SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

IWD 2024: Emerging threats mean the cyber security industry needs more diversity

Thu, 7th Mar 2024

With cyber security breaches making news headlines across the world, there are hundreds of articles discussing the latest technology, trends and skills needed for the workforce.

What is not often discussed and is relevant on International Women's Day, is the lack of diversity and inclusion of women within the cyber security space and in particular technical roles.

As someone who has been in the cyber security industry for 27 years and in a technical leadership role, the statistics are alarming. Only 17 per cent of the cyber security workforce is female, and most of those are in governance, risk, compliance and project management roles, according to a recent study by RMIT University's Centre for Cyber Security Research and Innovation (CCSRI) and the Australian Women in Security Network (AWSN).

Even when we have women coming out of university with technical degrees, the industry somehow pushes them into governance, risk or project management whilst pushing male graduates into the technical fields. Why?

This imbalance comes at a critical time as according to the latest IBM's Cost of a Data Breach Report the average cost of a data breach in Australia has grown 32% in the last 5 years, reaching AUD $4.03 million.  The ability to create DeepFakes and fool people into doing things they wouldn't ordinarily do is a huge issue for us in cyber security.  The ability to socially engineer someone utilising DeepFakes is going to be an attack vector that we will see increase over the next few years.

By pigeonholing women into non-technical roles, the industry is hindering their access to further growth and career development opportunities. For instance, in technical roles, women would have more possibilities to lead teams, the roles often pay more and there is better pay equity, and most importantly, technical roles continue to advance with new opportunities as technology changes.

Diverse teams drive innovation to explore new solutions and approaches. At this moment, where the cyber security industry is going through rapid change and the challenge that will likely worsen as adversaries invest in AI to optimise their tactics, we need to strengthen our team. It is critical women are a part of it.

It is critical we have enough qualified women in technical roles and technical leadership roles to help tackle this problem. For cyber security professionals, we will need awareness of these attacks, and the latest technologies that can detect and respond to these attacks – to protect the organisations we work for.

I grew up in an industry where there weren't a lot of female role models, and my feisty nature and love of tech and cyber security kept me moving forward and advancing my career.  But it was hard.  It was lonely and I often questioned if I was in the right spot or should I give up and move to a "girl career". This highlights the need for the importance of strong female role models in technical and technical leadership roles.

As the sector evolves and non-technical roles are potentially disrupted by emerging technologies like Gen AI, it is critical we get more women into technical roles.

As a leader, I try to support gender equality in cyber security in a number of ways.  The biggest one is supporting flexibility in the working hours of our staff.  Women are more likely to drop their technical career path after having children as taking time off to look after their children takes them out of the workforce and leaves them feeling that they have "been out of the game" too long to return to their technical career path.

Personally, I was a single parent for a big chunk of my children's childhood.  I vowed that when I was in a leadership position, I would be more supportive of parents and offer flexibility in how they did their jobs.  As an example, I try not to run meetings over school run.  I am happy for our teams to run flexibly and work from home with their kids in the background when they need to, and I support staggered hours.

It goes back to that adage "you can't be what you can't see" and hopefully we can inspire the next generation of female cyber security leaders to know they can see that someone else has done it and that the support exists so that they can choose a lifelong career in a technical career path.