Head of neurodiversity in cyber research and consulting at Stott and May Consulting, is Holly Foxcroft. She served in the Royal Navy before starting her cyber career in technical recruitment and delivering cyber security training in schools and colleges. When her son was diagnosed with autism in 2014, she rose to prominence as an advocate for neurodiversity in the field whilst also realising she too was neurodivergent. Since then, she has devoted her time to researching the topic, going to school as a single mother while doing so, and pushing for reform.
In her position at Stott and May, Holly is focusing on the creation of policies and mentorship regarding neurodiversity in employment and research in cyber, as well as best practices, advice, training, and consulting. She also works to improve the support provided to neurodivergent cyber professionals, not just during the hiring process but also by enacting cultural change and combating biases at work.
Below are highlights of the interview:
Can you tell us a little about your journey before starting your professional journey?
I couldn’t ever settle on my dream career as a young girl, I battled between being a lawyer, a teacher, and being on stage! I went to college for my A levels in Business Studies, Human Biology, English Language, and Performance Studies. My grandfather and father both served in the Royal Navy. I often pondered the idea, but it was only when I was told, “You wouldn’t last a day’ that I knew this is where I would start my career. I joined as a warfare specialist and quickly specialized in electronic warfare. My head was quickly turned to cyber warfare and cyber security from here. Unfortunately, my career ended prematurely through a medical discharge. However, I continued to pursue a career in Cyber Security. During this time, I had my son, who is diagnosed as autistic and with ADHD, which was the start of bringing my two worlds together. I completed my bachelor’s in criminology and cybercrime. I now dedicate myself and my career to making cyber security universally inclusive and conducting much needed research into cyber security and neurodiversity.
Tell us about your role and responsibility at Stott and May Consulting.
I’m the Head of Neurodiveristy Research and Consulting, which really means I wear two hats. Firstly, we are partnering and collaborating with academia and industry, to further research between neurodiveristy and cyber security. From this research, we can support businesses in best practice, policies and lead from the front in understanding the correlation between neurodiverse conditions and cyber security. Secondly, I partner with businesses to deliver consulting and training in understanding neurodiversity and implementing a neuro-inclusive environment, so that it is universally supportive for everyone. This includes full training on challenging bias, culture change, understanding reasonable adjustments, creating mentorships and recruitment.
What are the company’s extensive security offerings that meet current corporate requirements?
“Most elements that fall under information and cyber security also include cloud security services, critical infrastructure security, application security, network security, and the “sexy” topic of IoT security. These can then obviously fall into more specific categories such as pen testing, vulnerability management, IDAM/PAM, Security Operations Centre provisions, ethical hacking services, DevSecOps etc. We provide E2E transformation from thought leadership/SA and architecture across the entire security landscape to implementation and analysis, along with some more functional components across project and programme management and business analysis. To give you a flavour of what we have in flight for some of our customers; we are supporting two large IDAM/PAM programmes, a number of IT Security Audits, burst capacity services within SOC functions, and a large piece within critical infra security and network security.
How have you integrated some of the more innovative thinking you developed while working for technology-driven companies into your current organization?
It is often referred to that the biggest threat to cyber security is human risk. However, the greatest asset we have in cyber security is being human! Although we rely heavily on technology, understanding and supporting people is in everyone’s best interest. Neurodiversity and cyber security are equal passions of mine. This comes through when I engage with people in meetings through to keynote presentations. I come from a diverse background, which has given me skills in storytelling, engagement, and how to build strategic partnerships. That, coupled with an understanding of cyber technologies, means I can engage with clients to understand their needs and address the problem head on.
Who do you collaborate with the most to drive growth and success?
Building neuroinclusive environments should be universal by design, which means that engagement is needed from everyone from interns through to stakeholders. The cyber security industry has turned to neurodiversity to address its widening skills gap. However, by only focusing on recruitment without first addressing the environment and culture, you are offering a disservice to potential and current neurodivergent employees. I have engaged with CISO’s and senior security leaders, asking ‘what are their main barriers’, people management and understanding neurodiversity always come up. So, it’s best to work with a “top-down” approach and challenge existing bias. Lastly, cyber security is diverse by nature, so having a diverse workforce is in your best interest!
How do you think about building advanced security team?
“Our approach isn’t a cookie cutter, it’s not a “one size fits all” service. Every single one of our engagements is tailored and customized, made entirely bespoke for our customers’ needs so that we can achieve the best results. To build the best security team, we need to get inside the problem. Our conversations usually start with senior stakeholders to uncover the “why?” questions, but as importantly, we need to be integrated with technical stakeholders to grind out the “how?” As a business, we are lucky enough to have a profound network within security. Our experience of putting these types of engagements together is second to none, and you can rest assured that your programmes will be delivered by the best technologists available, all whilst championing a NeuroInclusive approach. Partnering with research initiatives with academia and industry also gives us foresight into emerging trends while trailblazing the way towards understanding neurodiversity and cyber.
What does your role look like five years from now?
We currently have five core partners with large active engagement workstreams. I would like to embed myself into the heart of their DE&I practices to uncover untapped talent they could be currently missing out on due to a less mature process and management approach. In 5 years, I’d like to triple the core partnerships outside of the existing as well as offer consulting packages within the cyber security industry. I would like to start seeing a big impact from our research initiatives, making a positive impact on the cyber security industry.
What are the most important attributes of successful leaders?
Creating a clear vision for the company and the people and how they can specifically play a relevant role in establishing that environment. re-establishing direction on a regular basis for the group as a whole and for new individuals and people who are taking on new roles. establishing a working environment that emulates the ideal client’s setup with the services and solutions that you are promoting in place. Acting from a perspective of supporting the workforce to strive for the vision first and treating them as the experts who will make it possible, probable and make the vision happen. Create an innovative workplace where creation and mistakes are to be expected as part of the growth process and establish the safeguards to make that real. Communicating even when there are difficult circumstances and decisions to be made. Articulating your approach to solving problems as an example to be worked towards.
What advice would you give to the next generation of female leaders?
Practice the change you want to see in society—this is the best advice I have ever been given and can ever give! Your career journey shouldn’t be straight forward either. It’s OK if you don’t find your passion straight away either! Always communicate your needs and know your worth. Take up space! However, you do not need to be the loudest in the room to be heard, know your strengths and work with them; your journey is different from others. My last piece of advice is to look for mentorship and guidance.