Alexandra Mercz is an accomplished cybersecurity and technology Chief of Staff with a strong track record in multinational financial institutions and startups. She has held senior positions at several CISO and COO offices and is well-versed in engaging and communicating with all C-level stakeholders, leadership, staff members and external parties. She is intimately familiar with standards, frameworks, and policies, as well as technical measures and protocols.
Apart from her extensive leadership experience, Alexandra is also a seasoned public speaker and an avid volunteer. She is at the forefront of the industry and leading the way for better diversity and inclusion, along with very strong advocacy for self-development and breaking barriers.
Recently, in an exclusive chat with Digital First Magazine, Alexandra shared her thoughts on the future of cybersecurity landscape, the inspiration behind establishing the (ISC)2 SG Mentorship Programme, the must-have skills required by today’s cybersecurity professionals, and much more. The following excerpts are taken from the interview.
According to you, what will cyber security look like in the next 5 years?
In the next 5 years, we can expect the proliferation of increased automation and the use of AI in cybersecurity. As the volume of data and complexity of attacks increase, organizations will need to rely more on automated tools and AI to detect and respond to threats. With the rise of data breaches and increased public awareness of privacy issues, privacy and data protection will be prioritized in cybersecurity strategies.
What are your thoughts on diversity and inclusion? How important is it to have authentic conversations with leaders, professionals, and changemakers to create more acceptance across the globe?
Having authentic conversations about diversity and inclusion in cybersecurity starts with acknowledging the current state. According to a recent report about gender diversity, women held 25% of cybersecurity jobs in 2022, with only 13% women representation in executive roles. Clearly these calls for action to develop concrete actions plans and targets to improve this situation in the future, across the globe. Women talent is frequently over-mentored and under-sponsored, and to fight this, the focus should be on enabling women to progress in their cyber career with real sponsorship and advancement opportunities. Lack of diversity and inclusion results in increased risk of group-thinking, lack of innovation and effectiveness.
What is the importance of aligning the business aspects of the organization and cybersecurity?
Cybersecurity was primarily viewed as a technical issue in the past, that could be solved through the implementation of technical solutions. As technology is increasingly becoming integrated into every aspect of organizations, cybersecurity is now a business issue that requires involvement and collaboration from stakeholders across the organization. Cybersecurity risks can have significant impacts on an organization’s reputation, finances, and operations, making it essential for business leaders to be involved in managing cybersecurity risks. Hence, it is no longer viewed as only an IT problem, but rather a business problem that requires a holistic approach involving people, processes, and technology.
You are the Founder of the (ISC)2 SG Mentorship Programme. What inspired you to establish this programme and what is your vision for it?
The inspiration for the (ISC)2 SG Mentorship Programme came from real-life needs that were presented to me by junior and mid-level professionals during my career. My advice was frequently sought on their professional development and this highlighted a gap for such guidance in their environment. The most common question was around what is next in their career and how do they pave their path to achieve their goals; this gave me the idea of a formal mentorship program where experienced professionals guide junior talent on their development journey. I am proud to say that this programme had a very well-balanced gender diversity of 45% female participation across mentors and mentees.
What are the top skills, both technical and soft skills, that are greatly needed as a cybersecurity professional in the current digital landscape?
Next to a very strong technical foundation, cybersecurity workers need to have strong skills in risk assessment and management. They need to be able to identify, assess, and prioritize risks, and develop strategies to mitigate those risks. Being familiar with a wide range of cybersecurity tools and technologies and staying up to date with emerging technologies and tools is non-negotiable in the current digital landscape. Lastly, communication, collaboration and problem solving are essential to enable teamwork in cybersecurity.
In your academic or work career, were there any mentors who have helped you grow along the way? What’s the best piece of advice you have ever received?
I benefited both from formal and informal mentorship during my career. I believe that seeking an experienced person’s wisdom with humility to learn and grow, almost always leads to greater results. The quote of one of my mentors is still the guiding principle in life: “Your best is just enough”, meaning to always thrive for better and to challenge limits for self-betterment.
What has been your most career-defining moment that you are proud of?
The most career-defining moment for me was, when I began to build a non-traditional career path. This way allowed me to obtain and build multiple skills which complement and build on each other. Next to my technical and cybersecurity foundation, I am also using my financial and accounting knowledge when it comes to handling matters with the financial teams; my audit, governance, risk and compliance experience to manage risk committees and reporting; my operational exposure to be able to pivot quickly allowing priorities to be addressed, and the list goes on.
Where do you see yourself in the next 5 years?
At the current stage of my career, I am more and more focused on serving and giving back to the community both at the workplace and the cybersecurity ecosystem. The obvious next step in my career is to serve on boards, and to support initiatives that advance the industry. I believe this work is never done, and joint effort is needed to make tangible positive difference.
What advice would you give to women who want to pursue a career in tech.
My advice to women who want to pursue a career in technology or cybersecurity, is to join communities and network with like-minded professionals often. Be confident and seek out opportunities to build skills; there are plenty of free or affordable education available online. And finally, take a leap of faith: no one is perfect, and everyone starts somewhere. Focus on the journey and take a step every day that leads to continuous improvement and achieving goals.