SC Congress 2018: More must be done to improve infosec diversity

News by Rene Millman

A greater range of candidates could tackle cyber skills shortage. The cyber-security industry is facing a skills gap and bringing in under-represented groups of people could help fill those key roles.

The cyber-security industry is facing a skills gap and bringing in under-represented groups of people could help fill those key roles, delegates at the SC Congress in London heard.

At a panel discussion, industry figures discussed how one of the most glaring deficiencies in the industry is the relative lack of women, a problem shared with other industries based on STEM.

Panellists said that diversity could be a benefit to organisations. Amanda Finch, general manager of the IISP said that we need to make sure we attract women into the industry “and that is within our gift”.

Amanda Finch

“We don't sell the industry enough to various communities. Cyber has done quite a lot to help that,” she said.

She said that the infosec security has become “cooler” but there needs to be more marketing efforts still to explain to people that you don't have to be a geek to work in the industry and there is “something for everybody” in terms of job roles.

Adrian Davis, director of Cyber-security Advocacy EMEA at ISC2, said that there are one and a half million more jobs than there are people. 

Adrian Davis

“One of the things we talk about is fishing in talent pools,” he said. “You have to look at yourself first. We are managers and leaders and we set the example.”

Davis said that if we recruit people who look like us and want to work with people like us, “we will never break down the walls and never get the talent, no matter what shape, size, colour, creed, whatever it may be, that we want in our industry.”

“We have to look, and we have to start at home. We need to take all these messages out to the community. Only then will we have an impact.”

Colin Lobley, CEO of the Cyber Security Challenge UK, said that the industry does need maturing in a lot of different ways. He said that his organisation was trying to address the cyber-security skills gap by running programmes to encourage the diverse workforce into the industry.

Colin Lobley

He said that as a manager in previous roles, he wanted to ensure “capability diversity and that involves different skills, styles, viewpoints, cultures.”

“Absolutely we need a diverse workforce, but fundamentally we need that diverse capability.”

Jane Frankland, cyber-security entrepreneur, said that when she came into the industry, the “doors were much more open” and this allowed people like her to “evolve” and be embrace.

Jane Frankland

“Now we are at a turning point where the door being shut. We are out there saying this is the best industry to be in, we need to open the door again with knowledge of exactly what we are looking for.”

“In my opinion it should be based on values which come down to the culture of your organisation. Let's get away from the narrative about gender, age, ethnicity, race, and so on and let's bring it to the values of what we believe in.

“If we believe in the same things on the same team, we don't care what you look like.”

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews