When we discuss the topic of diversity in cybersecurity, we tend to hear from senior leaders who explain the challenges they face recruiting and retaining diverse talent, and the efforts they are making to beat those challenges. This is a useful discussion, but it’s one-sided. In a continuously evolving industry, these senior leaders likely entered the profession from a completely different social and career environment to the one we are experiencing today. They would have faced different circumstances, and first hand experiences of entering the market – after a decade or two – lose relevance.
If we’re going to encourage diverse talent to enter the cybersecurity workforce, it’s a good idea to gather the perspective of those who have recently joined the industry. We should ask people who successfully joined the cybersecurity sector over the last five years about their experiences.
And so, in the latest episode of the Security Visionaries podcast, I spoke with three women who are still relatively early in their cybersecurity careers—and dispersed around the world—to extract some wisdom. The conversation was incredibly energising and informative (you can catch it all here), and at the end I asked for their thoughts on how we can attract more talent to the industry. Here is what I learned:
1. Start with education, fund scholarships and take on interns
Samantha Van Stokrom, a Solutions Engineer in Melbourne Australia, told me just how important her scholarship and subsequent internship were for her.
“My internship was the first one run in Australia. I think one of the main reasons that we now have other interns in Australia today is because that first one was so successful and done so well, that they decided to do more. I think that’s a really important part of not just getting more women or diverse people into the industry, but just people in general.”
Samantha also pointed out that in the regional town in Australia where she grew up, the accepted career path for most was to go into a trade. She believes that having more technology courses available in these rural areas would help people of all backgrounds realise their passion and talent for these subjects: “It’s a rolling effect—the more waves we make, the more it will grow.”
Overall though, “there’s a real lack of awareness of the pathways you can take—just because of how broad cybersecurity is and the massive different amount of things you could do.”
Increasing these pathways, and putting effort into making the career opportunities visible and financially pursuable will show more people, from a wider range of backgrounds, that they are capable of entering and succeeding in this industry.
2. Invest in the organisations trying to address your talent shortage
Jacklyne Mbuthia, a cybersecurity engineer at CyberGuard Africa, spoke about the need for upskilling, particularly from her perspective of growing up in Nairobi:
“The biggest challenge we’re facing in Africa is upskilling… an amazing case study is the CyberGirls programme in Africa, spanning different countries to bridge the gap in cybersecurity and upskill the girls in the industry. However, such programmes also face the challenge of finances.”
She points out that companies need to provide more funding for these kinds of programmes which are explicitly designed to give opportunities to women and minorities, to equip them to usefully enter the cyber workforce.
“Creating awareness and raising visibility of the existing training programmes that girls can leverage is going to be an amazing way to help bridge the whole gap in tech skills.”
3. Mentor someone
Jacklyne also described the importance of mentorship (and for me this quote is so powerful): “I am a product of my mentors… looking up to these individuals and seeing them succeed gives me hope that this is actually a place where I can thrive.”
When the success of a mentor rubs off on the mentee, it’s a win-win for both. We need more people who are willing to take newcomers under their wing and