Posted-on February 2019
Our Head of Cybersecurity Consultancy Practice, North America (Principal Consultant), Luke Zbieranowski, offers his insights into the cyber security industry.
For those of us who interact with the cybersecurity market on a daily basis, it’s starting to feel like we’ve hit a crossroads. Several disconcerting strands have come to a head, making the path ahead uncertain.
On one hand, we’re walking headfirst into a skills gap that seems to be widening by the second. On the other, the cybersecurity sector is still struggling to address an issue that’s been plaguing it for years – gender imbalance.
While it may be arguable that each strand is its own separate entity – and should, therefore, be looked at in isolation – I don’t think this is the best way to solve the problems that threaten to undermine the cybersecurity industry.
If anything, it seems clear that the two trends are inextricably linked and therefore, if we’re going to bring about real change in this market, we need to tackle both simultaneously.
Not a coincidence
As we’ve alluded to previously, there are good reasons to believe that the global shortage of cybersecurity professionals will leave two million job roles unfilled by the time 2019 rolls around (according to ISACA’s 2016 Cybersecurity Skills Gap infographic).
It doesn’t seem like much of a coincidence that warnings about the lack of skilled workers have become starker at a time when industry commentators are calling for organisations to put more effort into engaging with women.
One reason why women in technology may not be going on to develop careers in the sector is that they’re being deterred from doing so during their “mid-career”.
Technology journalist Davey Winder, writing for IT Security Thing, recently highlighted the issue, saying that “the problem ultimately lies in the careers that people come to security from”, and that more needs to be done to appreciate the reasons why women choose to enter or leave cybersecurity.
A self-fulfilling prophecy?
While the cybersecurity market is incredibly competitive, I don’t think it’s fair to use this as an excuse to hide behind. Yes, there’s a lot of competition for each role, but that doesn’t mean we shouldn’t actively be encouraging more women to take pride in their careers and chase after the top jobs in the industry.
If we shy away from putting in the effort required to address the problems that exist in information and cyber security now, then we risk creating something of a self-fulfilling prophecy in the future.
To some, this may seem like an exaggeration, but I don’t think so. If female technology professionals are being put off from developing careers in the sector because of a lack of support, then the situation will only become more unbalanced. Greater gender disparity will mean fewer women consider entering the profession in the future, and so the trend continues.
Turning the tables, before it’s too late.
What’s clear is that there’s no quick fix here. To solve the problems that exist in cybersecurity, we need to put time and effort into changing the attitudes of everyone associated with the industry, from the bottom to the top.
What’s the key to doing this? Well, luckily that part seems rather simple. The key is engagement.
Business leaders – the people with the power – need to make conscious efforts to encourage school-age girls to consider developing the skills required to work in technology. Engagement creates interest and breaks through barriers.
Programs like work experience, internships and ‘hackathons’ are a great way to offer an introduction to cybersecurity and businesses need to lead the way, in creating exciting and thought out programs.
By encouraging the female professionals of the future, we can start building the foundations of a fairer, more equal industry.
We need to give women a reason to be passionate about working in technology, but more than that, we need to show that they can work and thrive in this area.
As a Headhunter and hiring adviser, I need to keep an eye on and advise on the marketplace and ensure my clients not only have a quick fix for their hiring needs but also future-proof their businesses. The growing need for skilled Security professionals is clear but what isn’t is the fact of the candidate pool in the coming years.
In part one, Luke touched on the gender disparity that exists in the cyber security sector, and how clear it is that the industry could suffer in the future as a result of its failure to engage with women. Here, he takes us further into Part 2 of his blog.
In my role as a Head-hunter, I am reminded on a weekly basis of how great the imbalance is. I interview about 100 candidates a week. Of this number, only about five will be women – and that’s a good week. That’s taking into account a range of different career levels, from analysts up to management-level candidates.
It’s quite staggering that, even in 2019, such huge disparity still exists, especially when there’s no good reason for it. For me, there’s no greater evidence of the fact that problems do still exist, and that without conscious efforts being made to change the way we educate both girls and boys about the value of diversity, they will persist.
The good news
The good news is that, while problems do exist in the cyber security market as it stands, I am confident that we are beginning to move towards a brighter future for all involved.
My optimism stems from the fact that many of us in the industry are aware of the barriers that exist, and therefore thinking about how we can begin to knock them down. The issue is being highlighted more and more, meaning that key influencers – from employers to the government to educators – are being encouraged to enact real change in cybersecurity.
What’s more, those women who do work in the sector are being encouraged to promote the fact that females can survive and thrive in technology roles and set a positive example for women who may be interested in entering the profession further down the line.
Programs of engagement are so important in the long term and both schools and businesses need to pick up the slack to ensure we are not still talking about this in 5 years!
What can be done?
Helping women obtain:
Cybersecurity work experience
School/college/university/company sponsored Hackathons
School cybersecurity events
Teaching cybersecurity as part of a comprehensive technology syllabus
And simply breaking misconceptions (cybersecurity is not all about coding!)
Finally, Initiatives such as ‘Women in cybersecurity’ (www.wicys.net) are also blazing a trail!
Why is equality important?
It’s worth remembering that we’re not just pushing for equality for equality’s sake. We’re pushing for equality, and diversity in general because it helps to create a stronger and more effective workforce that can better deal with the cyber attacks of the future.
In the last few years, it has become clear that the threat landscape has quickly evolved and become a genuine danger to both businesses and individuals.
Therefore, what’s required is a diverse and flexible cyber security industry that employs people with different backgrounds, processes and ways of working, in order to respond to emerging threats. A diverse industry has a better chance of achieving success than a stagnant one.