Five Minutes With: A Field CTO

Former government cybersecurity expert Lauren Wilson explains why cyber could learn a thing or two from behavioural economics

What was your route into cybersecurity?

I’ve always been naturally inquisitive and curious, with a strong desire to protect people. Becoming a police officer or lawyer were very visible ways that I could achieve that, but at the same time I was passionate about technology and how it would shape the future. So when I saw a technical apprenticeship with the government advertised 12 years ago, I jumped at the opportunity to blend both passions. I then spent two years on an intense programme learning from world-leading experts. From studying for a Computer Science degree to placements working on complex technical challenges, this was a unique way for me to play my part in keeping the nation safe.

If you could retrain for a dream job, what would it be?

It might sound cliché, but thanks to 2000’s Lauren and her insights, I’m living my dream job. That said, I’d still like to be closer to the front line of policing, maybe as a detective. I’ve always been drawn to roles that use my analytical and investigative mindset, and that path feels like the most rewarding way to use those skills.

What has been your most challenging role to date?

Very early in my career, my skillset found me working on the “front lines” of UK cyber incidents, I spent my time working with countless organisations on what was often their worst cyber day – navigating serious breaches like ransomware, with real-world disruptive impacts. It was emotionally tough, constantly context-switching across sectors and organisation sizes.

What made it hardest wasn’t always the technical complexity, it was working alongside smaller organisations facing potentially business-ending consequences. Supporting them through those moments, was incredibly challenging but equally the most rewarding.

What’s the biggest misconception about cybersecurity?

That you have to be deeply technical. Knowing the right questions to ask, combined with a curious mindset, are absolute must haves. A broad specialism such as cyber-incident management, necessitates being able to jump in and tackle the problem of the day, knowing enough to enable you to get the right experts in the room to support you. Skills like stakeholder management, communications and leadership are just as critical as technical knowledge.

Best and worst thing about your job?

In tech, especially in cybersecurity, the industry never sleeps. You’re constantly surrounded by emerging threats, evolving attack surfaces and the pressure to stay one step ahead. Switching off isn’t always easy, but the pace, the impact and the sense of purpose make it incredibly rewarding.

What advice would you give to women considering a role in cyber?

Don’t be put off by the lack of diversity. Cybersecurity needs people from all backgrounds and your perspective is a strength: own it. If you’re curious, willing to learn and enjoy problem-solving, there’s a place for you here.

Also, don’t underestimate the amazing perks this field can offer. As a working mother, being able to manage my time and work remotely has been a huge benefit – and one of the reasons I’ve been able to grow in the industry. But what keeps me in this industry is the culture. Cybersecurity is a team sport – no one succeeds alone and the amazing people that have the same mission make it a great place to build a meaningful career.

“Behavioural economics encourages us to see challenges not simply as linear technical puzzles”

What’s the biggest as-yet-unsolved problem in cybersecurity?

Visibility – both strategically and operationally.

Strategically, it’s about securing genuine support from stakeholders. Cybersecurity is too often viewed as a technical blocker or just a cost, rather than a business-critical priority. That perception makes it difficult to get the investment and executive attention needed.

Operationally, the challenge lies in today’s sprawling and complex IT environments. Thanks to cloud, hybrid systems, legacy infrastructure, and shadow IT, gaining a clear, end-to-end view of your estate is incredibly difficult. And without that visibility, it’s nearly impossible to understand your true risk posture, let alone secure it.

What industry or sector do you think cyber could learn from?

Human behavior has always fascinated me, but it was hearing Rory Sutherland talk about Behavioural Economics that really made it click. It’s a field that blends psychology and economics to understand how people actually make decisions – which are often anything but perfectly logical or rational. This approach helps us rethink how we measure and value things, going beyond just numbers. In cybersecurity, that perspective is invaluable. It encourages us to see challenges not simply as linear technical puzzles, but as complex, messy, human-centered issues.

Tell us a guilty secret

Rory has become my intellectual hero. And my surefire way to switch off? Falling asleep listening to repeats of his talks. I choose repeats so I’m not too hooked, but his witty, lighthearted style is incredibly soothing. It helps me wind down my brain after a busy day

What’s the biggest difference between working in the public and private sector?

It’s something I’ve often reflected on. In cybersecurity, the sectors are more similar than you might expect: collaboration and innovation are essential in both, and cross-pollination is encouraged, to strengthen knowledge on both sides.

But what I miss most about the public sector is the strong sense of mission. Everyone’s pulling in the same direction. That sense of purpose and belonging is unlike anywhere else!