Studies have shown the importance of diversity and inclusion (D&I) in generating more creative solutions to business problems and enhancing performance and competitiveness. D&I is particularly important in tech because it serves as a catalyst for success and a foundation for innovation in so many industries.
However, despite many organisations developing diversity initiatives to encourage more women and other underrepresented groups to explore careers in tech, there remains a shortage of women and minorities, particularly in cybersecurity.
Linked to this, it was recently predicted that by 2021, 3.5 million cybersecurity positions will go unfilled.
A 2017 study conducted by the Global Information Security Workforce found that women comprise just 11 percent of current position in cybersecurity. In the Middle East, women’s representation in the cybersecurity field is only five percent compared to 14 percent in North America.
Globally, 26 percent of people in cybersecurity are minorities and almost three-fourths of information security analysts are white.
Clearly, the cybersecurity workforce isn’t growing fast enough to keep pace with the increasing cybersecurity challenges, in the region and globally. Middle East businesses are also considerably more likely to suffer from cybercrime than the global average. Only 33 percent of organisations in the region have a cyber-incident response plan and most companies are still not adequately prepared for the risks.
To ensure organisations – and citizens – across the Middle East and Africa (MEA) are safe, we need to break down systemic barriers to diversify the workforce as soon as possible.
Drilling down into the reasons why
According to Diana Kelley, cybersecurity field CTO at Microsoft, the reasons why cybersecurity has such low female representation is due partly to a lack of support for women in STEM programmes at schools. This leaves some women feeling unprepared for a career in cybersecurity. Many women also avoid pursuing careers in the field because of a lack of healthy work/life balance, and an often-misogynistic environment.
It’s vital that we encourage more women and different groups to pursue careers in cybersecurity because diverse viewpoints are critical to the success of cybersecurity programmes.
According to Kelley, who visits the region this week to keynote at a leading cybersecurity conference, solving problems for cybersecurity and resilience requires looking at a very large number of moving parts – What’s the threat model? What are the business requirements? Which laws or regulations are in force? And so on.
“No one person can have the complete answer to all these questions. And a set of people with the same background and viewpoints may have shared blind spots or biases too. It’s only when we open up the planning and conversation to a diverse group that we get a truly comprehensive approach,” she says.
Zooming in on how
With decades of IT and cybersecurity experience working as an advisor to numerous CISOs, CIOs, and CSOs at some of the world’s largest companies, Kelley’s long career has helped her pinpoint some of the ways we can break down gender barriers and encourage more women and underrepresented groups to pursue careers in tech and cybersecurity.
This includes a holistic approach that addresses the systemic issues contributing to the low representation of women in the field as well as the issues in the workplace that discourage many women from pursuing a career in cybersecurity.
Says Kelley: “Systemically – we can eliminate bias in the educational system so diverse populations can get the education they need to prepare for careers in cybersecurity. In the workplace, we can support diversity by ensuring bias is removed and a culture of respect is nurtured. And individually, we can employ a tactic that my Microsoft colleague Lisa Lee refers to as ‘lift as we rise’ – which entails us being mentors, sounding boards and supportive advisors to those who are entering the field or facing challenges that are making them doubt their ability to succeed.”
Cybersecurity, women and achieving job fulfilment
For women, Kelley is proof that a career in cybersecurity can offer a unique sense of job fulfilment and a deep feeling of purpose.
“Personally, I think this is the best possible career because you learn new things every day,” says Kelley.
“Today, cybersecurity is such a broad practice that we need people with all kinds of skills, from lawyers to help with policy development and partner negotiations, to creatives who can assist with marketing campaigns to amplify messages, to graphic artists who can help translate complicated security technology into concepts that people outside of the profession can comprehend.”
“The one thing that cuts across the dimensions is the fulfilment of knowing you’re doing a job that’s helping to keep people and organisations safe,” she says.
About Microsoft’s approach to cybersecurity and D&I
Cybersecurity is a central challenge of our digital age. Microsoft’s security differentiation is based on three pillars: unparalleled operational security posture, comprehensive product suite spanning identity, information, applications and devices, and driving partnerships for a diverse world.
According to Kelley, Microsoft practises 10 inclusive behaviours that help attract and maintain a diverse and inclusive workforce, and they provide training and support to help employees put those behaviours into practice every day.
“We expect each of us – no matter what level, role or function we are in – to play an active part in creating environments where people of diverse backgrounds are excited to bring all of who they are and do their best work. From cultivating diversity in the tech talent pipeline, to seeking out talent in non-tech communities, to investing in organisations that advance diversity and inclusion in business, we’re constantly looking for unique points of view that can spark innovations that transform how we experience the world,” she concludes.
