Kate Wright is a senior consultant at EY. She graduated with first class honours in Forensic Computing at De Montfort University. Her dissertation was published in an international magazine and she was selected to represent the university at the launch of their new MSc Cyber Security degree. Previously she undertook an internship at Cy4or, a placement year as a network administrator, and worked as a cyber intelligence analyst at Lockheed Martin.
Tell us about yourself.
I have been working in the EY Information Security department for two and a half years, where I have undertaken a large variety of projects working with global clients in the financial services sector. Projects have included identity access management, toxic combinations, vendor risk assessments, current/future state cyber assessments, internal controls testing, server virtualisation security reviews, cyber policy/procedure review and security assessments benchmarking against industry peers. I am also heavily involved in a number of activities with the firm’s employee networks; in particular, I am very passionate about EY’s diversity and inclusive agenda. I was featured in an EY global awareness campaign on mental health in the workplace, and presented and spoke on the topic.
What made you choose a career in cyber security?
I have always been fascinated by technology. At the age of 12, when my parents bought me my first computer, the first thing I did was to take it apart, just to learn how to put it back together again. I was captivated by its complexity and how it was able to produce such extensive functionality. I continued to develop my knowledge through undertaking a BSc Forensic Computing degree, where I learnt about programming, incident response, legal requirements and undertook expert witness training. These skills enabled me to conduct forensic investigations on a plethora of digital assets whilst ensuring it was admissible evidence that could be utilised in legal proceedings. I undertook both a forensic technician internship and a placement year as a network administrator, which helped me to further identify the career path that I wished to pursue.
Whilst I enjoyed understanding how to respond to cyber security incidents, I was always more interested in how to prevent the incident from happening in the first place. This led me to my career at Lockheed Martin where I accepted a challenging graduate role, which included leveraging security data from internal sensors (IDS, routers, SIMS, firewalls, hosts) and external sources (industry portals, mailing lists, newsgroups, etc.) in an effort to implement effective mitigations and reviewing appropriate data sources to derive new indicators of adversary activity. I also performed static and dynamic malware analysis, using both commercial appliances and bespoke tools, applied the Cyber Kill Chain methodology to analysis, implementing essential mitigations accordingly, and provided support in digital forensics investigations.
Following this, I decided to make the move away from a more technical role and into consultancy at EY. I wanted to continue to progress in my career and explore a different path. At EY, I learnt the value of teamwork and collaboration. I love working with our clients and assisting them in addressing such complex challenges that cyber security brings. It truly gives me satisfaction that I am making a difference and contributing to the safety of the financial services sector.
What are the greatest challenges in cyber security?
Cyber security is a rapidly evolving field, and the ability to keep pace is an on-going challenge. Whilst new technologies are constantly being developed and provide further convenience for end-users, so are methods of exploitation and exfiltration. The major challenge for global organisations is not just to secure their environment at its current state and keep it up-to-date; their infrastructure needs to be continuously implementing changes at a global level in line with the pace that security and new exploits progress.
What are the highlights of your career?
It is hard to define a specific highlight as I have thoroughly enjoyed every aspect. However, I would say that obtaining a first class honours in my degree and publishing my dissertation in an international magazine was certainly a moment I will never forget.
What/who has been the biggest influence on you?
Two people have significantly influenced my career for completely different reasons. On a professional level, my university lecturer Tim Watson has had a profound effect by continuing to support me through university to the current day. His enthusiasm for cyber security has continued to drive my passion for my career and has pushed me to achieve my full potential. On a personal level, my mentor at EY, Rebecca Cox, has provided me with exceptional support and truly demonstrated the EY values, ensuring that my personal needs are always met whilst being successful in my career. Her support has helped me to develop professionally whilst feeling completely accepted for who I am and supported by my organisation.
What would you do if you were not a consultant?
I would look to obtain an internal role within an organisation, which helps to assist it in securing its environment. It is key that organisations have leadership support to address security risks and challenges, whilst being willing to make changes by bringing security culture to the forefront. I would love a challenge where I could utilise my skills to identify gaps in an organisation’s current state and produce a roadmap to enhance their security posture.
What advice would you give young people hoping to enter a career in the field?
Never underestimate your ability to adapt and the power of teamwork. Whether or not you have a specific skillset, be creative and proactive in the way that you approach tasks by researching and asking the right questions to ensure all requirements are met or exceeded.
Huge organisations such as EY encompass a vast number of employees from diverse backgrounds with varied experiences and skills. As a consultant, you can’t know everything, but your approach can enable you to learn and adapt to anything. So, when in doubt, consult, consult and consult some more!