Caroline Bansraj is a highly experienced communication and training professional with over 20 years of work experience. In this interview, she shared her thoughts around a successful adoption of information security awareness within the workforce, the trends she foresees happening in the information security awareness landscape, and other topics. Now, enjoy the full interview below.

1. Firstly, thank you very much for taking part in this campaign, Caroline. Can you tell us about your professional background and areas of interest?

Thank you for inviting me to participate. I have been working in a communications environment for 25 years (wow, that is a long time!). I did not set out to do what I am doing now, – throughout my career, I found myself choosing the ‘interesting’ job roles over a more traditional banking or technical career path.

However, in Spring 2015, I was approached by Credit Suisse about a role in security awareness. It would be fair to say, I was extremely hesitant, as it was not a subject I knew an awful lot about, however, the more I delved I realized perhaps this was the career I had been working towards my whole professional life, I just didn’t know this at the time. Based on my background I have a combination of marketing, communications skills, understanding behavior led actions and good story telling skills, which, coupled with my passion for ensuring people are doing the right thing, seemed a perfect match to the role.

2. You are holding the position of Global Head of Cyber Culture and Awareness. Is there a typical workday for you and more specifically, what are some of your primary concerns on a daily basis?

Is there such a thing as a typical workday in security awareness? I am not sure I have found one yet, but this most definitely adds a certain dynamic to my days. The threats we have to educate our colleagues about can change on a daily basis, although a lot of the mitigating actions remain the same from a behavioral viewpoint – have good cyber hygiene, create strong passwords, don’t fall for phishing/vishing and so on.

The biggest challenge is keeping the messages and channels fresh while reiterating and reinforcing the same behaviors over time, in order to keep people engaged. I really believe it is all about the stories you tell and how people listen to them, inspiring and empowering people not lecturing them.

In the last 16 months this has been even more important, as the lines between home and work have been blurred, so my focus has been on balancing key cyber awareness message to cover both work and home. I passionately believe my role should extend to cyber security in all aspects of life, not just work, if we get the right behavior set in our personal lives we will bring this into work, as it becomes part of our everyday – I for one am not convinced it works the other way around.

3. Would you say that you have had any barriers during your career and success as a female leader?

Credit Suisse is incredibly good at diversity and inclusion which is one of the many reasons I am pleased to work for them. This would not be true throughout my career and there are many instances where I have been the only female in a steering committee or management team, and in the past, my voice (which for those reading who know me, is not a quiet one), has not been heard.

However, I have always believed in myself and never been afraid to take up space at the table, as I have a unique range of skills and contributions and even in the more challenging times have been surrounded by people who believe in me and support me, based on strengths and contributions, rather than my gender.

4. What is the recipe for a successful adoption of information security awareness within the workforce?

COLLABORATION – security awareness programs can only be successful and benefit the whole organization if you are actively and proactively collaborating with key stakeholders, such as your threat intelligence team, security teams, CISO’s and CIO’s, security architects, and the end-users, the old adage People, Processes and Technology is fundamental to the thought process and empowerment. It cannot and must not be an add-on or an afterthought and every good CISO knows that behavior-changing awareness and training are the only feasible way to truly lower the ‘human’ risk.

Throughout the last 6 years I have worked on this to bring a human side to the technical and risk aspects, it is the only way that security awareness can be successful. Ultimately, the single minded objective must be to create a cyber-aware culture throughout the company, and this can only be done if you understand what the business challenges are, what the risk appetite is and how and what an end user needs to understand.

A one size fits all approach is never going to be fully successful as we all have different levels of skills and understanding of cyber security. It is challenging, but necessary, to ‘personalize’ – whether by business area or country, the training to allow for different backgrounds. It is also key to ensure it is not too technical, as to influence people with various backgrounds, you need to focus on personal motivations and ability to ensure they can form new habits.

5. What trends do you foresee happening in the information security awareness landscape during the rest of 2021?

The over-arching trend continues to be the persistence of the ‘bad guys’, cybercrime is big business and the motivations driving these people to attack companies and individuals grows year on year. So to buck this trend, we all need to ensure we are empowering our people, helping them to not only identify suspicious activity but know what to do and who to reach out to when they are faced in this situation.

6. What do you think organisations should be doing more to encourage more women to consider a career in data protection and information security?

I truly hope before I hang my boots up on my working life, this is no longer a question posed and there is an equal workforce split. We need to consider gender parity, diversity and inclusion the same way as I urge you to think about Cyber Awareness – it is not a nice to have, but a necessity!

We cannot encourage gender parity if it is not already visible – it is difficult to be what you can’t see.

There are many simple ways any organisation can encourage more women, from entry-level to career-break returners, and it all begins with role models and communication. We need more female role models across all STEM areas, and we need to break down barriers and apply innovation in our recruiting process, this could be as easy as providing support to managers to lead change.

It does not end at the point of recruitment, we need to do everything in our power to retain our talent and help them to become the future tech role models, and I highly recommend mentoring, it is critical to career development and the power of a positive role model/mentor cannot be underestimated, collaboration, open conversations and cross-divisional engagement providing skills and knowledge sharing should also be a key ingredient to successfully encouraging future career choices.

7. What is the most important piece of career advice you would like to give to people who are just getting out of university and are interested in a career in information security?

There are so many incredible opportunities in information security and technology-led roles, and they are just waiting to be filled by tomorrow’s leaders. So, my advice is to believe in yourself, be bold, be brave, be curious and when looking for that new opportunity follow good companies with inspiring, innovative and thought-leading people.

Remember, to never give up on your dreams and always keep a positive attitude, and no matter what roadblocks may come, never let anyone limit your potential. Don’t forget: plenty of brilliant people started out at jobs they did not flourish in or took paths that weren’t right at the beginning of their careers. No two people or career paths are the same, embrace learning and remember this quote from the iconic Audrey Hepburn ‘Nothing is impossible, even the word itself says I’m possible’.

8. Our last question – where do you go for inspiration or resources that you use in your own personal development?

I find inspiration everywhere. I have had some incredible role models over my career to date and as I am a naturally curious person I have always been proactive and committed to continuously learning from my leaders, peers, and my direct reports. I read a lot and if I need ideas or am not feeling hugely imaginative, then I look to people that share similar interests on the chance I will find something interesting to trigger my creative switch.

I keep my radar on throughout the day, sometimes a chance conversation or a thought about how to improve a process, create a more cohesive campaign, or push forward an opportunity just hits you so I take a notebook wherever I go, so when that Eureka moment hits me, I am ready.

---

Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.