Call us on 03450 21 21 51

SRM Solutions
Katie McMillan: on achieving ISO 27001 and QSA qualifications and the challenges facing women in IT
The SRM Blog

Katie McMillan: on achieving ISO 27001 and QSA qualifications and the challenges facing women in IT

Julia Wailes-Fairbairn

Written by Julia Wailes-Fairbairn

9th September 2019

Share this article

Katie McMillan stands out in the world of Information Security. Not only does she represent one of the growing number of women working in the sector, she also gained 100% in her recent ISO 27001 Lead Implementer exam and achieved certified PCI QSA status just a few weeks later. Here she explains how she got involved and what drives her to succeed in this largely male-dominated world.

How long have you worked in information security?

I have worked as a consult and in Information Security since October 2018. Prior to this, I spent 7 years building a career in IT, from helpdesk level to system and project management. During this time, I was exposed to information security from various angles.

I made the decision to move into the cyber security sector whist working within a large infrastructure team, where I was faced with a great deal of legacy systems with vulnerabilities. I discovered that updating the systems to a place of safety inspired me, and I started to research as well as discuss with colleagues, both current and ex, about the best route to take into a cyber security career.  

What is your educational background?

When I was growing up, there weren’t many female students engaging in STEM subjects. This has improved but it’s certainly not an equal footing for women as it is for men in the sector. Although I did take ICT as a subject at A Level, I chose to follow my other passion for writing and went on to University and achieved a BA Hons in Journalism Studies. I discovered a lot about myself while at University, and decided journalism wasn’t for me. I proceeded on the same path that many new graduates follow, working in a call centre for 5 years. I then went on to work on an IT helpdesk and as I am heavily ambitious and focused, I worked my way up through the levels of my career. I have gone from a non-technical background and pushed myself through self-learning and determination to holding a senior role within cyber security.

What did the preparation for the exam involve?

 During my time with SRM I have completed the ISO 27001 Lead Auditor certification, the ISO 27001 Lead Implementer certification and more recently, the PCI QSA certification.

I found the ISO 27001 Lead Implementer a very interesting course. I took this after the Lead Auditor course and after working on a few ISO 27001 projects giving me a good background understanding of the standard. This and my Project Management skills from previous roles, put me in a good position to navigate the course material and obtain the certification.

Why is the ISO 27001 lead implementer qualification important?

The ISO 27001 Lead Implementer qualification gives candidates an understanding of the standard in a hands-on fashion. It doesn’t go into depth about the auditing styles but instead focuses on the clauses and controls and how to implement these in any organisation.

What are the particular challenges facing women in IT?

In a lot of the organisations I have worked with, I have heard some horrendous remarks directed towards women working not just in IT, but in STEM subjects as a whole. The focus was often on how women look or react emotionally. The surprising fact is that women are often just as derogatory towards women as men are. The lesson here is that women are just as capable, intelligent, strong and ambitious as men are. It’s rare to  find a man who has been questioned on the appropriateness of their dress sense, whether their mood is connected to hormonal imbalances and that their hair colour affects their IQ. There is a reluctance to move away from the status quo and with the majority of senior roles in organisations favouring men, women are left lagging behind, for no other reason than that’s how it has always been. Having repeatedly worked in organisations where I am often either one of, or the only woman on the management team, I can honestly say that there is still a major gap which needs to be addressed. The more women who are promoted within STEM environments, the stronger we get and the closer we come to closing the gender gap for good.

How did SRM help you to achieve your result?

Working for SRM has been a breath of fresh air for my career, my confidence and providing me with the training I needed to obtain such industry recognised qualifications. The team at SRM are like a family, we all take the time to support each other through shadowing or through internal training sessions.  We focus on own self-improvement, provide constructive criticism and help to keep each other motivated when we’ve had a tough day or week. This kind of camaraderie really helps and provides such a good supportive network where we can ask questions or discuss concerns with. I have never worked with a more supportive team; everyone is invested in each other’s success, and will do anything within their power to help their colleagues succeed. We get the same buzz from seeing each other succeed as we do if we succeed ourselves

What are your ambitions for the future?

I intend to continue to build on my cyber security experience and to push myself to obtain my next milestone which is the CISSP (Certified Information Systems Security Professional) certification.

Katie’s role at SRM is as a Senior Information Security Consultant. With her strong background in Infrastructure, developed over the past 7 years, Katie has a wealth of technical experience managing large complex teams and is used to being responsible for a wide range of services. ​This includes acting as lead consultant for a number of high-profile clients, delivering a wide range of projects across the SRM service offering. She has been involved in the implementation of comprehensive Risk Management methodologies, Cyber Essentials, ISO 27001 controls and GDPR compliance. Since joining SRM Katie has worked in a V-CISO capacity while also planning and delivering Incident Response, Business Continuity and Disaster Recovery projects. and implementing ISO27001.