Cybersecurity, like other sections of the tech industry, is under the diversity and inclusion microscope, with employers under mounting pressure to include underrepresented groups in their workforce.
However, industry bodies are feeling it too. The UK Cyber Security Council, the charitable, self-regulatory body for the cyber security education and skills sector, has been cited in a new report by the National Cyber Security Centre (NCSC) on diversity and inclusivity (D&I) in the sector.
‘Decrypting Diversity’, which was penned by KPMG, contains six long-term recommendations to improve D&I performance in the cybersecurity sector. The Council is cited in two of its recommendations: “Publicise the success stories” and “Map out the skills and roles.”
Responding to the report, Simon Hepburn – CEO of the UK Cyber Security Council, said: “First, we warmly welcome and applaud this second annual report by NCSC and KPMG. Solidly researched again, it makes concrete recommendations that will move the sector towards ensuring there are no barriers to entry to it.
“The sector must succeed at this. It’s vital not just to help the sector fill the tens of thousands of vacancies that exist, but for the sector and the UK to benefit from the wider range of abilities, improved creativity, different thinking and alternative contributions of a truly diverse, inclusive cyber security workforce.
“The Council and the NCSC are in lockstep over the D&I objectives for the sector and, to that end, we also welcome and agree with the conclusions of the report.
“Second: we’re very aware that the recommendations in the report are – as they must be in such a report – largely about what needs to be done, and we’re conscious that little may change unless the sector proceeds to address how to do what needs to be done; programmes will need to be devised and executed.
“The Council will therefore play its full role in devising, driving and supporting D&I programmes, through the Council membership which we are at the start of building.
“I encourage cyber-related organisations that want to lead the way in D&I, and which want to show the sector that they’re leading the way, to join us without delay. There is much to do.”
The six recommendations to improve sector D&I cited in the ‘Decrypting Diversity’ report include:
- Take an active role in leading on diversity and inclusion: industry organisations must collaborate to “set a clear vision for the D&I practises that cyber professionals should expect from their employers.” This includes senior leaders acting as role models and setting examples.
- Create and benefit from hybrid working: establish principles for organisations to ensure inclusivity is factored into the shift to hybrid working. This includes identifying opportunities to improve diversity and inclusion through new ways of working including attracting diverse talent through hybrid working but also retaining employees whose roles mean they cannot shift to hybrid working.
- Use data to understand, monitor and improve the talent lifecycle: firms should leverage their expertise in data to embed diversity and inclusion “across the talent lifecycle.” This includes implementing new D&I initiatives using a “data-driven approach” and signing the Tech Talent Charter, which involves adopting its best practises and sharing data.
- Learn from D&I best practise: businesses must work with stakeholders to share D&I best practises and learn from each other.
- Publicise the success stories: the UK Cyber Security Council should produce case studies that detail various career journeys, highlighting the variety of routes into the sector and the diversity of professionals in cybersecurity.
- Map out the roles and skills: The Council should also develop a consistent framework for cyber roles and the skills required for job-seekers. Job descriptions and adverts need to be clear and accessible to ensure they are inclusive, and must be aptitude and skills focused.
To read the ‘Decrypting Diversity’ report by the National Cyber Security Centre in full, click here.