In Conversation with Jessamy Perkins
The cyber security industry has a well-worn narrative: we need more technical talent, more certifications, more people who can code their way out of a threat landscape. But some of the most effective security leaders didn't start in IT at all. They came from diverse backgrounds and that's the gap the industry often refuses to name – security isn't just about technical ability, it's fundamentally about people.
That's why we sat down with Jessamy Perkins for our first instalment of our In Conversation series. In this series we invite ICT and security experts to uncover their perspectives on important topics that rarely make it to the conversation.
As Cyber Leader of the Year and a protective security specialist who transitioned into cyber, Jessamy has spent over a decade proving that the most critical security expertise isn't about packets and protocols, but about understanding how humans, systems and culture intersect under pressure. She's Chapter Lead for the Australian Women in Security Network in Canberra, a ThinkUKnow volunteer presenter with the Australian Federal Police and currently writing a book on building security by design. She's also never claimed to be a "technical expert" – and that's exactly why her perspective matters.
In this conversation, we explore what psychological safety actually means for security teams, why diversity is a strategic advantage rather than a moral exercise and what happens when we stop asking "Can you code?" and start asking "Can you see the risks no one else is naming?"
Who is Jessamy Perkins?
You started in protective and personnel security in 2012, working in threat analysis and risk management before moving into cyber security.
What about your work do you look forward to first thing on a Monday morning?
What I look forward to every week is the opportunity to solve problems that matter. Whether it’s mentoring a colleague or those just joining security roles, helping an organisation navigate their risk and complexity, or shaping a stronger security culture, it’s the ability to help protect people and the purpose behind the work that energises me.
You’ve worked on a range of different projects over the years. Tell us about one you are most proud of.
One of the projects I’m most proud of was leading a major initiative to uplift cyber resilience across Defence’s classified environments. It wasn’t just about technology – it was about changing culture, building trust between stakeholders and creating systems that could adapt under pressure.
Seeing the collaboration between technical experts, policymakers and operators – and knowing the tangible impact it had on ensuring our nation’s resilience – was incredibly rewarding. It showed me what’s possible when people align around a shared purpose.
How has your expertise in the physical and human side of security influenced your approach to cyber security?
My early years in protective security – which entailed advising on the physical, personnel, information and governance aspects of security across entire departments – taught me that security isn’t about technology; it’s about people. I learned to understand how risk prevents us from meeting our goals, and how human behaviour, motivations and the physical environment all intersect. This understanding built a strong foundation for how I approach cyber security today. Systems can be engineered to be resilient, but people need to feel part of that resilience – to feel trusted, empowered and supported. We also need to ensure good management of how we take care of these teams and technical components.
Jessamy’s Perspective On
Psychological safety:
You recently shared a story on LinkedIn about the importance of psychological safety, where you said, “No matter how strong our security systems or governance are, people won’t raise their hand if they don’t feel safe”.
Tell us more about why you shared this story, what it means for cyber security teams and for the wider industry.
That post came from years of observing how brilliant and capable people stay silent out of fear – fear of judgement, blame or being seen as less qualified. I started in roles where all my colleagues were former police or military personnel, where showing vulnerability or challenging assumptions of ‘the powers that be’ was definitely not encouraged. But we know that psychological safety is the foundation of effective security culture. If people don’t feel safe to speak up, to report issues, suspicious incidents, near misses or to challenge assumptions, then we’re operating blind to risk – burying our heads in the sand.
For teams, it means leaders need to model openness, be approachable, show curiosity and a willingness to be wrong – to ask, “What did we learn?” instead of “Who’s at fault?”. For the wider industry, it means recognising that trust and empathy are as critical to resilience as encryption or firewalls. A safe environment breeds innovation, honesty and continuous improvement, and hopefully we can seek to build that every day.
Diversity and inclusion:
Data shows a significant underrepresentation of diverse groups in technology. A lack of diversity hinders innovation, reduces creative problem solving across a wide range of threats and widens the industry's skills gap.
Given your advocacy on diversity, inclusion and mentorship of women in the field, what is being done well to improve representation – and what critical issues or approaches is no one talking about that should be?
We’re seeing some great progress through mentorship programs, scholarships and visibility of diverse role models. These efforts are helping diverse individuals to see themselves working in – and willing to apply – for roles in the industry and that’s powerful.
However, what we’re not talking about enough is the retention and psychological safety of those diverse voices once they arrive. Inclusion isn’t just about entry – it’s about creating an environment where different perspectives are valued and heard. We also need to challenge the subtle biases that define what “qualified” looks like and broaden the pathways for people with unconventional or lived experiences to thrive.
The unrealistic job descriptions that ask for extensive education and costly certifications prevent some ideal candidates from even considering or achieving work in the space, in addition to the time and effort required for security clearances. Those working in security must demonstrate their trustworthiness, honesty, discretion and loyalty – we’re sometimes given responsibility for the ‘crown jewels’. Diverse individuals sometimes find these application processes highly stressful and their natural apprehensions alongside role restrictions can sometimes make them reconsider whether they can apply.
Burnout and retention:
During our conversations, you've mentioned a significant rise in people entering cyber security, followed by high turnover rates.
What's driving this pattern? What should leaders be thinking about to reduce turnover in security roles? And what advice would you give to cyber professionals to help them prioritise their well-being?
Cyber security can be an intense field. For those in frontline response roles, the stakes are high, the landscape changes daily and the knowledge of ‘threats’ are constantly in the back of your mind – limiting rest and making burnout a real risk. Many new entrants are motivated by passion or opportunity, but without supportive leadership, clear career pathways and a culture that values balance, they can quickly lose that spark.
Leaders need to focus on clarity, mentorship and meaningful recognition – not just workload management. Connection, purpose and growth are the antidotes to burnout.
For professionals, my advice is to stay grounded in your “why”. Build boundaries, nurture relationships outside work and don’t be afraid to step back to step forward. Resilience isn’t about never breaking; it’s about knowing how to repair.
Pathways into cyber security:
I recall in our very first conversation, you made it clear that you're not ‘technical’ like a coder. You said your strengths lie in being the bridge between technical and non-technical teams – using your skills in building relationships and problem-solving to get things done. This challenges a common misconception about the industry – that you must be technical to be in cyber security.
What are the different career paths people can take in security and cyber that don't come from a technical or IT background?
There are so many areas that form this space, and the publicised view that everyone is a hacker in a hoodie who has been coding since they were a kid limits those who consider it. We should see that cyber relies on so many different areas of expertise – policy, governance, risk management, education, crisis management, privacy, intelligence, analysis, project delivery – all of these rely on understanding systems and people rather than coding or engineering.
Cyber security is an ecosystem. We need communicators, analysts, strategists and educators as much as we need technical experts. The key is curiosity and a willingness to learn how your skills translate into this space. Cyber is not one discipline – it’s a collective effort that thrives on diverse strengths. So, for those who don’t have a technical background, that’s totally okay – there are plenty of opportunities for you to use your strengths, typically using the skills you already have.
What’s one piece of advice that you would give to someone starting their career in cyber security?
Start by understanding yourself – what motivates you, what kind of problems you love solving and where you draw energy. Then find mentors who can help you translate that into the right niche.
Stay curious, stay humble and don’t let imposter syndrome convince you that you don’t belong. Every expert once started where you are. The best careers are built on persistence and purpose, not perfection.
Looking into the future of cyber security
Looking at the next five years, what is the single most important mindset shift that needs to happen within Australian government and industry to build a truly diverse workforce that supports a resilient and sovereign cyber future?
We need to move from compliance to culture. Diversity and resilience can't be tick-box exercises – they have to be woven into leadership decisions, investment strategies and workforce planning.
The reality is that our hopes for a sovereign cyber future won't materialise unless we can educate and certify our own citizens, build an Australian expert workforce and develop the capability to create and secure key parts of our ICT infrastructure at home.
That's why we must see diversity not as a moral imperative but as a strategic advantage. A truly sovereign cyber future will come from nurturing our own talent, empowering new voices and embracing collaboration over competition. I'm writing a book on this topic, exploring better ways to build from the ground up to ensure security by design in our digital world.
Finally
What does success look like for Jessamy Perkins in this phase of your career?
Success for me is about impact and doing meaningful work. It’s less about titles and more about leaving the system stronger – whether that’s mentoring the next generation of leaders, influencing national resilience strategies or helping organisations think differently about security.
If I can help others feel confident, capable and connected in what they do, that’s success. My aim is to build ecosystems of trust and learning that endure well beyond my own career, and I’d hope to leave our part of the world better for when my little boy grows up.
Jessamy's perspective about psychological safety cuts to the heart of why so many security initiatives fail. When she says, "people won't raise their hand if they don't feel safe", she's describing the invisible vulnerability in every security posture assessment. Silent teams – no matter how technically proficient – operate blind to risk.
The talent market reflects this. Organisations fixating on certifications and technical credentials struggle with recruitment and face high turnover due to burnout – a direct result of hiring for technical expertise alone without supportive leadership or psychological safety. Meanwhile, those building genuinely resilient security capabilities ask different questions. They seek people who can translate between technical and non-technical teams and understand that security incidents are as much people problems as technical ones.
For professionals considering security careers, Jessamy's journey disproves the industry's most persistent myth: that you need to have been coding since childhood. If you've got experience in risk management, crisis communication, policy development, project delivery or strategic planning, you already have transferable skills that security teams need. The question isn't whether you belong; it's whether you can see how your existing strengths translate.
So, what would we stop asking for if we rebuilt security hiring from scratch, knowing that psychological safety and diverse thinking determine whether security programmes actually work? And for those with non-technical backgrounds – what's stopping you from exploring this space?
To connect with Jessamy, find her on LinkedIn, or learn more about the Australian Women in Security Network here.
Stay tuned – this is the first in our In Conversation series, where we discuss the complex questions that shape technology and ICT but rarely make it into the conversation.