CREST report highlights actions to improve gender diversity in cyber security sector
17 June 2020
A REPORT just published by CREST highlights progress made in gender diversity across the cyber security industry in the past few years and, importantly, points to the next steps needed to further address the gender gap.
CREST – the not-for-profit body that represents the technical security industry including vulnerability assessment, penetration testing, incident response, threat intelligence and Security Operations Centres – has found that, while awareness around gender diversity has improved, there is still work to be done to make a significant practical difference.
In polls taken at CREST’s gender diversity workshop, only 14% of attendees argued that not enough work has been done to lessen the gender gap, but 86% believed that, while progress has been made, it is not nearly enough. The study also found that 59% of participants classified their experience in the industry as mixed, having received support and enjoyed roles, but pointing to obstacles and challenges that had to be overcome as a result of being female.
The workshops had the primary focus and objective of inspiring change and concluded that the main priorities for change are encouraging girls at school to study computer science, improving visibility of female role models, challenging the perception of industry and perceived gender-specific roles and industry-wide female mentoring and coaching.
The report suggests that the primary reason for the underrepresentation of women in the cyber security industry is down to a lack of interest in the subject from school age. When considering ways to make change, the report recommends that industry leaders – including directors, CEOs and accreditation bodies – could and should be responsible for approaching schools to help educate and encourage students.
Inspiring the next generation
Schools themselves could also promote initiatives such as CyberFirst’s online girls competition, which aims to inspire the next generation of young women to consider computer science as an option with a view to a future career in cyber security.
The CREST report also points to issues with current recruitment practices, including the way job descriptions are written, the language used and arguably even candidate requirements. Female representatives at the workshops agreed that the inclusion of training options on the job advert would encourage more female applicants, as would flexible working hours, good maternity policies and back to work support.
Another key finding is the demand for an industry-wide female mentoring and coaching scheme to create a stronger and closer female community while enabling women to grow and develop in their careers.
“It is encouraging that, as an industry, we are making progress, but there is a lot more to do and improving the visibility of female role models will allow us to challenge the perception of the cyber security industry,” explained Ian Glover, president of CREST. “Schools hold the key and we need to help them to encourage more girls into the industry. Furthermore, the mentoring scheme would give a platform on which role models can help to coach and guide others, which in turn will help to challenge the perception of gender as it relates to the industry. The actions need the support of industry, the education sector and recruiters.”
*Download the full report at https://crest-approved.org/wp-content/uploads/CREST-Gender-report_202004.pdf
**The report was borne out of research conducted among CREST members as well as an Open Access to Cyber Day