The NCSC is launching sessions of its CyberFirst Defenders courses which will be open to girls only to help increase representation of women in the industry.
It is tied to a broader campaign of encouraging young women into the cyber-security industry including the girls-only CyberFirst competition, now gearing up for its third year. It is hoped that girls taking part in the competition and the course will go on to study cyber-security at A-level and university.
The CyberFirst Defenders course is a four-day course, with a mix of residential and non-residential offerings, aimed at boys and girls aged 14-15 years, but to encourage more girls to take part, the NCSC is offering 600 places on courses just for girls across 10 dates in April and May.
However, places on the course are only available to those who have taken part in the NCSC’s CyberFirst Girls competition, a week-long competition taking place this month, open exclusively to girls in year 8 (year 9 in Northern Ireland). The competition is open to teams of four girls and a teacher mentor.
The online phase of the competition will see each team attempt to complete a series of challenges split into four categories: cryptography, cyber-security, logic and coding and networking. The top 10 teams will be invited to compete in a face-to-face Grand Final in Edinburgh in March 2019.
The deadline for registering for the competition is Monday 21 January. News about booking places on the courses will be available from 4 February, the NCSC said.
While the number of boys and girls taking part in the CyberFirst Defenders courses has trebled since its inception, most of the participants have been boys.
"Trebling the number of young people taking part on CyberFirst courses is an encouraging start, however women only make a small proportion of the global cyber workforce and throughout GCHQ and the NCSC we are looking to address the imbalance," said Chris Ensor, NCSC deputy director for skills and growth.
Using the competition as a route for girls into the CyberFirst scheme seems to be working well for the NCSC. Last year 4500 girls took part in the competition and the NCSC expects the numbers this year to be greater.
Jessica Barker, co-founder and co-CEO of Cygenta, told SC Media UK: "The NCSC are doing fantastic work at encouraging young people to consider cyber-security as a career, and this initiative focused on girls is a brilliant example of that."
Cygenta is a partner of the NCSC’s Cyber Schools Hub and has found that schools which take part enjoy a noticeable increase in girls studying STEM subjects at GCSE and A-level.
Amanda Finch, CEO of the Institute of Information Security Professionals (IISP), told SC that for an industry suffering a massive skills shortage, it’s important to recruit not just more women but also more people overall.
She looks forward to the day when people consider cyber-security as a career as they would medicine or other professions. "It would be good if Chris Ensor were to talk to the people who participate to see how they can attract more women into the industry," she said. "Why did they decide to get involved and what could be done to encourage more of their peers to get involved?"
Sarah Armstrong-Smith, head of continuity and resilience at Fujitsu UK & Ireland, welcomed this as a "hugely positive move". She said: "As a shortage of women in cyber-security roles is predominantly down to a lack of awareness of the opportunities that exist and an often flawed and inaccurate perception that some groups – such as women – do not belong in the cyber-security sector, the news that a new scheme has been launched to teach cyber-skills to young females is welcomed."
Jane Frankland, author of InSecurity: Why a Failure to Attract and Retain Women in Cybersecurity is Making Us All Less Safe, told SC that focusing on women isn’t just good for women, it’s good for society as a whole.
"Countless studies have shown that women and men gauge risk differently. Women are far better at assessing odds than men, and this often manifests itself as an increased avoidance of risk," she said. "As women are typically more risk averse, their natural detailed exploration makes them more attuned to changing pattern behaviours – a skill that’s needed for correctly identifying threat actors and protecting environments."
And she added: "They also don’t fall for attacks that are being written purely for men."
Ideally, teams should be gender balanced, she said. "As men tend to be more pragmatic with their thinking, what matters is that no one gender is better than another. It’s simply that we’re different, and when we come together as a more gender balanced unit, to solve problems, we’re able to solve them faster."
Tara O'Sullivan, CMO at Skillsoft, said, "Tech and cyber-security are, on a broad scale, viewed as jobs for men – by women and men, fathers and mothers, CEOs, teachers and so on. We need a significant cultural overhaul. A female having a career in cyber-security needs to become a social norm, not a rarity. This starts in schools, where we need to encourage girls to have the confidence to do whatever they want, even if traditionally it was seen as ‘boyish’."
Jake Moore, cyber-security expert at ESET UK, said, "Women have been largely underrepresented in a number of industries, including the cyber industry, for many years and this is a fantastic opportunity to buck the trend. NCSC are always using innovative ways to secure our future generations whilst keeping cyber-security a priority. Getting more people interested in this fast paced business is a must, but it’s paramount that we try to tackle gender inequality at the same time."
James Hadley, CEO of Immersive Labs, said there are clear benefits of gender diversity in the workplace, perhaps more so in cyber-security.
"In my experience, men and women have distinctly different approaches to problem-solving in cyber," he said. "Women are typically more methodical, which allows them to take a long-term and determined approach to finding a resolution and complements men's slightly faster moving approach. In the long term, this initiative will also set the groundwork for building a network of like-minded people to encourage and support one another when starting out in the space. This will form the roots for the next-generation of cyber talent."
Jan van Vliet, VP EMEA at Digital Guardian, said: "We’ve all heard over the last several years about how the cyber-security talent shortage is a crisis. Bridging the gap, by employing a diverse cast of cyber-aware workers, remains a chief concern for CEOs, CISOs and executives alike. It's important to educate today's youth on the importance of cyber-security and the plethora of roles available throughout the field."