You’ve earned a reputation as an acclaimed IAM leader and advocate for women within tech. How did you get here?

My career began in 1996 when a friend suggested I look into a career in IT, because that’s where the future would be. These were the days when we were still mostly using computers for word processing and the odd email. After graduating in computer science I found an engineering role at Cisco Systems. When I say engineering, I was going under floor tiles in banks and data centers, doing cabling and configuring routers and switches.

It was a male-dominated world and I felt pretty isolated. This was less because I was the only female in the team, and more due to the perception that “It can’t be possible that a woman is doing this kind of work.” It didn’t matter how many accreditations I gained. These kinds of views were a real barrier to my ability to win the confidence of the team through my abilities.

As a twenty-something wanting to be successful in my career, this created a strong need for encouragement and support, as well as a desire to change the perception that women can’t contribute in these kinds of roles. I started doing talks at schools, encouraging the younger generation to join this very exciting area of technology. I also fronted Cisco marketing campaigns, hoping to provide a positive role model for women. Later on, I started a peer group called Lean In Women in Technology. Initially the idea was to have a circle for women to get support and perhaps offer some mentoring and advice for younger women as well. And that grew into a 300-strong band of women who were also looking for support and guidance, and a place to talk about the challenges we often face in our careers.

Once I’d got over these hurdles myself, I moved into technology-focused management roles. I started delivering entire life cycles for routing and switching products, which led me in a systems and security direction. For example, I helped roll out CyberArk within Deutsche Bank. Following on from that, I moved into the identity nexus space, which is where I’ve been for the past ten years or so, leading large-scale transformation for banks and corporates. My focus has been on accelerating these transitions, including at NatWest where I’m currently working.

How have attitudes to women in technology changed during your career?

When I was at university there was never a question about whether I could do the work. Yet the culture within workplaces created a barrier to women like me earning the team’s confidence and trust. Perhaps in the last seven or eight years, I feel we have moved on from that era. Finally, we’re able to just get on with the work, because everybody has a valuable contribution to make.

Last year, my son was sitting next to me doing some homework while I was in a meeting on Teams. He pointed at the screen and said, “Mum, there’s only one guy in that meeting, everybody else is a woman.” I said, “Oh, yeah, that’s true.” And he gave me the thumbs up and said “Well done, Mum. That’s all your work.” Well, it was nice to hear that, even though it’s not the case!

How does this change in attitudes manifest within the programs that you lead?

The way in which projects are delivered within organisations tends to be very fear-driven. I try to neutralise that. I don’t want my team to be fearful, because that’s when people don’t speak, that’s when we don’t know what’s on others’ minds. If people suppress their concerns, that has a direct impact on the project.

I try to instill the values of being loving, creative, and inspirational. I want to build these values into everyone’s way of thinking when they work with me. Being loving means being passionate about your work and aspiring to do things with kindness. Being creative means bringing your ideas and your experience, your best offerings to solve problems. And being inspirational means your voice, your value matters. How are you inspiring your team, and the organisation, to think about things in a better way?

Once I get past these psychological barriers with team members, I find they are a lot more fluid, more relaxed. Their ideas and contributions really become evident. What I’ve seen throughout my career is that a directive approach often fails to achieve the desired result. My goal is to have skilled people who are passionate about what they do, and for them to say, “This is the right way to build this, based on my experience.” And then you get the outcomes you’re looking for.

I believe women’s voices are key to enabling this. We come from a loving, creative place. When you exercise those aspects, you see teams delivering because they want to, not because they’ve been told to. That’s probably where I’ve made the biggest contribution. Lots of people do program management, but to do it excellently, it’s about an attitude. It’s not something you can train, and it’s not specific to any particular technology.

It’s well-known that communication is a big part of change management. What you just described sounds more like culture, which can be even more powerful.

It is. What I’ve observed is that people often want to deliver. They want to bring their skills and experiences, but they’re kind of drowned out by this very mechanical approach to delivering a project. When you have one-to-ones with people, you understand that they don’t want to be told what to do. They want the dignity to do something in the way they know is the right way.

You talked about fear within organisations. There’s a lot of fear around AI right now. Do you see this in the teams you work with, and how should organisations respond?

The reality is that automation and headcount reduction are goals for many organisations. They will leverage AI where possible to do this. Five years ago, much of the work in IAM or IGA (Identity Governance and Administration) was still manual, such as submitting forms that are processed by a help desk or awarding team, who then have to provision this into the tool. We’re moving away from that. These processes are being automated, meaning the number of roles in these teams will be reduced.

Alongside this, we’ll see a shift in how teams deliver value. There will be a premium on lateral thinking, emotional intelligence and managing politics, which are not things AI can address. IAM and IGA are still very much about people, as well as process. Organizations need to think about how these roles should evolve, and tie in with new AI capabilities. Perhaps it will be more about managing digital workers to do things successfully. But the higher cognitive aspect of what we do will continue.

Presumably removing humans from the loop would lead to negative security outcomes. After all, AI is clearly far from infallible.

Absolutely. Whilst AI can provide better tooling, there’s still a human lens that always needs to be applied. We need to link these new capabilities back to the human element. We can’t lose that intelligent, lateral thinking aspect.

What do the new, AI-enhanced IAM and IGA workflows look like?

Running a discovery process using AI tools and workflows can get through a great deal of work, a lot faster. For example, you can probably scan 3,000 applications and determine what data is being collected within a few hours. But we still need a human to ask, “Okay, how can this be validated? What do I need to do to make sure the data is confirmed as accurate?”

Another area where AI is going to give us a great improvement in turnaround is on roles and application entitlements. It can take years to carry out a review and process all that data, going back to the business endlessly to collect more information and check it. AI is showing great ability to provide insight in these areas, for example identifying where role or entitlement groups can be simplified. Again, you always need a human to validate any proposed changes.