Continuing our ‘Ctrl in Focus’ series—we recently sat down with Alana, Head of our Risk Operations Centre, to ask her a few questions about her journey, leadership philosophy, and vision for advancing cyber excellence. Alana leads with a collaborative mindset, exemplifying what ‘Cyber Together’ truly means by driving connections, empowering teams, and delivering innovative solutions. Read on for our Q&A. 

Q: How did your journey into cybersecurity begin? 

A: I first started off in data governance – which sparked my interest in information security. I had the blessing of a great workplace that fostered my growth in the area – and mentors, specifically Maria Paz, who allowed me to take on different cyber responsibilities that weren’t siloed into one specific field. 

Q: How is ctrl:cyber’s Risk Operations Team advancing cyber excellence? 

A: At ctrl:cyber, we’re redefining standards by fusing Governance, Risk, and Compliance (GRC) with Security Operations (SOC.) What I’ve found in the past, is that there is a lack of communication between both domains, and what is reflected in one domain isn’t necessarily reflected in the other. So, you could have a suite of policies and procedures, none of which were implemented from a technical perspective, or work against what is already implemented. I also noticed there are certain alerts that come through in the SOC, that don’t cause any reflection to the policies or procedures of an organisation, and so the alert/threat continues to be recurring. These cause an issue where an organisation’s cyber maturity appears to be great on paper but is quite immature in practice. Unfortunately, this tends to be the norm.  

Q: What has been the most fulfilling project or initiative in your career? 

A: Incident Response stands out as the most fulfilling. While it can be stressful, it’s incredibly rewarding to limit the scope of compromise and deliver positive outcomes for clients. That tangible impact is what drives me. 

Q: If you could go back to the start of your career, what advice would you give yourself about navigating the cybersecurity industry?  

A: Don’t be afraid to ask questions! Speaking about different cyber topics is like another language in itself and so being open to asking as many questions as you can really help in your long-term understanding. 

Q: What advice would you give to those aspiring to specialise in risk management? 

A: You need to understand the technical environment to truly grasp organisational risk. You don’t have to be an engineer, but you need a comprehensive understanding of how technology works holistically. That knowledge is key to making informed decisions. 

Q: What are some common vulnerabilities organisations overlook? 

A: I think the media and pop culture tend to focus on external APTs behind their RGB keyboards who use complicated methods to hack into an organisation. A lot of incidents don’t really play out like that for most organisations. One major risk I always find is having an “acceptable use policy” that no one follows or enforces. I see a lot of incidents occur through misuse of work devices and accounts, where staff (of all positions, whether intern or CEO) mix work life and personal life, ultimately causing an incident. It doesn’t even have to be something extremely serious – I’ve seen compromise because a staff member wanted to transfer wedding photos to their work computer via USB, ultimately infecting the computer with a keylogger. I’ve seen staff try to buy wigs online and infect the computer with a trojan. I’ve seen staff watch inappropriate online content and as a result have their sessions stolen. Organisations need clear policies, consistent education, and technical enforcement to address these risks effectively. They also need to enforce staff disciplinary actions if the policy is breached. 

Q: What does ‘Cyber Together’ mean to you? 

A: For me, ‘Cyber Together’ is all about collaboration. Whether it’s between different cyber domains or across business functions, the goal is shared: advancing cyber maturity collectively. Collaboration is the cornerstone of meaningful progress. 

Looking Ahead 

With leaders like Alana, Ctrl continues to advance the standard in cybersecurity. Her dedication to fostering innovation, addressing real-world challenges, and empowering teams exemplifies what it means to lead ‘Cyber Together.’

Ready to advance your cybersecurity strategy? Connect with a Ctrl expert today↗