Challenging assumptions; breaking barriers

Elyse Gunn at Nasuni argues that the future of cyber-security demands a ’why not?’ mindset

 

As we mark International Women-in-Cyber Day, I’m reminded that cyber-security has always been about challenging assumptions and breaking through barriers, qualities that, in my experience, women bring to every field we enter. Cyber-security is facing unprecedented challenges, from AI-driven threats to rapidly expanding compliance requirements. Now, more than ever, we need more of the innovative thinking, fresh perspectives and practical benefits that diverse teams bring to the table.

 

The most successful security programmes I’ve seen share a common trait with the most successful women in tech: they don’t accept ’that’s how we’ve always done it’ as an answer. Instead, they ask, ’Why not?’

 

From ’Team of no’ to ’Team of why not?’

Cyber-security has long operated from a place of defence, building walls and saying no to anything that introduces risk. But the security programs that are leading the charge today are doing the exact opposite. They’re leaning into emerging technologies like AI, asking not ’why would we do this?’ but ’why wouldn’t we; and how can we?’ 

 

That doesn’t mean throwing caution to the wind. ’Why not?’ isn’t a free-for-all; it’s a mindset that opens the door to innovation while still demanding rigour. It helps you get to a principled yes, often by saying, ’Yes, but with the right controls in place.’ It’s about building frameworks that support progress while protecting what matters.

 

For example, when AI tools first began entering everyday workflows, the instinct for many security teams was to block access outright. ’Why?’ thinking focused on risk alone. But teams who embraced ’Why not?’ thinking asked a different set of questions: Can we allow this use case in a sandbox? Can we enforce data classification before inputs are submitted? Can we monitor for model leakage without stopping experimentation altogether? Those teams found ways to say yes, boosting productivity while maintaining data security responsibly. 

 

This shift mirrors what it means to succeed as a woman in cyber-security. Often, we’ve had to become comfortable with being uncomfortable, finding creative solutions when the obvious path wasn’t available to us. That mindset is precisely what cyber-security needs right now, as the threat landscape becomes more complex.

 

The bias toward the status quo

There’s a deep-rooted bias in many organisations toward the status quo – the idea that legacy controls, established vendors, and existing playbooks are ’safe’ simply because they’re familiar. But in cyber-security, what worked yesterday may no longer be good enough today. ’Why not?’ is a powerful tool to challenge such inertia. It asks: If we are starting fresh, would we build it this way? If this process didn’t exist, would we invent it now? 

 

The best security leaders don’t just protect what exists; they help shape what comes next. They know that enabling the business often requires rethinking inherited practices, breaking out of checkbox compliance thinking, and shifting the culture from passive risk avoidance to active risk management.

 

Modern threat management

Here’s a truth that might scare some organisations: when it comes to cyber-threats, it’s no longer a matter of ’if’ but ’when.’ Any organisation, large or small, can become a target. Attackers are not necessarily looking for the biggest prize, just the easiest target. That means every organisation, large or small, must be prepared.

 

This requires a fundamental change in how we approach security. We need layered controls because individual controls will fail. We need robust incident response plans that account for every scenario, including insurance considerations and law enforcement engagement.

 

Perhaps most importantly, we need to understand that security is a shared responsibility across the entire organisation. For example, global enterprises are increasingly moving ‘siloed’ data onto a single unified platform in the cloud, enabling them to not only gain more commercial value from their unstructured data but also enhance these assets’ security. 

 

The strongest security programmes I’ve seen have a lot in common with the strongest women leaders – they don’t try to control everything. Instead, they build systems and cultures that can adapt and respond effectively when challenges arise.

 

Building security into the foundation

We live in a data economy. Organisations are more information-driven than ever, especially as AI enters the mainstream. That’s why the first question any business will ask before trusting you with their data is: ’How will you secure it?’ 

 

Through a ’Why not?’ approach, we enabled a European manufacturer, previously wedded to outdated sharing of its corporate data from file servers in multiple locations, to streamline its operations by unifying all its data. Not only can the company now scale its information globally for analytics uses and enable regional offices to immediately access data locally, it has also reduced the threat to these critical assets from ransomware.   

 

At the same time, privacy regulations are exploding globally. The answer isn’t to treat security as an afterthought or a separate layer, but to weave it into the foundation of both the products we build and the ways we operate. Because the best security programs, like the best leaders, are the ones you don’t even realise are there. They work quietly in the background, creating seamless experiences while maintaining the highest standards of protection.

 

The path forward

As we celebrate the contributions of women in cyber-security today, I’m optimistic about the future. The challenges we face in cyber-security demand exactly the kind of innovative, collaborative and resilient thinking that diverse teams excel at providing.

 

The next generation of cyber-security professionals, regardless of gender or background, will need to be comfortable with ambiguity, creative in their problem-solving, and bold enough to challenge conventional wisdom. These are qualities women in tech have long developed out of necessity.

 

The future of cyber-security belongs to those willing to ask, ’Why not?’; not to ignore risk, but to approach it with clarity, structure, and imagination. It’s about building smarter, more adaptive systems, supported by controls, governance, and the confidence to say ’yes’ to innovation responsibly. And there’s never been a better time for diverse voices to help make that transformation.

 

---

 

Elyse Gunn is Chief Information Security Officer (CISO) at Nasuni, a leading provider of cloud file services. She specialises in building security-by-design cultures and developing AI governance frameworks

 

Main image courtesy of iStockPhoto.com and Laurence Dutton