21 Feb 2023: CREST, the global not-for-profit community of cyber security businesses and professionals working to keep our information safe in a digital world, today launches its latest best practice guide, describing how to foster greater equity, inclusion and diversity (EID) as part of national cyber security strategy.
CREST's latest good practice guide delivers practical information for government departments charged with developing not only a National Cyber Security Strategy (NCSS), but a more diverse, inclusive NCSS.
A NCSS is a framework describing a nation’s strategy to ensure a more resilient, trusted and robust cyberspace. Part of that is a clear plan to grow and nurture the talent pipeline, ensuring people have the right skills to fight ever-evolving cyber threats to national security.
And yet, as CREST CEO Nick Bensonsays: "It is surprising how few NCSS documents mention harnessing the benefits of a more inclusive and diverse cyber security workforce. As the gap between supply and demand in the cyber security workforce grows, a clear course of action exists to attract a more diverse talent pool to the sector."
"As an industry, we must encourage more people into the sector who have different backgrounds, influences and experiences. A more diverse workforce will deliver myriad benefits, including fresh, creative perspectives - on how we can solve complex security problems."
The 2021 Cyber Security Workforce Study from (ISC)2 suggests the number of additional professionals organizations need to defend their critical assets adequately stands at 2.72 million people.
The 33-page free guide is now available to download on the CREST website: https://www.crest-approved.org/research-and-reports/
This latest guide includes up-to-date descriptions of what equity inclusion and diversity mean in the context of the cyber security sector, including age, disability, neurodiversity, gender, sexual orientation, race, religion and socio-economic background.
“Improving equity, inclusion and diversity at a national level is essential for any nation that wants to improve its cyber resilience,” said Allie Andrews, CEO of PRPR and author of the report. “Tapping into a diverse talent pool is not just key to alleviating the skills shortage and the right thing to do, but it is clear it also improves security teams. There are a lot of great initiatives out there, but what is needed is greater guidance in NCSS about what works and what doesn’t.”
The guide describes how to include these crucial considerations in an NCSS, with examples of international strategies which have taken EID into account. In addition, the report delivers examples of good global practice and how to measure the success of a strategy.
However, EID is about more than simply including policies in an NCSS.
Nick Benson adds: “Recruiting and retaining more diverse cyber security professionals requires more than policy. It needs genuine collaboration with all stakeholders in the cyber security ecosystem. It may also need significant societal or cultural change at a national or workplace level, which takes time, but the rewards will be worth it.”
The report is one of several produced by the not-for-profit organisation to help build capacity and consistency in the cyber security industry, aimed at companies and individuals who need to understand the importance of EID in cyber security strategy.
In 2020 CREST received a grant of US$1.4 million from the Bill & Melinda Gates Foundation to help increase cyber security capacity and cyber resilience in Bangladesh, Ethiopia, Indonesia, Kenya, Nigeria, Pakistan, Tanzania and Uganda. This latest EID Guide is created by CREST to assist in this enabling process.
CREST is an international not-for-profit, membership body representing the global cyber security industry. Its goal is to help create a secure digital world for all by quality assuring its members and delivering professional certifications to the cyber security industry.
CREST accredits almost 300 member companies, operating across dozens of countries, and certifies thousands of professionals worldwide. It works with governments, regulators, academia, training partners, professional bodies and other stakeholders around the world. CREST members undergo a rigorous quality assurance process and employ competent professionals. Organisations buying their cyber security services from CREST members do so with confidence.