Deloitte's Esther Hitch on challenges in the world of risk consulting

20 September 2022 5 min. read

Esther Hitch is a Senior Manager in Deloitte’s cyber risk practice, specialising in strategy, governance, risk management and information security. Speaking with Cat Callen of business consultancy RDW, Hitch discusses her transition from the British Army into a career in cybersecurity, and the cyber concerns that are topping the agenda of clients; from data privacy, to online safety regulations.

Your background is unique, having spent 14 years with the British Army prior to joining Deloitte in 2019 – how do you feel your previous experience has shaped you?

The Army was entirely new to me, and no friends or family had served in any branch of the military. I found the frenetic pace along with the intensity and breadth of training invigorating. It pushed me to my limits, and I’d never been so challenged.

I also saw a lot of the world whilst in the Army, working with people from different cultures and nationalities and soaked up as much as I could from those experiences. Ultimately, it made me realise that the world is much smaller than I thought, and that there is much more we have in common with each other than that which is different.

Deloittes Esther Hitch on challenges in the world of risk consulting

How have you found adjusting to the corporate world?

I joined the Army at 26, so I’d had experience of ‘normal’ work life, but took that normality and its freedoms for granted. One thing I have brought with me into the corporate world is my time-keeping, and ensuring my meetings start and finish as scheduled! There are also other adjustments like no longer having a uniform and having to face a daily struggle in deciding what to wear! But I have zero regrets. Life is good.

What inspired you to work in Cyber Security?

I got into cyber in a very non-linear way. Having trained as a Barrister, I decided to take a three-year break and join the army for an adventure before returning to law. I joined the Royal Signals, which is the branch that deploys and manages communications systems and services where I spent six months learning radio, trunk and IS systems before going on to manage the teams that did the hands-on work.

It was when I later took on an information security and governance role within the army, I knew I’d found something I genuinely loved. Our four-person team led a huge international transformation project from beginning to end and I found it fascinating.

I also had an impressive female role model as my team leader who had impeccable IT and InfoSec credentials spanning decades in the financial sector as well as the civil sector. She inspired me to believe that this was a path a woman could take, which helped me decide to pursue a career in cybersecurity.

Tell us about what is exciting you right now in the world of Cyber?

There is a big push in the world of cyber right now for higher standards that protect everybody. For example, the drive for ethical AI that doesn’t compound or create inequalities between different communities or individuals. I really admire what many high-profile people in cyber are doing in contributing towards this.

Menopause is a key topic – how do you feel this is recognised in the organisation?

Wellbeing is a key focus at Deloitte, and menopause is one of those topics which excites me to see getting mainstream visibility, not only in the public domain but also within the workplace. By holding webinars on it, or even just referring to menopause in our internal communications newsletters, opens up the conversation and enables a greater understanding of it.

Until recently, I had never realised the scale of the impact menopause can have on women, and how many feel driven out of their workplace due to symptoms, or the stigma around asking for adjustments to be made to accommodate them.

What do you think are the most critical topics that companies are going to have to address over the next 5 years? 

One of the big topics that companies will have to address over the next five years is where they stand on data privacy, algorithms, digital surveillance and facial recognition technology. For example, the EU has given its citizens certain protections, which the UK government is now re-examining as part of our exit from the EU. Should these protections be rolled back, then companies will have to decide whether they will take advantage of that, or decide on their own rules and company values in protecting their employees, customers, communities and stakeholders themselves.

Likewise, the boom in IT procurement and projects isn’t going away any time soon. There is too much risk around security, inefficiencies and lack of return on investment if portfolio management doesn’t exist or isn’t done in a coherent way.

Finally, it would be great to think we will shift away from thinking of cybersecurity as purely an ‘IT issue’. Information security is a shared responsibility, and businesses need to help people across their organisation understand the security risks that they are all responsible for.

About Cat Callen
Cat Callen, who has over 14 years of experience as an executive search specialist, has a huge passion to ensure women are well represented when searching for new talent. She is an Associate Partner at RDW in London.