Following the UK Cyber Security Council Ethnic Minorities in the Cyber Symposium and wider consultation with our members, the Council was able to gather valuable insights into the major inhibitors of diversity in the industry and create what we have called the flow of diversity process.
Process flows are used in cyberspace to establish processes, predict outcomes, and prepare for undesirable situations. By applying this same logic to diversity, we can analyze existing industry processes from recruitment to talent retention, predict their impact on diversity, and prepare updated ways of working to remove barriers to diversity across the board. ground.
As the cyber skills gap widens and we see increased demand for cyber expertise, the Council’s mission is to raise awareness of barriers to cyber entry and highlight key actions to address them. remedy.
Arguably, the first step in the diversity process flow is to recognize the need for improvement. In an NCSC investigation, 25% of respondents said they encountered a professional barrier related to diversity and inclusion, and the same research found that only 15% of its respondents were from diverse ethnic backgrounds.
If cyber is to adequately support the UK Government’s aim of making the UK the safest place in the world to live and work online, fostering a culture of diversity within the UK is paramount. industry to attract and retain diverse talent, and the Board’s Diversity Process Flow is one step in achieving this.
The landscape of language in cyber
As discussed at our Symposium on Ethnic Minorities in Cyber, the technical language deployed in cyber is inherently complex and yet we choose to make life even more difficult through the use of inconsistent jargon and terminology. with multiple interpretations, all woven with a self-affirming ‘if you know, you know’ mentality.
With this perspective, how can we expect those new to cyber to enter the industry on the ground?
In a role where communication is vital, we need to allow people to express themselves and understand each other as easily as possible. And the dumping ground of jargon that litters the cyber industry is not conducive to accessibility.
Without a clear and consistent approach to language across technical terminology, job titles, and job requirements, we create a barrier.
After identifying this barrier to diversity, the Council created useful documents such as the Cybersecurity Glossary and constantly refers to the 16 specialties within cyber, but it’s not yet adopted industry-wide. Cyber as a whole needs to take stock of its use of language so that we can clearly communicate the roles available in our domain and the critical roles they play in protecting our lives online.
Clear paths to cyber success
The standardization of qualifications in cyber is an ongoing challenge which the Council is beginning to address by setting industry standards and awarding professional titles to people working in the sector.
However, with so many qualifications, certifications and accreditations in cyber, knowing what skills you need and at what level you need to operate to apply for a job in the industry can become a minefield.
Consider this landscape from the perspective of people studying in the UK from abroad. Add five-year visa requirements for a three-year course, security clearance challenges, long wait times for recruitment and UK residency required for many government roles. Should we really be surprised that the cyber world cannot attract diversified talents?
One element of addressing this maze of qualifications is the Council’s work on standardizing professional titles which will make entry and progression into the industry much more streamlined. A set of universally recognized professional credentials will also help simplify recruitment processes, while ensuring that individuals can access roles in which they will thrive and that companies can access people with the skills to adequately protect their organization.
In addition to this, the Council Career Objective offers a valuable resource for those looking to navigate a cyber career path. It is a flexible roadmap that individual practitioners – current or future – can use to plan a possible career.
More widespread use of resources like this in schools, colleges and universities will help cyber attract more diverse talent as it matches professions such as medicine, law or accounting where careers are mapped out and the paths to progress are clear in an industry of trust.
The Benefits of Role Models in Diverse Recruitment
So the saying goes, “you can’t be what you can’t see”.
If we want to encourage more people from ethnic minorities in our industry, we must defend those who are already in it. Something as simple as ensuring interview panels are diverse and inclusive can make a huge difference in attracting diverse talent.
Additionally, highlighting a variety of roles and showcasing multiple role models is beneficial in communicating the scope of the cyber industry and the opportunities it offers.
Looking beyond roles like penetration testing and ethical hacking will help shatter perceptions that the cyber industry is all about hacking, and welcome a whole new cohort of potential cyber professionals with new skills that lie outside the realms of coding, hacking, and troubleshooting. .
Tackling global issues
The cybersecurity industry must take responsibility for removing barriers to entry into cyber for people of all backgrounds and employing an honest diversity process flow.
Areas for improvement should be considered to ensure that anyone interested in problem solving, communication and computing is encouraged to pursue a career in cyberspace. And anyone working in other industries can change careers and thrive in cybersecurity without facing diversity and inclusion barriers.
But championing diversity means more than just hiring people from different backgrounds, we need to see diversity at all levels and ensure we retain talent. It goes without saying that protecting our work and our lives on the Internet of Things (IoT) requires a holistic approach, and it is the mission of the UK Cyber Security Council to help establish this.