Woman in Tech of the month: Alison Dyer 

Describe your role and what a typical day would look like for you?

I am the Chief Information Security Officer (CISO) at ASOS and responsible for cybersecurity, physical security, and fraud prevention.

A typical day for me is filled with back-to-back meetings. The meeting topics chop and change all the time. In one meeting I could be looking at trends in incident data, the next considering compliance with regulation, and the subsequent meeting could be discussing strategy for fraud data, and putting together a business case on how we prevent more fraud from occurring.

This is one of the reasons why I love the CISO role. It’s so varied. I get to work with different departments across the business but still retain a deep technical expertise in the field. In addition to this, I love that there is a CISO-to-CISO network which is built on the fact that we all have a common adversary. I’ve never worked in a field before where, despite competition between companies, we can still have conversations about cybersecurity and how we’re each addressing it.

In late 2022, I was appointed to the National Cyber Advisory Board which is a forum for a more inclusive and engaged national dialogue on cyber. The Board brings together leaders from academia, industry, and the third sector nationwide. It allows the Government to hear alternative viewpoints and harness networks from across the cyber ecosystem, mobilising them to support delivery across all five pillars of the National Cyber Strategy. I’m also the Chair of the International Information Integrity Institute (i-4) member advisory committee. It’s through roles like these that I continue my personal development.

For all the upsides, the CISO role also presents challenges. One of which is the context-switching of meetings. While I enjoy it, it’s important to constantly be on I-game. How I manage this, is to scan through my meetings ahead of each day and think about what might come up, the key points I want to make, and the output that I need from each meeting. This is how to ensure that every meeting can be as effective as possible.

Another challenge is how easy it is to be pulled into deep technical discussions. For example, urgent operational issues where it’s important to delve into the details. But it’s also crucial for CISOs to operate on a strategic level that aligns with the company’s goals at the same time.

I think the secret to being a happy CISO is being able to quickly get back to that strategic level of thinking about the bigger picture, and the communication of stakeholder engagement with the board. This is what really drives the department forward.

What has your career journey been like so far?

I sort of fell into cybersecurity! I initially studied Mechanical Engineering and I worked as an engineer for several years before progressing into IT for GlaxoSmithKline (GSK), where I held a variety of IT roles. During my sixteen years at GSK, I went to Malaysia for three years to set up a global IT centre from scratch in Kuala Lumpur.

Upon returning to the UK, I was given a programme and portfolio management role. One of the projects in the portfolio was the ‘new’ cybersecurity programme. At this point in my career, I knew nothing about cybersecurity, but I had a reputation for delivery. I successfully ran the programme for two years, during which I completely fell in love with the field. I decided to do a master’s degree in information security to supplement the experience I was building in the role with the theory of a qualification.

I soon realised that a CISO role would be a perfect fit for me as it has the blend of problem-solving and deep technical expertise, while still maintaining variety since it requires collaboration with every area of business.

I’ve since gone on to do a couple of CISO roles. My first was with Urenco, who enrich Uranium as fuel for nuclear power stations. I’m currently with ASOS, the online fashion retailer.

Technology, especially cybersecurity, is such a dynamic field. How do you stay up to date with the latest advancements?

This challenge is specifically what attracts me to the field, as I feel like if I’m not learning every single day, then I’m going backwards.

In cyber, it’s important to keep up to date with the latest threats as well as try to predict what might arise in the future, to prepare for all situations. For me, I achieve this by attending conferences and networking with like-minded individuals and CISOs. During these conferences, we collaborate and share what we’re each doing, what has worked well, and what hasn’t, and how we can all learn from each other’s mistakes so we can collectively move faster. It is also crucial to consult academia by looking at the latest research and threat intel to prepare appropriately.

It's important to mention that in recent years, geopolitics has become more relevant to the CISO role. So, it is vital to stay up to date with world news. We’re expected to understand the implications of economic and political changes, which can lead to the nation-state attacks we’re seeing, as well as changes to laws such as data privacy and data hosting across the globe.

I couldn’t answer this question without mentioning Generative AI. Its impact has been rapid and multi-faceted. It’s already changing the way we all do business and is a great example of where we need to embrace rather than resist change, adapting our security practices to keep pace with business and technology adoption.

What would you consider your greatest challenge and biggest achievement in your career?

Getting my first CISO role was the greatest challenge. This is because company boards are usually involved in recruitment as it’s such a strategic role. However they tend to be risk-averse and prefer to hire someone already experienced in the role. It was challenging, to make that first leap and find a company willing to take a risk on me.

I am also proud to be part of the National Cyber Advisory Board. It enables me to look holistically at the whole of society’s approach to cyber, which is an opportunity that I’m grateful for. Additionally, cybersecurity has a significant impact on businesses, and it's rewarding to know the work we do helps to protect companies and customers.

What advice would you give to other women looking to pursue a career in Cyber?

My advice would be to figure out what makes you happy and what you love to do. And, don't rule out cybersecurity as a career just because you don't necessarily fit the technical route. Cybersecurity is a broad field, and from my perspective, we need to recruit more people with business experience, as it’s about understanding business processes and enabling the business to operate securely.

So, don't be afraid to join a project bringing your own unique skillset, and then gain the experience to kickstart your cybersecurity journey. I’m testament to the fact that there is no single right way to pursue a career in cyber.

I also think you should embrace every opportunity to learn and grow by saying “yes”. I’ve personally found it difficult to answer the question “Where do you see yourself in 5 years?” but I do know that I love learning and being in a role where I’m challenged. Saying “yes” doesn’t mean you don’t make mistakes along the way, but it does enable you to grow and become more adaptable to change. An important skill to have in technology.

When looking back on my career, the last piece of advice I would give is to stress the importance of finding somewhere where you can be happy and fit the culture. This has become more important to me over the years, but it’s crucial to success in any career.