In our latest Cyber Leaders on the Move, a series that features untold stories of leaders shaking up the cybersecurity industry, I had the pleasure of sitting down with Joss Howard, Cybersecurity Partner at McGrathNicol. A cybersecurity veteran and Cyber Leadership Program (CLP) strategy competition winner, Joss’s story of tenacity and boundless drive is deeply inspiring.
Joss was born and raised in South Wales in the United Kingdom, where she describes her childhood as typical. In school, she gravitated towards sports more than academics, “I was not very studious,” Joss discloses, “I was into sports like field hockey and athletics.”
It’s the adversity that Joss faced in her younger years that instilled the deep empathy she exudes to this day. Losing her mother at the tender age of 17, Joss says, “After such a life-changing moment, your mindset is set to look after yourself, and respect and care for those around you.” This translates into how Joss engages with people to this very day.
“I left school with few qualifications, but I knuckled down in tertiary college,” Joss confides. At 19 years old, Joss joined the Royal Air Force (RAF) as an Intelligence Analyst, where she would spend the first 16.5 years of her career. “My father and brother were in the RAF, so it felt like the natural thing to do. I completely went into the role blind. There was no detailed job description due to the confidential nature of the trade I chose,” Joss explains.
Her time in the RAF took Joss far and wide. “I travelled to many countries around the world during my time in the RAF. My travels provided insight and experience of different cultures, broadening my way of thinking and understanding,” she says. Her role as Intelligence Analyst entailed leveraging various intelligence sources to build the big picture to inform mission-critical strategies. This laid strong foundations for Joss’s cybersecurity career.
In 1997, an opportunity arose within the RAF for Joss to become a Computer Security Analyst. Her friend was leaving the RAF and suggested Joss apply for the role. This move birthed Joss’s cybersecurity career. While not in a technical role at the time, Joss found her computer equipment regularly broke and needed to be fixed quickly. “My computer had a 486 chip, and it wasn’t maintained often by the IT department. It was 1997, the internet was in its infancy, and ‘Googling’ for a fix was impossible,” Joss recalls, “So I had to research using books to try and figure out how to repair the computer.”
The absence of quick and easy help guides instilled the attitude to research, improvise and adapt, helping Joss turn her proverbial lemons into lemonade. “In the end, I became very familiar with the workings of computers that I would build PCs for friends and family, while also selling them on. It was a great way to get some extra money!” Joss laughs.
As an RAF Computer Security Analyst, Joss regularly collaborated with the RAF Police Counter Intelligence department to help assess information systems for risks and find the best ways to protect sensitive data. Describing herself as the archetypal “poacher turned gatekeeper,” Joss used her experience exploiting communication systems as an Intelligence Analyst and then learned how to protect information systems as a Computer Security Analyst.
In 1999, Joss was headhunted by a specialist RAF Signals Unit to join a newly established Force Information Security Team. “It had a nice acronym of FIST,” Joss jokes. She became a team leader, despite being the only female in this section and a junior in a team of twelve.
I was curious to understand how Joss felt being a female in a male-dominated team. Standing out and gaining experience and kudos in security, Joss recalls her time fondly. “My time in the RAF, despite being ‘outnumbered’ in security, I was part of a team. It wasn’t male versus female. It was hard work but very enjoyable, and I had a lot of support and mentorship from both men and women,” she continues. “I always say, you give as good as you get,” Joss declares.
Joss would spend the next five years leading this specialist team and operating in various locations. The position took her on several mission-critical global operations, providing security support as required. She was always on her toes. “When you are on standby, you’re given incredibly short notice to prepare and fly from the UK to anywhere in the world!” she describes with exhilaration. “I was conducting counter-surveillance activities to detect listening devices, assessing systems for security bugs and weaknesses across military IT systems. Supporting the RAF during military operations, you’re at the cutting edge and what you’re doing is extremely important,” she emphasizes.
For Joss, this was the highlight of her tenure with the RAF, “I was at the cutting edge of IT security, learning techniques to identify and exploit physical and technical vulnerabilities, methods to protect IT systems, and drafting supporting policies. Skills that I still use today.” It was also during that time in the RAF that her interest in critical infrastructure began. While many systems in the RAF are IT, Operational Technology systems are still prevalent, “If a network is taken offline, people’s lives, data and national sovereignty are put at risk,” Joss states.
Joss was soon promoted to a senior rank and moved to UK Permanent Joint Head Quarters (PJHQ). It was the early 2000s, and the internet was starting to take off. “We were all learning about the power of the internet and how network security could be matured together,” Joss fondly recalls. “You weren’t formally taught at first,” she elucidates, “It was very much ‘there’s a book get on with it!’ or you learnt by mistakes, you just had to push forward with determination.”