Diversity and Inclusion: The changing face of cybersecurity
In the complex world of cybersecurity, there are no simple solutions. The future of cybersecurity requires diversity, not only of ideas and approaches, but of people from different backgrounds with different skills. In this blog I will outline some of the ways the sector can foster diverse and inclusive approaches to improve security.
Why do vulnerabilities occur?
Despite many talented people working in cybersecurity, Australia’s rise in cybercrime over recent years is evidence of cybercriminals constantly looking for new vulnerabilities to expose. When we try to identify why security issues have arisen, it is tempting to blame some technical aspect of the defence measures. Breaches occur not only because of a failure to identify risks, but because of a failure to communicate potential risks. Seen in this way, working with a diverse team, and incorporating inclusive thinking to solve cybersecurity issues can address both failures.
Diverse teams perform better
It is well established that diverse teams are generally higher performing. The combination of different ways of thinking tend to produce more creative and innovative solutions. It applies in cybersecurity: the ability to remain informed about the range of existing and emerging threats, to understand and anticipate the mindset of hackers as well as to solve complex problems quickly is crucial in this sector. Hackers continuously evolve, adapt, and adjust their approaches and so should the cybersecurity workforce.
Rather than looking at technical skills, employers must look for core characteristics to build their cybersecurity teams.
Rather than looking at technical skills, employers must look for core characteristics to build their cybersecurity teams. A curious mindset, the ability to continuously learn and a never-take-anything-for-granted attitude are essential in defending organizations against cyber threats.
Empowering women to speak up
Employing a team of people who can work laterally and bring in fresh ideas is essential to identifying new risks before cybercriminals have an opportunity to expose them. While traditionally a male dominated field, there has been a marked improvement in gender diversity over the past six years with the share of females employed in cybersecurity in Australia rising from 4% to 28%.
This improvement is projected to continue within the next four years to see females accounting for 44% of the cybersecurity workforce. This improvement reflects a change in culture, which can be seen in improving STEM education at secondary and tertiary level, as well as blind employment strategies and quotas for women in the corporate world. I have had conversations with women during the hiring process who felt empowered to apply for roles in cybersecurity because they saw the company had employed me as a female CTO. It is important that women can promote themselves to encourage other women to go on the cyber pathway. Women Speak Cyber, an Australian initiative created in response to the lack of gender diversity in speakers at cybersecurity conferences in Australia, helps to add more women to the speaking pool and empowers women to speak up. Ensuring there are more women in the workforce to create a more diverse working environment in the future relies upon strong networks of women, and further training and mentoring opportunities. Organizations such as the Australian Women in Security Network (AWSN) help support these initiatives.
Putting diversity to work with inclusive thinking
In my experience, security issues arise when there is a lack of understanding about a security issue. This is not to say that the vulnerability has not been identified, but that it hasn’t been communicated effectively. Having a team of people from diverse backgrounds will help identify unique threats, but unless there is an open dialogue and a holistic approach to cybersecurity where these diverse voices are being listened to, it is impossible to reap the benefits. Inclusive thinking means seeing security as an outward facing concern as well as an inward facing one, something which affects everyone, not just a matter for the technicians. Getting people from a range of different backgrounds is a critical piece of the puzzle when it comes to solving any complex challenges, including the cybersecurity challenge.