The gender and skills gap are currently very hot topics in the world of cyber/information security.  (I use the word cyber – unashamedly because (arguably) it sounds cool)! The Women’s Security Society, together with the government department of Business Innovation and Skills, tackled the gender and skills gap issue through a roundtable event. 30 professionals came together in 2013 to discuss the gender and skills gap in cyber, from which a white paper was produced, with recorded outcomes and recommended actions.Woman in business wear with technology background

Three years on and the topic of the gender and skills gap is still very prevalent.  Has anything changed? The white paper provides two very pertinent points that stand out over and above other findings, and these are:

  • The lack of standardisation of, or formalisation in career paths and qualifications
  • The need for women working in cyber to share their stories – to be put ‘out there’

So, here is my reflection on the first point: Three years on, I don’t believe we have a single framework, approved and advocated by various professional bodies; a commonly used reference point. On the qualifications piece, whilst I’m an absolute advocate of professional training companies, they do, on occasion publish lists of ‘ISSSSPs, ISMmms, – often unpronounceable certifications’ and align these against a range of cyber roles. This can be helpful but, conversely can sometimes confuse and coerce individuals into paying for professional qualifications that may not be relevant.  I’m inclined to wonder if the dominance of certifications could be causing a bit of laziness in terms of the approach to recruitment. Combined with the absence of a standard career framework, we appear to remain a little stagnant here.  I’d love to see more organisations investing in apprenticeship style, on the job training which actively looks for differenceBAE systems are doing just this and I applaud them.  They are running an apprenticeship scheme for cyber, targeting individuals who have transferrable skills and wish to enter without the traditional qualifications or expertise.

There is an increasing demand for cyber professionals to be more business facing, to translate ‘Cyblah’ into business relatable issues easily understood by the board.  Would the traditional graduate computer science route provide the type of candidate who can meet increased business facing expectations?  Does the traditional graduate route potentially exclude those bright individuals, often from diverse backgrounds who could not afford University and further education?  I have a positive outlook and firmly believe we can look at the current skills (and gender) gap as an opportunity to introduce a more diverse and dynamic angle to the profession – a healthy mix of difference surely means we can enhance and expand cyber roles and capabilities.  An article written by the Financial Times in late 2015 ‘Cyber Security Sector Struggles to Fill the Skills Gap’ nicely summarises the situation, referring to it as “the largest human capital situation in the world”.  The article states that cyber jobs take 14% longer to recruit for than the average for all jobs, making cyber more difficult to recruit for than data science, advanced manufacturing and petroleum engineering.  So, is it time now for the profession to really embrace difference?  I believe so.

On the second point: Representation of women in cyber and women getting themselves ‘out there’. There is some great momentum building, including a book that is being written about women in cyber security by Jane Frankland, which will be published later this year.  There are numerous forums and networking groups emerging and, more importantly collaborating.  We have some fantastic cyber role models visible and available via social media– Dr Neira Jones, Sarah Clarke, Karolina Oseckyte, Eliza May Austin, Marilise de Villiers, Jane Frankland being ones that immediately spring to mind.  There are also a number of male counterparts who actively support and speak on the gender issue.  But we do need more ladies in cyber to become visible and to actively support and advocate those who are starting their careers, those who are looking to move into the profession or who are developing a social media presence. So a few ideas from me, as to how people can provide low effort, but high return support – support can be one of the strongest enablers out there for change!

  • Be available – comment, like, share and support ladies (indeed all individuals) in cyber.  A bit of muddling about with your mobile device on twitter or LinkedIn on the train or whilst cooking dinner isn’t a huge outlay.  The return can be a demonstration of active support for others.  To me, supporting others is incredibly rewarding and will consolidate strength of movement and facilitate change.
  • As I’ve mentioned within a past LinkedIn blog.  Search and locate talent!  Connect with talent (in all its forms) at events, via social media, within your organisations.  Often informal support is far more impactful than formal programs.  Informal support and approaches personalise, it shows you care as a person, as a leader.
  • Arguably one thing I do quite well is catch up with other professionals for a cup of coffee (or wine)! Build bonds and establish your own informal network.  This is a great opportunity to share details of roles, discuss and introduce talent – to knowledge share, to collaborate on a 1:1 level.

I recently reached out and actively supported an individual who, on LinkedIn commented and wrote a great post about his challenges finding a cyber role.  His message to me, after we connected speaks volumes; “I would like to think that in months/years to come I will also be able to offer advice and a helping hand to someone who is going through a situation similar to mine, just as you have”.

Doing and supporting extends a ladder to others and those individuals will recognise the value and apply the same behaviours.  That’s change.

Charlie Timblin is the Associate Director Technology Risk of International Financial Data Services.