Sabika ISHAQ – Head of Information Security and CISO Grant Thornton Luxembourg

 

Director, Head of Information Security and CISO at Grant Thornton Luxembourg, Sabika Ishaq is also President of Women4Cyber Luxembourg. Driven by problem-solving, in the face of the major challenges posed by cybersecurity issues, she also campaigns for greater diversity and inclusion within the cyber ecosystem. ‘Because diverse teams build stronger, more resilient and innovative security solutions’, she points out, it is important to improve the  representation of women, in particular, in the cybersecurity professions.

 

Can you tell us about your professional background?

My career journey spans over 15 years in cybersecurity, governance, and technology risk, with a strong foundation in management and information systems. I currently serve as the Chief Information Security Officer at Grant Thornton Luxembourg, where I lead our firm’s cybersecurity strategy, resilience programs, and global collaboration on security maturity. I also contribute to our broader digital transformation agenda, working closely with stakeholders to align risk mitigation with business enablement.

Outside of my corporate role, I serve as President of Women4Cyber Luxembourg, advocating for greater diversity, resilience, and inclusion in the cyber ecosystem. I am also an active member of various cybersecurity forums and working groups across Europe, where I help bring visibility to some of the most pressing and emerging topics in our field—from AI governance and regulatory alignment to talent inclusion and cross-border cyber resilience. These platforms allow me to contribute to shaping strategic discussions at both industry and policy levels, and to amplify the voices and perspectives of underrepresented communities in cybersecurity.

 

What attracted you to the IT security profession?

I’ve always been drawn to solving complex problems, and cybersecurity is a domain where the landscape is dynamic, the stakes are high, and the impact is meaningful. Early in my career, I was involved in using technology to deliver essential services, such as food, water, and medical aid, to communities stranded by natural disasters like earthquakes and landslides. That experience was profoundly formative. It showed me how technology, when designed and deployed with empathy, can restore dignity and hope in moments of crisis. It also taught me that technology is only as effective as the trust and humanity behind it.

As I built my career in cybersecurity, I carried that lesson with me: that at the core of every system, there are people—relying on it, vulnerable to its failures, and empowered by its protections. I became increasingly aware of the growing gap between innovation and risk preparedness. Cybersecurity offered the opportunity to bridge that gap – not just by protecting systems, but by embedding ethical leadership, trust, and resilience into the very fabric of digital transformation. It’s a field where strategic thinking, technical knowledge, and human-centred design intersect.

Luxembourg, Sabika Ishaq is also President of Women4Cyber Luxembourg. Driven by problem-solving, in the face of the major challenges posed by cybersecurity issues, she also campaigns for greater diversity and inclusion within the cyber ecosystem. ‘Because diverse teams build stronger, more resilient and innovative security solutions’, she points out, it is important to improve the representation of women, in particular, in the cybersecurity professions.

 

How have you seen the threat evolve in recent years?

The threat landscape has become more sophisticated, persistent, and unpredictable. Ransomware-as-a-service, supply chain compromises, and geopolitical cyberattacks have surged, affecting even the most prepared organizations. At the same time, the attack surface is expanding with cloud, AI, and remote work becoming the norm. What’s changed most is the speed and scale of these attacks – and the human factor remains central, both as a vulnerability and a defence. We’ve had to evolve from reactive defence to proactive, intelligenceled resilience.

 

How has the role of IT security changed within organisations? How do senior executives view risks and threats today?

Cybersecurity is no longer confined to the IT department. It’s now a board-level conversation linked to reputation, customer trust, business continuity, and even ESG. Senior executives are increasingly aware that cybersecurity isn’t just about technology – it’s about risk governance, resilience, and competitive advantage. As a result, CISOs are now strategic partners in shaping enterprise transformation, from cloud migrations to regulatory compliance. My role often involves translating technical risk into business language and building alignment across leadership.

 

What are your main current challenges as Grant Thornton’s CISO?

One key challenge is balancing innovation and security— ensuring we remain agile while maintaining strong controls. We operate in a regulated and fast-changing environment, so staying ahead of evolving compliance requirements such as DORA, NIS2, and ISO 27001 is critical. Another challenge is scaling our security culture globally, supporting member firms, and ensuring consistency without stifling autonomy. Finally, attracting and retaining diverse cybersecurity talent remains a priority, especially as we expand our digital capabilities.

 

What should be the main principles guiding threat response and risk prevention across organisations?

First, preparedness over panic: you need a well-tested response plan, not just a policy. Second, collaboration is key between internal departments and external partners, including CERTs and regulators.

Third, contextual intelligence, because not all risks are equal and understanding business priorities is vital. Lastly, continuous learning and iteration, because as the threat landscape evolves, your response framework must evolve too. We must combine technology, people, and process to build true cyber resilience.

 

You are also President of Women4Cyber. Can you tell us more about the mission and ambitions of this association?

Women4Cyber Luxembourg is part of the larger Women4Cyber Foundation supported by the European Cyber Security Organisation (ECSO). Our mission is to promote the inclusion of women in the cybersecurity field by encouraging visibility, mentorship, skills development, and career advancement. We aim to bridge the gender gap not only for equity but because diverse teams build stronger, more resilient and innovative security solutions.

One of our key initiatives is a scholarship programme, which supports women pursuing a Master’s degree in cybersecurity at the University of Luxembourg—creating a concrete pathway for more women to access advanced education and opportunities in the field. We also run mentorship programmes, tailored both to early-career professionals and those looking to transition into cybersecurity from other sectors, providing them with guidance, confidence, and practical support.

Additionally, we facilitate networking opportunities, public speaking engagements, and brand-building activities to give our community members the visibility they deserve and a platform to inspire others. We are committed to supporting women from all backgrounds— technical and non-technical—to enter, grow, and lead in the cybersecurity ecosystem.

 

How is the representation of women changing in the cyber sector? Why is it necessary to support better representation?

Representation is improving slowly, but we still have a long way to go. Women make up around 25% of the global cybersecurity workforce (according to the World Economic Forum), and even fewer in leadership or technical roles. This matters because diverse perspectives are crucial to solving the complex, human-centric problems we face in cybersecurity. Supporting representation is not just a social responsibility, it’s a business imperative. Inclusive teams
are more innovative, better at problem-solving, and more resilient.

 

How do you support the strengthening of women’s representation? What actions are being taken?

At Women4Cyber, we offer scholarship programs, mentoring programs, visibility campaigns, technical workshops, and school outreach to inspire young girls. We partner with universities, industry, and public institutions to build pipelines and dismantle stereotypes.

I also work closely with hiring managers to promote inclusive recruitment practices and encourage organisations to rethink how they define “cyber talent.” It’s about changing both mindset and infrastructure.
At Women4Cyber, we are committed to driving systemic change in how women are represented, supported, and empowered in the cybersecurity space. Our approach is holistic—we don’t just focus on entry points, but also on long-term career development, leadership pathways, and cultural transformation across the sector.

We run a wide range of initiatives, including scholarship programmes that enable women to pursue advanced studies in cybersecurity, providing both financial support and access to a strong professional network. Our mentoring programmes are tailored to different career stages—from students and early-career professionals to women transitioning into cyber from other industries—offering personalised guidance, skills development, and access to role models.

Through school/university outreach, and visibility campaigns, we aim to dismantle stereotypes from a young age and showcase the diversity of roles available in cybersecurity. We actively promote public speaking opportunities, panel participation, and community storytelling to increase the visibility and brand identity of women in the field, because representation matters not just in the room, but also in the narrative.

Importantly, we are seeing a growing number of corporate partners stepping up to support our mission. This includes co-designing training programmes, hosting joint events, and aligning with talent acquisition teams to redefine what “cyber talent” looks like. Together with our partners, we’re building a cyber ecosystem that’s more inclusive, more innovative, and ultimately more resilient.

 

What would you say to women considering career opportunities in cyber? What advice would you give them?

Cybersecurity is vast and evolving and there’s space for everyone. You don’t need to code to contribute. From policy and risk management to data analysis, communications, and ethical hacking—there’s a niche for your strengths. My advice: be curious, be bold, and find your community. Seek mentors, join networks, and don’t let imposter syndrome hold you back. We need your voice at the table, because your perspective could be the one that prevents the next breach.

 

What do you think will be the main challenges for security managers in the future?

The convergence of AI, quantum computing, and geopolitics will reshape the threat landscape. CISOs will face increasing pressure to balance compliance, innovation, and ethical responsibility. Talent shortages, supply chain security, and third-party risk will remain major concerns. But perhaps the biggest challenge will be maintaining trust—with customers, regulators, and our own teams—in an age of constant disruption. Future security leaders will need to combine technical acumen, emotional intelligence, and strategic foresight like never before.

But this is also a moment of incredible opportunity. We are on the brink of redefining what leadership in cybersecurity looks like—more inclusive, more collaborative, and more human-centric. By embracing innovation responsibly and nurturing diverse talent, we can build not just secure systems, but resilient societies. I’m optimistic about the future, because the next generation of cybersecurity leaders is not only technically skilled, but deeply driven by purpose, ethics, and impact. And that’s exactly what the world needs.