How reskilling led to cybersecurity management role
How reskilling led to cybersecurity management role
Toni-Ann Grant’s career at BT has not followed a straight line. Instead, a mix of opportunity and curiosity led her to her current position as the head of BT’s Cyber Assessment Labs. She shared with TM Forum's Inform how she has built a career during BT’s ongoing business and technological transformation and discussed how BT sets out to attract and nurture cyber talent in a heated job market.
Grant entered BT armed with a foundation degree in computer science, but quickly moved into project management “because I don’t know how to say no to an opportunity”. She then spent more than a decade working on large banking, health and defense projects. During that time, she also had two children, each time resuming her career when she returned from maternity leave.
“When they're thinking about having families a lot of people worry that they won't be able to pick up where they left off. BT did a great job of making sure that nothing changed.”
Despite her long and successful stint in project management, Grant – who studied computing in the early 1990s and was the only female out of around 50 students – wanted a new challenge and had to acknowledge “the techie in me refused to die”.
So, when BT was looking for someone with practical management and customer relationship experience to manage its cyber assessment lab, she stepped forward. BT’s cyber assessment lab evaluates cybersecurity products for BT’s use across all lines of business – and even for some large enterprises – and its team of eight people are very technical. Previously, the fact that Grant’s career up until then had centered largely around project management would have put her at a disadvantage.
However, “there was a tectonic shift” in culture says Grant: BT was open to considering managers who could acquire the necessary technical know-how and not only those who had achieved seniority within a technical role.
“It worked brilliantly, because whilst I didn't know everything there was to know about every aspect of cybersecurity, I knew my stuff from a management and leadership capability.”
The transition, however, was not always comfortable.
“I can't say that I didn't have imposter syndrome just walking into a room of very technical, very well- educated researchers. For the first 6-12 months, my head was spinning.”
However, BT gave Grant (ISC)² training to fill the knowledge gap.
“I took on the learning process right as we started to go into lockdown, so I was working, looking after a home and a family, homeschooling my children and trying to read two chapters a week of some seriously complex cyber materials. There was a point, I think, in the middle of one of my cryptography chapters where I did think that my brain was going to explode.
“But it didn't. I survived and I took the exam and I passed in May this year – and I no longer have that imposter syndrome. I've been measured against my peers, and I've not been found wanting.”
The lab operates by bringing in five or six vendors a month to present ways to solve specific cybersecurity problems. “We'll evaluate the products and services based on a set of criteria built up with stakeholders from one of [BT’s] areas of businesses, and we basically do a bake-off job.”
“Our job is to say what we like, what we didn't like and what we thought that they [the vendors] could do better and then pass that information back into the business.”
The requirement to explore and test lots of different, fast-evolving technologies determines what sort of person is suitable for the role. “Are you the type that when you've got a screwdriver, you'll take anything apart? Or do you read up about things? Do you attend conferences that aren't necessarily part of your day job? Obviously, there has to be some element of technical discipline, but because it's moving so fast it really is that curiosity and that energy rather than any predefined skill sets.”
Grant also encourages straight speaking.
“These are serious decisions that we have to make,” she says. “So, I want them to tell me [things] honestly. That's what I'm developing in this team – that strong opinion.” It’s a quality she believes was forged in her when growing up in an Italian family of nine children.
Grant stresses that in addition to being important and challenging, the job also has to be fun.
For example, the team might ask “What is this device here sending back to the mothership? Can we break into it? Can we hack it? What does it do when we apply just a little bit of malware to that? Those sorts of things are infinitely entertaining,” she explains. “We've had to look at facial recognition technology, digital identity capabilities, security in the cloud… there's no end to the technologies that we will look at in the future.”
BT also ensures the team is well-resourced, says Grant.
“They might balk at me needing an internet-connected Ferrari, but…there is no limit to the technology and tools that we have been afforded to make decisions for the betterment of BT Security,” she says.
Nonetheless, the dearth of cyber security skills means that the competition for talent is extremely intense, and is rapidly inflating salaries.
“There is a massive delta in the skills that are needed and the skills that are available,” explains Grant.
“The way that we have addressed that in my team and at BT is by incubating the next generation of skills,” explains Grant. In addition to nurturing graduates, this means giving existing employees the training they need to acquire cyber security skills – much as Grant herself has experienced first-hand.
The company also gives employees the opportunity to develop their careers and interests by participating in research and standardization programs. For example: “We're currently working on a joint collaboration program with Oxford University that looks at IoT devices and the security (or lack of) within the IoT space,” says Grant. BT also hopes its culture, values and role in society will resonate with candidates. One of the upsides of BT’s ongoing digital transformation has been improvements to customer service, according to Grant. This, coupled with its roots in local communities, means BT is arguably better placed than many technology companies to claim it is making a positive contribution to society.
“The way that BT uses technology to connect its customers has improved dramatically over the last five years,” says Grant. As a result, today “the mission statement is we connect for good. And connecting for good means that we are connecting securely, and we are the protectors here in BT Security. And I think that that's a really strong message.”