Jessica Gomes is the Head of Cyber Security at Grant Thornton Australia, with experience leading and executing comprehensive security strategies across the legal and professional services industries globally. Recently recognised as one of the top 50 CISO’s to watch in 2024, Jessica has a strong background in defensive security, incident response, cloud security, DevSecOps and cyber risk management from various technical and leadership positions. Jessica is both passionate and committed to promoting diversity and inclusion in the cyber security domain.
Recently, in an exclusive interview with Digital First Magazine, Jessica shared the most favorite aspects of her role as Head of Cyber Security at Grant Thornton Australia, key insights on the future of cybersecurity landscape, significant career milestone, future plans, pearls of wisdom, and much more. The following excerpts are taken from the interview.
Hi Jessica, what part of your current role do you enjoy the most?
Having spent the majority of my career to date working within tech organisations, I’m really enjoying the challenge of throwing myself out of my comfort zone and into professional services at Grant Thornton, which is a sector of unfamiliarity. The financial consulting space is a completely different realm, bringing with it a whole host of new security considerations.
In terms of the most enjoyable parts of the role, I’ve always loved how different each day can be. I’m a very “hands-on” leader, so I’m comfortable jumping into the tools we use and even writing or deploying code if necessary. Along with that, I really enjoy translating security risk, strategy and roadmap in a way that makes both logical and commercial sense to the Board (and wider business). Then I also love being a leader and working with my team to constantly challenge ourselves and raise the overall security posture of the business. So, it’s difficult to pick one aspect as the most enjoyable, I’d just say the variety of work and how different each day can be.
According to you, what will cyber security look like in the next 5 years?
I think Artificial Intelligence (AI) is going to play a huge part in what cyber security looks like in the next 5 years as it becomes adopted by both sides of the cyber battle. We’re already starting to see more AI powered attacks, ranging from deepfake social engineering attacks through to automated malware attacks. I think this is why AI has become a bit of a dirty word when used alongside cyber security in the media, but then at the same time, I think if we look at how AI and Machine Learning (ML) are already transforming the cyber security defense landscape, there’s also so much upside to the technologies. As the rate of innovation in this space increases, I suspect we’ll see more powerful AI and ML driven systems come to market which are learning networks and analyzing vast datasets to not only identify these anomalies and threats, but also remediate them.
I think another exciting concept which already exists, but I can see accelerating over the next 5 years is the concept of zero trust architecture. As we’ve seen with the rise of DevOps and DevSecOps in recent years, cyber security concepts, processes and ways of working are going to be core to an organisations ability to protect themselves. Deep rooted in the principles of eliminating trust and continuously validating every stage of an interaction, zero trust is a business-wide strategic approach versus a piece of software owned by the cyber and networking team, and I think that’s equally (if not more) powerful.
What is your leadership style, and how do you foster a culture of collaboration and excellence within the team?
I like to have a clear vision of what the future looks like in terms of our security posture and processes, so my leadership style is to continuously communicate the end goal while trying to foster a culture of collaboration and innovation to get us there. I’m a strong believer in building an environment of autonomy where each team member is empowered to take ownership of their work and make decisions that directly align to the vision. I like to think of myself being readily available to provide guidance and support when needed but avoiding micromanagement or control. I want my team to feel empowered to communicate ideas, make decisions and stand by them, but only if we are all also open and willing to take onboard feedback, learn and grow if those decisions turn out to be wrong.
What are your thoughts on diversity and inclusion? How important is it to have authentic conversations with leaders, professionals, and changemakers to create more acceptance across the globe?
Diversity and inclusion are very important to me as a leader. With an industry as multifaceted as cyber security, there’s no room for one-dimensional thinking, we need to be proactive, innovative, and constantly challenging the “norm”. I’m a big believer that different perspectives are our greatest defense, and this can only be achieved if our teams are inclusive and diverse. Some regions are more accepting than others, so I think it’s incredibly important to keep building connections and having candid conversations with leaders and professionals across the globe to highlight the benefits of diverse and inclusive workplaces and foster change for good. In addition, Grant Thornton is committed and active in workplace diversity and inclusion resulting in a workplace environment where people are respected, connected, progressing, and contributing to organisational success. We have initiatives in place to promote gender equity, cultural diversity, and LGBTQI plus inclusion, and we celebrate diversity in the workplace.
What are the top skills, both technical and soft skills, that are greatly needed as a cybersecurity professional in the current digital landscape?
I always encourage being a “generalist” over a “specialist” in cyber space. I just think that the variety of work differs so much from one day to another, so having a breadth of experience across multiple domains will ultimately work to your advantage and success as a cyber security professional. In terms of soft skills, I think it’s becoming more important to be a strong communicator and have the ability to communicate technical aspects of the role in a way that makes sense to non-technical people. Cyber is a business-wide risk and needs buy-in from all stakeholders within the business, it’s the responsibility of the cyber team to ensure this is communicated.
How do you think we can attract more young people to this field?
I believe as leaders we need to make more of an effort to get in front of young people, attending schools, universities, and public speaking events. I think internships are another great way of getting young people into the field and getting some real-world experience on their CV. It definitely helped me with my career.
What has been your most career-defining moment that you are proud of?
Stepping into my first global head of security role was a pretty significant milestone in my career. Working with a diverse group of cyber security professionals and having the responsibility of driving cyber security outcomes in a global growing public business, was no easy task but pivotal in my journey to becoming a leader in the field.
In your academic or work career, were there any mentors who have helped you grow along the way? What’s the best piece of advice you have ever received?
There have been several individuals who have been pivotal in my journey; and have become close friends throughout the years. Networking is key in the field of cyber, building relationships, having candid conversations, and sharing experiences. There’s a network of CISO’s and Head of Cyber professionals out there willing and wanting to help, they’ve been a great asset for me. Even this week, we are in the process of reviewing a few different software vendors, I reached out to my network to ask for their advice and had 3 virtual meetings with CISO’s I’d never previously had any interaction with.
If I had to think of one piece of advice I’ve received, it was from a former leader who told me to “continually speak up and challenge the status quo”. Early on in my career, I struggled to find my voice and speak up to offer a difference of opinion, but having one person in your corner can make all the difference. As I started to challenge other people’s opinions and not doing things because it’s “the way it’s always been done”, my confidence started to grow.
What are your passions outside of work?
Outside of work I like to switch off as much as possible. I keep it low-key with my partner and our adorable Bernedoodle puppy “Bao” (yes, like a Bao bun!). I like keeping active, and getting out in nature, whether that’s taking trips to the beach, taking a hike, or going camping. We’re both massive foodies as well, so if we’re not cooking in, we’re going out and trying all different kinds of cuisine, delicacies, and wine (must not forget the wine!)
Where do you see yourself in the next 5 years?
Continuing my journey of learning, building and growing. I love professional development and building high-performing security teams, so I’ll keep doing what I can to keep my finger on the pulse and continue finding enjoyment in cyber space.
Please share some advice for someone looking to start a career in cybersecurity.
Just go for it! Cyber is the most exciting evolving industry with no two days ever being the same. The cyber community is also the most welcoming and supportive; honestly it is the close network of knowledge sharing, mentoring and support that make what we do so worthwhile.