InSecurity: Why a Failure to Attract and Retain Women in Cybersecurity is Making Us All Less Safe
Cybersecurity Canon Candidate Book Review: “InSecurity: Why a Failure to Attract and Retain Women in Cybersecurity is Making Us All Less Safe,” by Jane Frankland (Published October 20, 2017)
Book Reviewed by: Greg Day, CSO EMEA
Bottom Line: I recommend this book for the Cybersecurity Canon Hall of Fame.
Smart leaders build smart teams around them, yet the percentage of women in the cybersecurity industry is still low today. Are you missing out on hiring top talent due to unconscious biases? Do you lead an environment to nurture and develop diverse talent from differing educational and cultural backgrounds? Are you a parent wondering what skills your children need for tomorrow's digital world?
Jane Frankland, author of “InSecurity: Why a Failure to Attract and Retain Women in Cybersecurity is Making Us All Less Safe,” clearly spent significant time gathering real-world examples around the challenges of diversity, and she shares great guidance and advice. This book is aimed at women specifically, but its insights would be useful for any minority group. “InSecurity” will also be of interest to managers, leaders, parents and anyone wishing to encourage others to live up to their potential. Frankland logically works through the challenges, from identifying, hiring and educating to retaining talent, and it ends with calls to action.
Some may wonder why I wanted to review this book and why you should read a book on gender diversity in cybersecurity. Some may see this as simple awareness of the modern world we live in, yet the fact is that today, in the technology industry – and cybersecurity specifically – we have a shortage of skilled staff, yet nearly half the adult population is not seeing cybersecurity as a viable career option. Why is that, and how do we change this? There is a whole talent pool of experienced and skilled workers we simply must do better at tapping into.
In recent years, there has been a push (certainly in the UK) to increase science, technology, engineering and maths (STEM) in the education system. “InSecurity” focuses on why this isn't enough and looks at many aspects of how to encourage, nurture and support diversity in the workplace, starting with STEM. One aspect I would highlight is the inclusion of arts – yes, arts – in STEM to make it "STEAM.” The logic here is that arts drive creativity.
This makes a world of sense for several reasons. Firstly, so much of cybersecurity is about thinking outside the box. Adversaries succeed when they are able to think of creative ways to compromise systems that the cybersecurity experts simply hadn't thought of. During my career, I have both hired and worked with great security experts that have come from a variety of different backgrounds, including a former priest, juggler and musician. As such, the second point is that while formal education is a helpful start, we should never rule out those who have come from different backgrounds and are switching into cybersecurity.
As Frankland highlights, one of the other most common reasons attackers are successful is compliance failure. It's an easy step to infiltrate the accounting and auditing department, for example, and move across the network. This highlights why this book is for everyone to read; the more we open our minds to opportunities, the better our security teams can be.
In recent years, I completed a “diversity in hiring” training. Probably the most valuable thing I took away from this was the concept of unconscious bias. Like it or not, we all have this. It's part of our persona, the life experiences that define who we are and how we act. If you haven't come across this concept, it’s the language we use, the way we act without conscious intent. For example, when writing a job spec, does it include language based on your own experiences that would make the role less appealing to people who don’t share your life history. It’s natural we look for traits in others that we have ourselves – does this make men more likely to hire men? The book highlights an example I had heard previously where conductors were hiring more men into orchestras, possibly due to unconscious bias. They then started doing blind music auditions and there was a notable shift.
Like so many things in business, addressing this issue starts with having the knowledge (hence my recommendation on reading the book). It also helps to have a diverse team (did I say already… read the book!) that can support your efforts by providing input into the hiring process.
Hiring may be step one, but in an industry where it's typical to shift companies every two to four years, managing diversity is even more critical. The book shares a broad range of reflections on both the inhibitors many have faced, as well as some very practical tips on how to nurture and develop staff, relative to their personalities. In what is such an exciting and dynamic space, it's shameful that anyone should have to work in an environment that doesn’t inspire passion for their work and challenge them to grow as individuals. The challenge is ensuring all team members are provided with an environment in which they feel they have a voice. STEAM brings creativity to cybersecurity and diversity brings differing perspectives that create a more well-rounded and balanced view.
In life, we strive to further ourselves through knowledge and self-awareness. “InSecurity” is all about building our awareness of others, which is just as important. In a world where the demand for technology skills continues to grow, this book highlights why we’d be hugely remiss if we don't explore, nurture and develop the talent of every possible person who can support us on the digital transformation journey.
We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!