The cyber security industry faces a talent shortage and a lack of diversity. Three female cyber security professionals at RBC discuss the importance of a diverse and inclusive workforce, how to attract more women, and why a rebranding of the industry is needed to fill the gaps.
The cyber security industry is growing fast. In today’s progressively digital world, security risks have increased dramatically, and the industry is working overtime to diffuse them. And yet, there are significant talent shortages in the field and the gap threatens to widen.
As companies work to scale up their cyber workforce, they face a major challenge: cyber security has an image problem. Misconceptions abound as many outside the industry believe that it’s full of sinister, hoodie-wearing hackers, and that a technical background is a must to get into the field. Such myths have led to a lack of diversity, which contributes to the ongoing talent shortages, security vulnerabilities and end solutions that don’t reflect the general population.
In recent conversations with three women in the cyber security field at RBC, we learned the importance of diversity (of gender, background, experience and more), how a re-positioning of the industry may help attract the people needed to protect Canadians, and how RBC is rising to the challenge.
Gloria Kim: Tackling the image problem
Gloria Kim is Senior Manager, Awareness and Education for the Cyber Security team at RBC. Before joining RBC, she was a senior advertising professional, working on campaigns and product launches for exciting, multi-national brands. When initially approached about a cyber security role, she immediately dismissed it, thinking it didn’t match her interests or skill set. But the individual who contacted her highlighted the communication gap that exists in this growing field – and how she could help fill it.
“The world of cyber security is growing and changing, and it’s become all the more important with the digital migration that’s happening now,” Gloria says. “So how can we take all the technical talk and make it digestible for everyday Canadians? For me that was an interesting marketing challenge,” she explains.
Gloria is now focused on finding the human insight that will make cyber safety and security more relevant for people. “We need to change the perception of the industry. In the past, the industry has focused on doom and gloom and all the scary things associated with cyber. We need to flip the script and rethink how we’re communicating from content development and channel strategy to break through the sea-of-sameness.
Coming from outside the industry, she’s able to bring a fresh perspective and bridge the gap between the technical work being done, and the everyday Canadian who should understand cyber security basics and self-protection activities.
“As a woman – and someone without a technical background – I can bring a different point of view into the conversation,” she explains. “Diversity on the team enables us to think about the everyday person so we can effectively interact with them and meet them where they are versus talking at them and hoping for the best.”
Deborah Bayley Travis: Bridging the gap to the client
Deborah Bayley Travis is Associate Director, Operations Risk Management. She has been with RBC for 35 years and this is her first role in Cyber Security. Her team today is responsible for risk and control assessment, which monitors and reports on risk activity.
She brings three decades of operations experience to her role, having worked in the branch network, internal audit, call service delivery, risk, cards and payments before joining the cyber team in 2015.
As with Gloria’s path to the field, Deborah didn’t bring any technical background to her role. Rather, she uses skills developed from other fields. “I can help my colleagues understand what the end user is thinking,” she says. “If the technical team doesn’t know about operations, I can insert myself into the conversation and explain things from the perspective of someone in the branch who might have a client in front of them. There’s a different sense of urgency, a different perspective from one end of the process to the other. I can help draw the bigger picture.”
Also like Gloria, she thought she’d need some technical expertise before coming into the role.
“People think you have to have a computer science degree, or you have to have some technical knowledge for a career in cyber,” says Deborah. “But the job description isn’t always in the name. There is a whole gamut of different roles in cyber security. You don’t need to be a computer guru.”
Melissa Carvalho: Advocating for inclusive solutions
Unlike Gloria and Deborah, Melissa Carvalho has spent her career in cyber security. But like them, she originally had no intention of joining this field. “I did a double major in math and computer science – my desire was to be an elementary math teacher. In my last year of teacher’s college, I went to a job fair where IBM interviewed me. They said they’d offer me a job once I graduated to be in their cyber security division. It’s how I got into the field.”
When she started in the industry, she had common preconceived notions about what it was about. “I thought I was going to be able to trick my way into systems and break into things. I realize now how I naïve I was. That’s not anything that I look at or do in my job.”
Today, Melissa is the Vice President of Identity and Access Management at RBC, which is a division of Cyber Security. Her team focuses on things like authentication for user IDs, passwords and biometrics – essentially anything to do with identity and access for RBC’s 80,000 internal users and 17 million customers.
Melissa is also the Canadian ambassador for Women in Identity – a global, not-for-profit organization whose purpose is to promote parity. “Digital identity solutions built for everyone should be built by everyone. We focus on diversity and inclusion in the area of cyber security.”
Melissa speaks passionately about the advantages of having diversity in the Identity field, especially as the world races to digitize things. “If cyber security teams aren’t thinking about diversity and inclusion when building systems, they’re excluding a large portion of the population,” she says. “What happens in that case is that some people can’t use the service.”
She cites a recent example of the UK’s biometric passports. “They didn’t work for women of colour,” she says. “This reduced the ability for some women like me to travel to the UK and go to the passport reader. It also caused problems with bad actors who can manipulate the system and hack into it because there is a vulnerability there.”
Creating a diverse workforce is essential to creating an inclusive experience for the end user. “Without diversity in cyber security, biases will be programmed into what is being built,” she says. “At RBC, we are conscious of having the people who build, gather requirements and test solutions represent the world out there. In doing so, we can service the needs of our diverse employee and client base.”
Diversity in cyber security is crucial for a number of reasons: To include a range of perspectives and experiences when solving problems; to build solutions that are inclusive of the general population; and to fill the talent shortfall.
How can this be accomplished?
“Attracting and engaging talent is all about meeting potential candidates where they are on their career journeys. Whether it be at an industry gathering, coffee chat or women’s networking event, we show up to have the dialogues that matter most, learn about the candidates and provide a safe and inclusive experience for the candidates to engage. This starts with us recognizing our own conscious and unconscious bias, looking for cultural add versus cultural fit and demystifying cyber security and the bank as a place to grow one’s career. Diversity starts with inclusion and this is at the core of our talent strategy,” says Brien Convery, National Director, Early Talent Communities and Inclusive Recruitment.
It starts by attracting candidates from a range of work backgrounds and lived experiences and promoting the wide scope of roles that exist within the field. Also, being deliberate on achieving diversity of gender, background, physical capabilities, sexual orientation, and creed can help gain a range of perspectives and ideas.
After all, when trying to protect all people from cyber threats, all people should be represented around the table.
Diane Amato is a Toronto-based freelance writer who loves to talk about finances, travel and technology.
This article is intended as general information only and is not to be relied upon as constituting legal, financial or other professional advice. A professional advisor should be consulted regarding your specific situation. Information presented is believed to be factual and up-to-date but we do not guarantee its accuracy and it should not be regarded as a complete analysis of the subjects discussed. All expressions of opinion reflect the judgment of the authors as of the date of publication and are subject to change. No endorsement of any third parties or their advice, opinions, information, products or services is expressly given or implied by Royal Bank of Canada or any of its affiliates.