In May, Eliza May Austin co-founded her first company with the idea of making cyber more accessible to all UK businesses. The straight-talking force behind the Ladies of London Hacking Society – now 1000 members strong – speaks to Rullion about shaking up the industry, how women can get ahead in cyber and why she no longer goes on Twitter.
Can you describe your current role?
I’m CEO of th4ts3cur1ty.company – the name of the company is also the URL, because we wanted to be awkward! We’re based in London but focused on businesses across the UK, from large corporates to SMEs. Currently, my role is a crazy mix of developing and refining the services, the technical side, marketing, being creative, and getting the word out there.
We have two main areas – building security operation centres, the speciality of co-founder and CTO Stephen Ridgway, and running purple team engagement, a process where teams work together to provide a more holistic, swifter test of system vulnerabilities than standard pen (penetration) tests. We also offer a unique pay-per-ticket SIEM [security information and event management] service that’s affordable for smaller businesses.
How did you get into cyber security?
I studied digital forensics at university, but I backed away from that as soon as I finished the degree. I hadn’t realised how diverse information security was – and I have been head-hunted pretty much since.
I started Ladies of London Hacking Society in March 2018 to give women a space that they felt comfortable in to learn technical skills. I thought initially that maybe 10 people would turn up, but we ended up with a packed room and since then it has gone from strength to strength. We have monthly London events, we now have a management team, we have opened a Norwich chapter and we’re opening a Sheffield chapter. It’s grown to around 1000 members.
What do you enjoy most about your job?
I’m my own boss and I like being in control of my time. There are dangers in that, but it is incredibly refreshing being so creative. I was also surprised to find that I really like the marketing side of the business – I thought it was going to be a chore.
What’s the most surprising thing about working in cyber security?
So many companies are content to be insecure. You don’t realise how much of an endemic issue this is until you are having conversations with decision-makers and realise that you may as well cut it short, because they have no intention of using not just our services, but any services of the kind.
While security gets talked about a lot, it still isn’t something that’s seen to add value. This surprises me, because we were talking about the same issues five years ago.
Why aren’t more women choosing a career in cyber?
At the end of the day, you must be crazy to work in a male-dominated environment on your own.
There are still major issues, perhaps worse than ever, when teenage girls are obsessed with airbrushing themselves rather than what’s going on at school. Young people get anxiety now about going outside because they don’t look like what they look like on their Instagram feed.
A lot of women are just not interested in cyber security – but then you have the question of why women tend to go into the industry for three years on average and then leave.
There are little things on a day to day basis, such as when you go to a conference on your own and nobody wants to speak to you, but when you walk around with a man, salespeople all jump out to talk, even though he may have less say in budget than you do.
Men are some of our biggest supporters of the Ladies of London Hacking Society. But on the flipside, there are so many men who feel threatened by it. One of the reasons I came off Twitter was that I couldn’t be bothered with the messages I was receiving and the kind of stuff I was being tagged in.
How would you encourage more women to enter the industry?
We need to make it less mysterious. Share knowledge. I don’t think you necessarily need to go to university; if I knew then what I know now, I wouldn’t have. It’s an ever-evolving industry and there is so much free material online – spend some time on sites like edx.org, cybrar.it, udemy.com, udacity.com and hackthissite.com and work out what interests you. All you need is wi-fi and a browser, and you can learn anything you want.
The number of female CISOs has grown to 20% in 2019 – are you starting to see the impact?
I don’t know, because I don’t know what impact we are expecting. I have never worked in an environment with a female CISO, but I know that when women have power, they tend to leverage it to help other women. For example, you have leaders like Becky Pinkard [CISO at Aldermore Bank], who started WEDS [We Empower Diverse Startups], and HSBC CISO Paula Kershaw, who is helping set up our hacking society in Sheffield.
What can the cyber community do to help future generations?
Embrace people from different backgrounds – for example, by not insisting that an applicant must have a specific degree and 10 years’ experience. We need to make it more accessible in that sense.