Exploring the gender gap in cybersecurity | CREST

Exploring the gender gap in cybersecurity | CREST

In 2016, Eleanor Dallaway wrote the report, ‘Closing the Gender Gap in Cybersecurity’, after conducting a diversity workshop attended by representatives from CREST member companies and industry.

Three years on, and two gender diversity workshops later – both run as part of the CREST Access to Cyber Security Day – Eleanor Dallaway seeks to report on any evolutions and progress that has been made, and more importantly, questions what still needs to be done to improve the diversity balance in the cybersecurity industry.

The original ‘Closing the Gender Gap in Cybersecurity’ report looked at why diversity matters, what was preventing women from pursuing a career in the industry and most importantly it looked at how we, as an industry, can address the gender gap and actually make a difference. The six areas that participants agreed needed to be focussed on back in 2015 were:

  • Education – getting the right messaging to children at school age
  • Awareness – how to promote the industry to women and get the messaging right in doing so
  • Perception – considerations into the way we market our industry
  • Inspiration – raising the profile of successful women in the industry• Support – the importance of female ambassadors and mentors
  • Removing barriers to entry – looking at affordable training, conversion courses and flexible return to work policies, etc.

The report considered who the campaign to increase diversity should target. The following groups were listed:

  • Primary school
  • Secondary school
  • Apprentices
  • General university students
  • Specialist university students
  • Conversions from other academic disciplines
  • Conversions from other industries
  • Career changers/returners
  • Retention of existing cybersecurity professionals.

The 2015 research concluded that the most important group to prioritise was secondary school students, followed by university graduates.




three women in tech working on laptops, gender diversity

Schools, industry & recruiters need to do more to improve gender diversity in cyber security

three women in tech working on laptops, gender diversity

Schools, industry and recruiters need to do more to improve gender diversity in the cyber security industry, a new report has suggested.

The report, published by CREST, the not-for-profit body that represents the technical security industry, found that while awareness around gender diversity has improved, there is still work to be done to make a significant difference. The report highlights the progress that has been made in gender diversity across the cyber security industry in the past few years, and points to the next steps to further address the gender gap.

In polls taken at CREST’s gender diversity workshop, only 14 per cent of attendees argued that not enough work has been done to lessen the gender gap, but 86 per cent believed that while progress has been made, it is not nearly enough.

The study also found that 59 per cent of participants classified their experience in the industry as mixed, having received support and enjoyed roles but pointing to obstacles and challenges that had to be overcome as a result of being female.

The workshops had the primary focus and objective of inspiring change and concluded that the main priorities for change are encouraging girls at school to study computer science; improving visibility of female role models; challenging the perception of industry and perceived gender-specific roles; and industry-wide female mentoring and coaching.

The report suggests that the primary reason for the underrepresentation of women in the cyber security industry is down to a lack of interest in the subject from school age. When considering ways to make change, the report recommends that industry leaders – including directors, CEOs and accreditation bodies – could and should be responsible for approaching schools help educate and encourage students. Schools could also promote initiatives such as CyberFirst’s online Girls Competition, which aims to inspire the next generation of young women to consider computer science as an option with a view to a future career in cyber security.

Findings by CREST also point to issues with current recruitment practices, including the way job descriptions are written, the language used and arguably even candidate requirements. Female representatives at the workshops agreed that the inclusion of training options on the job advert would encourage more female applicants, as would flexible working hours, good maternity policies and back to work support. Another key finding is the demand for an industry-wide female mentoring and coaching scheme to create a stronger, closer female community whilst enabling women to grow and develop in their careers.

Speaking about the report's findings, Ian Glover, President of CREST, said, "It is encouraging that as an industry we are making progress, but there is a lot more to do and improving the visibility of female role models will allow us to challenge the perception of the cyber security industry."

"Schools hold the key and we need to help them to encourage more girls into the industry."

"Furthermore, the mentoring scheme would give a platform on which role models can help coach and guide others, which in turn will help to challenge the perception of gender as it relates to the industry."

"The actions are well-thought through, they are doable but just need the support of industry, education and recruiters."

You can download the full report here.

WeAreTechWomen covers the latest female centric news stories from around the world, focusing on women in technology, careers and current affairs. You can find all the latest gender news here.

Don’t forget, you can also follow us via our social media channels for the latest up-to-date gender news. Click to follow us on Twitter, Facebook and YouTube.