*APAC Heritage Month* This is What a Technologist Looks Like
Let us introduce you to industry experts in the APAC region and discuss their most pressing issues. This week's guest is Jacqui Loustau, Founder of AWSN (Australian Women in Security Network) and Principal Security Consultant, Cynch.
Transcript (Beta)
Hi there, I'm Gretchen. Today you're listening to This is What a Technologist Looks Like.
So we've got a series of talks that are going over six weeks to show you what opportunities are available in the technology industry, what the people in the industry actually look like, and how they got to be where they are.
And none of the stories are the same.
So my guest today has worked in security for over 20 years, both in Australia and around the world.
Somehow in her spare time, she managed to found the Australian Women's Security Network.
I'd like to extend a very warm welcome to Jacqui Loustau.
Oh my gosh. I'm so sorry. It is great to have you with us.
How do I pronounce your surname properly? That's okay. Don't worry.
I've heard all the kind of combinations. This is silly because I practiced it and then just went to the wrong one.
Don't worry. All good. Apologies.
Jacqui, tell me about your current role. What do you do now day to day?
So just recently, I've moved to do the Australian Women's Security Network full time.
So I'm the founder, but also now the executive manager of this organisation.
And so what does the Australian Women's Security Network actually do then?
So our objective is to connect, support and inspire women in security.
So the way that we do that is that we connect all the women that are working in security together and we support them through different events and networking events and upcoming training, which is going to be very soon as well, which is good.
We really do a lot of workshops with women that are just entering security as well.
And also help women find jobs, their first jobs as well. Oh my gosh.
So you're like a touchpoint for women in the industry from very first starting right through to senior levels.
Is there a mentoring program within that as well?
There is a mentoring program as well, yes. I forgot about that. Yes, thank you.
There is a mentoring program in there as well. And it's about really exposing them to the different varying careers you can have in security because it is very, very diverse.
That is such an interesting point because I know we touched briefly back in the green room around a career in technology is like anything, right?
It is so vast and broad.
But now we've just hit another point that is a career within security is actually many, many options as well.
I kind of always assumed that security was like making sure people don't hack into your system and break stuff.
What else is involved in security?
But there's so many variants of that. So you can imagine, yes, it is people that are protecting people from getting in and hacking an organization or people's computers.
But you can imagine that there's so many different elements that are involved in that as well.
So you want to make sure that somebody is going to have a look and say, what are those risks in a business that could actually contribute to that?
Or it could be that, OK, we have some data here.
How do we actually protect it? If the data actually was leaked or there was an incident, who's going to communicate to the different varying people that are the users of that system or the people that are affected?
So you need good communicators.
And in the protection side, it's like, how do you market or communicate to the users the right thing and the wrong thing to do or things that they should be doing to protect themselves?
So it really is varying in terms of people that are in there configuring the firewalls or having a look at the alerts that are coming up on the system.
Oh, no.
Seems like Jackie's frozen. Organization. And also. Sorry to interrupt.
It froze a little bit there. So I heard you talk about firewalls and then it cut out.
OK, firewalls or there's people that are also, you know, trying to see whether they can get into the organization.
But equally, yes, there's those other skills that we need in terms of people that can communicate to senior managers or the board or users to tell them what needs to be actually done or what they need to do to protect themselves better.
That's what we need. It's so various.
Yeah, exactly. Wow. So everything really. Yes, everything. Correct. Simple answer.
So what do you do each day then? So at the moment, I do lots of different things, which is why I really love my job.
I, you know, speak to my volunteers who are, you know, helping to run this organization and would not operate without the volunteers that we have today who organize our events and all that kind of thing.
I also speak a lot to women that are, you know, they just started out in their career and talking to them about like what we just talked about.
Like they will say, OK, well, I don't know what I want to really do.
And so I talk to them about, OK, so these are the different roles that are there that could be interesting for you because it's really hard for somebody that's just entering the security realm or even people that are in security and want to transition to something else to know what's out there.
So a lot of the time I'm speaking to them, which I really love about, OK, maybe you should consider this and that and try to connect them to the right type of people or the right groups that may be working that particular space.
And I also speak to our sponsors. I talk to lots of different people that want to help us out and on initiatives that we're wanting to launch this year, which is pretty exciting.
Obviously, preparing board papers and doing all the admin stuff.
But I just I get to do a whole heap of different things, which is what keeps me really motivated and and keeps me going.
So I love that.
And I think in my experience, the best part about a job in technology is that you get to do a little bit of everything.
And if you feel like you need to go and write some code, you can always just run away.
So let's go back a couple of years.
You went to high school, you finished that. What next? How did you decide the next step?
So when I was at high school, I got the opportunity to do work experience for one week at Australia Post and in their technology department.
And so I got to see the help desk, the PC support, and I really loved it.
I thought it was really, really interesting.
And obviously, I got along with them. So they offered me a job while I was at uni.
So I got to work on their help desk while I was at university, which was really cool.
So I got into the Bachelor of Information Systems at Monash.
So I was doing that at the same time as working. And that was really great because I got to understand some of the subjects that I was learning at university.
I was like, ah, okay, I understand what that is and I could apply it to work and vice versa, which was really great.
Oh, that's lucky. I love that.
It's really lucky. I know. It was really good. And then halfway through uni, I then changed to a company that I, an insolvency company, and I did like full-on PC support there.
So, you know, all the migrating email systems and, you know, putting RAM into computers and all that kind of stuff, which was really great because it really made me understand computers.
And I really loved that. That was really great.
And so then after that, I graduated and I got a job as a Unix administrator.
Yeah, this is brilliant. Was it hard to get these jobs while you were doing, while you're in the middle of study?
How did you juggle that? Were you just stubborn and tenacious?
I was very stubborn. I actually chose my subjects based on when they were so I could actually squeeze all of my uni into two days.
We need a disclaimer that this is not career advice. This is not career advice, exactly.
But I really wanted to, I really wanted to work. And the subjects that I chose by coincidence were really good.
One of them was a security subject. So that was a good dabble into the security space.
And when I chose the company that I went to, it was for Holden, actually.
So I was a Unix administrator there.
So that was really cool. And I really loved it. I really enjoyed working in that space and working there.
So that was your first job out of uni.
And then I know you've done all this magical stuff that wasn't even in Australia.
So what happened next? So I was driving down the freeway one day and I just went, you know what?
I want to go to Europe. So I basically just kind of said, okay, well, I'm going to go to Europe and I booked a ticket.
And I went to Europe for a while, did a bit of backpacking as you do as an Australian, ran out of money as you do.
And I got a job at a help desk at Schlumberger. And I loved that job. It was really great because it allowed me to be able to work on my weekends and still work in IT.
And they said to me, okay, well, we're going to move the help desk to Ireland.
Do you want to go to Ireland? And I went, not really, actually. I really want to stay in London.
So they said, okay, what do you want to do? And I said, well, what have you got?
And they went, well, we've got all these different roles. And I said, oh, well, what about a consultant?
I wouldn't mind having to try that.
And they said, yep, great. We'll put you through six weeks of intensive training in Houston.
So I learnt, like, I had to do my CCNA. I had to do, you know, a SANS course and project management, a driving course, all these range, and Microsoft certification.
So they basically just put us through intensive kind of training.
And at the end of it, we actually got to choose. They said, okay, do you want to do networking or security?
And I just went, I really wasn't. Networking didn't do it for me.
So security was really interesting. So I went, I want to do security.
So then that was the beginning of my security career. I love that it goes from, you end up, like you pay when you're younger, all this money to go to university and you're paying for your education.
And then all of a sudden, when you get a job and you've got an actual income, they pay for you to learn.
It seems backwards. So you're a security consultant on the other side of the world.
When did you come back to Australia? And why? So I did consulting for seven years in London.
And then I did seven years in Paris. And then I moved back to Australia after that.
Do you speak French? I do, yes. You must do too. That's fabulous.
I'm learning all the things about you now. So when you came back to Australia, you were working at one of the big four banks here.
How different is a big four bank security compared to working, I know you then went to a startup.
Was that a culture shock? Yes. So it was quite a big culture shock. From moving from consulting when you're on one side, you're consulting to a company.
The thing that I found really frustrating was, like I'd see all these core issues and I'm like, oh my God, I want to fix all of these other things.
Like you've made me come in to fix this, but I actually know that it's all these other things that are contributing to the one thing that you're asking me to do.
That really frustrated me.
That's heartbreaking. It's heartbreaking, yes. You can't fix it. No, exactly.
But it's not in your scope to be able to say things sometimes, even though I did sometimes say things, depending on the relationship with that customer.
So that's why I went, okay, I want to try in -house to try it.
Like if I was actually in the organisation, maybe I'll be able to work my way to be able to influence, to make fundamental core changes to help.
Across a whole system, right? Whole system, exactly.
And so when I was working there, I worked in different organisations in ANZ.
And then what I did was, when I was actually in one of the roles, which was in cybercrime, I could actually see the effects of cybercrime on small businesses and different people.
And I was like, okay, do you know what? I need to focus my attention on trying to help those that really need more support.
So I went, okay, who's out there?
And I found Cinch, which was a startup that actually, you know, that's their core goal to help small businesses with their cyber security.
So I decided to move over to there, which was a startup.
And they're all fantastic. Like, it's really great.
The startup land, I love it. I was like, wow, okay, this is fantastic.
Cause you get to do a lot of everything. And that's me. Like, I just like to get my hands in there and I'm very delivery focused.
So to be able to just get things done is really, was really good for me.
So I really enjoyed that. And yeah, so startup was really good moving into that.
How great that you, I haven't heard this story before.
So I'm loving that you were at a big organization and recognizing which players in the game were getting hurt the most and had the less resources.
So that's, I think that's beautiful that you then went, you know what, I'm going to go and do something about this.
And off you went. Yeah. So after Cinch, which is doing fabulous stuff in the Australian ecosystem here, you're now doing your own thing.
Was it, was that jump then smaller because you'd been in a startup and seen what that was like to do full-time?
Was it a smoother transition? Smoother transition?
Well, it actually made me realize and respect founders even more so now that I've jumped onto the other side and become a proper founder with, because I mean, I was doing 80% on the side of my desk weekends and night times.
And so it's really nice to be able to do that now during the day, which is really good.
And all the other elements that are involved with it, it makes you, yeah, really appreciate startups and the founders that work so incredibly hard and are so incredibly smart, like really smart bunch of people.
Yeah. I totally endorse the startup scene in Melbourne.
I mean, I'm only speaking to Melbourne because that's the one I've seen.
But they're amazing people. They're amazing. Yes. Solving real problems.
Yeah. Yeah. I met a guy on Thursday who is, he was a hedge fund investor and he realized that people in startups or business owners had, men had 50% less superannuation than the general population and women founders had something like 75% less.
So he literally just walked out the door and went, I'm going to do something about this.
And now helps small businesses and startups invest in their own superannuation.
Well, that's, I love that simplicity of, I see a problem.
I'm actually just going to walk out the door and do something practical about it, which is ideal.
So you've been in tech for a pretty long time now. What's the bit you love the most of technology as a career?
I love that there are constantly changes and you can never get bored.
And it's really fun. There's so many new things that around the corner, like if I think back to 20 years when I kind of started to now it has changed so much and it's like, wow, okay, it really has evolved.
And that's really exciting because you get to work on different challenges and because a lot of it changes.
So constantly, you're constantly being able to help and to get new challenges and to learn new things which I think is really exciting.
So you don't get to stop learning then? You don't get to stop learning, I know.
Sometimes you get a little bit overwhelmed by it's like, oh my gosh, I need to get on top of this.
But I guess the thing is that you can't be an expert in everything.
That is the thing that it's really hard to learn that but it really is the truth.
Like you can't be, well, you can but you could get yourself in a lot of stress if you think, okay, now I need to really specialise in this particular area, in all areas.
So you just either need to really focus on one particular area or stay broad.
And that will allow you to be able to see a bigger picture when you go into an organisation or when you're doing a particular thing which can really set you up well.
So if you, I'm hearing kind of there's two pathways there, right?
Either you go and be a specialist specialist. So that ties in well to a good medical analogy, right?
Like you're a heart surgeon that only does this one particular thing on heart surgery.
Or you're interested in surgery and you do a few different things.
How do you, if you choose that generalist or it's still quite specialised, more generalist path what do you do when you don't know?
How do you, what do you do?
How do you find the people to give you the advice and what do you ask them?
So there's a lot of resources out there or organisations that have different events where you can attend and you can hear about what it's like to be in that particular career.
And I think that's a good way of you then hearing and go, okay well that actually sounds really interesting.
I might wanna delve into that a little bit more and to maybe try out some of those things.
A lot of security is about trying and showing that persistence in terms of learning a new skill.
So for example, if penetration testing seems really interesting to you there's lots of resources out there that can help you practice your skillset on that before you even go into a particular role, for example.
So there's a whole lot of but obviously do that in a safe way, not...
Disclaimer, disclaimer. But there are, I mean but there's ways in which there's organisations out there that can, that are really keen to and this industry is really really welcoming in that way that if you reach out to them and just ask them hey, what's it like to work as XYZ?
They're more than happy to tell you what it involves and stuff, which is really great.
And that's why mentoring I think is also a really good thing too. I think I went to a conference that ran little sessions and actually did a pen testing workshop which I was rubbish at for the record.
But what I was blown away by was how inviting of questions the people that were running it were and actually everyone I banged into it the entire conference.
And I think, you go through high school and a bit of uni and it's not so cool to go, I don't know.
And I know you said it, but I don't get it.
And you don't like doing that. But in that environment I was in at the tech conference it was almost the opposite of that.
Like the expectation was that you would say I don't get it. Can you show me again, please?
Or can you say that a different way? And that honestly, I think security has taught me that better than any other part of my life.
So yay for the tech conferences.
Yes, exactly. I mean, the people that are in there usually are there to talk or to do something to help others.
So I think that that's what they're there for.
And there's a beautiful recognition that, so in that particular room I'm thinking of there was some phenomenal technologists like very well known in the field they were in.
And they were the ones going, yeah, I don't get it. And there was a beautiful respect for I know you know stuff.
You don't know this particular little thing.
Let me help you figure out that thing. And such a beautiful space to be in.
But hey, I've got some really strong opinions on this next question but I'd love to hear your thoughts.
Do you think there's a particular skillset that lends itself to a career in technology or a successful career in technology?
I think it's the attitude and the competencies of somebody rather than actual skillset.
So when it comes to, like we talked about really at the beginning of our session it was about, it's so broad.
So those different types of skillsets that you can bring are really important.
Somebody that's really willing to learn and wants to get there.
They're really passionate about it and just want to continuously learn and find new ways or to do things will do well.
I think in security or in technology because it is constantly learning you have to have a desire to learn and to continuously learn.
So you don't have to be lining yourself up for a PhD in mathematics.
No, I don't think so. No. I mean, like we want those types of people but we want all types of people like people that have come from arts degrees or history degrees and people that are from marketing degrees and lawyers because they look at things in a different way and we absolutely need to find a different way to resolve some of today's challenges because there's so many things that are happening at the moment and we just need all hands on deck almost to help out.
And it sounds like you're saying you need a really, the broadest mix possible of people to come and solve them because when it comes to security you're dealing with all people.
So I guess solving it can't think that way or haven't had those lived experiences then possibly their solutions are going to be suboptimal somewhere.
100% exactly. Because the users and the services are diverse.
All the people that are in society, right? So we need to have that representation on the table.
We talked earlier in the green room around, I asked Jackie the question about what do you love about tech?
And she's like, oh, you're always learning.
Which is so true. And then I said something completely stupid. Like I love that moment where you get a sense of mastery and Jackie goes, when does that happen?
But I just wanted to touch on that briefly because I think you do.
I think the people that enjoy being in technology you want to learn and you're kind of interested in the next thing but you do want that sense of achievement, right?
You want to feel like you've got somewhere and achieved something.
But also there's a recognition that about five seconds after doing that you just move on to the next thing.
Have you had experiences like that in your learning?
Yes. Yeah, definitely. And also when you're a consultant sometimes you're working on a particular project and you spend hours and hours at nighttime, weekends and everything.
And then like two years later that system's no longer there almost sometimes.
And you're just going, oh no.
But that's terrible oversight by sometimes the projects. It's like, okay, you need to be able to...
But now I think the way in which we do projects is completely different now which doesn't prevent that kind of thing from happening because that was like years ago that that type of project existed.
We've got better at thinking about the life cycle.
We've got better about thinking about the life cycle of projects.
Correct, exactly. So if you were talking to someone around, they came to you and they said, hey, Jackie, I want a career in tech.
What advice would you give them?
Let's assume they're a year 10 student. So that would be a 15, 16 year old in Australia.
Do a double degree in something with technology. So business and technology or legal and technology.
Because I think it's really important to have the two degrees because they complement each other really, really well.
And also it gives you an opportunity to try both sides.
You may find that you like the technology more and you want to have that legal background which will always put you in a good stage and all the opposite.
So having to be a lawyer and then having the technology underlying is really good as well.
So it's very, very powerful.
And if possible to explore that. If you don't want to go down the university route, there's always the route of doing certifications or just if you have a keen aptitude to security or technology is to just get in there and show your skills to some organisations.
Some organisations, they value the practical over degrees as well.
So there are those options that are out there. But yeah, so it's, I think there's so many different pathways into technology.
If you ask, if you get somebody in a room, if you get a whole heap of people in the room that are technologists and you ask them where they came from, all of them will have a different story, I'm sure.
Yeah. I mean, I don't mean to talk about me earlier.
Jackie goes to me, is someone interviewing you about your journey in tech?
I've had this, I didn't finish high school. I went to uni on the basis of being 20 and studied a commerce degree.
And then on a whim one day, did a web development bootcamp.
So there's just so many different pathways and none of the weird and wonderful things I did along the way, I would always did actually.
I've learned heaps from every single one of them.
Are you seeing, Jackie, people transition into tech, sorry, into security later on in life?
Like instead of just, I went to uni, I got a computer science degree of sorts and then went straight.
And are you seeing people change later on in life?
Yes, definitely. So in my last team, we had somebody come from 20 years of marketing, took a career break and then is now on a security team.
There's people that have been in arts and they are one of the best cyber crime specialists.
We've got people that are in music that have transitioned over into security.
It's really diverse in terms of the backgrounds of these people.
And we're finding also certain industries like the tourism, for example, people wanting to transition over as well.
During this whole COVID time, they're looking to reskill and everything.
And it's great to have those types of people also because they come from really strong project management skillset or communications are very, very strong as well.
So having them come over, they can see things in a very different light, which is really, really good and powerful.
How did they transition?
What kind of, do they need to do another educational piece? Most of them have done a search of some sort.
Actually, all of them, some of them haven't, some of them just got opportunities, which is really great.
Someone took a chance on them, but a lot of them, yeah, they have done a certification of some sort, like either a TAFE or university, like a master's or a certification, like one of the technology ones.
I won't name any specifically, but because there was a lot out there, a lot about them out there.
So I guess part of that then is if you want to transition or change, you need to do some research around why education is available because it's not all the same.
And then you've said, sometimes people take a chance on you.
Would you be an advocate for people to joining meetup groups or the AWSN?
How much does that impact things? Oh, I'll be very biased.
Of course you should. The benefit of meetups or meetups is that they will expose you to the people that are working in industry.
They will expose you to the various different roles that are kind of out there in this industry.
They will allow you to make those, to get exposure to these types of things.
And it's great to network as well, to have that support network as well.
So to meet somebody that's similar to you, that is in an area that you like.
One of the reasons we did start it was because some of the uni students were alone in their degrees and it was great to bring them together so then they could go to a conference or a meetup together because sometimes it can be quite intimidating going into some of these things.
So to allow them to meet each other is a really great opportunity as well.
I love that. So what I'm hearing is that if you are even remotely interested in a career in security, you should join the AWSN.
How does that happen?
How do you do that? So on our website, there's the option to join as a member.
That is so simple. We've filled up our time beautifully today. So I want to thank everyone who's listened.
And Jackie, I want to thank you for getting up bright and early and spending your morning with us.
Not even a coffee in sight. I'm impressed.
You're getting one right now. I've been waiting. So our next episode of This is What a Technologist Looks Like is happening on Thursday morning.
So we'll be introducing Gwenny Warnock, who is a cloud engineer at CASNR.
And I'm really excited because her journey has gone through she studied music at one point, linguistics at another point, marketing.
She epitomizes everything we just said. So I look forward to seeing you on Thursday morning.