Vanessa Kerwick By Vanessa Kerwick,
Chief Information Security Officer,
NHS Shared Business Services

Cyber-attacks are becoming increasingly serious and widespread. Cyber-criminals are ever-more sophisticated in their techniques. And yet, despite this, the cyber-security industry is persistently failing to use all the tools at its disposal to help tackle crime – namely, the skills and talents of women. In this blog, I explore the reasons behind this and discuss potential solutions.

My experience

As a head of information security and Chief Information Security Officer (CISO) I’ve become used to being the only woman in the room. Indeed, until I joined NHS Shared Business Services (NHS SBS) I was sometimes the only woman in the department.

Here at NHS SBS, I work with a team of incredibly talented and inspirational women in senior IT roles. Seeing the benefits it brings has made me really passionate about inspiring women to join the Cyber Security industry.

Because, quite simply, the role of a CISO is pivotal in safeguarding organisations against cyber threats.

And because women often bring different educational backgrounds and life experiences to the table, they can be particularly effective CISOs. Having a diverse workforce means having a range of varying perspectives and knowledge that can be drawn from. This in turn can help organisations identify vulnerabilities that may have been overlooked and develop more effective strategies to mitigate risks.

Furthermore, diversity in cybersecurity can help organisations to better understand the needs of their customers. And women are often highly effective communicators meaning they are able to bridge gaps between technical teams, executives, and board members.

Despite progress, gender bias persists. Female cyber security specialists can often encounter skepticism or subtle discrimination.

If you don’t believe me, here’s the experience of one of my newly-appointed team members, Anne-Marie Dodge, who joined us recently as a cyber-security analyst and is really smashing it out of the park. She’s one of the best analysts I’ve ever met.

“I remember when I was at school, STEM subjects weren’t aimed at girls. Health & Social care, catering and dance were the popular subjects amongst the girls in my cohort. Thus, I ended up being the only female in my A Level Business Studies and IT classes. That was my first introduction to IT as being a future career option, and so from the outset, the image of a male dominated IT world was shaped. This was reinforced time and time again in the years that followed, but the time that sticks most in my head was attending my first cybersecurity event. There were 100 attendees, and I was the only female.

“In fact, in my first couple of tech roles, I was the only female member of the team. I didn’t really know what gender bias was, but I soon got a first-hand experience with my first cybersecurity role. I would consistently be asked to ‘look after’ the people who were in the midst of cyber-incidents but seeing my male counterpart asked to lead the technical investigations. When I questioned why I was repeatedly chosen to comfort the victim and not partake in the main investigation, I was told that I was ‘good at dealing with the criers’.

“On other occasions, I found myself being excluded from meetings where I was the subject matter expert ‘for fear that I became emotional’, because I had noted that there was an enormous 45% gender pay gap. It was after these types of occasions becoming more and more apparent, and the feeling of isolation starting to set in, that I started to look for pastures new.

“This led me to join NHS SBS, and I have never looked back. The company ethos is far different to any that I have ever experienced before. I feel like NHS SBS fosters a culture of inclusion; I am made to feel like a valuable member of our team, feel like my opinion is respected by my peers, and I am never made to feel like the mother hen figure like I’ve previously experienced. NHS SBS also have policies in place to create fair opportunities for women in the workplace, and in particular working mums, and this is a huge win for the company in my opinion. I feel like NHS SBS make staff training a priority, which makes me personally feel like I’m being nurtured and valued by the company.

“I work in a team which is led by woman, and is diverse in every respect – gender, culture, ethnicity and so on. I personally believe it’s the most effective team I’ve ever worked in.”

What can be done?

The Cyber Security industry needs to do much more to encourage girls and women into security roles, be that operational or leadership roles. Initiatives like the CyberFirst Girls Competition, run by the National Cyber Security Centre (NCSC) really help promote girls getting into cyber. We need to see more organisations doing similar.

Sponsoring coding camps, creating opportunities for work experience for females, championing the successful women we have here in cybersecurity, and pairing junior women with experienced mentors are all positive ways in which we can support the women of the future into the cybersecurity industry

Conclusion

The lack of female leadership in UK cybersecurity is a multifaceted issue. By promoting awareness, addressing biases, and implementing inclusive policies, we can create a more equitable and effective industry. It’s time to break down barriers and empower women to lead in this critical field.

  • Gender Imbalance: Women constitute only 11% of the cybersecurity workforce in the UK.
  • Leadership Gap: At the executive level, women hold only 3% of chief information security officer (CISO) positions.
  • Perceptions: Stereotypes persist, portraying cybersecurity as a male-dominated field. These stereotypes discourage women from pursuing leadership roles.
  • Implicit Bias: Unconscious biases affect hiring decisions, leading to fewer women in leadership positions. Addressing these is crucial.
  • Education and Recruitment: Encouraging girls to pursue STEM (science, technology, engineering, and mathematics) education is essential. Early exposure to cybersecurity can shape career choices.
  • Retention Challenges: Women often leave the field due to workplace culture, lack of mentorship, and limited growth opportunities.
  • Mentorship Programs: Establishing formal mentorship programs can help women navigate their careers and build networks.
  • Sponsorship: Leaders should actively sponsor and advocate for talented women, ensuring their visibility and advancement.

 

Share