SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Hayley clarke normcyber
#
Digital Transformation
#
Phishing
#
Email Security

How women in cyber change the conversation at board level

Thu, 5th Mar 2026
By Hayley Clarke, Customer Success Manager, NormCyber

I did not plan a career in cyber security. I studied behavioural sciences because I wanted to understand why people do what they do, and that curiosity has shaped every role I have held since – including my current position at NormCyber, where I sit on what I describe as the 'people side' of the organisation.

Although cyber security often gets framed as a technical discipline, my experience has taught me that much of it depends on human judgement, behaviour and trust. In my role, I work closely with security engineers and analysts, but my responsibility is to translate what they do into something that senior leaders can understand quickly and act on with confidence. This year's International Women's Day theme, Give to Gain, reflects my approach and what I advocate for: that investing in relationships and clarity leads to true cyber resilience.

Finding my place in a male-dominated sector

My route into technology was shaped by lateral moves rather than a single, defined pathway. I worked in insurance, pricing and IT from the customer side before moving into supplier roles. Working on both sides of the customer relationship helped me understand what senior leaders actually need when they are asked to make decisions quickly.

When I first moved into IT, I was often the only young woman in the room. I was aware of that difference, particularly early in my career, and it came with an unspoken expectation to prove my capability more visibly. Over time, I learnt to address that directly by being clear about what I bring to the role and by staying true to what I believe in – even if the room is full of stronger personalities or more knowledge. 

This experience shaped how I think about trust, particularly in cyber security, where credibility builds slowly but can disappear fast.

Why cyber security works best when it feels human

One of the biggest surprises when I moved into cyber security was how human-led it really is. Our teams are highly technical, but every decision they make starts with a person – and that matters more than you think when you need to explain risk to senior leaders who want relevance rather than detail.

Phishing attacks illustrate this principle well. Basic phishing emails are easy to spot, but the most effective attacks now rely on understanding behaviour. I have seen phishing attempts timed to payday, written in a familiar tone and designed to prompt a quick emotional response. They succeed because they reflect real life and real pressures.

This is why behaviour change plays such a central role in cyber. When risk is explained in clear business terms – including what it means for reputation, finances and business strategy – it becomes tangible. My role is to help make that translation so that technical insight turns into informed decision-making at board level, and so that conversations shift from technical noise to clear choices about risk, impact and priority.

The magic of personal relationships

For me, 'Give to Gain' shows up in how relationships are built and maintained. When you invest time, consistency and availability, what you gain back is trust – and that trust becomes critical when customers face pressure. I speak to all our customers regularly, which means I start to see the same questions surface across different organisations. In my first year at NormCyber, those conversations fed into small but meaningful adjustments to how risk is reported, so senior leaders get what they need more quickly.

In customer success, this level of regular contact matters. Sitting down together, understanding what matters to the customer and following up in a steady, visible way shows customers that there is a person driving progress behind the reports. That consistency reassures people that their concerns are taken seriously.

This approach is strengthened through collaboration with our Focal Analysts at NormCyber. They know their customers and environments in depth and act as a consistent point of contact, while I focus on how their insight lands with senior leaders. By working closely together, we connect technical expertise with business context, which allows customers to see risk clearly and act on it with confidence.

Give empathy, gain trust

I have never believed there is a single profile that belongs in cyber security, or a single route into the industry that defines success. What I do know is that the field is enriched by people who understand behaviour, communication and trust alongside technical expertise.

My advice to women starting out in the field is to lean into their soft skills and curiosity. When you give your time, effort and honesty, you gain credibility that enables you to influence outcomes for customers and colleagues alike. Seeing the real-life impact of this approach at board level is rewarding, and it underlines why the way we talk about cyber risk matters.

Related stories
Anthropic launches Claude Opus 4.7 with stronger coding
CIQ launches Linux compliance platform ahead of deadlines
Your.Cloud acquires Pure Cloud Solutions in UK push
Emerson & OPSWAT strike global reseller deal for OT patching
IWF & Cyacomb launch workplace abuse material scans

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
CERN joins OpenSearch foundation as associate member
OpenAI launches Trusted Access for Cyber with major names