A journey into Cybersecurity with Lauren Veenstra

From safeguarding industrial processes in chemical manufacturing to influencing national conversations on critical infrastructure resilience, Lauren Veenstra has built a career at the intersection of technology, policy, and people. What began as an early recognition of risks in operational technology evolved into a deep commitment to strengthening the systems communities rely on. In this ACS Member Spotlight, we explore her journey into cybersecurity, and the lessons, projects, and personal qualities that continue to shape their impact on Australia’s digital future.

1. Can you share the story of how you first got into cybersecurity, and what drew you to this field?

My entry into cybersecurity began in the chemical manufacturing sector, working in process control and risk engineering, long before OT security was a mainstream concern. I witnessed the early convergence of operational and corporate networks, often without meaningful controls to protect critical systems. The potential for cascading consequences across safety and production was tangible, and cybersecurity offered a way to address that. What drew me in wasn’t just the technical challenge, but the chance to shape how we safeguard the systems communities rely on before many others were thinking about it.

2. Looking back, what has surprised you most about working in cybersecurity, either about the work itself or the industry?

The sense of community. While cybersecurity is often portrayed as highly technical or adversarial, what has struck me most is the spirit of collaboration. Practitioners often share knowledge openly, across sectors and borders, united by a common purpose of building resilience. Whether through incident response, research, or policy development, the willingness to help one another reflects a community that understands its collective strength. The human dimensions, generosity, collegiality, and trust, are as vital as any tool or framework, and they continue to surprise and inspire me in my work.

3. What’s one project or accomplishment in your cybersecurity career that you’re most proud of, and why?

I’m proud to have developed Critical Nexus, a research initiative exploring how policy and cybersecurity can work together to strengthen critical infrastructure resilience. The project brought together insights from multiple critical infrastructure sectors, operational technology environments, and both national and international regulation, grounded in academic theory. Presenting the work at national forums has been rewarding, not only in sharing findings but in sparking dialogue on how Australia can strengthen its critical infrastructure against emerging threats. What makes it meaningful to me is its ability to bridge practice and policy, helping shape a more resilient future.

4. Which skills or personal qualities do you think are most essential for success in cybersecurity, and why?

Technical skills can be taught and refined on the job. What truly sets impactful cybersecurity professionals apart are the soft skills: listening, communicating, and seeing the bigger picture. Cyber issues rarely exist in isolation; they are tied to people, processes, and strategy. Being able to translate complex risks into clear narratives, to build trust across diverse teams, and to foster collaboration is invaluable. In my experience, those who succeed are those who combine curiosity and analytical rigour with empathy and perspective. It’s that blend that transforms knowledge into influence, and influence into meaningful outcomes.

5. Looking back, is there a moment when you learned a lesson that shaped how you approach cybersecurity today?

One lesson that has stayed with me is that perfection is the enemy of progress. Early in my career, I chased the “perfect” solution, comprehensive, watertight, exhaustive. In reality, security and resilience demand timely, adaptive action. Waiting for the ideal budget or resources leaves organisations exposed. The lesson I carry is that security is an iterative journey: drive risk as low as reasonably practicable, prioritise the most impactful improvements with what you have, and empower people to respond effectively. This mindset shapes how I approach cybersecurity, pragmatic, human-centred, and focused on building resilience over chasing absolutes.

ACS is highlighting members working in cybersecurity to celebrate the diverse paths, experiences, and insights shaping this vital field. These spotlights showcase how professionals entered the industry, the challenges they’ve faced, and what drives their passion for protecting digital systems. By sharing their skills and stories, ACS aims to inspire the next generation, encourage knowledge-sharing, and highlight the critical role cybersecurity plays in Australia’s digital future.