This upcoming International Women's Day, we're celebrating the women who are making a meaningful impact at Infotrust, and within the Australian cyber security industry.
In this feature, we caught up with Sonia, Associate Security Consultant, to explore her journey into the industry, lessons learned, and her advice for the next generation of women in technology.
My early educational background is in digital electronics, where I studied microprocessors, communication engineering, data transmission across computer buses, and how computer memory works at a low level. I began my career in the industry in a customer support role, which exposed me to real‑world technical issues and sparked my curiosity about cyber security.
As my interest grew, I decided to formally strengthen my skills by completing an Advanced Diploma in Cyber Security. This helped me transition fully into the cyber security field, eventually leading to my current role at Infotrust.
In my role, I conduct security maturity assessments across frameworks such as ISO 27001:2022, NIST CSF 2.0, CIS Benchmarks, and the ASD Essential Eight. My work involves reviewing documentation, analysing existing security controls, and conducting stakeholder interviews to understand current practices and identify gaps.
What I enjoy most is the combination of analysis and collaboration—translating complex security requirements into practical recommendations that help organisations strengthen their cybersecurity posture. It’s rewarding to see how the work directly supports risk reduction and contributes to improving an organisation’s overall resilience.
As an Associate Security Consultant (GRC), some of the pressures come from managing multiple tasks at once - such as balancing deadlines, coordinating with clients, and ensuring we receive the information needed to complete assessments on time. Another challenge is translating technical concepts into clear, plain language so that non‑technical stakeholders can easily understand the risks and recommendations.
To manage stress, I focus on planning and prioritising my workload to stay organised and avoid last‑minute pressure. Outside of work, I make time for activities that help me recharge, such as taking walks, listening to music, and spending time with my kids. These routines help me unwind, stay focused, and maintain a positive mindset at work.
I would say don’t believe in the stereotype that cyber security is only for men - the industry is evolving, and there is space for everyone who is passionate and committed. Believe in your abilities, focus on strengthening your technical and domain knowledge, and stay curious about learning new things. Most importantly, be patient with your growth journey, because cyber security is a field where experience builds over time.
My future career plans are focused on continuously enhancing both my professional and personal development so I can contribute more effectively to my team and support organisational goals. I aim to deepen my expertise in cyber security governance and architecture, strengthen my technical capabilities, and take on more strategic responsibilities that help drive security maturity and business value