AISA 2016: Curiousity and diversity are critical for infosec success
- 28 October, 2016 06:11
One of the most contentious issues facing organisations today is the need for diversity. Diversity in gender, ethnicity, educational background and attitude can be an incredibly valuable asset to organisations that are open to it.
Jane Frankland spoke about this important topic during the recent AISA conference. Frankland is the founder of KnewStart, an organisation that helps cyber security entrepreneurs start-up and scale profitable global businesses.
She is passionate about finding ways for companies to become culturally able to embrace diversity through their actions and not just on paper.
I asked Frankland why diversity is important for security.
“McKinsey and Co reported that if we have gender equality by 2025 we would add $228 trillion to global GDP. When women are in any business profits increase. We’re more productive, there’s more innovation and we stay on schedule and to budget much more than if we’ve got homogenous teams”.
Those benefits extend beyond the workplace she says with greater involvement in charities.
“In security, women see risk in a different way to men. We are very different. It’s good to be different, particularly in security”.
One of the less politically popular views Frankland espouses is that women are biologically different to men. Because of their role in child-bearing a rearing, women are often more risk averse than men she says.
Importantly, this is not a binary position Frankland says. And while she sticks to her guns on this, Frankland does accept that it is not a universally popular view and has received significant backlash for her views. But she notes plenty of research backs up her view.
“I’m not saying I’m the expert on that. I’m only drawing on the research I’ve found”.
When trying to educate a buisness on these issues, Frankland says the key is to get the message out there that it’s OK to be different. Her goal is not to necessarily solve the problem of diversity in organisations but, rather, to get it out there and to present the research from experts.
When it comes to creating a pathway for girls to engage with the potential with a technical career at the beginning of primary education, through to potential recruitment, Frankland says it’s important to consider it from a cultural perspective as well as purely as a gender issue.
“If you look at India, there’s no problem with educating boys and girls in technology and cybersecurity. Parents in the playground will brag about their girls being fantastic – they don’t have the same issues we have in the Western world”.
The challenge in India is that skilled women leave the workplace when they marry or have children. So addressing diversity there requires different solutions.
“In the west we have a problem in education in the early stages where it’s not seen to be cool by girls to do tech,” says Frankland.
One of the important things is to broaden the focus on STEM - science, technology, engineering and maths – to include the Arts. So, STEAM becomes a form of introducing diversity, not just in gender, but also in how students learn problem solving skills.
When it comes to Australia, Frankland says the lack of female CISOs and other technology leaders is a significant issue. While there are lots of women working in security, Frankland’s observation is that few move into leadership roles.
One of the issues that women don’t aspire to those roles because they aren’t attracted to the accompanying lifestyle. Also, there’s a question of risk and many women prefer to stick together rather than stand out.
As far as identifying the talent hidden inside organisations and addressing the skills shortage for security professionals, Frankland says she disagrees with the assertion that there is a skills shortage.
“The talent is there. Many of them are graduates who have a computer science degree. Or they could work in IT”.
But there are many people with the requisite skills who left the industry for whatever reasons and are trying to re-enter without success. Also, it’s important to listen to people who are genuinely interested in entering a career in information security, even if they aren’t there yet.
"Instead of looking at qualifications and things like that, look at the skill sets you need for the job. And if you need qualifications you get those later”.
When it comes to a choice between domain knowledge or curiousity, Frankland says it’s the latter she values most.
“Simply because technology is motivating so fast, the ability to know how to learn and keep on learning is really important”.