Women in cybersecurity: five ways you can promote diversity
Cybersecurity is widely seen as a “boys only club”, with recent research from the Chartered Institute of Information Security (CIISec) revealing that 57% of women in the industry believe it will take “at least a decade” for them to be treated as equals. And this is just the tip of the iceberg, with diversity issues running far deeper than just gender, to include things like race, faith, mental health, and disability.
At SC Media’s Women in Cybersecurity conference, Saba Ahmed, senior security consulting manager from headline sponsor Accenture, explained why diversity is critical for businesses. Due to the clear link between business-critical factors like innovation, retention, and productivity “shareholders are making investments based on diversity,” she explained. To highlight this, research reveals that the most equal and diverse companies have an “innovation mindset” that is 11x greater than the least diverse.
The event agenda provided a set of talks full of practical advice on how to deal with this problem. It covered topics like, industry role models, a toolkit for leadership, and clear tips for recruiting allies within a company. The panellists were as varied as the subject demanded and featured the likes of Rowenna Fielding, a highly respected LGBT and neurodiverse consultant, and Freha Arshad, a senior manager from Accenture, who has a unique perspective through her blend of Scottish and Pakistani heritage.
Like any organisational change, the best way to overcome difficulties is strategically from the very top. Accenture has made great strides in this area and Ahmed described in her keynote how it provides a tried and tested roadmap for how others can systematically drive diversity. This approach is three-fold and incorporates bold leadership, comprehensive action and creating an empowering environment.
What can individuals do to help? Here are five simple takeaways that can help promote diversity within your organisation:
Recognise intimidation – Research from ISC2 shows that women, especially, are intimidated by the cybersecurity industry. This needs to be talked about – and brought out into the open – to be overcome.
Be conscious of unconscious bias – unconscious bias is a very real problem for everyone but is something men in the cybersecurity industry should be particularly conscious of every day. One practical tip from Rowenna Fielding is that while the perception from many men is that women talk a lot, this is rarely the case, and the simple site Are men talking too much? allows you to check who is really dominating the conversation.
Consider confrontation – not everyone is comfortable with confrontation, but as Giovanni Cozzolino, managing director, UK&I security lead at Accenture put it: “I’ve seen it when we tiptoe round the topic – and it doesn’t work.” Sometimes the only way to deal with things is to really rugby-tackle them head on.
Adjust the job descriptions – Julian Meyrick, managing partner and VP of security strategy risk and compliance at IBM, described how informal research within current staff showed that many successful women in positions would not have wanted their job from the written description alone. This is pretty damning and shows just how important it is for hiring managers to check job descriptions with real women – and AI software – to make sure they have the widest appeal.
Be an ally – there are plenty of ways to be an ally. For men, this could be as simple as being aware of the problem and championing women for leadership positions. For women, it will most likely be about helping and mentoring others.