Address to the 'Women in Cyber Security' Forum
I would like to acknowledge that we meet on Ngunnawal country and pay my respects to elders past and present.
Thanks to Alastair MacGibbon for the introduction and thank you to Senator Hume for attending as well.
Thank you to the organisers of this event –
And thank you to everybody here, including those who took part in the Cyber Security Challenge Australia 2015.
I think a lot about how best to promote the field of cyber security to women.
About the most exciting elements of the sector.
About the barriers that exist.
About what women in the industry think can be done to get more women into the industry.
I have some ideas, and you’ll hear some of them today. But I’m also interested in hearing about what you think.
And I suspect there are more than a few bright ideas in this room, so I hope you don’t keep them to yourselves.
A couple of weeks ago there was this one-day workshop.
It was organised by women with backgrounds in ICT and cyber security, for young girls from local and rural Canberra schools.
Some of these girls had never used a laptop.
But they were there that day to learn how to code.
Parents returned in the afternoon to find themselves challenged to a game of ‘rock paper scissors’.
Which might not seem that unusual –
Except they were playing against a piece of software that their daughter wrote that day.
The influential educational reformer Horace Mann once said that a teacher who is attempting to teach without inspiring a pupil with a desire to learn is “hammering on cold iron.”
The workshop was all about exploring the possibilities of technology.
About inspiring the desire to learn.
And by having those who were first inspired to discover, share what it is that made them fall in love with the digital universe –
Having those girls engage in a process that starts by asking, what’s possible?
It is no surprise that parents would want to enrol their daughters in a workshop run by cybersecurity professionals.
Because the field of cyber security is booming.
The market for cyber security is expected to triple in size between now and 2020.
Employment in STEM occupations is projected to grow at almost twice the pace of other occupations.
Yet there are already severe cybersecurity skills shortages nearly everywhere in the world.
Michael Brown, the CEO of the world’s largest security software vendor Symantec, forecasts that by 2019 there will be six million jobs in cybersecurity and 4.5 million people with the skills to fill them.
One in four jobs will simply not be filled, because there is no person to fill them.
For cybersecurity and ICT professionals, that means a seller’s market.
But if trends continue, it will not be one open to women.
The warning signs are already there.
Right now in Australia, only 28 per cent of workers in ICT are women.
Women make up only 1 in 5 tech entrepreneurs.
The shortage of Australian women graduating with computer science or coding skills is chronic, and it shows no signs of reprieve.
Since 2001, the rate of women enrolling in a degree related to IT has actually fallen from about one in four to just one in ten today.
By some estimates, 75 per cent of the fastest growing occupations will require skills in science, technology, engineering or mathematics.
And I’m concerned women will fall adrift of this boom.
Australia cannot afford to let that happen.
Right now we face an acute problem in a shortage of skills in the cyber security space.
But it is a problem that can only be addressed by emergency measure after emergency measure, until we fix the problems with the pipeline.
It takes time to get it right. Results will not be immediate.
But we need to do two things.
Address where we are, and where we want to be.
We must examine the process that we rely on to produce talent, and ask how it can be more fully supported.
It is simply unsustainable for us to continue losing smart people for dumb reasons.
And we are losing them at multiple points along the pipeline.
At the earliest stages of education through to the vocational, undergraduate and postgraduate levels.
I’ve always been a strong advocate for education.
That’s why I was so pleased to see Labor’s election platform recognise that investing in education is a plan for jobs.
That the economy is changing as it grows –
And with that comes a changing demand for skills and expertise.
And the need for our education system to reflect this reality.
It is worth examining what that means for a moment.
The way we think about literacy and numeracy will soon be how we think about digital proficiency.
Two generations ago, computer literacy was a marketable skill.
Two generations from now, it will be a minimum expectation.
The National Curriculum should reflect that.
Labor committed to ensure that computer programming is taught in every primary and secondary Australian school by a teacher who has had the opportunity to receive training in coding.
Labor also committed to Girls In Code, a $4.5 million grants program to support organisations that promote, encourage and inspire girls to learn code.
We committed to offer 20,000 STEM Award Degrees a year for five years.
The commitment would see the student’s entire HECS-HELP debt written off upon graduation.
The policy is a way to encourage talented students who might otherwise be discouraged by the prospect of graduating with a debt the size of a home loan deposit.
To put it another way, it keeps talent in the pipeline.
A recent OECD report on gender equality found that less than one in 20 girls from OECD nations considered careers in science, technology, engineering or maths.
Part of the problem is what researchers call the ‘leaky pipeline’.
When it comes to attitudes towards science and technology in the earliest years of schooling, there doesn’t appear to be any significant difference between girls and boys.
But with each subsequent year, the difference becomes pronounced.
One UK study found that essentially equal numbers of girls and boys take the science double award exam at GCSE, and girls outperform boys by a small margin.
But as soon as girls are given the choice, they disproportionately decide to opt out of science courses.
Part of the reason for the poor conversion rate is the way STEM subjects are taught.
Three in five computer science teachers around the country are doing so without a tertiary qualification in computer science.
The numbers are not much better for general maths and science teachers.
In an effort to improve teaching standards, Labor unveiled a two-stage plan.
The first was to establish a five year STEM teacher training fund, to appropriately upskill around 25,000 existing STEM teachers in primary and secondary schools.
The second stage was to provide 25,000 teaching scholarships over five years.
These would be available to new and recent graduates of STEM degrees as encouragement to continue their studies and become a STEM teacher.
But it would be a mistake to presume that boosting female participation in the field of cyber security is a job for government alone.
Whatever tendency there is to think of cyber security in terms of the public service and government agencies –
The real growth is in the private sector.
But this growth is uneven.
In world-wide terms, female information security professionals are outnumbered by men nine to one.
It is not a problem unique to cyber security.
Technology has a gender problem more broadly.
Four in five of Google’s American employees are male.
That sort of imbalance cannot help but have an effect on corporate culture.
A survey earlier this year suggested that 60 per cent of women working in Silicon Valley experience unwanted sexual advances.
Two thirds of these women reported the advances came from their superiors.
Stories such as these do not stay locked away in a drawer. They disseminate.
And while the particulars may be different every time, the message heard by many women is the same:
This is not an industry that welcomes you. This is hostile.
This needs to change.
When psychologists from the University of Washington wanted to test how people decide to join or exclude themselves from a group, they discovered the enormous impact of the physical environment.
The stereotypically masculine periphery that decorated the computer science laboratories was alienating to such an extent that women’s interest in computer science did not develop even in environments entirely populated by other women.
They also discovered that by simply swapping the objects that you might typically find in a computer science classroom –
Objects like video games and pop culture posters –
With discordant, unexpected or neutral items, like an indoor plant, water cooler, wall carpet, a phone book or a world map, female undergraduate interest in computer science was boosted to a level indistinguishable from men.
It is a simple step with profound implications.
A conscious adjustment of the physical space invites a whole new cohort into a previously hostile room.
And once they’re made to feel invited, they stay.
At the micro level, reform begins one classroom at a time.
At the macro level, it is potentially millions of women working in a booming industry.
Driving the pace of change and innovation.
Starting up companies, creating jobs.
Making the world of cyberspace more dynamic, functional, and secure.
It is a vision that is available to us.
But it is not assured.
It is why I began this talk by noting that women’s participation in cyber security could go one of two ways.
We seize the opportunity, or we surrender it.
There’s a lot at stake.
Research by Gallup has found companies staffed by a representative team of men and women have an easier time recruiting great people, and an easier time holding onto them.
Firms do not need much prodding to hire smart people.
But no matter how strong a firm’s commitment to a more equitable balance of gender representation.
They cannot hire graduates that do not exist.
They cannot hire female candidates if there are no female candidates for the role.
We know the leaky pipeline needs fixing, and government does have a role to play in fixing it.
But no government can unilaterally make a field attractive for prospective students.
The industry needs to be proactive in ensuring it is an attractive, viable option for young women as well as men.
And that task does not begin at job fairs held the day a student graduates.
Thankfully, the field of cyber security is growing for a reason.
And as the field of cyber security grows –
The demand for skills both deepens and broadens.
As well as fantastic coders, engineers and developers, cyber security will be a field increasingly populated by ethicists .
By strategists, diplomats and entrepreneurs.
The cyber universe is growing more vibrant, more diverse, and more meaningful.
It is already how we trade, how we bank, how we communicate, how we fall in love, how we interact with our Governments.
In time, it will be more things to more people.
As the opportunities presented by an increasingly interconnected digital world proliferate, so too do its counterbalancing threats.
The more one has to defend, the greater the degree of resources necessary to dedicate to its defence.
As the digital world becomes increasingly valuable, the cost of a security breach becomes increasingly unaffordable.
That’s why we need cyber security. Because we live our lives in cyberspace, and we need smart women to defend them.
I began this speech by recalling a workshop that took place in Canberra a couple of weeks ago.
It was the first event of the Canberra Girls’ Programming Network.
The network, which is sponsored by the Australian Signals Directorate, gives girls exposure to female role models across academia, government and industry.
The Canberra Girls’ Programming Network is a miniature model of what it is possible.
It is early days yet, and we should be patient with it.
Not every student will be able to go in a day, from no coding experience at all, to programming a robot that makes buttered jam sandwiches.
But for so long as girls are inspired to see what is possible, not just for others, but for them, we will not be hammering cold iron.
I am confident we will turn things around.