By Sundar Balasubramanian
To effectively protect the cyber sphere, we need to harness the power of diverse perspectives. Diverse teams solve problems faster and are more innovative than homogeneous teams. They’re also widely recognized as critical in strengthening an organization’s cyber readiness, increasing employee and customer satisfaction, and better enabling organizations to achieve long-term goals.
In cyber security, diversity and inclusivity has been a much-discussed topic. Let’s begin by examining the state of the cyber security workforce. According to the ISC2 Cybersecurity Workforce Study 2022 (link), the gap in the number of cyber security experts continues to widen. At the time of reporting, there were an estimated 4.7 million cyber security professionals worldwide in this field. Despite the addition of 464,000 positions in 2022, there are an additional 3.4 million cyber security professionals needed to adequately safeguard corporate assets.
When examining the current threat landscape, the situation appears concerning as revealed by the Check Point 2023 Cyber Security Report. This report highlights a significant surge in phishing attacks, which escalated from 33% in 2018 to a staggering 86% in 2022. The rising volume of threats, the scarcity of cyber security experts, and the complexity of security measures are collectively leading to growing frustration among existing cyber security professionals. As a result, there is an urgent call for an increase in the cyber security workforce.
As per TeamLease’s report, India’s cybersecurity workforce reached approximately 0.3 million in 2023, marking a notable increase from 0.21 million in 2022 and 0.1 million in 2021. However, this accounts for merely 6% of the worldwide cybersecurity job market. As of May 2023, there were approximately 40,000 vacant positions in the industry, highlighting the increasing need for proficient cybersecurity professionals. The demand-supply gap was at 30%, predicting a significant skills challenge within the industry. According to Check Point Software’s Threat Intelligence Report, an Indian organization faces an average of 2118 weekly attacks in the last 6 months, compared to 1097 attacks per organisation globally. In fact, the country has seen a surge of 18 percent in weekly cyberattacks as compared to the previous years. With the expected increase in cyberattacks, it has been reported that by 2025, the anticipated demand for cybersecurity professionals in India is expected to reach one million, while the existing supply remains at a mere 80,000. Something has to be done to correct this.
To ensure the effective safeguarding of corporate assets, it is vital to acknowledge and address the existing gender disparity within the cyber security field. Despite the current male-to-female ratio being 3 to 1, it’s noteworthy that the number of women in cyber security is on the rise, indicating a positive trend.. Here inIndia, the cyber security workforce faced significant gender disparity, with only 21% being women.In 2022, the global cyber security workforce saw a 5% increase in female representation, with women now comprising 25% of the total, as opposed to the 20% they represented in 2019. By placing emphasis on certification and education, women are not only making their way into leadership roles, but are also setting an example for other women and future generations to pursue a career in cyber security, where they can succeed.
Another trend in cyber security is the need for diverse skill sets, encompassing technical proficiency, risk management, and effective communication. Diverse teams in security operations (SecOps) and security operations centers (SOCs) are widely recognized as crucial for strengthening an organization’s security readiness. These teams, consisting of individuals from varied backgrounds, bring unique perspectives and innovative problem-solving approaches. This diversity is especially valuable in cyber security, where professionals combat global threats. It results in fresh insights that help analysts understand adversaries better, enhancing threat detection and response capabilities.
Choosing a career in Cybersecurity
Considering a career in cyber security offers numerous benefits. First and foremost, the field is in high demand, driven by the escalating frequency and complexity of cyber threats. This demand ensures job security, as skills are continually needed to safeguard data and systems. Moreover, the cyber security sector offers diverse opportunities, spanning roles from ethical hacking to risk management, appealing to various interests and skills.
Cyber security experts essentially serve as digital detectives, utilizing problem-solving skills and creativity to outwit cyber criminals, making it a dynamic and intellectually stimulating field. The competitive salaries in the industry reflect the high demand for expertise, which is particularly advantageous for young professionals.
Additionally, the global impact of cyber security is notable, as your work contributes to a safer online environment worldwide. Continuous learning is inherent in cyber security, making it ideal for those who enjoy staying current with technology trends. The field also offers an ethical dimension, allowing individuals to be the “good guys” in the digital realm, protecting privacy and security. Furthermore, the sense of community and collaboration within the cyber security profession offers the opportunity to learn and grow alongside experienced colleagues, making it a fulfilling career choice for young professionals.
Advice for Pursuing a Cybersecurity Career
There’s a common misunderstanding about the nature of cyber security. Many individuals envision cyber security professionals as solitary figures in dimly lit basements, surrounded by numerous screens, munching on Cheetos and sipping Mountain Dew, while writing code to breach networks. This portrayal often stems from the way the movie industry depicts cyber security experts. Even the adversaries in the field are often shown working in regular office settings, but that’s a topic for another discussion. Here, I’d like to offer some advice that I typically share with my mentees:
Do not get intimidated. Many individuals believe that a technical foundation is a prerequisite to launch a cyber security career, but this is a misconception. Cyber security primarily involves understanding the workings of technology as it evolves over time.
Network and Seek Mentorship. In the realm of cyber security, it’s a continuous journey, and mentors play a pivotal role in providing direction on commencing your cyber security career. They can offer insights on where to begin, recommend the suitable training and certifications, and help you steer clear of common pitfalls along this path.
Connect and Pursue Mentorship. Navigating the world of cyber security is an ongoing voyage, and having a mentor can help steer you in the right direction when commencing your cyber security career. They can advise you on how to initiate your journey, identify the necessary training and certifications, and help you avoid problems along the way.
Engage with local non-profit cybersecurity organizations. I highly recommend becoming a part of a nonprofit cyber security organization as a valuable step on your journey in the cyber security field. These organizations are composed of experienced cyber security professionals, many of whom serve as mentors or trainers dedicated to supporting individuals interested in entering the industry. They offer the tools and skills necessary for entering the workforce. These organizations are typically organized into chapters, and they organize year-round events to assist you in shaping your career. These events cover various aspects, including resume building, interview skills, training, and the opportunity to network with existing chapter members who are actively engaged in the field. Networking within these organizations provides a fantastic opportunity to gain deeper insights into the industry, understand certification requirements, and explore potential job openings.
Continuing education, training, and certification. Ongoing learning, training, and certification are essential in the ever-evolving realm of cyber security. Commit to continuous education, keeping yourself informed about the most recent trends, tools, and threats. Contemplate the pursuit of pertinent certifications and formal education in the field, as these credentials can boost your reputation and expertise within the cyber security domain.
Strategies for Inclusive Workplaces in Companies
In today’s workplaces, diversity, equity, and inclusion (DEI) have become a central focus. When I observe individuals who resemble me occupying positions at higher levels of the organization, such as directors, C-level executives, and board members, it instills a sense that the company is actively taking strides to establish a more diverse environment. This environment not only fosters opportunities for learning, personal growth, and voicing opinions, but also makes individuals feel valued.
Numerous blogs discuss best practices and initiatives for cultivating a more inclusive workplace. However, I’d like to emphasize a few key points. Firstly, organizations need to establish an inclusive atmosphere where every individual is treated with respect, granted equal empowerment to contribute, and provided with equitable access to resources and opportunities, regardless of their demographic characteristics.
To foster a greater sense of inclusivity, companies can begin by conducting a self-evaluation to gauge their current status in terms of diversity, equity, and inclusion (DEI). Establishing a baseline understanding of their workforce will reveal any disparities and enable them to take targeted measures to rectify these issues.
Senior leadership, spanning from C-level executives to the board of directors, must demonstrate their endorsement of DEI endeavors. In the event of a significant crisis occurring in a specific global region, it is crucial for the senior leadership to extend their backing to employees hailing from that area. This message should be conveyed not only internally but also externally, reaching both their customers and business partners.
Review your recruitment procedures to identify non-inclusive language in job postings. For instance, if you’re seeking a software developer proficient in Java, Python, or GO, but your job description mandates a college degree, you might inadvertently discourage qualified candidates who lack formal degrees. When job descriptions and hiring practices create barriers for certain groups, the organization will encounter challenges in attracting a diverse workforce. Ensure that the definitions you set for job descriptions and their associated requirements are in harmony with the actual expectations of the role.
Through their investment in Employee Resource Groups (ERGs), organizations provide employees with a platform to connect, share experiences, and contribute innovative ideas aimed at improving the workplace. Furthermore, supporting mentorship and sponsorship initiatives allows employees from diverse backgrounds to connect with seasoned mentors who can provide guidance and advocate for their professional advancement. Companies that actively encourage these internal mentorship and sponsorship programs not only enhance employee satisfaction, but also tend to retain their workforce for more extended periods.
Strategies for Attracting Underrepresented Groups to Cybersecurity at an Early Age
Getting underrepresented groups interested in cyber security from a young age is a key step in fostering diversity. Here are some strategies:
Early Education Programs: Collaborate with schools to develop cyber security educational programs for students at the elementary and middle school levels. These programs can introduce cyber security concepts in a fun and engaging way.
Youth Cybersecurity Clubs: Support and sponsor youth cyber security clubs or organizations. These clubs can provide a safe and inclusive space for young individuals to learn and explore the field.
Mentorship and Role Models: Connect young students with mentors and role models from underrepresented backgrounds in cyber security. Seeing someone who looks like them in the field can be highly motivating.
Scholarships and Grants: Offer scholarships and grants specifically aimed at underrepresented groups pursuing cyber security education. Financial support can make a significant difference.
Hackathons and Competitions: Organize hackathons and cyber security competitions for students. These events can be exciting and provide practical experience.
Curriculum Integration: Advocate for the inclusion of cyber security topics in school curricula. Make it a part of the standard educational experience.
For every problem, there is a solution. But leaving cyber security roles vacant not only places organizations at-risk, but also nations and their citizens. As a result, our industry needs to step up to ensure we plug this gap for cybersecurity professionals, the sooner, the better.
(The author is Sundar Balasubramanian, Managing Director, Check Point Software Technologies India & SAARC, and the the views expressed in this article are his own)