As we prepare for the next CYBERUK conference, I wanted to share with you the work we have been doing this past year on our agenda for diversity and inclusion at this event, at future events, and working longer-term with the NCSC.
In his closing speech at CYBERUK 2017, NCSC Technical Director Dr Ian Levy, threw out a call to arms to make the cyber security industry an exemplar for diversity and inclusion – because, “it sucks at the moment". After last year’s event he blogged about the need to build a community of professionals to deliver the goals of the National Cyber Security Strategy. And in that blog he also focused on the need for a community code of conduct. One in which we can all come together and describe, "what's acceptable and what isn't", so that we can, "start discouraging behaviours and attitudes we won't accept."
We’re not just concentrating on making the cyber security community a welcoming one for those joining, or thinking of joining, the profession now. It is as vital to keep those people who have been leaving prematurely because they find the working environment intolerable. Only by working as a community can we establish the talent pipeline and fix this leaky bucket. This is why codes of conduct matter: they are a key part of making cyber security welcoming and inclusive for everybody, not just some.
Ian gave me the task of creating this code of conduct, one that, as a community, we can all get behind and publicly sign up to. The NCSC is going down the road of making it a mandatory part of working with us. For now, we are going to trial its use at CYBERUK 2018. We are very much calling for all attendees, speakers, sponsors, and exhibitors to be proud to back it, and to back up their signing of it with action.
An essential part of this code of conduct’s development was engagement from the community and looking at best practice that is already out there and tested. I'm very keen to acknowledge that the NCSC doesn't have all of the answers, therefore I would like to thank the wide range of people from both within and outside of the security industry who have given their time and shared their insights with me. I also found other similar policies which have been inspirational; I’ve referenced these when creating our code of conduct. I'm really grateful that authors put their examples of best practice out there for us all to learn from.
I also want to keep that engagement going. Please use the comment field below, or the email address CyberInclusion@ncsc.gov.uk, to send us your thoughts.
So, take a look at our new code of conduct, and join us in Manchester. We really mean what we say here, we are committed to making EVERYONE welcome to work within this community - no matter who you are. We are all different, and we all deserve to be respected for those differences and included in every aspect of the exciting world of cyber!