Lisa Ventura MBE is an award-winning cyber security specialist, published writer/author, and keynote speaker.
She is the Founder of Cyber Security Unity, a global community organisation that is dedicated to bringing individuals and organisations together who actively work in cyber security to help combat the growing cyber threat. As a consultant Lisa also works with cyber security leadership teams to help them work together more effectively and provides cyber security awareness and culture training, and training on the benefits of hiring those who are neurodiverse. She has specialist knowledge in the human factors of cyber security, cyberpsychology, neurodiversity and AI in cyber, and is also a Co-Founder of International Imposter Syndrome Awareness Day.
How did you land your current role? Was it planned?
I didn’t plan to get into the cyber security industry, it happened purely by chance as I spent years prior to transitioning into cyber security in 2009 working with Chris Tarrant, the host of “Who Wants to be a Millionaire” at his management company. My ex, who was very high up as an ethical hacker/penetration tester, invented a software tool in his spare time called Nipper Studio, and I joined Titania Ltd to help with launching and selling the product. After we separated and divorced, I knew I wanted to stay in cyber security, and I found myself more in the cyber awareness field. I also founded the UK Cyber Security Association, now known as Cyber Security Unity, in 2015.
What are the key roles in your field of work, and why did you choose your current expertise?
There are a lot of transferrable skills that lend themselves well to cyber security and with what I do with cyber awareness training, communication and presentation skills are key. I also have an ability to take very technical information, remove the jargon and demystify it for the reader, and present it in an easy-to-understand way. This is crucial for small businesses and SMEs who don’t necessarily understand cyber security and why they need to take it seriously.
Did you (or do you) have a role model in tech or business in general?
Yes – Professor Sue Black who led the “Save Bletchley Park” project. I was lucky enough to meet her and see her give a talk about her career at Infosec in 2019, and she still inspires me today.
What are you most proud of in your career, so far?
Being awarded an MBE by King Charles III in his first birthday honours list for services to cyber security and diversity and inclusion. Nothing could ever top it for me.
Are there any specific skills or traits that you notice companies look for when you’re searching for roles in your field?
Communication skills are key, as are project management skills, especially as you will need to get across key aspects of cyber security such as behaviour change and culture change. People skills are also important, especially when rolling out a cyber champions programme, or rolling out team training events such as cyber escape rooms.
Has anyone ever tried to stop you from learning and developing in your professional life, or have you found the tech sector supportive?
While I have found the tech sector largely supportive, I have been subjected to some horrific bullying and abuse in the cyber security industry, and from some very surprising people. I talk about this quite openly today, but I do get worried for others who are drinking the Kool Aid so to speak of these bullies and abusers in our Everyone thinks are amazing, but they are narcissists of the highest order and very Jekyll and Hyde – they know exactly who they can bully and target, and they especially target those who are neurodivergent or vulnerable. Bullying and abuse has no place in cyber security and it needs to stop.
Have you ever faced insecurities and anxieties during your career, and how did you overcome them?
Oh yes, all the time! I have a very high degree of imposter syndrome, which really came to the forefront when I was awarded my MBE. I don’t think imposter syndrome can be conquered; I think it is something you learn to manage more than conquer.
Entering the world of work can be daunting. Do you have any words of advice for anyone feeling overwhelmed?
If you are unsure as to what area of cyber security you would like to get into, think of it like this. Say you decide you want to become a doctor. There are lots of different specialisms and areas that you can become a doctor, or you might decide to be a General Practitioner, and it is a question of researching and deciding which area or specialism would suit you best. Cyber security is the same, it is a matter of finding the right area of cyber that you would like to specialise in. The UK Cyber Security Council also recently released a careers mapping tool that can help when you are deciding this.
What advice would you give other women wanting to reach their career goals in technology?
Degree or no degree? Certs or no certs?
There are some arguments that certifications in cyber security aren’t necessary to enter it, and some discussions around whether having a degree is needed to enter the industry. The short answer is no – having a degree will not stand you in better stead to get into the industry
Instead, start by gaining a solid foundation in cyber security. There are numerous online courses, tutorials, and certifications available that cater to various skill levels, and many of these are available for free. Some possible certifications include Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and CompTIA Security+. These certifications can enhance your knowledge but add credibility to your CV, but when it comes to finding the right certification/s, there is no one size fits all approach. The UK Cyber Security Council has recently launched a certifications framework project that can help with this.
Another possible route into the industry is to consider signing up for a cyber security bootcamp. I can highly recommend Capslock who offer 16 week full and part time bootcamps as a pathway to becoming a cyber security professional.
Whatever path you decide to go down when it comes to having a degree or certifications in cyber security, do your homework and research and take advice from others who have been through any bootcamps you’re interested in and studied for a degree or various certifications.
Networking matters
Building a professional network is crucial in any industry, including cyber security. Attend industry conferences, seminars, and workshops in person and virtually that dedicated to the industry as these events provide opportunities to connect with industry professionals and peers, learn about the latest trends, and gather insights that can help you excel in your career. I’ve invested a lot in building my professional network in cyber security and have spent lots of time developing this on LinkedIn and Twitter in particular, as well as at face-to-face and virtual events.
Join online communities
There are many online forums, social media groups, Discord channels, Slack groups, and platforms where cyber security enthusiasts can gather to discuss topics, share insights, and ask questions. Join these to engage in discussions, ask for advice, and share your experiences. LinkedIn, Twitter, Reddit, and specialised cyber security forums are great places to start.
Gain some hands-on experience
Theory alone isn’t enough in cyber security, as practical experience is highly valued. Consider setting up a home lab where you can experiment with tools and techniques in a controlled environment. “Capture the Flag” (CTF) competitions and platforms like “Hack the Box” provide hands-on challenges that can help you refine your skills.
Find a mentor
Having a mentor can provide guidance, motivation, and a valuable perspective. Seek out experienced professionals in the cyber security field who can offer advice, share their experiences, and help you navigate your career path. Mentorship can significantly accelerate your career growth.
If there is a particular person you would like to have as a mentor, don’t be afraid of asking them. The worst that can happen is that they say no, and you never know – they might say yes. This happened to me in 2019; I went to Infosecurity Europe and attended a “Women in Cyber” event where Professor Sue Black was speaking. I went up to Professor Black at the end and asked her if I could connect with her and if she would consider acting as a mentor, and she agreed. Sometimes, fortune favours the bold, so go ahead and ask, it might lead to a yes or to some great opportunities for you.
Stay up to date with industry news
Cyber security is a rapidly evolving field. New threats and technologies emerge by the second, never mind daily or weekly, and there is much to keep up to date on. Subscribe to industry newsletters, follow cyber security blogs, listen to industry podcasts, and keep an eye on reputable news sources to stay up to date with the latest developments.
Develop your soft skills
While technical skills are important, soft skills like communication, problem-solving, and teamwork are essential for cyber security. Effective communication is especially important in explaining complex technical concepts to non-technical stakeholders.
Diversity is an asset
Remember that diversity brings a range of perspectives to the table, which is incredibly valuable in cyber security. Embrace your unique viewpoint and use it to contribute to the industry’s growth and innovation. The cyber security industry is perfect for those who are neurodivergent as those who are autistic or have ADHD for example can often spot patterns and idiosyncrasies that may be overlooked and crucial. In addition, their hyper focus can be a great asset to cyber security when it comes to navigating through any attacks or data breaches.
Find Job opportunities
When you feel ready, start looking for job opportunities. Cyber security roles vary widely, from penetration testing and threat analysis to security consulting and incident response. Tailor your CV and cover letter to showcase your skills and experience so they align with the specific role you are applying for.
Remember you are not an imposter
Imposter syndrome can be a huge problem and hold many women back from considering a career in cyber security, but it can be managed. One of the things to manage imposter syndrome that works for me is to keep an achievements journal. I’m a huge fan of bullet journalling, so I often create spreads in my bullet journal that focus on the wins and achievements I’ve had, no matter how small. Then when I find feelings of imposter syndrome creeping in, I’ll look at the wins and achievements I’ve had to help ground me and help me realise that I achieved those things on my own merit. It really helps!
Having undertaken a lot of research into imposter syndrome and how it affects people in their careers I Co-Founded International Imposter Syndrome Awareness Day that takes place annually on 13 April. More information about this can be found here – www.iisad.org.
Confidence, resilience, and perseverance
Lastly, and I know it is easy for me to say, but believe in yourself and your abilities. The cyber security field may have challenges, but perseverance is key. Don’t be discouraged by setbacks; instead, view them as opportunities to grow, learn and improve.
