In recent years, stories of cyber-attacks have invaded our news streams, TVs, and for some unlucky companies, bank balances. The Wannacry ransomware attack earlier this year affected over 200,000 companies in 150 countries, serving as a wake-up call for businesses around the world. Governments, corporates, tech giants and SMEs are standing up and paying attention.
J.P Morgan Chase & Co has doubled their annual cybersecurity budget, Microsoft is investing over $1 billion annually and Bank of America has set aside an unlimited budget. Start-ups are also cleaning up, with Series A and seed funding being pumped into the cybersecurity industry. Last year, investors backed cybersecurity companies to the tune of $3.5bn via more than 400 deals. And just last week, the government announced the development of a new cybersecurity innovation hub which will see up to £14.5m invested over the next three years, and will reinforce the UK’s growing reputation as a cybersecurity leader – the sector is currently worth over £22bn to the economy. With spending on cybersecurity set to exceed $1 trillion between 2017 and 2021 globally, it’s hardly surprising that companies are rushing to batten down the hatches before the storm hits.
That storm, by the way, is twofold. To avoid getting hit too hard, companies will need to have both the infrastructure and the talent in place to respond to rampant security threats – one without the other will be moot. And while the former requires bigger budgets, the latter requires tactics. Cybersecurity is a skill scarce market and that’s only set to be exacerbated as demand increases – if we’re not already in the eye of it, we soon will be. And we’re not being melodramatic. McAfee’s Center for Strategic and International studies has estimated there will be up to two million unfilled roles in cybersecurity in the next two years, and 82% of businesses are witnessing a cybersecurity shortage.
So we know what you’re thinking: well, onezeero., what are you going to do about it? Well, we think we have a rather novel solution. Literally. We’re talking about headhunting Lisbeth Salander, the protagonist of The Girl with the Dragon Tattoo. Hear us out, we haven’t lost our marbles, we promise.
You see, for all the siren-sounding about a skills shortage, there is one demographic that is seriously underrepresented. That hacking is traditionally seen as the pursuit of anti-establishment, socially inept teenage boys or the activity of James Bond-esque ‘Q’ characters, has issues in itself, however with such a developing market, it’s deeply concerning that women make up only 11% of the world’s information security workforce. Faced with reports of sexual harassment at security and hacking conferences, marginalisation in online forums and misplaced campaigns such as IBM’s #HackAHairDryer campaign on Twitter, it’s unsurprising that cybersecurity can appear like an untouchable environment to women. According to the ‘2017 Global Information Security Workforce Study: Women in Cybersecurity’, a disturbing 51% of women have experienced discrimination in the cybersecurity industry and 28% of women felt that their opinion was not valued in the workplace. Oh, and did we mention that despite the median cybersecurity salary reportedly at least 2.7 times the average wage, women in cybersecurity earn less than men at every level and are nine times less likely to hold managerial positions than their male counterparts.
And yet, woman might be a safer bet in cybersecurity. Increasingly, companies are turning to former hackers to pump up their scarce skill cybersecurity intake – hence the emergence of hackathons and bug bounties – and with good reason. Hackers have an outside perspective on cybersecurity that a traditional techie might miss, including loopholes and shortcuts that can be exploited. But how can you ensure that your entrusted hacker isn’t actually a black hat in disguise?
Well, it’s not easy, but there may be one trick to safeguard against this…hire female hackers. Yes, that’s right. Sociologists have found that women are less likely to be “crackers” operating on the dark side of the law, and more likely to be hacktivisists, hacking with a moral agenda – à la Lisbeth Salander. One possible explanation for this could be that women allegedly have a stronger moral compass in business than men, and are less likely to be drawn into the show of male bravado sometimes associated with hacking (see Machismo and the Hacker Mentality). To push this point further, women have already made a significant contribution to the hacker community, with hacktivists and white hat hackers including the likes of Joanna Rutkowska, who caused sensation when she publicly hacked into Windows Vista at the Black Hat Briefing Conference and now runs an international security firm, and Raven Adler who became the first female to give a technical presentation at DefCon and is a specialist senior security consultant to public and private organisations. In short, to curb the enduring skill shortage while tapping into hacking skills safely, hire yourself a Lisbeth (or get us to do it for you!).
Once upon a time, hiring any sort of hacker was tricky business. The nature of their work means they’re not exactly advertising on billboards. However, the advents of hackathons, female-only hacking groups and international social justice groups have become a breeding ground for female hackers to put their talents to good use. Check out Femhack, Women Hack For Non Profits and the Women in Cyber Security (WICS) Group for starters. The vigilante tendency of female hackers should arguably make these communities easier to tap into: an absolute result for companies looking for someone to captain their ship to safety in turbulent waters.
In order to tackle the impending global skill shortage for cybersecurity professionals, it is therefore vital that we start to tap into these talent pools. That might mean addressing inequality in the workplace, finding new avenues and networks to explore or providing leadership development plans for women. Ultimately though, these actions start in one place: we must escape the cliché of the dominant, uber-intelligent, reclusive hacker and shift it to that of an intelligent, independent and ultimately moral individual – male or female. Only then can we start to appeal to a community which, if barely visible, is certainly there and certainly hungry for change – in more ways than one. In short, it’s time to headhunt Lisbeth Salander.