Choose your topics

How to Prioritize Your Third-Party Risks

How can you prioritize effectively and enhance your organization’s security posture? Here are our top tips for setting up realistic, sustainable processes.

Third-Party Risk Management GRC
Top Tips to Save Time When Assessing Third-Party Risks

Is assessing third-party risks taking up too much of your time? How can you make the process more effective and efficient? Find out in the latest post from SureCloud.

Third-Party Risk Management GRC
The GRC Trends to Look Out for in 2024

Our GRC experts at SureCloud share their 2024 predictions for the world of governance, risk and compliance.

The Top 5 Challenges of Third-Party Risk Management

With the supply chain now seen as a legitimate attack path, what can your organization do? Let’s explore 5 challenges of TPRM and how to overcome them.

Third-Party Risk Management GRC
What is Third-Party Risk Management?

What is third-party risk management and how should you approach it? Find out in this post.

Third-Party Risk Management GRC
The Top 4 Challenges of Risk Management

What are the top four challenges of risk management today and how can you overcome them? Find out in this post from SureCloud.

Third-Party Risk Management GRC
Transform Compliance into Your Competitive Advantage

In GRC, compliance is often viewed as a cost that makes it harder to pursue growth. Here's how to make it your competitive advantage.

Compliance Management GRC
Questions You Should Ask when Preparing For Your First Pen Test

Understand the processes that you and your chosen pentest provider will travel through for your first pen test, from the initial point to the day the test starts.

Penetration Testing
TPRM Blog 6-Writing Clear Questions

Our GRC Practice Director explores the importance of clear communication and how to achieve it in your third party questionnaires. Read more here.

Third-Party Risk Management GRC
Vector (7)
Cyber Security

See Yourself in Cyber With Melody Shand: Cybersecurity Awareness Month

See Yourself in Cyber With Melody Shand: Cybersecurity Awareness Month
Written by

Melody Shand

Published on

31 Oct 2022

See Yourself in Cyber With Melody Shand: Cybersecurity Awareness Month


Following the theme of ‘See Yourself in Cyber’, we’ve been marking Cybersecurity Awareness Month with a series of interviews to spotlight members of the SureCloud team. From playing professional football to meeting a future spouse, we’ve been discovering more about their journeys within cybersecurity and what they enjoy most about working in the sector. Each of our interviewees has forged a different path to joining SureCloud and becoming part of the team developing our suite of GRC and Cybersecurity Capabilities.


For our fourth and final interview, we speak to Melody Shand, one of our product analysts. 


Please could you give a brief overview of your role at SureCloud?

I sit within the Product Team as the Product Owner. We work with key internal and external stakeholders to design and build GRC solutions that we can then take to market. 


What was your path to working in the cybersecurity sector?

My career started on a very different path. My background is actually more science-based. I studied chemistry and previously worked for a large chemical and petrochemical company specializing in lubricants for vehicles. 


It may sound like a stretch, but there are actually a lot of similarities between cybersecurity and the chemical industry. By that, I mean my previous role was very safety and security-orientated. I had to be very mindful and alert to potential dangers and take responsibility for strict processes.


This provided me with some great transferable skills and the right mindset to transition successfully into the cybersecurity sector. 


I got to a point in my career where I wanted a change, and I was lucky enough to be given the opportunity to join SureCloud as an Applications Analyst. I started out focusing on developing our applications for managing GRC solutions as well as cybersecurity and have since progressed to working as part of the Product Team. 


What’s the best thing about working in cybersecurity?

The best thing has been how much my knowledge and general awareness of cybersecurity have developed so quickly.


Not coming from an IT or cyber-focused background meant I possibly took my own online security for granted. However, things like not using the same password for every device or application are now ingrained in my thinking.  


I also feel like we develop personally alongside the products we create. We’re constantly learning new skills to support our customers’ needs, which means every day is different and presents a new kind of challenge. That’s something I particularly enjoy. 


What’s your best piece of advice or insight to share for Cybersecurity Awareness Month?

The best advice I could give is not to dismiss multi-factor (or two-factor) authentication.


I meet many people who think MFA and 2FA are specifically designed for banks or work-related software, but that’s not the case. It should be something we use on all devices, for personal or work use, as it’s a crucial first line of defense.


It will contribute to your overall security posture more than you think. 


Tell us an interesting fact about yourself that people may not know.

I like to challenge myself, so I recently took up Olympic weightlifting!



Missed any of our previous interviews? Catch up with Janhavi, Mina, and Ciaren on our blog. If this year’s Cybersecurity Awareness Month has sparked your interest in a cybersecurity career at SureCloud, look at our career openings.


If you’re seeking advice from Melody or one of her colleagues on the best software for risk management for your business, get in touch using the form below.