Skip to main content
Creating a new NHS England: Health Education England, NHS Digital and NHS England have merged. More about the merger.
Blog

Why diversity is not a 'nice to have' in cyber

Vicky Axon, NHS Digital's Regional Security Lead, says monocultures breed security weaknesses and we are still struggling to get the variety of backgrounds we need in NHS cyber teams.
Author:
, Regional Cyber Security Lead
Date:
Topic:
Cyber and data security

Put simply, cyber has a diversity problem.

We’ve known this for years, but, on many measures, we are not seeing the range of candidates applying for roles that we need.

Vicky Axon who is NHS Digital's Regional Security Lead

The reasons why candidates don’t apply are varied and complex, but I want to concentrate here on why diversity is so important in cyber security work. I mean “diversity” in its fullest and most fundamental sense: people contributing from different backgrounds, different viewpoints, different abilities, different ethnicities, different cultural backgrounds, different gender identities, and different ways of thinking.

Cyber criminals don’t follow traditional patterns when attacking an organisation. They don’t reference a rulebook or only come from STEM (Science, Technology, Engineering and Maths) backgrounds. They haven’t all got the same upbringing or journey through the educational system and society.

Cyber isn't one job. It isn't, as the stereotypes have it, sitting in front of a screen in the dark with a blinking green cursor requesting a password.

So, if our adversaries are thinking differently about how they can execute an attack against the NHS, then so must we. And one way to improve our chances of doing this is recruiting people with diverse experiences and skills. A diverse team can help us see the same problem through a variety of lenses. We can challenge our thinking and ensure we aren’t all approaching a problem in the same way. We can stay a step ahead.

In terms of educational background, some of the best people I’ve worked with have been from non-STEM backgrounds. I’ve worked with people from marketing, criminology, finance, and other areas who have all been extremely effective.

Cyber isn’t one job. It isn’t, as the stereotypes have it, sitting in front of a screen in the dark with a blinking green cursor requesting a password. It isn’t running around with alarms going off because you’re being ‘hacked’.

Technical skills have a very important place, but this work is also about building relationships, having great communication and listening skills, and being able to think creatively, see new problems and solve them in new ways.

My message to potential candidates who want to contribute is to take a leap of faith and apply. Don’t be put off a rewarding and incredibly important career just because you don’t have a degree in the field or don’t feel you will “fit the mould”. If you’re passionate about protecting the NHS and are willing to challenge traditional ways of thinking, we want to hear from you.

Related subjects

Toby Griffiths, Head of Innovation and Delivery for NHS Digital's Data Security Centre, discusses how we have tackled cyber security issues and how we are addressing 'security debt' brought about by the pandemic.
Ransomware is a growing threat across the health and care system. NHS cyber security experts describe how it can affect organisations and what is being done to combat it.

Share this page

Author

Vicky Axon

Vicky Axon

Regional Cyber Security Lead,

Latest blogs

A hand holds a mobile phone showing a GP enquiry form on the NHS App
By Dan Collins. 7 December 2022 Expanding online consultations in the NHS App

Dan Collins, Senior Product Manager for the NHS App, explains why we want to open up the app to more suppliers offering online consultation services and welcomes the latest service to integrate.
Dr Manpreet Pujara stands in a building in front of a banner
By Manpreet Pujara. 15 November 2022 How to talk to busy teams about cyber security

Manpreet Pujara, Clinical Director for Patient Safety and Freedom to Speak up Guardian, says everyone working in health and care has a role in protecting the NHS from cyber attacks, and that clear, supportive messaging will help people do their bit.
Associate Director of Cyber Delivery Cathy O'Keefe sits at a desk
By Cathy O'Keeffe. 9 November 2022 Building diversity from the ground up

Cathy O’Keeffe, Associate Director of Cyber Delivery, says improving the diversity of our teams is crucial to the successful delivery of cyber security across the health and care system.

Last edited: 13 June 2023 9:50 am