Improving diversity in the cybersecurity industry by doing more to hire people from different backgrounds can help improve online defences for everyone because it will enable information security teams to think about – and defend against – concepts and attack techniques they may not have considered before.
Figures from an NCSC report on diversity detail how over 85% of professionals working in cybersecurity are white, compared to under 15% from black, Asian or mixed ethic groups.
Two-thirds of the industry identifies as male, compared to 31% identifying as female, while over 84% of those surveyed identify as straight, compared with 10% who identified as LGBT. But diversity is – gradually – increasing.
"I feel like from a diversity and inclusion standpoint in the cybersecurity industry we've honestly come a long way," Christine Izuakor, founder and CEO of Cyber Pop-up told ZDNet Security Update.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
"There's definitely some work to do, but I'm so happy to see so many initiatives around building diversity in the industry, bringing more women into the industry, more people of colour people from all these different backgrounds. I think that's huge".
Not only does diversifying the cybersecurity industry help it better reflect the population, it can bring different ways of thinking and different skills to the table – and it could also help cybersecurity teams gain a better idea of how the malicious hacking operations they're trying to defend networks again work.
"The people who are carrying out these attacks, don't look one kind of way or come from one different background. They come from so many different backgrounds across so many different parts of the world," Izuakor explained.
"You can't defend against that, by having one train of thought, you need those different perspectives, you need the people who are defending against these attacks to look just like the people who are attacking and that looks like a variety of different people," she added.
Improving diversity in cybersecurity teams should, therefore, be a key aim for organisations across the industry, because it can help protect people and businesses from a wider range of cyber threats.
"I truly believe that we cannot adequately defend against attacks or develop the solutions and the methods and things that we need if we keep a one-track mind – we have to have diversity in the space, otherwise we will fail," Izuakor said.
SEE: This new ransomware group claims to have breached over 30 organisations so far
It's also important to recognise that people can take different routes into cybersecurity – some might get qualifications from university or information security certifications, others might learn skills via online courses, some might even teach themselves entirely.
"It's important to acknowledge that people have different learning modes and different paths, and that is OK, as long as the job is getting done right and as long as we're defending against these attacks and being more secure," said Izuakor.