Deloitte’s Jacky Fox: ‘The cybercriminal is becoming more automated’

8 Mar 2019

Jacky Fox, Deloitte. Image: Jason Clarke Photography

Deloitte Ireland cybersecurity leader Jacky Fox says that as hackers become more automated, augmented intelligence must be the way forward.

Jacky Fox leads the cybersecurity and IT forensic practice for Deloitte in Ireland and lectures on the master’s course in cybersecurity for University College Dublin.

She has more than 20 years’ experience working in technology and security, and advises leading Irish and international organisations on managing their cyber risk.

‘I am the best social engineer ever. Who would stop me walking into their building? Do I look like somebody who’s going to steal all your stuff?’

Fox holds a master’s in digital investigations and forensic computing, and is a certified forensic analyst and industrial control systems professional. She is an active researcher and public speaker on topics ranging from windows registry analysis to cryptography, threat intelligence, incident response and hacking.

Fox was named Security Champion of the Year at the 2018 Women in IT Awards Ireland for her strong technical skills and determination in helping address the problem of gender diversity with the tech world.

We caught up with Fox during the recent Hopper Local Dublin 2019 event at the Microsoft campus in Sandyford.

Tell me about your own role and responsibilities in driving tech and security strategy.

I lead the cybersecurity and the digital forensic practice for Deloitte in Ireland. We are 35 people. I’ve been there for seven years and we do a huge variety of things, but mainly we try to help people with their cybersecurity strategies. We also help people to secure their network infrastructure and data, and that could be anything from penetration testing to how they should run their GDPR programmes.

We do a lot of work around helping people to monitor and put metrics in place, to ensuring that the controls are actually functioning properly. We also do incident response work where we are advising people how to put a plan in place to respond when it goes wrong, but we also do actual emergency response work.

What brought you into cybersecurity?

I am the best social engineer ever. Who would stop me walking into their building? Do I look like somebody who’s going to steal all your stuff?

I’ve always been in tech and IT, and in fact my dad was in tech and IT. I loved maths, science and art in school, and the idea of using science and creativity and putting the two together, and being presented with problems and solving them.

I did my Leaving Cert very young at 15 and, after realising I was too young for college, I went off to learn how to program and learned electronics. I started work at 16 in an IBM PC dealership where I got to work on hardware, programming and operating systems.

While working at the dealership I went to Kevin Street and studied electronics … There were 30 people in the class and I was the only woman. I remember them looking at me asking, ‘Who’s yer one?’ But the lecturer was brilliant and in the first test I was the only one that got 100pc and he called me out. I was mortified, but he did the best thing ever. Suddenly, everybody wanted to be my study buddy and it made a huge difference.

So, I always loved tech and was really lucky to get a job with that PC dealership and worked with them for a few years, and one of the manufacturers they worked with offered me a role in the UK as a tech support manager. Suddenly, I was 21 and I had a very senior role in an American organisation and worked with them for a number of years before joining Dell when they started up in Ireland.

You took a career break and had five kids. Was it difficult returning to a career in tech?

It was a challenge. I was lucky in that I already had a good career and I was confident in my ability even when I stopped. When I went back and did the master’s degree, I wanted to do something that was intellectually challenging – not that rearing children isn’t – but I wanted to do something that appealed to the mathematical side of me. I wanted to get back to what makes me tick and loved going back. My youngest child had just started school and I was like somebody who had been set sail on the ocean again and was completely fulfilled.

What’s stopping more women from returning to careers such as tech after having children?

I would say confidence. Could I have gone straight back without doing the master’s? I think I probably could because I am very comfortable in my own skin, but I think a lot of people who are at home a while do struggle with confidence.

To me, I look at a lot of my friends who say they wish they could have gone back when I did, and I say: ‘Just do it. Look at all you have got to offer, all we are missing in Ireland that you could bring.’ And there are so many women I know that would be wonderful back in the workplace, but they don’t have the confidence to get back in there and there’s nobody tapping them on the shoulder inviting them back in. It’s a missed opportunity for the tech sector and for so many good people.

It’s hard to push back in. I was lucky because my course director liked the thesis I wrote and asked me to make a film about it, which I did. Also, one of the lecturers who was working at Deloitte at the time said I would be great on the team.

When I went back I took a junior role, but I escalated quickly because I wanted it. It was hard going in initially because there were people that were younger than me – and it wasn’t their youth, it was their experience that sometimes scared me. But then, I would be sitting there and would say: ‘I wouldn’t do it that way.’

I needed to move up quickly and I was ready for it. Now, I have a great team working with me and a lot of us have been together a long time at this stage and we are lucky. We get a lot of exciting opportunities to go out and help people solve interesting problems. I feel I have the best job in the world.

We need more people like you to be protecting us, but the reality is we don’t have enough security professionals. How will that change?

The cybercriminal is becoming more automated and I think the cyber-defenders need to become more automated as well.

I fear there are huge risks in bad application of AI. To me, it is important that there is a human in the loop too. I like the idea of augmented intelligence where there is still somebody there tweaking and twisting and making moral decisions in the middle of it.

Cyber is the fifth domain of warfare now. Air, sea, land, space, now cyber. I think we need to be cognisant of that.

I am fortunate enough to be involved in the National Cyber Security Strategy at the moment. Definitely, we need to get more women involved because there is a shortage of women, but even the diversity that is needed. Not everybody needs to be a technologist; there is lots of room for people who are teachers and trainers to teach the skills, to teach how not to get sucked into a phishing email and more.

For me, it’s a matter of the message getting out. I’m very passionate about this.

Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years