The cyber security industry must look beyond technically trained professionals to increase overall diversity.
That is according to the Director of Cyber Resilience Initiatives ACS, Jill Slay, who recently spoke on a Women in Security panel at the first McAfee Asia Pacific MPOWER Cyber Security Summit in Sydney.
Slay joined a host of cyber security experts on the panel, including COO at the Australian Cyber Security Growth Network, Michelle Price, and Chief Information Security Officer at the Australian Government Department of Human Services; Narelle Devine.
Slay was quick to point out their very different professional backgrounds. Michelle Price previously had a career in policy making, whereas Narelle Devine served 23 years as a Commander for the Royal Australian Navy.
Slay believes this wide professional variety may be the indicative of how the cyber security industry will look like in the future.
“Many of the women who are cyber security professionals are not ICT professionals,” she said.
“The work that they will do will be based on their background in communications or marketing, and a lot of the other skills are actually self-taught.”
Slay herself has taken on cyber security with a cross-disciplinary approach, with her research drawing from fields of social sciences, anthropology and justice studies.
“I think the problem they come up against, I even come up against it too, is that some of the snobby, engineering professors hear me call myself a cyber security professional, they look at my research outputs and see that I’ve studied law and anthropology as well, and they say, ‘she’s not technical, she’s soft.’”
She is now committed to changing the face of cyber security, and she believes that to do this, we might need to change the way we think.
“I was part of putting together a report for Prime Minister and Cabinet on how to get women into cyber security and retain them, and part of the arguments I’ve made are we need to accept nationally that cyber security is not only a technical role, it’s a multidisciplinary role.
“The government is saying where women want to have technical skills in cyber security, they want organisations and universities to support that; but there’s a strong voice among women saying 'I can be a cyber security expert without having a technical background'.”
This then begs the question – who really is a cyber security professional?
Earlier this year, Slay headed the ACS Cyber Taskforce, to review Australian frameworks on cyber security.
A major outcome of this – ACS launching the world’s first cyber security certification scheme – not only provides professionals with certification, but also defines the requirements of a cyber professional.
“New definitions which are coming out of many professional bodies, and I would include ACS, is that there are many ways into cyber security, so as long as someone is bringing the required ICT background, which is not always super technical programming, they can be considered professionals.
“The thing that ACS has done is, we’ve defined a CT [Certified Technologist] a CP [Certified Professional] in cyber, in terms of SFIA skills and in terms of work experience,” Slay said. “So now we have a definition of a cyber security professional.”