Navigating Cyber Threats in 2025: Insights from Jane Frankland on Outsourcing and Security

In this interview, Jane Frankland, CEO of KnewStart, shares her unique journey into cybersecurity, discusses emerging threats, and offers key steps businesses can take to protect themselves. She also highlights the benefits of outsourcing cybersecurity services and how to build strong partnerships with external teams. Stick around for a fun rapid fire round where Jane reveals her favorite podcasts and hacker theme song!

This video, will cover:

• Jane’s Non-Linear Journey into Cybersecurity
• The Biggest Cybersecurity Threats You’re Probably Overlooking
• Best Cybersecurity Responsibilities to Outsource First
• How Experienced Outsourced Cybersecurity Teams Can Earn Your Trust
• What’s Next for Outsourced Cybersecurity Services?
• Rapid Fire Round: Jane’s hacker theme song, go-to podcasts, and more!!

Jane’s Non-Linear Journey into Cybersecurity

Before we dive in, Jane, maybe tell us a little bit about yourself and you start and how your journey in cybersecurity began?

Jane Frankland: [00:32] I've been in cybersecurity for nearly 28 years, entering the industry unconventionally with a background in art and design. I built my own cybersecurity company, which evolved into penetration testing, and owned it for 16 years. Now, I run KnewStart, a small business where I work as an advisor, brand ambassador, and women's activist. My work is diverse, focusing on cybersecurity and promoting diversity in the field. I've written a book about the importance of attracting and retaining women in cybersecurity and strive to practice a comprehensive approach to diversity. 

The Biggest Cybersecurity Threats You’re Probably Overlooking

What do you see as the most significant cyber threats and are there any that are very underestimated by organizations today?

Jane Frankland: [02:25] Trust and identity establishment, for both humans and machine identities, is crucial. We're seeing more threat actors logging in with valid accounts rather than hacking. Identity access management is key, involving user authentication, role-based access control, and secure access to cloud or on-prem systems. Ransomware attacks are evolving, now targeting large companies with multimillion-dollar demands. Criminals can purchase ransomware-as-a-service cheaply. We're seeing threats of data leaks or wiping if ransoms aren't paid. Phishing and social engineering remain significant problems, with attacks becoming more sophisticated due to AI and deepfake technology. It's increasingly difficult to distinguish real from fake, especially with voice and video manipulations. Supply chain attacks are a growing concern as we become more interconnected. Cybercriminals and state-sponsored attackers can target vendors and suppliers with weaker security. Insider threats, both intentional and unintentional, pose significant risks. These are key issues, but in such a large industry, there are many more challenges to address.

Best Cybersecurity Responsibilities to Outsource First

You noted that smaller firms often lack the budget for robust security. For mid-sized companies watching this, what functions do you find most effective to outsource first? Where should they start with their security efforts?

Jane Frankland [06:58]: It'd be easy to recommend specific tools, but I'll give you domains to look at. For smaller organizations, start by picking a partner— a consulting partner or virtual CISO— to help build a strategy and assess what you need. This prevents picking disjointed tools. For threat detection and response, consider outsourcing your security operations center or using a managed threat detection and response service. This provides 24/7 real-time monitoring, skilled analysts, and threat intelligence without building it internally. If incident response isn't included, definitely look at that. It requires technical skills like digital forensics, malware analysis, and crisis management. Fast response is crucial to minimize cost and risk exposure. Also, consider expert penetration testing to identify vulnerabilities and decide whether to address or accept them. These areas - strategic consulting, managed threat detection and response, incident response, and penetration testing - are key areas I'd recommend for outsourcing cybersecurity services.

How Experienced Outsourced Cybersecurity Teams Can Earn Your Trust

As we mentioned, diversity and different perspectives in outsourcing are crucial. At Clutch, we collaborate with talented individuals globally, ensuring alignment with company culture while respecting their unique viewpoints. What are some ways you unite teams, both qualitatively and quantitatively? How can outsourced cybersecurity partners build trust with their clients?

Jane Frankland: [10:31] I often discuss building high challenge and high support environments to foster trust. Balancing these two elements helps individuals thrive; too much challenge without support leads to a sink-or-swim scenario, causing burnout and quick exits. Conversely, high support with low challenge can create complacency and resistance to change. It's essential for team members to feel safe asking questions and reporting missteps, which underscores the importance of psychological safety. Clear expectations are vital to eliminate misinformation and ensure accountability. While it's important to define what success looks like, it's equally crucial to clarify what failure entails, especially when collaborating with partners and teams. My experience in security consultancy, working with over 100 partners, reinforced the value of crystal-clear communication regarding expectations. Additionally, effectively communicating your mission helps gain personal buy-in. For example, my mission to encourage more women in cybersecurity stems from the belief that a safer world requires diverse perspectives in male-dominated industries. As technology evolves, the need for improved communication and accountability becomes even more critical. Embracing these human aspects is essential to navigate the rapid advancements in our field.

What’s Next for Outsourced Cybersecurity Services?

With technology advancing rapidly, especially in AI and emerging threats, how do you see the cybersecurity industry evolving in the next 5 to 10 years? Will outsourcing cybersecurity services become more prevalent? What steps should organizations take now to ensure better protection in the future?

Jane Frankland: [15:46] We need to improve cyber hygiene and literacy, enhancing knowledge and awareness without becoming overwhelmed. As technology continues to evolve—highlighted by incidents like the recent CrowdStrike IT outage—it’s clear how reliant we are on it. Many companies faced disruptions that resulted in lost revenue and customers. Organizations must reject the mindset that “it won’t happen to me” because every entity is a target for various threat actors, including cybercriminals and state-sponsored attackers. As technology advances, especially with the rise of quantum computing, criminals are already preparing to exploit future vulnerabilities. It’s crucial to stay aware of potential threats and think creatively about different scenarios. This approach not only stimulates creativity but also helps organizations prepare for future challenges.

Rapid Fire Round: Jane’s hacker theme song, go-to podcasts, and more!

What's maybe the weirdest cybersecurity myth that you've ever heard?

Jane Frankland: [20:24] There are many myths out there, but one of the most outdated is the belief that having antivirus or a firewall means you're safe. We can't have anyone saying that anymore.

If hackers had a theme song, what would it be?

Jane Frankland: [20:42] I think I'm just going to have to pick “Smooth Criminal” by Michael Jackson.

Are there any go- to podcasts that you listen to or anything online that you might recommend people to watch?

Jane Frankland: [20:54] From a security perspective, I enjoy "Smashing Security" for its lighthearted and relevant take. Outside of security, I also like "The Guilty Feminist," which is funny and often has me in stitches, especially at the beginning. I listen to a variety of podcasts, but this one stands out.

If your password had to be a movie title or would it be?

Jane Frankland: [21:31] I think it would have to be “The Usual Suspects.”

About Jane Frankland, CEO of KnewStart

Jane Frankland is a globally recognized cybersecurity expert, entrepreneur, and author, known for her extensive work in building effective cybersecurity strategies and fostering diversity in the tech industry. With over two decades of experience, she has advised top companies on risk management, threat intelligence, and incident response, helping them stay ahead of emerging threats.

Interviewed by: Sergei Dubograev, VP of Development at Clutch 
 

About the Author

Sergei Dubograev VP of Development at Clutch

Sergei Dubograev is the VP of Development at Clutch, the leading global marketplace of B2B service providers. With a proven track record of driving innovation and delivering exceptional results, Sergei has led cross-functional teams to create and launch products successfully in-market. His strategic mindset, coupled with his ability to identify industry trends and customer needs, has consistently propelled organizations to new heights of success. At Clutch, he oversees the strategic planning, execution, and optimization of the company's development portfolio, ensuring alignment with business objectives. 

See full profile