Diverse by design: pipelining cyber security talent, 3 practical ways to get involved

Diverse by design: pipelining cyber security talent, 3 practical ways to get involved Image 1
Diverse by design: pipelining cyber security talent, 3 practical ways to get involved Image 2

I’d say that the time for ‘talking’ about the cyber talent shortage, lack of diversity, and the gender pay gap is long over. Even pre-covid, senior leaders were pushing back stating, no, we really don’t want to sit on yet another panel to merely talk about these same old issues. Now is time for action.

Whilst quotas continue to be a contentious issue, I ask clients and the industry in general to focus on the end goal – what do you want your team and business to look like in 12 months? Let’s lose the word ‘quota’ and focus on diverse by design. Not just for today, but for a successful economic future.

Measuring business objectives, by way of targets, is a fundamental part of any successful business. So why, when looking at the heart of a business - its people, does designing such outcomes seem complicated, become stigmatised, or is simply overlooked. 

With the myriad of research demonstrating diverse teams positively impact the bottom line, diverse by design should be seen as a smart business move! At a recent AustCyber event, Ian Yip – CEO of Avertro stated that his business has done just that – ‘from inception, building a diverse team was designed, planned and implemented’. 

And let’s be honest, coming from an industry that wants to build an ecosystem that is secure by design, this concept should not be hard.

So, what are some practical ways you can start today? No matter the size of your organisation.

  1. Women in STEM Decadal Plan

It is a shared responsibility of government, academia, the education system, industry, and the community to help attract women and girls into not only Cyber, but STEM professions in general.

The Women in STEM Decadal Plan, developed by the Australian Academy of Science in collaboration with the Australian Academy of Technology and Engineering, offers a vision and opportunities to 2030 to guide stakeholders as they identify and implement specific actions they must take, to build the strongest STEM workforce possible to support Australia’s prosperity.

The Tech Girls Movement Foundation is proud to be an Australian Academy of Science Women in STEM Decadal Plan Champion. They are committed to sharing knowledge and collaboration and can help organisations big and small align current activities with the six opportunities on the decadal plan.

Techgirls has been assisting current partners, including the Decipher Bureau, and WK Digital. Amanda Rodgers from WK Digital states “My intention in publicly committing WK Digital to be a Women in STEM Champion is to jumpstart active commitment by other organisations to gender equity in STEM. The economic future of Australia is too important to simply discuss big goals, we have to actively plan for their realisation”.

The decadal plan is a 10-year plan which will create a richly diverse industry and the Decipher Bureau has enjoyed working on our plan with Techgirls, understanding where we are today, identifying opportunities for growth across our business and the wider cyber ecosystem, providing some accountability to action.

  1. Pipelining top talent

Recruitment is reactive. And whilst this won’t change, what we can decisively see, is firms who have strong policies regarding attracting and retaining diverse talent and partner with specialist recruitment firms who engage with talent ‘off market’ on their behalf, are much better equipped to hire from a diverse pool of candidates. 

Now, this is not to say you’ll receive a F50/M50 Pen Testing shortlist! However, once you identify the teams and/or roles where diversity is lacking, you need to build in the ability to create an opportunity for the right person – at any time! Not just when it suits your business. Just like we forecast other costs, we need to do more than forecast salary and bonusses. We need to forecast diverse talent and roles where specific skill sets can add value to the existing team.

Whilst larger organisations may have more of a financial buffer for this type of pipelining, it is not impossible for smaller organisations to adapt to this approach. Like any other forecast, you review quarterly and measure it at the end of the year. The above decadal plan can certainly assist in this area.

  1. Re-imagining “grad programs”

Hiring grads out of university is imperative, however these days there are additional pathways for cyber study. TAFE and a range of certification providers assist people who are transitioning from one career into the world of cyber. And creation of entry level or junior roles must be a collective effort.

Whilst I don’t proclaim to have all the answers, I have heard time and time again from clients they “don’t have time to train” or they are “worried that the person will finally get up to speed and then leave”. Whilst I understand most cyber professionals are running at top speed, that won’t change unless we all take the time to bring up this new talent.

We are currently working with three clients who are actively taking on entry level candidates, with the aim to train and retain. And what I have found through the interview process is those candidates who are career transitioning often bring extremely strong communication and leadership skills.

Which, according to a recently released ISACA study (in the 2021 State of Cybersecurity report), 56% of security professionals identified soft skills – including communication, flexibility and leadership – as one of the biggest skills gaps among today’s cyber talent.

So, another benefit of tapping into this talent pool is we can not only address the talent shortage; but ensure this next generation of cyber professionals come with well-developed communication skills and will be more than ready to be the leaders of tomorrow.