Secured by Women: How Jessica Gomes is paving the way for women in cyber

Lacework Editorial·April 18, 2024·8 min read

For Jessica Gomes, cybersecurity is a natural extension of the detective stories that captivated her as a child. Today, that same curiosity and passion for solving problems fuel her work in the cyber community. Now leading cybersecurity at Grant Thornton Australia, a major financial institution, Jessica creates and implements strategies to protect the organization’s systems and data. We’re proud to recognize Jessica as a Changemaker in Cyber for her efforts to make cyber careers a possibility for more women, promote a security-first organizational culture, and raise public awareness of cybersecurity. In this Q&A, we talk to Jessica about the future of the security industry, how we can encourage diversity, and more.

Q: What first sparked your interest in cybersecurity?

A: I’ve always had an inquisitive mind. Growing up, I absolutely loved watching detective programmes, which initially sparked my interest in forensics. As I was always quite a ‘techy’ person, this then became an infatuation with computer forensics, which I later studied at university and graduated with first-class honors. Studying computer forensics was really my gateway into the broader world of cybersecurity, which has been super rewarding. I’ve even had to lean in on some of my forensic skills throughout my career so far, which was a full-circle moment, going right back to that initial interest.

Q: What have been the most significant changes in the industry since you started? How have you adapted to them?

A: The shift toward cloud adoption has been a huge transformation and one a lot of businesses are still embarking on. Moving from on-premises to cloud workloads presented its own unique challenges, such as lack of data visibility and control, cloud misconfigurations, and unauthorised access to cloud data. Robust monitoring, encryption, access controls, and distribution of cloud workloads become paramount whilst leveraging cloud security platforms to support the adapting threat landscape in a cloud-first world.

The key thing that I've found when adapting to major changes like these has been the importance of uniting teams and ensuring you are taking everyone on the journey with you.

The key thing that I’ve found when adapting to major changes like these has been the importance of uniting teams and ensuring you are taking everyone on the journey with you. Security is not just the security team’s problem. A security-first mindset needs to be embedded across all levels of an organisation. That’s something I’m really passionate about — bringing teams along the security journey with us and encouraging a DevSecOps culture across the digital landscape.

Another significant change is the increased efforts to tackle cybercrime, defend critical infrastructure, and raise public awareness about cybersecurity in recent years. It’s great to see governments such as Australia getting involved to ensure we’re uplifting our regulatory frameworks and strengthening our resilience to become one of the most cyber secure nations.

The recent rise of artificial intelligence (AI) and machine learning (ML) pose significant changes in the cyber landscape as well, both from a threat and defense perspective. These technologies are really expediting the pace in which cyber is evolving and how organisations and individuals have to adapt. I think knowledge sharing is key to adapting to these changes; building industry relationships to act as a soundboard, sharing mistakes, threats, and resolutions.

Q: What are some of the biggest challenges that women face in the cybersecurity industry today, and how can we address them?

A: I think the challenge extends beyond cybersecurity. Women are underrepresented across most industries or positions, so I think the first thing that needs to be addressed is ensuring there are role models and positions to aspire toward. Once there is clear representation, then the barriers won’t seem so high, which can inspire more women to believe there is a genuine career path for them. The gender gap can create an unwelcoming environment, leading to further attrition. Policies encouraging diversity in hiring, mentorship programs specifically for women can be the first step at addressing this. Nonprofit organisations like the Australian Women in Security Network and Women in Digital are paving the way with just this.

Cybersecurity roles often require long hours and high availability, which can be a significant burden with family and personal responsibilities. Policies, facilitation of flexible work hours, remote work options, and comprehensive parental leave can make cybersecurity careers more attractive and most importantly viable for women.

Q: If you could give yourself one piece of advice when you were first starting your career, what would it be?

A: I always say this, but it would be to embrace your uniqueness and speak up! Recognise that your diverse perspective and experiences bring immense value to the field and leverage your unique insights to solve complex cyber problems.

Believe in your abilities and expertise. Cybersecurity can be a challenging area with multiple different domains to learn and wrap your head around. Just remember that you are experienced and deserve the role you have or aspire to have.

Seek out mentors, build networks, and participate in women and cyber led communities that uplift and empower you.

Seek out mentors, build networks, and participate in women and cyber led communities that uplift and empower you. I left this until far too late into my career, and I wish I had reached out to the incredible cyber community for support a lot earlier. There is a whole network of CISOs and cyber leaders out there willing and wanting to support you. We’re all in this together, with the same common goal to protect ourselves, our industry, and our nation from cyber threats and criminals.

Q: Are you part of any groups or associations that you would recommend for other women in tech?

A: I am a member of the Australian Women in Security group, and have found the knowledge sharing community to be inclusive and supportive. I was fortunate this year to be accepted into a “Secure your board” training program made available to a group of female leaders.

Q: What do you hope to see happen in cybersecurity in the next 10 years?

A: Over the past 10 years, cloud adoption has surged and cloud services will become even more integral to our digital lives. The challenge lies in securing these cloud environments. As demand grows, so does our risk exposure. Striking a balance and working with partners in the industry that are building cutting edge tech to help detect, alert, and provide governance against these will be paramount.

And let’s not forget the one that we are all hearing about — the rise in AI and ML advanced algorithms are continually being developed and will continue to support us to proactively identify and prevent cyber threats before they materialise.

Q: What impact do you hope to have on the next generation of women in cybersecurity?

A: I grew up in a small village in Wales and now lead the cybersecurity department for a major financial institution in Australia. I hope to show people to always think big and that it is possible to achieve your goals, regardless of your age, gender, or socioeconomic upbringing.

I hope to show people to always think big and that it is possible to achieve your goals, regardless of your age, gender or socioeconomic upbringing.

Q: If you had to use three emojis to describe the life of a woman in cybersecurity, which ones would you choose?

💪 🦹‍♀️ 🔥

Q: What organization would you like to “pay it forward” to with your Secured by Women donation?

I would like to donate to the Australian Women in Security Network (AWSN). AWSN is a non-for-profit association aimed at educating women and girls on cybersecurity.

About Jessica:

Jessica Gomes is the Head of Cyber Security at Grant Thornton Australia, with experience leading and executing comprehensive security strategies across the legal and professional services industries globally.

Recently recognised as one of the top 50 CISOs to Watch in 2024, Jessica has a strong background in offensive security, cloud, and cyber risk management. Jessica is a champion towards building a DevSecOps culture, and advocating for bridging the gap between development, operations and security ensuring robust and secure cloud and software delivery. Beyond her technical prowess, Jessica combines her technical acumen with a commitment to promoting diversity and inclusion within cybersecurity. Her passion drives positive change and fosters an inclusive environment.