News & Insights

It’s that time of year again…it’s Hacktober and we’re catching up with Katherine Russell, CISO and Head of Technology Risk and Governance at Santander Consumer UK.

Katherine gives us a look into her current role, the biggest challenges in the field of cybersecurity within our industry, and tips and tricks on how to avoid Phishing.

Can you tell us about your current role and responsibilities?

I am currently CISO and Head of Technology Risk & Governance for SCUK.  I am responsible for identifying, mitigating, and managing technology and information security risks to the organisation, as well as ensuring compliance with regulatory requirements and internal governance.

How did you get started in this career? Tell us a bit about your career background/ SCUK history.

I have worked in technology for almost 30 years, starting as a junior Helpdesk Analyst.  I then moved into various Technology Risk and Governance roles. I then had the opportunity to move to the USA for a three-year assignment as an Internal IT Auditor.  After returning to the UK, I worked as a Senior IT Risk & Governance Analyst before moving to my current role at Santander Consumer.

What keeps you passionate about your work?

No day is the same, there is always something challenging to work on.

What are the biggest challenges in the field of cybersecurity within our industry?

The biggest challenge is the constantly evolving threat landscape, with new technologies and devices, threats are evolving too.  The increasing complexity of new technologies and trends such as cloud computing.

Phishing is a common attack method – how can people identify a phishing email or message?

Phishing attacks are becoming more sophisticated and harder to spot.  Some things to look out for are:

  • The senders email address – phishing emails often use email addresses that look like a legitimate one but may contain typos or be from a domain that is different from the legitimate one.
  • Urgent of threatening language – phishing emails are designed to create a sense of urgency or fear.
  • Suspicious attachments or links – phishing emails often include attachments or links that are disguised as legitimate files or websites, but in reality, they are malicious.
  • Request for personal or financial information – legitimate companies will not ask you to provide personal or financial information through email.
  • Poor spelling and grammar – phishing emails are often poorly written with spelling and grammar mistakes.

What are some best practices everyone should follow to stay safe online, both at work and at home?

  • Use strong and unique passwords and avoid using the same password for multiple accounts
  • Keep software up to date.
  • Use anti-virus and anti-malware software
  • Avoid using public Wi-Fi networks for sensitive transactions
  • Enable two-factor authentication
  • Back-up your data
  • And finally, be mindful of your online activities and avoid sharing sensitive information online.

Do you have any career advice who are looking to pursue, or move forward, with their career in cyber?

Obtain the relevant education and training to develop technical skills and try to gain practical experience.  Stay up to date with the latest threats and trends and finally build a professional network, this could be by joining a professional organisation like ISACA or ISC2.

Lastly, outside of your professional achievements, is there anything that people might not know about you? Hobbies, passions or fun facts you’d like to share?

I am on the Board of ISACA Winchester Chapter – join us to build your professional network and knowledge.

My hobbies are maintaining my YouTube Channel (Mainline Steam, Heritage & Light Railways) as I am a big fan of Heritage Railways. Researching my family history, which I have been doing now for almost 30 years.  I have also just started learning to play the Ukulele.