Kathy Liu, Digital Sovereignty - Senior Business Development Manager, Amazon Web Services (AWS)
Tell us about your journey into the industry.
I stumbled into cybersecurity accidentally. In the last semester of my Master of Public Administration (MPA) in Economic Policy, I wanted to try something different so I took two cyber electives that were being offered for the first time. I came in knowing nothing about the domain, except a few Hollywood portrayals. I quickly became hooked because of the wonderful purpose of the field. When I first started the cybersecurity job hunt, I rarely saw a post matching more than 20% of my background from Political Science and Public Policy. I faced a lot of initial rejections (or rather ghostings!), but in the end, it was in framing the value of my existing transferable skills to cybersecurity, and how it differentiates my point of view, that landed my first role as a cybersecurity consultant at Deloitte. After working a few years in consulting, now I am in an exciting intersectional role in cloud computing at Amazon Web Services (AWS) that fuses my interests in cybersecurity and public policy.
Tell us about your current role.
Super long title alert! I’m the global Digital Sovereignty Senior Business Development Manager at Amazon Web Services (AWS), which is the world’s most comprehensive and broadly adopted cloud. Digital Sovereignty is an emerging specialism in cloud computing, and top of mind for business and government decision makers internationally. Cybersecurity is often an important mechanism to achieve digital sovereignty. My global remit focuses on helping our customers balance digital sovereignty requirements with opportunities to accelerate digital transformation through AWS services, allowing them to achieve control without compromise. I innovate on behalf of customers on AWS capabilities, working alongside engineering, public policy and legal teams. I develop commercial business cases and go-to-market plans for how we expand natively and also with our partners.
What does a typical day look like?
My role is highly interdisciplinary, it has both external-facing and internal-facing aspects, and spans across countries and sectors. Externally, I work closely with our global customers and partners to work backwards from their digital sovereignty requirements. Internally, I work cross-functionally with teams from engineering, legal, security assurance and many other functions to innovate our AWS offerings. There is hyper ownership in my role and often a high degree of ambiguity, so I often get to build things from the ground up - which I enjoy. You may also catch me at an international Summit speaking about digital sovereignty.
What are your career goals/plans for the future?
What excites me most about cybersecurity is that roles of tomorrow do not exist yet! Wherever my career and the industry evolves to, I know I want to keep working to create the right norms and long-term thinking for new classes of technology.
What is the best thing about working in the cyber security industry?
Hands down the wonderful purpose! Cybersecurity is so fundamental to trust in our society, in the uptake of existing and new technologies. Coming from a Public Policy background, I always view cybersecurity as a public good that should be accessible to everyone.
What advice would you give to others thinking about pursuing a career in cyber security?
Firstly, know that there is no one single surefire pathway to cybersecurity, lots of us came by way of meandering and unexpected paths. I recently heard (ISC)2’s president say “We are the collision of all of our life experiences” - do not estimate your lived experiences, no matter how irrelevant they may seem, as they will connect you to cybersecurity in unexpected ways!
Secondly, a first step is to simply to talk to cyber processionals. When I was starting out, I cold-messaged so many people on LinkedIn, and you will be pleasantly surprised how were happy to send a Zoom link. Not only will this help you expand your network, it will also give you more representative insights into the actual jobs inhabited by professionals, and the choice that is available to you!
Lastly, this isn’t a static field. No one is going to come to cybersecurity with all the infinite knowledge and skills needed. So adopt a curious mindset, and be prepared to keep learning, and yes, that sometimes will involve some unlearning as well!
What would you say are the 3 most important skills you use in your role, and why?
- Communication. Cybersecurity is not just an IT problem, the ability to communicate its importance in the language of different stakeholders across an organisation is vital, whether it’s framing in terms of business impact or policy implication.
- Propensity to upskill. It’s a field where you need to keep learning, so stay curious.
- Navigating ambiguity. In my role, it’s critical to embrace the ambiguity and adapt as things shift, and be confident in making judgement calls with the data there is.
What do you like to do in your spare time?
I surfskate in my spare time, I like to find flow on different skateable surfaces around London (and the world!)
Anything else you think would be interesting to add?
I founded the Inclusive Cyber project in 2018, through the World Economic Forum Global Shapers Community.The project empowers underrepresented talent from untapped and atypical backgrounds to transition into cyber careers by maximizing the potential of their transferable skills, and closing the confidence gap. Our skills mapping tool is benchmarked to the NIST National Initiative of Cybersecurity Education (NICE) framework from the US.
To date, the project has directly coached over 1250 students from Montréal, Kigali and London, and individuals have successfully broken into cybersecurity from backgrounds such as health, psychology, accounting and tourism. In London alone, we have delivered our workshops at LSE, UCL, Queen Mary, Royal Holloway and Hult Business School. We are also championing the youth voice at national and global policymaking tables on cyber talent diversification.