Diversity in cyber security: how to close the gender gap
DiversityQ is a site for professionals and business leaders that provides content and analysis to enhance, develop and promote workforce diversity and inclusion.
UK businesses are under cyber-attack. A 2016 government report states that 65% of local businesses have been attacked in the last year, costing companies an average of £36,500 per security breach.
The financial consequences of cyber-crime are further compounded by legally enforced penalties for negligent security measures as well as the speed at which new technologies are developing.
The IT industry is, in fact, battling to keep up with itself. There are currently not enough skilled IT security professionals to combat the threat of increasingly sophisticated cyber-criminals.
The industry is somewhat at fault, assessing prospective candidates through a narrow lens without considering how more diverse career backgrounds could bring vital expertise to the traditional cyber security team.
There is also the real problem of not attracting enough women and new graduates to the profession.
While there are women working in the government policy space, the technical roles (hacking, systems architecture, threat analysis) are mostly filled by men – and many of these roles remain to be filled.
Given all the risks and challenges, companies need to broaden their horizons and put more effort into recruiting women to the IT industry – as well as encouraging those in school and university to pursue cyber security as a career.
Many of the current female candidates won’t have the standard IT security experience but a mixed team of colleagues (gender and professional backgrounds) is better positioned to tackle problems from all angles and respond to them faster.
The benefits of diversity are clear. Less so is how to find these skills – or better yet, attract them to you.
Have a fresh look at your job specs and reword them to appeal to professionals who may not have a pure IT background.
Incomprehensible techno-babble and long lists of certifications worded as acronyms should be avoided – they appear intimidating rather than impressive.
Irrespective of gender, new graduates or junior professionals looking to make a career change will be interested in an apprenticeship scheme.
The challenge again though, is that most are geared towards individuals with a degree in computer science and don’t consider an alternative skills pipeline.
Invest time in marketing your recruitment needs to a whole new audience. Identify the non-negotiable key competencies you are looking for and don’t discount skills that can be transferred across sectors.
Consider candidates without a degree
Data tells us that people from a low income or minority background are sorely under-represented at UK universities.
In addition to that, thanks to narrow marketing and entrenched attitudes, women are less inclined to study computer science or IT security related courses in higher education.
In fact, too few women are choosing to pursue STEM (science, technology, engineering and maths) subjects at school or university.
So, if you focus solely on the graduate pipeline, you are limiting your available pool of diverse talent quite dramatically.
There is a wealth of untapped talent that with a bit of support, could become a valuable asset to your cyber security team.
What about creating, or collaborating with, an IT industry led and sponsored outreach programme or adult education course to fast-track the very skills you need?
It’s also a chance for you to advertise the IT industry as an exciting and interesting place to work – for men and women.
Look for the right attitude
There are many facets to cyber security; and not all require a certification to get the job done.
Open your doors wide and pay attention to those potential candidates who show drive, curiosity, commitment, critical thinking, an analytical brain and a hunger to learn.
All the training and mentoring in the world can’t teach those qualities but when they already exist, they can be built upon and enhanced to your advantage.
Prepare to be surprised
Your next chief information security officer (CISO) could be a returning to work mother.
Many have transferable skills sets or even past technology experience and are keen to get back in the game. Yet most are unaware of how they could add value to the new world of cyber security and end up in other professions.
In your recruitment drive, give careful thought to the type of people and skills you need – then search outside of your normal talent pool to find them.
The level of inequality that still exists in the IT Industry is only doing it a massive disservice in the fight against cybercrime.
If we always look for the same old same old, then our thinking will become staid and our adversaries will eventually outsmart us.
There is power in diversity. A different approach to recruitment will make you stronger faster – and more secure.
Sourced by Simon Kouttis, head of cyber security, Stott and May