How can we rethink diversity in cyber? //17.09.20
The fact is that cybersecurity has a talent gap as well as a diversity problem: innovative startups struggle to source skilled talent, and it’s not yet made the leap into the mainstream consciousness of the tech sector. Part of the reason for this is that it has a bit of an image problem and it’s still regarded as a niche, separate world. A world of white men in oversized hoodies hunched over a keyboard.
The government’s championing of Secure by Design principles (which LORCA member Licel has written about for LORCA Live) has begun to change perceptions, and it’s important that those in the cyber sector continue to spread the word. Given that it’s impossible to predict the multitude of ways a system could become exposed in the future, security should be built into technology at a foundational level. And all coders and designers should address security considerations at an early stage, rather than leave it to someone else.
But this is not just a question of technical protocols: those creating tomorrow’s technology solutions need to have a firm understanding of human behaviour and the ethical questions surrounding data. They need to appreciate the value of data and the importance of protecting its integrity.
The role of ethics in cybersecurity isn’t discussed nearly enough, but the word “cyber” (originally cybernetics) comes from Greek and it has nothing to do with silicon chips. In fact, the word meant to steer, navigate, or govern. This is very close to what we understand ethics to mean. At its core, cyber is about determining good and bad behaviour regarding our most valuable asset: our data.
This is an important task that requires people who possess a broad range of skills and experience (including empathy), but a career in cyber isn’t normally framed in this way.
The business case for inclusion and diversity
Having led Plexal’s inclusive innovation work, I’ve also gained an appreciation for the role of having genuinely diverse teams when creating technology. It’s not about hitting quotas or making sure there is always an under-represented group on a panel debate for the sake of optics alone. No, diversity is in fact the mother of innovation because it ensures the people creating technology reflect the people who use it. And people from different backgrounds bring different – and crucial – perspectives.
But the cyber sector has a lot of work to do. About one in seven people in the cybersecurity workforce are female. Female representation in cyber lags behind the digital sector by almost 100%, and lags behind the population by more than 300%. It’s also important to recognise that the issue of diversity isn’t confined to gender. Specifically, the representation of diverse ethnic backgrounds needs to improve and there’s more we can do to capitalise on the value that neurodiverse people can bring.
The sector has widely acknowledged that it must do more on the talent and diversity fronts, but to make real progress we should reframe the challenge by recognising the value that empathy and diverse thinking can bring.
To join the debate on diversity and skills in cybersecurity, join our closing panel for LORCA Live at 16.30pm GMT on Friday 18 September.
Figures show that 15% of the cybersecurity workforce are female, vs 28% of the wider digital sector and 51% of the UK population. 16% of the cybersecurity workforce come from ethnic minority backgrounds, vs 17% of the digital sector and 20% of the UK population. 9% are neurodivergent; no reliable comparisons are available; estimates range around 1 in 7. Statistics are drawn from the National Cyber Security Skills Strategy and the 2011 National Census.