Decrypting Diversity and Inclusion in Cybersecurity

Written by

A recent report entitled “Decrypting Diversity - Diversity and Inclusion in Cybersecurity 2020”, from the National Cybersecurity Centre (NCSC) and KPMG UK, highlighted the fact that female representation in the industry is just 31 per cent. Sadly, this is not a surprising statistic.

While perceptions and attitudes towards women working in the science, technology, engineering and mathematics (STEM) industries are improving gradually, women still form just 14 per cent of the overall UK STEM workforce – and 70 per cent of women with STEM qualifications are working in non-STEM related fields.

There are many reasons for the low number of women in cybersecurity. Firstly, there is a significant drop-off between women pursuing STEM-based degrees at university to then working in a related industry.

We also have a lack of female representation in STEM research and at senior management level, and of course there is also the considerable pay gap across the sectors, which are all symptomatic of deeper-rooted obstacles which discourage and prevent women from pursuing a career in cybersecurity.

There is no question that women have just as much passion, aptitude and talent for cybersecurity, engineering or medicine as their male peers, so why are there proportionally less women aspiring to work in the industry? To unpack this, we must pinpoint when, and why, women begin to perceive STEM subjects as ‘not for them’.

A recent Gender Equality Monitor study found that male GCSE students were twice as likely to think they performed best in STEM subjects compared to females. However, the exam results showed that the female students in fact outperformed the boys in maths and science.

It is clear that girls are not only interested in STEM, but excelling in their studies, yet the perpetuation of negative stereotypes and misconceptions around STEM in the media and the classroom, continue to stifle girls’ self-confidence in their abilities.

As a result, this deters young female students from aspiring to a career in cybersecurity. Indeed, at The Smallpeice Trust we carried out a survey on families’ attitudes towards engineering careers which found that 46 per cent of parents whose child believes a career in engineering is only for boys, say so because their child has only seen male engineering or scientist role models in schools and/or the media.

We have to challenge these misconceptions early on in a young person’s education journey; it’s up to tech and science firms to work with schools, universities and education charities to provide real-world learning opportunities and practical careers guidance for women and other under-represented groups.

It is for this reason that our charity was set up to engage more students, particularly females in cybersecurity and STEM related careers, by giving them the workplace experience and role models to see that there is a place for them in these sectors. We do this by working with schools and our STEM industry partners to focus on all under-represented portions of society.

The other issue here is the UK’s widely documented cybersecurity skills gap. Digital resilience is increasingly central to the strength of our economic future, and in 2020, the Department of Digital, Culture, Media and Sport (DCMS) found 653,300 UK businesses have a basic cyber skills gap. If more women were attracted to the industry, we could certainly start to narrow this gap.

STEM organizations also have a responsibility to examine their recruitment processes and diversity policies to ensure there is no implicit gender bias which prevent women from being hired and from occupying senior management roles. It’s time to celebrate female achievement in the sector with the same level of public recognition as male STEM role models.

The NCSC and KPMG report further highlights another drawback of this low level of gender diversity: the abundance of evidence shows that diversity and inclusion can provide commercial advantages including better financial performance, increased creativity and innovation, greater employee satisfaction, lower absenteeism and stronger talent retention.

A positive culture of diversity and inclusion is crucial for the STEM industries to progress and find the solutions to overcome some of our greatest social and economic challenges.

If we take cybersecurity as an example, usability is an important part of any security system. As Wendy Nather, head of advisory CISOs, at Cisco, discussed in her democratizing security presentation at the RSA Security Conference 2020, gone are the days when IT professionals are the sole managers of a company’s security.

These systems must work for all users, and therefore a greater variety of perspectives from different under-represented groups including females, young/old and BAME individuals, can help deliver the best solution. “Encouraging diversity in the cybersecurity community will strengthen our overall security posture,” she stressed.

BAE Systems is one of our partners who is actively working to attract more apprentices from black and minority ethnic groups: in 2019 women make up only about 4 per cent of the total employee base. Take for example one of the students we worked with, Khadijah Ismail, who developed a love for maths at an early age and would spend hours watching planes through the window of her attic bedroom near Manchester Airport.

At 16 she won one of our prestigious Arkwright Engineering Scholarships before being offered a five-year degree apprenticeship in aerospace engineering with our partner BAE Systems. Today, Khadijah gives up her free time to work with us at The Smallpeice Trust, to give talks in schools and mentor teenagers with engineering potential.

Programs such as The Arkwright Engineering Scholarship provide invaluable skills development and mentorship opportunities which help young people to take their passion for STEM to the next level, and ultimately prepare them for a successful career in the sector.

Last year 40,000 students experienced the courses that we run with our partner organizations including cybersecurity developer Surevine, Siemens, BAE Systems, Jaguar Land Rover, Shell and the RAF. These range from one day events in schools, to residential courses at our partners’ sites (prior to Covid-19) to online experiences; something that has certainly been more important over recent months.

Our partner Surevine, which builds secure and scalable collaboration solutions for the most security conscious organizations, including the Government, has always pioneered females in the industry with its first employee and first executive director both being female. Founder Stuart Murdoch has always had an interest in respecting the breadth of diversity within the next generation and supporting talented young people who might become their employees of the future.

Surevine has sponsored female students to attend our Cybersecurity Residential course at Royal Holloway, University of London; singling out those who may previously have lacked the opportunity. This sponsorship included parent and school liaison, all materials, meals, accommodation, supervision and social activities.

As Laura Crossley, director at Surevine said about our partnership, “it allows us to share our passion for technology and helps mold the future minds of our industry. Who knows, the children of today might one day become fully-fledged Sureviners.”

Our drive to address inequality, which starts when children are still in primary schools, is working, and we are starting to see things change. Last year for the first time we achieved a 50:50 balance of girls to boys on our residential courses. We invite all STEM related organizations to get in touch to discuss working with us to support the next generation of security engineers. This is just the start.

What’s hot on Infosecurity Magazine?