Diversity key to filling cyber security workforce gap

Ahead of the inaugural Cyber Security Summit 2023 in June, PayPal Australia head of information security Daniela Fernandez said the industry must cast a wide net to attract a broad spectrum of employees from different professional backgrounds.

“We need to think outside the box,” Fernandez told Cyber Security Connect.

“At the moment, we don’t have enough people in Australia who have the technical skills. So, we need to think more broadly about how to attract employees from different professional backgrounds.”

Fernandez’s comments preceded her panel session at the first-ever Cyber Security Summit in June 2023, where she will outline why diversity is critical in cyber security and how the industry could promote growth and retention of employees from diverse backgrounds.

She noted that many of her peers hail from various professional backgrounds, including marketing, accounting, communications, journalism, psychology, and project management.

However, she said that she continues to hear about candidates that failed to qualify for the first round of interviews because they did not have the appropriate cyber security certification.

“We need to look beyond the traditional information security certifications for all the skills and qualifications,” Fernandez said.

It is equally important to recruit employees of different genders, ages, cultural backgrounds, neurodiversity, political beliefs and affiliations, religions, as well as people with a disability, she added.

VIEW ALL

Bringing different points of view to the industry

Diverse teams are critical for enhanced decision-making because they bring different perspectives to the table compared to homogeneous teams with a lack of diverse thoughts and ideas, Fernandez pointed out.

“They also help with an organisation’s understanding of different attack techniques and motivations,” she said.

“Moreover, having a diverse workforce offers a competitive advantage because it can help you expand your business and deliver more secure products to market.”

The 2022 ICS2 Cybersecurity Workforce Study showed that globally, the workforce gap exceeds 3.4 million cyber security workers, highlighting the dire labour shortages facing the cyber security industry.

This study found that this issue is worsening, with the workforce gap increasing by over 26 per cent compared to 2021.

In Australia, while there are almost 143,700 people in the cyber security workforce, there is a shortage of almost 39,500, according to the report.

Fostering a sense of belonging

Fernandez warned, however, that once organisations recruit a diverse workforce, they must foster inclusion and a sense of belonging.

“I’ve seen some examples where in one year, the organisation reaches a target. But they lose that pool of talent the following year because they didn’t have the right infrastructure and processes in place to make this diverse group of talent feel included,” she said.

Embedding ongoing training

Along with increasing diversity, organisations in the cyber industry would benefit from conducting surveys to identify skills gaps and understand how employees would like to upskill, Fernandez said.

Upskilling is vital because the cyber security landscape and threats are changing rapidly, and as such, require employees to be agile and keep pace with developments.

While a portion might express an interest in refining their technical knowledge and skills, Fernandez said that all employees require upskilling in communication, people management skills, or business acumen.

“Part of this would involve developing a training plan that requires every organisation to outline priorities and avoid increasing employee workload,” she highlighted.

“Some employees may be reluctant to attend training sessions in addition to their daily jobs. So, it’s about striking a balance between their daily jobs and what they need training in, as well as rewarding those who engage in continuous learning.”

Appealing to the young ones

When asked how the cyber security industry could attract the next generation of leaders, Fernandez observed that the younger generation is driven by a sense of purpose and a desire to make an impact in the world through their careers.

Therefore, it is imperative for the industry to highlight the positive impact of cyber security on the community, and project cyber security as an attractive career with abundant opportunities, she said.

“I think one of the challenges we face is the stereotype that has been created over the years, which doesn’t make cyber security an attractive career for a diverse pool of talent,” she said.

“There are still misperceptions that cyber security is only for young men. We should promote cyber security as a professional career because it is a very rewarding career that opens a lot of options for people.”

To hear more from Daniela Fernandez about how to build a future-fit workforce fit to fight cyber crime, why diversity is critical in the industry, and how to build an effective information security team, come along to the first-ever Cyber Security Summit 2023.

It will be held on Thursday, 1 June 2023, at Hotel Realm in Canberra.

Click here to buy your tickets and don’t miss out!

For more information, including agenda and speakers, click here.