In a male-dominated industry, such as IT security, it can be difficult for females to get their voices heard, and women often don’t back themselves to apply for leadership positions. Businesses need to have a program to encourage and support more women to be leaders, so we can have diverse decision-makers and inspire the next generation of females in security, writes Charlotte Osborne.
Gender diversity programs. Love them or loathe them, it’s no secret that the security industry is male-dominated and diversity programs are becoming more common across Australian organisations to tackle this problem. ISACA’s 2020 State of Cybersecurity Report indicates that there has been a strong increase of organisations implementing diversity initiatives, with 56 per cent of businesses in ANZ now having a program in place to recruit and retain female cyber professionals, an increase of 11 percentage points since last year.
The question is, do they work? As a recruiter, I witness a lot of opinions from both candidates and clients on whether gender diversity programs are effective. While some have strong beliefs that they are the way forward in improving diversity, others believe they can actually create more bias.
From what I’ve seen, gender quotas can cause resentment among managers who can feel as though such programs interfere with their decision-making process, and team members can be made to feel as though hiring decisions are being made based on gender, as opposed to talent and accomplishments.
Whatever your thoughts on gender quotas, it’s still important for every security team to have diversity targets – particularly when it comes to women in leadership roles.
However, perhaps we should be looking at the bigger picture here. Women still only make up 24 per cent of the security industry in Australia (11 per cent globally) according to (ISC)², and much fewer are sitting in leadership positions. Without action, things will not change. We will not have enough female role models in the security industry, boards will remain non-diverse, and decisions will be made by the same demographic. And as we transition to the ‘new normal’, I think we all agree that there are some changes that need to be made rather than just following the old status quo.
So, how can the cybersecurity industry get diversity right? The key to change is to implement gender diversity policies that work, and this starts with recruitment. The aim should be to hire equal numbers of men and women, and yes, recruitment targets need to be set. Having quotas doesn’t mean hiring men or women without merit, it means that hiring managers, HR, and recruiters just need to look harder to find them.
One Australian organisation which is leading the way in building diverse security teams is Origin Energy. Around 40 per cent of its core security team is female, which is almost twice the national average and nearly four times the global average for the security industry. What’s more, the turnover rate in its security team is only 5 per cent, compared to an industry average of 20 per cent. Origin’s Chief Information Security Officer, Christoph Strizik, puts this success down to broadening talent pools, offering more flexibility to staff, and implementing good internal mentoring and leadership programs.
Don’t just rely on applications
A common complaint I hear is ‘no women applied for the role.’ Hiring managers should look outside the usual channels of Seek and LinkedIn applications. Women are generally more risk-averse than men and are 16 per cent less likely to apply for roles online, according to LinkedIn research. This means, if hiring managers are solely relying on applications when recruiting security roles, they are unlikely to have a diverse shortlist to choose from. Hiring managers and talent specialists should widen their horizons and seek out the best diverse talent in other ways, such as growing personal networks, scouring meetup groups, asking industry contacts for referrals and attending industry association and professional development workshops.
Hiring managers should also be looking at candidates outside of the IT industry with non-technical skillsets and non-conventional backgrounds. Strizik said: “Diversity is very important to us whether that means gender diversity or diversity of thought. To us, diversity leads to creativity. So, we tapped into a broader talent pool. We brought on people from different fields, such as engineering or consulting, and provided them with the right training in technical aspects.
“We also promoted people internally with strong leadership skills but limited security skills to run our security teams. This is perhaps unusual; however, it has actually worked out really well for us.”
Vanessa Gale, Head of IAM for Origin, was brought in with a background in Environmental Engineering. Her team recently won the Saviynt Innovation Award for their work in Identity Access Management, showing a clear example of how this method of recruitment has worked for them.
The aim should be to hire equal numbers of men and women, and yes, recruitment targets need to be set. Having quotas doesn’t mean hiring men or women without merit, it means that hiring managers, HR, and recruiters just need to look harder to find them.
Flexibility means more than just working from home
Now, more than ever, Australians are going to be working remotely, but flexible working is more than staying at home with a sick child. Australian businesses need to consider parental and carer’s leave, but also realise some employees may prefer to be at home rather than commute.
This means offering the right level of flexibility to suit a diverse workforce and their personal commitments. It’s not a one policy fits all, but an agreement that is tailored per employee. It’s a value add to the job seeker when recruiting and can also be successful in retaining the best staff.
Strizik added: “Flexibility has been a game-changer. Origin has an “all roles flex” policy where our starting premise is every role can be performed flexibly, and this goes above and beyond just working from home on a Friday. We have employees who work on the Gold Coast who just travel into the office once or twice a week. We have employees who finish at 3:00pm so they can pick up their kids every day. On top of this, we also increased our parental leave in 2019 to an industry-leading 20 weeks for primary carers, regardless of gender. We also removed the 12-month qualifying period for taking parental leave, so planning a family or expecting a new arrival would not be a barrier to starting a great new career at Origin.”
“When you offer your employees this level of flexibility, you are paid back for it 10x over. When you make their lives simpler, they enjoy their job more, feel appreciation for management, and work harder.”
Hopefully, the old mentality and distrust about workers skiving off when working from home will truly be dead now after senior executives have seen how productive staff can be working remotely.
Gender quotas can cause resentment among managers who can feel as though such programs interfere with their decision-making process, and team members can be made to feel as though hiring decisions are being made based on gender, as opposed to talent and accomplishments.
Provide detailed, structured mentoring programs
Mentoring programs have been touted far and wide as a solution to assist with the gender gap. However, outside of the external mentorship programs and networks set up for women in security, including ISACA’s SheLeadsTech and the Australian Women in Security Network Cadets that connects, supports and inspires female-identifying tertiary students and early career professionals, organisations need to have an internal leadership and mentorship program.
The structure should be set by the HR department with specific KPIs for mentors to ensure the mentee is getting the support they need. Managers should also be having one-on-one discussions with all staff to discuss training, development, and understand where their team members want to go in their careers, so they can do everything possible to get them there.
Furthermore, in a male-dominated industry, such as IT security, it can be difficult for females to get their voices heard, and women often don’t back themselves to apply for leadership positions. Businesses need to have a program to encourage and support more women to be leaders, so we can have diverse decision-makers and inspire the next generation of females in security. AWSN Cadets provides a fantastic external mentoring program to inspire female students and early-career professionals. However, we need more programs like this run internally.
Whatever your thoughts on gender quotas, it’s still important for every security team to have diversity targets – particularly when it comes to women in leadership roles. Strizik said: “No company has nailed this. There are still not enough women in leadership roles in security. Our FY 20 goal is to have 32 per cent of senior roles filled by females across the organisation. We are currently on 31 per cent.”
It’s fantastic that we are seeing more and more Australian organisations embracing gender diversity programs in cybersecurity. A diverse workforce not only means that this industry has more likelihood of successfully connecting with diverse end-users, but having people from different walks of life as part of your organisation means we are able to tackle diverse problems and cybercriminals.
With ISACA’s report also finding that nearly half (48 per cent) of security professionals in ANZ believe that there has been real progress made in women taking cybersecurity roles, these programs are clearly making some progress in closing the gender gap in this industry.
Image Source: Pexels