A diverse and inclusive workforce is a key feature of any successful organization. In industries encountering stereotyping – like Cyber Security and many other technical fields – attracting diverse candidates can be challenging. But you know that sometimes the best people for a role aren’t just the ones who’ve done it before. It might be someone who brings a fresh perspective and strong set of transferable skills.
We spoke to 16 impressive women working in Cyber Security about how to remove barriers to entry and attract women to non-traditional roles. For their tips on encouraging amazing women to apply, read more below.
Emma Leith, Chief Information Security Officer at Santander UK: I think efforts to improve representation of women in cyber security are starting to build momentum, but I don’t underestimate how much further we need to go to shift the balance. There are female rock stars in the industry who are the voice for many and do such amazing work. For me the most important aspect is to improve the image and profile of the cyber security industry to open up to new talent who would never ordinarily have thought about a career in cyber security. Or who did not know it existed as a career. Employers should look to attract, retain and develop women across all areas of cyber security and create a workplace where they can be successful and shine to their full potential.
Stacey, Cyberspace Warfare Officer at Australian Defence Force Australian Defence Force cyber teams work diligently to protect Defence networks and intelligence from digital threats: The biggest challenge for employees will be identifying how and where to promote cyber security roles to ensure they are reaching a wider audience. A large number of people don’t know about the opportunities available in cyber related fields until they have delved into another career and come across it, or are nearing the end of university. Showing that it is a viable and interesting career that anyone can take part in, is key to improving diversity in the industry.
Corporal “K”, Electronic Warfare Operator, 138 Signal Squadron, Australian Army (Reserve), working remotely in Canada. And, Lieutenant “N”, Cyberspace Specialist Support Team Member, 138 Signal Squadron, Australian Army (Reserve) Due to the nature of their roles, their names are protected. Australian Defence Force cyber teams work diligently to protect Defence networks and intelligence from digital treats: Trying to change the culture in the entire industry is a big task, so start at home with your own organisation. Great leadership and available mentors are an important commodity to an organisation; combined with a targeted approach, can improve diversity in the industry and provide a flourishing environment for talent growth.
Helen Rabe, Global Director of IT Security at Abcam) UK: This is a challenging topic, personally for me I believe that employers can look to leverage internal talent as a starting point. My recommendation is, don’t create entry barriers… Identify talent and leverage that talent if they show an interest.
Martha McKeen, Executive Manager Cyber Outreach at Commonwealth Bank: Just 24% of the global cyber security workforce are women. And in Australia, that statistic is even lower – just 19%. The reasons for this are varied and include problems with specific practices and policies in our sector that exclude, marginalize, or disadvantage women. The solutions to this are equally as varied and will take systemic and organizational change.
In schools, we need to ensure girls at pivotal stages are supported to choose STEM subjects that equip them with the foundational technical skills they need to pursue cyber in later stages of their education.
Employers need to think about the downstream factors contributing to lower numbers of women entering the sector and lean in to help support programs that inspire, educate and support girls to pursue subjects that lead to careers in cyber. At the Commonwealth Bank, we are proud to support programs like the Schools Cyber Security Challenges that teach high school students the fundamentals of security and introduce them to careers in cyber through online learning and virtual mentoring.
Gyle dela Cruz, Cyber Threat Analyst at Cyber Research NZ: Women are still underrepresented in the general ICT workforce, with only a 29 per cent participation rate. The latest WGEA (Workplace Gender Equality Agency) Gender Equality data shows a gender pay gap too. Some companies may have a diversity policy, but there should be strategies put into place to implement those policies.
Akshaya Kalyan, leading the IAM Managed Services team in Cyber Intelligence Centre at Deloitte: I really like the gender equality initiatives taken by Deloitte. The women’s day celebrations are great with emphasis on sponsorship topics for female employees which is impressive. The maternity leaves and policies are impressive and encourage women to return to the workforce after the break. Unfortunately, we don’t see many female leaders within Cyber. I’m looking forward to having more female leaders in the Cyber industry.
Tanya Mears, Director – Cyber Security at EY: I feel the metrics put in place with regards to recruitment and leadership roles are a good start. However, it can be difficult for employers when there is already a significant imbalance of candidates applying for roles in security, more specifically at the graduate/intern levels. So, in addition to continuing to support women within organizations, there needs to be a greater focus on encouraging women to take up information security-related studies at university.
Shiva Mierczak, Security Engineer at J.P. Morgan, Australia and New Zealand: There is always more that can be done and it is important that impact is made early. I would love to see awareness for this field elevated in school, and for organizations to talk to girls about study and career opportunities, furthering these discussions at university and beyond. Additionally, women in technology industry groups help foster belonging, a sense of community and advance women in the field.
Sarah Young, Azure Security Architect at Microsoft: There’s definitely been more of a visible push to get more women in tech and specifically cyber security in the last few years, but we’ve still got a long way to go to further diversify the tech industry, and that’s not just in terms of gender. I think employers need to go looking to find more diverse candidates – they can’t just assume that they will apply for roles and need to use their HR/recruitment teams to proactively invite diverse candidates to apply for roles.
Bronwyn Mercer, Cybersecurity Consultant at Microsoft: As more women explore cybersecurity careers and enter security roles, I think it’s important that organizations build inclusive cultures which celebrate diversity and actively advocate for individuals from minority groups. People should feel that they belong in security, without the pressure to change their identity to fit the traditional tech industry stereotypes. Research shows that diversity drives innovation, but inclusion is an essential piece of the puzzle in providing the right environment for diverse individuals to thrive and propose new ideas.
Adeline Martin, Cyber Security Operation Analyst at Origin Energy: Employers actively supporting forums such as WIT (Women in Technology) and AWSN (Australian Women in Security Networking) can help make potential candidates aware of the interesting work available in cyber security and learn a little more about our culture and what it’s like to work there. The energy industry is not the first place many people think of when choosing a career in cyber security and being involved in these forums let potential employees know all the great and interesting things we are doing in this space.
Jane Hogan, Manager Information Security at QSuper: Compared to when I started in this industry over 17 years ago, there definitely is a better gender balance taking place in cybersecurity. I feel this is largely due to employers recognizing the immense value in building a team with a wide range of skills and backgrounds. Technology is only one part of cybersecurity. There’s design, project delivery, architecture, strategy, customer and product development, communications, threat intelligence and fraud, leadership, human behavior and psychology, data management, marketing and a whole lot more that’s required to build a successful, mature and diverse security team.
Jasmin Brain, Cyber Assurance Lead at Woodside Energy: Employers should be willing to break with traditional thinking on cyber security, not just for female participation but also encouraging and promoting cultural and ethnic diversity to break the “unconscious bias” we all have. It shouldn’t just be the HR department that needs to consider ‘outside the box’ candidates – all areas of business should challenge themselves when recruiting and recommending candidates – without diversity of thought, you will always experience the same problems and issues because your solutions don’t change. Recognizing and challenging our inbuilt assumptions goes a long way in determining who is best suited for roles and projects.
Emma Lovell, Senior Manager, Cyber Security Governance at Woolworths Group: Building a powerful and effective cyber team is all about embracing diversity, not about recruiting people from the same backgrounds who think alike. Modern organizations like Woolworths Group understand that a diverse team is greater than the sum of its parts. When it’s time to recruit I like to think we challenge the archetypes of what makes a good cyber security team member and that helps us cast a wider net and get attention from a diverse range of people. It was this approach that made me consider taking on my current role in cyber security. My team is energized about engaging young people and helping them understand how technology, risk and cyber security domains can provide compelling and rewarding careers. We engage with our early career pipeline through industry events, universities and secondary schools. It’s a powerful way that we can effect change in the way young women see cyber security. We also support our developing talent through sponsorship and mentoring programs.
Catherine Burke, Lead Compliance & Security Analyst at TfGM (Transport for Greater Manchester) UK: In my opinion I think it comes down more to education in schools/universities. Cyber Security has various roles, soft skills and hard skills. Most people associate Cyber Security as a technical role within a male industry. This is not the case, within my role there is so much more to cover. It is not always about the tech skills providing pen-testing, security of networks, IOT etc. Organizations can promote diversity and encourage young women to believe there is a career path within Cyber Security for both genders, tech and non-tech roles.
To stay across best and next practice policies from Endorsed Employers for Women, subscribe to our fortnightly updates.
The views expressed in this article are the views of the author, not Ernst & Young. This article provides general information, does not constitute advice and should not be relied on as such. Professional advice should be sought prior to any action being taken in reliance on any of the information. Liability limited by a scheme approved under Professional Standards Legislation.
About the author
To help women find a workplace that will work for them, we prescreen employers on flexible working, parental support policies, PTO and their focus on pay equity, and more. Find your next role on the WORK180 job board.