Women have the potential to help bridge the skills gap, yet they represent only 11 per cent of the cyber security workforce, according to ISC(2). This number has remained the same for four years, despite increasing recognition that gender diversity is a key part of fighting the cyber-attacks continuing to plague businesses on a daily basis.
But a number of programmes are emerging with the aim of encouraging more women into cyber security, starting at school level. Cisco, for example, runs several initiatives to help make the technology industry attractive to young women – including ‘Girls Power Tech’ for teens, which aims to inspire careers in STEM.
Encouraging young women to work in tech
Role models are another key factor in encouraging more young women to enter the cyber security sector. Take the example of Hazel Burton, Marketing Storyteller for IT Security at Cisco, who didn’t follow a typical career path into cyber security.
After completing a history degree and starting out in business marketing, Burton moved into technology and learned about the sector from the ground up.
“I developed a real fascination with cyber security from one single event. The speakers were so passionate about cyber security - and you'll find most people who work in this sector are equally so. What really intrigued me was how cyber criminals seem to pray on the ‘human element’ of Security and attempt to trick people into giving up their money or their data. The moralistic aspect of spreading awareness about this, and helping individuals and businesses protect their critical assets was (and still is) the best part about working in cyber security for me.”
A keen advocate for the benefits of diversity in cyber security, Burton thinks it’s important for overall perceptions to change: For example, that cyber security is a ‘macho’ environment where women aren’t welcome – when nothing could be further from the truth “Although, I have been to far too many ‘male only’ panels at events – that really doesn’t help this image,” Burton says,
“I think the more we can elevate or cast a light on the wonderful women who are doing great things, the more it resonates with future generations who are keen to make their mark on the sector.”
There’s no doubt cyber security is a male-dominated sector. At Cisco, Burton says her voice is always heard, but she concedes this might not be the case at other firms. “I haven’t seen any barriers or challenges in my work, but there is still an overall stigma and we should do more to make sure women don’t feel intimidated from entering our sector,” she says.
“We need people who can code, but we also need people who can think like hackers”
Of course, the cyber security industry doesn’t just need women with technical skills. “We need people who can code, but we also need people who can think like hackers,” Burton points out. “Hackers don’t try one way of breaching a business; they try 30 or more. We need creative thinkers who can also come up with those 30 ways – so their business can work on addressing those weaknesses.”
Indeed, Burton’s role requires her to be as close to customer challenges as possible, so she needs to utilise her top-notch communication skills. “I need to ensure I'm aware of new or escalating threats, so I’m in constant communication with Cisco’s threat intelligence team at Cisco Talos,” she explains.
After finding out about the latest threats, Burton’s job is to break down often complex jargon so it can be understood by a non-technical business audience. “Security should be understood by everyone in the business, because it's such a high priority” she says.
“I compare Security to the bullet trains in Japan – they’re the fastest trains in the world, but they’re the fastest trains in the world because they’ve got the best brakes. By embedding Security into your overall business strategy, you can grow a lot faster as a result.”
“In security, anything can happen”
Burton’s day-to-day role is varied – and of course, everything can be turned on its head if a major cyber-incident occurs. When the Wannacry cryptoworm hit organisations such as the NHS last year, Cisco needed to get the most accurate information out to people who were worried they might be impacted, she says. “You need to be flexible in this role because in security, anything can happen. People are going to demand answers”
It’s certainly an exciting job – and one Burton is well-suited to. She says she was particularly attracted to the sector because it offers the chance to help people learn how to protect themselves from today’s cyber threats. “If we can inspire just one person to do something different today which helps prevent cyber-crime, then that’s a day incredibly well spent,” she points out. “I need to have a role where I feel like I am doing some good and cyber security is a growing issue. Being involved in this industry feels like you are part of a movement.”
Small businesses and the security challenge
Amid a complex cyber security landscape, Burton knows small and medium businesses have an especially tough challenge ahead. “Smaller businesses don’t necessary have the budget or resources to install layers of security technology: They are increasingly reliant on their people to be able to spot cyber threats,” she says.
At the same time, she points out, they're often part of the supply chain and can therefore be used by hackers as a route through to larger firms. “Hackers will target those in the supply chain with weak cyber security, which is why SMBs are often attacked,” says Burton.
Therefore, she advises firms to ask the right questions in order to work towards an effective cyber security posture: “For example, how often do you update your systems? What’s your patching routine? Can your people connect securely when they’re outside of the firewall? If you are not the weakest link, someone else might be.”
Taking this into account, firms need to have a plan in place for when the worst does happen, she says. “Some attacks will get in, no matter how hard we try to prevent them (there’s no 100% in Security)– so we need to find and stop that breach as soon as possible. We need to identify what the damage is, rectify it, and then learn from it. Unfortunately, the average time to detect a breach is 100-200 days. That needs to be brought way, way down.”
Cyber security as a growth driver
It is with this in mind that Burton is now on a mission to change the perception of cyber security from something viewed as an inhibitor, to a factor that helps drive growth.
“When you get cyber security right, you have the confidence to use new technology and can move in a linear direction. Cyber security isn't something to be feared or ignored - it's actually a growth enabler” she points out.
With cyber-attacks increasing all the time, people are a firm’s most important asset – and a diverse workforce to ensure multiple ideas and ways of thinking is key to all companies. Encouraging more women to apply their talent to cyber security is part of this, Burton says. She advises anyone who is interested in a career in cyber security to start talking to people “who have been there, done that, and got the t-shirt”.
“There is nothing more valuable than talking to people who have gone through the process,” she says, adding that finding a mentor “is important”. "People at Cisco are always willing to talk to new graduates or anyone wanting to get into the IT industry."
At the same time, Burton adds: “People are looking for enthusiasm, so anyone interested in cyber security should take an approach to self-learning. Learn as much as you can and your confidence in the subject matter will grow.” Cisco offer free online courses in cyber security training – and that’s something you can pop down on your CV and show to future employees ”
- Small Business Security Essentials e-book
- For Women in Cybersecurity, Possibilities are Endless
- Thinking About a Cyber Career? Just Jump In
- Enrolling More Women in Cyber Engineering
- Curiosity, Exploration and Community – How I Paved my Own Path to a Cybersecurity Career