For years, Lisa Ventura had been working in the entertainment industry in the UK. Yet, she decided to quit show business for cybersecurity. Her first husband lured her into the field, which she is still in love with despite her broken marriage.
“My first husband was an ethical hacker, and I used to be fascinated with his work,” Ventura told CyberNews. That is how her journey into cybersecurity started back in 2009.
During the 11 years that passed since, she founded the UK Cyber Security Association, dedicated to individuals and companies who actively work in cybersecurity in the UK, and published two books - The Rise of the Cyber Women: Volume One and The Varied Origins of the Cyber Men: Volume One. Lisa is also an advocate for women in cybersecurity, the cyber skills gap, and neurodivergent people. Recently, she has been diagnosed with autism, and now she’s advocating a career in cybersecurity for people on the autism spectrum.
Along with discussing her career choice and the topics she is passionate about, we also asked Lisa to give our readers some cyber-related books, movies, and TV series recommendations.
“It is very cheesy, and you have to take everything in it with a pinch of salt, but it is good escapism,” she said about one of her favorite movies about hacking.
Stay tuned to find out what movie she was talking about.
How did you decide to shift to cybersecurity? What was the biggest challenge?
I didn’t enter the cybersecurity industry straight away. After my studies, I spent many years in the entertainment industry, working with the host of Who Wants to Be a Millionaire in the UK, Chris Tarrant, at his management company. I also worked with other high-profile TV and radio presenters in the UK, such as John Kettley, Richard Allinson, and Ed Doolan, during my time there. Alongside this, I was very active with the organization of festivals in my local community, and I founded a highly successful literary festival and was actively involved in the start of a music festival as well, which all kept me very busy.
My first husband was an ethical hacker, and I used to be fascinated with his work. He couldn’t tell me a lot about it as he undertook a lot of government-related and MOD (The Ministry of Defense, UK) work in this area, but I was always passionate about computers, technology, and gadgets, and this extended to hacking, the psychology of hacking, and what motivates hackers to do what they do. In 2009, I was at a crossroads career-wise and decided to join my first husband’s cybersecurity software development company to help him with his workload. I was actively involved in all areas of the business, and when we separated in 2012, I was more upset about coming away from the business than I was about the end of our marriage! I knew I wanted to stay in the cybersecurity industry, and that is exactly what I did.
At this point, I worked for British Telecom on their Assure Cyber product. Then I became a cybersecurity awareness consultant, working mainly with professional services organizations to help train their workforce to be more cyber aware through things like phishing email simulation exercises and cyber escape room activities. In 2018, I founded the UK Cyber Security Association. Today, along with this, I am a published writer and author in cybersecurity as well as a participant in many events and webinars as a keynote speaker.
Were you aware of cyber risks yourself when you dived into cyber security?
Cybersecurity had, of course, been around for many years when I joined the industry in 2009. But it wasn’t talked about anywhere near as widely as it is today. The conversations around the growing cyber threat were only just becoming mainstream at the time. I was, however, aware of the importance of using anti-virus software and having a robust firewall to protect from potential cyber threats, for example, and the risks that spam emails posed.
Over the years, the conversation around cybersecurity has changed as the threats have evolved, and it has become much more mainstream than it was when I first entered the industry.
What do you do? Are you more of a cybersecurity evangelist, or are you programming and writing algorithms?
I am a cybersecurity awareness consultant mainly, and I work with organizations, particularly in professional services, to train their staff to be more cyber aware to protect their organization. I do this through phishing email simulations, cyber escape rooms training, and sending targeted and key internal communications about the latest cyber threats and data breaches, and advise about what to do if they accidentally click on a phishing email attempt, for example.
In addition to this, I contribute to numerous publications with articles offering advice about the latest cyber threats and data breaches and around key topics and themes in the cybersecurity industry, such as women in cyber, the cyber skills gap, neurodiversity and cybersecurity, and cybersecurity and home working (in the light of the pandemic). I also speak at numerous events on different topics and themes within the cybersecurity industry.
I am the CEO & Founder of the UK Cyber Security Association (UKCSA), a membership organization for individuals, small businesses, and corporate companies. Members receive a wide range of benefits, including access to the latest cybersecurity industry news, networking events, a yearly conference (also virtual at the moment), training, discounts on cybersecurity software products, insurance, and much more. The UKCSA also raises awareness of cybersecurity risks, cyber skills, training, and best practices.
My aim with the UKCSA is to bring the industry together to share best practices and learnings in cybersecurity. We also already undertake lots of work and projects to support women in cyber, those who are neurodiverse in cyber, and the cyber skills gap.
Since you dived into cybersecurity, how has the situation changed - are businesses now better-prepared, more aware of risks? The number of cyberattacks is still rising worldwide. I guess there’s still a lot of work to be done?
I have a saying - we can protect our networks and systems to within an inch of their lives, but an even more skilled and sophisticated hacker will come along and find a way through that protection. As quickly as we evolve when it comes to the growing cyber threat, the hackers progress, too.
Unfortunately, I think there is still a lot of work to be done to educate businesses on the growing cyber threat. I still see a ‘head in the sand’ approach to cybersecurity – many think they don’t need it until they are breached or hit with a cyberattack, and then it is too late. The move to working from home due to the pandemic has helped to bring cybersecurity more to the forefront, but it is shocking how many organizations still haven’t thought about the security ramifications of their employees working from home and then transferring data back to the office if and when we return to some sort of normality. There is still a long way to go to get businesses and organizations thinking about their cybersecurity posture and what they need to do to protect themselves.
Why do some women and girls feel discouraged from entering cybersecurity?
Some of the things in films and so on can be quite off-putting. For example, the whole image of the guy in the hoodie hacking into systems from his bedroom. I think there needs to be more done to make it a lot more inviting for women to come forward and consider a career within the industry.
Does this problem start at a young age, maybe when females are discouraged from entering the science field in general?
I think that a lot more could be done to encourage girls to enter STEM. And doing that through schools, universities, and colleges to get them interested in the subject.
Does this also impact the skills shortage?
I do believe so. I think the pandemic over the last year has helped to make some great strides for that. Where people have been sadly, and unfortunately, losing their jobs in other areas and other industries, I'm seeing a bit of a surge at the moment for people looking to move into careers within cybersecurity. From that angle, the pandemic may well be a bit of a driver getting more people, either men or women, interested in cybersecurity.
I'm working with an organization called Women in CyberSecurity (WiCyS) UK to find ways to encourage more women that, unfortunately, have been made redundant from the pandemic, to consider STEM or cyber. We are looking for ways to get them interested in these fields to hopefully close the cyber skills gap a little.
What is your forecast for the skills gap in the future? Will it widen further?
A lot more needs to be done to hopefully try and close it a bit more, and great strides are being made. I still think that more could be done to make the industry a lot more welcoming, especially to newcomers. I've seen things on Twitter and LinkedIn where you can, you know, try to come forward and express some opinions, and then some of the more seasoned people shut those opinions down. And it's quite sad to see things like that because it can be quite off-putting.
I often hear that the requirements for candidates to get a job are high. You either have to have some certifications or be already very experienced to enter the field. Can someone at the complete beginner level enter cybersecurity?
More and more people I'm finding are entering without any formal qualifications. And a lot has to do with networking as well and having transferable skills. My background prior to that was very much within the PR and marketing space. So I had a lot of transferable skills with writing, with conducting training sessions. I used to do media training in my past life, and I was able to bring those skills also transferable to what I did within the realms of cybersecurity awareness. So I do a lot with things, such as simulations, cyber training, sending regular, timely communications out about the latest data breaches, and phishing emails to train people to be a lot more cyber aware.
Do you think that sometimes the geeky language is a reason why cybersecurity, or IT in general, might not seem appealing? It might be not that hard, but that vocabulary might drown you if you are a beginner.
Absolutely. I see this all the time. Here is a classic example. I was running a training session in conjunction with a cyber academy in Bristol years ago. The two male trainers, great guys, very adept in their fields, very technical, were confusing their audience with all the acronyms and technical jargon such as DDoS. You could just see the audience was glazing over because they didn't have a clue what these guys were talking about. They weren't translating what they were saying to their audience. I remember spending the lunch break and explaining things to the audience. I think that there's a need for that kind of skill set. One of the things that I was doing is taking that tech, all that jargon, all those different acronyms, and translating it into an easy to understand language.
You are talking a lot about neurodiversity and introducing cybersecurity as a career choice for neurodivergent people. Why is this topic so important to you?
I was diagnosed as autistic in June 2018. The diagnosis came quite late in life, but it explained so much about why I did things that I did and how I approach things, and how to cope with day-to-day life in general. And I also realized I've been masking a lot of that throughout my entire life. So I was able to use that diagnosis. I don't need to mask how I am now. I know what it is. At that point, I started to do some research, which showed that cybersecurity is quite a suitable career choice for those who are diverse. So we started working with organizations, such as Cyber Security Valley UK and the WISE campaign, to train our people for careers in cyber. Having all those forces of evil helps with conducting a stretch and having those conversations.
Please give our readers some recommendations for movies, TV series, and books related to the cyber world.
I am a huge film buff and love TV shows, especially Sci-Fi. When it comes to films and TV shows involving hackers and cybersecurity, I have a few favorites: Mr. Robot, Black Mirror, Hackers, Tron, War Games (it is very cheesy, and you have to take everything in it with a pinch of salt, but it is good escapism) and The Matrix.
You have also hit the nail on the head with one of my interests, as I do love films that have artificial intelligence at their heart, especially the movie A.I., which gives a view of how machines with AI could evolve to be more human. With The Matrix, the thought of AI enslaving humankind, and we are all hooked up to machines, and the life we are living is not real, and part of the Matrix is a very scary thought!
I wish that films and TV shows would steer clear of the stereotype of the male hacker in a hoodie huddled over his computer. It could be very off-putting to some women looking to enter the cybersecurity industry, and more needs to be done to overcome these hacker stereotypes.
When it comes to books in cybersecurity, I tend to read a lot of non-fiction ones to learn new skills and keep them up to date. I recently read Dr. Jessica Barker’s book “Confident Cybersecurity”, which is a great read if you are new to the industry and looking at how to get started, and Geoff White’s “Crime Dot Com” book, which covers how hacking went global.
More great CyberNews stories:
Subscribe to our monthly newsletter