IWD 2023: Breaking through the stereotypes for diversity in cyber
Where will innovation and technological change take us? Can it be towards a more equitable and inclusive society? I hope so. But it will be a challenge when women still make up only 19.9% of science, engineering, and technology professionals around the globe, according to the UN Women's Gender Snapshot 2022 report. Expecting technology to better serve all of humanity when half of the population isn't creating it is a bit optimistic.
Meanwhile, we need to protect women and girls as they enjoy life online for study, work, and pleasure. But a recent (ISC)^2 cyber workforce study found that only 25% of cyber security professionals are women. That's a big gap in perspective when it comes to protecting not just the digital economy but also everyone's safety and privacy online.
As a cyber security professional looking to create innovative software to solve new problems in creative ways, I know, and the data proves, that a diverse team achieves great results. I'm always on the lookout for new talent – but it's hard to attract a wider pool of candidates.
Breaking through common stereotypes can encourage more women and girls to join this fascinating and fulfilling field.
Not a hacker? That's ok.
When I began working at Nominet in early 2021, my career hadn't been in cybersecurity, and I had spent no time coding software.
I graduated university with a degree in International Relations and spent time in the public sector before moving into publishing. I was always drawn to technology-adjacent roles in companies with an ethos I believed in. I worked in digital marketing at a university publisher before joining the educational software sector, where I worked directly with developers for the first time. We were working as a team to build new features and functionality for children and teachers. It was great!
What ultimately ignited my interest in cybersecurity was seeing an industry on a mission to keep the world connected and safe. Threats to children and schools put cyber on my radar, and I wondered if I could help.
I felt uneasy, though – if I wasn't a hacker, could I catch up? Did I have enough knowledge and understanding of the threats and adversaries out there to make a difference?
I needn't have worried.
The cyber landscape is constantly evolving, and colleagues are happy to share their insights. So many resources are available to help anyone get up to speed with the foundational concepts. When combined with talking to my customers and end users, I had enough insight to start creating great products and services. Women, or anyone else, who haven't followed a formal or personal path in coding or hacking do not need to be intimidated about joining in.
From all angles
My experience taught me you don't need to be a maths whiz to work in software – or even be able to code. But I didn't get that message early on. I thought my strength in the humanities would lead me in the opposite direction from a career in Silicon Valley.
We need to be clearer that there is no one path to get into cybersecurity or other tech fields. It takes many strengths and capabilities to get an idea from concept to reality, to build a tech business or research lab. And technologies change and come and go, but core skills such as critical thinking, communication, and adaptability remain invaluable.
So, while it's encouraging that concepts such as coding are being introduced to children at school, we also need to talk about all the other strengths and skills it takes to listen to users and create great products. This should be reflected in how we talk with young people about opportunities in these sectors.
For the tech industry to benefit from a diverse workforce, it needs to both directly support retraining and place more emphasis on those transferable skills that can be carried over into the sector. Particularly in the current cost-of-living crisis, employers need to get creative to attract new talent.
Changing the status quo
A greater diversity of voices in the cybersecurity sector can ensure everyone is equally protected and our defences are strengthened.
How we educate people to avoid cyber threats, such as phishing, is relevant to wider conversations currently taking place on preventing abuse and exploitation of women online. Companies need to take a closer look at how technology is being developed to ensure abuse doesn't happen. How these platforms behave and operate ultimately comes down to the individuals who shape and operate them.
And while attacks on corporate networks don't seem to have gender implications, the vectors or 'ways into' those exploitations and how we prepare for and respond to them can be deeply human, and gender can come into play.
In the cybersecurity world, a team's approach to risk, how they create threat models, and even staff 'on call' rotas can all be influenced by gender norms or biases. We must also be aware of potential biases in the tools we use, such as machine learning, to avoid unintended consequences that could make us miss threats. A greater diversity of perspectives means stronger teams preventing and responding to attacks.
My takeaway from my own experience in cybersecurity is that no one should be intimidated by the industry and its reputation. It's a place where organisations like Nominet exist to benefit and protect the public. The industry is full of opportunities to make the most of transferable skills and experience to create innovative new technologies. It's our duty to encourage more diversity and greater representation right across the tech sector, and doing so in the cybersecurity industry will better protect the world from cyber threats.