Dr. Rois Ni Thuama: Get into the game. [Cyber governance] [Career Notes] - CyberWire Daily

Summary5 min read

Podcast Summary: Dr. Rois Ni Thuama – “Get into the Game.” [Cyber governance] [Career Notes]

CyberWire Daily – August 16, 2025
Host: N2K Networks

Overview

This episode features Dr. Rois Ni Thuama, Head of Cyber Governance at Red Sift, sharing her winding career journey and deep insights into the evolving field of cyber governance. The conversation offers a candid look at how personal interests, academic choices, and unconventional professional experiences can intersect to build a successful path in cybersecurity governance. Dr. Ni Thuama emphasizes the critical need for multidisciplinary approaches, robust understanding, and adaptability as cybersecurity challenges become ever more complex.

Key Discussion Points & Insights

Early Influences & Career Origins

Passion for Investigation & Language
• Dr. Ni Thuama recounts early aspirations of becoming a police officer or detective, stemming from a procedural curiosity and the excitement of overhearing adult conversations at family gatherings.
• She shares a formative memory about the power of reading and writing:

“If you write something down and then you leave a room, somebody else can come into a room and then they will know your idea. And that just blew my mind.” (01:08)
Academic Journey and Detours • Initially planned to study law, starting instead with philosophy at Trinity College Dublin.
• Inspired by global events – notably South Africa’s Truth and Reconciliation Commission – she traveled to South Africa to witness history, which unexpectedly led to work in music videos and wildlife documentaries.

“I felt like history unfolding. I’m not quite sure how I ended up making music videos and wildlife documentaries, but this is relevant.” (03:03)

Entry into Technology and Governance

Unconventional Move to Tech • Relocation to London led to employment with Shazam, thanks to her music industry experience.
• Her time at Shazam was pivotal, exposing her to the ethos of good corporate governance (before she even knew the term) and risk management.
Corporate Governance at Startups • Shazam’s workplace culture was defined by values like accountability, transparency, discipline, and fairness, setting a standard for Dr. Ni Thuama's future professional ethos. • She highlights the societal value of startups:

“It’s really clear to me the value that they could bring, not just to the business and the stakeholders and the investors, but actually to society.” (04:30)

• Connections from Shazam continue to influence her career:

“Bizarrely enough, 20 years later, some of the guys that I worked with at Shazam are the company that I’m in now.” (03:56)

Return to Academia & Cyber Governance Evolution

Advanced Studies and Transition to Cyber • Returned for a master’s and PhD in governance, motivated by the financial crisis’s lessons. • Recognized the growing significance of cyber as a corporate risk, often tackled only at a technical level. • Advocates for a holistic, multidisciplinary approach:

“We keep hearing that businesses need to have a holistic approach that means that you need all hands to the pump.” (05:56)

• Notes that leadership roles in cyber governance can and should shift between legal, technical, HR, and operational experts, depending on the issue.

“People need to be well versed and they need to have a really good, deep foundational understanding of what it is they’re going to talk about before they take the floor, if you like.” (06:30)

Current Focus & Industry Trends

Paradigm Shift in Cybersecurity Perception • Dr. Ni Thuama is engaged in intensive research, observing shifts in how cybersecurity is viewed – especially as new legislation compels boards to engage and build operational resilience:

“What they’ve done in this piece of legislation is that they are requiring the board to train themselves up and to become part of a deeper conversation with respect to the business’s operational resilience.” (07:02)
Cyber Workforce Shortage & Recommendations • Cites industry projections of a 3.5 million personnel deficit in cybersecurity by 2022, signaling ample opportunities for newcomers. • Offers career guidance:

“For anybody who’s looking to get into it...apply the same rules and that’s a really good foundation for anybody wanting to get into cyber governance.” (07:46)

• For law graduates:

“If you have a law degree then my recommendation would be then you can go any one of many routes, so, you know, you could do a bit of coding. There are very few lawyers that do coding. Go and learn risk management, really understand the privacy legislation, and then just get into the game.” (08:12)

Notable Quotes & Memorable Moments

The Wonder of Literacy:

“I thought that everybody who could read must be amazing and that once you knew how to read, you just wouldn’t stop.” (01:25)
On Circuitous Career Paths:

“It’s been a circuitous route and that looks really clean, but actually it was a bit more Jeremy Berry.” (03:48)
On Shifts in Governance Responsibility:

“There are times when lawyers need to lead conversations, there are times when technical people need to lead conversations, and there are times when HR people, the operations, need to lead those conversations.” (06:16)
Getting Involved:

“Just get into the game.” (08:22)

Timestamps of Important Segments

00:23 – Introduction, childhood memories, and early inspirations
01:08 – Realization about the magic of reading and written communication
02:40 – Decision to study philosophy, impact of South African history
03:03 – Detour into music and documentaries
03:56 – Transition to tech at Shazam, enduring professional networks
04:30 – Reflections on startup culture and governance
05:56 – Evolution toward cyber governance, need for holistic approaches
06:16 – Rotating leadership in cyber conversations
07:02 – Legislative changes requiring board accountability in cybersecurity
07:46 – Cyber workforce gap and advice for newcomers
08:12 – Guidance for young lawyers entering cyber governance

Conclusion

This episode illustrates—through Dr. Ni Thuama’s compelling narrative—the nonlinear, multidisciplinary pathways that often lead to impactful roles in cyber governance. Listeners are reminded that diverse experiences and a passion for learning are invaluable assets in a sector grappling with rapid change, complex risk landscapes, and urgent skill shortages. Dr. Ni Thuama’s advice is simple, yet powerful: “Just get into the game.”

Loading summary

Transcript4 lines

[00:02]
A
You're listening to the Cyberwire Network, powered by N2K.
[00:09]
B
You say you'll never join the Navy, never climb Mount Fuji on a port visit or break the sound barrier. Joining the Navy sounds crazy. Saying never actually is. Learn why@navy.com America's Navy Forged by the.
[00:24]
C
Sea hi, my name is Dr. Roshni Huma and I am head of cyber governance with redsift. My earliest recollection of knowing what I wanted to do was wanting to be a police officer or I wanted to be a detective. Well, that's my earliest memory of a career. My other earliest memory is before I could read. I didn't understand what reading was. And my mom explained to me. She said, well, you know, if you write something down and then you leave a room, somebody else can come into a room and then they will know your idea. And that just blew my mind. And I thought that everybody who could read must be amazing and that once you knew how to read, you just wouldn't stop. I was born in England and we lived there till I was about seven. And then we moved to Ireland, which is where my parents are from. It was pretty typically Irish. Big families, lots of parties. I remember growing up and the parties, being in the house. And the best bit was wanting to sneak back down and listen to the adults talking. That's something that I like about the environment that I get to work in now. I get to work and listen to really interesting people talking. I mean, I don't think we change that much from when we're kids. You know, I wanted to be a police officer. I say that when I was a kid, but I'm not sure I would have passed the fitness test, you know. So, yeah, I wanted to do law, but I ended up going. Going to Trinity College in Dublin and studying philosophy for a bit. I had thought initially that I'll do philosophy and then I'll go ahead and I'll do law. But then I read a book. I actually read a couple of books. South Africa was going through this change. The Truth and Reconciliation Commission was going on in South Africa. That was unprecedented. So I took myself off to South Africa to be part of. I felt like history unfolding. I'm not quite sure how I ended up making music videos and wildlife documentaries, but this is relevant. When I left South Africa and moved to London, there was a music technology startup in London. And because of my experience working in the music industry, I ended up getting a job with a company called Shazam. That was my entry into technology and startups and governance. And risk management. Bizarrely enough, 20 years later, some of the guys that I worked with at Shazam are the company that I'm in now. So my sort of, my beginning of my career in technology and governance and risk management is where I am now. But it's been a circuitous route and that looks really clean, but actually it was a bit more Jeremy Berry. So if I take myself back to my Shazam days, the culture in that business was very geared towards good corporate governance, but that wasn't an expression that people used in the business. So all of those principles of like accountability, responsibility, transparency, discipline, fairness, all of that was evident and observable in that business. And I didn't know what it was I was seeing. I just knew that this was the ethos of a place that I wanted to work in. They ignited my enthusiasm for startups. It's really clear to me the value that they could bring, not just to the business and the stakeholders and the investors, but actually to society. Moving it from that concept to reality is just very, very exciting. I went back and did my master's and my Ph.D. and then I did it in governance and we had the financial crisis. And so from there I moved into cyber governance because I could see that cyber was becoming more and more a significant corporate risk and it was being dealt with at a technical level. And I think those guys did a really phenomenal job. But, you know, we keep hearing that businesses need to have a holistic approach that means that you need all hands to the pump. So there are times when lawyers need to lead conversations, there are times when technical people need to lead conversations, and there are times when HR people, the operations, need to lead those conversations. But people need to be well versed and they need to have a really good, deep foundational understanding of what it is they're going to talk about before they take the floor, if you like. At the moment, what I'm doing is I am doing an awful lot of research. So there's really. So there's been this paradigmatic shift in my view in how cybersecurity has been perceived. There's a couple of bits of legislation that are going to drive a different way of thinking about it. This is a novel approach in that what they've done in this piece of legislation is that they are requiring the board bored to train themselves up and to become part of a deeper conversation with respect to the business's operational resilience. We've already learned that this could have, you know, ripple effect. And so that's what I'M spending my time doing. In 2022 they reckon we will have a deficit of 3.5 million personnel across the cyber security sector. So there, there will be a lot of vacancies and for anybody who's looking to get into it so you apply the same rules and that's a really good foundation for anybody wanting to get into cyber governance. If you have a law degree then my recommendation would be then you can go any one of of many routes so you know you could do a bit of coding. There are very few lawyers that do coding. Go and learn risk management, really understand the privacy legislation and then just get into the game.
[08:30]
A
You say you'll never join the Navy that living on a submarine would be too hard. You'd need never power a whole ship with nuclear energy, never bring a patient back to life or play the national anthem for a sold out crowd. Joining the Navy sounds crazy. Saying never actually is. Start your journey@navy.com America's Navy forged by the sea.