In this guest article, Debra Danielson, Chief Technology Officer & SVP of Engineering, Digital Guardian, explores the lack of diversity in cybersecurity, and how to resolve it.
The cybersecurity industry is currently in the middle of a well-publicised skills shortage. Yet despite significant collective efforts to recruit new talent from far and wide, one thing remains glaringly obvious – the lack of diversity. As someone who’s worked in cybersecurity for over 25 years, I’ve watched many areas of the industry successfully evolve, yet the lack of diversity continues to prevail. Why?
A huge missed opportunity
While some good strides have been made in recent years, the vast majority of the cybersecurity workforce is still made up of white males with technical backgrounds. This is in no way a criticism of these people but diversity matters, and not just on the grounds of representation and fairness. A diverse workforce enables companies to draw from a wider range of viewpoints and ideas, leading to faster, more creative problem solving along with a host of other benefits.
As things stand, either most women and minorities are not choosing cybersecurity in the first place, or if they do, they aren’t sticking around for long. Current estimates indicate that women comprise between 11% and 20% of the global cybersecurity workforce. This is encouraging compared to just a few years ago, but it’s fair to say there’s still plenty of room for improvement. Furthermore, with the cybersecurity industry currently staring down the barrel of 3.5 million job vacancies globally, we as an industry are missing out on a huge slice of the overall global workforce. A workforce that has the potential to solve a major part of our skills shortage if, and it’s a big if, they can be tempted to consider a career in cybersecurity.
Not only that but increasing the diversity of the workforce will also up-level it at the same time. Think of it this way – if the industry has 100 people and 80% of them are men, then the next “best” male candidate is number 81 from the overall male pool, while the next best female candidate is 21 from the overall female pool. We can see this paradox in many places where diversity is low. The few women or minorities that do make it are more likely to be outstanding; the forces that drive the imbalance filter out all but the best.
How can we, as an industry, improve diversity?
To effectively reverse this current trend, we need to work on initiatives that not only attract more women and minorities in the first place but make them want to stay and build careers in it.
Unfortunately, the security industry has gained a reputation as a haven for antisocial, introverted, misfits. Of course, this isn’t an appropriate characterisation of the professionals I know, but unfortunately, it’s a stereotype that puts off many young women. Breaking this stereotype requires wholesale change, not only in how we present ourselves and the opportunities available but also how and when we engage with potential stars of the future.
For me, this begins at a grassroots level, with more inclusive out of school clubs that teach children just how interesting a career in IT and security can be. Doing so helps plant seeds of inspiration and guide future educational subject/degree choices and can set them on the path to technical success from a young age.
Unfortunately, affecting the technical skills pipeline in secondary school doesn’t help us much today. As we continue to work on our recruiting efforts for technical skills, we can also do a better job of communicating just how varied opportunities in the sector can be. There’s a considerable number of women and minorities who have written off a career in cybersecurity because of a perceived lack of necessary skills and experience. However, what many of them don’t realise is that there’s far more to the sector than technology and programming knowledge. The most effective cybersecurity programmes are collaborative efforts between teams of people that all bring different skills to the table, including strategic thinking, communication, management, design and much more. Rewriting job descriptions to be more inclusive and using technology to promote opportunities to much broader audiences can also really help here.
Looking for undeveloped talent is another strategy. Women and minorities that weren’t encouraged into technical tracks in school may have aptitude and talent that can be grown and developed.
Finally, we must do more to promote the incredible women we already have within the industry. This means going beyond industry events, which already contain self-selecting audiences, and speaking in schools, universities and wider business forums etc. instead, where huge untapped pools of talent can be found. For many people unsure of whether a career path is right for them, seeing really is believing. This is something I’ve experienced first-hand on many occasions.
While the cybersecurity industry is slowly moving in the right direction when it comes to diversity, there’s still so much more that could be done to encourage higher numbers of women and minorities into this hugely exciting sector. If successful, not only would it help solve the ever-growing skills shortage faced, it would also provide a much-needed shot of fresh creativity that has the potential to take the industry as a whole to the next level.
Debra Danielson, Chief Technology Officer & SVP of Engineering, Digital Guardian, provides the technical vision and strategic direction for product innovation while overseeing engineering strategy for the Digital Guardian Data Protection Platform. She also oversees the engineering function, including product development, quality assurance, and sustaining engineering operations.