Cyber security needs more women role models, says report

Information and cyber security assurance body Crest has highlighted a number of actions needed to improve gender diversity in cyber security, including more outreach into schools, dedicated career mentoring for women entering the sector and changes to recruitment practices.

Borne out of research undertaken at a recent gender diversity workshop organised by the non-profit group, alongside polling of its accredited members, Crest’s report, Exploring the gender gap in cyber security, found that while awareness of gender diversity was improving in security, there was still more work that could be reasonably undertaken to make an even greater difference.

Polls taken across two workshop events held during the summer of 2019 found that only 14% of attendees thought that not enough was being done to close the gender gap, but 86% believed that the progress that has been made was not enough.

The study also revealed that 59% of women in security said their experience in the industry was “mixed”, in that they had received some support but, equally, obstacles and challenges arose specifically because they are women.

“It is encouraging that as an industry we are making progress, but there is a lot more to do and improving the visibility of female role models will allow us to challenge the perception of the cyber security industry,” said Crest president Ian Glover.

The main priorities for change identified at the workshops were encouraging girls and young women to study computer science; improving visibility of women role models in security; challenging the perception that security is a gender-specific role; and industry-wide mentoring and coaching for women embarking on careers in the sector.

The report said that senior security leaders could and should shoulder more of the legwork in approaching schools and colleges, to help address a lack of interest in Stem subjects. This could be coupled with better promotion of established initiatives, such as the National Cyber Security Centre’s (NCSC’s) CyberFirst Girls contest.

Crest’s report also pointed to issues with current recruitment practices, and said change is needed in how security jobs are described and “sold” to women, right down to the language used in ads, and even candidate requirements.

Many of those present at its workshops said that the inclusion of training options in job adverts could encourage more women to apply, as would the introduction of flexible working hours, maternity policies that go above and beyond the bare minimum, and support for women going back to work after a career break.

Crest also found demand for an industry-wide mentoring and coaching scheme for women, creating a community, and helping people grow and develop in their careers.

 “Schools hold the key and we need to help them to encourage more girls into the industry. Furthermore, the mentoring scheme would give a platform on which role models can help to coach and guide others, which in turn will help to challenge the perception of gender as it relates to the industry,” said Glover.

“The actions are well-thought through, they are doable but just need the support of industry, education and recruiters,” he added.

The full report can be downloaded from Crest’s website.