When we discuss the topic of diversity in cybersecurity, we tend to hear from senior leaders who explain the challenges they face recruiting and retaining diverse talent, and the efforts they are making to beat those challenges. This is a useful discussion, but it’s one-sided. In a continuously evolving industry, these senior leaders likely entered the profession from a completely different social and career environment to the one we are experiencing today. They would have faced different circumstances, and first hand experiences of entering the market – after a decade or two – lose relevance.
If we’re going to encourage diverse talent to enter the cybersecurity workforce, it’s a good idea to gather the perspective of those who have recently joined the industry. We should ask people who successfully joined the cybersecurity sector over the last five years about their experiences.
And so, in the latest episode of the Security Visionaries podcast, I spoke with three women who are still relatively early in their cybersecurity careers—and dispersed around the world—to extract some wisdom. The conversation was incredibly energising and informative (you can catch it all here), and at the end I asked for their thoughts on how we can attract more talent to the industry. Here is what I learned:
1. Start with education, fund scholarships and take on interns
Samantha Van Stokrom, a Solutions Engineer in Melbourne Australia, told me just how important her scholarship and subsequent internship were for her.
“My internship was the first one run in Australia. I think one of the main reasons that we now have other interns in Australia today is because that first one was so successful and done so well, that they decided to do more. I think that’s a really important part of not just getting more women or diverse people into the industry, but just people in general.”
Samantha also pointed out that in the regional town in Australia where she grew up, the accepted career path for most was to go into a trade. She believes that having more technology courses available in these rural areas would help people of all backgrounds realise their passion and talent for these subjects: “It’s a rolling effect—the more waves we make, the more it will grow.”
Overall though, “there’s a real lack of awareness of the pathways you can take—just because of how broad cybersecurity is and the massive different amount of things you could do.”
Increasing these pathways, and putting effort into making the career opportunities visible and financially pursuable will show more people, from a wider range of backgrounds, that they are capable of entering and succeeding in this industry.
2. Invest in the organisations trying to address your talent shortage
Jacklyne Mbuthia, a cybersecurity engineer at CyberGuard Africa, spoke about the need for upskilling, particularly from her perspective of growing up in Nairobi:
“The biggest challenge we’re facing in Africa is upskilling… an amazing case study is the CyberGirls programme in Africa, spanning different countries to bridge the gap in cybersecurity and upskill the girls in the industry. However, such programmes also face the challenge of finances.”
She points out that companies need to provide more funding for these kinds of programmes which are explicitly designed to give opportunities to women and minorities, to equip them to usefully enter the cyber workforce.
“Creating awareness and raising visibility of the existing training programmes that girls can leverage is going to be an amazing way to help bridge the whole gap in tech skills.”
3. Mentor someone
Jacklyne also described the importance of mentorship (and for me this quote is so powerful): “I am a product of my mentors… looking up to these individuals and seeing them succeed gives me hope that this is actually a place where I can thrive.”
When the success of a mentor rubs off on the mentee, it’s a win-win for both. We need more people who are willing to take newcomers under their wing and show them the ins and outs of the industry.
In theory, senior people say they’re open to mentoring, but it’s important that they make time in practice. A simple message on LinkedIn could be the first step to finding a mentor or a mentee.
4. Remember financial inclusion
The final point was raised by Ally Frame, a supervisor in Netskope’s Security Operations Centre in the US. Ally spoke about the importance of ensuring that a lack of finance did not create unnecessary hurdles for diverse groups. She told us about the local chapter of Women in Cybersecurity that she’s heavily involved in herself:
“We do a lot of things to help the community, like résumé reviews, putting on work sessions and talks, providing conferences and free conference passes. Part of inclusion is also financial inclusion – a lot of people seem to forget that.”
If you can’t find a cybersecurity chapter in your local community, why not start one up? If you run events and training, consider offering a certain number of free or subsidised passes for attendees from underrepresented groups.
A more diverse future
I can’t tell you how refreshing it was to speak with these three talented and passionate women at the start of their cybersecurity career. I braced myself for tales of hurdles and difficulties, but what I heard was optimism, positivity and some pretty tenacious drive. I am also sure I recall accurately the words “…send it and show the patriarchy what we’re made of” may have been spoken. While it is clear to me that there are already lots of great initiatives available to support new diverse talent, we need to be doing more to make these educational pathways, training programmes and networking opportunities more visible and accessible. And funding is often the key to giving diverse groups the chance to fix our industry’s problems for us.
Listen to our full conversation on the Young Voices on Diversity in Cyber episode of the Security Visionaries podcast. If you like what you hear, please subscribe to Security Visionaries on Spotify or Apple Podcasts to keep up with our latest episodes.