to work at BAE Systems, actually - and I grew up with him in the garage. It's kind of strange how it's gone full circle with me here now; even the office I work in is the same one as his.
I spent about fifteen years in marketing. I always stayed in the IT sector and worked for a number of security companies, including a mix of start-ups and larger enterprises, so I had a really good breadth of experience. But I've got to be honest, marketing never became a true passion.
Ultimately, I just knew that I wanted to do something else and so I started to pursue different things. For example, I explored coaching and training, and I set up my own coaching practice with a friend who was a qualified trainer. Unfortunately it didn't last that long as she fell ill and we had to sell the business.
It was at that point when I decided that I definitely didn't want to go back to marketing and so I decided to do a Master's in business and coaching. But when I went to the Open Day, a similar degree in terrorism and counter terrorism caught my eye. I went over, sat down, had a chat and signed up with them instead - talk about a life changing moment!
Tacking to hacking
This decision to focus on terrorism and counter-terrorism really opened my eyes to what opportunities were out there, particularly at the intersection with cybersecurity. It was also at this time I met a woman named Eliza-May Austin
, who I worked with to establish The Ladies Hacking Society
, a Not for Profit organisation dedicated to developing technical women in cybersecurity.
We organised meet ups and persuaded companies to sponsor our work. While it exists to attract more women in the industry, really we want more of everyone in the industry - everybody is welcome at our meetups.
And why did I find cybersecurity so interesting? Well, for me it comes down to justice and doing the right thing. One of the things that struck me so clearly about terrorism and counter terrorism is that it is not always portrayed correctly by the media. What it's really about is understanding human behaviour - what is it that makes somebody think their only option is to plant a bomb? And from the cyber point of view, what is the motivation for hacking? That human behaviour really intrigues me.
'Majoring' in threat intelligence
After completing my Master's I worked as a security operations analyst at Leidos but then in December 2021 I joined BAE Systems as a Threat Intelligence Manager. It was a busy time as my arrival coincided with Log4J - a vulnerability which affected millions of computers worldwide running online services. This meant that attackers could penetrate systems relatively easily and it proved to be an issue that impacted a huge number of products across industry.
The role of our threat intelligence business is to make sure we have a threat informed defence. I'm deploying the skills my entire career has provided me - including marketing - as a lot of it comes down to clear communication; understanding who to talk to, identifying the right message to get to them; anticipating how it will be received and being able to listen - which in itself is a critical skill in being able to understand what people are genuinely worried about.
So yes, technical skills are crucial, but these soft skills are really important too. In fact, one of the things I love most about cyber security is that I didn't have to be a technical specialist to be successful.
Cybersecurity is a team sport; that's why we need the diversity and a wide variety of different skillsets in the industry.
So, my advice to women - or indeed anyone considering a career in cyber - is to go for it. Follow your passion. Believe in yourself, filter out any negative thoughts and let your career dreams take flight.
Just like I did.
About the author
Helen Major is a Threat Intelligence Manager at BAE Systems