Dubai: A lack of diversity is putting the cybersecurity industry in danger of becoming stagnant, while cybercriminals — who come from all over the world — are bringing new ideas on how to infiltrate computers systems for data or money.
“The attackers, they’re very diverse,” says Diana Kelly, Microsoft’s Field CTO (chief of technology) for cyber security, who was in Dubai last to speak at a conference. “They come from different backgrounds; they have different motivations. You have hacktivists; you have nation state attackers; you have the mercenaries that just want money, so they have different motivations coming from different countries, coming with different skill sets. So they bring a very diverse set of attack techniques. We need to have a diverse set of defenders.”
Cybersecurity has been an increasingly significant issue for companies, which is expected to cause $6 trillion in damages by 2021, according to Cybersecurity Ventures, a US-based magazine.
According to Accenture, a business management consultancy, the average cost of a cyber security attack is $2.4 million.
Kelly warned that it is easy to get into a set mindset of doing something because a company has always done in that way. “We can all do it,” she said. “We get into our own head and its almost unconscious; we’ve always done it this way and we’re going to keep doing it this way. You stop thinking creatively, especially if you have this echo chamber where everyone thinks the same way.”
In the tech industry, women often hold a smaller percentage of the overall workforce. Globally, it’s estimated that only around 30 per cent of the technology workforce in female, but the percentage is even small in the cyber security industry.
“Depending on what report you’re looking at, it’s hovering at 11, 12 per cent, of women internationally. It’s about a 5 per cent rate here in the Middle East,” Kelly said.
Kelly puts part of the disparity down to the age of the cybersecurity industry.
“I think part of it is just the maturity of the space,” she said. “You look at coding, and there are so many programs about girls with coding and trying to get women involved in coding. You’re seeing a more representative spread between the genders, where as in cyber security — it’s a little bit newer as a practice so it’s still heavily weighted.”
But Kelly also points out the diversity issues being faced in the industry aren’t just about gender.
“While we do look at the diversity of genders — male/female — the biggest part of diversity is around cognitive diversity, so bringing people from different backgrounds and different view points and skill set, that’s really, really important overall in cyber security,” she said. “When we talk about diversity and inclusion we definitely look at genders but we also want to be inclusive of all kinds of diversity.”
Kelly said that including diversity in something that Microsoft encourages in every part of the job.
“Whether it’s interacting in a meeting and stopping and listening to someone who has a different idea than you do,” she said. “Maybe it’s not a good idea but at least stop and listen and respect it, and then we’ll all decide whether it’s good later on.”
A career in cyber security?
Kelly said her advise to people considering a career in technology is that they should really find something that they love and have an absolute passion for.
“Find what you love,” she said. “I’ve been approached by a lot of people who want to go into the profession because they heard they can heard they can earn a lot of money; which is true, it’s a well paying profession, but we’re never going to solve everything.”
She compares it to becoming a cancer researcher.
“You can hope that maybe you’ll find a cure, but will you cure all cancers?”
Kelly said she got her start in technology early, starting with a programmable Texas Instruments Calculator from her father, who was a research professor at MIT Lincoln Lab, when she was nine. Because of her father, she was also able to get an account on darpa.net when she was just a young teenager. Darpa, which stands for the Defense Advanced Research Projects Agency, is an arm of the US Department of Defense responsible for the development of emerging technology for the military.
“It was just amazing,” she said. “We had instant messaging, There was email. There were games you could pay with other people. I felt like this was going to be the future.”