Michala L.

Founder | vCISO & Cybersecurity Consultant at Cybility Consulting Ltd

Information Technology and Services

Education: Colchester Institute School of Music
Brighton and Hove, England, UK


Michala is the founder of Cybility Consulting, working as a Chief Information Security Officer (CISO) advisor, virtual CISO, and information governance and security consultant. She works to demystify cybersecurity for leaders, enabling them to better protect their organisations. She has worked with the UK National Cyber Security Centre, is a member of the South East Cyber Resilience Centre's advisory board, and served on the BCS Information Risk Management and Assurance (IRMA) Management Committee.

She has a degree in classical music and has had a varied career, including starting a computer game store, running three airport internet cafes, and working in IT for over twenty years in roles like technical support and project management. Over the past 10 years, she has led information governance and cybersecurity programmes for complex, medium, and large organisations in the UK. These include local government, healthcare providers in the NHS and charity sectors, and the private sector.

Many people in the cybersecurity industry, including Michala, have experienced burnout. She talks about imposter syndrome, taking care of your mental health, and the importance of managers creating psychological safety so that these conversations occur.

As a way to heal, Michala returned to music and writing. The book "The Rise of the Cyber Women: Volume 2" talks about her journey in cybersecurity, and on the "Quietly Visible" podcast, she talks openly about her life.

She lives with her husband and two dogs.


Michala enjoys sharing her knowledge with others and speaks at events, podcasts, and webinars on a regular basis.
As a black woman in a field dominated by white men, she is dedicated to inspiring and mentoring the next generation of diverse cybersecurity professionals.
She volunteers as a mentor, STEM ambassador, and she supports initiatives like #CyberFirst and WiCys (women in cybersecurity).

Michala loves learning and gaming in equal measure. From board games to card games, computer games to role-playing games (like Dungeons and Dragons) - she loves (and collects) them all; especially cooperative games where we are all working towards a shared goal.
She is passionate about using gamification techniques in developing training content as research shows that when we have fun - retention increases.

We all need a little fun in our lives - especially in cybersecurity!

Featured Video

I am willing to travel

More than 100 miles

When it comes to payments

Everything is negotiable


cybersecurity information security mentoring burnout imposter syndrome compliance cybersecurity risk management experience gap perfectionism authentic leadership security frameworks security culture gamification security awareness third sector charities uk healthcare panel facilitator panel moderator chair panel member guest lecturer podcast host podcast guest wicys wicys 2023 united kingdom consulting consultant information assurance bame black woman black british introvert cyber security cyber security staffing cyber security framework mentor mentee virtual speaker remote speaker female founder black women in tech black tech notforprofit nonprofits isms ciso black female ciso black females in cybersecurity stem ambassador cyberfirst resilience cyber resilience personal resilience breast cancer survivor cancer survivor brca1 burnout recovery roundtables facilitator workshop interactive workshops fireside chats question and answer sessions webinar seminar author

Best Story

The story very much depends upon the audience I am speaking to.

One of my favourites is sharing how my wedding was disrupted by the eruption of eyjafjallajökull and subsequent ash cloud grounding planes and closing airports which prevented friends and family from attending.

What has this to do with cybersecurity? My business continuity planning kicked in creating different plans for different scenarios depending upon which flight might make it if airports reopened.

Suffice to say... I know a thing or to about resilience!

Origin Story

I've taken a somewhat winding journey to where I am today.

I remember how excited I was, back in 1984, walking into a specialist shop with my mum and emerging with my first computer - an Acorn Electron. My mum saw the potential in it – little did she know! My other love at the time was classical piano - neither hobby was typical for a young black girl in England.

In my teen years I went to an all-girls grammar school which had a computer lab filled with BBC computers and two women job-sharing as computer teachers! In hindsight I see how forward thinking it was and how much I owe to them; with them as role models it never occurred to me that computers weren’t for girls.

After a year out, during which my mum died, I chose to pursue a degree in classical music – the piano keyboard won over the computer keyboard. Or did it?

In 2021, I founded my cybersecurity consultancy, Cybility. Over the past decade I’d designed and led Information governance and security programs from the ground up - always working full-time in-house.

I realised that as a consultant, I have a greater impact by helping more organisations to up their cybersecurity game than I could from working in-house.

Example talks

The Queue (cybersecurity edition): how mentoring gets the queue of cybersecurity talent moving to reduce your organisations’ risk

You’ve seen cyber-attacks on the news and ask yourself, “if big companies can’t protect data, how can we?” You’re in luck; criminals are ruthlessly efficient when it comes to their bottom line. Do a little security well, and you’ll move your organisation further back in the queue.

Great, so now what? Someone needs to be responsible for cyber security – but who?

You’re told there’s a cybersecurity skills shortage; yet there’s a queue of aspiring cybersecurity professionals from school leavers to apprentices, graduates to career changers – all struggling to secure jobs due to their lack of experience.

The answer? Mentoring.

Key takeaways:
Define the challenge - the ‘cybersecurity skills gap’ is a ‘double experience gap’.
Debate perspectives – the job applicant, the hiring manager, and the board.
Determine solutions – implement risk-reducing controls, mentoring as a security control.
Deliver your services – your organisation doesn’t have to stall whilst waiting for that elusive cybersecurity unicorn 🦄

TARGET AUDIENCE: Recruiters and Hiring managers, e.g. Chief Information Officers (CIO), Chief Information Security Officers (CISO), IT leaders
AUDIENCE LEVEL: Mid, Senior, Expert

Let's rewind - the plan before the attack

Imagine if you could go back in time before a data breach happened and prevent it from occurring.
What would you do differently? How would you prepare and respond to the incident?

This is the premise of incident management, a process that helps you plan, detect, contain, analyze, recover, and learn from cyberattacks.
Incident management is not only about reacting to incidents, but also about proactively preventing them.

In this presentation, we will explore the best practices and tools for incident management, such as risk assessment, incident response plan, incident response team, incident reporting, and post-incident review.
We will also discuss how to use the lessons learned from incidents to improve your security posture and resilience.
By attending this presentation, you will learn how to rewind the clock and stop cyber attacks before they happen.

TARGET AUDIENCE: Executives and senior managers with responsible for cybersecurity in their organisation, e.g. Chief Financial Officers, Chief Information Officers, Head of IT, and so on.

Finding Your Way Through the Maze of CyberSecurity Frameworks

Navigating the maze of cybersecurity frameworks can be daunting and confusing for any organisation.
Cybersecurity frameworks are sets of standards, guidelines, and best practices that help you manage cyber risks and protect your assets.
However, there are many frameworks to choose from, each with different features, benefits, challenges, and applicability.
How do you find the right framework for your organisation?

This presentation will guide you through the maze of cybersecurity frameworks, such as ISO 27001/27002, NIST CSF, CIS Controls, COBIT, and others.
It will also show you how to align your framework with your business strategy, governance, compliance, and culture which will enhance your organisation's security posture and resilience.

TARGET AUDIENCE: Anyone responsible for governing or managing cybersecurity in their organisation

Charities… CyberAware or CyberSmart?

Working in a not-for-profit has never been easy; yet it can be incredibly rewarding. When the COVID-19 pandemic hit, organisations faced an onslaught of challenges that significantly heightened the nation’s levels of anxiety.

Cybercriminals exploited their new advantage using COVID19 lures in their phishing emails, ransomware and supply chain attacks abound.

As IT leaders, you’ve been under pressure to deliver digital transformation in record time. Is it any wonder that cybersecurity controls and behaviours were forgotten – languishing at the bottom of the priority heap?

In this session, Michala will share her insights regarding your concerns in a Q&A.

TARGET AUDIENCE: Chief Information Officers, IT leaders
AUDIENCE LEVEL: Mid, Senior, Expert