Angela Schoeman has 25 years of experience in technology leadership, including 17 years in cyber security. She is the Global Service Delivery Director of CyberProof, a UST company, accountable for Global Service Delivery & Transition (Advisory Consulting, Delivery Governance, Onboarding and Transition and Customer Satisfaction). Angela also volunteers at the Cyberhelpline which helps individual victims of cybercrime.

Her experience ranges from governance to advisory to operational services. Angela has hard core service delivery experience including complex security projects leveraging Microsoft technology. Those who worked with Angela describe her as professional, available, friendly and result oriented. Her responsibilities include managing customer stakeholder relationships, service transition planning and oversight, program oversight, capacity planning, service performance review, service enhancement & improvements and cost management. She is based in London, UK.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

For most of my adult life, I lived in South Africa. However, a few years ago I moved with my family to England.

My father was a sales and marketing director and I used to spend my school holidays joining him in client meetings. I also had the opportunity to work for him and other small companies, part time, to make money outside of school activities. My mother is more entrepreneurial and started her own business, which she still manages today.

In the late 90s I started my IT career during the technology/dot-com boom and nearly two decades ago I developed a keen interest in cyber security.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

The book Future Crimes by Marc Goodman inspired me to get involved with The Cyber Helpline, a UK charity — and to actively do my part in addressing concerns around individual victims and cybercrime resulting from ransomware, unauthorized access, cyber stalking and bullying, fraud and scams, etc.

Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.

My involvement in cyber security was accidental — it was a part of leading the security requirements for a large transformation programme. I enjoyed the experience so much that I started cyber security consulting and continued to pursue opportunities within the cyber security domain/industry.

Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?

An organization-wide email was sent from my mailbox because my screen had been left unattended and unlocked. Lesson learnt — always, always lock your screen.

Are you working on any exciting new projects now? How do you think that will help people?

At CyberProof, a UST company, I have the privilege of working on many new, exciting projects to support enterprise customers around Advisory Consulting (including DevSecOps), Security Event Monitoring, Managed Detection & Response, Use Case Engineering, Advanced SOC services, Vulnerability Management, Threat Intelligence, and large enterprise hybrid outsourcing partnerships.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

There is increased interest in DevSecOps, i.e., detecting security vulnerabilities continuously as part of a software development cycle. This is a great way to build security into the design and build of high-quality products.

Automation is another area that is particularly interesting as we need to find innovative ways to reduce cost, be more efficient and respond to cyber threats, remediate, and continuously learn.

Use case engineering is an exciting development in the way that attack scenarios and outcomes can be viewed against industry frameworks (such as the MITRE ATT&CK) to minimize organizational damage.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

My first concern is that not enough is being done by the industry to support individual victims of cybercrime. The industry should support more initiatives to provide training — giving people the skills to prevent and remediate cybercrime.

Another big concern is around cyber security skills shortages, which need to be addressed in several ways: by attracting diverse talent, implementing training programs, creating back-to-work schemes and employee retention schemes, providing career paths, and partnering with managed service security providers.

Businesses need to improve their security on a limited budget. To address this concern, organizations need to look to partner with managed service providers. They need to identify their key risks by mapping out attack scenarios and to focus on automation to improve efficiency and reduce costs.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?

Advances in remote working, IoT, OT and 5G all change the threat landscape and bring additional areas of increased risk.

Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

One of my first security breaches involved data theft that was the result of a stolen device. There were a number of remediation steps that were implemented, including: the rollout of device encryption software, Multi-Factor Authentication (MFA), improved asset management, improved processes around stolen device notifications, policy updates, improved physical location security, revoking physical access as part of the leavers process, training programs, etc.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

CyberProof, a UST company, has its own proprietary technology called the CyberProof Defense Center Platform (CDC) which allows insight around context, enrichment of alerts, continuous improvement and automation. We have also partnered with industry leaders for technology around SIEM, Vulnerability Management, Endpoint Detection and Response, and Threat Intelligence.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

A layperson could look for signs of unauthorized access such as being locked out, having suspicious logins, having devices connected that were not authorized, or receiving unexpected 2-Factor Authentication (2FA) notifications.

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

The most important thing is to contain and recover from the data breach by resetting passwords, implementing 2FA, reviewing and implementing security settings and updates, and rebuilding (if required).

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

The most common mistakes that companies make are basic mistakes around security configurations, patching, user access management, clicking on malicious links, and not having effective security training programmes.

Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?

Women should be encouraged at the school level to select subjects such as technology and engineering. Organisations should be more open to diversity and support the challenges that women face in re-entering the market after long breaks. Moreover, women should support each other as allies.

At UST, I am fortunate to work in an organization that supports female talent and I encourage organisations to review their policies and programmes around developing women in STEM.

What are the “myths” that you would like to dispel about working in the cybersecurity industry? Can you explain what you mean?

The only “myth” that comes to mind is that all people in cyber security need to be technical. This is not true. There are many roles in cyber security and there is a place for everyone to support this worldwide challenge.

Thank you for all of this. Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)

Everyone is different and unique.

Everyone has their own story and their own idea of what they want out of their career path.

Recognizing talent and great work is key to success.

You can’t lead without people — your team are the most important stakeholders you have.

It is important to have a strong compelling vision and a plan to get there.

We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them 🙂

I would like to meet Chani Simms, the founder of She CISO which has a ‘vision to be a sustainable global training and mentoring platform in information security and leadership….training and empowering a new generation in the information security talent pool…attracting more women to be information security leaders’ to see how I can support this great initiative and assist with closing the skill and diversity gaps in cyber security leadership.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!