Why diversity, inclusion matter for cyber security in MEA
Studies have shown the importance of diversity and inclusion (D&I) in generating more creative solutions to business problems, and enhancing performance and competitiveness. D&I is particularly important in tech, because it serves as a catalyst for success and a foundation for innovation in so many industries.
So says Diana Kelley, cybersecurity field CTO at Microsoft, noting that despite many organisations developing diversity initiatives to encourage more women and other underrepresented groups to explore careers in tech, there remains a shortage of women and minorities, particularly in cyber security.
According to a 2017 study conducted by the Global Information Security Workforce, women hold a mere 11% of current positions in cyber security. In the Middle East, women's representation in the cyber security field is only 5% compared to 14% in the US.
And globally, 26% of people in cyber security are minorities and almost three-fourths of information security analysts are white.
For Kelley, the cyber security workforce isn't growing fast enough to keep pace with the increasing cyber security challenges, in the region and globally. Middle East businesses are also considerably more likely to suffer from cybercrime than the global average.
"Only 33% of organisations in the region have a cyber-incident response plan and most companies are still not adequately prepared for the risks." She adds "To ensure organisations, and citizens, across the Middle East and Africa (MEA) are safe, we need to break down systemic barriers to diversify the workforce as soon as possible."
Drilling down into the reasons why
Kelley adds that the reasons why cyber security has such low female representation, is due in part, to a lack of support for women in STEM programmes at schools. "This leaves some women feeling unprepared for a career in cyber security. Many women also avoid pursuing careers in the field because of a lack of healthy work/life balance, and an often-misogynistic environment."
It's vital that we encourage more women and different groups to pursue careers in cyber security because diverse viewpoints are critical to the success of cyber security programmes.
For Kelley, who visits the region this week to keynote at a leading cyber security conference, solving problems for cyber security and resilience requires looking at a very large number of moving parts. What's the threat model? What are the business requirements? Which laws or regulations are in force? And so on.
"No one person can have the complete answer to all these questions. And a set of people with the same background and viewpoints may have shared blind spots or biases too. It's only when we open up the planning and conversation to a diverse group that we get a truly comprehensive approach," she says.
Zooming in on how
With decades of IT and cyber security experience working as an advisor to numerous CISOs, CIOs, and CSOs at some of the world's largest companies, Kelley's long career has helped her pinpoint some of the ways we can break down gender barriers and encourage more women and underrepresented groups to pursue careers in tech and cyber security.
This includes a holistic approach that addresses the systemic issues contributing to the low representation of women in the field as well as the issues in the workplace that discourage many women from pursuing a career in cyber security.
Says Kelley: "Systemically, we can eliminate bias in the educational system so diverse populations can get the education they need to prepare for careers in cyber security. In the workplace, we can support diversity by ensuring bias is removed and a culture of respect is nurtured. And individually, we can employ a tactic that my Microsoft colleague Lisa Lee refers to as 'lift as we rise', which entails us being mentors, sounding boards and supportive advisors to those who are entering the field or facing challenges that are making them doubt their ability to succeed."
For women, Kelley is proof that a career in cyber security can offer a unique sense of job fulfilment and a deep feeling of purpose.
"Personally, I think this is the best possible career because you learn new things every day," she says.
"Today, cyber security is such a broad practice that we need people with all kinds of skills, from lawyers to help with policy development and partner negotiations, to creatives who can assist with marketing campaigns to amplify messages, to graphic artists who can help translate complicated security technology into concepts that people outside of the profession can comprehend."
"The one thing that cuts across the dimensions is the fulfilment of knowing you're doing a job that's helping to keep people and organisations safe," she says.
Microsoft's approach to cyber security and D&I
Cyber security is a central challenge of our digital age. Microsoft's security differentiation is based on three pillars. Unparalleled operational security posture, comprehensive product suite spanning identity, information, applications and devices, and driving partnerships for a diverse world.
According to Kelley, Microsoft practises 10 inclusive behaviours that help attract and maintain a diverse and inclusive workforce, and they provide training and support to help employees put those behaviours into practice every day.
"We expect each of us, no matter what level, role or function we are in, to play an active part in creating environments where people of diverse backgrounds are excited to bring all of who they are and do their best work. From cultivating diversity in the tech talent pipeline, to seeking out talent in non-tech communities, to investing in organisations that advance diversity and inclusion in business, we're constantly looking for unique points of view that can spark innovations that transform how we experience the world," she concludes.