Why diversity is vital for a strong cybersecurity team

How would you summarise the year so far for yourself, your company and the local tech industry?
The pandemic has transformed the workplace and the way businesses and consumers use digital technologies. The attack surface has expanded greatly with the hybrid work model, and the cybersecurity industry has evolved to address the associated risks.

At the organisation level, our focus this year is to strengthen our security strategies to support the new work-from-anywhere environment. It has involved expanding our adoption of zero trust and providing continuous, contextual education for our employees regarding the threat landscape and security controls. We have also ramped up our efforts towards aligning our SaaS business solutions and security processes with various international standards and regulations.

Why is diversity important for a strong cybersecurity team?
Cybersecurity is an area that requires a multidisciplinary approach to solving problems, allowing people with different specialties to contribute. Security engineers, threat analysts, incident responders, digital forensic experts, ethical hackers, and risk and compliance analysts are a few of the specialised roles in a modern cybersecurity team.

The cyberthreats we currently face are wide-ranging and instigated by hackers of varied backgrounds and motives. Having a team of individuals with diverse skill sets brings different ways of thinking and fresh perspectives to old problems and new challenges. Some common traits of people who thrive in this profession are curiosity, persistence, a risk management mindset, and a willingness to take on challenges.

Building a diverse team is not only the right thing to do from a moral perspective in terms of giving opportunities to everyone, but it is also quickly becoming a necessity because of the huge skill gap the industry is facing.

What prevents women from pursuing a career in cybersecurity?
There is an overall underrepresentation of women in engineering and computing. As a related field, cybersecurity also faces the same issue. A major deterrent is the stereotyping of the industry. Often, people in cybersecurity are depicted as hoodie-wearing men who sit in front of computer screens and hack systems. It is portrayed as a high-stress environment with cutthroat competition. For outsiders, this creates a negative, unwelcome perception that can deter women from entering the this field.

What steps should be taken to attract more women in this field and how do you think employers can make a difference?
Organisations need to expand their idea of the right person for an open cybersecurity position. Traditional means of recruiting often do not accommodate diversity and different experiences. Some important areas employers can work on are:

Raising awareness about the profession: Employers can partner with universities to offer early career guidance and internship programs, making the career path more visible. This helps young graduates pick up real-world experience in cybersecurity and makes the field more attractive for graduates of any gender.

Internal upskilling: People can take different routes to cybersecurity, transitioning from other teams like IT, software engineering, marketing, and even legal. Being open to such transitions and providing training will attract more passionate talent to the security team.

Highlighting female role models: At both industry and organisation levels, it is important to promote women in cybersecurity, their career paths, and their milestones. This positive reinforcement encourages women who are apprehensive to step forward.

What are the key tips/advice you will offer aspiring women leaders/entrepreneurs to help them progress in this industry?
At its core, cybersecurity is about protecting people from harm. There are ample opportunities in this field for women with a risk management mindset and diverse perspectives. My key tips for excelling in this industry are:

Embrace learning: Cybersecurity is a highly dynamic field that requires constant learning and upskilling. Staying up to date matters a lot in this industry. Be a continuous learner and always take on new challenges. Focus on excellence and prove yourself with your skills.

Cultivate allies at all levels: Have a strong peer network and participate in local industry meetups and conferences. These are great opportunities to network and learn about new technologies and real-world problems and solutions.

Be vocal about your goals: It is important to take ownership of your career path. That means expressing yourself clearly and being an advocate for your own interests.

Read: Cybersecurity: Are we doing it the right way?