The Network: Sarah Orton

The Network
Author: ISACA
Date Published: 1 November 2017
español

Sarah OrtonWhat is the biggest security challenge that will be faced in 2018?

The EU General Data Protection Regulation (GDPR).

What are your three goals for 2018?

Build my profile, explore the next opportunity and be happy.

What is on your desk right now?

A5 pads with different information relating to the different subject matter I work on throughout the day, in addition to two mobile phones, a Costa cup, a small handbag and, of course, the laptop on which I am typing this.

What are your favorite benefits of your ISACA membership?

The ability to keep up to date with IS audit hot topics and current and relevant methodologies, the opportunity to network with great people globally, and being able to give back to the profession that has served me so well over the years.

What is your number-one piece of advice for other information security professionals, especially women?

Be bold and strong and use your network to support any gaps you feel you have.

What do you do when you are not at work?

I am a mother, a yogini and a traveler.


Question How do you think the role of IS auditor is changing or has changed?

 

Answer The role is changing from that of technical IS auditor to that of IS controls advisory consultant, and for that, the IS auditor needs to both consolidate technical skills, but also develop their interpersonal skills and broader business knowledge to be able to provide value-added insights. With the advent of data analytics and continuous monitoring, the IS controls advisory consultant needs to recognize the value of leveraging the messaging that is contained in the data.

 

Question What would be your best advice for IS auditors as they plan their career paths and look at the future of IS auditing?

 

Answer Look for a good mentor as you start out on your journey and, while acquiring and developing technical skills, ensure that you also start to build a network to support you through your career. Joining ISACA is a great idea! ISACA chapters provide a forum for updating your technical knowledge, but also for networking and meeting some great people who are experiencing similar challenges.

Since joining AstraZeneca, I managed to connect with a great mentor. She is a woman who is outside of my line of business who I meet with on a bimonthly basis. We discuss actions I have taken in the previous month to develop my career and she offers real gems of information for me to either transform the level of my engagement or to confront issues that may be perceived barriers to my progression. I really value my bimonthly discussions with her.

 

Question What leadership skills do you feel are critical for a woman to be successful in technology fields?

 

Answer Key differentiators for a woman to be successful in technology fields are to be both credible in her subject matter (have the credentials needed to be recognized as competent) and to have good knowledge of the business. The ability to be able to translate technical risk issues into a relevant business context is highly valued by organizations. One cannot underestimate the value of emotional intelligence as a leadership tool, too. Being able to “read between the lines” of what is going on and sense the mood is vital to creating and sustaining an environment where people do their best work. Also, irrespective of gender, a vital leadership trait is to be authentic and true. These are critical to establishing the key relationships to support women in developing themselves as credible leaders of technology.

 

Question What is the best way for someone to develop those skills?

 

Answer Network, network and network. If you do not feel this is something that comes naturally to you, then engage a mentor or support who can both coach you and introduce you to others so the environment does not feel so alien.

As mentioned earlier, ISACA provides a perfect, safe forum for you to start to build your confidence in networking.

As part of my SheLeadsTech role, I encourage women to engage with the local ISACA chapter, offering myself as a contact point for them initially until they build their confidence to engage more broadly with the group. A recent new female member attended the local ISACA chapter Annual General Meeting with the aim of building her profile by increasing her contacts in the local market. When she arrived, she was surprised to already know so many people in the room and was very comfortable networking with new people. Her confidence has grown so much that this month she is going to be a panelist for the inaugural meeting of SheLeadsTech in Manchester, UK, as a cyber security specialist in her field. I am absolutely delighted for her.

 

Question What do you think are the most effective ways to address the lack of women in the technology workspace?

 

Answer Women who are already successful in the technology workspace need to sponsor and support qualified women coming through and be role models for them. Where the environment is predominantly male, male advocates can act as mentors and support women in leadership roles to address the underrepresentation of women in the technology workspace.

 

Question What do you see as the biggest risk factors being addressed by IS audit, risk and governance professionals? How can businesses protect themselves?

 

Answer Currently, cyberrisk is a key strategic risk for organizations and allows the IS auditor to broaden their role more into the business area due to it being an issue that is broader than IS. Businesses need a cross-organizational response, i.e., an organizationwide security culture and awareness campaign supported by security monitoring and reporting tailored to the business with cyber risk being reported at the highest levels within the organization.

 

Question What has been your biggest workplace or career challenge and how did you face it?

 

Answer On numerous occasions, I have worked with others in internal audit departments who have tended to have very different personality types and styles than mine. Over time this has required a “chameleon-style” approach to ensure that my opinions are received in a way that is valued and allows me to influence others to deliver the right outcomes for the business.

It is important as a leader to recognize the value of learning lessons from any mistakes made and adapt behavior, and to understand that “one size does not fit all.”