3 minute read 11 Dec 2019
672157207

How can inclusive recruitment meet the growing demand for cybersecurity expertise?

By Andy Deprez

EY Belgium Technology Consulting Partner

Cybersecurity and technology enthusiast. Passionate about empowering people to succeed. Cycling buff.

3 minute read 11 Dec 2019

Organisations need more women, neurodiverse individuals and those from different cultural backgrounds to focus on cybersecurity to meet increased online security challenges.

Diversity & Inclusion (D&I) strategies, improved in-house training and alternative career paths can help meet the employment shortfall in cybersecurity.

As more companies modernise, streamline and speed up their processes through digital transformation, the cybersecurity risk increases. The need for greater investment in cybersecurity is becoming increasingly apparent, but the training and certification organisation (ISC)² estimates that by 2022 around 1.8 million cybersecurity jobs globally could remain unfilled. To meet this challenge, companies such as EY are looking at ways of widening the pool of job applicants to include more women, more neurodiverse individuals and those from culturally diverse backgrounds. Positive role models are needed to change the currently popular image of the cyber professional as the young male in the hoodie.

A process of defence

Indeed, cybersecurity is not simply a counterpoint to hacking, but rather a process of defence that can involve behavioural analysis as well as the search for technical solutions. It is important to recognise that the skill sets of project managers, for example, are transferable to a cybersecurity context. But for this transition, better in-house training capacity is essential. Such a focus on training to date has been lacking, compounded in the wider context by a lack of academic programmes dedicated to the subject.

Positive role models

EY has focused on creating multidisciplinary teams to better utilise the human resources that it has available. This includes a strong focus on women, who make up just 11-25% of all employees engaged in cybersecurity. To blaze the trail for other women to follow, EY is inviting inspiring women to the workplace to give talks about their careers. But efforts should amount to more than just tick-boxing and politically correct exercises. Governmental and NGO-led initiatives have been shown to significantly increase the share of women working in the field and thus increase available expertise. For example, in India, women comprise 34% of cyber professionals, in part due to government-initiated schemes that promote STEM education for women.

We don’t just focus on the gender issue as a barrier, but highlight the positive possibilities for a career in cyber.
Naina Bhattacharya
EY EMEIA Consulting Cybersecurity Director

India also benefits from a more supportive culture for women in general in this regard, although Nelia Gulati, an EY manager based in the country who participated in a Diversity and Inclusiveness Workshop in Brussels, says that it still needs more role models. Fellow participant at the event Maiysa Al-Dhanki, an assistant manager in Oman, also points to cultural expectations as a barrier for women in the Middle East – but she is optimistic that the situation will improve, especially as a result of the hosting at high-profile international events in the coming years that will open up the region to a diverse range of people.

Those on the autistic spectrum go the extra mile in detecting cybersecurity risk.
Andy Deprez
EY Belgium Technology Consulting Partner

Autism-scale employee potential

Another major barrier that is being addressed is the issue of neuro diversity. EY is pioneering the employment of those that score high on the autism spectrum, emphasising the value that such individuals can bring to the workplace, especially with regards to cybersecurity. Investigating potential risk areas for online security requires a thorough, exacting mindset, and EY believes that certain personality types could be especially suited to going that extramile. That difference could prevent a breach of security from occurring.

In search of those special talents

However, EY recognises that diverse candidates considering a career in cybersecurity might feel excluded from the typical career path offered by a consultancy. It is therefore working with several relevant NGOs on pilot initiatives to find candidates for specific employment positions. These partner organisations are also helping set up adapted interview processes, which are then followed by an integration process and special training for the teams that such employees are joining.

EY is showing the outside world that it is pioneering technical career paths within its organisation.
Andy Deprez
EY Belgium Technology Consulting Partner

Alternative career paths

Earlier this year, EY addressed a further barrier to filling cybersecurity positions and retaining staff: the conventional consulting career path. Consultancies have traditionally offered their employees standard career development journeys, but EY has recognised that set paths are not a one-size-fits-all offer. Not every employee is temperamentally suited to selling and business development – a traditional senior career stage – and the option of focusing on technical aspects of the business is now being offered. In short, more people are being employed into technical roles such as engineers, system architects and penetration testers. Changing job titles is not a cosmetic measure, but one that EY believes can attract a wide range of technically inclined candidates. Nor is it a case of tinkering around the edges: already around 20% of EY employees have embarked on an alternative career track.

Newsletters EY Belgium

Subscribe to one of our newsletters and stay up to date of our latest news, insights, events or more. 

Subscribe

Summary

EY is pioneering strategies to include a wider range of employment profiles engaged in addressing the growing cybersecurity threat: from more women to pilot initiatives that reach out to those who score highly on the autism scale. It is also restructuring its career path options to encourage applications from those with technical skills and to allow greater flexibility for existing staff. The limiting stereotype of a cybersecurity professional can be challenged by highlighting role models from diverse backgrounds who have a range of skill sets.

About this article

By Andy Deprez

EY Belgium Technology Consulting Partner

Cybersecurity and technology enthusiast. Passionate about empowering people to succeed. Cycling buff.