Cybersecurity Must Rebrand From an Old Boys’ Club – Here’s How

Cybersecurity has been an old boys’ club for too long, says Dr Andrea Cullen, and we’re missing out on the skills and talent the industry needs

The UK’s cybersecurity industry is still overwhelmingly male-dominated. Fewer than one in five roles are occupied by a woman. Women also face more barriers to entering the cybersecurity industry, with 37% experiencing blockades compared to 18% of men. In my 30 years working in the tech industry, little has changed, and I firmly believe that cyber is still very much a boys’ club.

Lack of representation makes it challenging for women, as well as other underrepresented groups, to break in. Not to mention navigating their career once they’ve done so. The status quo doesn’t change, and hires are selected from the same talent pool with the same background and qualifications.

There’s also a further mistruth that the cyber industry finds hard to shake – that entrants must be highly technically skilled. In reality, that’s the easy bit to learn. Cyber needs more impact skills, like creativity, problem-solving and critical thinking, which career changers, in particular, can be perfectly positioned to offer.

The cyber industry must shake off its boys’ club reputation and ensure diversity at every level – from entry to boardroom.

It just makes business sense

Cybersecurity is an industry that benefits exponentially from diversity. Technologies such as generative AI are making it easier than ever for threat actors to launch attacks on individuals and organisations. However, the homogeneity of a traditional cyber team, mostly white, middle-class men, can jeopardise the organisation’s security. With a host of similar world views, these teams may lack the diversity of skills and ideas to tackle the range of existing threats and get into the minds of hackers.

It makes business sense to create more diversity in cyber teams. By curating a team of individuals from various backgrounds and experiences, teams can avoid blind spots and bring together different perspectives and critical thinking to tackle new challenges with creativity and ingenuity.

Building a more diverse workforce

But how can we rebrand and create a more diverse workforce? It’s a question that has been on the table for decades, and from my perspective, it’s certainly not going to be solved by government policies. While policy changes are necessary, they alone won’t solve the deep-rooted issues affecting the industry. With no one owning the problem and the Government coming up with the same routes and policies year in and year out, more needs to be done.

Women also face more barriers to entering the cybersecurity industry, with 37% experiencing blockades

As a start, we need to do more at a grassroots level in schools and reposition how cyber is presented to those starting to think about their careers. The concept of STEM, for example, can be counterproductive. It rolls several subjects into one and can make it confusing. Making cyber career options crystal clear to students is important. Careers in cyber can be incredibly varied. From an information security analyst to a principal security engineer, these roles don’t rely solely on individuals having technical skills. It requires a diverse set of skills, including teamwork, communication and lateral thinking, to be successful, miles away from the assumption that cyber is just for men in a hooded jumper over a laptop.

The hiring process is where a lot of this progressive change can happen. Ensuring hiring managers prioritise skills and experience over qualifications can help encourage career changers and those from non-traditional cyber routes into the industry. Relying solely on traditional university degrees as the main entry point into the field is proving to be increasingly limiting, and considering alternative pathways when hiring will help diversify the talent pool.

Once hirers start to encourage more diversity by removing the first barriers, they can create the keystone of building diversity: role models. Without people who have made the move before, it’s challenging to know how to get in or even see it as a viable career path in the first place. So encouraging role models from a diverse range of backgrounds is vital to opening up the industry to others.

When the economy is volatile, however, it can be hard to justify the budget to add fresh, diverse talent permanently. A way that hiring managers can navigate both diverse skills shortages and budget constraints is by contracting certified cybersecurity specialists into vacancies temporarily. Paying contractors a fixed daily rate comes out of a different budget to permanent hires and can quickly diversify a team’s skill set. It also establishes a diverse talent pool for when the team is ready to make a permanent hire.

A crucial part of rebranding from being an old boys’ club is ensuring diversity at the Board level. This can ensure workplaces continue to be welcoming places for all demographics by having diverse representation at the decision-making table.

The bottom line

Cyber has been an old boys’ club for too long, and if this continues, it risks missing out on talent with the skills the industry needs to preserve against ever-evolving security threats.

Hiring managers must open the hiring process to encourage those from non-traditional cyber backgrounds into the industry. This means recognising the value of career changers and thinking about the transferrable skills that can make a person valuable to a team beyond their technical ability.

By welcoming temporary talent on a contractual basis, team leaders can also begin the journey to differentiate their teams by building a diverse talent pool for future permanent hires. Expanding the talent pool increases the chance of enhancing diversity across all levels, which is crucial for ensuring all demographics are represented and their interests taken into account. When this happens, the cybersecurity industry will truly reap the benefits of diversity.