Cyber Leaders on the Move: Joss Howard — Cybersecurity Partner at McGrathNicol.

In our latest Cyber Leaders on the Move, a series that features untold stories of leaders shaking up the cybersecurity industry, I had the pleasure of sitting down with Joss Howard, Cybersecurity Partner at McGrathNicol. A cybersecurity veteran and Cyber Leadership Program (CLP) strategy competition winner, Joss’s story of tenacity and boundless drive is deeply inspiring.

Joss was born and raised in South Wales in the United Kingdom, where she describes her childhood as typical. In school, she gravitated towards sports more than academics, “I was not very studious,” Joss discloses, “I was into sports like field hockey and athletics.”

It’s the adversity that Joss faced in her younger years that instilled the deep empathy she exudes to this day. Losing her mother at the tender age of 17, Joss says, “After such a life-changing moment, your mindset is set to look after yourself, and respect and care for those around you.” This translates into how Joss engages with people to this very day.

“I left school with few qualifications, but I knuckled down in tertiary college,” Joss confides. At 19 years old, Joss joined the Royal Air Force (RAF) as an Intelligence Analyst, where she would spend the first 16.5 years of her career. “My father and brother were in the RAF, so it felt like the natural thing to do. I completely went into the role blind. There was no detailed job description due to the confidential nature of the trade I chose,” Joss explains.

Her time in the RAF took Joss far and wide. “I travelled to many countries around the world during my time in the RAF. My travels provided insight and experience of different cultures, broadening my way of thinking and understanding,” she says. Her role as Intelligence Analyst entailed leveraging various intelligence sources to build the big picture to inform mission-critical strategies. This laid strong foundations for Joss’s cybersecurity career.

In 1997, an opportunity arose within the RAF for Joss to become a Computer Security Analyst. Her friend was leaving the RAF and suggested Joss apply for the role. This move birthed Joss’s cybersecurity career. While not in a technical role at the time, Joss found her computer equipment regularly broke and needed to be fixed quickly. “My computer had a 486 chip, and it wasn’t maintained often by the IT department. It was 1997, the internet was in its infancy, and ‘Googling’ for a fix was impossible,” Joss recalls, “So I had to research using books to try and figure out how to repair the computer.”

The absence of quick and easy help guides instilled the attitude to research, improvise and adapt, helping Joss turn her proverbial lemons into lemonade. “In the end, I became very familiar with the workings of computers that I would build PCs for friends and family, while also selling them on. It was a great way to get some extra money!” Joss laughs.

As an RAF Computer Security Analyst, Joss regularly collaborated with the RAF Police Counter Intelligence department to help assess information systems for risks and find the best ways to protect sensitive data. Describing herself as the archetypal “poacher turned gatekeeper,” Joss used her experience exploiting communication systems as an Intelligence Analyst and then learned how to protect information systems as a Computer Security Analyst.

In 1999, Joss was headhunted by a specialist RAF Signals Unit to join a newly established Force Information Security Team. “It had a nice acronym of FIST,” Joss jokes. She became a team leader, despite being the only female in this section and a junior in a team of twelve.

I was curious to understand how Joss felt being a female in a male-dominated team. Standing out and gaining experience and kudos in security, Joss recalls her time fondly. “My time in the RAF, despite being ‘outnumbered’ in security, I was part of a team. It wasn’t male versus female. It was hard work but very enjoyable, and I had a lot of support and mentorship from both men and women,” she continues. “I always say, you give as good as you get,” Joss declares.

Joss would spend the next five years leading this specialist team and operating in various locations. The position took her on several mission-critical global operations, providing security support as required. She was always on her toes. “When you are on standby, you’re given incredibly short notice to prepare and fly from the UK to anywhere in the world!” she describes with exhilaration. “I was conducting counter-surveillance activities to detect listening devices, assessing systems for security bugs and weaknesses across military IT systems. Supporting the RAF during military operations, you’re at the cutting edge and what you’re doing is extremely important,” she emphasizes.

For Joss, this was the highlight of her tenure with the RAF, “I was at the cutting edge of IT security, learning techniques to identify and exploit physical and technical vulnerabilities, methods to protect IT systems, and drafting supporting policies. Skills that I still use today.” It was also during that time in the RAF that her interest in critical infrastructure began. While many systems in the RAF are IT, Operational Technology systems are still prevalent, “If a network is taken offline, people’s lives, data and national sovereignty are put at risk,” Joss states.

Joss was soon promoted to a senior rank and moved to UK Permanent Joint Head Quarters (PJHQ). It was the early 2000s, and the internet was starting to take off. “We were all learning about the power of the internet and how network security could be matured together,” Joss fondly recalls. “You weren’t formally taught at first,” she elucidates, “It was very much ‘there’s a book get on with it!’ or you learnt by mistakes, you just had to push forward with determination.”

Upon finally leaving the Royal Air Force, Joss returned to South Wales to take up a position at Airbus Defence and Space UK as the UK Government Information Security Manager, working with counterparts in France, Germany, and Spain. Joss stayed with Airbus for over four years, transitioning information security skills she gained in the military into the defence manufacturing sector.

While the military instilled a governance mindset, Joss’s time at Airbus taught her to focus on risk. “I enjoyed the challenge of making security a mainstream conversation and getting people to see security as an advantage, and not an obstacle for growth,” she explains.

Joss then moved to Barclays as an IT Governance Manager, to expand her experience in the Finance sector and understand its nuanced challenges. However, she identified that the role was typical of an Information Security Manager’s role. Through collaboration with various business teams, and her hands-on approach to security, Joss was able to advance security in the business and reduce identified risks to an acceptable minimum. Soon, this paid off, and Joss was promoted to Senior Information Security Manager, leading security projects and working with global teams.

Going forward, an opportunity at PriceWaterhouseCoopers (PwC) saw Joss lead a cybersecurity consulting team as the Regional Cyber Security Lead for Wales and West region (UK). Working with a Big 4 consulting firm gave her the taste of consultancy and advisory. To progress her consultancy career, she left PwC for NCC Group.

Holding various roles at NCC Group, she describes her time there as challenging and fulfilling. Joss worked with over 80 clients in 16 countries, executing more than 100 diverse security projects. From Romania to Papua New Guinea, the role had Joss working with clients in diverse locations and once again reignited the spark of international travel that Joss missed. “NCC Group is a cybersecurity consultancy firm that has a broad, varied portfolio including in-depth specialisms. Some projects lasted a day, others two years. I loved the fact that as a consultant, I had the opportunity to make a difference every day,” Joss recalls with nostalgia.

Within 18 months, Joss was promoted to an Executive Principal Consultant, during which an opportunity arose that took her to Australia where she currently resides. “I initially came to Australia in February for six weeks to see if there was an opportunity to grow a risk business in the region,” Joss reveals. In July 2017, Joss made the permanent move to Australia and was promoted to lead the APAC risk team. She became the first woman within NCC Group to head a regional risk team, a milestone she is proud of.

In December 2021, Joss joined McGrathNicol, an Australian Advisory and Restructuring business, as a Partner in the Cybersecurity and Digital Forensic department. Her role entails consulting business leaders and practitioners on all facets of cybersecurity, ranging from strategy development and risk advisory to incident response. Bringing a wealth of experience and passion, her clients certainly reap the benefits of her expertise.

What inspires me most about Joss’s fascinating journey is the absence of a finish line. She is constantly striving to give her best and reskill to stay relevant in the dynamic world of cybersecurity. When I quiz the source of her ambition, she replies, “It goes back to when I was a young girl, and my mother was ill. I quickly learnt that you have to make your own way, nobody else can do it for you. My adversity taught me how to adapt, be independent, and constantly strive."

“When I joined the RAF at 19, which was soon after my mother’s death, I knew I had to gain as much as I could because I didn’t know where the next opportunity — or setback — would be,” she continues. “The armed forces teach to you to ‘improvise, adapt, and overcome’ so that you can serve well in a crisis.” Naturally curious and eager to learn, Joss is an avid reader, “It feels like you’re always chasing in security. The hackers are always a step ahead. As cybersecurity professionals, we need to push to change that narrative,” she expounds.

I met Joss early in 2021, when she joined our Cyber Leadership Program, alongside dozens of other cyber leaders from different backgrounds. Her passion and experience shone through, and Joss went on to win the Cyber Strategy Competition against other accomplished leaders. Her incredible presentation earned Joss a scholarship into INSEAD to further deepen those leadership skills. Joss’s willingness to push boundaries and uplift others exemplifies our CLI values, and we are proud to have Joss as one of our distinguished alumni.

When I ask Joss to share parting advice for aspiring women in cyber, she doesn’t hesitate, “Just go for it,” she asserts, “Take that one step that can lead you to a lifetime of experiences and learning. It’s a marathon, not a sprint, and you may have setbacks along the way. Have a go and be okay with failing — failing makes you stronger. Be inclusive, collaborate and embrace diversity. Our profession will be richer for it.”

“Remember, hackers don’t discriminate,” Joss concludes, “and neither should we.”