Globally, gender stereotype has been a perennial impediment for women in all walks of life. Expressions like “girls are not good at math” and “engineering is more male-friendly,” continue to impact women in the workplace. Nevertheless, over the last two decades, women have challenged the status quo and spearheaded social, political, and economic battles. Similarly, they have excelled and gained significant ground in the world of cybersecurity, which was once considered an exclusive domain for men. And though men and women have equal access to participation in leadership and mentorship development programs, women face unconscious bias from their male counterparts.
To discuss the alarming gender gap in cybersecurity, Pooja Tikekar, Feature Writer at CISO MAG, engaged in a conversation with Lisa Ventura, CEO and Founder of the UK Cyber Security Association (UKCSA). Lisa is an award-winning cybersecurity consultant and her journey into the cybersecurity industry was a non-linear one as she spent many years in the entertainment industry working with Chris Tarrant, the first host of “Who Wants to Be a Millionaire” in the U.K. She made the move into cybersecurity in 2009. She is part of the Advisory Group for the newly created West Midlands Cyber Resilience Centre, sits on the board of Think Digital Partners, and is part of Cyber Security Valley U.K. Lisa is also a strong advocate for women in cybersecurity, the cyber skills gap, and neurodiversity.
Edited excerpts of the interview follow:
Your career path had predominantly been into content marketing and PR. What inspired you to switch to cybersecurity and to founding the UK Cyber Security Association?
I didn’t enter the cybersecurity industry straight away. After I completed my studies, I spent many years in the entertainment industry working with the host of “Who Wants to Be a Millionaire” in the U.K., Chris Tarrant, at his management company. I also worked with other high-profile TV and Radio presenters in the U.K. such as John Kettley, Richard Allinson, and Ed Doolan during my time there. Alongside this, I was very active with the organization of festivals in my local community, and I founded a highly successful literary festival and was actively involved in the start of a music festival as well, which all kept me very busy.
My first husband was an ethical hacker and I used to be fascinated with his work. He couldn’t tell me a lot about it as he undertook a lot of government-related and MOD work in this area, but I was always passionate about computers, technology, and gadgets, and this extended to hacking, the psychology of hacking, and what motivates hackers to do what they do. In 2009, I was at a crossroads career-wise and decided to join my first husband’s cybersecurity software development company to help him with his workload. I was actively involved in all areas of the business and when we separated and subsequently divorced in 2012, I knew I wanted to stay in the cybersecurity industry, and that is exactly what I did.
At this point I worked for BT on their Assure Cyber product, then I became a cybersecurity awareness consultant working mainly with professional services organizations to help train their workforce to be more cyber aware through things like phishing email simulation exercises and cyber escape room activities. In 2018 I founded the UK Cyber Security Association, and today along with this I am a published writer and author in cybersecurity, as well as a participant in many events and webinars as a keynote speaker.
How is the UKCSA helping the public in educating and raising awareness about the importance of cybersecurity, especially in the unprecedented situation of COVID-19?
The UK Cyber Security Association is a membership organization for individuals, small businesses, SMEs, and corporate companies who are involved in the cybersecurity industry or who want to gain access to information to help them be more cyber aware. Members receive a wide range of benefits, including access to the latest cybersecurity industry news, networking events (virtual at the moment due to COVID-19), a yearly conference (also virtual at the moment), training, discounts on cybersecurity software products, insurance, and much more. The UKCSA also raises awareness of cybersecurity awareness, cyber skills, training, and best practice as well as helping more women enter careers in the industry, neurodiversity in cybersecurity, the cyber skills gap, and education as to the importance of cybersecurity and why businesses should take it seriously. In addition, much of our work currently focuses on educating as many organizations and individuals as possible as to the importance of staying safe online especially during the pandemic where there has been an unprecedented rise in the number of cyberattacks.
The pandemic has led to a surge in the usage of the Internet, which leaves businesses at the mercy of cybercriminals. And while the industry uses cybersecurity tools, there’s still a shortage of skilled and diverse personnel to address the risks and challenges. What could be the reason?
I think the main reason for this is that there is a misconception that you need to have a technical background or be technical to enter the industry. But this is simply not the case, and I realized that there must be many in the cybersecurity industry like me who had a non-linear journey into it, or who didn’t start their careers in cybersecurity or tech. I went from the entertainment industry working with high-profile celebrities in the U.K. to the cybersecurity industry, and I wanted to give space to those who, like me, transitioned into cyber from a different industry. This was the genesis of my books “The Rise of the Cyber Women” and “The Varied Origins of the Cyber Men.” I was honored to be able to feature those from all walks of life from all over the world in the books, and one thing that was clear to me was that not having a technical background was not a barrier to entering the industry. More needs to be done to raise awareness of this, particularly in schools, colleges, and universities.
According to a survey conducted by SANS Institute, 35% of women said their gender was the number one challenge to career advancement. This indicates a worrying gap in the representation of women in the industry. How can we bring in improved hiring practices?
One of the things I think would help to attract more women to take up careers in cybersecurity is to make job postings more inclusive. Language such as “cybersecurity ninja” or “cybersecurity rockstar” often alienates female applicants, but if the more straightforward language is used in job ads, more women are likely to apply for roles. Some companies utilize apps that use data science to highlight problematic words or phrases in job descriptions or ads, and that suggest new words and phrases that will attract more diverse applicants.
You were diagnosed as being #ActuallyAutistic in June 2018. And you’ve been a campaigner for neurodiversity in cybersecurity. Tell us more about it.
When I was diagnosed as autistic it was like a lightbulb had gone off in my head! So much made sense about why I am the way I am, and I used that knowledge to put new processes and things in place to help me in my day-to-day life. Since I was diagnosed, I have campaigned for neurodiversity in cybersecurity, and to encourage those who are neurodiverse to consider a career in the industry. I’ve written about my diagnosis extensively on the MeDecoded site, it was a safe space to help me understand my diagnosis and process it.
Women in cybersecurity still hold fewer positions of authority. Why is gender discrimination still going unchallenged?
I think we are doing better to attract more women to the industry, but much more still needs to be done. Supporting flexible working hours, a flexible working location, job sharing, or three weeks on/one week off enables people to set their hours and location where they feel at their most productive, while still delivering on deadlines and projects. Trust that people can be productive even if they don’t work in the same way or at the same time as others. In addition, those who are neurodiverse often get stressed when a deadline is approaching and undertake their work as far as possible in advance, while others find that they need the adrenaline rush that comes when waiting until (almost) the last minute to deliver a project. Finding the right ways for women to work at their best and around other commitments, especially childcare, can pay dividends.
Cybersecurity is a male-dominated industry, but times are slowly changing. What are the first steps that women can take to start their path toward a career in cybersecurity?
Firstly, identify your transferrable skills. Unlike other professions, cybersecurity experience is often not needed to get into the industry, but many will come from roles that have similar skillets. If you can demonstrate relevant existing experience, your transferable skills as they are known, there is no reason why you can’t get a foot on the ladder in cybersecurity. Also, network and make as many industry connections as possible. Meeting people is a great way to hear about opportunities when they become available. Attend as many cybersecurity events and conferences as you can, even if you have to do them remotely at the moment due to the pandemic. Qualification is another way to get a foothold in the industry. Which ones you need will depend on your career path, but you should seek out a course that covers general topics and gives you a good oversight into cybersecurity and what it entails.
Young girls, who want to pursue a career in cybersecurity, might experience self-doubt. As a thought leader and mentor, what is your advice to them?
Don’t be afraid to ask about opportunities, the worst that can happen is that the answer is No. One of my favorite mantras is “fortune favors the bold” — women often tend to feel that their knowledge isn’t good enough and put themselves down – impostor syndrome is rife in cybersecurity. As the industry is vast and constantly changing and evolving, it is very easy to fall into this trap of self-doubt. My advice is to stay confident about the skills you bring to the table and be just as assertive about your thoughts. Cybersecurity is a great line of work with a lot of varied opportunities. Knowing that you work in an industry that makes someone’s life a little safer will keep you going for a long time in this career.
About the Author
Pooja Tikekar is a Feature Writer and part of the editorial team at CISO MAG. She writes news reports and feature articles on cybersecurity technologies and trends.
CISO MAG’s March issue on Women in Cybersecurity is out. Preview here. Subscribe now!