CIO opinion
“
THE FIRST STEP
IN FIXING A
PROBLEM IS
RECOGNISING
THAT IT EXISTS;
AND THE
SECOND IS BEING
DETERMINED TO
CORRECT IT.
organisation and industry, with some CISOs
having board membership, budget control
and large teams, and others reporting many
levels below the CEO and having to apply for
resources from other teams. This obviously
influences the range of cybersecurity roles
available in the organisation but potentially
also affects the ability of the CISO to achieve
their assigned objectives.
Worryingly, a CISO role is sometimes designed
as a scapegoat role, held in readiness against a
likely future breach as an alternative to actually
improving risk management.
Will prejudiced hiring approaches lead to
more minorities and women being picked
to fill this ‘sacrificial CISO’ role? On this
note, organisations will always look to the
board to set an example; what proportion
of top management are female or
ethnically diverse?
The current status of the diversity
debate and the underlying trends
What we see currently in the diversity debate
are questions around whether people are
being treated equally. The fact that such
questions are being asked implies that we
still have a problem; but the ability to ask
these questions also enables us to recognise,
call out and redress unfair treatment.
Women are still tragically under-represented
in both Information Technology and
information security, so there is a critical
48
INTELLIGENTCIO
need to encourage a more inclusive
approach towards hiring and towards
treatment of women once they are in post.
Each individual is unique and has
competencies which should be valued and
managed. When we can transcend biases,
it will ultimately benefit and strengthen
our industry.
Conclusion
With staggering financial losses due to
cyberattacks costing organisations in the multi-
billions of pounds, the industry is crying out for
more skills in this complex field. As professionals
in the industry, we need to work together to
encourage cybersecurity as a possible career
choice for all of the population, not just the
part with a male gender identity.
When I think about inequality, I
contemplate questions such as why there
are so few women in the cybersecurity
industry, why are women paid less than
men, or why are there more women in
low-skilled jobs? The answer is that there
is prejudice in this world. This prejudice
has created an inaccurate belief that your
expressed gender should dictate your career
choices and future.
In an industry with a disproportionately high
male representation, I can see its shadow
on so many organisations – and the sadly
inaccurate assumption that having a woman
or a person from an ethnic minority solves an
organisation’s diversity issue.
A person’s ethnicity, sexuality, gender,
gender identity or background should
never be more important than their skills
or experience. Each individual is unique
and has competencies – and weaknesses
– which should be valued and managed.
With organisations now forced to publicly
display the disparity between male and
female salaries – and with a move to do the
same for different ethnic backgrounds – we
will continue to see companies’ diversity
problems becoming embarrassingly visible.
It is time for organisations to truly embrace
the diversity debate to help bridge the
cybersecurity skills gap.
The first step in fixing a problem is
recognising that it exists; and the second is
being determined to correct it. n
www.intelligentcio.com