Top women in tech 2023: Cheryl Torano
Continuing the string of profiles for Holyrood’s top women in tech 2023 is Cheryl Torano, who was appointed the business development manager for the Abertay cyberQuarter in August 2021.
She graduated from Abertay’s ethical hacking programme in 2017, having undertaken an accelerated BSc Hons degree. After graduating, she worked in Abertay University’s digital marketing team until 2019 when she took up a role with Brightsolid as a cyber security engineer while completing an MBA in business administration in cybersecurity.
Torano sits on the Scottish Women in Cyber and Ladies Hacking Society committees and has been described as a “key member” of the Scottish Cyber Cluster.
Torano spoke to Holyrood about how hard it was to be a female in the male-dominated sector and the importance of widespread cyber-training for a safe and stable future.
What is your first tech-related memory?
In school, I took what I think was called office administration. This class introduced me to computers.
At school, did you feel you were encouraged as much as your male colleagues to take on opportunities within the tech sector?
No. The office administration class was full of girls. While the boys did something different in computing, we learned how to type, create invoices, etc – all the things that were stereotypical for girls to do.
And when did you decide to go into tech?
I was late going into tech.
I went into office administration for around ten years when I left school. Once I had worked my way up to office management, I realised I couldn't go any further.
However, at the same time, I started getting interested in fixing computers. Instead of phoning the IT guys when things went wrong with the computers, I would try and fix it myself. So, I think I was about 25 when I went back to college to do computer networking.
I also realised everything was going digital so I told myself, ‘I've got kids to support, and if I want to be able to make some decent money and have a career then I have to switch’. Technology was the obvious choice at that point.
So, you changed your career when you were 25, were you scared?
Terrified. Even then, I was the only girl in the college class I took, which didn't help. It was a very, very daunting time – I gave up a full-time job to go back to being a student. It was terrifying, but I knew it was what I needed to do.
Who/what was your biggest influence to come into the sector?
I'm not going to lie; it was the money. It was a better salary and better career opportunities.
Also, when I was at college, thankfully, one of the lecturers was female. As I was the only girl in the class, she zoned in on me and was really supportive.
I knew she had worked in the industry and knew her background, so having her as a lecturer really inspired me and kept me on the course.
Once you were in the industry, would you say it was difficult to be heard as a female?
One hundred per cent. After college, I moved on to cybersecurity. I went into my first role as a security engineer and I can say that I was not listened to whatsoever.
Within the organisation I went to I was the only security engineer, and I can honestly say that my male counterpart, a lot of the time, looked at me like I was daft. They didn't listen to what I had to say. I had to go to some extreme extent to get people to listen to me.
I can remember presenting to the board all the security flaws that I spotted within an organisation and not being listened to, so I had to go and present to the senior management team and it wasn't until then that they started listening to me. I had to take serious action to get them to stand up and listen to me.
In the meetings, it was just me and all the other male engineers and sometimes they would laugh and say under their breath, ‘she doesn't know what she was talking about’. It's not an issue now, the further up that I've moved.
However, I also think, it depends on the type of person you are because you've got to be quite bold to be able to work with men. There were lots of times I came home feeling totally deflated. But I'm too determined to give up. I'm also a mother, I can’t give up.
And why did you decide to focus on cyber?
That one is easy. When I was in college I realised the amount of bad people that are online and how they try to exploit children, so for me it was always to protect kids.
There are so many bad things that can happen and I just couldn't sit back and not try to protect these vulnerable kids online.
What is the moment in your career you are most proud of?
There are a few moments. Last year I was runner-up at the Scottish Cyber Awards for 'most influential women in cyber' – that was a good moment.
Launching the cyberQuarter was a fantastic moment as well.
I was still a student at Abertay when they started talking about the cyberQuarter and building business cases to make it become a thing and when I graduated, I remember saying to them, ‘I want to work there one day, I'm going to come back'. So, to be the one to be able to launch it, I don't think I'll be able to top that in my career again.
What are some of the challenges you faced within the industry?
It was hard for me to find a job in Dundee. There are not a lot of cybersecurity companies in Dundee. Don’t get me wrong, everyone who takes on Abertay’s ethical hacking program gets job offers before they graduate. I had job offers in Hong Kong, London, and Edinburgh, but I had young kids, so I was stuck in Dundee.
What do you think are the biggest challenges the industry is facing now?
The skills gap is a big challenge. There are not enough cybersecurity professionals. There are many job openings and not enough people to fill them.
Fear is also a key issue. Some people won't report attacks because they fear that if their customers knew they had been breached they would lose customers, which doesn't help anybody as we don't know what attacks have gone on.
So right now the figures on the breaches that have happened are probably a lot higher than the ones that we have because people aren't reporting out of fear.
Do you think certain areas should be a focal point for future training?
Definitely. There are areas that people need to focus on and skill-up on; fraud and cyber are two of these.
I think there is also a misconception that people think they must be purely technical to work in tech, and this isn't the case. Most employers that I speak to now say that they would rather hire someone with soft skills that they can tech-up later.
I also want to try to encourage folk and make them not be scared. A lot of people are still scared of technology. For example, if anyone clicks on a phishing link, there's this belief that you're stupid. We need to change the mindset so anyone who suffers from a cyber-attack knows that they're not stupid and that they are a victim.
There should be cyber awareness training for all. However, the training available usually involves some phishing exercises, which I think are quite dated. I think it's better to get people in a room and go through a simulation of a ransomware attack as opposed to sitting someone in front of the screen for 30 minutes, clicking on questions. It's time for a different approach to it.
People are fighting fires and that is what we are trying to do with the cyberQuarter. We are trying to get ahead of the game and figure out solutions for things before they happen.
Overall, do you believe the gender digital skills gap has widened, stayed the same or shrunk a bit since you joined the sector?
I believe it has got slightly better if you go back to 10 years ago when I was in college. I've seen a difference throughout my career path.
Certainly, in Scotland there's a lot of strong female leadership in cybersecurity. I'm also seeing more female students coming into ethical hacking as well.
I think it's up to us women working in the sector to stand up and be like, ‘this is what I do. This is what my job role involves, it's not hard’. It’s going back to breaking those barriers.
I will also say this: if there were as many women, as men working, there would be no gap or skills shortage at all.
What do you think the impact in the future if the skills gap is not closed?
If the skills gap isn't closed and if there isn't enough, for example, cybersecurity professionals, it will affect the working-class person the most. They're going to get hacked.
It's not fair, it isn't fair at all. It's going to be the poorest in society that's going to suffer the most unless there's enough of us to stand up and protect them or empower them to protect themselves as well.
Read next Lauren Lawson
Holyrood Newsletters
Holyrood provides comprehensive coverage of Scottish politics, offering award-winning reporting and analysis: Subscribe