In June, along with Dana Hehl, our senior VP of operations, Karen Fryatt, our associate director of contract research, and Gavin Duncan, our head of technical operations, a team of us headed down to the Women of Silicon Roundabout event in London.
With perspectives from across NCC Group’s UK and US offices, our panel covered topics from data bias to recruitment, and discussed what individuals and businesses can do to make a difference when it comes to diversity in cyber security.
From company culture to hacker stereotypes, we’ve put together an overview of what we discussed below – along with a few key takeaways for those in the cyber security industry.
Why does diversity matter in security?
The overall aim of NCC Group is to make society safer. To meet this need on a large scale the security industry needs to fully represent society – and this means having diverse teams.
This diversity of thought within cyber-security and risk mitigation businesses is crucial because the same processes and ways of thinking can make both products and people predictable. If the same types of vulnerabilities always crop up and the same type of security strategy is always employed, it can make it far easier for threat actors to bypass an organisation’s defences.
Repeating the same processes could also impact the advancement of cyber security research. Not accounting for differences in the way that people of all backgrounds interact with technology could lead to blind spots in academic and organisational research – which could have an impact on the threat landscape in years to come.
Attracting and retaining talented women in cyber security roles is just one part of creating a more diverse future for cyber security.
How can the security and risk mitigation industry encourage more women to apply to roles?
It’s key for companies to dispel the myth that the only route into the cyber security industry is to have had a background as a ‘hacker in a hoodie’. Businesses should engage with schools, universities and organisations to help people from all backgrounds understand the different routes that they can take to pursue a career in the cyber security industry.
For companies that aren’t seeing the number of female applicants that they would like for a role, it is useful to audit the job description to check that every skill listed is completely necessary. It is also possible to use automated software that can check for any language that could be seen as gender-biased.
Unconscious bias training is also important for those involved in the recruitment process – from looking through CVs to carrying out interviews and making decisions.
The panel answer questions from the audience on how NCC Group aims to encourage more women to apply for roles in cyber security.
How can security businesses adapt their culture to become more inclusive?
To retain talented people from all backgrounds, it’s important for cyber security and risk mitigation businesses to create inclusive cultures and roles with a clear pathway for progression. A survey from the job site Indeed found that the most cited reason for women leaving tech jobs was a lack of career growth or trajectory – with only 53% of respondents believing that they had the same chances of making it to senior leadership as their male co-workers.
While there is merit in acknowledging that less females do STEM degrees, leading to an imbalance of gender in the ‘talent pipeline’ for technical roles, this is not the case for leadership roles in the cyber security sector, such as those in sales, finance, HR, legal, and marketing. However, there is still a disproportionate amount of men in the top jobs across these departments, which can trickle down into culture and promotions.
This is what makes an inclusive culture so important. It’s vital that this change is driven from the top-down, with senior members of staff acting as role models and implementing initiatives that could help to accommodate different needs, such as flexible working and mentoring schemes.
Driving inclusivity in a company’s culture – regardless of sector – can have significant benefits and can help individuals at all levels to feel empowered to speak up and help to drive change. Recruitment and company culture are only parts of a bigger picture when it comes to encouraging more women to take up careers in cyber security, but both can ultimately help to transform the future of the industry.