Diversity: A Little Less Conversation
Here’s a look at the people and organizations working to solve cybersecurity’s diversity problem.
In my previous blog post for Digital Guardian, I discussed the lack of diversity in cybersecurity and why we should all be focused on attracting people from all walks of life to our community. In this article, I want to showcase what individuals and organisation in the UK are actually doing to make a difference.
Brian Higgins, Business Development Manager EMEA at (ISC)² outlines why we need some serious action on this issue: “Working with talented young people and the adults responsible for their care and wellbeing I would estimate that in around 80% of the stories they tell me, diversity, whether it be gender, physical, social or neuro, has been a barrier to opportunity and success.”
The Cyber Security Challenge is a big player when it comes to reaching out to young people and showing them the opportunities that cybersecurity offers.
Stephanie Aldridge, Diversity and Cyber Centurian Lead at the Challenge, explains how diversity is at the very heart of what they do: “Cyber Security Challenge UK was set up by a woman, Judy Baker OBE, with the model that ‘allowed anyone with a capability’ to showcase their skills by playing industry written games. In 2017, The Challenge continues to be a platform for ‘diversity’ in that as our team run events across the UK, we support and take time to cover the diversity agenda across the broad spectrum of our educational and board activities through our personal touch and community.”
The Cyber Security Challenge is a national initiative, and I first became involved with it many years ago when I spoke at a regional event. I interviewed Judy Baker OBE, who spoke passionately about the need to reach young people in the northern regions of the UK, not just people who had access to London.
In the North Yorkshire town of Scarborough, Guy Baumann has founded Krash Labs, a permanent out-of-school computer club to support young people in his area: “Whilst many of the young people use [Krash Labs] as a place to game socially we also encourage coding and exploring new technologies such as 3d Printing… We have offered apprenticeships, work placements and work with many local charities, organisations, schools and businesses. We naturally attract many young people with SEND [special educational needs and disability] and for many of them we are the only out of school club they enjoy and where their parents are happy to leave them.”
Guy explains why initiatives such as Krash Labs are so important to reach young people: “some of the children I work with will never pass their English GCSE, yet can speak 10+ different computer languages and can spot a missing semi-colon or mismatched parenthesis in code with ease.”
Someone else taking action on diversity is Daniel Cuthbert, who “was getting annoyed with the 'no women in tech, it's terrible' and yet at the same time I didn't see much action. Our idea was small, but offer complimentary access to one of our courses of her choosing, the flight and a room at the Mandalay Bay and also access to Black Hat itself.”
Daniel saw first-hand the appetite that was out there for such an opportunity: “Myself and Sara weren't expecting much response but wow were we shown to be wrong: we had so many!! Some truly brilliant submissions that gave us a hard time deciding. Sadly due to U.S. visa issues, Sophina [the winner] wasn't able to attend the U.S. but we are planning on getting her to the UK. With my new role at Santander, this is something I’ll be pushing as one of my core directives in community outreach. I want to encourage other big organisations to do the same, it's only when collectively we set the example by acting and not just commenting, that we will see change.”
There are some great networking groups who often run events or have stands at cybersecurity conferences in the UK, including Women in Cyber, the Fraud Women’s Network, and Women in Security.
There is also a women in security group ran out of central government. This Women in Security Network was set up in early 2015 by Cath Hood and Sophia Adhami in the Cabinet Office. The pair have organised a number events for Government employees working in cybersecurity to hear from inspirational speakers and successful women on topics such as overcoming barriers. Cath said: “Through conferences and networking events that reach large audiences across government, we encourage and promote the importance and benefits of inclusiveness and having a diverse workforce.”
GCHQ has also, in recent years, taken great strides to increase diversity, recognising that the institution acted terribly in this regard for many decades. Robert Hannigan, ex-Director of GCHQ, apologised in 2016 for the way Alan Turing, and other gay people, were treated up until the 1990s, when the ban on hiring gay people was finally lifted.
GCHQ now recognises that it depends on those who “dare to think differently and be different,” and that it needs to do more to attract a diverse workforce. Via initiatives such as DeCoded and CyberFirst Girls, GCHQ is actively seeking to improve representation of people from a Black, Asian, or minority ethnic background, as well as women.
If you’re reading this article and wondering what you can do to improve diversity, Brian Higgins has some advice: “Bias, assumption and prejudice will never be eradicated from the human condition but we can all do a lot more than we realise to minimize and mitigate their impact. Think about how you recruit, manage or simply carry out your day job. Don’t assume; research, educate and inform. Look for ways to challenge and change.”
Steph Aldridge’s words remind us that we can all do our part to be more inclusive: “My question to anyone reading this article is to ask yourself, ‘When was the last time you engaged with someone who didn’t look, sound or feel like you?’ If you haven’t had to try a bit harder to overcome or engage, you may be sticking within your comfort zone. That’s not where diversity lives and that’s not how you make your company or world smarter.”
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business