Strengthening cybersecurity through diversity: A women in cybersecurity roundtable discussion

In March, we brought together a group of women cybersecurity practitioners to celebrate the hard work and impact of women in our community. The conversation was inspiring, highlighting diverse experiences together with common goals for improving cybersecurity for everyone in higher education.

We’ve put together some of the key themes and highlights from this conversation. Read on to get inspired about championing diversity within your own team.

Meet the panelists:

  • Lori Atkin, Manager, IT Operations and Security, Lambton College
  • Tracy Dallaire, Director of Information Security Services, McMaster University
  • Denise Ernst, Information Security Officer, Queen’s University
  • Vanessa Kwende, Security Business Analyst, Humber College
  • Michelle Moore, Director ITS Project Management and Information Security, Humber College

Meet the hosts:

  • Delilah Moysich, VP Business Planning and Partnerships, ORION
  • Nicole Hurtubise, Senior Program Manager, Training and Product Marketing, ORION

Right off the bat, we recognized that awareness is foundational to cybersecurity. Awareness at all levels of an organization. Establishing a strong cybersecurity culture starts with building trust and empowerment to help people shift their attitudes and behaviours.

Vanessa: The most important thing for a great cybersecurity culture is human behavior. One of the first things we need to do is to train our users; make them knowledgeable about the cyber threats. Also, to make them receptive about technology and the changes that are coming. Because when people feel empowered by change and they change their behaviours, they can help protect the community.

Michelle: It’s about how we educate our users, our constituents, on what they need to do to keep us all safe. There is a technical component, of course. But we can have all the technical components in place and still have security failure. It happens every day. It’s an important piece but it’s a smaller piece. Education, policy and support are so critical within the institution.

Delilah: Cybersecurity needs attention at every level, at the executive level, at the senior level, by the management, and at the support level. Everybody needs to be on that same journey and the same path.

We all agreed that because cybersecurity involves everyone, diversity, inclusion and representation are critical factors in its success. There are many hats and a wide range of skill sets needed. Similarly, there are many different pathways into cybersecurity. A strong cybersecurity culture leverages the value and benefits of diverse perspectives and abilities.

Tracy: There are some fields you go into that maybe typically have had a previous traditional path with a previous traditional demographic of people going into that sort of profession. When I strip this all away and think about information security, we’re trying to incent changes in behaviours, to help people to do things differently maybe than they’ve done in the past.

A headshot of Denise, a speaker in the discussion

Denise Ernst, Information Security Officer, Queen’s University

Denise: When I start thinking about how we can leverage talent in other sectors and grow that further within cybersecurity, I think about really what is the function that I’m looking for. … actually, learning the knowledge in cybersecurity is the easy part, it’s being able to apply that knowledge in a manner that works with security.

Nicole: Cybersecurity involves everyone in the organization and the approach of bringing people together around the idea. That hits at the heart of why diversity and inclusivity are important. This is about everybody and we need to see and hear from everybody and have all those perspectives.

We have the opportunity to mentor and champion new talent. When we recruit new staff, build our teams and support emerging leaders, we serve the greater goal of cybersecurity – to protect the organization and the people within it. When cybersecurity teams and leadership reflect a multitude of identities, perspectives and skill sets, we increase our opportunities for success all around.

Denise: I’ve been in the technology sector, now the security sector. And throughout those experiences, I’ve been extremely fortunate to have been mentored by powerful women who really felt themselves equal to also powerful men, who mentored me and helped me move into my role and further grow in my career.

Lori: For the majority of my time with Lambton College, the president has been a woman and until recently, my second level leader was a woman… and I was very lucky to have opportunities to mentor alongside those women. Similarly, I extended offers of mentorship to co-op students… It’s also very important to me that our (IT) team is seen as a partner at Lambton. We want to encourage people, the teams that we have, to grow as people and see them succeed and grow in the department.

Tracy: Collectively, within in all our communities, we need to be role modeling. We need to be out there on social media, encouraging each other, supporting each other, being a part of the network. Saying kind words and creating that voice that we want in the community. We owe it to the next generation coming along who are looking at STEM as a field or path. We owe it to our colleagues or people new in their career to help them. To say, hey, you know what, you can be a part of this organization and it’s a warm, welcome, safe space where you can bring your best self.

This conversation brought to surface many actionable insights, and opportunities for future conversations. Massive thanks to everyone who contributed.

Do you have something to add to the discussion?

We’d love to keep this conversation going and learn more about approaches throughout the community to build diverse and resilient cybersecurity culture. Email to share your perspective and experiences.