Carol has over 20 years of experience in the field of IT and information Security. Her approach is to focus on risk management, being realistic and pragmatic about the threat, risk and opportunities, encouraging management and staff to do the same and for them to take ownership of their decisions and risk.
Her goal is to eradicate the traditional approaches and negative views of cyber security and transform them into positive and supportive policies that align and work with the business service delivery and strategy. Carol enjoys being actively involved with the Scottish Government and NCSC in the design and testing of emerging guidance and policy in the practical environment of a local authority.
She is Chairperson of the Scottish Local Authority information Security Group.