Fokussiert - stock.adobe.com
Discovering the Diversity Process Flow in cyber
The UK Cyber Security Council's Simon Hepburn explains the Council's new Diversity Process Flow framework, and outlines its potential implications for ethnic minorities in the cyber sector
Following the UK Cyber Security Council’s Ethnic Minorities in Cyber Symposium and wider consultation with our members, the Council has been able to gather valuable insight into the key inhibitors to diversity in the industry and create what we have called the Diversity Process Flow.
Process flows are used across cyber to establish processes, predict outcomes and prepare against undesirable situations. By applying this same logic to diversity, we can analyse existing industry processes, from recruitment to talent retention, predict how these will impact diversity and prepare updated ways of working to break down barriers to diversity in the field.
As the cyber skills gap widens and we see increased demand for cyber expertise, it is the Council’s mission to raise awareness of obstacles to entry in cyber and highlight key actions to address them.
Arguably, the first step of the Diversity Process Flow is to acknowledge the need for improvement. In a survey by the NCSC, 25% of respondents said they had experienced a career barrier related to diversity and inclusion, and the same research found only 15% of its respondents were from ethnically diverse backgrounds.
If cyber is to adequately support the UK government’s goal to make the UK the safest place in the world to live and work online, fostering a culture of diversity within the industry to attract and retain diverse talent is paramount, and the Council’s Diversity Process Flow is one step to achieving this.
The landscape of language in cyber
As discussed at our Ethnic Minorities in Cyber Symposium, the technical language deployed in cyber is inherently complex and yet we choose to make life even more challenging through the use of inconsistent jargon and terminology with multiple interpretations, all woven together with a self-asserting ‘if you know, you know’ mentality.
With this outlook, how can we expect those who are new to cyber to enter the industry on the ground level?
In a role where communication is vital, we need to make it as easy as possible for people to express themselves and understand each other. And the junkyard of jargon which litters the cyber industry isn’t conducive to accessibility.
Without a clear and consistent approach to language across technical terminology, job titles and role requirements, we create a barrier.
Having identified this inhibitor to diversity, the Council has created useful documents such as the cyber security glossary and refers consistently to the 16 specialisms within cyber, but this isn’t yet adopted industry-wide. Cyber as a whole needs to take stock of its use of language so we can clearly communicate the roles available in our field and the vital parts they play in the protection of our lives online.
Clear pathways to cyber success
Standardisation of qualifications in cyber is an ongoing challenge and one which the Council is beginning to address through the setting of industry standards and awarding of professional titles for those working in the sector.
However, with so many qualifications, certifications and accreditations out there in cyber, knowing which skills you need and at what level you need to operate to apply for a role in the industry can become something of a minefield.
Consider this landscape from the perspective of individuals studying in the UK from overseas. Add in five-year visa applications for a three-year course, security clearance challenges, extended wait times for recruitment and the UK residency required for many government roles. Is it really any wonder that cyber is failing to attract diverse talent?
An element towards addressing this labyrinth of qualifications is the Council’s work on the standardisation of professional titles which will make entry into and progression through the industry much more streamlined. A universally acknowledged set of professional titles will also help simplify recruitment processes, as well as ensuring that individuals can access roles in which they will flourish and businesses can access individuals with the skills to adequately protect their organisation.
On top of this, the Council’s career route map offers a valuable resource for those looking to navigate a career path in cyber. It's a flexible road map that individual practitioners - current or future - can use to plan out a possible career.
More widespread use of resources like this in schools, colleges and universities will help cyber to attract more diverse talent as it falls in line with professions such as medicine, law or accountancy, where careers are mapped out and progression routes are clear in a trusted industry.
The benefits of role models in diverse recruitment
So the saying goes, ‘you can’t be what you can’t see’.
If we are to encourage more people from ethnic minorities into our industry, we must champion those who are already a part of it. Something as simple as ensuring interview panels are diverse and inclusive can make a huge difference to attracting diverse talent.
Further to this, highlighting a variety of roles and showcasing multiple role models is advantageous in communicating the breadth of the cyber industry and the opportunities it offers.
Looking beyond roles such as penetration testing and ethical hacking will help to break down perceptions that the cyber industry involves only hacking, and will welcome a whole new cohort of potential cyber professionals with new skills which lie outsides of the realms of coding, hacking and troubleshooting.
Tackling global issues
The cyber security sector needs to take on the responsibility for removing obstacles to entry into cyber for those of all backgrounds and employ an honest Diversity Process Flow.
Areas for improvement need to be acted upon to ensure that anyone with an interest in problem solving, communicating, and computing, is encouraged to pursue a cyber career. And anyone working within other sectors can change career and thrive in cyber security without facing barriers related to diversity and inclusion.
But championing diversity means more than just hiring people from different backgrounds, we need to see diversity at every level, and ensure we retain talent. It should go without saying that the protection of our work and our lives on the Internet of Things (IoT) requires a globally inclusive approach, and it is the mission of the UK Cyber Security Council to help establish this.
Read more about diversity in cyber
The cyber security needs to adopt a holistic approach to gender diversity, says Kyndryl's Kris Lovejoy.
The seventh annual Security Serious Unsung Heroes Awards recognise those trying to improve diversity and mental health in cyber for the first time.