How to solve the lack of educational diversity within global cybersecurity
The lack of talent and diversity in cybersecurity is serious and the trend is not optimistic. But there is a group of young people who have decided to tackle this problem and the odds are that they could do it all. Meet the fantastic Kathy Liu.
URelles: You studied public affairs at university. How did you change your career?
Kathy Liu: Yes, I studied International Economic and Financial policy at university, and I had never imagined I could venture into cybersecurity. In my last semester, I wanted to escape corporate finance classes, so I took 2 cyber courses as electives. 1 month later, I was completely hooked, but I knew it would be a huge uphill battle to make the career transition.
I frantically tried to cram my technical skills like it was a test, but came to the realisation that rather than trying to become someone I was not, I should position who I am as a strength – and that is a Public Policy student with strong communication skills, ability to discern actionable information, and an keen understanding of international financial regulations. Looking back, I know that being a Public Policy student was a differentiator, and that, alongside my profound passion for the topic and willingness to upskill, are 3 factors that enabled me to U-turn my career in 4 months and transition to cybersecurity.
« I came to the realisation that rather than trying to become someone I was not, I should position who I am as a strength » – Kathy Liu
URelles: Why do you love so much the cybersecurity industry?
Kathy Liu: Cybersecurity is misunderstood. Many negatively connotate cybersecurity with stringent controls and compliance requirements. I love this industry because rather than being a bottleneck, it has enormous potential for good and creativity. Even though I don’t work directly in Public Policy anymore, that part of me always values cybersecurity as a public good that safeguards digital trust, and sparks technological innovations.
Many also perceive cybersecurity the way Hollywood films portray it: frantic keyboard typing, server rooms, terminals. This is a one-dimensional portrayal that does injustice to the dynamism that cybersecurity has to offer. It is a cross-cutting industry that touches just about every facet of our lives: finance, healthcare, retail. At the end of the day, it’s important to remember, good cybersecurity does not just benefit the large organisations, but benefits everyday people like us.
URelles: What is an average day for you at work? What does it look like?
Kathy Liu: This is the question I find the hardest to answer! Working in the intersection of cybersecurity and consulting is like wearing two bold patterns together – it’s exciting and it’s loud, and it’s certainly not average. I would say that the core of my work is helping my clients solve their cybersecurity challenges, whether that is to secure a large IT transformation, conduct assessments of enterprise cyber capabilities, design and execute Tabletop Exercise, or to operationalise a new cyber team. Cyber consulting offers latitude in working across many distinct cyber capabilities, but gives you enough depth to specialise. I personally align to Cyber Strategy and Governance, and specialise in Data Protection and Privacy. And yes, as a consultant, I do make the occasional Powerpoint deck 😉
URelles: You are part of an initiative called Global Shapers Montreal. A group of 40 young people trying to change the world. What is it about?
Kathy Liu: You are too kind in your words. We hope by changing our local communities, that we can contribute a part to changing the world.
The Global Shapers is an initiative of the World Economic Forum, it is a network of 9000+ young people driving dialogue, action and change in 148 countries. The Montreal hub is one of the 400+ global hubs. Each hub has a mandate to deliver projects within 3 main areas of impact, two of which that I focus on are Education and Employment, and Equity & Inclusion.
Through the Global Shapers, I have had the space to create a project from scratch, the opportunity to speak about cyber talent in Atlanta, and give a cyber webinar to Shapers from Medellin to Mumbai. However, the true opportunity has always been to affect evidence-based impact work through leveraging our grassroots community knowledge and global perspectives. I have learnt so much from my fellow Shapers and I encourage, no, I implore, any young changemakers to consider applying to become part of this global family.
URelles: How is the shortage of talents hurting the tech industry and especially cybersecurity?
Kathy Liu: You are right, there is, give or take, 1.5 – 2.3 million global cyber talent gap. But it’s not necessarily just the shortage of talent that is hurting the industry, it is also the shortage of diversity.
Globally 70% of North American cybersecurity talent comes from an IT background, this disproportionately affects women and minorities, who tend to be underrepresented in IT degrees.
This is hurting the cybersecurity industry because:
- Our cyber workforce and skills need to be as diverse as the evolving cyber challenges.
- We need diverse representation that understands the cultural and gender nuances that determine how technology will influence society and negatively affect certain populations
- With their unique set of transferable skills and knowledge, multidisciplinary talent from non-IT backgrounds constitutes an as-yet under-utilised talent pool that will help bridge the global on cyber talent gap.
URelles: One of your initiatives at Global Shapers, to fix the shortage, is Inclusive Cyber Talent. Could you tell us more?
Kathy Liu: Absolutely! I am so proud of all the work we have done in the past year in growing this initiative to the force it is today. The issue our Global Shapers initiative is committed to solving is the lack of educational diversity within global cyber talent. Cyber organisations undermine recruitment by not mirroring the diverse communities from which they are looking to recruit. Women, immigrants,minorities and indigenous populations are left behind in IT fields and are thus disproportionately affected.
We are building a transferable skills mapping toolkit that gives students and recruiters a common, standardised language to communicate the value of existing transferable non-IT skills, and match these skills to suitable cyber roles.
As data points, the tool combines:
- Detailed self-reported transferable skills from 20+ (more planned) education disciplines
- Cyber industry hiring requirements queried from real job posts
- Standardised Knowledge, Skills and Abilities (KSAs) from the NIST’s NICE Cybersecurity Workforce Framework
- 14 cybersecurity job categories, each with its own sub-roles
We assess and synthesise the above to recommend the best fit cybersecurity jobs for a non-IT applicant. Scaled globally, our solution mobilises more underrepresented talent into good cyber and other tech jobs and ensures our future workforce is as diverse as the challenges we are facing.
The team is currently looking for product testers, so if you are a university student from a non-IT field, a cyber recruiter, or a career service officer from a university, reach out to us at firstname.lastname@example.org. You can read more about our solution here.
URelles: THis could be a solution applicable to any industry that lack talents?
Kathy Liu: Absolutely, the methodology itself can be transposed to any other New Economy industry where:
- There is a gap between talent supply and demand
- There is a lack of diversity in the talent pool
- There are perceptions or misconceptions around who can perform this job
- There is a need for skills that might not be immediately obvious i.e. the need for project management, governance, and policy in an IT role.
This is what success looks like to us, and you will see these criteria are independent of industry:
- Create pathways into meaningful work in industry for underrepresented groups
- Increase employability for individuals from underrepresented backgrounds
- Challenge industry and academia to change hiring and recruitment practices to become more adaptable, inclusive, and progressive (e.g., this can be measured by language change in recruitment/ admissions notices)
- Reduce the skills gaps of Fourth Industrial Revolution roles and fill currently vacant jobs
I ultimately believe in creating future talent pipelines that are resilient to the changing job marketplace. Cyber is just the beginning.
- Alex Hanna: Diversity, The Key Towards Ethical Design? - 12 November 2020
- How to solve the lack of educational diversity within global cybersecurity - 17 July 2020
- Fereshteh Forough, A Real Superhero for Real People - 24 May 2020