Cartoon-style promotional graphic for the 'Scam Me!' podcast episode featuring Jemma Davis from Culture Gem. The background shows a stylized green computer, speech bubbles, and a robotic character with a retro tech vibe. The text reads 'Scam Me!' in large letters and 'Jemma Davis, Culture Gem' in purple bubble letters. Logos at the bottom include Avon & Somerset Police & Crime Commissioner, Culture Gem, Inclusive Change at Work, and SGDEN (South Gloucestershire Disability Equality Network).

Do It for the Nans: Cybersecurity and Neurodiversity, with Jemma Davis

Project Sandbox| Scam Me Podcast
June 03, 20256 min read

"Let's do it for the nans."

That’s not just a catchy slogan. It’s a mission. It’s about protecting the people we love from online scams and cyber threats that target the most vulnerable. For Scam Me, we sat down with Jemma, the founder of Culture Gem - our series sponsor and a true cyber storyteller - to talk about how cybersecurity and neurodiversity collide.

This blog unpacks the epic conversation: from teaching life skills to hacking ethics, from WannaCry to nanfluencers, from OSINT to DMARC. Buckle up - this one’s a ride.

What is Culture Gem?

Culture Gem is a unique, inclusive training platform that reimagines mandatory workplace training. It was designed by neurodivergent creators for everyone, especially those who struggle with rigid, one-size-fits-all learning. Instead of boring videos and long-winded text dumps, Culture Gem offers:

  • Podcasts and video games

  • News briefings

  • Colour customisation (11 choices!)

  • Multiple voice options

  • A chance to learn how your brain learns best

As Jemma puts it: “We built something that let you tailor the world around you, not just adjust yourself to fit into it.”

Cybersecurity and the WannaCry Wake-Up Call

Jemma never set out to be a cybersecurity expert. She began in teaching, then moved into direct marketing, yes, the kind of marketing where you show someone shoes and they buy the shoes.

Then came a defining moment in 2017: the WannaCry ransomware attack.

While running an event for 200 cybersecurity professionals, Jemma watched the chaos unfold as WannaCry, a massive ransomware attack, crippled computers globally, including the NHS. She saw first-hand the panic, the urgency, and the real-world consequences of poor cybersecurity practices.

“That was the moment,” Jemma said. “I realised this wasn’t just someone else’s job. I had to do something.”

And she did. That moment catapulted her from marketing into the mission-driven world of cyber safety.

Why ‘Do It for the Nans?’

Jemma’s nan is her inspiration, and her reality check. She’s not tech-savvy. She uses a corded phone with Jemma’s face on it as a call button. But scammers still target her constantly.

From fake Amazon calls to social engineering tactics, Jemma’s nan has become a mini-cyber warrior. She calls Jemma with questions like, “Should I care about this?” and then passes the advice down to her friends at the hairdresser.

“She’s a real-life influencer - a nanfluencer,” Jemma laughs.

By protecting her nan, Jemma is protecting everyone’s nan, and everyone else in the family tree. It's a ripple effect: teach one, and they teach ten more.

So, What Is Social Engineering?

Social engineering is when someone manipulates you into giving up personal or valuable information. It could be:

  • A phone scam pretending to be from your bank

  • A pop-up survey asking your pet’s name, birth date, or first car

  • Someone knocking on your door offering to ‘fix’ a wall, only to take your money and run

Cybercriminals often use what’s called FUD: Fear, Uncertainty, and Doubt. They scare people into making hasty decisions instead of teaching them how to respond.

According to Jemma, cybersecurity should be about reducing fear and increasing confidence. We don’t need to terrify people, we need to inform them.

What’s OSINT and Why Does It Matter?

Cam from the Inclusive Change team accidentally flexed some cyber muscles when he admitted to ‘stalking’ Jemma online for research. That’s when Jemma introduced a cyber term: OSINT, or Open Source Intelligence.

OSINT is when you gather information from publicly available sources, like someone’s LinkedIn, Instagram, or Facebook, to learn more about them.

“It’s not stalking. It’s research,” Jemma clarified with a grin.

DMARC, Email Spoofing, and the Spam Trap

Have you ever sent a legit marketing email only to find it landed in someone’s spam folder? That’s where DMARC comes in.

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a way to verify that an email really comes from you and not a scammer pretending to be you. Without DMARC set up, email systems get confused and mark even safe emails as suspicious.

Jemma breaks it down like this:

“When you send a marketing email through Mailchimp or HubSpot, your email system thinks someone is impersonating you. DMARC proves it's really you sending that email.”

It sounds technical, and it is, but tools like ChatGPT can help small businesses configure DMARC, SPF, and DKIM settings step-by-step. You don’t need to be a tech wizard. You just need to ask the right questions.

Security Is a Culture, Not a Checklist

Firewalls and code only go so far. Most cyberattacks - a whopping 96% - start with human behaviour.

Someone clicks a dodgy link. Someone holds the door open for a stranger. Someone uses ‘password123’.

This is why Jemma says security is a culture, not just a checklist of tasks. You need to build a mindset, not just install software.

And that culture includes understanding insider threats, not just the malicious ones, but the ‘survivalists’ who sell data out of desperation to pay a bill. If we only look for bad people, we miss the vulnerable ones.

Why Neurodivergent Minds Shine in Cybersecurity

Here’s where it gets exciting. Cybersecurity needs neurodivergent thinkers.

Jemma explains that many cyber professionals, and even hackers, are neurodivergent.

Traits like:

  • Hyperfocus

  • Pattern recognition

  • Intense curiosity

  • Creative problem solving

These are superpowers in this field.

She shared stories of people who ‘see’ music and become world-class DJs, or who find vulnerabilities because they approach problems sideways. In a world where cyberattacks are constantly evolving, these minds are critical.

How to Get Started in Cyber (Without Being Techie)

So you don’t have a tech background? Great. Neither did Jemma.

Here’s how anyone, especially young people or neurodivergent folks, can start a cyber career:

1. Follow Your Passion

Jemma didn’t start with tech. She started with care. She wanted to protect her nan. Find your ‘why’ - that’s your fuel.

2. Learn the Basics

Platforms like Udemy offer beginner-friendly cyber courses for as little as £14. You don’t need to know everything, just enough to know what excites you.

3. Network, Your Way

LinkedIn is powerful, but there are other spaces too:

  • Instagram cyber influencers

  • Discord servers

  • Cyber book clubs

  • Local and online meetups

And if someone sends you a job listing, that’s a sign. Apply.

4. Ask for Help

Cyber people love sharing what they know. Reach out. Ask questions. Ask for mentoring. “We know we need you”, Jemma says.

Final Words of Wisdom

We wrapped the conversation feeling inspired, informed, and more than a little in love with Jemma’s mission.

Cybersecurity isn't just about tech. It's about people. It’s about how we protect the ones we love, from our families to our customers to our colleagues. And it turns out the best way to do that?

Do it for the nans.

Want to learn more? 

Listen to Scam Me’ here on YouTube: Learning Inclusive Change

Visit Culture Gem here: Culture Gem

Follow Inclusive Change on LinkedIn: Inclusive Change Ltd - and Facebook: Inclusive Change

And remember, cybersecurity starts with you!


Cybersecurity for beginnersHuman side of cybersecurityCyber safety tipsSocial engineeringInsider threats in cybersecurityNeurodiversity in cybersecurityInclusive cyber careersLearning styles & digital trainingAccessible workplace learningHow to start a cyber careerDMARCCybersecurity jobs with no experienceNon-technical cyber rolesCyber apprenticeships UKProtect your nan onlineScams targeting older peopleTelephone scams awarenessOnline safety for seniorsCulture Gem trainingInclusive Change at WorkScam Me podcastCyber awareness podcastWhat is DMARC?Email spoofing protectionWhat is OSINT?
Back to Blog