Closing the Gender Gap in Cybersecurity

CREST releases report exploring the reasons behind the lack of gender diversity in cyber security and looking at ways to drive change

1 September 2016: CREST, the not-for-profit accreditation and certification body representing the technical information security industry, has released a report outlining the details and conclusions from its 2016 Diversity Workshop, attended by representatives from CREST member companies and a variety of leading professionals, from industry, government and academia.

It is no secret that the cyber security industry suffers from a lack of gender diversity and it is estimated that only 10% of the global information security workforce are women. The industry has begun actively addressing the issue, with major industry players coming together to discuss the main obstacles to gender diversity and, more importantly, what is needed to resolve them.

The CREST report looks at why diversity is an increasingly important issue, what is deterring women entering the industry, how to make a difference, who to target and how to get the message out to there.

“Increasing the number of women in cyber security is not simply for diversity’s sake, but for the sake of the industry,” said Ian Glover, President of CREST. “One of our attendees put it best, suggesting that by consistently taking people from the same backgrounds, we’ll keep coming up with the same approaches and solutions. The first step is to work out why women are not entering the industry. Although most of our workshop attendees agreed that cyber security is welcoming to women, the perception from outside the industry is much the opposite. It is clear that this is one of the major challenges we face.”

“Whilst it was important to address the current diversity challenges that the sector faces, the main purpose of the workshop was to discuss and find ways to actually facilitate change. Areas that were felt vital when addressing the issue were education, awareness, industry perception, support, role models and barriers for entry. It was also felt that we had to be clear who to target with a campaign to ensure both short and long-term success. Finally, we discussed how to get the message across all ages, cultures and regions.”

“The workshop was a resounding success and addressed many of the issues preventing gender diversity in cyber security. These discussions are useless if we do not act and the findings will be used for all future projects.”

CREST is now looking at collaborating with existing initiatives to work together as an industry and define an agreed set of actions that will address this important issue. You can see the Closing the Gender Gap in Cybersecurity report here: http://www.crest-approved.org/wp-content/uploads/CREST-Closing-the-Gender-Gap-in-Cyber-Security.pdf

About CREST
CREST is the not-for-profit accreditation body representing the technical information security industry. CREST provides internationally recognised accreditation for organisations and individuals providing penetration testing, cyber incident response and threat intelligence services. All CREST Member Companies undergo regular and stringent assessment; while CREST qualified individuals have to pass rigorous examinations to demonstrate knowledge, skill and competence. CREST is governed by an elected Executive of experienced security professionals who also promote and develop awareness, ethics and standards within the cyber security market.

For more information contact: Allie Andrews, allie@crest-approved.org

Source: RealWire