Although cyber security is one of the most popular and fastest growing fields in technology, the number of women working in the industry still remains low. And this is just one area of under representation that needs to improve. Supporting more neurodiverse candidates and facilitating non-traditional routes into the profession are equally important, as highlighted by the UK Cyber Security Council.  

Some of this comes down to how we attract talent and thinking carefully about the skill sets that are required for different roles, making sure we consider the language in our job adverts, and that we offer flexibility and a variety of application methods.  But I believe we also need to commit to a long-term, active approach to developing our own people. We must bring in a wide variety of colleagues into more junior roles and grow our own diversity.  

When we look at the current labour market and the dominance of particular characteristics, we’re actually looking at the past. In cyber security, for example, we’ve often benefitted from the related experience of people with military or law enforcement backgrounds.  

Recruitment practices may be changing in the sectors we draw from, but we will need to wait a long time for that to play through among more experienced applicants. Even then, we won’t necessarily be getting the variety of backgrounds and viewpoints that could particularly help us. 

Historically, cyber security has been a male dominated profession. Things are changing but as a female senior leader, I’m still in the minority. I also come from the frontline NHS and that, too, is a bit different. I worked for many years as a radiographer and then as a head of IT and a deputy CIO and that NHS background does give me something to give back to the team. As cyber security evolves, so do our roles and we are all constantly learning and improving.  

By reducing the dominance of a particular set of characteristics, we will likely broaden our perspectives in other ways. If we can get more women into our team, for example, we’ll probably bring in different career experiences and professional backgrounds, and vice versa. That doesn’t mean we won’t continue to value and draw on our traditional recruiting grounds and skill sets, but by bringing that expertise into a more diverse and inclusive team we will improve our chances of making good decisions. 

There’s a huge amount of opportunity in cyber. The skills required for some specialist cyber security roles are in great demand within the industry, which can mean colleagues in those positions don’t always remain in the same role for a long time before heading to another opportunity. This poses a problem for a team trying to grow our own diversity because as soon as we have trained people up, we risk losing them. 

We can do something about this though, by redoubling our efforts to make individuals feel included and supported. We want people to feel we are the right place for them, whatever their background. We have huge advantages. In terms of motivation and feeling you are contributing, it’s hard to beat the NHS. It’s about societal good. What we do really does matter.  

But that is not enough. People also need to feel they belong in our team. They need to see people like themselves progressing. The aim is to nurture diversity in its true sense. That includes, but goes beyond, colour, gender identity, disability, or neurodiversity. It embraces everyone. As Vicky put it, it is about “people contributing from different backgrounds, different viewpoints, different abilities, different ethnicities, different cultural backgrounds, different gender identities, and different ways of thinking.” 

There are particular areas where we know we need to improve. We are about to start up a women in cyber group between us and NHS England, and another one for the Cyber Associates Network (CAN). We’ve also got listening exercises going on in our Cyber Operations directorate at the minute, so people can have their voice heard and shape how we move forward. We can also understand if people feel they’ve been underrepresented and haven’t been listened to.  

We’re also looking at introducing mentoring and reverse mentoring, so we can get information flowing, and we’ve set up a series of workstreams about making cyber security a better place to work. They are run by our staff, who are going to come back in the next 4 to 6 weeks with their plans on how we can improve.  

Of course, we’re still going to have people who want to leave to explore other opportunities. We were really disappointed to lose a really valued junior employee to industry recently, for instance. That’s normal and might absolutely be the right thing for the individual, but we want those who do leave to be feeling that our team was a place where they were valued and supported on their career journey. We also want them to think about coming back to us in the future to help us protect the NHS.