Women Reshaping Cyber Security
The cybesecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series we had the pleasure of interviewing Alexandra Forsyth.
Alexandra currently works as a Cyber Security Expert in London, UK and has been in the field of cyber threat intelligence (CTI) for the three years; known for carrying out industry-wide strategic research based on open-source reporting. Alexandra has been a long-time enthusiast in retail and fashion industries, creating AF’sRetailGuide / AFRG Club in the summer of 2023 - 2024 and has since evolved to be a platform for exploring retail, fashion, art, technology, and cyber security through the lens of podcasts, blogs, events, presentations, and much more, with the hope of offering guidance and building a community well-equipped with knowledge about cyber threat trends and risks within the threat landscape.
Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?
Yes, of course! But given the nature of my role in cybersecurity, I will keep it somewhat brief; you never know who might be lurking behind the screen!
I grew up in a small town and made the leap to attend university to pursue a bachelor’s degree in Criminology. I have always been curious about humans and why we think and do what we do. During this time, I also worked as a waitress for many years. I believe part of my drive and aspirations in life come from staying busy and embracing an entrepreneurial spirit. I’m always looking for ways to innovate and try something new.
After earning my bachelor’s degree, I went on to study Criminology at a second university, ultimately gaining my master’s degree and falling in love with cybersecurity. It was during this time that I learned how to protect small to medium-sized businesses from harm by researching, analyzing data, and compiling findings into reports.
Today, I am humbled to be a cybersecurity expert. My role involves strategically analyzing data and industry trends and collating findings for clients. The unique perspectives, skills, and dedication to fulfilling my duties would never have been possible without having to juggle my own life while studying and working in the hospitality sector. I also believe this is where my love for retail and fashion comes from, having spent many years working on shop floors, attending to customers, and guiding them through the consumer journey.
These skills have enabled me to create AFRG CLUB, a community built on ideas, new perspectives, discussions, and networking among talented individuals to foster conversations about retail, fashion, and technology. We recently launched and are set to take London by storm. I have big dreams and ideas for how I want to help people gain an advantage. I aim to encourage aspiring entrepreneurs to embrace opportunities and surround themselves with a supportive network.
Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?
Yes, one of my favourite podcasts is ‘The Ed Mylett Show’, I have been an avid supporter for many years. One of my quotes came from listening to Ed talk about taking the road less travelled, and to this day anytime I feel like life is getting hard, and I’m not sure where I’m heading, I will remind myself of this quote. I also teach public speaking and mentoring and often quote Ed because it’s not about the years of experience he has accumulated, it’s the way he allows his speakers to dive into topics and gives them the freedom to explore. I have also recently gotten into reading and rehearsing famous speeches, a technique public speakers tend to use to become better at pronunciation and offering emotion to the audience.
I have been reading Steve Jobs’ commencement speech to students at the University of Stanford, discussing his life before, during and after Apple, love, and loss. I have also read Walter Isaacson’s biography of Steve Jobs, and this was one of the first business minded books I ever read about five years ago. There was something about the way he navigated through life, not caring about what others thought of him, and being unapologetically authentic that really bewildered me, and I strive to put this into practice anywhere I can.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
One of the first things I learnt about cyber security and cyber-crime combined was the dark web. For anyone who isn’t familiar with the dark web, it is a decentralised part of the internet that can be accessed via the TOR browser and offers anonymity to users wanting to purchase illegal goods and services. For me, looking back as a young student studying a ‘cyber criminology’ module and learning about the dark web was so exciting, I ended up writing a report about the Silk Road marketplace created by Ross Ulbricht. I was completely fascinated by the journey this person took and watched countless documentaries taking a deep dive into what is still considered today as one of the most illicit marketplaces to ever have been created on the dark web, for the purpose of selling illegal goods and services to users.
Are you working on any exciting new projects now? How do you think that will help people?
Yes, I am currently working on a new project / community-driven initiative called AFRG CLUB.
People can expect AFRG to be a beacon for cyber security, retail, and fashion, a go-to source for cutting-edge insights. Blogs, mentoring, training material, career opportunities and more await anyone wanting to visit AFRG.
I also want to host networking events in the summer. Whether you’re a fashionista, consumer, part of the next generation, retailer, or brand, AFRG has something for everyone.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?
In terms of cybersecurity impacting retail, fashion, and consumer goods, I’m excited and proud to see organisations taking consumer safety more seriously. The NCSC recently introduced the Product Security and Telecommunications Infrastructure Act, enabling consumers to identify and purchase smart devices designed to provide protection against cyber-attacks. This act requires manufacturers to avoid supplying products with default passwords, and retailers to distribute leaflets informing their customers about cybersecurity measures.
In terms of cybersecurity and awareness, this is a step in the right direction. It will be interesting to see how industries adhere to the new restrictions monitoring Internet-of-Things devices.
I am also excited about the shifting landscape and the new ways retailers and fashion brands are using technology. For example, while only a few have entered the Metaverse, luxury brands like Gucci and Louis Vuitton are paving the way with their digital and physical clothing offerings.
I recently attended The Retail Technology Show in London and was mesmerized by the technology being advertised. One company was showcasing an AI-generated customer service assistant. Imagine a telephone box labelled ‘customer service,’ but inside is a hologram assistant ready to answer your most pressing questions in-store and on-demand. Considering the associated cyber risks, it will be intriguing to see what the future holds.
What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?
My three concerns tie in with the three biggest threats to retail, and fashion which are ransomware, data breaches (linking to supply chain) and most lack of public training and awareness. Understanding the fundamentals of cyber security, even just the basics on how to update your computer and smartphone securely with the latest software patches, limiting the amount of time you connect to public Wi-Fi, having anti-virus installed and actively scanning for suspicious activity, installing a strong password manager, and using a VPN can all protect you from bad people wanting to steal your data.
I also recently wrote a blog about Gen Alpha and how they are the next cohort of tech-savvy individuals, and how we should be looking at instilling cyber awareness and training as soon as possible. I’m concerned we will miss the mark if we aren’t prepared to think outside the box and help.
Can you share how you are helping to reshape the cybersecurity industry?
In terms of reshaping the cyber security industry, I am definitely coming from a place that I would consider is niche compared to others. Because I didn’t study a specific cyber security course during my studies, I ended up doing a lot of self-taught study to prepare myself for my first corporate role in threat intelligence. I found it extremely difficult to land my first job, even with having a masters, and therefore I strongly champion others and want to make it easier for those entering the industry. My blog AF’sRetailGuide and community AFRG CLUB was created by me in mid-2023 with the idea to provide public speaking advice, mentorship, and guidance through blogs written about retail, fashion, and cyber security. On my website there are multiple different streams of information for beginners through to seasoned professionals eager to take the next leap.
I also attend a lot of networking events, making connections, and sharing my story is vital in order to get the message out there and bridge the gap in knowledge sharing. After events, I will write a review and also share that in the community as part of constant knowledge sharing.
As products, devices and vehicles become connected, this is creating a new and emerging threat vector. How do you think manufacturers and their customers should prepare to be as safe as they can be?
It’s interesting you mention this. The National Cyber Security Centre recently released its advisory on protecting smart devices, trying to regulate manufacturers from distributing products to retail and consumer goods suppliers that have been built with default passwords included. The idea is consumers should be made aware of safety and security concerns when purchasing connected devices such as smart TV’s, household appliances and smartphones. I think generally we need to be making consumers aware of cyber-crime, and how through connectivity, hacking behaviours become more prevalent resulting in potential loss of data.
Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?
I used to take part in an ‘on-call rota’ at my first job in cyber security. This meant for one week each analyst would have to be available pretty much 24/7 in case of an incident. It just so happened the weekend I was on call, my client suffered a cyber-attack, and it was very publicly spoken about in the press. I grew up during that time in terms of liaising with different teams internally, and learning how to investigate, triage, analyse data and report back findings. I also understood how a company can be up and running one day, to almost being taken down entirely and operations stopped.
Cyber security is important, and we as professionals need to harness our knowledge and intelligence to inform others.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?
If making recommendations to an organisation, I would suggest having transparency between different teams including threat intelligence, threat hunting analysts, general cyber threat intelligence and security operations. These core teams will be responsible for analysing the latest threat actor groups, TTPs, and the overarching threat landscape, mapping against the organisations assets and policies in place to combat perceived threats. Having processes streamlined effectively, monitoring trends overtime, and checking log activity for suspicious activity on the network is crucial.
For consumers, it goes without saying but always try and pause when receiving a text message, friend request online or email from an unknown sender. Take the time to do your vetting, checking the sender address, not clicking on any links attached but rather if you can hover over the link to see if it really redirects to the described webpage. Avoid sharing too much information online, digital footprints can be dangerous, as threat actors indeed carry out a range of reconnaissance on targets using sites such as LinkedIn and Facebook to gather information about a company, employees, locations, and roles best suited to gain access to an organisation (IT and admin roles are favoured). Keeping updated with industry trends as well will help to get familiar with cyber security trends.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
Doing the necessary ad-hoc to understand what data has been taken and whether it includes employees and customers is important.
We say it a lot in security but never underestimate backing up your data, ideally in both online and offline environments, siloed away from your network. But always make sure to check clean devices and scan before implementing backup data.
Taking infected systems offline is paramount and can aid preventing contamination of other parts of the organisation. Only reconnect to the network once the proper sanitisation and remediation has been completed.
Implement disaster recovery plans if not following these processes.
Document processes how the investigation goes, and teams involved.
Awareness training to spot the signs of suspicious activity.
What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?
I think it’s important to consider cyber hygiene and cyber resilience, often one is prioritised over the other. Cyber hygiene involves patching, software updates, understanding your technology stack and how you handle your data. Whereas cyber resilience is the awareness training, scenario building through tabletop exercises to determine what the plan would be in the event of a cyber-attack.
What are your “Five Things You Need To Create A Highly Successful Career In The Cybersecurity Industry?
Be persistent — never give up, the beginning is always the most challenging, I should know, it took me a lot of interviews to land my first role. But I never gave in, and took all the feedback on the chin, correcting myself before diving into the recruitment pool.
Understand which area of cyber security you want to be a part of. Cyber security is a broad term, with many teams branching off, including threat intelligence which is the category I fall under. Doing your due diligence and research into careers can be useful and checking out senior members’ experience to identify interests.
Don’t underestimate the power of networking and connecting on social media platforms such as LinkedIn. I have met so many people in the last few years being in London, and avidly attend events to talk about real-world issues and find solutions.
Don’t be afraid to reach out to working professionals in the field, as always try not to ask about jobs available straight off the bat, but showing a keen interest in their craft, and asking for advice / mentorship can be quite refreshing. I love to speak with those just entering the industry and helping where I can. I am always free for a virtual zoom or in-person coffee for anyone willing.
This leads me onto my next point…never forget where you started, cyber security is a long game and a game changer full of career opportunities just waiting to be explored.
We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them :-)
I think given my role in retail and fashion; I would love to sit down with Jeff Bezos and write a review exploring the world of Amazon as the true pioneer in the space of technology, specifically robotics.
Thank you so much for these excellent stories and insights. We wish you continued success in your great work!
