Female cyber leaders on breaking down barriers for women in cyber
By Ming En Liew
In a field that is 75 per cent male, where do women fit in? At the Singapore International Cyber Week 2022, women leaders in cyber discussed the challenges and triumphs of women in the industry, and what they are doing to bridge the gender gap.
In its fourth edition this year, Women in Cyber gathered international female cybersecurity leaders and practitioners across the public and private sectors to discuss the challenges that continue to hinder women from entering the cyber workforce, and what it will take to overcome them. Image: Singapore International Cyber Week/Cyber Security Agency of Singapore
The cyber talent shortfall is growing, according to Clar Rosso, the Chief Executive Officer of non-profit cybersecurity certification body (ISC)². Despite the global cybersecurity workforce hitting an all-time high with an estimated 4.7 million professionals in 2022, the industry is still short by some 3.4 million workers, revealed (ISC)²’s Cybersecurity Workforce Study 2022.
“Globally, while the workforce increased 11 per cent this past year, the gap increased 26 per cent. And here in Asia…it increased over 50 per cent,” Rosso revealed. She was speaking at a panel session titled ‘Strengthening Career Pathways for Women Cybersecurity Professionals’ at the Singapore International Cyber Week (SICW), held from 18 to 20 October this year.
SICW is an annual cybersecurity event organised by the Cyber Security Agency of Singapore. It brings together policy makers, industry leaders and top academia from across the world to exchange best practices and strengthen international collaboration on topics including emerging threats, cybersecurity policies, and creating a cyber-aware workforce.
But how can organisations find the talents they need to fill this gap? The World Economic Forum presents a simple solution: In an industry where men outnumber their female counterparts three to one, hire more women.
It is this very issue that the Women in Cyber sessions held during SICW hoped to address. Across two panel sessions, GovInsider heard from female cybersecurity leaders from around the world on how organisations can better attract women to join their ranks.
Addressing stereotypes in media
“Quite often, the stereotype that we associate with a career in cybersecurity is a male in a black hoodie,” said Abigail Bradshaw, Head of the Australian Cyber Security Centre. And such stereotypes can contribute to biases of what a cybersecurity career should look like.
Bradshaw cited research which found that advertisements for cyber positions often use darker colours with masculine terminology, and referenced highly technical concepts. This was true even in Bradshaw’s own organisation, which had hired a consultant to examine their advertising strategies.
They have since modified their advertising to cater to a wider audience. This included shifting away from a focus on individual and highly technical skill sets, for example. Their advertisements now focus on attracting people “who want to be part of a team to solve complex problems through diversity and excellence, as opposed to individuals who are too smart or too cool,” Bradshaw says.
Not everyone in cybersecurity comes from a technical background, Bradshaw highlighted. Beyond technical roles like programme and malware analysts, the Australian Cyber Security Centre is also home to linguists, communication experts and psychologists. In fact, the technical professionals don’t make up the vast proportion of people who do the magic in the organisation, she said.
Organisations need to take a different approach towards cybersecurity that doesn’t view it as a solely specialist skillset, she suggested. Rather, it is a mainstream language that everyone needs to be coherent in.
“It’s a competency that we all need to hold, whether you’re a member of board or whether you’re an owner of a smart device,” she said.
Creating a conducive environment
There’s a tremendous amount of bias in the workplace, both conscious and unconscious, that organisations need to address, Rosso said. “People don’t always understand what they do that gets in the way of providing opportunities to be inclusive, or provide advancement opportunities for individuals within their organisation.”
Organisations need to be purposeful about their inclusivity and equity practices, she suggested. For example, they could include diversity and inclusion training to help people become more aware of their unconscious biases. These are attitudes that individuals may hold subconsciously, such as the perspective that men are naturally better at technical skill sets.
Another important step is to create an even playing field for both men and women, Bradshaw added. For instance, the Australian Cyber Security Centre does so by ensuring that all genders have equal opportunities to care for children.
This includes advocating for equal paternity and maternity leave, so that the child rearing responsibilities are not borne by one partner over another. The Centre also holds their morning brief at a slightly later time of 9.30am, so that parents have sufficient time to drop their kids off at school prior to starting work.
In instances where an environment is not conducive, Rosso encouraged women to stand up for themselves. “If they don’t give you a seat at the table, bring a folding chair,” Rosso adds. And if that doesn’t work, she encourages them to simply try again elsewhere.
“There are radically different cultures within different organisations, so if the first thing you tried doesn’t work, try to get in somewhere else or start your own thing,” she said.
It’s important to have interventions that help people think differently about the choices they’re going to make, said Juliette Wilcox CMG, Cyber Security Ambassador, UK Defence and Security Exports, Department for International Trade.
The UK’s National Cyber Security Centre, for example, offers a girls-only competition as part of its CyberFirst programme. The competition calls for girls aged about 12 years old to form groups of four and compete in a competition that tests their computer science skills.
Wilcox also believes that a closer partnership between academia and industry can benefit the workforce. In the UK, she shares that students are getting more opportunities to experience the workforce as part of their university or apprenticeship training. “You’re starting to combine study with sitting beside industry and innovators, and getting to see what it feels like and looks like to be working in industry,” she explained.
Together, these initiatives help to build the interest of girls in the cyber industry. It’s a progressive process – girls are first encouraged to think about STEM subjects from a young age, and then made to be excited about such subjects through competitions. Subsequently, as they are studying, they are exposed to what a career in the industry actually looks like and options available to them.
Importance of diversity
“None of us do cyber just for the sake of cyber,” said Kemba Walden, the Principal Deputy National Cyber Director at the White House in the United States, at the panel session titled ‘Building the Next Generation of Cyber Leaders’. “My North Star is that we want to make sure that communities thrive in this interconnected world.”
And to do so, the industry needs to be diverse. Beyond just gender, Walden emphasised that what the industry truly needs is a diversity of thought, cognition, and even profession.
“One important thing for us, as females, is not to be packed into the stereotype,” said Tay Bee Kheng, President of Cisco ASEAN at Cisco Systems. “We have to think differently. We are 50 per cent of the population, and we need to be represented.”
And to the women still on the fence about joining the cybersecurity industry, Wilcox has a simple piece of advice: “Say yes more often than you say no.”
“Quite often, things will come along as opportunities or ideas or things that you will look at and feel a little bit scared about,” she said. “But you don’t know where these things are going to lead you. So even if you’re not quite sure where it’s going to, say yes…And you find it gets you to interesting places.”
Catching up with the evolving rules of cybersecurity