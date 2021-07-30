Seek out ways to enhance your overall quality of life through your work — travel opportunities, flexible working, or developing lasting friendships

The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading The Cybersecurity Industry”, we had the pleasure of interviewing Lizzie Clitheroe, a cybersecurity specialist, heading up Arkose Labs’ product marketing team. In this role she delivers data-driven insights into fraud, abuse and authentication trends. She also is on the leadership team of UK-based non-profit, The Cyber Helpline, which provides free emergency assistance to the victims of cybercrime. Lizzie has 10+ years’ experience working for fast-growth security vendors spanning fraud prevention, network security and application security.

Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?

I grew up and studied in the UK with dual Australian and UK heritage and have been globe-trotting on and off since I was 18. I have loved my career in international roles for USA-based cybersecurity vendors, with positions in both London and Silicon Valley. I have worked in the cybersecurity industry for most of my career — across network security, appsec, and fraud prevention.

Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?

I recently read a fascinating book which any aspiring feminist (both male and female!) must read: Invisible Women: Exposing Data Bias in a World Designed for Men. It uses data to cast light on the “default male bias”, which means that it is entrenched in our psyches to see the male experience as “normal” and anything else as niche… despite women being half the population! Examples of the effects of this phenomenon range from life-and-death to just frustrating for women. I am lucky to work for a company that is very supportive of its diverse workforce — but I bet we can all think of examples in workplace culture where we inadvertently have this bias. An example that springs to mind is women beating themselves up for being “unprofessional” if they get emotional at work — because it is not how a male would likely react.

Is there a particular story that inspired you to pursue a career in cybersecurity?

The Stuxnet virus which targeted an Iranian uranium enrichment facility was the most memorable story from my early career — the most sophisticated malware ever seen. What was most striking about this era was the fact that advanced persistent threats devised for cyber warfare became a concern for businesses as they could overnight become a commodity that could attack far and wide.

We still see that phenomenon today; as much as we talk about the “sophisticated” and “advanced” attackers hitting businesses, the reality is that not everyone we come up against is a cybercriminal mastermind. Many attacks are rinse-and-repeat, after the hard work is done upfront to devise them. One of the most pernicious realities of today’s cybercrime and fraud landscape is the democratization of attacks. Well-resourced cybercrime ecosystems in play provide the tools to launch attacks at scale — in a simple, cost-effective and repeatable manner.

Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?

In the midst of a busy industry events period in Europe, we had back-to-back security trade shows in Paris and Stockholm and I was responsible for a little snafu with the booths that got shipped out. It turned out to be quite the talking point at the Stockholm event, when we exhibited with all our booth graphics and brochures en francais.

Are you working on any exciting new projects now? How do you think that will help people?

At Arkose Labs, we are about to launch an exciting new initiative to offer companies another layer of protection. We are taking the level of service that companies can expect from their security vendors to the next level by putting our money where our mouth is on the efficacy of our platform. As the fraud and security technology industry advances, there can be a danger that people get very hung up on the feature lists rather than assessing technologies on the ultimate efficacy of the platform. Our team is 100% dedicated to ensuring we not only detect, but deter attacks, while improving user experience on websites and apps.

Another exciting initiative that I am involved in, is through my work with The Cyber Helpline. Being part of a volunteer-led organization that provides direct, emergency access to cybersecurity expertise for individual victims keeps me that bit closer to the industry’s collective aim of protecting people from the horrible effects of fraud and cybercrime. There is currently a major fundraiser happening, called Infostep 2021, where a group of cybersecurity professionals from across USA and UK are doing a mammoth 19,000 mile walk (virtually) to raise up to 70k dollars for The Cyber Helpline and the Innocent Project. Both excellent causes!

The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?

I am immensely proud to be working in an industry that is fighting the good fight against the fastest-growing crime affecting individuals today. Fraud and cybercrime leads to a multi-faceted fall-out for victims encompassing emotional strain and financial concerns; as well as the hassle of trying to ensure they are protected going forward. People deserve to be protected on the websites and apps they use as an intrinsic part of their life; they also deserve access to assistance in the event of falling victim to cybercrime — and sadly law enforcement is lagging behind in providing that assistance to day-to-day victims.

In slightly less altruistic terms, it’s also exciting to be part of such a high-growth industry brimming with exciting career opportunities, and those busy cybercriminals do give us excellent job security!

It also gives me the opportunity to work with some seriously talented folks, bringing a unique mix of creativity and technological excellence in the battle against the latest ingenious ways to monetize attacks on business. The variety of problems we can help our customers with means there is never a dull moment. From stolen cloud computing to mine for cryptocurrencies; protecting all-important bank account logins: protecting the world’s favourite socially distanced pastimes- some of the most popular online games from disruptive bot activity.

What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?

As the cybersecurity industry has matured and commercialized, there is a danger that we lose sight of the everyday people that fall victim to attacks. There are tens of thousands of private cybersecurity experts yet individuals routinely struggle to get practical and timely advice on how to secure their online environments in the wake of an attack — something that The Cyber Helpline is on a mission to address. Supporting volunteer initiatives that provide individuals with direct access to cybersecurity expertise can make a big difference.

From a business perspective, there is the challenge of legacy systems and solutions that can be entrenched and hard to rip out. Because these are complex challenges to solve, often new technologies and systems take a lot of time, effort and money to deploy and make them tick — even supposedly nimble SaaS solutions. I think the future lies in solutions which offer rapid or instant time-to value and can therefore be more impactful for current business problems.

On a different note, the unequal representation of women is still alive and well in our industry. While the reasons for this are complex and multi-faceted, and go beyond the power of individual organizations’ policies, people are directly influenced by visible role models. Therefore one practical step is for businesses, media publications and industry events to ensure that there is a mix of male and female voices represented. At Arkose Labs we run an annual “Bankrupting Fraud Summit” with 50+ industry speakers and ensure that there are no male-only panels, and aim for a 50–50 split in speakers across the sexes.

Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for?

The key threat that companies should be adjusting to is the proliferation of digital touchpoints on their websites and apps that need protecting — as consumers interact and transact across web, mobile, smart TVs and gaming consoles. The new reality is that every single user touchpoint will be targeted, with attackers devising highly inventive ways to monetize abuse. This gets especially complicated as the internal responsibility for these touchpoints can be spread across different teams — information security, product management, fraud and authentication. Businesses need to work across internal silos and leverage flexible security controls which can protect the proliferation of user touchpoints

Can you share a story from your experience about a cybersecurity breach that you helped fix or stop? What were the main takeaways from that story?

This is not exactly a breach but something interesting I worked on recently was a case study on kids and the internet and what children in particular were most vulnerable to when it came to fraud and cyberattacks. With the rise in remote learning due to the pandemic, children become unlikely targets for cyberattacks, given how much time they were spending online and in front of their computers. We uncovered some useful data and through a public awareness campaign, educated parents and children on steps to take and ways to keep them protected against fraud.

What are the main cybersecurity tools that you use on a frequent basis? For the benefit of our readers can you briefly explain what they do?

There are a number of tools such as VPNs, authenticator apps, and SMS authenticator that I use — however, my perspective is that when digital products can bake security more seamlessly into their platforms — that is the sweet spot.

As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?

Any unusual activity on a digital account should be investigated — however, with the sheer number of user accounts the average digital user has these days, it makes it hard to have that as a safe way to ensure protection; the onus should be on the business to protect accounts. From my work with The Cyber Helpline, I know that the top reasons that individuals seek help resolving a cybersecurity issue are hacked accounts, cyberstalking and other online harassment, and stolen cryptocurrency. Sometimes it can be complex for individuals to really get a handle on these issues in the wake of an attack, especially because there has been a wave of “digital debutants” due to the pandemic — people forced online regularly for the first time.

Another thing to watch out for, which fortunately most businesses are educating staff on and banks are trying to as well is social engineering and phishing. While some spear-phishing can be easy to fall for, there are simple steps that a lay person can take to check the validity of an email. These steps include; checking URLs before clicking on hyperlinks, watching out for spelling mistakes, and if an email is asking for any personal or sensitive email check separately with the institution that it is supposedly coming from before doing anything,

After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?

Get the experts in, and act quickly! While most major corporations will have great internal talent, in the event of a crisis it serves to bring in additional firepower to contain and remediate attacks. Recovery can be greatly expedited when working with people who are dealing with live security attacks day in and day out.

What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?

Being distracted by the bells and whistles of a product when selecting vendors by focusing too much on features — rather than fast time-to-value, demonstrated results, and the potential for a true partnership.

Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?

We clearly need more women in STEM, however it is a complex problem to solve that starts in the way we educate our kids and goes all the way through to the way we hire people.

What are the “myths” that you would like to dispel about working in the cybersecurity industry? Can you explain what you mean?

I know highly successful people in cybersecurity who have learned through sheer passion and experience. People with PhDs in astrophysics; people who have studied computer science; people who have studied history; people who have been in cybersecurity their whole careers; people who have taken it up 20 years in.

My point is that many different routes can lead to making a splash in this dynamic industry.

What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)

Seek out ways to enhance your overall quality of life through your work — travel opportunities, flexible working, or developing lasting friendships. Choose career moves based on technology ideas that excite you. Don’t under-estimate the performance lift that working for an inspiring leaders brings. Embrace public speaking and actively seek out opportunities to hone your presentation skills. Put yourself forward for pay raises, promotions and equity.

Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why?

Greta Thunburg. It’s awe-inspiring how she has taken the world by storm. She is driven by passion and a complete disregard of what her place as a young schoolgirl should have been; facing up to people far more powerful than herself.

Thank you so much for these excellent stories and insights. We wish you continued success in your great work!