I work with a lot of businesses in the cyber security space and I notice the lack of women in many senior roles. This, coupled with the 2017 Global Information Security Workforce Study: Women in Cyber security report which shows women make up just 7% of the workforce in the UK – beaten only by the Middle East to bottom place – inspired me to write my book.
The issue is only partly about equality. Of course men and women should have the same opportunities, but it’s also about opportunities lost for businesses, not to embrace the different skillsets men and women bring to the workplace. Performing to a higher standard is key, so we can better defend ourselves and outsmart our adversaries.
One of the things I talk about a lot during my work is the fact that many cyber security roles don’t require a dedicated tech background. When I was at the Women in IT awards last year, Maggie Philbin asked the room to stand if they came into technology via a non-tech route and virtually the whole room stood up. My background is in art and design, for instance, and now I have 19 years in the security business and am a recognised influencer.
We need support from people within the whole ecosystem. That means understanding the environment, how people work, how to project manage, communicate, lead, sell and educate in cyber security roles. Nowadays there’s a real focus on understanding behaviour, changing behaviour and creating a more secure culture, so business risk can be mitigated.
Women can be great at this, but more than anything it’s important to be open minded about the career paths of people coming into your business.
Ironically, despite technology being such a driving force of life today, there’s a huge skills shortage in tech roles. Paradoxically too, there’s a high level of graduate unemployment among computer science graduates in the UK. I think that’s because the industry has trouble identifying the talent it needs, and because it’s created its own skills shortage by enforcing standards that are simply too high.
The last generation – today’s management in most cases – got into technology by being given an opportunity and learning on the job. Now, many companies expect the right boxes to be ticked when recruiting but they’re forgetting their way in. As the industry is ever evolving and online attacks are becoming more sophisticated, cyber security has a real opportunity to become a field that’s progressive - where thinking ability and good communication skills are identified, nurtured and valued..
So, what can you do to diversify your workforce and improve your business culture?
Firstly, avoid being too prescriptive in recruitment. Look for general skills: people skills, management, leadership and so on. It’s about aptitude to learn as much as the concrete skills. Without a variety of people you become blind sighted, and if everyone is thinking the same, then you could argue that no one is really thinking. If you want to perform to a high standard, you must have diversity.
Secondly, teach your children, apprentices, or work experience students to be brave, take risks, trust in their abilities and don’t be put off by what the established industry is telling you. Technology is really cool: embrace it and get ahead.
And thirdly, look objectively at your culture. Are you making your business an attractive place for people to work? Technology can help create a flexible working environment and improve employee satisfaction, so make sure you’re creating a culture the team enjoy.
If you’d like to hear more from Jane Frankland, check out her top tips from turning employees from your weakest link, to your strongest shield for company security.