Leading UK cyber security experts have called on women to be each other’s allies and support as they develop careers in the sector.
The Celebrating Women in Cyber Security and Breaking Down Barriers online conference, held on International Women’s Day (March 8), heard from a diverse panel of headline speakers.
These included Dr Claudia Natanson, chair of trustees of the UK Cyber Security Council; Professor Lisa Short, founder of Areté; Stephanie Itimi, CEO of Seidea; and Nicola Hudson, director of communications at the UK government’s National Cyber Security Council (NCSC).
Hosted by the UK Cyber Security Council and Women in Cybersecurity (WiCyS) UK, the event not only celebrated women working in the sector but also aimed to inspire women to further their careers and to attract more women into the industry.
Dr Natanson, a former nuclear scientist who moved into cyber security, told delegates that women should believe in themselves and never give up.
“I know in many of my journeys I have had to dig deep to find that conviction and strength mentally that I never even knew existed. We must be prepared to dig deep, using our own self-belief, to get to those convictions,” she said.
She also urged women working in such a male-dominated industry to find trusted support:
“Without good support, it’s a lot to ask and we must create support and safe havens for women as they enter the profession,” added Dr Natanson.
Talking about the work the UK Cyber Security Council is doing, she said: “The Council is doing its part in creating opportunities to find new career pathways for wanting to enter the profession of cyber security.
“On International Women’s Day, it is fitting as well. For a profession where the percentage of women remains extremely low; a profession where we have to address the gender balance, our mission also dictates that we place diversity, equality and inclusion into everything we do and support.”
Stephanie Itimi talked about the importance of diversity and inclusion, as well as focusing on how to make women feel empowered and respected in the industry. She said supporting individuals who are building their careers, mentoring them and endorsing women by inviting them to be part of networking groups all help to create a strong and diverse community.
“One of my favourite quotes is that diversity is being invited to the party, but inclusion is being asked to dance,” she said. “This is important because it’s about how we make people feel empowered and respected. We need to have a global mindset, we need to have a diverse perspective.
“When we are dealing with how to create an inclusive culture, we need to think about how we open the doors for others, especially those from minority backgrounds.
“We have to be very radical when talking about diversity and inclusivity, we can’t pay it lip service,” she said. “Empower your staff; protect your staff. Become an ally as an organisation – what can you do today to make small changes? What are you doing to show you are taking this seriously and it isn’t a PR stunt?”
Nicole Borbely, GRC Associate at PWC and trainee cyber security consultant via CAPSLOCK, offered this advice to people wanting to have a career in cyber: “Utilise the network, use LinkedIn, reach out to people, ask meaningful questions and be interested and intrigued. Be resilient and realise you have so many other qualities and transferable skills that you may not realise that employers are looking for.”
Nicola Hudson, director of communications at the UK government’s National Cyber Security Council (NCSC), described the “startling” statistics found in the latest Decrypting Diversity: Diversity and Inclusion in Cyber Security report, by the agency and KPMG.
The report, the second to focus on progression and diversity in the cyber security sector, found 36% of those working in the industry identified as female – up from 31% in 2020 – while 66% identified as male.
Many of the female respondents were younger, suggesting they were at the beginning of their careers. “We really need to ensure that women are supported in reaching leadership positions and being visible and active there,” she said.
She added that honest conversations need to be had to ensure women understand that having families or caring responsibilities were compatible with entering leadership roles and being successful in them.
Only one third of senior leaders in the industry are women, which she described as a “massive mismatch that needs addressing”.
The 2021 report found that 19% of women said they had experienced gender-based incidents, compared to 1% of men, while more women reported being subject to negative comments about their age than men.
“It’s really striking, if you are in a minority group, based on ethnicity, gender or disability, thay your experience in the workplace is a very different experience from that of the majority. This isn’t OK,” said Nicola.
“What more can you do to support colleagues in the workplace? Mentoring, helping to build confidence, buddying, calling out bad behaviour … we all have to do more to make it an inclusive workplace and to be as welcoming to incomers to the cyber security sector.”
Speaking about thought leadership, Professor Lisa Short told delegates that increasing the number of women in leadership roles requires actions, not words.
“Words are cheap, actions aren’t,” she said. “It will make people uncomfortable; they ought to be uncomfortable. You need to make the world uncomfortable because we are tired of not being at the table. Women have the right to have a sense of parity.
“What sets us apart? It’s our guts, tenacity and courage because a lot of us leaders have had to fight. We all need to step up and we need the industry to make changes. We don’t need more confidence, we don’t need fixing. What we need is for the industry to make changes. Platitudes are not enough.”
Simon Hepburn, CEO of the UK Cyber Security Council agreed. Thanking the speakers, he said: “We need to move from conversation and consultation to action and we’re really keen to drive the action forward.”
Other speakers at the event included: Angelique Faye Loe, head of cryptography, Jaguar Land Rover; Lorna Armitage, founder of CAPSLOCK; Tamzin Greenfield, security analyst, Cyber Security Associates; Zoe Mackenzie, information security specialist, Dr Martens & Board Member, WiCyS UK; and Lindy Cameron, CEO, NCSC.
Speaking after the event chair and co-host Laura Wellstead, WiCyS UK President, said:
“Cybersecurity is a mission-critical priority for organisations, yet the profession of cyber security continues to be plagued by a major skills shortage.
“Cyber needs to be rebranded as a career in business rather than a career in tech or in the basement. We need a change in cyber culture that makes the profession more attractive to women and offers great career development opportunities that are accessible and equal.
“The cyber talent gap can’t be solved overnight and will take time, however there are fundamental steps we should all be taking to improve long-term stability.
“We must move on always from talking about problems our industry faces and instead focus on solutions by working together to learn, showcase and educate.”