#IWD2022 Interview: The NCSC Discusses Improving Gender Diversity in Cybersecurity

The National Cyber Security Centre (NCSC) is a highly respected body in cybersecurity, both nationally and internationally, providing advice and support for public and private sector organizations on staying secure. This task has become increasingly critical amid a rapidly evolving threat landscape, influenced by trends such as the digital shift during COVID-19 and seismic geopolitical events, such as the recent Russian invasion of Ukraine.

In addition to helping UK organizations strengthen their cybersecurity posture, the NCSC is heavily involved in efforts to diversify the sector, with the dual aims of providing more opportunities to underrepresented groups and helping close the cyber skills gap. A huge aspect of this is gender diversity, and ahead of this year’s International Women’s DayInfosecurity was delighted to sit down with Nicola Hudson, director of policy and communications at the NCSC. Among the topics discussed were findings from the recent Decrypting Diversity report from the NCSC and current initiatives the body is taking regarding gender diversity.

Hudson, who has been part of the NCSC from “right at the start” since its inception in 2016, said that its board had a roughly 50-50 split from day one. This meant they were “having the right sort of conversations in terms of having diverse points of view and voices at the table.”

However, in the wider cybersecurity ecosystem, she quickly realized a significant lack of diversity. For example, she observed many male-only security teams and found huge difficulties in creating diverse representation on panels. However, there were no empirical insights on the issue in cybersecurity, a relatively new sector, to clearly highlight the issue and provoke action. “There’s lots of data on technology, maths and banking, but not on cybersecurity,” noted Hudson.

This lack of data prompted the NCSC to collaborate with KPMG to create the Decrypting Diversity report, a survey of UK cybersecurity professionals designed to track levels of diversity and inclusion in this industry. The inaugural report was published in 2020, and the second edition was recently released in December 2021. Encouragingly, this found that the proportion of women working in the sector rose from 31% in 2020 to 36% in 2021. “That’s still not where it needs to be, but it is moving in the right direction,” commented Hudson.

The key to addressing the gender imbalance in cybersecurity “goes all the way back to the early ages,” ensuring there are a large number of females in the talent pipeline. This is the basis for the NCSC’s CyberFirst Girls Competition, which is a particular passion of Hudson’s. The initiative, launched in 2017, allows schoolgirls aged 13-15 to compete in teams of four and undertake a series of tasks related to cybersecurity, such as coding. The highest-scoring teams from the online qualifying round will then enter their regional final, of which there are numerous, in locations across the UK.

Nicola Hudson, director of policy and communications, NCSC
Nicola Hudson, director of policy and communications, NCSC

Hudson said over 55,000 girls had participated since the competition started, with encouraging results. “They’re doing puzzles, coding, engineering, all sorts,” she explained. “I go to the competition every year and talk to these girls who really begin to think ‘I’ve never considered studying computer science and thought I wasn’t great a maths, but actually I am, and this could lead to x, y and z.’ So it’s making sure at that age they’re thinking about having a job in this sector.”

Another aspect of the competition, which has expanded its reach over the past few years, is giving the girls the opportunity to hear from and meet women working in cybersecurity, thereby offering further inspiration for pursuing a career in the sector. Hudson pointed out, for example, that the competition’s most recent London final was held at the Amazon AWS headquarters. “So as well as doing the competition, they’re hearing about what this world looks like. It’s not just about being on a computer; there are so many different jobs out there, so we’re giving girls the opportunity to see it and experience it,” she added.

Hudson believes this will demonstrate the significant benefits a career in cybersecurity offers. “It is a growing sector, it is well paid and you can do it pretty much anywhere and on your terms,” she noted.

For women already in the sector and looking to progress in their careers, Hudson believes mentoring schemes are essential. She revealed she undertakes mentoring schemes for ethnic minority women. “I think it is incredibly important,” she outlined. “It’s about having someone you can go to and say what you think, and somebody giving you the confidence to go for your next job or training course in a very safe environment.” This may include, for example, seeking assurance about applying for a new role while pregnant. “It’s about having those conversations with somebody who has experienced those thoughts and dilemmas and can give you that independent advice,” commented Hudson.

The NCSC has also undertaken several other gender diversity initiatives, and it hopes more organizations in the sector will follow suit. This includes ensuring there are no all-male panels during conferences, a zero-tolerance approach towards harassment and changing the language in its job vacancies “so it won’t put off female applicants.” In addition, the body uses gender-blind candidate sifting and gender-diverse recruitment panels.

So, does Hudson believe we are on the right course towards gender parity in cybersecurity? “We’re not there, but the dials are going in the right direction,” she replied. The most important thing now is “to keep going with it, this is not something where you think we’ll do x, y and z, and everything will be fine.”  

What’s Hot on Infosecurity Magazine?