CASE STUDY: Diversity and inclusion in cyber security

CAPSLOCK are a Greater Manchester based social impact-focused business removing barriers to opportunity, unlocking potential, increasing diversity in cyber and reducing the cyber skills gap.

Cyber security is a fast-growing and dynamic field that offers many opportunities for innovation, creativity, and problem-solving. However, it also faces a significant challenge of diversity and inclusion, as women and other underrepresented groups are often marginalised or excluded from the industry. Women face various barriers such as gender stereotypes, discrimination, harassment, and lack of mentorship and career advancement. These factors not only limit the potential of women in cyber security, but also hinder the overall performance and resilience of the sector, as diverse teams are more likely to generate novel ideas, perspectives, and solutions.

CAPSLOCK implemented a successful strategy to raise awareness of discrimination, inspire others to create a diverse workforce, and encourage women to consider a career in cyber security. The main objectives of CAPSLOCK’s diversity and inclusion strategy were:

To ensure the representation and retention of women and other underrepresented groups in the CAPSLOCK team.
To foster a culture of respect, inclusion, and empowerment among all employees, regardless of their gender, race, ethnicity, religion, sexual orientation, or disability.
To enhance CAPSLOCK’s reputation and brand as a leader and innovator in cyber security, and as a socially responsible and ethical employer.
To ensure that the bootcamp classroom remains diverse.
To support organisations in hiring diverse talent from all backgrounds.

The main actions CAPSLOCK took to achieve these objectives were:

Developing a clear vision, mission, and goals for diversity and inclusion, and communicating them to all internal and external stakeholders.
Integrate diversity and inclusion at the design and development of all material for internal and external use.
Removing barriers to reskilling for all minority groups, from all socio economic backgrounds
Removing barriers to reskilling for women (e.g. The full-time courses runs from 9.30am to 2.30pm, which gives anyone with children the flexibility to learn during school hours. Part time courses are in the evenings, which allows learners to keep their jobs and/or childcare responsibilities)
No experience is required to join one of the courses, the admissions process is forward looking and is designed to measure potential rather than historical achievement. 
Launching the cyber might surprise you campaign to attract, recruit, develop, and retain women and other underrepresented groups into the CAPSLOCK team and classroom. Including launching a public pledge of support from all internal and external stakeholders
Delivering talks and attending events for engaging and collaborating with external partners and stakeholders, to promote and advocate for diversity and inclusion in cyber security.
Promoting role modelling and being visible as women in cyber. CAPSLOCK is a security bootcamp with two women co-founders
Working with businesses to support their recruitment processes to align with different backgrounds

The main outcomes of the diversity and inclusion strategy were:

Over 50% of women in the CAPSLOCK team at all levels
The company's reputation and brand recognition has grown as a leader and innovator in cyber security, and as a socially responsible and ethical employer
Trustpilot rating as excellent 4.5
On average learners earn £12,500 more than they earnt prior to undertaking the training. Many of the highest earners are women
An average of 32% of female learners on the bootcamp
Learner ages range from 18 – 60 with many being women returners to work
Since the launch of the Cyber Might Surprise You pledge over 40 individuals and businesses have joined the pledge including LT Harper and Custodian 360
Businesses come to us for talent and to diversify their workforce

Learner 1: an incredible role model to many who are new to the UK, and have young children, was a developer in India Came to the UK in 2000 with her young family, did not work for an extended period of time while she was supporting her husband and family. Decided that as her kids were grown up, she wanted to get back into work in an emerging field. She came to CAPSLOCK with low confidence, she threw herself into the course and job search. After completing the course she did extensive work with the careers team who helped her prepare for interviews and find opportunities. She was able to secure a job as a SOC analyst with a CAPSLOCK employer partner where she has been worked for the past 18 months continually developing and is on the path to promotions.

Learner 2: an amazing role model for those with great transferable skills, following a career break, has a varied career in healthcare and project management. Her most recent role was a senior midwife before taking time out to raise her family. After a period out of work, she decided that she wanted to get back into work. She was exceptionally competent and capable of operating in a mid-level security role. She was able to draw on her skills and experience from other sectors to be able to successfully secure a mid-level security role focused on governance risk and compliance. She now supports current CAPSLOCK learners as a mentor.

Learner 3: a fantastic role model for anybody who wants a complete change of career, she began her career in the prison service and human resources. She had excellent communication and stakeholder management skills and wanted to create a long term career for herself with sustainability. She reskilled via the CAPSLOCK Part time course which took 6 months to complete, whilst working full time. During this time she became fascinated with Security Consultancy and wanted to secure a career in this specialisation. The CAPSLOCK team worked with her to identify suitable companies, she applied for a role with 600+ applications and was able to secure this position as a Junior Security Consultant in one of the UKs biggest consultancies. She has since been promoted twice and is excelling in her role.

The main recommendations for other organizations that want to implement a similar strategy are:

Conduct a thorough and honest assessment of your current state of diversity and inclusion, and identify your strengths, weaknesses, opportunities, and threats
Develop a clear and compelling vision, mission, and goals for diversity and inclusion, and communicate them to all employees and stakeholders
Launch and support various initiatives and programs to attract, recruit, develop, and retain women and other underrepresented groups in cyber security, and recognise and reward their contributions
Consider everything you communicate and build diversity in at the design stage
Engage and collaborate with external partners and stakeholders, and promote and advocate for diversity and inclusion in cyber security
Find role models and advocates internally and externally and make them visible
Find who’s voice isn’t in the room and make a commitment to include them
Recruit your talent from a different place in a novel way, the effort it worth the reward. Put plans in place to retain them

Visit CAPSLOCK online to find out more.

The Greater Manchester Cyber Strategy sets out a 5-year route (2023-28) to further grow our cyber ecosystem, and through that growth, ensure a more prosperous, fairer and greener place. In Greater Manchester, we see cyber as synonymous with responsible digital security. We need to ensure that our businesses, services and people are able to operate in a safe and secure cyberspace, whilst benefitting from doing so, and enhance the UK’s overall defence and security posture in line with the National Cyber Strategy. But digital security is about more than technology, it encompasses the ethics and trust that form the human element of a cyber secure place, in which Greater Manchester has significant strengths. By adopting a holistic approach to cyber, we want to ensure that Greater Manchester is leading the way in both developing and implementing global best practice in responsible cyber security. Our approach will ensure that our cyber ecosystem is actively contributing to our local priorities and national government missions, including achieving clean growth, driving health innovation and ensuring national security. We will make sure that this is delivered in a way which is inclusive and responsible.