Kristin Demoranville, Global Practice Director – Cyber, Risk, and Advisory at BSI Digital trust
Kristin has more than 20 years of expertise in Industrial Cyber Security (ICS), Operational Technology (OT) Security, and Information Technology (IT). As the Head of Cyber, Risk, and Advisory for the Americas, Kristin is responsible for helping clients discover the best cybersecurity risk management strategy focusing on people and processes for their organizations.
Published 7 Mar 2022
This year’s Cybersecurity Outlook Report from the World Economic Forum (WEF) contained many educational insights into the role of cyber in business, and one which I found to be concerning but, to be honest, not all that surprising.
Amid a set of years where cybersecurity incidents are on the rise, the WEF’s polling found that 59% of business executives would find it challenging to respond to a cybersecurity incident due to a shortage of skills within their team. That means more than half of a representative sample of business leaders are concerned that they do not have the personnel on the ground to deal with a serious incident. Additionally, under 25% of companies with 5,000 to 50,000 employees thought they had “the people and the skills [they] need today.”
These statistics spark curiosity; what can we do about the continuing skills shortage in cybersecurity if our efforts to diversify our recruitment and encourage more women to enter the industry are successful? Although the situation is improving, the most recent (ISC)2 report found that men still outnumber women in the cybersecurity industry three to one. The lack of qualified cybersecurity professionals and our human instinct for fairness should make us correct this gender imbalance or recognize that we cannot be secure without diversifying our workforce.
As a woman who has worked in cybersecurity for some time, I want to continue showing young women on the verge of embarking on their careers that cybersecurity NEEDS you. The theme of this year’s International Women’s Day is ‘Break the Bias,’ a resounding call for everyone, regardless of their gender, to consider how our ideas about women might be holding back true equality. Although their perceptions of the cybersecurity industry may not reinforce this, they have space because data shows that diversity creates strong security.
As I consider this gender imbalance, this reminds me of an anecdote from Caroline Criado Perez’s brilliant book investigating how the structures of the world are designed for men and not women, Invisible Women. It goes as follows:
“We teach brilliance bias to children from an early age. A recent US study found that when girls start primary school at the age of five, they are as likely as five-year-old boys to think women could be ‘ really smart.’ But by the time they turn six, something changes. They start doubting their gender. So much so, in fact, that they start limiting themselves: if a game is presented to them as intended for ‘children who are smart,’ five-year-old girls are as likely to want to play it as boys - but six-year-old girls are suddenly uninterested.”
As a society, our approach to educating young girls needs to change. At every stage of education and career development, we must do more to show women that they can enter the cybersecurity industry and thrive in it. Improving accessibility and highlighting opportunities to young, potential cybersecurity analysts are of the utmost importance. The Girls Scouts Cybersecurity badge is a great start, along with schemes such as BSI’s recent partnership with the University of Colorado Colorado Springs (UCCS). The Cybersecurity Apprenticeship Program’s Penetration and Vulnerability Tester Program has never been more important, as they provide candidates with access to the industry-leading training they’ll need to succeed in cybersecurity. The training they provide benefits both apprentices and the ultimate clients of cybersecurity analysts. I hope that many young women feel empowered to take up apprenticeships in cybersecurity not only at UCCS but that apprenticeships of this kind continue to grow in popularity.
There is an overwhelming need to transform the perceptions of a woman’s career path. The STEM subjects taken in high school and at college are often seen as inherently masculine by many. All too often, teachers and parents may steer girls away from pursuing such areas, with only 36% of women graduating with STEM degrees in 2018. Additionally, more STEM teachers need to be female, as young girls may feel that they cannot be what they can’t see. Because fewer women study and work in STEM, these fields tend to create exclusionary male-dominated cultures that are not inclusive or appealing to women. Finding female mentors or just female peers was critical to my STEM and cybersecurity success as a woman with a STEM degree.
However, things are changing, and as I pledge to help #BreakTheBias this International Women’s Day, I hope that many of my colleagues and connections on LinkedIn will too. Let’s work together to ensure that we work to ensure that ALL women know that they are needed and can also be very successful in the cybersecurity industry, not just today but every day of the year.
Happy International Women’s Day!
Latest insights discussing key information resilience and digital trust challenges