Next month, the annual Most Inspiring Women in Cyber Awards will take place at The BT Tower, London, celebrating some of the industry’s most inspirational – and oftentimes unsung – women.

Sponsored by Fidelity International, BT, Plexal and Bridewell, and proudly supported by industry-leading diversity groups WiTCH, WiCyS UK&I and Seidea, the 2026 event is set to be bigger than ever. To make sure everyone has had the chance to nominate, we’ve extended the nomination deadline until the 16th January 2026, 5pm GMT. 

For now, it’s time to introduce our 2026 judges, who have the exceptionally hard task of picking this year’s top 20 and five ones to watch… 

• Yasemin Mustafa, Director of the Cyber Security Portfolio at BT 
• Adam Haylock, Head of Global Cyber and Information Security Department at Fidelity International 
• Rebecca Taylor, Co-Author of Co-Author of Securely Yours: An Agony Aunts’ Guide To Surviving Cyber, and Threat Intelligence Knowledge Manager and Researcher at Sophos
• Adaora Uche, GRC Lead at THG (representing Seidea) 
• Joanne Elieli, Cyber Lead and Litigation Partner at Stephenson Harwood LLP
• Diane Gilbert, Senior Lead for Programmes at Plexal 
• Yvonne Eskenzi, Co-Founder of Eskenzi PR and Founder of The Most Inspiring Women in Cyber Awards
• Jennifer Cox, Director of Solutions Engineering, EMEA and APAC, at Tines (representing WiCyS UK&I)
• Hannah Arnold, London Ambassador for WiTCH – Women in Tech & Cyber Hub

The Gurus spoke to some of our judges about the 2026 awards and what they’re looking for in a good application. 

Adaora Uche, GRC Lead at THG 

Why are initiatives like this so important?

Initiatives like this matter because visibility changes possibility. Cybersecurity is still an industry where many women don’t see themselves reflected in leadership, technical authority, or decision-making roles. By intentionally spotlighting women who are doing impactful work, we challenge outdated perceptions of who belongs in cyber and what success looks like.

Beyond recognition, these initiatives create role models, momentum, and community. They validate the work women are already doing – often quietly and behind the scenes, and help open doors for others who are earlier in their journeys. Representation is not just symbolic, it is a powerful driver for inclusion, retention, and long-term change in our industry.

Why should people nominate?

People should nominate because inspiration often goes unrecognised unless someone speaks up. So much impactful work in cybersecurity happens behind the scenes. Particularly in governance, risk, privacy, and security leadership, where success often looks like problems prevented, risks mitigated, or the right questions being asked early. This kind of impact does not always attract attention, but it is critical.

A nomination is more than an accolade; it is an act of recognition and encouragement. It tells someone that their work matters, that they are seen, and that their journey can inspire others. Nominating also helps broaden the narrative of cybersecurity by showcasing diverse paths, backgrounds, and contributions that might otherwise go unnoticed.

What makes an ‘inspiring woman’ in cyber in your eyes?

First and foremost, I believe every woman in cybersecurity is inspiring. Simply showing up each day to help make the digital world safer, often in complex, high-pressure environments, is truly heroic.

An inspiring woman in cyber creates impact while lifting others as she progresses. She may be a technical expert, a strategist, a leader, or an educator, but what sets her apart is purpose, resilience, and a commitment to making the space better than she found it. She does not just respond to challenges, she anticipates them, questions the status quo, and contributes to safer, more ethical, and more inclusive digital environments.

She does not need to dominate the room to lead. Her credibility comes from consistency, thoughtfulness, and sound judgement. It also stems from her unwavering commitment to building systems and teams that are secure, resilient, and future-ready. Importantly, she uses her voice, whether in boardrooms, classrooms, or communities to share knowledge, mentor others, and make cybersecurity more accessible and human.

Adam Haylock, Head of Global Cyber and Information Security Department at Fidelity International 

Why are initiatives like this so important?

I often find myself in meetings counting the number of male versus female attendees. Too often, there are only one or two women in the room, surrounded by many more men.

In cyber, many men take for granted that they don’t have to overcome that initial sense of standing out before even contributing to the discussion or holding their ground. While we are making some progress in addressing the gender imbalance, initiatives like this are vital in keeping the spotlight on an issue that still matters deeply. They help encourage more women to put themselves forward, particularly where they may previously have hesitated, and to feel recognised and valued for the outstanding work they do, inspiring others along the way. 

Why should people nominate?

Nominations reinforce the value that female talent brings to our field. Diversity of thought, approach and communication is critical in cyber, a discipline that is as much about culture and behaviour as it is about technology.

Recognising and celebrating female talent strengthens that value proposition, especially when nominations come from male colleagues who see first-hand, and rely on, the expertise and impact that women bring to our teams.

What makes an ‘inspiring woman’ in cyber in your eyes?

Being in the minority in any environment can create invisible barriers and perceptions that are difficult to overcome. For me, an inspiring woman in cyber – a male-dominated field – is someone willing to step outside her comfort zone, try new things, take risks, and learn from setbacks.

Standing out in a male-dominated environment requires real courage, and that courage is inspiring in itself. We need more visible role models like this to attract more women into cyber and to show that it is a field where they can thrive, feel valued, and build rewarding careers.

Rebecca Taylor, Co-Author of Securely Yours: An Agony Aunts’ Guide To Surviving Cyber, and Threat Intelligence Knowledge Manager and Researcher at Sophos

Why are initiatives like this so important?

Initiatives like the ‘Most Inspiring Women in Cyber Awards 2026’ are so important because they shine a light on women who are accomplishing amazing things in an industry that is still largely male-dominated. Recognising these achievements in an inclusive and safe way helps ensure women feel seen, valued, and celebrated for their expertise and impact.

Beyond individual recognition, these initiatives also create visible role models. Seeing women celebrated for their achievements inspires others to enter the field, stay in the industry, and aim higher. It helps challenge outdated stereotypes, builds confidence, and fosters a stronger sense of community and belonging.

Ultimately, celebrating women in cyber isn’t just about awards – It’s about changing culture. It encourages equity, boosts morale, and helps build a more diverse, inclusive, and resilient cybersecurity industry for everyone.

Why should people nominate? 

People should nominate because recognition matters! Nominating is a powerful way to celebrate women who are accomplishing amazing things and making a real impact. Remember that a nomination (let alone a win!) can boost confidence, open doors to new opportunities, and remind someone that their work truly matters. Get those entries in!

What makes an ‘inspiring woman’ in cyber in your eyes?

In my eyes, an ‘inspiring woman in cyber’ is someone who brings others with them into the conversation. They lift people up, share knowledge, and create space for others to learn, grow, and feel they belong. They want to leave a positive footprint, not just through their work, but through the way they support and encourage those around them.  They are a role model, someone who shows what’s possible and inspires others to follow their own path in cyber with confidence and purpose.

It isn’t about money, job titles, or seniority. It’s about impact. An inspiring woman is thriving in what they do, and you can see that they genuinely love their work. That passion is contagious and motivating to others.

Joanne Elieli, Cyber Lead and Litigation Partner at Stephenson Harwood LLP at Stephenson Harwood LLP

Why are initiatives like this so important? 

Initiatives like this are instrumental in recognising and celebrating the achievements of women in cybersecurity, helping to raise their visibility and inspire others. These initiatives encourage diversity, challenge stereotypes, and can empower the women being recognised to stay and advance in the field. By providing networking opportunities and driving positive industry change, initiatives like this can also help to create a more inclusive and innovative cyber sector.

Why should people nominate? 

Nominating women in the cyber industry is a meaningful way to recognise and celebrate their expertise, dedication, and achievements. Formal nominations help to bring the contributions of our exceptional women to light, ensuring they receive the appreciation they deserve. This visibility can inspire other women and girls to pursue careers in cybersecurity, which in turn fosters a more diverse and inclusive industry.

What makes an ‘inspiring woman’ in cyber in your eyes?

An inspiring woman in cyber, in my eyes, is someone who demonstrates exceptional skill and dedication to her work while also uplifting and supporting others in the industry. She is passionate about solving complex problems and is eager to learn and adapt in a rapidly changing industry. Beyond her technical abilities, she actively shares her knowledge, mentors others, and advocates for diversity and inclusion. Her resilience in overcoming challenges and her willingness to break new ground make her a role model for both current and future generations in cybersecurity.

Jennifer Cox, Director of Solutions Engineering, EMEA/APAC, at Tines

Why are initiatives like this so important?

Women’s representation in cybersecurity still has a lot of ground to cover, and initiatives like this shine a light on those who are making an impact both technically and culturally. Recognition not only celebrates achievement but also helps change perceptions;  it shows the next generation that there’s space for them here, no matter their background or neurotype. When we platform diverse voices, we accelerate innovation and make our industry stronger, more inclusive, and more human.

Why should people nominate?

Nominating someone is a simple but powerful act of allyship and pride. Many brilliant women in cyber are so focused on lifting others up or doing the hard, often invisible work that they rarely stop to celebrate themselves. A nomination says, “I see you, I value what you’re doing, and you’re shaping this industry.” You never know who might need that encouragement to keep going or step into an even bigger role, and for other women just starting their cybersecurity careers visibility of these trailblazers and their capabilities is key.

What makes an ‘inspiring woman’ in cyber in your eyes?

For me, an inspiring woman in cyber is someone who leads with both competence and compassion. She’s technically grounded, but she also uses her voice and position to make space for others; especially those whose stories aren’t often heard. She’s authentic, curious, resilient, and not afraid to challenge the norm. Above all, she shows that success in cybersecurity isn’t about fitting a mould; it’s about rewriting it so more people can belong.

 

—

You can nominate here. 

The post Most Inspiring Women in Cyber 2026: Meet The Judges appeared first on IT Security Guru.

As Santa starts his travels, experts are warning that his arrival could bring with it a range of cyber risks, from scams to insecure gadgets.

Whilst Santa prefers to deliver via chimney, most cybercriminals are looking for backdoors. In some cases, hackers prefer to deliver malicious communications via email. Worryingly, in 2025, scams are not just more common, they’re often harder to spot. Earlier this month, researchers from the team at Check Point detected 33,502 Christmas-themed phishing emails in the first two weeks of December, along with more than 10,000 fake advertisements being created daily on social media channels. Many mimic festive promotions, while others push fake Walmart or Home Depot deals, fraudulent charity appeals, and urgent delivery notices.

Why is this time of year so popular for cybercriminals? Ian Porteous, Regional Director, Security Engineering, UK & Ireland at Check Point Software, notes that “Cybercriminals love Christmas just as much as shoppers do, but for all the wrong reasons. This time of year, people are more exposed due to the sheer volume of digital interactions – shopping online, sending e-cards, and grabbing festive deals. That makes it the perfect opportunity for scammers.”

Which other types of attacks should consumers look out for?

Javvad Malik, Lead CISO Advisor at KnowBe4, highlighted a range of common festive scams that consumers should be alert to during the Christmas period. He warned that these include “fake courier messages – like texts from Royal Mail, DPD, Evri etc”, often claiming “we tried and failed to deliver” or asking recipients to “pay a small fee to release it”. Malik also pointed to deals that are too good to be true, such as “ridiculous savings, 90% off named brands”, as well as gift card scams and urgent favour requests, typically appearing as “a WhatsApp or email from your boss or family member usually”. Other tactics include charity scams involving “fake charities trying to pull at heartstrings during the season of giving”, fraudulent shopping emails claiming “your payment failed” or that “your Black Friday order couldn’t be processed”, and holiday job or side hustle offers that require victims to “pay an upfront fee for training or admin”, which in some cases can result in individuals unknowingly becoming money mules.

“Digital security at Christmas starts with prevention,” adds Ian Porteous from Check Point. “Staying alert and cautious online can make all the difference – protecting your personal information and ensuring a stress-free festive season.”

Javvad Malik from KnowBe4, urges consumers to ask the following questions before taking action:

• Was I expecting this?
• Is this how we normally do it?
• Is this invoking an emotional response?
• Is it time-sensitive (rushing me)?
• Have I checked it somewhere else?

 

The post Cyber Experts Warn of Increased Consumer Scams This Festive Season appeared first on IT Security Guru.

Once again, it’s predictions season. We spoke to experts from across the cybersecurity industry about what the future of cyber may look like as we head into 2026. From AI ethics and API governance to the UK’s Cyber Security and Resilience Bill and exponentially increasing threats, there’s set to be a big shake up to the industry next year (again). What it means to be cyber resilient, against a tide of increased threats, is, once again, changing.

So, let’s hear what the experts thing:

Rising Ransomware

Rebecca Moody, Head of Data Research at Comparitech:

“Even with a couple of weeks to go, ransomware attacks have increased significantly from 2024 to 2025. According to our statistics, 2024 saw 5,621 attacks, while 2025 has already seen 7,042 – a 25 percent year-on-year increase.

I expect the level of ransomware attacks to remain high throughout 2026 as hackers continue to exploit vulnerabilities, target key infrastructure, public services, and manufacturers, and seek to steal large quantities of data in the process. 

If 2025 has taught us anything, it’s that hackers see third-party service providers as the perfect target because they not only give them potential access to hundreds of companies through one source but also enable large-scale data breaches. Key examples include the recent attack on Marquis Software Solutions which has seen one of the largest data breaches of 2025 (1.35 million and counting) and has affected hundreds of banks and credit unions, and Clop’s Oracle zero-day vulnerability exploit which has seen over 100 companies affected to date. 

While companies are going to want to make sure they’re on top of all the key basics (carrying out regular backups, patching vulnerabilities as soon as they’re flagged, providing employees with regular training, and making sure systems are up to date), 2026 will hopefully bring increased awareness of the vulnerability companies face through the third party services they use. Although utilising third parties for various services is essential for a lot of organisations, it’s crucial these organisations are vetting and testing the software they’re using (where possible). Even with the most robust systems in place, this is irrelevant if the third parties they’re using aren’t adhering to the same standards.”

Compliance, Industry Guidance and Regulations

Jamie Akhtar, CEO and Co-Founder of CyberSmart: 

“The cyber market and its regulatory landscape are shifting quickly and organisations are starting to feel the pressure of a more demanding regime. This will continue throughout 2026. As the Cyber Resilience Bill comes into force, it brings with it mandatory adoption of the Cyber Assessment Framework across critical sectors. The scope of regulation expands as the definition of Relevant Managed Service Providers is broadened, placing managed service providers (MSPs) directly in the regulatory spotlight. This change introduces new duties around incident reporting, baseline security controls and formal assurance, meaning that both service providers and their customers must operate with far greater transparency and discipline. The CyberSmart 2025 MSP survey saw that this was already starting to happen. 77% of MSPs reported that their businesses’ security capabilities were already coming under greater scrutiny by prospects and customers. This suggests that MSP customers are more aware than ever of the importance of good cyber credentials in a potential partner – and this will only continue.”

Bill Dunnion, CISO at Mitel, said: 

“The future of cybersecurity lies in thinking like the adversary. Traditional defensive postures, firewalls, monitoring, and compliance checklists, are no longer sufficient against threats that move faster and learn continuously. Offensive security practices such as red teaming, threat hunting, and penetration testing will evolve from optional exercises to essential functions of risk management.

The guiding principle is simple: what you don’t know can hurt you. Proactively testing systems exposes blind spots before attackers do. The next generation of programs will combine structured frameworks, such as NIST and ISO, with continuous offensive assessments to create dynamic, adaptive defence ecosystems.

Mature organisations will recognise that compliance does not equal security. Instead, they will integrate continuous testing into their operations, utilising real-world attack simulations to enhance defences and quantify risk in business terms. The result is smarter, faster decision-making that results in better protection.”

Quantum Computing

Daniel dos Santos, Senior, Director, Head of Research at Forescout:

“[I predict that there will be] escalating attacks on unmanaged devices. Edge devices such as routers and firewalls, as well as IoT in the internal network such as IP cameras and NAS are all becoming prime targets for initial access and lateral movement, with a growing number of zero-days and custom malware. These devices are usually unmanaged and unagentable, so organisations need to invest in other forms of visibility, threat detection and incident response based mainly on network signals. This will ensure they can proactively mitigate the growing risk from these devices, detect when attacks leverage them and respond to those quickly to prevent them from becoming major incidents.

Growing number of hacktivist attacks. Most organisations have a threat model based on defending against cybercriminals and state-sponsored actors. Hacktivists until recently were treated as a “nuisance” because of their focus on DDoS and simple defacements. Now these groups have been growing in number and sophistication – targeting critical infrastructure at alarming rates. This will extend into 2026 and organisations need to ensure their threat models include these groups too.

Starting the migration to post-quantum cryptography (PQC). 2025 was the year when commonly used technologies, from web browsers to SSH servers, started implementing post-quantum cryptography. 2026 will be the year when organisations will need to inventory their network assets and understand what is already supporting the technology, what isn’t and what are the timelines to migrate. Especially in government, financial services and critical infrastructure, the migration to PQC will soon move from “something we should think about” to “we need to act now”. Organisations will need tools that can automatically and continuously inventory their network assets, since it’s not realistic to expect hundreds of thousands of devices to be manually checked.”

Simon Pamplin, CTO – Certes:

“If we’re talking about cyber challenges for 2026, I think the thing businesses really need to get their heads around is the widening gap between the pace of quantum-age cryptography and the speed at which most organisations update their production systems. Attackers don’t need a working, large-scale quantum computer right now to cause trouble. Many of them are already quietly collecting encrypted data, sticking it in storage, and waiting for the day they can crack it. That turns anything with a long shelf life, financial records, personal data, IP, into a liability on a timer. 

The problem is that too many organisations still behave as though the encryption they use today will protect them forever. It won’t. Shifting to post-quantum cryptography is  potentially challenging and slow to deploy, and most businesses massively underestimate how many of their legacy systems, third-party integrations and data flows rely on algorithms that simply won’t stand up to what’s coming. 

So, preparation has to begin before the threat is fully realised. Quantum computing isn’t some distant sci-fi concept anymore; it’s getting close enough that organisations can’t ignore it. Start by working out where your sensitive data actually goes, sort out the long-life data first, and separate out your truly critical data streams so one weak spot doesn’t bring the whole lot down. PQC isn’t something you bolt on, it’s a phased transition, and the ones who start early won’t be the ones panicking later.”

Darren Guccione, CEO and Co-Founder of Keeper Security:

“The quantum era will usher in extraordinary innovation and unprecedented risk. In 2026, business leaders will be faced with the reality that preparing for the post-quantum future can no longer wait.

“Harvest now, decrypt later” attacks are already underway as cybercriminals intercept and archive encrypted traffic for future decryption. Large-scale quantum computers running Shor’s algorithm will shatter existing encryption standards, unlocking a time capsule of sensitive data. From financial transactions and government operations to information stored in cloud platforms and healthcare systems, any data with long-term value is at risk.

While the timeline for practical use of quantum computers capable of breaking public-key cryptography remains uncertain, business leaders must take action now. Regulators worldwide are urging enterprises and public-sector organisations to inventory cryptographic systems, prepare for migration and adopt crypto-agile, quantum-resistant strategies.

In 2026, expect the conversation around quantum risk to shift from theoretical to tactical. Organisations will begin treating encryption not as a background control, but as a measurable component of operational resilience. Discussions once limited to cryptographers will move into boardrooms and procurement teams, as leaders demand visibility into how long their data can remain secure under existing models. The focus will broaden from purely technical readiness to governance, understanding where every key, certificate and encryption method is deployed across the enterprise and how quickly each can be replaced.

Forward-looking organisations will also start piloting hybrid cryptography that blends classical and post-quantum algorithms, testing performance, integration and cost. These early implementations will surface new challenges around key management, compatibility and standardisation, driving broader collaboration between governments, technology providers and enterprises.”

Experts at KnowBe4 said:

“Q-Day, the day when quantum computers become sufficiently capable of cracking most of today’s traditional asymmetric encryption, will likely happen in 2026. The security of these systems has never been more important. Organisations must strengthen human authentication through passkeys and device-bound credentials while applying the same governance rigor to non-human identities like service accounts, API keys and AI agent credentials.”

Agentic AI and Deepfakes

Ruth Azar-Knupffer, Founder at VerifyLabs.AI:

“By 2026, deepfakes will continue to be an accepted part of everyday life, like it is today. Not all of them will be harmful. Satire, memes and creative uses of AI will continue to entertain and even inform, but the real risk lies in how easily the same technology can be misused. We will see a sharp rise in deeply personal scams, impersonation and online abuse that feels more convincing than anything we have experienced before, because it looks and sounds real.

The impact will go far beyond financial loss. Deepfakes will increasingly damage relationships, reputations and mental well-being, eroding trust between people and in the information we consume. In an age where seeing is no longer believing, society will be forced to rethink what trust looks like online.

This shift will redefine digital literacy. It will no longer be enough to know how to use technology; people will need the confidence to question it. Verification, context and authenticity will become everyday considerations, not specialist concerns. Those who adapt will navigate AI with resilience, while those who don’t risk becoming overwhelmed by doubt and deception. Trust won’t disappear, but it will have to be rebuilt on new foundations, built on ones that recognise both the power and the limits of artificial intelligence.”

Eric Schwake, Director of Cybersecurity Strategy at Salt Security:

“Agentic AI will create a fundamental shift in how internal systems behave. As autonomous agents begin acting on behalf of users and applications, they will trigger a surge in internal API calls that far exceeds traditional human-driven traffic patterns. The impact will not be felt at the perimeter first. It will surface deep inside the stack, where shadow interfaces, legacy services, MCP servers and automation endpoints sit without the instrumentation needed to distinguish noise from legitimate business activity. Security teams will discover that their monitoring models, built for predictable and comparatively low-volume interactions, cannot interpret agent-generated activity. This will accelerate the move toward context-aware runtime protection and real-time behavioural baselining rather than static rules or credential checks.

As this shift unfolds, discovery will become the single most important capability in the API security budget. AI agents do not wait for formal onboarding processes before invoking new endpoints. They identify and call whatever interfaces appear relevant, whether sanctioned or not. In response, CISOs will transition from periodic inventory exercises to continuous, automated discovery across the entire API fabric. Visibility will need to extend into MCP infrastructures, internal endpoints and interfaces generated dynamically by agentic workflows. The guiding principle is straightforward: security cannot exist where visibility does not.”

James Moore, Founder & CEO of CultureAI:

As we move into 2026, the biggest risk isn’t AI itself, rather it’s the blind spots organisations still have around how their people and their tools are actually using it. Almost everybody is now using AI platforms, often without knowing what data those tools retain or how it’s used. With an abundance of AI comes an abundance of data loss. I predict three major threat shifts that will define 2026:

1. The rise of invisible AI usage, especially in everyday SaaS.

What people think of as ‘AI tools’ is too narrow. An AI app is any SaaS application that takes data and passes it into a model. Most organisations haven’t even scratched the surface of understanding that. I believe that embedded AI features within SaaS apps, beyond common AI tools like ChatGPT or Copilot, could contribute to enterprise data-loss incidents next year.

2. Legacy controls will continue to fail, not because they’re bad, but because they weren’t built for this problem.

 To solve AI data-loss, you have to understand the contents of every request going to an AI app. DLPs and CASBs simply weren’t built for that. You can’t just turn those apps off and block them all and hope for the best.

3. Agentic AI will create a new class of blind spots.

I expect that we will see the emergence of AI agents that act, browse, and make API calls independently. When AI starts taking actions on your behalf, you move from securing human behaviour to securing autonomous behaviour. Most organisations aren’t remotely ready for that.

However, I also believe that 2026 will be the year that enterprises unlock AI at scale. This can only be done if they treat usage as a governance and enablement problem, not a blocking problem. Our job isn’t to scare people away from AI. It’s to give them the visibility and control to use it safely, at speed. The organisations that win in 2026 will be the ones that move to the top-right quadrant: high adoption and high security, not one or the other.”

Simon Gooch, Field CIO & SVP Expert Services at Saviynt:

“AI is forcing organisations to rethink what identities are critical to manage and if they have the right tools and approaches to ensure they are able to support their organisation’s AI and technology transformation priorities. Identity has always been central to protecting systems and data, but AI is altering how we think about this construct. There is a growing realisation that identity is the single most critical currency of all technology transactions and having an integrated technology, security and identity strategy that is designed to this reality is key. In the new reality of our evolving tech ecosystem we’re no longer solely dealing with employees, partners, providers, privileged users and non-human constructs; we’re entering a world where automated processes, bots and AI agents hold access, make decisions and interact across networks, systems, supply chains and organisations. The adoption of AI-powered capabilities is happeing at a pace that the reality and implications of which is still not well understood. Often, organisations are still in a phase of discovering and testing what they can deliver, yet each deployment introduces a new point of possible risk. The result is an expanding and increasingly complex set of identity security challenges.

This shift has pushed identity out of the back office and into the heart of business operations, risk management and long-term planning. The difficulty, of course, is that most organisations are still managing legacy systems, hybrid environments and thousands of human identities while preparing for an AI-driven future, not to mention the non-human identities they already rely on. Identity security must now not only protect AI agents, but also harness AI itself if it’s to keep pace.

Amid all this change, we’re watching identity security evolve from a compliance exercise to a core security discipline, and now into an essential enabler for business transformation and AI adoption. Security and business leaders alike are working at pace to manage and govern human, non-human and AI agent identities in a way that is both resilient and scalable.”

Dipto Chakravarty, Chief Technology Officer at Black Duck:

“The traditional approach to vulnerability management and security testing will certainly be disrupted, primarily driven by the increasing adoption of AI in cybersecurity. The old software world is gone, giving way to a new set of truths defined by AI. AI will significantly alter how organisations identify and mitigate vulnerabilities, becoming both a tool for attackers and defenders. Threat actors will leverage AI to automate and scale attacks, while defenders will use AI to enhance detection and response capabilities. Organisations will need to invest in AI-driven vulnerability scanning and predictive analytics to stay ahead of emerging threats. AI-powered security tools will enable security teams to analyse vast amounts of data, identify patterns, and predict potential threats before they materialise. The role of AI in AppSec will be transformative, and organisations that fail to adapt risk being left behind. As AI continues to evolve, it’s essential for security leaders to prioritise AI-driven security measures and invest in the necessary skills and technologies to stay ahead of the threats.”

Next Generation Hackers

Anthony Young, CEO at Bridewell, said:

“Unfortunately, it’s unlikely that 2025’s headline breaches are not the peak, they’re the warning signs. As we move into 2026, the legacy of these cuts will continue to degrade organisations’ defensive posture. We’ll likely see fewer, but far more impactful, attacks focused on shared platforms, third-party suppliers and critical infrastructure.

Cybersecurity is now facing the same kind of social and economic pressures that drive crime in the physical world. When times get tough and oversight weakens, the barrier to entry for malicious activity falls. If we continue underinvesting in resilience and accountability, we risk normalising cyber aggression as a form of expression or protest.

Many organisations have been forced to delay modernisation, freeze hiring and reduce investment in defensive capabilities. The result is fewer defenders, slower detection, and weakened resilience, just as adversaries become more aggressive and technologically advanced.

This new wave of attackers doesn’t always fit the traditional profile. We’re seeing a generation that grew up online, with access to open-source data, leaked credentials and automated tools that make disruption easy. What’s changed is the lack of deterrence. In online communities, the reputational rewards of causing chaos often outweigh the perceived risk by these individuals of getting caught.”

The post We Asked the Experts: 2026 Predictions appeared first on IT Security Guru.

Nominations are now open for the 2026 Most Inspiring Women in Cyber Awards! The deadline for entry is the 9th January 2026. We’re proud to be media supporters once again. 

The 2026 event is hosted by Eskenzi PR and sponsored by Fidelity International, BT, Bridewell and Plexal – organisations that are leading the way in making the cybersecurity industry more inclusive. The 6th annual event, held at the iconic BT Tower on the 26th February 2026, aims to celebrate trailblazers at all stages of their careers from across the cybersecurity industry who are doing exceptional things. 

Additionally, Eskenzi PR has partnered with some of the most influential women in cyber groups to help shape the awards, ensuring they are more inclusive and intersectional than ever before. By partnering with WiCyS UK & Ireland Affiliate and Women in Tech and Cybersecurity Hub (WiTCH), it is hoped that the 2026 event will reach an even wider range of inspirational women from across all corners of the globe.

Aiding in this mission, cybersecurity consultancy Bridewell has committed to sponsoring a bursary that will allow the UK based winners of the Ones to Watch category to attend the awards with paid travel and accommodation. A new addition for the 2026 awards, sparked by industry feedback, this move is hoped to remove the financial barriers of attending industry events for people starting out in their careers.

Cybersecurity continues to face challenges with diversity and representation. According to research by ISC2, women now make up about 22% of the global cybersecurity workforce. Despite the industry’s growing demand for skilled professionals – driven by escalating talent shortages and increasingly sophisticated threats – representation remains limited. Building a more inclusive cybersecurity community requires visible role models, mentorship, and active encouragement. After all, we cannot become what we cannot see.

The Most Inspiring Women in Cyber Awards aims to bring together and empower incredible women (both established and those starting out their careers) and make long lasting connections.

Nominations can be submitted via this link and will remain open until 5pm on Friday 9th January 2026. An esteemed panel of judges (yet to be confirmed) will then review the submissions and narrow the list down to the Top 20, each of whom will be profiled on the IT Security Guru. There will also be five women crowned ‘ones to watch’.

On the 26th February 2026, a physical awards ceremony will be held in London at the iconic BT Tower. The event will include a welcome address and an informal panel discussion with a Q&A featuring industry leaders. Then, the finalists will be awarded their certificates and trophies. The event will conclude with networking over food and drinks at the top of the tower. Finalists, judges, and guests are welcome to attend in person and the public can tune in to the ceremony via a live stream. More information to be provided soon.

The award’s founder, Yvonne Eskenzi, said: “We’re delighted to once again host the Most Inspiring Women in Cyber Awards, supported by industry leaders including Fidelity International, Bridewell and Plexel. With BT’s continued partnership, it’s a pleasure and a privilege to return to the iconic BT Tower once again for this special occasion. At Eskenzi, we remain deeply committed to championing diversity in cybersecurity through meaningful action. Together with leading women’s networks and forward-thinking organisations, the Most Inspiring Women in Cyber Awards aims to celebrate, elevate and empower women across the sector while helping to forge lasting connections among all who attend.”

‘Women in Cyber’ group, at Fidelity International, said: “At Fidelity International, supporting the 2026 Most Inspiring Women in Cyber Awards reflects our belief that empowering women strengthens cybersecurity. As cyber threats intensify, diverse perspectives are key to safeguarding our digital future. By championing talent and creating opportunities, we aim to inspire the next generation of women leaders in cybersecurity.”

Laura Price, Cyber Skills Partnerships Manager at BT Business, said: “At BT Business, we’re committed to helping organisations stay connected, secure, and future ready. Supporting the Most Inspiring Women in Cyber Awards reflects our belief that diversity and innovation go hand in hand. By celebrating role models and amplifying voices, we aim to inspire the next generation of cyber leaders and strengthen the resilience of businesses in an increasingly digital world.”

Diane Gilbert, Senior Lead Programmes at Plexal, said: “Plexal supports women in cyber to build careers and grow their businesses. Wonderful moments like the Most Inspiring Women in Cyber Awards provide an opportunity to celebrate the increased inclusion and diversification of the industry to date. And reinforces the important role we all play in keeping the momentum going on female representation in the sector. Plexal is excited to be a returning sponsor of the 2026 awards.” 

For more information and to nominate visit: https://www.itsecurityguru.org/most-inspiring-women-cyber-2026/

The post Nominations Open For The Most Inspiring Women in Cyber Awards 2026 appeared first on IT Security Guru.

Amelia Hewitt, Co-Founder (Director of Cyber Consulting) at Principle Defence and Founder of CybAid, and Rebecca Taylor, Threat Intelligence Knowledge Manager and Researcher at Sophos, are proud to announce the launch of the second series of The Cyber Agony Aunt Podcast (formerly Securely Yours Podcast). The new season is now available to stream on all major platforms.

The Cyber Agony Aunt Podcast is an empowering series hosted by Hewitt and Taylor, two accomplished cybersecurity professionals, recorded at Matinee Studios in Reading, UK. Drawing on their extensive experience in the field and their roles as mentors, they use an “agony aunt” format to address the real-life questions and challenges faced by professionals.

Inspired by classic magazine advice columns, the podcast offers practical guidance for those building and thriving in cybersecurity and related careers. Through candid conversations and questions from mentees and peers, Hewitt and Taylor explore pressing topics such as active allyship, burnout, sexual harassment, threat intelligence, and overcoming adversity. Their confessional tone ensures that no issue is considered off-limits.

To further enrich the series, Season 2 features a selection of seasoned professionals who share their perspectives, lived experiences, and expert insights in specially curated episodes. Amelia Hewitt and Rebecca Taylor have had the privilege of speaking with:

• Callum Stott(Sales Director at Matinée Multilingual),
• Karl Lankford(Senior Director, Solutions Engineering at Rapid7),
• Phoebe Farrelly(Deals – Lead Advisory & Restructuring at PWC, and Branch Coordinator for CyberWomen Groups C.I.C),
• Nikki Webb(Global Channel Manager at Custodian360, Founder of The Cyber House Party, and Volunteer Marketing Coordinator at The Cyber Helpline),
• Will Lyne(Head of Economic & Cybercrime at the Metropolitan Police Service),
• Pauline Campbell (Principal Lawyer at London Borough of Waltham Forest & Social Justice Author),
• Jake Moore(Global Cybersecurity Advisor at ESET)
• Zak Layton-Elliott(Director of Partnerships at CybAid ,and Cyber Security Analyst at Principle Defence).

The Cyber Agony Aunt Podcast offers practical guidance for anyone seeking to advance their career in cybersecurity. Driven by the belief that everyone should thrive, not merely survive, the series aims to make professional growth attainable through accessible, actionable advice. Hewitt and Taylor approach even the most complex and uncomfortable topics with honesty and empathy, ensuring no conversation is left unspoken and no listener feels alone.

Co-host Amelia Hewitt said: ‘It’s been an incredible journey. We have been very fortunate to have lots of guests on the series, all happy and willing to share their opinions and thought leadership. This series is a real eye opener, myth buster and level setter for anyone wanting to understand the nitty gritty of a career in the cyber industry.’

Co-host Rebecca Taylor added: ‘This podcast is about showing that no-one in cyber is alone. By bringing together voices from across the industry, we’re breaking down barriers, sharing real experiences, and proving that a career in cyber is possible for anyone – even with all its challenges. We’re not shying away from the tough conversations; we’re having them, so others don’t have to face them in silence.’

The Cyber Agony Aunt Podcast, hosted by Amelia Hewitt and Rebecca Taylor, is now available to stream on all major platforms. Their first book, Securely Yours, is also available for purchase on Amazon (you can read the IT Security Guru’s Q&A with the hosts here). The duo are currently working on their highly anticipated second book, ‘Resilient You: An Agony Aunts’ Guide to Keeping It Together’, scheduled for release in April 2026.

The post Podcast Empowers Professionals to Thrive in Their Cybersecurity Careers appeared first on IT Security Guru.