“I would love to say I have one of those stories that I hear time and time again, like ‘I was a kid and I used to hack into things.’ That’s not my story,” says Lianne Potter, Head of SecOps at Asda, a large U.K.-based retail chain recently sold by Walmart.
Potter’s path to cybersecurity started on unconventional ground. After a decade-long career in wedding photography, Potter turned to her next passion: anthropology.
“I wanted to be an anthropologist — specifically, an anthropologist that looks at digital cultures,” Potter explains. She says she became fascinated by the construction of virtual worlds and how online and physical cultures interact, which led her into the technology space.
After earning her Master’s degree in anthropology, Potter started as a project manager at a charity, applying her degree to help solve the issue of destitution in Leeds, England. During her tenure at the charity, she noticed the growing digital divide affecting people in need in Leeds.
“What I was seeing time and time again was people were stuck in destitution because they couldn’t access online services. People traditionally would have gone to a job center and said, ‘Can I sign on and get job benefits for the time being?’ Now they will just point you to a bank of computers. If you’ve never touched a computer before, it’s just such a barrier to entry. We were really struggling with society’s demand to move technologically faster, which is great, but in doing so they were neglecting the very people that they should have been protecting,” she says.
This entry into the tech industry and its impacts on physical safety inspired her next move into cybersecurity. Looking to explore the technical side of cybersecurity, Potter taught herself how to code on weekends until she was prepared to enter the cyber workforce.
An anthropologist’s perspective
Her first role in tech was as software developer at the U.K. National Health Service (NHS), where she practiced the building blocks of digital security by baking cyber protections in on the code level.
“Tech was really exciting because everyone was collaborating — being a dev gave me exposure to a fun, innovative environment, but then we always had to deal with a siloed security team,” she says.
Her interactions with security from a developer perspective sparked her curiosity for the field, “and with some persistence, I managed to become a Security Operations Center (SOC) Analyst and I got to see firsthand why the departments were siloed,” Potter says.
Potter credits the lack of communication between the cybersecurity and development teams at NHS at the time with an internal culture issue.
“When I first joined the security team, the environment was very odd. I’ve not worked before in an environment that was so closed off even within themselves. So I started applying anthropology to them to kind of soften up the edges a little bit. When I first started, we barely said good morning to each other. By the time I left, we knew when each other’s birthdays were, what each other’s kids’ names were, etc. And that’s how I got into cybersecurity.”
Potter’s passion for anthropology has driven her to address the challenge of workplace culture in cybersecurity and use human interaction to improve security across organizations. Since entering the field, Potter has become a thought leader on security culture and an experience practitioner, speaking at industry conferences, serving on boards, leading a cybersecurity consultancy, and holding practitioner roles across the industry.
Cybersecurity from scratch
Today, Potter leads cybersecurity initiatives as Head of Security Operations at Asda. Potter joined as the U.K. grocery chain was sold by Walmart to build the cybersecurity program from the ground up.
A large retailer with more than 145,000 employees, creating a robust cybersecurity department is no easy task. In her current role, Potter is securing “the largest digital transformation project in Europe.” She counts herself lucky to work in an organization with the budget and buy-in to build a strong program, and is focusing on creating a cloud-first digital infrastructure at the retailer. The Asda cybersecurity team works to secure all users and technology across the organization, from robotics in warehouses to the organization’s Scan and Go mobile checkout system. While the digital transformation requires large technology implementations, Potter says the most important aspect of the cybersecurity build is the culture.
“At the end of the day, it’s all people-centric,” Potter says. “All these exciting technologies only work when you’ve got a great team behind you, and I’ve been very lucky to recruit some amazing people.”
Potter says she’s proud of the 50-50 gender split she’s been able to cultivate in her team, which she attributes to being a visible leader.
“One of my goals is to make sure that when I get to retirement age, I’ve left the industry in a better place than when I started,” she says.
Boots on the ground
Potter’s work toward gender parity and equality doesn’t stop at the hiring level. In addition to her recruitment efforts, Potter coaches women across the industry to negotiate higher salaries and reduce the gender pay gap. She says a Twitter bot that shared the details of gender-based pay gaps at large U.K. organizations — @PayGapApp — inspired her coaching work.
“I was inspired by the Gender Pay Gap Bot’s mantra of ‘Deeds, Not Words,’ and I thought, ‘How can I actually make an impact here?’ I’ve been successful in my own salary negotiations, so I figured I had some skills to add,” Potter says.
Since offering free coaching for women on salary negotiations, all of Potter’s trainees have either successfully negotiated a pay raise, promotion or moved on to another position. She says her one-on-one work has been just as impactful, if not more so, than speaking at events on a larger scale.
When it comes to impact, Potter hopes her career positively affects the cybersecurity industry. “I feel like my career has only just started. I’m really looking forward to seeing where it grows and develops.”