Stereotypes are never a good thing as they can damage our perception of what truly matters. If we were to picture a hacker, many tend to imagine a guy wearing a hoody with a Guy Fawkes' mask by his side. When we think of a cyber security professional, usually, the picture stays the same, with few exceptions - there is no mask and they act to protect and not to compromise systems. Since most of the time, 'black hat hackers' are hidden behind screens and the only trace of their presence is cyber-attacks, it would be hard to assess how diverse their community is. However, given more accessible information about the cyber security world, the portrait of an average security analyst, engineer or architect - would be a white male. This could have been a stereotype if it wasn't generally the reality.
'There are studies that show if you put one woman in a five-candidate pool, there is a zero percent chance that a woman will get chosen.' That's according to Andrea Little Limbago, the Chief Social Scientist at Endgame. The diversity issue in the cyber security space is worsening, and even if there are some companies who are trying to tackle this issue, the situation doesn't seem to be making progress but is instead regressing. With an increasing demand for cyber security professionals - the demand is growing, but it's not becoming more diverse, nor does it accommodate more industry practitioners. Melinda Gates, the ex-General Manager of Information Products at Microsoft and the wife of Bill Gates, revealed during her speech at the Code Conference that: 'When I graduated, 34% of undergraduates in computer science were women...we're now down to 17%.'
What does the
cyber security job market look like from the inside?
According to data acquired by CSO, up to 1.5 million cyber security job openings are predicted to be unfilled by 2019. Currently, there are two job openings per one candidate who fit the criteria. The industry is desperate for talent, but in many cases, it is unwilling to work with what the job market is offering. Additionally, the increasing shortage of professionals and a widening gender gap may cost the industry missed targets and opportunities. It also risks becoming isolated, with a growing number of cyber threats that the future is yet to reveal. Many assume that the problem is an overall lack of security talent, however, biases during selection processes and some working conditions designed mainly to attract male candidates, speak the opposite.
It may be the case that some STEM, and particularly, cyber security firms misunderstand the concept of diversity and equality in the workplace, often referring to it as lowering standards. However, reshaping the criteria and adopting new approaches have nothing to do with low standards - it is simply about customization, so all employees have equal benefits and comfortable working environment, as for industry specific requirement, these should stay the same.
Among both women and men, there is always a proportion of those who don't fit the role because they simply wouldn't be capable of showing high performance. However, as both genders have differences and separate needs, often, standards are set based on one party ignoring the benefits that others may bring to the same situation. In order to fully benefit from diversity in the workplace, firstly, there must be a flexibility.
And secondly, the right training and education.
Among the reasons why the cybersecurity job market thrives and struggles at the same time is an increasing interest in software and data security across multiple industries, an urge to cater to these needs, but a lack of knowledge of how to combine high standards and allow for diversity.
Those who are leaving universities and graduating from computer science related programs are in roughly the same position as those who are self-taught. Today, many cyber security jobs are unavailable for graduates because they don't have enough experience, and those without a formal degree can't enter the field, as for women professionals, openings sometimes require them to accept conditions which may not resonate with their unique needs. Often, cyber security departments don't acknowledge that it's more cost-effective and better for the industry to work with different levels of experience, backgrounds, and gender.
Nurturing top talent based on their unique capabilities can deliver some outstanding results in a similar way to learning how to drive. The progress and the outcome depend on the maturity and the competence of the instructor, and once a learner becomes a licenced driver, they then acquire their own style of driving and habits.
If we apply this to the cyber security field, working with different talents in terms of their portfolios,
Black hat hackers are always searching for new ways to compromise systems and introduce new bugs. This often results in building groups and communities, where different backgrounds and skills allow for a better chance to breach systems through creative means.
If the issue is not resolved or at least improved from the current unwillingness to accommodate diverse talent, we may find more unfilled jobs, inflation in salaries, and departments and firms stuck using the same legacy approaches. Once these require immediate solutions, there will simply not be enough skilled talent to tackle the mounting problems. These issues will require companies to get out in front of these and try to stay one step ahead of those looking to do harm, which will require diversification of talent and incorporation of a wider range of skills.