CREST report highlights actions to improve gender diversity in the cyber security industry

Report says schools, industry and recruiters should do more

A report published by CREST highlights progress made in gender diversity across the cyber security industry, in the past few years and points to the next steps needed to further address the gender gap. CREST – the not-for-profit body that represents the technical security industry including vulnerability assessment, penetration testing, incident response, threat intelligence and SOC (Security Operations Centre) – has found that while awareness around gender diversity has improved, there is still work to be done to make a significant practical difference.

In polls taken at CREST’s gender diversity workshops, only 14% of attendees argued that not enough work has been done to lessen the gender gap, but 86% believed that while progress has been made, it is not nearly enough. The study also found that 59% of participants classified their experience in the industry as mixed, having received support and enjoyed roles but pointing to obstacles and challenges that had to be overcome as a result of being female.

The workshops had the primary focus and objective of inspiring change and concluded that the main priorities for change are encouraging girls at school to study computer science; improving visibility of female role models; challenging the perception of industry and perceived gender-specific roles; and industry-wide female mentoring and coaching.

The report suggests that the primary reason for the under-representation of women in the cyber security industry is down to a lack of interest in the subject from school age. When considering ways to make change, the report recommends that industry leaders – including directors, CEOs and accreditation bodies – could and should be responsible for approaching schools help educate and encourage students. Schools could also promote initiatives such as CyberFirst’s online Girls Competition, which aims to inspire the next generation of young women to consider computer science as an option with a view to a future career in cyber security.

Findings by CREST also point to issues with current recruitment practices, including the way job descriptions are written, the language used and arguably even candidate requirements. Female representatives at the workshops agreed that the inclusion of training options on the job advert would encourage more female applicants, as would flexible working hours, good maternity policies and back to work support. Another key finding is the demand for an industry-wide female mentoring and coaching scheme to create a stronger, closer female community whilst enabling women to grow and develop in their careers.

“It is encouraging that as an industry we are making progress but there is a lot more to do and improving the visibility of female role models will allow us to challenge the perception of the cyber security industry,” says Ian Glover, President of CREST. “Schools hold the key and we need to help them to encourage more girls into the industry. Furthermore, the mentoring scheme would give a platform on which role models can help to coach and guide others, which in turn will help to challenge the perception of gender as it relates to the industry,” adds Glover. “The actions are well-thought through, they are doable but just need the support of industry, education and recruiters.”

You can download the full report here:
CREST Gender report

The report comes from research conducted among CREST members and an open Access to Cyber Day and is one of a set of diversity reports that can be found in the Knowledge Sharing section of the CREST website: https://www.crest-approved.org/knowledge-sharing/research-reports-position-papers/index.html