IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image

An absence of female perspectives is a clear vulnerability in cybersecurity

Thu, 29th Aug 2024

The theme of this year's International Women in Cyber Day on 1 September is "the role of women in shaping tomorrow's security."

As a female CISO myself, I'm hoping this will prompt my peers to consider exactly what tomorrow's cybersecurity work should look like and the skills needed to handle it - because it strikes me that increasing gender diversity is an overwhelming imperative when we're mindful of what's coming down the line.

To take just one example, there's already a consensus that artificial intelligence (AI) plays an increasingly crucial role in our profession's ability to protect IT systems. As part of that trend, we're seeing more and more use of large language models (LLMs). 

These LLMs are machine learning systems trained on huge volumes of data to perform certain jobs. The range of potential applications is vast, but in a cybersecurity context, LLMs can be used to automate routine tasks, enhance threat detection and inform incident response plans. 

But while LLMs can be incredibly versatile, developing them requires a different skillset. For example, a data scientist will feed an LLM the data it needs, create the model, fine-tune its performance with further training, and analyse and remedy any unexpected responses (or 'hallucinations') it produces. 

In short, the cybersecurity profession is in urgent need of more AI knowledgeable individuals, presenting an opportunity to widen our recruitment net and consider candidates from different backgrounds, ones who bring different skills and experiences to the work of IT security. Among these, there should be a significant representation of female candidates. 

TACKLING BIAS

None of this is to say, of course, that AI space doesn't have its own gender diversity issue. But I would argue that the problem of AI bias has forced it to recognise and take concerted action to tackle it – and that the cybersecurity field could learn much from its thinking here. 

Consider this: an AI algorithm may well be at risk of bias if the team that built it isn't able to bring a wide range of opinions and experiences to the task. Likewise, distinguishing between causal relationships and correlations in extensive data sets can be a haphazard affair without the help of widely differing perspectives. 

As a result, the data science field works hard to attract women who don't necessarily come from a traditional computer science background or who may have retrained in data science later on in their careers. Many of these could be valuable additions to IT security teams. 

ISC2, a non-profit organisation that specialises in training and certifications for cybersecurity professionals, found that in Australia, women only represent 21% of professionals in the field. The silver lining is that globally, the proportion of women in newer generations of the cybersecurity workforce is steadily increasing. The same study found that across the world, 26% of cybersecurity professionals under 30 are women, double that of the over-65 age group, with only 13% being women.

I think cybersecurity professionals should follow the same line of thinking on diversity in general. In my view, and from my day-to-day experience as a CISO, a more diverse cybersecurity team is definitely a better cybersecurity team. 

After all, in the face of a rising tide of new threats and tactics, we need to adopt a fresh approach to cybersecurity. Malicious actors work tirelessly to adopt new tactics, find new vulnerabilities, and identify new ways to bypass controls. It seems to me that a more diverse IT security team is better equipped to adopt the kind of 'hacker mindset' needed to counter these attacks. 

WIDENING THE NET

To mark International Women in Cyber Day, I'd like to suggest that our industry takes two crucial steps to include more women in our teams. 

First, we need to broaden the scope of the qualifications we seek in all candidates. We need to look beyond traditional schooling and career paths to consider other skills and personality traits that might enhance how we protect IT systems. These might include data science skills, of course, but could equally focus on mindsets such as curiosity, a willingness to question the way tasks are performed or conclusions are reached, and an excitement to learn new things. 

Second, we need to work harder to encourage more women to join us. That might mean reviewing how and where we advertise roles so that news of open positions reaches more women. For example, I've taken steps to work more closely with community colleges to source graduates who have returned to education later in life and with recruitment specialists who focus on supplying more diverse candidates. 

Consciously or not, we all embed our values, interests and life experiences into the work we do. Our wider understanding of the world inevitably shapes the outcomes we deliver at work. In a multidisciplinary field like cybersecurity (or data science, for that matter), the routine exclusion of female viewpoints isn't just a barrier to good work - it's a vulnerability. 

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X