Lisa Ventura is a newly appointed Advisory Group member at West Midlands Cyber Resilience Centre. An award-winning cyber security consultant, Lisa founded the Cyber Security Association (UKCSA), a membership association that is dedicated to individuals and companies who actively work in cyber security in the UK.
With over 10 years’ experience in the industry, Lisa is passionate about raising awareness of cyber security among businesses and is an advocate for improving gender equality and neurodiversity in the industry. Her first book, ‘The Rise of the Cyber Women’, was published in August 2020.
We spoke to Lisa about her role at WMCRC, what issues she feels are facing the industry as a whole, and how cyber security can become a more inclusive, diverse space.
Tell us a little bit about your role on the WMCRC Advisory Group.
My role on the WMCRC Advisory Group is to provide strategic advice and help on the various campaigns and projects that the Centre is undertaking to raise awareness of the growing cyber threat to small businesses and SMEs.
I am very honoured to join the Advisory Group of the WMCRC. The West Midlands has a huge concentration of cyber security organisations and individuals who are doing great work in the industry to bring cyber security to the forefront of people’s minds.
What impact are you hoping WMCRC will have on the local community? I hope that the WMCRC will be at the forefront of raising awareness of the growing cyber threat, and that it will be instrumental in providing collaboration with the government, the police, organisations, education and the National Cyber Security Centre which is something that is very much needed in the region to help combat the growing problem of cybercrime. I look forward to seeing the WMCRC becoming a strong resource in the West Midlands for businesses to call on to help them against the growing threat of cybercrime, and I’m proud to be a part of it from the get-go.
What do you feel are the biggest issues facing the cyber security industry at the moment?
Remote working is one area – getting everyone to work from home quickly earlier this year has left many organisations wide open to cybercrime, and much more needs to be done to raise awareness of this and to stop organisations falling victim to cybercrime. It is important that businesses recognise where they might need to bring in additional measures and to ensure that their employees are cyber aware to mitigate the risk of attacks. Secondly, the supply chain and their cyber posture and resilience is another key area where cyber security needs addressing. Your organisation may have taken all the cyber security precautions that it can, but if your supply chain has not this could leave organisations open to a cyber attack. In addition, organisations need to be aware of phishing, smishing, ransomware and malware.
You are an advocate for women in the field, what advice do you have for women who might be interested in a career in cyber security?
I have a big hope that the field will one day contain at least 50% women, but I feel there is a long way to go and much that still needs to be done before that can be achieved. To achieve this, we need to demystify cyber security and encourage the media to portray it in a much better way than they currently do.
We also need to create fun work environments that celebrate successes and create opportunities to build a stronger social community while reducing intimidation, so the less technical are not intimidated by the “know-it-alls” in the industry. Changing the negative stereotypes will take some time, but I believe that more women can be attracted into careers in cyber security. This will help to fill the employment gaps in the industry and lead to greater opportunities and stronger teams for women who make the move into the field. I’d also advise any woman who is looking to enter the cyber security industry to get a mentor and to network, network – and then network some more! One of my favourite quotes is ‘fortune favours the bold’, and that has certainly held true for me. Although I have been in the cyber security industry since 2009 it was only in the last two years or so that I started to adhere to that quote. I would ask for things and contact people I never would have dared to get in touch with before. This led to lots of new doors being opened for me.
What steps can businesses take to create a more diverse working environment?
When it comes to creating a more diverse working environment, you need to talk more about your diversity goals. If you can embed these into your company culture from the start, more responsibility will be taken for their delivery. Understanding and tackling unconscious bias is also key, and training for hiring manages is crucial to eliminate this in the recruitment process. Embracing flexible working is also key, and this has come much more to the forefront since the COVID-19 pandemic took hold. There is a clear link between flexible working which includes flexible hours, remote working, part-time and job share opportunities, and the ability to attract diverse talent. If organisations change their default stance to “we are a flexible employer”, this is a very positive step.
Tell us a bit more about your book, ‘The Rise of the Cyber Women’
I entered the cyber security industry in 2009 when I joined my ex-husband’s company Titania Ltd, having spent the first part of my career working in the entertainment industry and in marketing and PR. I knew that I wanted to stay in the cyber security industry, so I founded the UK Cyber Security Association, and it soon became clear that I was a minority as a woman in the industry. In 2019 I was at a talk at Infosec in London given by Professor Sue Black, and it was during this inspiring talk that I had the idea for ‘The Rise of the Cyber Women’. I wanted to provide an outlet through my book to give a voice and platform to those who have had a non-linear path into cyber security and their stories. For example, those who made a conscious decision to move into it or moved into it by chance, those who have overcome adversity to get to where they are today, or those who have a different and unique perspective of cyber security and their journey into the industry. “The Rise of the Cyber Women: Volume 1” was released in August 2020 to great acclaim. The interest in it was huge, so much so that I am already working on volume two which will be released on 8 March 2021, in line with International Women’s Day. I wanted to give a voice to women in cyber security globally and showcase their inspiring journeys into the industry in the hope that it helps and inspires other women to consider a career in cyber security, but who may be put off because they think it is very male dominated and because they think they need a technical background to enter it. I was honoured that so many amazing women shared their stories with me for the book and hope it will be a valuable resource to women in cyber security.