“The (educational) information delivered to end users needs to be simple and easy to follow without complex language, jargon or acronyms.”
Introduction
At Logmeonce, we’re focused on helping protect you against cybersecurity threats. We do this in many ways. First, we provide you with a suite of tools, including a password management tool, to help keep your passwords safe.
However, technology itself can’t solve all of our security woes (as we’ll soon discuss below). Education plays a big role in staying safe online. For this reason, from time to time, we bring in cybersecurity experts from around the world to help educate you, our blog readers, about the various ways you can protect yourself online.
Today, Logmeonce had the opportunity to chat with Lisa Ventura, an award-winning Cyber Security consultant and is the CEO and Founder of the UK Cyber Security Association (UKCSA), a membership association that is dedicated to individuals and companies who actively work in cyber security in the UK. She has over 10 years’ experience in the cyber security industry and is passionate about raising awareness of being more cyber aware in business to help prevent cyber-attacks and cyber fraud.
We have an exciting interview planned for you today, so without further ado, let’s jump in!
The Interview
Hi Lisa and thank you for taking the time to speak with our blog readers today about your experience in the cyber security space. You’ve been involved in cyber security since 2009. Can you kick off the interview by telling us a little bit more about how you got into the cyber security space? What was it about the industry that pulled you in and never let you go?
In 2009 my ex-husband founded a cyber security software development company called Titania Ltd from our home office. I joined to help him develop it and at the time it was just the two of us from home (although he was still working full-time employed as an ethical hacker when he founded the company). We soon moved into offices and employed our first members of staff, and the company grew quickly.
I loved all aspects of cyber security, especially the psychology of hacking, the mind of a hacker and of raising awareness of the importance of cyber security, especially within businesses of all sizes. When my ex-husband and I separated and divorced in 2012 I knew I wanted to stay in the industry.
After a short contract at a locally based charity to get me back on my feet again I joined BT and worked on their Assure Cyber product. After that I undertook a wide variety of cyber security contracting work and founded the UK Cyber Security Association.
Can you tell us a little bit more about what a typical day looks like for you as a cyber security specialist? I’m sure it always changes, but for those thinking about getting into this field, who might want to learn more about what a typical day looks like, how would you describe that to them?
I am currently undertaking some work for Pinsent Mason’s solicitors as a cyber security awareness consultant, as well as running the UK Cyber Security Association. No two days are the same, but some of the tasks that I would undertake in a day includes working on crunching data following phishing email simulation exercises, putting together powerpoint decks on things such as ransomware, phishing, identity badge security for the senior partners at Pinsent Masons, updating the UK Cyber Security Website with the latest data breaches and threat reports and updating the UK Cyber Security Association’s social media channels with any cyber security breaking news that would be of interest to our audience. In addition, I will work on sending email bulletins out to our members, organising events, webinars and liaising with our event partners.
You’re a leader when it comes to inspiring other women to get involved in the cybersecurity space. You even wrote a book on the topic. On your website you mention “few women pursue careers in cybersecurity, but those who do are shattering the glass ceiling and contributing to the safety and security of the internet, the CNI and our day to day lives.” Why do you think it is that few women pursue careers in cyber security?
I think that women today might be interested in cyber security as a career path but might be put off entering it as it is still a male dominated profession. They may also think they lack the relevant skills and qualifications to enter the industry, but transferable experience also counts for a lot. Unfortunately, I have been subjected to bullying in the industry, and interestingly I’ve been bullied by other women in the industry, not by men. This can be soul destroying but I am determined to not let it affect me and to continue to work towards my goals.
I have also observed that many trade shows and exhibitions are aimed mainly at men and aren’t very welcoming to women. For example, I attended Infosec last June for the first time in a few years. When I was walking past the exhibitor booths on the second day, I noticed that some of them were handing out bottles of beer – at 10.00am in the morning! What’s more, those serving the beer bottles were only giving them to men who were walking past the stands in question and the staff on the stands were deliberately pulling the men in to talk to them, but not women. I called this #BeerBias. Much more needs to be done to change the perception of cyber security being a male dominated profession.
You have a focus on data/analytics, software, artificial intelligence and machine learning as they relate to cyber security. How are these technologies (for example AI) impacting the password security landscape?
I think these technologies are making an impact but there is still a long way to go before they completely replace traditional password methods. For example, biometrics can’t encrypt data successfully, nor can they be updated. Biometrics are also tied to individual devices, and there is also the problem of bias to consider. For example, MIT researchers found facial recognition systems were biased towards white men.
Multi-factor (2FA) still remains a preferred method of additional defence and security along with passwords.
What are some of the biggest advances you’ve seen in the password security space over the last couple of years?
As previously mentioned, I think biometric security is one of the biggest advances, and I am sure that in a few years once it has overcome many of the issues it currently has, it will become much more mainstream.
Do you believe that users simply have too much security responsibility on their shoulders (i.e. remembering complex passwords, educating themselves on all of the security threats they could face in a day etc). Should more of this responsibility be placed within the technology we use? How do you see personal cyber security responsibility changing in the upcoming years?
Awareness is key, and I believe that password management tools and other software will be imperative in helping others take responsibility for being safe online, but these must be easy to use and implement. I believe it will be a combination of technology and education/awareness for end users that will be key in helping end users with their cyber hygiene, but the information delivered to end users needs to be simple and easy to follow without complex language, jargon or acronyms.
Do you believe that the cyber security industry is doing a good enough job of educating the public about the risks they face each day? If not, what more do you think can be done? In your opinion, how effective has educating the public been when it comes to protecting the public from hacks?
I think there is still a “head in the sand” approach to cyber security not just in business but with the general public as well. Every day there are a myriad of stories in the press about data breaches, but unless it actually happens to them and affects them directly, many people don’t feel the need to take cyber security seriously. I put some of this down to Y2Y, a huge hype was created around this and when the year 2000 came nothing really happened! As a result, many are reluctant to take cyber security seriously.
Much is being done to educate the general public about growing cyber threats and what they can do to stay safe online, and I believe the key is to deliver information to the public in an easy to understand way.
If you could give three pieces of advice to a regular user of the internet with respect to protecting themselves online, what would those three pieces of advice be?
Make sure your internet connection is secure by using a secure VPN connection, keep your antivirus program up to date (you would be amazed at how many people don’t do this) and practice safe browsing by going incognito when using browsers such as Chrome.
What do you believe will be the biggest cyber security threats we face in 2020?
There are many cyber security threats that we are still facing today, but I believe some of the ones that we need to take more note of is the growing sophistication of email phishing attacks. In addition, we will see more smartphones and devices being used in surveillance attacks, and more hardware and firmware attacks. DNS spoofing is also on the rise, but the industry is moving to take more action on this.Thank you greatly for taking the time to chat with Logmeonce’s blog readers today Lisa. It’s been an insightful interview. To our cybersecurity blog readers, if you’d like to learn more about Lisa and the work she does, you can follow her on Twitter.
