Cyberattacks and data breaches are hitting our headlines on an almost daily basis. Every organisation, whether public or private, small or large, has to come to terms with the fact that it’s a target.
So it’s worrying that in 2018 over half of IT and cybersecurity professionals across a number of industries claimed their organisation had a problematic shortage of cybersecurity skills.
So why are we facing such a shortage?
The primary cause is a lack of awareness of the opportunities that exist and an often flawed perception that you need to be technical to work in cybersecurity.
And it seems that women are predominantly affected by these misconceptions.
This is hugely problematic. Women make up half of the global population: we can’t afford to miss out on this huge talent pool at a time of skills shortage!
Whether it’s school workshops or women’s networks in the workplace, the UK and other nations need to do more to address the balance and to foster female talent in the security industry both early on and throughout their careers.
Fostering talent from the beginning
We need to ensure we are investing in children – the next generation of leaders – at an early age by developing the right skills to support the future digital economy.
With girls tending to lose interest in STEM subjects at the age of 15, policymakers, public and private organisations, and especially parents need to band together to raise awareness of the unique opportunities that come with working in industries – such as cybersecurity – early on.
The good news is that there are already a number of initiatives in place to communicate just how exciting cybersecurity roles can be.
For example, last year the UK government announced that schoolchildren in the UK will be offered lessons in cybersecurity in a bid to find the future leaders to overcome the skills shortage.
And more recently, the UK’s GCHQ’s National Cyber Security Centre ‘CyberFirst’ scheme plans to train 1150 children in skills such as cracking codes and securing IT networks this summer.
We’re waking up to the importance of early education when it comes to helping young people develop cybersecurity skills. It’s a good first step – but this alone is not enough.
Facilitating an inclusive workplace
Whilst it’s vital that we start building a pipeline of young talent to protect against cyber threats in the future, organisations are still a long way off from seeing those children reach the workplace.
In the meantime, there is a lot of work to be done to create a level playing field for those already in the workplace.
A fundamental factor preventing more women from holding cybersecurity roles is a pipeline problem within the organisation.
The first step in addressing this is to drive recruitment of women at graduate and apprentice levels.
But it doesn’t stop there. It’s easy enough to put in place initiatives where half of a company’s cybersecurity graduates employed are women, but this is not just a numbers game.
Through building a female-inclusive culture and the provision of flexible working to support women throughout their career lifecycle, organisations need to facilitate an environment in which people are encouraged to be completely themselves.
For this, women’s networks can be a critical tool for providing peer support and advice, and to amplify the voice of women, leading to positive change in organisations.
And it’s the responsibility of the senior team to take the lead by championing gender parity within their organisation and showcasing female role models.
Addressing the balance
Whether this is through workshops at school or women’s networks in the workplace, women need more role models if we are to close the widening cybersecurity skills gap.
Industry conferences and events need more female representation and speakers. A great example of this was the recent BAE RESET conference, which was the first all-female cyber security conference. The aim was to ‘reset’ the balance by having female speakers who are expert practitioners and leaders in their fields.
Another great way to redress the balance is to retrain and upskill workers to enter cybersecurity. This can include professionals looking for a new career path, or parents and carers looking to re-enter the job market following a break.
A new UK-government-backed 10-week cyber-academy for women is a great example of an upskilling platform. The Women in Cyber career conversion course from Protection Group International, in partnership Hawker Chase, provides a fantastic example. It is an entry-level programme that enables women to develop the initial skills to launch a career in cyber security.
Of course this is not just about women. This is about encouraging all types of diversity and making the industry as inclusive as possible, not just to reduce the skills gap but also to strengthen defensive capabilities.
The tech industry as a whole has a serious diversity problem. Many minority groups, not just women, are still grossly underrepresented. Minority groups represent only a quarter (26%) of those working in cybersecurity in the US.
And if ethics were not motivation enough to tackle the lack of diversity, it’s been shown that diversity is good for the bottom line. Companies with the most ethnically and culturally diverse boards are two-fifths (43%) more likely to experience higher profits.
With attackers becoming more creative and savvy in their approach to cyber-attacks, a more diverse and inclusive cybersecurity team will be key to facilitating a broader range of ideas and perspectives about how to prevent an attack from taking place.
And it is only by engaging a diverse array of people in cybersecurity that we can hope to adequately defend our nations from attacks.
Latest posts by Sarah Armstrong-Smith (see all)
- A more inclusive approach could help us tackle cyberattacks - July 31, 2018
- Security threats are no longer just a tech issue – they’re a people issue - November 29, 2017