Carole Au Yeung
“Bring the right attitude. Technical skills can be trained, but mindset is everything.”
Carole Au Yeung is a highly skilled Senior Manager in cybersecurity, specializing in data protection, with more than 11 years of experience. She partners with clients across diverse industries to architect, implement, and operationalize cybersecurity programs that not only safeguard critical assets, but also prioritize human-centered design. Carole’s passion lies in creating secure solutions that empower people, while strengthening organizational resilience. Outside of her professional pursuits, she embraces adventure and challenge, whether running, hiking, skiing, or riding her motorcycle.
What is one skill, interest or talent of yours that makes you great at your job?
My superpower is creating a space where people feel safe to share ideas and truly be heard. In cybersecurity, teamwork is everything. No one person has all the answers, but together, we usually get pretty close.
What is the best piece of unconventional career advice you’ve gotten?
“Roll up your sleeves, do your best, and take initiative. Ask questions. There’s no such thing as a dumb one unless you’ve asked it three times.” I’ve kept that close throughout my career, and now pass it on to my mentees.
What is your proudest moment working in the cybersecurity industry?
One of my proudest moments was serving as the Information Security & Compliance Officer for Deloitte Canada’s Cyber Intelligence Center, our Security Operations Center, for more than five years. In my first year, I successfully led the center through both a Systems and Organization Controls (SOC) 2 Type 2 and International Organization for Standardization (ISO) 27001 certification renewal audit with zero findings.
When did you become interested in pursuing a career in cyber and what prompted it?
I discovered the field when Deloitte began setting up the Cyber Intelligence Center. At the time, I was a new analyst looking to broaden my experience. I booked a quick chat with a director who I barely knew and asked to join his team. I offered up my PowerPoint and Excel skills in exchange for a shot. To my surprise, he said yes on the spot, without even testing my spreadsheet skills, and connected me with his manager. That moment changed everything.
What are the top 3 things you would tell people hoping to enter the cybersecurity industry?
- Bring the right attitude. Technical skills can be trained, but mindset is everything.
- Stay curious. Ask questions. Be open to learning every single day.
- Be ready for the pace. Tech evolves fast, and cybersecurity moves right alongside it.
What are some misconceptions people might have about the cybersecurity industry and what can we do to change these misconceptions?
A big misconception is that you have to be highly technical to work in this field. You don’t. I’m proof of that. Cybersecurity needs people from all different backgrounds, like policy, psychology, communication, and design. That mix of perspectives is what makes our industry stronger. We need to keep showing people that there’s no one “right” way in.
Do you feel like you’re contributing to helping keep our world secure and can you share why that matters to you?
I do feel like I’m contributing to a more secure world, but not always in the way people might expect. A lot of the day-to-day work is about protecting the people behind organizations, such as healthcare workers, customers, and communities. But to me, the biggest contribution is helping build up the next generation of cybersecurity professionals. That’s where we’ll see real exponential impact. By mentoring, supporting talent, and helping grow the industry in a more intentional way, we’re not just solving today’s security needs, we’re setting the foundation for a stronger, more resilient future.
What positive change do you think will take place as we bring the next generation into the cybersecurity industry?
The next generation is entering cybersecurity with different backgrounds and a broader view of what the field can be. We’re seeing people come in from fields like psychology, policy, and the arts, which brings fresh perspectives and creative approaches to complex problems. They’re thinking critically about ethics, inclusion, and the real-world impact of cybersecurity decisions, which I think will push the industry to evolve in a more thoughtful and human-centered direction.
Who is your role model in the cybersecurity industry and why?
My role model is a mentor from early in my career, and continues to be my mentor today. She showed me what leadership in cybersecurity could look like. She was sharp, calm under pressure, and always had the client’s best interest as a priority. Watching her navigate tough conversations with confidence and empathy helped shape how I show up as a leader today.
