Epic Women in Cyber — Shaojing Elfin Lei
Shaojing (also known as Elfin) is currently the cyber security lead at giffgaff, previously a senior consultant in Deloitte Cyber. Born and raised in China in the 90s, witnessing the changes the Information Age brought, she started some experiments and projects out of curiosity about technology. Though her journey on security wasn’t straight from the beginning.
She obtained double bachelor degrees at the same time from both Chinese and Australian universities on finance and financial management, realised her passion was actually technology and wanted to make an impact from what she does. She came to the UK, turned round and dived into information systems. After working at a start up and seeing first hand horror about handling personal information, she then decided to get into security and help as much as possible for people to not get hurt in the cyber world.
She obtained double masters degrees in both Information systems and information security, and started her security career at Deloitte as a consultant. She worked on various security projects including PAM, crisis management, network, vulnerability management, and then became subject matter expert in AppSec. Now she’s focusing on DevSecOps and shift-left.
How did you get into the cybersecurity field?
I first heard about this topic when I was studying my first MSc in Royal Holloway University, as InfoSec is one of the flagship courses and some of my friends were doing it. That gave me opportunities to go listen to some of the lectures and they intrigued me and led me to do more research.
Then I worked in a brand new tech startup in London when I graduated, I saw the first hand threats on customers’ data; I just could not stand the idea of people are getting exploited by malicious activities, simply due to the lack of awareness or ability to protect themselves in the virtual world, and that was the trigger which pushed me to get into this field.
What are the main challenges in this field?
Right now I feel very positive as the mindset and attitude towards security has been dramatically changed because of the pandemic (and maybe a few big security breaches or attacks happened to some industry giants before), and more traditional industries have been actively moving to a digital focused or centric approach. However, that means there will be more and more sophisticated threats appearing, and not everyone will be able to afford a good solution to protect themselves.
Commercializing security solutions/services is going to cause pain to smaller organizations and charities. On another note, the push for more compliance and regulations helps to standardize what security goals organizations should achieve, but again the other side of this coin is to face the fact that many of them will just shovel all the mess under the rug. We’re at this transitional point, where we realize the importance of protecting our virtual assets, and the technology evolves rapidly every month, but it also takes more time and a lot of resources for industries and organizations to adapt into the new world. Change is always painful.
What are the things you’ve learned being a woman in cybersecurity?
I have been lucky so far, to work with incredible people who never doubted me just based on my gender. I think the most important thing is that you have to firstly see yourself as an equal to anyone. Imposter syndrome is inevitable when you start your career, but it always helps to keep yourself learning, keep researching, keep your curiosity alive and checking out everything you’re not sure of. Once I’m certain about the knowledge and facts I have, I’m not afraid of being challenged. In fact I do like a challenge, debating always helps me to think even better.
What advice would you give to women who would like to join the industry?
Be fearless, if you want to do something, do it, don’t wait; if you don’t understand anything, ask it away, don’t wait; if you want to pursue a better goal or have a bigger ambition, show it off, let yourself shine through, and don’t hold back. Only remember, it’s the same journey for everyone, none of us in the world are born to do anything, it’s all hard work.
Who are your role models?
Me and my partner’s mums. They both really showed me what strong women really mean, one got her Phd when she was 55, one started developing new skills after her retirement. They are all ordinary women who have been working hard in male dominated areas and still taking care of their families at the same time, but they’re also aware of what they want to achieve in life and have a focus on their own personal passions.
And of course Hua Mulan (warrior) and Wu Zetian (Chinese first Empress) — all of them did not care about any judgements, or restrictions under the societal and cultural prejudice, but only pursued what they really wanted.
If you could go back in time to your first days in the industry, what would you do differently or tell yourself?
I’d say, believe in yourself and speak up your mind, it’s normal to not know things at the beginning, it’s a journey not a competition.
If you are a founder or a member of a community for women in security, can you introduce it?
Our security team in Giffgaff is an all-women team, not everyone has got the academic background of it or experiences before they got into security, but they’re all doing absolutely excellent jobs.
I previously volunteered to be mentors and delivered career inspirational talk in a couple of sixth forms and secondary schools. Me and my team will keep doing so.
