Half the world is female, so why do women only make up 1% of security leaders?

One is indeed a lonely number, particularly in my industry – cybersecurity. While gender diversity is slowly inching up in many industries, diversity is severely lagging in cybersecurity, where women make up only one percent of executives.

Diversity in cybersecurity is not a female-only issue. It should matter to everyone because cybersecurity is an immense global challenge that is gender agnostic. And to be effective, we need solutions to be as diverse as possible. Diversity drives adaptation and innovation, allowing companies to develop industry-leading technologies and solutions to face cyber terrorists, ransomware threats and every day hacks that are all part of the cybersecurity challenges the world faces today and the evolving attacks of tomorrow. 

To explore this issue more in-depth, my company recently hosted a dinner for 15 CIOs and security professionals, who differ in age, experiences, ethnicities and industry sectors. And while we all came to the table representing varied points of view, we could all agree commitment to diversity and inclusion is both the right thing to do – and it makes business sense. In McKinsey’s 2017 “Delivering through Diversity” report companies with high gender diversity were 21 percent more likely to have above-average profitability. However, tech firms were found to have the biggest decline in diversity since McKinsey’s 2015 report.   

It was clear to all of us that there are still challenges to increasing diversity and as a group we wanted to end the evening with actionable steps to help create change. We landed on three primary areas of focus that could help increase and retain female executives within the industry today. These include the need for more female role models in both cybersecurity and STEM; broader adoption of flexible work policies; and finally, change in how we hire and identify talent. 

Back to school

We need role models, not just in cybersecurity but also in all science, technology, engineering and mathematics (STEM) subjects. One woman at the dinner described her journey from primary education to cybersecurity professional, seeing fewer and fewer female role models in leadership roles along the way. She said, “At primary school, women tend to be in charge. But by the time I got to university and had the opportunity to hear industry speakers, all the leaders were men.”

There are many opportunities to speak publically – returning to a school, presenting at work and presenting at industry events. We should all take some responsibility in either putting ourselves forward for such opportunities, or if we are in leadership positions, encouraging and driving more women to inspire others to join the industry. 

Flexibility from the top

While flexible working has increased and is acceptable at most companies, there are still lingering misconceptions about part-time or adapted hours. Many women at our dinner told similar anecdotes of taking career breaks to raise a family or to care for aging parents – and had experienced negative comments or actions because of this. 

It seems inconceivable that we are still having this conversation in 2018, but the group reported multiple stories of challenges faced. Flexible work policies need to be the norm, and with modern and remote working practices there is no reason why it should not be embraced by leaders. According to BCG’s 2017 US Gender Diversity Survey, flexible work policies is also the number one priority for male and female employees under 30 and to retain talent companies are finding they have to accommodate these employees. 

Ultimately, it is everyone’s responsibility to encourage flexible working for all genders, and each of us can do our part to challenge any reluctance or bias in the workplace. 

Bring hiring processes up to date

One change I’ve personally want to see in the cybersecurity industry is change to traditional hiring processes. It occurred to me during the dinner just how stuck we are with a recruitment model developed by civil servants in the 1950s, and it is holding diversity back. This legacy model is based on people we know or by recommendations. It adds filters and screening methods such as the location of the job, previous experience and academic qualifications.

Why, for example, are we asking for submissions and samples in writing when the roles we’re recruiting for touch much broader skillsets? There are so many ways recruitment could be improved to increase diversity in the cybersecurity workforce. And, while having a candidate recommended to you by someone you know can be ideal: question yourself. Are you always choosing people like you, people from a company or university you know?

IT hiring managers should challenge themselves and their HR team to provide alternative methods for people to apply for roles: verbal, video, or practical demonstrations are just three, which spring to mind. Take a page out of Silicon Valley’s book and run hackathons: allow people to demonstrate in a near real-world situation how they would handle the challenges they face every day.

Much has been said about the readiness of the cyber workforce in the face of growing security threats and attacks. Diversity in cybersecurity talent is a big part of an organization’s ability to protect its most important assets—its critical data and people. And, it requires everyone to the defense. 

Collectively championing the business value of diversity – we can broaden the conversation and truly make a difference in both the cybersecurity industry – and the world.