Blogs & Opinions 11.09.2024
Cybersecurity Must Rebrand From an Old Boys’ Club – Here’s How
The cyber industry must shake off its boys’ club reputation and ensure diversity at every level – from entry to boardroom.
Blogs & Opinions 11.09.2024
The cyber industry must shake off its boys’ club reputation and ensure diversity at every level – from entry to boardroom.
The UK’s cybersecurity industry is still overwhelmingly male-dominated. Fewer than one in five roles are occupied by a woman. Women also face more barriers to entering the cybersecurity industry, with 37% experiencing blockades compared to 18% of men. In my 30 years working in the tech industry, little has changed, and I firmly believe that cyber is still very much a boys’ club.
Lack of representation makes it challenging for women, as well as other underrepresented groups, to break in. Not to mention navigating their career once they’ve done so. The status quo doesn’t change, and hires are selected from the same talent pool with the same background and qualifications.
There’s also a further mistruth that the cyber industry finds hard to shake – that entrants must be highly technically skilled. In reality, that’s the easy bit to learn. Cyber needs more impact skills, like creativity, problem-solving and critical thinking, which career changers, in particular, can be perfectly positioned to offer.
The cyber industry must shake off its boys’ club reputation and ensure diversity at every level – from entry to boardroom.
Cybersecurity is an industry that benefits exponentially from diversity. Technologies such as generative AI are making it easier than ever for threat actors to launch attacks on individuals and organisations. However, the homogeneity of a traditional cyber team, mostly white, middle-class men, can jeopardise the organisation’s security. With a host of similar world views, these teams may lack the diversity of skills and ideas to tackle the range of existing threats and get into the minds of hackers.
It makes business sense to create more diversity in cyber teams. By curating a team of individuals from various backgrounds and experiences, teams can avoid blind spots and bring together different perspectives and critical thinking to tackle new challenges with creativity and ingenuity.
But how can we rebrand and create a more diverse workforce? It’s a question that has been on the table for decades, and from my perspective, it’s certainly not going to be solved by government policies. While policy changes are necessary, they alone won’t solve the deep-rooted issues affecting the industry. With no one owning the problem and the Government coming up with the same routes and policies year in and year out, more needs to be done.
Women also face more barriers to entering the cybersecurity industry, with 37% experiencing blockades
As a start, we need to do more at a grassroots level in schools and reposition how cyber is presented to those starting to think about their careers. The concept of STEM, for example, can be counterproductive. It rolls several subjects into one and can make it confusing. Making cyber career options crystal clear to students is important. Careers in cyber can be incredibly varied. From an information security analyst to a principal security engineer, these roles don’t rely solely on individuals having technical skills. It requires a diverse set of skills, including teamwork, communication and lateral thinking, to be successful, miles away from the assumption that cyber is just for men in a hooded jumper over a laptop.
The hiring process is where a lot of this progressive change can happen. Ensuring hiring managers prioritise skills and experience over qualifications can help encourage career changers and those from non-traditional cyber routes into the industry. Relying solely on traditional university degrees as the main entry point into the field is proving to be increasingly limiting, and considering alternative pathways when hiring will help diversify the talent pool.
Once hirers start to encourage more diversity by removing the first barriers, they can create the keystone of building diversity: role models. Without people who have made the move before, it’s challenging to know how to get in or even see it as a viable career path in the first place. So encouraging role models from a diverse range of backgrounds is vital to opening up the industry to others.
When the economy is volatile, however, it can be hard to justify the budget to add fresh, diverse talent permanently. A way that hiring managers can navigate both diverse skills shortages and budget constraints is by contracting certified cybersecurity specialists into vacancies temporarily. Paying contractors a fixed daily rate comes out of a different budget to permanent hires and can quickly diversify a team’s skill set. It also establishes a diverse talent pool for when the team is ready to make a permanent hire.
A crucial part of rebranding from being an old boys’ club is ensuring diversity at the Board level. This can ensure workplaces continue to be welcoming places for all demographics by having diverse representation at the decision-making table.
Cyber has been an old boys’ club for too long, and if this continues, it risks missing out on talent with the skills the industry needs to preserve against ever-evolving security threats.
Hiring managers must open the hiring process to encourage those from non-traditional cyber backgrounds into the industry. This means recognising the value of career changers and thinking about the transferrable skills that can make a person valuable to a team beyond their technical ability.
By welcoming temporary talent on a contractual basis, team leaders can also begin the journey to differentiate their teams by building a diverse talent pool for future permanent hires. Expanding the talent pool increases the chance of enhancing diversity across all levels, which is crucial for ensuring all demographics are represented and their interests taken into account. When this happens, the cybersecurity industry will truly reap the benefits of diversity.
Andrea has worked in cyber for almost 20 years in a number of roles, the most recent of which is as a Co-founder and CEO of CAPSLOCK, an award-winning company that reskills adults into cyber professionals. She previously worked as a senior academic; co-authoring and delivering a GCHQ-certified Masters cybersecurity degree and publishing extensively in the area of computer science and cybersecurity. She has also spent time in industry working as a cyber consultant to public and private sector organisations. She was recently granted full membership to the Chartered Institute of Information Security and is passionate about helping the cyber industry become a more diverse place to learn and work.