Lisa Ventura is an award-winning cybersecurity consultant and the CEO and Founder of the UK Cyber Security Association (UKCSA). She has a diverse background and over 23 years of experience in PR marketing, technology, and cybersecurity.
Since 2009, Lisa has been associated with the cybersecurity industry. Her first experience was as the Chief Operations Officer/PR & Marketing Director at Titania Ltd, a leading cybersecurity software development company in the UK.
Lisa is avid about raising cybersecurity awareness amongst individuals and businesses to help prevent cyber-attacks and cyber fraud. She is a thought leader, author, and keynote speaker and has been published in various publications globally.
Question 1: Cybersecurity is at the forefront of international discussions and summits. Are sufficient measures being taken by world leaders to combat growing cybersecurity threats?
Lisa: One of the big projects that the UK Cyber Security Association is working on is around the theme of “stronger together,” that is, encouraging world leaders, governments and organisations globally working together and collaborating to combat growing cybersecurity threats. By working together and sharing best practice and information assimilation, cyber threats can be taken more seriously.
Question 2: Little to no importance is given to gain cybersecurity awareness, especially during an employee’s onboarding process. Should cybersecurity training be made compulsory?
Lisa: When it comes to defending your organization against cybercrime, your employees are your last line of defence. Strengthening your human firewall will reduce the risk of your employees falling victim to phishing, ransomware or other cyber security threats. Enrolling your users in security awareness training on a regular basis will prepare them with the skills that they need to be able to identify and report cybersecurity threats. As part of any security awareness training plan users should require your users to complete assigned security training. This means making training mandatory for all users.
Question 3: Cyberattacks such as cyberstalking and cyberbullying are on the rise. What advice would you give to teens newly introduced to the digital realm?
Lisa: We always advise teens to “share with care” and be aware when being introduced to the digital realm. Once you understand the types of threats lurking in the internet’s shadows, you can take action to minimize the risks to teenagers. Communication is the key to keeping teens safe online and in the real world. Whether your child is in the preteen years or just celebrated their sweet 16, it’s never too early (or too late) to start talking to them about internet safety.
Clearly outlining expectations for online behaviour and identifying internet safety rules that will help protect teens will help. Include things like sharing email accounts and online usernames and passwords. Also, it is important to identify social networking sites and apps that are safe to use and others that are off limits.
Question 4: Data breaches and cyberattacks threaten the fabric of the digital landscape. As someone having broad marketing experience, what’s the best way to raise cybersecurity awareness?
Lisa: Every business is at risk of a cyber-attack. In 2020, cyber attacks on organisations cost the UK economy £10 billion, with seven out of ten companies falling victim to a cyber-attack or breach. When a CEO is confronted with a cyber-attack or data breach, they start to worry about their vulnerabilities in the technology they use and forget to look at the very people using those technologies everyday – their employees. According to a recent Data Breach Investigations Report, more than 90% of cyber-attacks were traced back to human error, suggesting that mistakes caused by humans both initiates and amplifies the risk of cyber-crime and the damage it poses to businesses. The best way for business directors, CEOs and managers to combat this threat is to create a risk-aware workplace culture, and that starts with cyber security awareness through a range of measures such as phishing email simulations and engaging training modules to encourage greater safety online.
Question 5: We’re witnessing more women in tech and cybersecurity than ever before. How would you encourage more women to join the ever-evolving industry?
Lisa: While there has been some positive progress with encouraging more women into careers in cyber security, such as programs aimed at getting girls and women into the field, there is still much to be done to encourage them to join. Retention is a key problem. Many often leave the industry due to burnout, lack of career progression and the toxic culture often found in the industry. Many efforts to address more inclusion and diversity in cyber security don’t go much further than a few PR pitches and lack anything substantial. Sadly, women are still paid less, promoted less and deal with discrimination and harassment, which leads to the pursuit of other career paths away from cyber security. Equally, with such technical terminology often being used this can be very off putting to women looking to enter the industry. My work in this area focuses on supporting and mentoring women who are looking to enter the cyber security industry or may be considering a career transition in cyber security.
The media and popular culture often portrays cyber security as being done by a socially inept young guy in a hoodie; this began in the 1980s and is still prevalent today. This is not the right image to attract a more diverse workforce into the industry, and even for companies and academic programs that have tried to overcome this image, the perception that it exists and that cyber security is hostile towards women deters many girls and women from entering it.
I’ve seen a number of barriers to women continuing in cyber security jobs once they have entered the field. Common things I’ve come across include a lack of mentors, a lack of female role models in the field, gender bias in the workplace, unequal pay compared to men for the same skills and jobs and unequal growth opportunities compared to men. This often leads women to feeling demotivated in their roles and leaving the cyber security field altogether.
I think we need much greater representation of underrepresented groups in cyber security across all aspects of society and media. There are many strong female role models in cyber security who deserve to have their voices amplified. News outlets need to stop citing male cyber security experts, and industry conferences should include more female speakers and demonstrate their commitment to having inclusive codes of conduct. If women and girls don’t see it, they won’t want to be it. Women must be visible and seen as experts in cyber security but unfortunately when women are contacted for their insights it is often to talk about gender issues and not about their technical skills and capabilities. Therefore, when girls see female role models in cyber security, they often only hear awful statistics and not the great work that women are doing in the industry.
Question 6: In your opinion, are privacy tools enough to combat the growing cyber threats? What steps should individuals and businesses take to secure their digital IT infrastructure?
Lisa: There are a number of steps that individuals and businesses should take to secure their digital IT infrastructure, and they include undertaking regular cybersecurity assessments, training your staff and implementing mandatory cyber awareness training programmes, keeping your software updated, having round the clock threat monitoring, ensuring you have an up to date incident response plan, implementing least privilege access management, ensuring external cyber intelligence, assessing your third-party vendor risk regularly and not overlooking the importance of securing your physical environment too.
Question 7: You have been vocal about being autistic and neurodiverse. What message would you give to those who are on the autism spectrum?
Lisa: When I was diagnosed as autistic it was like a lightbulb had gone off in my head! So much made sense about why I am the way I am, and I used that knowledge to put new processes and things in place to help me in my day-to-day life. Since I was diagnosed, I have campaigned for neurodiversity in cybersecurity, and to encourage those who are neurodiverse to consider a career in the industry. I’ve written about my diagnosis extensively on the MeDecoded site; it was a safe space to help me understand my diagnosis and process it.
Question 8: Other than work, how do you spend your time outside the cybersecurity realm?
Lisa: I am a HUGE fan of Queen and Freddie Mercury and grew up with the band from the moment I was born. When I first saw the film “Bohemian Rhapsody” in October 2018 which I had been looking forward to for years, the line “fortune favours the bold” in it resonated with me completely, and I’ve been living with that in mind ever since. I think that has been instrumental in my success in cybersecurity – I’ve asked for things and advanced my career in ways I never thought possible because “fortune favours the bold.” If I ask for something that is the worst that can happen, the answer is no – that’s fine – I will try, try and try again. I even wrote this list of 5 life lessons I picked up from the film here. I also love films/movies, spending time with my dog Poppy, bullet journaling and writing poetry and short stories when the mood takes me.
Thank you, Lisa, for the insightful interview. We are sure that our readers will find this interview as a heads up to raise awareness about cybersecurity. Moreover, we hope that your remarks about women in cybersecurity serve as an inspiration to women looking to get into the field of cybersecurity. As for our readers, you can follow Lisa on her Twitter where she often shares her views @cybergeekgirl.