In Conversation With...
Lisa Ventura, CEO of UK Cyber Security Association, on all things cyber security and gender balance in the industry.
1. Tell us a bit more about the Association, its main purpose and benefits? The UK Cyber Security Association (UKCSA) is a membership organisation for individuals, small businesses, SME’s and corporate companies who are involved in the cyber security industry or who want to gain access to information to help them be more cyber aware. Members receive a wide range of benefits including access to the latest cyber security industry news, networking events (virtual at the moment of course), a yearly conference (also virtual at the moment), training, discounts on cyber security software products, insurance and much more. The UKCSA also raises awareness of cyber security awareness, cyber skills, training and best practice as well as helping more women enter careers in the industry neurodiversity in cyber security, the cyber skills gap and education as to the importance of cyber security and why businesses should take it seriously.
2. What has prompted you to set up UKCSA? I entered the cyber security industry in 2009 after a long career in the entertainment industry working with Chris Tarrant of “Who Wants to be a Millionaire” fame, and after I had been in it a few years I realised that there wasn’t an active membership association that I could join for the cyber security industry to share best practice and find out about the latest threats and attacks, and the idea for the association was born.
3. We have undoubtedly become extremely reliant on technology and “online” way of life as a result of the pandemic. How has the cyber threat evolved in line with this over this past year? I sit on the Advisory Group of the West Midlands Cyber Resilience Centre, and during our first meeting last month it was clear that there are 2 key areas where cyber security urgently needs to be addressed. Remote working is one area - getting everyone to work from home quickly earlier this year has left many organisations wide open to cyber-crime, and much more needs to be done to raise awareness of this and to stop organisations falling victim to cyber-crime. It is important that businesses recognise where they might need to bring in additional measures and to ensure that their employees are cyber aware to mitigate the risk of attacks. Secondly, the supply chain and their cyber posture and resilience was another key area where cyber security needs addressing. Your organisation may have taken all the cyber security precautions that it can, but if your supply chain has not this could leave organisations open to a cyber-attack. In addition, organisations need to be aware of phishing, smishing, ransomware and malware – all of which have grown exponentially over the years and have exploded this year due to COVID-19.
4. A recent survey by (ISC)² revealed that 3.1m people are needed in cyber security worldwide, with 22% of companies reporting a significant shortage of dedicated cyber security staff for the period of April - June 2020. With this in mind there are calls to promote female talent in this space. You are also a strong advocate for women in cyber security. Tell us a little bit about your work in this respect.
While there has been some positive progress with encouraging more women into careers in cyber security, such as programs aimed at getting girls and women into the field, there is still much to be done to encourage them to join. Retention is a key problem. Many often leave the industry due to burnout, lack of career progression and the toxic culture often found in the industry. Many efforts to address more inclusion and diversity in cyber security don’t go much further than a few PR pitches and lack anything substantial. Sadly, women are still paid less, promoted less and deal with discrimination and harassment, which leads to the pursuit of other career paths away from cyber security. Equally, with such technical terminology often being used this can be very off putting to women looking to enter the industry. My work in this area focuses on supporting and mentoring women who are looking to enter the cyber security industry or may be considering a career transition in cyber security.
5. Cyber security is everyone’s issue, but why do you think there is such gender disbalance in this area? The media and popular culture often portrays cyber security as being done by a socially inept young guy in a hoodie - this began in the 1980s and is still prevalent today. This is not the right image to attract a more diverse workforce into the industry, and even for companies and academic programs that have tried to overcome this image, the perception that it exists and that cyber security is hostile towards women deters many girls and women from entering it. I’ve seen a number of barriers to women continuing in cyber security jobs once they have entered the field. Common things I’ve come across include a lack of mentors, a lack of female role models in the field, gender bias in the workplace, unequal pay compared to men for the same skills and jobs and unequal growth opportunities compared to men. This often leads women to feeling demotivated in their roles and leaving the cyber security field altogether.
I think we need much greater representation of under-represented groups in cyber security across all aspects of society and media. There are many strong female role models in cyber security who deserve to have their voices amplified. News outlets need to stop citing male cyber security experts, industry conferences should include more female speakers and demonstrate their commitment to having inclusive codes of conduct. If women and girls don’t see it, they won’t want to be it. Women must be visible and seen as experts in cyber security but unfortunately when women are contacted for their insights it is often to talk about gender issues and not about their technical skills and capabilities. Therefore, when girls see female role models in cyber security, they often only hear awful statistics and not the great work that women are doing in the industry.
6. Tell us a little bit about your recently published book “The Rise of the Cyber Women: Volume One” - what prompted you to this? Will there be a Volume Two?
When I founded the UK Cyber Security Association, and it soon became clear that I was a minority as a woman in the industry which was dominated predominantly by men. In 2019 I was at a talk at Infosec in London given by Professor Sue Black, and it was during this inspiring talk that I had the idea for “The Rise of the Cyber Women”. I wanted to provide an outlet through my book to give a voice and platform to those who have had a non-linear path into cyber security and their stories, for example, they may not have started off in the cyber security industry and done something entirely different, but then either made a conscious decision to move into it or moved into it by chance, to those who have overcome adversity to get to where they are today in the cyber security industry and to those who have a different and unique perspective of cyber security and their journey into the industry. “The Rise of the Cyber Women: Volume 1” was released in August 2020 to great acclaim. The interest in it was huge, so much so that I am already working on volume two which will be released on 8 March 2021, in line with International Women’s Day. I wanted to give a voice to women in cyber security globally and showcase their inspiring journeys into the industry in the hope that it helps and inspires other women to consider a career in cyber security, but who may be put off because they think it is very male dominated and because they think they need a technical background to enter it. I was honoured that so many amazing women shared their stories with me for the book and hope it will be a valuable resource to women in cyber security.