WHY IS A DIVERSE
WORKFORCE SO
IMPORTANT IN
CYBERSECURITY?
T
he IT security
industry is still
failing to attract
workers beyond
a highly limited
demographic,
the Chartered
Institute of Information Security (CIISec)
has warned.
Unless it can embrace greater diversity
– in gender, age, ethnicity, disabilities
and experience – it will face a stagnating
workforce and be unable to keep up with
a rapidly expanding skills gap.
According to the Enterprise Strategy
Group, the number of organisations
reporting a problematic shortage of
cybersecurity skills has increased every
year since 2015.
At the same time, CIISec’s survey of
information security professionals
showed that 89% of respondents were
male and 89% were over 35; meaning
the profession is still very much in the
hands of older men. If the diversity
issue isn’t addressed, then not only
security, but future development of the
cybersecurity industry itself, will suffer.
Many organisations point to the need
to develop specialist security skills
as a reason for reduced diversity, as
employees need the right technical
background. Yet the majority of IT
security professionals – 65% – still
believe that the best way to develop
security skills is to learn on the job.
At the same time, many individuals
will have already developed the skills
needed in security in other careers,
from attention to detail and identifying
unusual patterns of behaviour, to the
communication skills needed to drive
security awareness and behavioural
change in others.
www.intelligentciso.com
|
Issue 20
“The expectation that security is purely a
technical subject has led to a focus only
on very specific individuals to fulfil roles,”
said Amanda Finch, CEO of the Chartered
Institute of Information Security.
“Even if we weren’t in the middle of a
skills crisis increased diversity should
be a priority, but the present situation
makes it critical. Expanding the industry’s
horizons isn’t only essential to make sure
the industry has the skills it needs.
“It will give a whole range of individuals
the opportunity to thrive in a new career
and in the long term protect the industry
from stagnation by introducing more
varied backgrounds.”
As a broad industry, security has a
position for every background and
multiple opportunities to apply already-
existing skills. For instance, a librarian
may be particularly adept at, and find
satisfaction in, recalling and connecting
information to ensure everything is in
its correct place – essential in spotting
evidence of a security breach. Other
examples of transferable skills include:
• Tracking and managing multiple
actions at once – parent returning
to work
• Leading teams in stressful conditions
– armed forces
• Demonstrating and explaining best
practice clearly – teacher
• Teamwork and collaboration under
pressure – hospitality staff
• Following best practice consistently
while still being able to adapt – driver
As well as expanding its own horizons,
the industry also needs to make a more
diverse audience aware of the benefits
a career in security can provide and
encourage them to switch careers or
begin a new path. The opportunities
are clear. A total of 86% of information
security professionals say the industry
will grow over the next three years and
13% say it will ‘boom’.
27