As cybersecurity risks continue to increase and become a C-level key concern, the whole sector is undergoing a boom. Gartner recently forecasted that worldwide enterprise security spend would reach $96.3 billion in 2018, an increase of 8 percent from 2017. This has resulted in a proliferation of cybersecurity startups. According to CB Insights, cybersecurity startups raised $7.6 billion in venture capital investments throughout 2017 – twice as much as the $3.8 billion recorded in 2016.
There isn't the issue of ingrained culture and processes – you have the opportunity to literally start from scratch, to try and do things right.
Nowhere is this important than in the field of diversity and inclusion. Cybersecurity is renowned for being a ‘pale, male, stale' industry and it's high time to break these barriers, by walking the walk, not just talking the talk.
By both being part of a startup from the beginning, we can share best practices on how we addressed this and are continuing to work to make our company part of a new breed of inclusive, diverse cybersecurity employers.
Start as you mean to go on
Obviously, when you first form a company the onus is squarely on the logistical priorities.
However, you can't underestimate how these early days form a company's culture. Whilst we recognized very early that promoting diversity and especially women in this sector is a ‘good thing', most of the initiatives have grown organically because of individual passions, and an innate feeling that this is something we should be doing – rather than as part of a wider company strategy.
As individuals we realized early on that even if we don't know the answers, it's still important to ask the questions anyway. So, in the early days, we were eager to start the important conversations to make sure that phrases like “gender bias” and “diversity” were part of our daily lexicon.
Initially, this was via our #diversity-in-tech Slack channel which everyone gets added to when they join and is used for sharing blogs, resources and asking any questions.
More recently we've supplemented this with our “Doughnuts for diversity” discussion sessions. To provide an additional forum for discussion and support for all employees who identify as women, we founded “Panawomen” and meet monthly to discuss how to overcome any challenges we've encountered.
Over the last year, we've also been proactive in trying to get a more diverse candidate pool for our open roles, by scanning our job adverts for gendered language with augmented writing tools, reducing the number of “required” skills, and reaching out to women in tech networks to promote our positions.
We created a new staff handbook with clear statements about how we expect employees to behave, complete with our diversity statement and anti-harassment policy.
The leadership team has always championed the women of Panaseer – encouraging us to get involved with speaking engagements to improve our profiles and we've also been nominated by our colleagues for various awards.
Sharing best practices
When you first start a company you can't help but have a fairly unstructured approach to diversity and inclusion. However, it's key to document what works so that you can learn lessons and re-implement and refine what works best.
For us, what's worked well is recruiting people that share our passion – it's resulted in a company brimming people who realize that diversity is crucial to business success and that a lack of women in tech is an issue we all should care about.
We have also found that sharing this perspective in the public domain is key. It enables us to truly live and share our passion. We have spoken at various industry events, including the Diana Initiative (an event that runs alongside the infamous Defcon).
We have also successfully hosted an all-female panel at a company Meetup event (where all speakers talked on their work not “women in tech issues.”). All of this increases our visibility in the sector, ear-marking us as a company that cares about diversity and hopefully providing role models to other women hoping to join us.
Following our recruitment-related efforts we hired another female data scientist to the team, who cited our inclusive environment as a big factor in her decision to join.
Learnings for industry
We're often asked for thoughts on how the issue surrounding the lack of women in security can be addressed, and it's a difficult question to answer because there isn't an easy fix.
Responsibilities lie across the board from teachers in schools who need to make sure they're encouraging more girls into tech subjects, to parents who can help by consciously erasing the gender lines in terms of what jobs are available to whom, being careful not to push their children towards certain careers based on old-fashioned perceptions.
There are working practices that employers can implement to make roles more appealing to women who are often the primary caregiver in terms of childcare.
Flexible working, remote working and allowing parents to earn a full-time salary for a four-day week if they can get the necessary work done should all be considered.
It is predicted there will be a global shortfall of skills to the tune of 3.5 million open cybersecurity jobs by 2021, according to research from Cybersecurity Ventures.
Given the importance of this industry in the way it touches all of our lives, this is a staggering and frankly quite scary number.
It is the responsibility of everyone working in this sector to demonstrate inclusivity and promote diversity in everything we do so that people who have previously felt excluded are confident in putting themselves forward for these roles.
Sophie Harrison is chief of staff
Leila Powell is data scientist at Panaseer.
