The UK’s cybersecurity industry remains heavily male-dominated, with women holding fewer than one in five roles.
Women also face greater challenges when entering the field, with 37% reporting barriers compared to just 18% of men. There is no doubt that the technology industry has barely changed in the last 30 years and cyber still feels very much like a boys’ club.
The lack of female and diverse role models makes it particularly difficult for underrepresented groups to navigate the industry. As a result, the same talent pools with similar backgrounds and qualifications continue to be chosen in the industry.
Cybersecurity also struggles to shed the perception that only individuals with advanced technical skills can succeed. In reality, those skills are often the easiest to teach. What the industry really needs and impact skills. Impact skills can range from creativity, problem-solving and critical thinking, qualities that career changers can bring.
Now is the time for the cybersecurity industry to move beyond its boys’ club mentality and embrace diversity at all levels, from entry-level positions, all the way up to the boardroom.
Tackling business challenges
Cybersecurity is an industry that benefits exponentially from diversity. Technologies such as generative AI are making it easier than ever for threat actors to launch attacks on individuals and organisations. However, the homogeneity of a traditional cyber team, made up mostly of white, middle-class men can jeopardise the organisation’s security. With a host of similar worldviews, these teams may lack the diversity of skills and ideas to tackle the range of existing threats and get into the minds of hackers.
Therefore, it simply makes business sense to create more diversity in cyber teams. By curating a team of individuals from a variety of backgrounds and experiences, teams can avoid blind spots and bring together different perspectives and critical thinking to tackle new challenges with creativity and ingenuity.
Increasing diversity in the workforce
But how can we rebrand and create a more diverse workforce? It’s a question that has been on the table for decades and from my perspective, it’s certainly not going to be solved by government policies. While policy changes are necessary, they alone won’t solve the deep-rooted issues affecting the industry. With no one owning the problem and the Government coming up with the same routes and policies year in and year out, more needs to be done.
As a start, we need to do more at a grassroots level in schools and reposition how cyber is presented to those starting to think about their careers. The idea of STEM, for example, can be counterproductive. It rolls several subjects into one and can make it confusing. So, making it crystal clear what options students have is important. Careers in cyber can be incredibly varied. From an information security analyst to a principal security engineer, these roles don’t rely solely on individuals having technical skills. It requires a diverse set of skills including teamwork, communication and lateral thinking to be successful, miles away from the assumption that cyber is just for men in a hooded jumper over a laptop.
The hiring process is a place where a lot of this progressive change can happen. Ensuring hiring managers are prioritising skills and experience over qualifications can help encourage career changers and those from non-traditional cyber routes into the industry. Relying solely on traditional university degrees as the main entry point into the field is proving to be increasingly limiting and considering alternative pathways when hiring will help diversify the talent pool.
Once they start to encourage more diversity by removing the first barriers they can create the key-stone of building diversity: role models. Without people who have made the move before, it’s challenging to know how to get in, or even see it as a viable career path in the first place. So encouraging role models from a diverse range of backgrounds is vital to opening up the industry to others.
When the economy is volatile, however, it can be hard to justify the budget to add fresh diverse talent permanently. A way that hiring managers can navigate both diverse skills shortages and budget constraints is by contracting certified cybersecurity specialists into vacancies temporarily. Paying contractors a fixed daily rate comes out of a different budget to permanent hires, and can quickly diversify a team’s skill set. It also establishes a diverse talent pool for when the team is ready to make a permanent hire.
A crucial part of rebranding from being an old boys club is ensuring that diversity is also represented at the board level. This can ensure workplaces continue to be welcoming places for all demographics by having a voice at the decision-making table.
Recognising the value of change
Cybersecurity has long been dominated by the old boys’ club and if this continues the industry risks missing out on talent with critical skills needed to combat evolving security threats.
To address this, hiring managers must broaden their approach by welcoming individuals from non-traditional cyber backgrounds. This means valuing career changers and focusing on transferable skills, such as problem solving and creativity, rather than just technical abilities. By bringing in temporary talent on a contractual basis, leaders can diversify their workforce and build a robust talent pool for future permanent hires. Expanding this pool will build diversity at all levels, ensuring broader representation and inclusion. Ultimately, this will enable the cybersecurity industry to fully realise the benefits of diversity.
