Erin Jones is a senior associate in the PwC cyber security practice. She has worked on a range of engagements for FTSE100 and Financial Services clients, including large security transformations, incident response, identity and access management, and third party security management.
Prior to joining PwC, Erin spent two years completing the TeachFirst graduate scheme, teaching computer science at a secondary school in North London. Erin holds a BSc in Information Security Management for Business from Loughborough University, and is currently studying for an MSc in Information Security at Royal Holloway, University of London.
Tell us about yourself:
My name is Erin Jones. I’m 27 and work as a cyber security consultant at PwC where my primary role is to help our financial services clients build and assure their cyber security defences. In plain English, this means that I help customers both to understand how strong their cyber security is, and to improve it as necessary.
I joined PwC three years ago after spending two years on the TeachFirst graduate scheme, where I taught computer science at a secondary school in North London.
My job sometimes gets quite stressful, and studying for an MSc in my spare time doesn’t help that! It really helps me to stay active; I particularly enjoy long-distance running, boxing and skiing. I am also am a big fan of South Korean culture.
What made you choose a career in cyber security?
I was actually a computer science teacher when I decided to join the cyber security industry; I spent two years on the TeachFirst graduate scheme after leaving university as I recognised the leadership skills I could gain and the important purpose of the scheme. I realised I wanted to do something that applied both to my degree and to my interest in enabling business through technology (I’d seen it treated only as a cost-centre in my placement year). At the time of ending my commitment to teaching, two big breaches had happened in North America and I became really fascinated by the complexities of securing a digital society. It was hard to leave teaching, but I know that I can still help inspire students to take up core subjects and career paths in my current job.
What are the greatest positives about working in cyber security?
Definitely the exposure I have had and the opportunities to learn. I have met the coolest people in this industry, with such different backgrounds, experiences, and sometimes really niche specialisms – yet, all of them are super passionate. It’s a really innovative industry because people do bring together what they know to deliver solutions or just new ways of doing things. Additionally, no client problem I have ever faced is the same, so it’s exciting to constantly challenge myself in new environments and situations.
What are the greatest challenges in cyber security?
I would say two of the biggest challenges I have noticed are education and skills.
The industry has grown so rapidly that the organic growth of the right skills has not been able to keep up, which is making it difficult for organisations to ensure they have the right people to deliver security objectives. Although crucial technical skills such as ethical hacking and security architecture are taught, there is so much more to the field.
I also believe education plays a huge part in the challenges faced by organisations and the public. Although this is starting to change, there is a huge misconception that cyber security is simply a technology issue and therefore not owned by the business. In order to mitigate risk, cyber security must be embedded fully and within all organisational processes – a key example of this is third party management, i.e. how can organisations can be confident in the security of their supply chain?
What are highlights of my career?
Working on two high profile data breaches with a really talented response team and seeing the direct impact my work was having on those organisations to enable them to take the next steps forward.
Designing, managing and delivering the 2016 final of the Cyber Security Challenge UK, which I am really proud that PwC sponsored. Its success was covered by lots of UK media, ultimately supporting education about the industry and helping discover new talent along the way.
What/who has been the biggest influence on you?
My dad has always taught me to be fearless and resilient; if something is challenging, it’s probably good for me.
Within cyber security specifically, the leaders in my team are awesome. Over the three years I have been here, I have been empowered to do some really exciting things, which if written on paper would appear higher than my grade. Those leaders definitely inspire me to constantly innovate and believe in myself.
My best friend also works in my wider team but has really different skills and strengths to mine, she’s definitely a daily inspiration.
Where do you see Cyber Security in 10 years?
I think that the field is going to become increasingly regulated over the next 10 years, both in terms of regulations around organisations’ own cyber security, and in terms of regulating providers in the marketplace (of products and services).
Also, right now, there is a widely accepted ‘skills gap’ in cyber security, whereby the industry is struggling to fill key roles with suitably qualified people. The industry also lacks diversity, with many women choosing to have careers elsewhere. I hope that both of these will have changed in 10 years’ time, and we’ll see a much better resourced industry that is far more representative. Part of this is going to be changing people’s perceptions of cyber security as a career, and demonstrating that there are more than just ‘techy’ IT roles up for grabs.
What are your career ambitions?
In 10 years’ time I want to be well known in the industry as an expert in my chosen field. At the moment, I really appreciate the importance of building a solid foundation of skills and knowledge so that I can appreciate all facets of a problem. However, over time, I’d like to focus increasingly on a specialist area and become renowned for my mastery of it. I think getting myself to that place will be a challenge, but thoroughly enjoyable.
Perhaps even more ambitiously, I’d love to be a CEO in 20 years’ time. I think that as society and business becomes more and more reliant on digital technology, future chief executives will equally need to become more literate in that technology. Also, I don’t think that it’s right that women are so underrepresented on corporate boards, and I’d like to be someone that helps to change that.
What would you do if you weren’t a consultant?
I come from a family of police officers; my parents both met in the police and my grandad had some really amazing achievements across a variety of forces. If I hadn’t taken the career path I had, I would like to think I would have joined the police too and eventually become a detective. The current direct entry detective scheme for the Met sounds really impressive as they recognise transferrable skills.
What advice would you give young people hoping to enter a career in the field?
There is so much opportunity in this industry as it’s so fast paced: you need to be passionate about it as it will never stand still. Read up about cyber security news and developments, and research what interests you – is it the technical detail, processes or people? Look out for internships, industry events or opportunities to look at what different organisations do – I know for instance that PwC offers tech internships which include cyber security.