If we are to #BreakTheBias it’s important to understand what bias means as it can be confused with prejudice and discrimination.
Bias is the inclination away from (or towards) a particular way of thinking and is created because of how and where we were raised, the thoughts and opinions of our families, the school we went to, the books we read, news we believe and our own life experiences.
Prejudice is a preconceived opinion or feeling towards a person based on their association with a group, religion, or organisation. Such as if you are raised to believe that
Discrimination is when prejudice is acted upon such as not hiring someone because they are Catholic or are from a minority group.
Bias exists on a complex spectrum (see image 1 and image 2). To further understand these complexities, we need to know that cognitive bias is the process of making decisions based on those biases’.
For this article, I will be focussing on a couple of elements as they pertain to my personal experience and observations in the world of cybersecurity and technology.
Bias in Education
Historically, cybersecurity and IT have been a focus for men. During my last year at Highschool (1989), I had high hopes to pursue a career in Information Security as a System Analyst and was told by multiple career counsellors, in no certain terms, that I should look for another career path as a career in computers (technology) wasn’t suitable for me as a woman. This broke my heart as my grades in Computing (the subject at the time) were outstanding and my teacher gave me extra work to do as my brain was clearly designed for it. Not to mention I loved it and could lose myself in writing code for hours.
NB: I would like to point out that my computer teacher, Mr Roberts told me in no uncertain terms to follow my passion. Perhaps the worst part was I disengaged completely from studying in my final year of school as I could not see the point.
I did follow my passion eventually.
I don’t have tertiary qualifications, but what I do have is a very particular set of skills, skills that I have acquired over a very long career.
Skills that make me a nightmare for anyone who thinks cybersecurity education and awareness is not necessary.
For us, to #BreakTheBias here roles in cybersecurity need to be encouraged at an early age. Things have moved in a positive direction since 1989, however, I believe that the element of creativity and neurodiversity has been forgotten as the focus is on STEM. Cybersecurity requires skills across every single discipline, not just science, technology, engineering, and maths. I failed maths in my last year of high school whilst overachieving in computing studies. I was told I had to study maths if I wanted to study computing and that they were one and the same.
Unbelievable and yet completely true.
Bias in Hiring
The bias in hiring women in cybersecurity is still evident by the lack of women in the sector. I would like to point out that this is not about filling quotas or ticking boxes. You only need to do a search on LinkedIn or SEEK and read the job ads for cybersecurity. It’s reported that women represent only 24 per cent of the global cybersecurity workforce and are experiencing a significant pay gap with their male peers[1].
Working in cybersecurity is not easy. The hours are long, the stressors are high, depending on your role it can be hard. Bias can come into play here where some hiring managers for new roles may overlook applications from women believing that the job might be too much for them to handle.
Let’s make this clear. If a man or woman applies for a role, it means they are aware of what the role is. Please don’t allow bias to creep in. Never assume – it makes an ass out of u and me.
Let’s also discuss the sometimes-ridiculous list of qualifications, experience and knowledge that are included on job ads these days. Skills can be taught. Attitude, culture fit, and decency can’t be. Oh, don’t forget neurodiversity either. People who think differently do things differently and we need that now more than ever.
For us, to #BreakTheBias here employers must take the lead and ensure that a career in cybersecurity is welcoming for everyone. Transferable skills such as communication, change management, learning and development, stakeholder management, project management are all required in cybersecurity.
Bias in the Workplace
This is an interesting one as of course there is bias in the workplace with only 24 per cent of women working in cybersecurity. There is also a huge gap in women in leadership positions within cybersecurity. On more than one occasion, I have seen women, who are as capable as their male peers (sometimes with more experience than them) be overlooked for leadership roles. Cybersecurity Ventures predicts that women will represent 30 per cent of the global cybersecurity workforce by 2025, and that will reach 35 per cent by 2031[2].
From personal experience, I have been in meetings where I am the only female, and I will be asked to take notes for the meeting. Every. Single. Time. Why? Bias. There have also been occasions where ideas or solutions have been put forward to a group by a woman and somehow, they get spun around to become the idea of a male peer. Why? Bias.
To #BreakTheBias in the workplace will take time. Situational awareness, emotional intelligence and understanding what bias is and how unconscious bias works is a good place to start. If you see or hear something, say something.
Final thoughts
I choose to believe most people don’t intentionally do what they do and the examples I shared here are learned behaviour.
International Women’s Day 2022 is a day for us all to reflect on what present and future we want for our girls and women (and yes, for those who identify as women). #BreakTheBias is only possible with open and honest conversations.
Jacqueline Jayne
[1] https://www.isc2.org/Research/Women-in-Cybersecurity#:~:text=This%20new%20look%20at%20the,leadership%20positions%20in%20higher%20numbers.