Senior Security Architect at Kainos, Jing Xu grew up in China in a family of engineers and was focused on a technical career from a young age. Moving to the UK, career developments propelled her from developer into management, and she used that chance to expand her skillset and broaden her impact before making a mid-career change to cybersecurity. Bridging both technical and non-technical roles and cultures, she’s learned that high expectations and continually developing your skillset are key to success — and that you can recharge your career with new challenges at any point.
Do cultural expectations help to liberate or set limitations on women in STEM?
China has a strong STEM culture, but even so there are still more male students than female, and expectations are lower for girls when it comes to their careers. It’s so subtle, you often don’t even recognise it, but it’s such a big thing when it comes to decision-making. Only at my current age do I realise that expectation is really what limits us. I wasn’t particularly ambitious, but my family is also not a typical Chinese family — my mom is very senior in her company and manages 2,000 people, so to me being a woman and being successful was always normal. I studied Electrical and Electronic Engineering at university and at 17 I went to Singapore on a scholarship. There I became a call centre software engineer and then a few years later in 2004, I moved to the UK to work in the banking and insurance sector as a software engineer. A couple of years later, the technology was outsourced to other companies at the business I was working in, so I moved into a management role, looking after critical services. I stayed in that role for nine years then came a restructure and some redundancies and that prompted a bit of a mid-career crisis, which left me wondering if I was still employable outside that market.
How did you manage the challenge of that crisis?
At the time, I was working on retail software that handles payment, and collaborating closely with the security team. I began to be intrigued more and more by cybersecurity and wanted to find out about it, but there were so many different opportunities within it that I felt I could easily just go down the rabbit hole and spend a lot of time on any one of them. I also soon realised that cybersecurity is not an easy career — to move into it you have to spend a lot of time learning and much of it is not easy to understand. When I was younger, if I liked something I’d just do it, but because I was contemplating a mid-career change, I took a couple of months to really figure out whether I needed to move on and did some certification while I was thinking. I also spent time getting technical again so I would be able to be hands on if I did move. The biggest challenge for me in this period was being able to interview and get rejections — all those things are hard at any point in your career. But when you haven’t done those for a while it makes you really uncomfortable. It was a lesson in always looking forwards, never back.
How do you keep yourself feeling confident as you grow your career?
At the beginning of my career and even up to a few years in, I felt quite uncomfortable because there were so many bright people around me. I realise now that I just needed more experience and training, which is often the case later in a career too. The world is changing so fast with technology that nobody knows everything, but we can always learn if we need to. You have to accept that and be willing to ask for help.
What have you learned in moving between technical and non-technical roles?
Having a technical skills background allowed me to be able to talk to engineers and ‘speak their language’ in my non-technical role, which leads to a much better conversation. On the other side, within technical roles, I always feel that you need to develop your soft skills too because that will help you to have a bigger impact — and allow you to work better with others and articulate and deliver something people can relate to.
What have the biggest challenges and opportunities been so far in your tech career?
One of my most recent projects was working on securing the NHS app. We had already been working on the app before the pandemic hit, and had to do a lot of work retrospectively, which was a challenge. We were also enabling the home delivery of prescriptions and Covid test kits, as well as the Covid proximity app, all of which really helped me to understand how complex the British healthcare system is. The team worked incredibly hard and had to respond to government announcements on a Friday evening, not knowing what the next policy change might be, when it was coming, and how it might influence our direction.
Would you recommend a career in cybersecurity security to young women?
I just did a piece of work recently where I looked at the gaps in the industry – and the estimate is a shortfall of 10,000 people to fill cyber vacancies per year in the UK, so there is no shortage of opportunities. And it is a great career – whether you are focused on the tech and testing side, or on being more hands on and in the process side of things. I’m really pleased with all the recent tech initiatives for women in the UK — there is a lot of encouragement now at different points in the pipeline for young women to consider STEM careers, and cybersecurity as a route, including the CyberFirst government initiative running in schools. Raising awareness of the opportunities out there for female talent and setting high expectations early can only be a good thing for everybody.
What advice would you give to someone considering a mid-career move to cybersecurity?
Know your strengths and your interests because there are so many different things you can do in cybersecurity at whatever stage you are joining it in your career. If you know anyone who is in the industry, then do use them as a resource — that perspective can really help you to navigate through and give you valuable feedback on your strengths, so you look at the right career path for you. Cybersecurity is also quite a certification-heavy industry which is something to consider if you are planning to make a move. There are a lot of different certifications out there that you will need to prepare for — but you need to be clear on where you want to go and choose the ones that most support you in your career path to be effective in your transition.
