EMCSC founder and director Dr Ismini Vasileiou has recorded her first podcast – explaining why cyber resilience is about leadership, culture and capacity as well as technology.​

Dr Vasileiou is the latest guest on CIM marketer Barry Aldridge’s Train of Thought podcast, in which he talks with guests about how digital change, technology and cyber security affect real organisations and people.

Dr Vasileiou shares how nearly two decades in cyber and digital education have shifted her focus from purely technical system security to what actually happens inside organisations. 

They start by exploring why cyber incidents really happen, with Dr Vasileiou explaining that many breaches aren’t caused by careless individuals, but by organisations under constant pressure, short on resources and trying to do too much at once. 

“What I see is that many cyber incidents don’t happen because people are careless,” she says.

“They happen because organisations are under pressure or under‑resourced and trying to do too many things at once.”

Dr Vasileiou outlines why she founded EMCSC, saying that training alone, or throwing software at a problem, isn’t enough. She tells how the cluster was created to act as a convener, connector and trusted adviser, bringing together universities, industry, public-sector bodies, local authorities and national stakeholders. 

“You can’t just train people and hope someday it’s going to work, and you can’t just give businesses software and hope it will solve everything. You need that coordination piece, “ adds Dr Vasileiou.

EMCSC also feeds local challenges directly into national strategy discussions, helping shape policy so it works on the ground rather than just on paper.​

The conversation in the podcast touches on several key areas of cyber security that matter to real organisations, not just technical teams.

The pair discuss the impact of new technologies like AI on security priorities. The host raises how fast tools are changing, while Dr Vasileiou warns that there’s a real danger of businesses chasing innovation first and only thinking about security later. Her view is that cyber resilience must come before large-scale tech investment, not after it.

“Organisations are investing in new technologies like AI, but there’s a tendency for cyber resilience to become secondary. You need to be secure first and then decide which technology you want to invest in,” says Dr Vasileiou.

The podcast goes on to introduce EMCSC’s APPG-backed White Paper by asking her to unpack some of its language and ideas. Dr Vasileiou explains that the Cyber Workforce of the Future White Paper is designed to translate complex national cyber security issues into something that ordinary organisations and the wider public can understand and act on.​

She links it to everyday digital life, talking about what we download on our phones, which websites we log into, and how apps track our information, and argues that we need strong institutions, policies, frameworks and trusted communication around those risks.​

Dr Vasileiou stresses that cyber resilience is “as social as it is technical” and says the White Paper is intended to raise awareness so that, as people better understand what is happening, society is in a stronger position to protect itself and the country.

Dr Vasileiou also talks about her role on the Women in Cyber and Technology Taskforce., outlining how her work on women and diversity in tech is focused on widening access and removing barriers, rather than lowering standards. 

The DMU associate professor says she has seen “incredibly talented people” excluded from tech careers because they did not follow traditional routes, didn’t attend certain universities, are neurodiverse, have caring responsibilities, or come from underrepresented backgrounds, and that the sector loses out when this happens.​

Dr Vasileiou stresses that diversity brings different ways of thinking, different perceptions of risk and more creativity, which are all vital in cyber security. She says: “Inclusion is not about lowering the standards, it’s about how do you remove unnecessary barriers.”

Finally, the podcast episode focuses on cyber as a leadership and culture issue. The pair talk about moving away from the idea that cyber is just a “scary technical topic” handled by specialists. Instead, they frame it as part of good governance, management and everyday decision making – something that should sit on leadership agendas alongside finance, HR and operations.

As Dr Vasileiou tells listeners: “I find it extremely motivating when organisations stop seeing cyber as something scary or purely technical, and start to see it as part of good leadership and good management.”