CREST Report Highlights Actions to Improve Gender Diversity in the Cyber Security Industry

By   ISBuzz Team
Writer , Information Security Buzz | Jun 09, 2020 02:24 am PST

Report says schools, industry and recruiters should do more

9 June 2020 – A report published by CREST highlights progress made in gender diversity across the cybersecurity industry, in the past few years. And then points to the next steps needed to further address the gender gap. CREST – the not-for-profit body that represents the technical security industry including vulnerability assessment, penetration testing, incident response, threat intelligence and SOC (Security Operations Centre) – has found that while awareness around gender diversity has improved, there is still work to be done to make a significant practical difference.

In polls taken at CREST’s gender diversity workshop, only 14% of attendees argued that not enough work has been done to lessen the gender gap. But 86% believed that while progress has been made, it is not nearly enough. The study also found that 59% of participants classified their experience in the industry as mixed. It means having received support and enjoyed roles. But pointing to obstacles and challenges that they should overcome as a result of being female.

The workshops had the primary focus and objective of inspiring change. And they have the conclusion that the main priorities for change are encouraging girls at school to study computer science; improving the visibility of female role models; challenging the perception of the industry and perceived gender-specific roles, and industry-wide female mentoring and coaching.

The report suggests that the primary reason for the underrepresentation of women in the cybersecurity industry is down to a lack of interest in the subject from school age. When considering ways to make a change, the report recommends that industry leaders – including directors, CEOs, and accreditation bodies – could and should be responsible for approaching schools to help educate and encourage students. Schools could also promote initiatives such as CyberFirst’s online Girls Competition. It aims to inspire the next generation of young women to consider computer science as an option. Of course, with a view to a future career in cybersecurity.

Findings by CREST also point to issues with current recruitment practices. It includes the way job descriptions are written, the language used, and arguably even candidate requirements. Female representatives at the workshops agreed that the inclusion of training options on the job advert would encourage more female applicants. Not only that, but also flexible working hours, good maternity policies, and back to work support. Another key finding is the demand for an industry-wide female mentoring and coaching scheme. It is to create a stronger, closer female community whilst enabling women to grow and develop in their careers.

“It is encouraging that as an industry we are making progress. But there is a lot more to do and improving the visibility of female role models will allow us to challenge the perception of the cybersecurity industry,” says Ian Glover, president of CREST. “Schools hold the key and we need to help them to encourage more girls into the industry. Furthermore, the mentoring scheme would give a platform on which role models can help to coach and guide others. Which in turn will help to challenge the perception of gender as it relates to the industry,” adds Glover. “The actions are well-thought through, they are doable but just need the support of industry, education, and recruiters.”

To download the full report, go to:

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x