Related Posts
by Lisa Ventura MBE FCIIS
Chief Executive and Founder, Cyber Security Unity
I read a lot of books. I have tons of them and can’t ever help ordering new ones from Amazon, my book collection is one of my pride and joys in life. But occasionally, a book arrives that forces the cyber security community to confront a truth it has been quietly avoiding. “Access Denied – The Security Risk of Ignoring Accessibility: Embedding Accessibility into Security and Compliance” by the incredible Jemma Davis is one of those books.
But First…..Who is Jemma Davis?
The awesome Jemma Davis is a cyber security awareness and culture specialist, and the founder and CEO of Culture Gem, the first fully accessible and inclusive security awareness and compliance eLearning platform. She entered the cyber security world after organising a global OWASP conference during the WannaCry attack, a moment that exposed how poor consideration of human and accessibility needs can increase risk. This experience led her to focus on behaviour change, inclusion, and designing security that works for everyone.
Jemma is the author of Access Denied – The Security Risk of Ignoring Accessibility: Embedding Accessibility into Security and Compliance in which she says, quite rightly, that excluding users from security controls isn’t just inequitable, it weakens security itself. She also regularly writes and speaks on neurodiversity, accessible training, and building security cultures that empower people.
I have known Jemma for several years through our shared work in the cyber security community, where we both advocate for inclusive culture, human-centric security, and elevating diverse voices in the industry. I was also very happy to introduce her to the British Computing Society where she contributed an article about neurodiversity and cyber security awareness training, and I couldn’t think of anyone more qualified to do this. I’ve also reviewed her Culture Gem platform, which I recommend to anyone who is looking at making their cyber security awareness training much more inclusive.
A Human-First Approach to Cyber Security
From the very first chapter in “Access Denied”, Jemma makes a bold but very necessary statement: ignoring accessibility in security isn’t just unethical or non-inclusive, it actively weakens our defences. As someone who has spent years championing the human side of cyber security, I couldn’t agree more. Security that doesn’t work for everyone ultimately fails everyone.
What I appreciated most is the deeply human lens Jemma brings. She doesn’t treat accessibility as a checkbox or compliance exercise. Instead, she shows how many of our “best practice” security controls from complex logins, confusing MFA, rigid timeouts, inaccessible training platforms were never built with real, diverse humans in mind. Neurodivergent individuals, people with disabilities, those using assistive tech are too often forced to work around security rather than with it.
And when people are forced to bypass controls, organisations become much more vulnerable. That’s the heart of Jemma’s vital and important message: accessibility is security.
Practical, Not Just Theoretical
This book isn’t just a manifesto, it’s a toolkit. The downloadable frameworks and assessments are genuinely actionable. They help readers evaluate current systems, identify exclusion points, and begin to embed accessibility within both security and compliance processes. This moves the book firmly out of “thought leadership” territory into “real change” territory, which is where our industry desperately needs to be. I am currently working as a Security Awareness and Behaviour Change Consultant for a global utilities organisation that supplies gas and electric to business customers, not consumers (I can’t say the name for confidentiality reasons), and the resources Jemma provides in “Access Denied” have been invaluable for my work.
Challenging the Tick-Box Mentality
Jemma takes a brave stance against superficial “awareness training” and compliance theatre. She calls out the illusion of security culture where people click through mandatory modules but learn nothing. This aligns strongly with my own work, as I believe that culture isn’t built through lecturing other about what to do, it’s built through inclusion, relevance and respect. If your security programme isn’t designed for diverse minds, it is not effective.
Where I Wanted Even More
Every important book leaves you with questions, and that’s a strength. I would love to see even more real case studies, the messy, imperfect, real-world stories where accessibility and security clashed and had to be resolved. I’d also welcome deeper guidance on navigating resistance inside organisations, something that I’m experiencing in the global utilities organisation I am currently working with. We know that leaders often fear change, especially in regulated environments, so a “playbook for pushing back” would be invaluable. Maybe Jemma this is something we could work on and launch together, this is an open invitation, and I’d love to work on this with you to accompany your book.
There are also interesting conversations to have about potential abuse of accessibility features by malicious actors. Jemma touches on this, but the topic is ripe for further exploration. If anything, I believe that “Access Denied” could easily become the first in a series rather than a standalone book.
A Vital Shift in the Conversation
What makes this book special to me is its reframing. Accessibility is not about being “nice”. It’s not a footnote in compliance. It is a strategic imperative. It is a cultural decision. It is a risk management priority. And, as Jemma argues powerfully, it is the foundation of security that actually works.
Who Should Read This Important Book?
This book isn’t just insightful, it is essential reading for anyone responsible for building secure, inclusive, and human-centric systems, including:
- CISOs and security leaders
- Security architects and IAM specialists
- Security awareness and culture teams
- UX, compliance and accessibility professionals working with security
- Anyone who believes cyber must work for people, not against them
Final Thoughts
Access Denied is timely, courageous and fully grounded in reality. It doesn’t just diagnose the problem; it offers a path forward. Jemma Davis has given our industry something rare: a book that bridges the technical and the human with clarity and purpose.
If you care about building security that truly protects people, this book is not optional. It’s essential.
Thank you, Jemma, for starting the conversation our industry needs, and for giving us the tools to act on it.