Lisa Ventura is an award-winning cyber security specialist, content writer, and speaker. She is the Founder of Cyber Security Unity, a global community organisation that is dedicated to bringing individuals and companies together who actively work in cyber security to help combat the growing cyber threat. Lisa is also a cyber security mindset and mental health coach and offers help and support to those affected by stress, burnout, bullying/abuse and mental health issues in cyber security and Infosec. In June 2023, she was awarded an MBE in King Charles III’s birthday honours list for services to cyber security and diversity and inclusion.
Recently, in an exclusive interview with Digital First Magazine, Lisa shared her professional trajectory, insights on the cybersecurity trends to watch out for in 2024, her most favorite part of working at Qualitest, personal role models, significant career milestone, future plans, pearls of wisdom, and much more. The following excerpts are taken from the interview.
Lisa, could you please tell us about your background and areas of interest?
I transitioned into the cyber security industry in 2009, prior to that I spent many years in the entertainment industry working with Chris Tarrant who was the host of “Who Wants to be a Millionaire” in the UK. I got into cyber security when I joined Titania Ltd, a cyber security software development company, and I’ve been in the industry ever since. I specialize in the human elements of cyber security and cyber security awareness training.
According to you, what are the cybersecurity trends to watch out for in 2024?
The cyber security industry is evolving rapidly, and new threats emerge by the second, never mind by the day, but there are a few trends I think we will see and continue to see in 2024:
Firstly, ransomware will continue to be a significant threat, with cybercriminals targeting individuals, businesses, and even critical infrastructure. Attackers often demand payment in cryptocurrency, making it challenging to trace and recover funds. In addition, the Zero Trust model has gained prominence, emphasizing the need to verify and authenticate users and devices at all stages, even if they are inside the corporate network. This approach helps prevent lateral movement by attackers. As organizations increasingly migrate to cloud environments, securing cloud-based assets becomes a top priority. Misconfigurations and inadequate access controls are common issues that can lead to data breaches.
The use of artificial intelligence and machine learning in cybersecurity has become more prevalent. These technologies are used to analyze vast amounts of data to identify and respond to threats more effectively. With the rise of remote work, securing endpoints (devices like laptops, smartphones, and tablets) has become crucial. Endpoint detection and response (EDR) solutions are increasingly used to protect against advanced threats.
Phishing remains just as prevalent when it comes to attackers gaining unauthorized access. Social engineering tactics are continually evolving, and organizations are focusing on user awareness training to mitigate this risk. Also, cybercriminals often target the supply chain to gain access to larger organizations. This involves compromising software updates, third-party vendors, or other components of the supply chain.
What is your most favorite part of working at Qualitest?
At Qualitest we’re working on some groundbreaking projects in the XR field, and it is incredible to see how this emerging technology will help organizations that choose to embrace it. I get involved in lots of different areas at Qualitest and I’m excited for the future and to see where these emerging technologies take us.
What do you think are the biggest threats for companies at the moment, and what are common weaknesses in IT security strategies?
Some of the biggest threats to organisations include supply chain cyber attacks, along with phishing and social engineering. We’ve all seen how Solarwinds unfolded, and the threats seen in supply chains haven’t gone away. Some common weaknesses include a lack of cyber awareness training to encourage everyone to play their part when it comes to security, but I don’t think that people are our weakest link. They can also be our biggest asset.
Are there any challenges that you have faced as a woman working in this field? Do you think there are enough opportunities for women in the tech field?
I’ve not only had challenges as a woman in cyber security, I’ve also had challenges as someone who is neurodivergent (diagnosed with autism in 2018 and ADHD in January 2023). I’ve been at the receiving end of a massive amount of bullying and abuse, not just from men but also from women in the industry, which is very disappointing as women are supposed to support each other in cyber, not tear each other down. I’ve done lots of research into this, and I’ve found that the majority of bullies and abusers have narcissistic traits or even full-blown narcissistic personality disorder. I also think that more awareness of careers in cyber security could be made for women.
Who has influenced you the most in life and why?
I am a huge fan of the rock band Queen, and throughout my life I have been massively influenced by their lead singer Freddie Mercury. Although he died young at the age of 45 from AIDS-related pneumonia, he lived life to the full and wasn’t afraid to take risks. In the film “Bohemian Rhapsody” there is a line in it – “Fortune Favours The Bold” – and I’ve lived by that quote since I heard it.
What lessons you have learned from your professional career? What risks have you taken in your career that have paid off?
I’ve learnt – as hard as it is sometimes – not to pay attention to the bullies and abusers, and that it says far more about them than it ever will about me that they chose to bully and abuse me. I’ve also learnt that imposter syndrome never goes away, rather it is managed, and those who are neurodivergent and been subjected to bullying and abuse are far more likely to be impacted by imposter syndrome.
I took a risk launching the UK Cyber Security Association back in 2018, today it is a thriving community and called Cyber Security Unity, with the express aim of uniting the cyber security industry to combat the growing cyber threat.
What do you feel has been your ‘career-defining’ moment?
Finding out that I had been awarded an MBE in King Charles III’s first birthday honours list in June 2023 for services to cyber security and diversity and inclusion. I still can’t believe it today, it doesn’t seem real.
How do you think we can attract more young people to this field?
We need to address cyber security’s image problem to make it more attractive to young people looking to enter the industry, something I’ve written about extensively.
Tell us about your future plans. Where do you see yourself in the next five years?
Since the pandemic hit I am a bit reluctant to say I want to be doing X in 5 years’ time as none of us could have predicted that, or the economic uncertainties that have come up since then, but I would love to still be in cyber security and still raising awareness of the importance of it. I would also love to be a book author and have plans for a couple of books in cyber security.
Please share some advice for someone looking to start a career in cybersecurity.
Embarking on a career in cybersecurity can be both rewarding and challenging. To start, it’s essential to build a strong foundation in computer science, information technology, or a related field. Gain a solid understanding of networking, operating systems, and programming languages, as these form the backbone of cybersecurity knowledge. Familiarize yourself with key concepts such as encryption, firewalls, and intrusion detection systems. Additionally, consider pursuing relevant certifications like CompTIA Security+, Certified Information Systems Security Professional (CISSP), or Certified Ethical Hacker (CEH), as these credentials can bolster your resume and demonstrate your commitment to the field.
Beyond technical skills, developing a holistic understanding of the cybersecurity landscape is crucial. Stay informed about the latest threats, vulnerabilities, and industry best practices through continuous learning. Engage with the cybersecurity community by participating in forums, attending conferences, and networking with professionals. Consider gaining practical experience through internships, capture-the-flag (CTF) competitions, or personal projects. Ethical hacking and penetration testing can provide hands-on experience and showcase your problem-solving skills. Lastly, emphasize the importance of soft skills such as communication, teamwork, and adaptability, as these qualities are highly valued in the dynamic and collaborative field of cybersecurity. Building a well-rounded skill set and staying proactive in your learning journey will position you for success in this rapidly evolving field.