Non-linearity, neurodiversity and the skills gap

PrivSec: Can you tell me a bit about your background, and how you came to be working in the cyber security field?

Lisa Ventura (LV): I had a very non-linear journey into cyber security, as I spent many years working in the entertainment industry with the host of Who Wants to be a Millionaire in the UK, Chris Tarrant.

My ex-husband was a former penetration tester before he made the move to work for himself when he invented some software to help him undertake his day job more quickly and easily, and I was fascinated with what he did – the mind of the hacker and the psychology of hacking. I joined his company in 2009 to help him grow the business, and when we separated and subsequently divorced in 2012, I knew that I wanted to stay in the cyber security industry.

Even then, I wanted to raise as much awareness as possible of the importance of taking cyber security seriously for small businesses, SMEs and the general public. I was frustrated that boards didn’t seem to want to take cyber security seriously, often passing the buck to IT departments when, in reality, being cyber aware and secure is everyone’s responsibility.

Since then, I have worked at BT on their Assure Cyber product, and as a cyber security awareness consultant for professional services organisations training their workforce to be more cyber aware and secure.

PrivSec: How did you come to found the UK Cyber Security Association (UKCSA)?

LV: In 2018, I spotted a gap for a membership association dedicated to cyber security to help raise even more awareness of the importance of staying safe online, and the UK Cyber Security Association was born.

PrivSec: Can you tell me about the Association, its aims, and the work it does?

LV: The UKCSA is  a membership organisation for individuals, small businesses, SMEs and corporate companies who are involved in or who work in the cyber security industry in the UK. Members receive a wide range of benefits, including access to the latest cyber security industry news, discounts on courses, seminars, networking events, conferences and items such as insurance and penetration testing, access to a directory of members and much more. We also supply compliance, security consultancy, risk management, penetration testing, bespoke security solutions and half- and full-day courses to small businesses and SMEs, all aimed at helping them understand cyber security and what it means for their businesses.

The UKCSA works to a set of objectives ensuring best practice and information assimilation from the cyber security industry in the UK and will lobby for awareness of cyber security, skills and training, education, and best practice. We also raise awareness of neurodiversity in cyber security, the cyber skills gap and education as to the importance of cyber security and why businesses should take it seriously.

Some of the UKCSA’s core objectives are:

1. To create and grow the UKCSA by developing a national infrastructure in all regions of the United Kingdom
2. To form key partnerships and stakeholder contact/agreements with all manner of cyber security government departments, professionals, and companies across the UK
3. The enablement of region-wide networks to support regional efforts on cyber security and e-business
4. To promote skills in cyber security nationwide
5. To increase business opportunities in cyber security to all our members, directly or via collaborations
6. Input to national, regional, and international policy development wherever possible.

PrivSec: What have been the highlights of your career in cyber security so far?

LV: Seeing the UKCSA grow to be a successful membership organisation has been a key highlight for me, along with winning numerous awards for my work including “Outstanding Contribution to Cyber Security” from SC Awards Europe, “Cyber Security Personality of the Year” from the UK’s Cyber Security Awards, winning a “We Are Tech Women” award and winning a “Supporter of Women in Cyber Security” award in the USA. I am also very proud of launching my book, The Rise of the Cyber Women: Volume One, in August 2020, which is a collection of inspiring stories and accounts from women all over the world who have had a non-linear journey into the cyber security industry.

PrivSec: You’ve done a lot of work in the area of diversity in cyber security. Could you tell me a bit about the issues the sector faces in this regard?

LV: In 2017, a SANS Security Awareness Report found that over 80% of awareness professionals have a highly technical background. While technical people understand the technology and problems we face, they do not have the skills or experience to effectively engage with employees and communicate those problems. Based on the available data, awareness is a communications problem.

There is a need to communicate opportunities in cybersecurity more widely, and this is pertinent to neurodiverse people, too. Also, at a recent event about neurodiversity and cyber security careers organised by IAAC and the Cyber Security Challenge UK, it was suggested that autistic people may only apply for a role if they meet every single requirement listed in the job advert. Calls for diversity are sometimes met with the argument that any initiatives to promote certain social groups give people in those groups an unfair advantage above others in society.

PrivSec: What should the industry be doing to address these issues, in your view?

LV: In order for cyber security professionals to do their job and solve some of the hardest technology issues faced by the world, people of all talents, backgrounds and abilities who think differently are needed. When you mix these things together creativity and innovation often follow.

PrivSec: What can the cyber security industry do to address the skills gap, in your view?

LV: I have a big hope that the cyber security industry will one day contain at least 50% women, but I feel there is a long way to go and much that still needs to be done before that can be achieved. To achieve this, we need to demystify cyber security and encourage the media to portray it in a much better way than they currently do.

We also need to create fun work environments that celebrate successes and create opportunities to build a stronger social community, while reducing intimidation in the industry – where the less technical are not intimidated by the “know-it-alls” in the industry.

Changing negative stereotypes in cyber security will take some time, but I believe that more women can be attracted into careers in cyber security. This will help to fill the employment gaps in the industry and lead to greater opportunities and stronger teams for women who make the move into a career in cyber security.

PrivSec: Where do you see the sector in ten years’ time? How do you think it will evolve?

LV: I think we will see systems that are smarter, more sophisticated and able to handle large populations and data amounts, that can take decisions in real time and connect to shared intelligence centres to keep us guarded.

As far as the general public is concerned, I believe keeping ourselves cyber secure will become much more commonplace and up there with our physical security and safety – and as ingrained into us as locking our doors at night and putting our seatbelts on when driving.

PrivSec: What’s next for the UKCSA?

LV: As we work through the coronavirus pandemic, the UKCSA will evolve to ensure that all types and sizes of businesses are cyber aware and secure, and that the general public is too, especially given the huge rush to working from home due to the virus.