Why is diversity so important in Cyber Security?
Why is diversity so important in Cyber Security?

Why is diversity so important in Cyber Security?

Posted on: 02/05/2018

Rosie Anderson, Senior Recruiter for Cyber Security at Outsource UK writes:

Diversity and Inclusion has been a hot topic for several months now, and as a working mum in an incredibly fast-paced environment, it’s a subject that is important to me. At Outsource, we believe ‘Inclusion’ to be synonymous with EVERYONE regardless of age, race, gender identity, physical ability, sexual orientation, neurodiversity, religion, and socioeconomic status, and we are working hard to promote the benefits of inclusive recruitment and working relationships. Imagine how much more innovative business could be when you consider a diverse mind set….

Cyber security, and how secure we are within the UK affects us all - from the teenagers chatting over WhatsApp, to our grandparents getting spoofed with HMRC tax rebate emails to businesses getting hit for their customers’ data and credit card numbers, to our critical national infrastructure remaining secure and stable. But cyber security isn't just a business problem. The NCSC mission is to make the UK the safest place to live, and to do business online and to do this, security needs to be a business enabler and our users of all technical abilities need to be supported.

  • How do we make the UK the safest place to do business?
  • How do we ensure that the latest technology that we develop is as safe as possible, and we don’t miss critical threats?
  • That our defence teams pick up issues and we’re educating our users and the public of the scams to look out for, in a clear and easy to understand manner?

I believe that this is why diversity is so important within Cyber Security.

To really be effective, teams need to be culturally and intellectually diverse - so they can challenge others’ view points and look at the most technical challenges from different perspectives. By having a diverse team, an organisation is in a stronger position to tackle the rapidly changing threat landscape and approach these problems from a wider viewpoint.

We’ve recently been working with an organisation that wanted to increase the number of females within their development team. They were typically 90% male, but had recently had a female graduate join their development team and had seen what a positive impact that had made. This organisation develops cyber software, and they found that because this new team member approached problems in a different way, and asked lots of questions as she was learning, this encouraged the whole team to challenge the way they were thinking, and naturally work harder to think through problems. We all have blind spots, but by challenging others’ viewpoints, collaborating on technical challenges and explaining your thought process to an individual who thinks differently, solutions evolve into a more robust outcome.

If a team is all from the same background, and thinks in the same way, could it not be seen that solutions don’t evolve past their first development?

Think about your current team. How diverse is it? When was the last time you worked together to come up with an innovative solution? Where you happy that it was the best outcome?

One of the things I love about the cyber security industry, is the wide range of different roles available. From pen testing to threat intel, to security operations to explaining risk to the board, to educating internal users and the public. Such a diverse list of roles needs a diverse skillset, and there really is a role for EVERYONE within cyber.

One of the most challenging requirements that we see, is to be able to converse with technical teams and to work with the board or the business, and be able to bridge that gap. Whether it be to gather the business needs, and then translate into technical requirements, to be able to convey risk to the board, or to communicate security policies and educate in a non-patronising way to ensure compliance. Communication skills and conversing with stakeholders of all abilities are key within many key cyber roles: doesn’t it therefore make sense that the “communicators” and “bridges” between our tech teams and our users are as diverse as possible?

You may be asking what diversity looks like?

There is a real push to get more females into STEM careers and this is important but it isn’t the only underrepresented group.

  • The Government has a push to increase the number of older workers by 12% We have an ageing population and we are all living for longer. Steve Jobs would be well into his 60’s now and his age didn’t slow his innovation down.
  • Ex–military personnel have some of the best training around and understand and work with some of the latest technologies – a number of banks now have schemes to employ and upskill military personnel because they understand the value in the skills they have
  • Neurologically diverse people can bring a different skillset – they are naturally aligned to see and understand patterns within code and within numbers and won’t stop working on a problem until its fixed, and sometimes even well after
  • Disabled workers have a different perspective again – and will create solutions that make technology safer for everyone. There's a great TED talk by Elise Roy that talks about designing safer engineering solutions for everyone, which is well worth listening to. Text messaging was created for deaf people, but is a great example of technology that we all use. 

We know there is a growing gap between the number of skilled workers available and demand. We need to attract a broader range of people into security – and as well as attracting a wide range in to the industry, also cross training and upskilling workers, attracting apprentices into the business to look at a wider cultural background, and to encourage returners – either from a career break, or after maternity and paternity leave.

However, it's not as easy as clicking your fingers and solving your hiring headaches. Business leaders need to think about their mission statement and why they are a great employer:

  • What's your unique selling point over your competitors?
  • What are you doing to attract a different workforce?
  • Have you made your job adverts more inclusive and taken out biased terminology to attract a wider audience? 
  • Have you made your interview process slick and inclusive, thinking of practical assessments ie CTFs to look at technical ability?
  • Are you using your business ambassadors and current diverse workforce to showcase your organisation? Are you encouraging them to attend networking groups and allowing them time to invest in this?
  • Can you offer flexibility over location or hours, not just to new staff but also to current employees?
  • What will you do to make your business inclusive, and change the culture to one where differences are celebrated and your employees bring their whole self to work without the fear of discrimination?
  • What about your onboarding process? Have you made this slick, and ensuring that you keep your potential new hire engaged?
  • Have you assigned a buddy or mentor for the first 4 weeks, to make contact before they start? 
  • How are you going to retain your new talent and really embrace diversity to solve your challenges? 
  • On average an experienced cyber security candidate has 4 offers on the table - What are you doing to keep your new hires engaged before they start? 

These points are all small changes, but together they can make a truly effective hiring strategy to help your organisation grow and to do your bit to secure the UK as the safest place to do business.

To watch Rosie's Spotlight talk at CyberUK 2018, click here.

To find out more how our Diversity & Inclusion team can support you in your career or Cyber team development, contact Rosie Anderson on 0161 694 9200 or email diversity@outsource-uk.co.uk

Outsource - taking care of everything, for everyone


Leave a comment

Most recent posts

  1. How did the BBC's 'Breaking into the Elite' make you feel? View article
  2. IR35 Reform - will we see draft legislation this week? View article
  3. The start of a sentence no one wants to hear View article
  4. Government publishes IR35 Consultation paper View article