The issue of diversity in the security industries is a hot topic as companies around the world look to create a more inclusive environment, embracing gender equality and diversity to engage all sectors of society and the corporate world. Ahead of International Security Expo and International Cyber Expo, which returns to Olympia, London from 28-29 September, International Security Journal speaks to five leading female voices from the security industry to understand the current state of play and what needs to change.
“If women and girls don’t see it, they won’t want to be it,” so says Lisa Ventura, Founder of Cyber Security Unity and award-winning cybersecurity and content market consultant.
She is one of a group of female cybersecurity industry ambassadors using their voices to drive change in what is, historically, a male-dominated field. She is emphatic in the industry’s need for a “much greater representation of under-represented groups” in cybersecurity across all aspects of society and media. “There are many strong female role models, who deserve to have their voices amplified,” she stresses, adding: “News outlets need to stop citing male cybersecurity experts, while industry conferences should include more female speakers and demonstrate their commitment to having inclusive codes of conduct.”
Women must be visible and seen as experts, but unfortunately, when women are contacted for their insights, it is often to talk about gender issues and not about their technical skills and capabilities. This means that when girls see female role models in cybersecurity, they often only hear awful statistics and not the great work that women are doing in the industry, she says.
Why do we need diversity?
Lisa Forte, Partner at Red Goat Cyber Security, Co-founder of Respect in Security and cited by Ventura as her biggest industry mentor, agrees but also goes further. She makes the point that while diversity in any business is, of course a must, she also underlines that it can make a major difference to outcomes. “I want to focus on why we need this diversity in security specifically. I think risk perception is very dependent on your experiences. If you only hire people who are white, males of a similar age, geographic area and socio-economic background, they are likely to have had similar experiences. This may mean they miss clues or risks that someone from a different background may have had experiences of.
“So, it’s not about gender for me. It is about having a workforce that is as diverse in every way as possible. For the security industry particularly, this is vital.”
Dr. Emma Philpott MBE, CEO of the IASME Consortium Ltd, a company focusing on information assurance for small companies and the supply chain, agrees and believes those companies that have more diversity, enjoy more success. She states it’s an “absolute priority for the industry to embrace diversity to stay ahead.”
She believes that self-belief and confidence are critical and highlights that “it’s easy to feel you shouldn’t be there, which can lead to doubting your abilities and feeling like an imposter because you’re different.” The solution, she believes, is to have more role models and a greater representation of the communities the industry is serving.
Professor Lisa Short is the Director and Co-Founder of P&L Digital and a pre-eminent authority and thought leader on frontier digital technology systems. She says the need for diversity and equality plays a much bigger role than simply ensuring that more women are employed in cybersecurity.
And she pulls no punches: “Until we address the United Nations Sustainable Development Goal No 5 – to achieve gender equality and empower women and girls, we will not meet the Sustainability Goals; 50.7% of the global population is women, but we are still living under 2,000 years of patriarchal systems, designed by and to benefit men.”
And bringing it back to cybersecurity in particular, she points to the fact that women working in tech represent just 14% of the workforce. “In cybersecurity, it’s even less.”
She adds: “Progress has regressed. Gender diversity is not measured by the number of women in the sector and the position that they hold. It requires a prioritised shift in thinking towards respect and a new narrative. Incremental improvement is insufficient to overcome gender disadvantage.
“It is determined by the inclusiveness of opportunity, parity in all areas including pay and a lack of bullying, harassment and abuse. 48% of all women in tech experience abuse. The State of Women in Tech Report 2021is a sobering realisation of the genuine state of the gender challenges that remain unconscionable and unacceptable.”
Like Ventura, Short wants to hear more female voices speaking up for cybersecurity: “When events and conference keynote presenters and speakers remain predominantly male, it is indicative of the urgent requirement for change and the lack of accountability in the sector to adopt good governance practice.”
Finding the right people
So how can the cybersecurity industry attract and retain more women? Our interviewees are not short of answers.
Short says the system needs to change. “The common pathway into the security industries is through the military, the police and EMS, all these are predominantly male industries. As cybersecurity thrives, we need to give more women a voice. Women are empowered and confident, we just need the opportunity and for the entrenched, endemic bias to end.
“Men need to help to solve the problems for women. When we come up against that brick wall, men should be willing and eager to step forward to help us to smash it down.”
Ventura adds that companies also need to rethink their job specs when recruiting. “A great number of security roles require as many interpersonal skills as technical ones, such as analytical thinking, teamwork, leadership and communication skills.” To help reinforce the message, she has written a book – The Rise of the Cyber Women: Volume One, a collection of inspiring accounts and stories from women who had a non-technical and non-linear journey into the industry.
Forte says it’s also up to women not to be afraid of rejection. “One of the main challenges I see is people being so afraid of being ignored or being told ‘no’ they don’t bother reaching out to ask for help or advice, or for someone to amplify their post, for example. I am a huge believer in ‘if you don’t ask, you don’t get’ and I personally get rejected continuously. It just means you have to explore a different avenue for now.“
Vicki Gavin, Cyber Security Woman of the Year 2015 and Head of Information Security & IT Risk Management at Kaplan International also believes perseverance is key. “Too frequently, people will try something find they don’t like it, throw up their hands and give up. You can’t, you’ve got to keep trying different things. It’s also important to remember very few of us start at the top and a very small number, make it to the top in a real steep climb. It’s slow and steady that wins the race.”
Regina Bluman, Security Analyst at Algolia agrees, citing tenacity as a key characteristic for women to survive in the security industries. She said: “While it is definitely improving and becoming more common to see women in technical and senior roles across the industry, I still believe breaking out of those “typecasts” will be the most difficult part of a woman’s career in the industry. Push, push, push, and question everything. If someone puts you into a box, break out of that and build your own!”
Holding back the industry
However, the common understanding, which Forte, Short and Ventura agree with is that a lack of diversity is one of the key issues holding back the industry.
Ventura says finding the right people is a “huge challenge” with the cyber skills gap growing all the time. She again underlines the need to look beyond pure technical and digital ability to the host of interpersonal skills vital to engaging the public and companies in the threats that prevail. “These can be gained in fields other than cybersecurity and technology. Women often excel in cybersecurity roles that need these skills and cybersecurity awareness roles are often very attractive to women.”
Forte adds: “I believe that across the security spectrum, one of the main issues is the disconnect that exists between security professionals and the users that we are protecting. Security professionals operate in very close communities, which can be a great support. However, the issue is that we develop silo thinking.”
And silos are something that Short thinks the industry needs to avoid. She believes it is a mistake to group the entire industry together as ‘the security industry’, because that, she says, ‘silos the skill set’.
“The industry is hybrid, the physical security sector uses digital technology and IoT, so it’s important not to disconnect the two. There is a clear convergence between the two…There is a lot of language around the industry that deters understanding. It is multidisciplinary, but there is a misconception by many people that ‘cybersecurity’ doesn’t relate to them. We need to change that concept. It’s all about keeping people safe and resilient.”
Clearly, the women we have spoken to believe the pace of change is too slow. However, the very fact that they are speaking out is testament what is to come.
A quick look at the speaker line-up for this year’s International Security Expo and International Cyber Expo highlights some of the remarkable women that are successfully driving the sector forward, from all corners of the industry. Speaking at the Global Cyber Summit, Lisa Short and Lisa Forte will be joined by leading female voices include Nicola Whiting MBE, Chief Strategy Officer, Titania Group; Jenny Radcliffe, aka the People Hacker; Vic Harkness, Security Consultant – F-Secure Consulting; Flavia Kenyon, Barrister, The 36 Group; Lorena Gutierrez, Crisis and Resilience Manager, PwC UK and more. For more information and to register to attend this year’s event, visit https://www.internationalcyberexpo.com/