Martin Leggett explores a new angle to diversity.

The diversity problem in cybersecurity has gained another dimension of late. It seems the good-guy AI algorithms we’re relying on as a bulwark against a hyper-agile threat community are developing a bias problem.

From racially flawed facial recognition to recruitment aids that discriminate against women to one-sided threat analysis tools, artificial intelligence has ended up duplicating real-world problems. A reflection of our own propensity to uniformity and group think.

Which is a worry.

After all, AI is supposed to lead to free-ranging, adaptable and radically innovative solutions to some of the most intractable problems we face.

We also want to use AI systems as efficient workhorses to ease our debilitating skills shortage. But is AI-bias bringing new problems alongside these solutions?

Of course, our problem here isn’t with the AI itself. It’s with the people bringing AI to life.

Whether it’s the code behind the AI systems or the data that’s being fed to them, the human hand is hard to remove. So, the original sin of low diversity in the cyber sector is spilling into the digital domain.

Diverse problems, diverse solutions

So, how do we tackle this troubling dimension to the diversity problem? Well, to state the blooming obvious, diversity isn’t the problem. It’s the solution. We need to tackle the problem at source and make the cybersecurity community more welcoming.

There are hopeful signs of arms being more open. The bellwether of buzz that is the conference scene has shifted from talking to doing. Those attending Black Hat in Las Vegas in August will have noticed that child daycare and nursing rooms were added to the list of facilities on offer. Defcon has similarly raised its game on inclusivity.

The International Consortium of Minority Cybersecurity Professionals (ICMCP), which is holding its 4th conference in September, has recently announced its keynote speaker to be Chris Young, CEO of McAfee. Diversity really is top of the boardroom agenda for the cybersecurity industry, as our good friends at SASIG show with their second dedicated event on diversity this year, in September.

And on some fronts at least, the reality on the ground is shifting too. Whereas two years ago, women were found to make up just 11% of cybersecurity employees, the latest survey by ISC2 has that proportion up to 24% of the overall workforce for 2019.

And there’s money being put on the table, where once there was talk. The third round of the UK Government’s funding for tackling the cybersecurity skills shortage is all about diversity. The Department for Digital, Culture, Media and Sport (DCMS) has announced that, through its Cyber Skills Immediate Impact Fund (CSIIF), providers can apply for up to £100k each for cybersecurity diversity training programmes.

Changing the culture

But how can we help sustain that welcome momentum and broaden it across the spectrum of diversity?

Well, TSC has ‘culture change’ in its DNA – changing security cultures is at the heart of the advice we give to our customers. Previously, TSC's Managing Director, Zoe Edmeades, has also spoken about how we need to think about recolouring the diversity picture through the prism of cultural change.

It’s a bold agenda, but one we’re totally committed to here at TSC. Diversity doesn’t seem to be an issue for the bad guys – we need to embrace it too.

If we’re to avoid polluting one potentially critical solution to the cyber-skills crisis – AI-powered defensive and supportive systems – with our current monoculture of perspectives, then diversity needs to stay at the top of the agenda for our community.