CGP 21 | Cyber Knowledge

Delivering Trusted, Clean, And Accessible Knowledge With Rebecca Taylor Of Secureworks To Celebrate National Cybersecurity Awareness Month


Trusted information is crucial in an industry where one wrong move stands between being protected and attacked. This is the heart of Rebecca Taylor’s position as the Threat Intelligence Knowledge Manager at Secureworks. In this episode, she sits down with Sherry Bevan to tell us more about her role, along with the interesting career journey that took her from studying English and Creative Writing to the cybersecurity space. Rebecca talks about the importance of having trusted and clean knowledge accessible to the right teams. What is more, she also shares some of the challenges she faced as a woman in the industry, offering advice for others as they step into their career in a male-dominated space.

Listen to the podcast here


Delivering Trusted, Clean, And Accessible Knowledge With Rebecca Taylor Of Secureworks To Celebrate National Cybersecurity Awareness Month

Let’s get into our episode. In this mini-series to celebrate National Cybersecurity Awareness Month, I’m talking to women about their careers in cybersecurity. I’m delighted to be talking to Rebecca Taylor from Secureworks. Welcome, Rebecca. Thank you so much for joining me.

Thank you so much for inviting me.

I’m delighted to talk to you. Rebecca is the Threat Intelligence Knowledge Manager at Secureworks. Let’s find out a bit more about her career journey. Perhaps to set it into context, could you start by telling us a bit more about Secureworks and what they do?

Secureworks is a cybersecurity leader. We focus on enabling customers and partners to out space and outmaneuver adversaries in a more precise way so they can respond to cyber threats and risks. It is achieved in lots of different ways by using things like cloud-native, security platforms and different intelligence-driven security solutions. That’s backed up with lots of threat intelligence and research. We’ve got a lot of large teams that are equipped with the best people in the world to help protect customers.

How did you get started in an IT or cybersecurity career?

The biggest thing about knowledge is that it has to be trusted.

For me, it was very much by chance. When I was 24, I was working in kitchen goods dealing with kitchen insurance for appliances. I didn’t know what my calling was. I’d studied English and Creative Writing at the University of Portsmouth. I was finding my feet. At that time, I received a phone call from Secureworks Talent Acquisition asking if I would be interested in interviewing for a personal assistant role. I jumped at the chance.

When I’m walking through that door the first time, I knew very much that I’d found an organization and an entity that could give me a great platform for growth and development but also an industry that was always going to keep evolving, one that was never going to go away. Over the last few years, I’ve focused on studying, getting as much exposure to the organization, IT and cyber as possible, making a footprint and working hard. I’m in this fabulous position where I’m their Threat Intelligence Knowledge Manager and counter-threat unit.

What exactly is it that you do on a day-to-day basis?

From a high level, what it means is that I’m responsible for ensuring that we ingest all threat intelligence to the best of our ability and that it’s standardized, maintained and accessible for those who need it. On a day-to-day basis, my role can vary quite a lot. It depends on what we’re seeing, what we’re hearing and what we need to ingest and work on but ultimately, I need to make sure that what we have is accessible, our knowledge is clean and it can be used by whoever needs it.

When you say that our knowledge is clean, what does that mean?

CGP 21 | Cyber Knowledge
Cyber Knowledge: It isn’t necessarily about having these huge qualifications. It’s very much about just being open to listening and learning as things change around you.


It’s been put in the correct format that’s accessible to the right teams, stored in the appropriate ways and can be trusted because the biggest thing about knowledge is that it has to be trusted. If you start letting knowledge seep through that maybe isn’t accurate, it can not only affect us internally. It could be as simple as a threat researcher is misinformed or it could go the whole hog and end up being that a customer ends up misinformed. That’s the one thing we don’t want to happen. To make it clean means to make sure that it’s accurate and trustworthy.

Thinking about your career, what’s been your biggest challenge?

For me, it’s been a mixture of things. Like a lot of people, my biggest one has always been self-doubt. I knew for a long time that I wanted to progress and do more but it took me a very long time to get in the headspace to believe I could and that I could do it. I relied on quite a lot of mentors in my organization to help get me into that correct and good head space. The second real challenge for me has been a lot about gender stereotypes.

I am a mum. I do have that label and I carry that label as a woman but I also want to have a career. I do have my goals and ambitions. I found that I do work in cybersecurity but I didn’t want to necessarily be in the gender stereotypical role in the cyber field. Breaking through that, being able to become more technical and hopefully, in time, become a specialist has been a journey for me but also breaking down gender stereotypes that maybe friends or family have held of what I should be like and what I should do has been a challenge as I’ve pushed through with my career.

There’s that stereotype of people who work in cybersecurity being geeky and very introverted people. It is the stereotype that we often see but to be successful in cybersecurity, you need to have strong interpersonal and communication skills.

The real beauty of cyber security is that it’s not going away and that it’s very present.

It’s a mixture of assumptions of what a person in cyber is or should be. There’s the weight or the vision that we carry of what a woman or a mum should be. It’s taken me time to bring those all together and decide, “I don’t have to fit with any of them. I can be myself. I can have a footprint that is made by me in the way that I want it to be.” It took time for me to own that and be confident with that. Also, to know that I was doing the right thing by me.

When we realize that we can go to work, be ourselves and bring our whole selves to work is when we start to make progress in our careers and have the biggest success. It’s getting to that point and that can be challenging sometimes. You mentioned the mindset and referenced Imposter syndrome. What was the biggest thing that helped you get over that?

For me, I started to explore not only mentoring but training opportunities. I joined this Releasing Female Potential Program that was run by one of our sister companies. By doing that, I changed my perspective of I can do more and that it is okay to want more, regardless of the fact at that point in time, I didn’t necessarily have any technical qualifications. It’s all about what you make it. I knew that I wanted to do more, could do more and needed to get to do more.

I bounced off of that program and found myself a good mentor. I’ve got three because they all offer me very different perspectives, opinions and support. Finding the right mentor for me that could help drive me, help connect me with people that maybe were more like me or that could appreciate what I was trying to accomplish. It all helped me to get to that point.

Thinking about cybersecurity, there are training and qualifications. I imagine that to be successful in cybersecurity, you’ve got to constantly be training and learning new stuff.

CGP 21 | Cyber Knowledge
Cyber Knowledge: Finding the right mentor for you can open up so many more opportunities and give you that platform to excel and find the career you’re looking for.


The real beauty of cybersecurity is that it’s not going away and it’s very present. Keeping abreast of what’s happening in the media, making sure that you’re reading up and seeing what’s happening in itself is a way for you to learn and develop. You can begin to see new ways like what may be threats are behaving, new risks changes, evolutions and all these kinds of things.

At least at Secureworks, you do get to learn a lot on the job. By having that exposure, seeing the threat landscape change and evolve and having access to the latest threat intelligence and metrics, you can learn as you go along. It isn’t necessarily about having these huge qualifications. It’s very much about being open to listening and learning as things change around you. Technical qualifications can support. I did English and creative writing so I had in no way any kind of technical background.

You can pick up stuff as you learn and it doesn’t have to cost you a fortune. There are so many free courses available. You’ll probably find as well if you have a mentor that you can do lots of training through them. If you pick the right ones, at least they can teach you what they know and share that knowledge. Whilst there is sometimes the need for training qualifications, it isn’t the be-all and end-all.

Thank you for explaining a bit more about that. It’s quite interesting that 2 or 3 people that I’ve spoken to have studied English or History and then have gone on to have a career in cybersecurity. I find that quite fascinating. I’m wondering. What’s been your proudest achievement in your career?

I have a few. I spoke about that Releasing Female Potential Program. That was a big achievement at a time when I needed it to flick that switch and get that drive to progress in my career. I’m also very proud of the fact that I have pushed myself. I have got 2 amazing points in my career but I also have 2 children and like a lot of us, I have gone through the pandemic too.

The cybersecurity industry worldwide is facing a talent shortage.

Having that career, having that identity that fulfills me, owning my ambition and having that drive is something I’m super proud of. If I suppose, take it back to my career, being the first Instant Response Knowledge Manager and the first Threat Intelligence Knowledge Manager is a real pat on the back for my organization that they do believe and trust in me.

What is it that you enjoy about the work that you do?

I’m in a lovely position where I confidently know that I am making a difference and that I am contributing to the cybersecurity community. That’s something that does mean a lot to me and is something I enjoy. I’m able to do conferences, write blogs and mentor. I feel like I’m leaving a solid footprint and a good legacy, which is important to me. I’m lucky as well that Secureworks is a remote-first employer. That means that 90% of us are remote workers. That is something I enjoy about what I do because I don’t have the pressure of having to commute or make sacrifices in terms of being there for my family. I can have the best of both and be as involved in my career and with my colleagues as I can be with my family.

What do you see are some of the potential barriers for women in cybersecurity or perhaps aren’t in cybersecurity yet but would like to move into that area?

The biggest barrier was the lack of women in high-ranking cyber positions. Sitting there knowing that I wanted more but not seeing necessarily that inspirational figure, I didn’t know whom I could look up to who maybe had a similar path or a family like me. Also, similar ceilings like we have. That is improving. There is more representation but I do think for younger people or those who may be looking to progress into STEM, it’s hard if there is that continued lack of representation.

CGP 21 | Cyber Knowledge
Cyber Knowledge: There are so many different facets to cybersecurity. You don’t have to fit a mold that maybe you’ve built into your own head.


I still think there’s a lot that needs to be done from a diversity and inclusion perspective. As a woman, I do have different needs from my counterparts. I do face different adversities and have different stereotypes and external demands, potentially to some of my other colleagues. There’s this whole space that needs to be explored to make cyber more inclusive but until a lot of these larger cybersecurity organizations start pushing and changing their D&I initiatives, there’ll continue to be that gap and barrier for people wanting to have a cybersecurity career.

Having role models in more senior positions, you often hear people saying you can’t be what you can’t see. We’re starting to see change but sometimes it’s slower than I want it to be. It’s good to see that things are starting to change. You’ve talked about potential barriers. What about opportunities for women in the sector?

There are a lot of opportunities. The cybersecurity industry worldwide is facing a talent shortage. It is something we talk about quite often. We need millions more people so the opportunities are very real. There are lots of roles out there. We only need to apply for them and believe in ourselves to make that application. In the same way within our organizations, there are ways we can be advocating and promote opportunities for women, things such as via our employee resource groups, newsletters, reward and recognition. There are lots of different ways to help women rise.

Another huge opportunity is all these sub-security courses that are available. There are loads of free ones that I have used like FutureLearn, which I massively recommend. For me, mentorship was a real game changer. Finding the right mentor for you can open up so many more opportunities and give you that platform to excel and find the career you’re looking for.

Something occurred to me while you were talking. There are certainly lots of opportunities. It’s for us to go and reach out to those opportunities. If women are reading this who are thinking about a career in cybersecurity, what would you say are the skills that they need?

It does depend. When people think about cybersecurity, they think it’s sitting behind a computer, knowing technical skills, knowing how to hack or code and all these things but that isn’t it. There are so many different types of roles in cybersecurity. There are marketing teams, finance, design and speaking opportunities. There are so many different facets to cybersecurity so you don’t have to fit a mould that maybe you’ve built into your head. If you want to apply, think about what you enjoy doing and find the cyber role that fits that. You don’t have to change yourself just because you want to work in cybersecurity.

Rebecca, thank you so much. I enjoyed talking to you. If people want to get in touch with you, you’re on LinkedIn, aren’t you?

I am, indeed. I’m happy to take any questions or help where I can.

Thank you so much to my guest, Rebecca Taylor from Secureworks. I’ve enjoyed hearing about Rebecca’s career and her thoughts about being a woman in cybersecurity. If it sparked a thought in your mind, let’s talk. An exploratory call with me gives you the opportunity to ask any questions you have about the work that I do with cybersecurity companies on attracting, developing and retaining your female talent. Get in touch with me by email at to book your call.


Important Links


About Rebecca Taylor

CGP 21 | Cyber KnowledgeRebecca joined Secureworks in 2014, where she developed an immediate passion for cybersecurity. Rebecca quickly expanded her cyber acumen, moving into Secureworks first Threat Intelligence Knowledge Manager role in 2022.

Rebecca is primarily focused on the implementation of knowledge management processes and procedures for the Counter Threat Unit, the ingestion and management of Secureworks Threat Intelligence knowledge, and its associated quality, storage and maintenance.

CGP 20 | Sophos

Taking On More Complex Projects In The Cyber Industry With Chloe Acebes Of Sophos To Celebrate National Cybersecurity Awareness Month

Going to the next level in your career means having to take on more complex projects. And our guest in this episode has done that while coaching and mentoring women in technology. Sherry Bevan interviews Chloe Acebes, the Director of Software Engineering at Sophos, with 20+ years’ experience in the cybersecurity industry. Chloe leads teams of Engineers who develop next-generation endpoint security products.

In this conversation, Chloe shares her career in cybersecurity, taking us along to both the challenging and proudest moments in her career thus far. She also talks about coping with the pandemic, the barriers for women working in the sector, and the future of her career balancing politics and technology.

Listen to the podcast here


Taking On More Complex Projects In The Cyber Industry With Chloe Acebes Of Sophos To Celebrate National Cybersecurity Awareness Month

In this episode, I’m talking to Chloe Acebes of Sophos about her career in cybersecurity. A very warm welcome to you, Chloe. Chloe is the Director of Software Engineering at Sophos. She’s going to be talking to us about her career in cybersecurity. Let’s get started. Perhaps you could tell me how you got started in IT or in cybersecurity.

I studied Physics and Astronomy at university. In my final project at uni, we did a little bit of C programming. I learned a little bit of C there and to say that I liked that and thought I might be interested in a career more towards IT. When I was finishing university, I applied for various different jobs in technology and in science. I applied for a job at Sophos, where they had a graduate program where they took people on from different disciplines. We got basic training on the job. We learned about coding, various aspects of technology and security. Basically, I’ve been at Sophos ever since.

That sounds amazing that you’ve been there ever since. It proves that those graduate programs, when you get them right, they do work and you get good staff. How did you get into cybersecurity more specifically?

It came to me by chance. As I said, I was interested in IT and technology. I applied for several different roles. When I came to interview at Sophos, they talked a lot about protecting customers and protecting small businesses. Sophos focused a lot on small and medium businesses, which means that we make the difference between a business doing well and a business being attacked and potentially losing money. That aspect of talking about helping people was what drove me into the industry. That’s what still gives me job satisfaction.

In thinking about your career overall, what has been your biggest challenge?

I think there are two that come to mind. The first one is starting the job. I came from a Physics and Astronomy background. I didn’t know a lot about computers. I didn’t know a lot about programming and hadn’t done computer science. There’s that foundation that you’re missing. That was a bit intimidating coming online and starting off the job, but that strong ramp up to start off with is a big challenge.

It’s a fast-moving world. You’re always trying to keep up with the bad guys, which means there’s always lots of stuff to learn.

The second one I could think of is during the pandemic. I was leading a project at Sophos to deliver a project where we had to coordinate with many different teams and many different business units, different time zones. I have led projects before, but this was the biggest and most complex one that I had ever done. That was the biggest but also more satisfying challenge I’ve had because we delivered what we were asked of on time and coordinated across many different teams, and it was a success.

At that time, you were doing it in lockdown when we were still getting used to the ways of remote working and hybrid working.

In a weird way, it was beneficial at some points because some of the teams we were working with were based in the US. We would have been on Zoom with them anyway. Sometimes when you’re in a call in the office and some people are in the office in the room and some people are on Zoom, it’s actually hard to engage both sites. Having everyone be on Zoom was a level playing field.

I think that’s been one of the advantages that we see now with more hybrid working. People are more understanding of the disadvantages of having a mixed group of people working in the office and from home. Being on Zoom and in the office all at the same time, it adds an extra layer of challenge to the way that communication works.

You have to be careful with things like drawing on the board. The meeting I was in right before this one actually, we had one person on Zoom, the rest were all in the office, and I wanted to draw on the board. We’re lucky enough that where I work, the cameras move around. You can point the camera at the board, not the people on the call, and have the person on Zoom still engaged with what’s going on in the call. You’re right, it’s an interesting challenge having people come back to hybrid, partly in the office and partly online.

I’ve seen that work well. I’ve also seen it work badly. You mentioned there about your biggest challenge and it sounded like a very complex project. I’m wondering, what about your proudest achievements in the work that you’ve done or that you do?

CGP 20 | Sophos
Sophos: We can work very hard to try and make the balances as good as we can, but if a few people are applying, it’s like fighting a lost battle.


There are a couple of things. I do some coaching and mentoring at Sophos. Some of it is around women in technology. I’m part of the Women in Technology Group at Sophos. We have a coaching scheme and a mentoring scheme as part of that. I have a mentor and I mentor other people. I also run a Women in Engineering Group where we try and get people together. We started that in the pandemic. New people would start during the pandemic, they didn’t have that natural meet the peers in the coffee area and find people around. I’m not at all saying that because there’s another female in the office, you should be friends with them because you’re females together, but you maybe have more in common with them.

Meeting people in the office is more natural. We couldn’t do that in the pandemic, so we started this Women in Engineering Group. We went out for dinner one night. We have an online teams thing where you have new starters join and realize there’s a community of other women at Sophos that they can meet up with. I’m quite working with the mentoring scheme. The project I mentioned was a big complex thing, and I’m proud of delivering that project. It set me up for more complex things in my career.

Obviously, you work in cybersecurity, and we know that the gender balance between men and women in technology as a whole is not great, but it’s even more marked in cybersecurity. What do you see as some of the potential barriers for women working in this sector?

I think part of it is fear of the unknown. I’m not seeing role models that are similar to yourself. The thing I struggled with the most is it’s quite difficult to fix having more people to apply because the pipeline isn’t big enough. It doesn’t have a strong enough pipeline of females. You have to go back to university or school, and change the attitude there so that they’re more likely to do science and technology subjects, and be more passionate about those so that when you get later on in life and you start to look for a job, there are more women looking for that. It’s almost a bit of a catch-22. We can work as hard, and we do work very hard to try and make the balance as good as we can and make cyber at Sophos more appealing to women. If there are fewer people applying, it’s like fighting a losing battle.

We know there’s a skill shortage generally in the cybersecurity sector. That does make it even harder.

There are fewer people, in general, doing degrees, never mind women.

The more diverse your workforce, the better the solutions you come to.

What about the opportunities for women in the sector? If you were to go and do a marketing piece and come and join the sector, what would you say to women?

This may sound weird, but I almost wouldn’t want to say that there’s anything specific to women that appeals to women in cyber. It’s just a good career for anyone. There isn’t anything specific to women or men. There are lots of challenges. It’s a fast-moving world. You’re always trying to keep up with the bad guys, which means there’s always lots of stuff to learn. There are always new challenges coming, and I think that should be exciting for anyone.

It sounds like that’s what you enjoy about the work that you do.

That’s part of the reason I’ve been in one company for so long. I think if I had been here and done the same thing for many years, I would be bored. I’ve moved around different teams. The challenges move on all the time. The bad guys are always doing different stuff, so the whole industry has to move along to keep up with that. There are always new things to look at, new techniques that you have to worry about. It keeps you on your toes.

In the role that you do, can you tell us a bit more about what you do on a day-to-day basis?

As a Director of Engineering, that means I basically manage multiple teams in one functional area. My role has transitioned a little bit. It was at first that I was the director of the endpoint detections for our endpoint software, which covers some Windows devices and Linux devices. I’ve shifted a little bit, and I now focus more on protecting Linux devices. I have 3 or 4 teams now that work on various aspects of our products, which protects Linux servers.

CGP 20 | Sophos
Sophos: The further up you go, the more removed you are from technology and the more of the politics game you have to play.


We help to work on strategy with product management to identify the roadmap and the areas that we want to deliver. I also work then with the teams to work on how we deliver those things, what technical choices we want to make, how we split the projects up, how we are using resources for the projects, what the timelines for those look like. How do we coordinate across the teams? How do we make sure we deliver it with quality?

A lot of your role at the level you’re at now is managing the teams to do the development and the delivery of those products.

I still have one team who reports directly. Maybe I do like day-to-day management with them and what tickets are we working on and what are we doing? I would like to hire a person to take on that role so that I can be exactly as you described, a slightly higher level. You’re worrying more about what direction the teams are going in and what direction the product itself is going and more strategic.

What do you see in the future for you and your career?

I think I would like to weigh in the scope of my responsibility and the area that I’m in. As I said, I’m responsible for taking care of the Linux product, which covers a lot of cloud workloads. A lot of customers have machines running in the cloud, AWS or Azure, and that’s a specific type of customer. That type of customer may use other tools and leverage other security tools to manage their cloud workloads. I’d like to extend my functional responsibility to cover those areas and have the responsibility within the department.

I don’t know how much further I would like to go up the ladder. The further up you go, the more removed you are from technology, the more of the politics game you have to play. I’m in the middle of that now, but I still have reasonable ideas about what technology the team is using and having a hand in the strategy. I still have to do some politics, but I’m not far enough up the ladder that that’s what I do day-to-day. That’s probably the next decision I have to make if I’m able to go farther up and do more of the politics and less of the technology, if that makes sense.

The cyber industry is looking for many passionate people who want to solve problems.

Thinking back to your original degree, I think you said it was Physics and Astronomy. Is there anything from what you studied in your degree that you’re actually using in your work?

No. I think the main thing is ability to solve problems. Anyone who does a Science degree learns how to have a logical approach and how to approach solving problems. That is invaluable. You’ve proven that you can understand the problem and that there are various ways to approach it, and that absolutely applies in software engineering. That’s one of the main things we look for when we get graduates to join.

These days, many more people will do Computer Science degrees than back when I was at university. We always look for people who have a Computer Science degree because they have that foundation that I mentioned earlier, but they also have shown that ability to solve problems. We do also sometimes consider people from other backgrounds if they’ve shown that ability to do the problem-solving.

What other skills are you looking for apart from problem-solving and that kind of foundation in Computer Science?

Definitely communication. That’s something that’s changed in the time that I’ve worked in the industry. When I first joined Sophos, there were lots of people who would be handed a little bit of work to do. They would sit in their corner. They’d write their code and then they pass it back and they almost would avoid talking to other people. The industry has gone through quite an epic change where the focus is much more on Agile programming and collaboration.

That’s important to know that when we solve problems, we often do it as a team. You have to be able to stand up in front of a whiteboard, draw a picture, explain the problem and what your approach should be, and then collect information from other people and come to some consensus about, “Let’s take a little bit from everyone’s solution.” Come to a consensus, something common. To be able to do that, you have to communicate. You have to actively listen. Those are the two other key things that we look for.

CGP 20 | Sophos
Sophos: When we solve problems, we often do it as a team. You have to be able to stand up in front of a whiteboard, draw a picture and explain the problem and your approach, and then collect information from other people to come to a consensus.


At the end of the day, that means that you’re going to end up with a better product because it’s not just one person’s thoughts or ideas on how to deliver or how to develop that product.

That’s where the diversity comes in. The more diverse your workforce, the better the solutions you come to.

Before we finish, Chloe, any tips for people thinking about working in cybersecurity or thinking about going into that as their career after university?

Just apply. The cyber industry is looking for lots of people who are passionate and want to solve problems. You don’t need previous cyber experience to do well. You just need someone who’s passionate, able to communicate well, can sell yourself and can solve problems. Those are the things we’re looking for. I’d recommend that you read up a little bit about, in general, what cyber is about, but just go for it. We’re desperate for new blood.

I hear that all the time from lots of the companies I’ve been talking to. The skill shortage is very real. I was talking to someone else who was saying, “We don’t mind whether they’re male or female. They could come from planet Mars, as long as they have got communication skills and problem-solving skills because we’re so short on good talent.” It sounds like it’s a brilliant sector to work in with the future of technology, isn’t it?

Yes. For me, the thing I mentioned earlier about the fact that you’re helping people, you don’t get that in many other technology industries. You could work in finance, doing fintech, or you could work in IT, building computers for people, but you don’t get the same satisfaction. You’re helping protect people. You’re helping keeping their assets secure. For the small businesses, you’re basically helping keeping them going. If they had a ransomware attack, they could potentially go out of business.

It’s that sense of purpose that you get working in that sector. Thank you so much for joining me. I do appreciate it. Thank you, everyone, for reading. I’ve been talking to Chloe Acebes from Sophos. She’s a Director of Engineering there. I enjoyed hearing about Chloe’s career as a woman in cybersecurity, but also her journey from coming from a Physics and Astronomy degree, and then finding out about coding and then eventually joining Sophos as a graduate.

You can find out about more episodes at If it sparked a thought in your mind about how to attract more talent to your organization, particularly if you’re looking at attracting female talent, then please do get in touch. An exploratory call with me will give you the opportunity to ask any questions you have about the work I do with cybersecurity companies on attracting, developing, and retaining your female talents. You just need to get in touch with me by email, Thank you again, Chloe. It’s been great talking to you. Enjoy the rest of your day.

Thank you very much.


Important Links

CGP 16 | Diversity In Cybersecurity

Diversity in Cybersecurity: Jess Figueras On What’s Causing The Cyber Skills Shortage

Diversity in the workforce is an issue that many industries are striving to improve. But what about cybersecurity? Jess Figueras sheds light on the matter with host Sherry Bevan. Jess is an independent tech industry strategy adviser and the Vice-Chair of the UK Cyber Security Council. She has experienced first-hand the lack of and the need for more women in the profession. In this episode, Jess discusses the cyber skills shortage and factors that contribute to a skewed diversity in the field. Technology is producing information faster than the professionals going in. So, what is putting people off from cybersecurity? And, is this a chance for more women to get into cybersecurity? Get the answer by tuning in.

Listen to the podcast here:

Diversity in Cybersecurity: Jess Figueras On What’s Causing The Cyber Skills Shortage

In this episode, I’m delighted to be talking to Jessica Figueras, a tech industry strategy advisor and Vice-Chair at the UK Cyber Security Council. What we are going to be looking at and exploring is how we attract and keep female talent in the cybersecurity space. If this is a topic of interest, I do still have a couple of spaces available on The Executive Round Table on this topic on the 24th of March 2022.

We will be looking at why the sector needs more women in cybersecurity. We will look at ways that organizations can tackle unconscious bias in hiring. We will have a look at the role that internal mobility plays and how to close that gender pay gap in cybersecurity. Back to our guest, a very warm welcome, Jessica. Thank you so much for joining me.

Thank you for having me.

Perhaps to set the scene, it would be helpful if you could tell us a bit more about your career and how you’ve got interested in digital trust and cybersecurity issues.

It is important to remember that you can start from anywhere. When I graduated with my English degree, I had no idea what I wanted to do. I ended up in Public Relations accidentally. It was technology public relations doing a lot of work for companies like Microsoft. As it turned out, PR was not for me. However, I found the technology industry fascinating and quickly gravitated to the most complex bits of emerging technology where pretty interesting industry dynamics were emerging. From there, I became an industry analyst.

I worked at a company for a long time, focusing on areas of emerging technology, where interesting dynamics are coming out. Companies are competing in different ways and using cases affecting society and changing consumer behaviors. That’s how I got in it in the first place. Digital trust started to interest me somewhere around 2014, 2015 when I started working in a role specializing in government and public sector use of technology, how government strategy, different emerging technologies, and methodologies were going to be playing out in that sector.

Lack of diversity is a problem. If you only have the same kinds of people trying to solve the problem, you don’t have a full toolbox.

The role of digital identity became important. At that point, the government has been trying to implement a new framework for digital identity in government for quite a long time. It was called the Verified Program. It’s a way for citizens to sign into digital services online and have their identity verified.

It was a very complex undertaking. The government ran into a lot of trouble with that program. It didn’t deliver. It has been phased out and replaced. You are looking at how that digital identity is not a technocratic question. It’s not a question of how you can make the tech work. It also raises interesting questions, which are more civil society questions about the role of citizenship if everybody has access to the credentials you need to prove your entitlements to use different government services.

That leads to questions around equality, all sorts of different kinds of dimensions. We saw it with the Windrush scandal when many British citizens were deprived of their citizenship simply because they had arrived in the country as children and didn’t have credentials. We can see the horrifying consequences when the government doesn’t get this right. That’s where my interest started.

How did you get involved in the UK Cyber Security Council? That sounds like a fascinating role to me.

The UK Cyber Security Council came out of the government’s National Cybersecurity Strategy in 2016. One of the weaknesses that the government identified in the UK’s overall security posture was the profession itself and lots of different dimensions there. Firstly, endemic skill shortage continues to be the problem. The demand for skilled people consistently outstrips supply.

There are a lot of issues around skills, career paths, professional development because of our young professionals. It’s changing and evolving very quickly. It’s very difficult for organizations to know what qualifications they should be asking for in their people and how they map onto each other. It’s about one million and one different qualification you can take. It’s not always obvious how they map.

CGP 16 | Diversity In Cybersecurity
Diversity In Cybersecurity: Cybersecurity skewed away from the kinds of people who would naturally see their job primarily being about communication and engagement.

There’s a lack of diversity as well, which is a problem. If you only have the same people trying to solve the problem, you don’t have a full toolbox. It also plays into the skill shortage. That’s why the UK Cyber Security Council was set up. Initially, it was sponsored by the government and set up by the industry. I was taken on as 1 of 4 founding trustees. Our job was to bring the work done to fruition to launch the council as an independent charity. The fact that I had a long background in technology but also that I had a lot of experience in charity governance as well, that was why I ended up joining. That has been very exciting.

What’s the role of the UK Cyber Security Council? What can organizations get from it? How can it help them?

We are here to strengthen the profession. We do that in lots of ways. We map all of the different qualifications out there. We have a career pathways map. We map that onto the jobs available in the market. We give a lot of information and advice to people interested in careers in the sector. We will be doing professional registration at some points. The government is starting to look at whether any form of regulation needs to be put in place. We support that process. We are supporting the drive for diversity as well.

Cybersecurity is quite a young profession. It has not been around forever kind of thing. How do you think it’s doing in terms of promoting diversity?

The data that has been collected so far on this suggest that technology, in general, has a diversity problem and cybersecurity has even more of a problem within the tech sector. The stat side source suggested that the tech sector is about 20% female. Cybersecurity is about 15%. That’s the big gap. There is also a lack of diversity in terms of ethnicity, particularly with the lack of Black people working in the industry as well. It’s not diverse.

However, one interesting fact about the cybersecurity profession, which probably will be recognized by people working in it because often doesn’t get recognized externally is in terms of narrow diversity. The interesting thing is more neurodiverse people are working in cyber than in the general population. It’s more inclusive. Like most professions, they have a bias toward certain types of demographics. It’s quite common. Looking at the whole picture of who we’ve got lots of and less of, it’s the female candidates, which is the glaring omission.

There are more neuro-diverse people working in cybersecurity than in the general population.

What’s the benefit to cybersecurity companies to have more female candidates in their ranks? How does it benefit them?

I find it hard to answer this question, honestly, without resorting to stereotypes. In the cyber profession generally, one of its weaknesses is the ability to communicate more broadly. That’s where the weaknesses are. We know that the weaknesses are two crucial ones. It’s around lack of user awareness, which is why our users are still clicking on dodgy links and doing all sorts of things that they shouldn’t be doing.

Secondly, the business as a whole, is it from the board level down? Does it understand what the risks are? In both of those cases, you have skilled professionals working in the organization on the ground and it’s their responsibility to communicate with those groups and get themselves into positions of influence in the organization where they can change thinking.

That is much more likely if those professionals are great communicators. We have talked about how the profession is skewed towards certain demographics. It’s skewed away from the people who would naturally see their job primarily being about communication and engagement. People with those skills tend to find them in commercial jobs, sales, marketing, and policy. We know that there’s a huge agenda bias there.

Effectively what you see is that cybersecurity could do with better communication skills and engagement skills, understanding the business, the risks for the business as a whole and not for individuals, and being able to communicate that to our users. Perhaps having more women in there, I don’t mind going back to the stereotypes but women tend to have perhaps more polished or better communication skills. I also wonder whether that’s also one of those skills that are perhaps less valued in the business.

A big weakness of the profession is the image of the cyber security professional, the cyber security hack or whoever it is. It’s these hackers in hoodies thing. It’s glamorized in an unhelpful way. It’s both off-putting to people that don’t see themselves in that way, which applies to many men as it does to women. It causes us to mix up two things because there are people who we are up against it. Although, the enemy is very organized and professionalized.

CGP 16 | Diversity In Cybersecurity
Diversity In Cybersecurity: A big weakness of the profession is the image of the cybersecurity professional as these hackers in hoodies. It’s glamorized in a way which is really unhelpful.

The response has to come from the whole of the business and civil society. We are not criminals. It has to come from mainstream organizations. You have to understand how these people think but if we say that we can only respond to the cybersecurity threats via a tiny elite character, a very unusual people, we’ve got a real problem. The solution has to be a lot bigger than that.

There’s a global demand for cybersecurity professionals and pacing supply. There’s not enough talent. Could this be a real golden opportunity to get more women into cybersecurity?

It is. Some organizations are doing innovative and cool things around upskilling, training, certifications and so forth, where they are very explicitly targeting groups that have been typically underrepresented, particularly women, which is fantastic. The key is there are two things. Number one is we have to do something about the level of gatekeeping in the profession. To my mind, the most pernicious thing is the demand for competing degrees or more cybersecurity degrees. When we ask for that, we immediately cut off 80% of the women. Those degrees we know so gender imbalanced in the UK. That’s arguably where the problem starts.

The other thing also is we need to think about, “What does a career in cybersecurity look like? What does a cyber security job look like?” It’s much more diverse than we usually think. There are some areas where there are probably a lot of women working. If you expand it to the broader risk management, there are lots of women working in that field, working as in-house legal councils, working in data protection and in all sorts of areas, which should be thought of as if not complimentary, in the discipline. The question is who’s at the table? When is an organization making decisions about this stuff? Does it have a broad enough group of people there?

It’s interesting what you are saying about the demand when people are looking to fill talent spots that they are looking for a degree in Computing, Computer Science, Cybersecurity or something. You are a prime example of somebody who’s done English as a degree, and then you are working in that space. There are plenty of valuable skills you get from studying other subjects. It doesn’t have to be English or History. There are analytical skills that are very valuable in cybersecurity.

Anything that teaches you critical thinking and the ability to appraise evidence is going to be valuable. The challenge for employers generally, and this is not specific to cybersecurity but it goes to many technical professions is that we often hear from employers that there is a mismatch between the skills that graduates have and the skills that they want in their entry-level people. They often want their entry-level people to do very practical things.

We have to do something about the level of gatekeeping to the profession.

If they’ve gone to university, they may have spent three years studying a lot of theoretical concepts. Particularly in computing, by the time you have done your three years, not of universities, you are already going to be out of time. A lot of universities are not good at keeping the material up to date. There are general questions about education and preparation for technical jobs.

To my mind, what excites me is those providers who are explicitly looking for people with no relevant background at all who will take people from whatever level they are. They will give them practical training. There is some good work being done in the open university. There’s a company I have come across that has great upskilling programs. That’s where to look.

Some of the other companies I have been talking to are very much looking at internal mobility and who they already have in the organization that they could upscale or retrain and allow for those sideways to move. It reduces the cost of onboarding because those people already know the organization and are familiar with the company’s values. They know they are a good fit. That’s a real rich vein of talent sitting there waiting for you to come and ask them to do something different.

It’s important also to make clear that cybersecurity professionals in an organization do have lots of opportunities to progress. That’s one thing that people will want to know. That’s the whole package. Are we making it an attractive job? The one piece of feedback we hear a lot, which is worrying, is the level of burnout in the profession and how stressful many of those roles are.

It’s a problem for many professions. It’s not bad luck but it’s happening at a time when some of the most crucial professions for keeping us all safe are burnt out. You see it in health and social care, too. At the time of COVID, that’s the profession we need to be looking after. We can’t afford for them to be burnt out and cybersecurity is true as well.

It’s not because we’ve got that gap in supply so there’s more demand. We need more of these people to exist.

CGP 16 | Diversity In CybersecurityCGP 16 | Diversity In Cybersecurity
Diversity In Cybersecurity: The amount of power the tech industry has gathered is extraordinary and that has gone hand in hand with ta relegation of the role of women.

Technology is producing more and more intelligence that professionals can act on. It’s overwhelming people. You see the same dynamics inside social media platforms. They have moderation teams who are responsible for looking at the worst of the worst that goes on. You see similar dynamics there like stress and burnout because there’s a sense that whatever you do, it will never be enough.

Organizations, to my mind, have a moral duty to look after these people. What particularly troubles me is when you hear stories about organizations that have developed a bit of nasty blame culture. You can see why it happens. When particularly companies in the public eye suffer a cybersecurity breach, it can be financially and operationally damaging. On top of that, if you end up with a regulator investigation get hit with a fine, that’s bad.

We are in this mentality of shame, cover-up, people are fired, heads roll, and hasn’t fixed the problems often. This is complex. The solution is multilayered and complex. Probably outside the most egregious cases of negligence is how can it be effective or fair to pin the blame on one person. As long as we have that culture around cybersecurity, secrecy shame, and blame, we are not going to end up in a good place. Getting over that and getting to a good place is also about accepting the fact that this is an endemic problem, which everybody has. Everybody has weaknesses and is under threat.

Before we finish, I want to ask you about one more thing. I read an interview with you at Information Age and you talked about occupational feminization. I would love to hear more about that and how that affects cybersecurity.

This is a term to describe this interesting phenomenon, which is where a profession that starts off being dominated by men. The professions that we know are mostly our work. Over time as they attract more women, they become less well-rewarded and prestigious. To give an example, we are here in the UK. Many years ago, the figure of a school teacher was an important local authority. The schoolmaster would have been then. I don’t know what the exact figure is but women play a big role in education. It is not respected in the way it was then. It’s certainly less well remunerated.

With tech, what’s interesting is the reverse has happened. It has been a reverse occupational feminization. We go back to the ’50s and ’60s. The tech as it was then was dominated by women. Women were mainly the first coders. The tech industry back then was payroll processing and huge rooms full of most gigantic IBM mainframes. It would have been dominated by women, creating the punch cards writing their routines.

We’re very comfortable with the idea of a male tech genius but it doesn’t seem to work for women, does it?

At some point in the mid-’80s, that started to change. The tech industry started to become an industry. It started to attract attention, investments, and funding. Pretty quickly, here we are. It’s male-dominated and has been probably since the ’90s. As an industry, it’s probably secondary to banking in terms of levels of paying remuneration. Prestige, here we are with big tech ruling the world.

The amount of power the tech industry has gathered is extraordinary and that has gone hand in hand with a relegation of the role of women. I would humbly suggest it is not coincident. We see this occupational feminization as something that has been studied by academics, looking at big data sets covering different professions. It’s a phenomenon.

I started in technology in the mid-’80s. In the department I worked in, we were easily 50% female, probably more than that. I worked in that company for a long time and probably left there towards the end of the ’90s. I hadn’t realized there was a problem for women in technology because I had been surrounded by other women in technology at the company where I worked. It feels like things have gotten worse ever since. It’s a male-dominated industry. The industry as a whole is missing out on having that diversity.

It is about where prestige attaches. Where are the female equivalents of Elon Musk and Mark Zuckerberg? I find it interesting also that we do have the odd powerful female figure in tech of the likes of Sheryl Sandberg, who has been an incredible advocate for women, and how much criticism she’s taken, so much of it from women. There’s a real tall poppy syndrome going on there. I find it troubling. We are very comfortable with the idea of the male tech genius but it doesn’t seem to work for women.

It doesn’t fit with our unconscious ideas and perceptions of how a woman should behave. Jessica, I have loved talking with you. Thank you so much. If people want to get in touch with you, how do they do that?

You can go to my website,, and send me a message or look me up on Twitter or LinkedIn, whatever your platform of choice. I love to hear from you. Thanks so much for having me. It’s been great.

Thank you so much for joining me with Jessica Figueras. We have been talking about we improve diversity in cybersecurity. You can find more episodes at If you want to take a deep dive with other HR and talent professionals, how we can attract and retain more women in cybersecurity, please do get in touch because I do have a couple of spaces left on my Round Table on this topic on the 24th of March 2022.

If this conversation has sparked a thought in your mind, let’s talk. An exploratory call with me will allow you to ask any questions you have about the work that I do with cybersecurity companies on how to do more, attract, develop and retain your female talent. You can close the gender pay gap. Get in touch by emailing me. Thank you for reading. Thank you again, Jess.

Important Links:

About Jessica Figueras

CGP 16 | Diversity In CybersecurityJess is a tech industry strategy adviser. She works with start-ups and scale-ups on growth strategy and product development, and advises UK government on tech policy relating to security, trust and online harms.

She’s also Vice Chair at the UK Cyber Security Council and former Chair of NCT, the UK’s leading charity for parents.

CGP 15 | 2022 Gender Pay Gap

Five Key Trends And Predictions To Close The Gender Pay Gap In The Year 2022

2021 was a very challenging year for most of us for various reasons. We all experienced a decline in productivity and anxiety brought by the pandemic. Then, just when we thought it was all over, another surge began. And women at work are going through even more burnouts, stress, and confusion. What will the next year await? In this episode, Sherry Bevan explores the five key trends and insights that will impact the gender pay gap in 2022. This way, we could have a clear view of what we could expect this year and decide on the actionable steps we could take.

Listen to the podcast here:

Five Key Trends And Predictions To Close The Gender Pay Gap In The Year 2022

In this episode, I would like to explore some of the key trends and insights on Closing the Gender Pay Gap in 2022 in the technology sector. Before I start talking to you about trends, predictions, and insights, I want to let you know about an exciting round table that I’m organizing on the 24th of March 2022. We are going to be looking at how to attract more women into cybersecurity. There are some topics that we are going to be looking at specifically.

We are going to explore, “Why does cybersecurity need more female talent in the first place? How does it help your productivity? How does it help the quality of the products that you are able to deliver?” We are going to look at ways that organizations can tackle that unconscious bias in hiring. We are going to take some time to explore, “What role does internal mobility play?” We are going to be looking at, “What are some of the specific actions that you can take? What are the specific initiatives that are going to help you close that gender pay gap?”

If you are interested in joining the round table, I do still have a few spaces. I generally have no more than 6 to 8 companies on any round table topic. I organize this about 3 or 4 times a year. If you are interested in getting involved, then please do reach out. The topic for the 24th of March is very much focused on how to attract and retain more female talent in cybersecurity.

Let’s think about the specific topic that we are going to cover in this episode. We are going to be looking at some of the trends and predictions that I foresee for 2022. There is no doubt about it. 2021 was a tough and challenging year. For me, personally, it has been a tough year for various reasons. I had a family bereavement at the start of the year. I was trying to get my stepmother moved into a care home. It was a tough year for my children. One of them was supposed to be at university and ended up doing all of her lectures online.

You need the numbers, but you also need the analysis. You need to understand the narrative and the story behind those numbers.

One of the toughest things about 2021 is that we thought it was all over, and then we looped back around again into that lockdown with the pandemic. However, let’s stay positive for 2022. The sunshine outside my window gives me a good omen for the year. Let’s focus on what we need to do now to close the gender pay gap in the technology and cybersecurity sectors. I’m going to start by sharing a few facts, and then move on to look at some of my trends and predictions of what that’s going to look like in 2022.

Let’s start by looking at some of the facts. Women remain underrepresented in technology and cybersecurity, particularly in those niches that require disruptive skills. It’s things such as cloud computing, engineering, and artificial intelligence. One study suggests that women only make up 25% of the cyber workforce. The gender pay gap reporting regulations require employers in Great Britain with 250 or more employees to publish the overall mean and median pay gaps based on the gross hourly pay for men and women expressed as a percentage. They are also required to report on their mean and median gender bonus gaps.

The other thing that employers are also required to publish as part of their gender pay gap report is the proportion of male and female employees within each quartile of their pay distribution. How many women do you have in the top quartile or the highest-paid section of your workforce? How many women do you have in the second-highest-paid section? You have got quartiles 1 to 4. You are required to report on how many men and women you have in each of those quartiles.

Generally, what we see is that you get this pyramid shape. In the lowest-paid quartile, very often, the proportion of men to women employees is about even. It’s 50/50. Sometimes it’s even slightly higher for female employees. In the next one up, it’s a little less balanced. It may be 60/40. In the next one up, it’s less balanced again may be 70/30. In the top tier, the highest-paid employees, it’s often out of balance. You have got this pyramid effect that gets created.

Employers are also required to report on the proportion of both men and women who have been paid a bonus in the preceding twelve-month period. That gender pay gap data needs to be reported annually. What we see is that, on average, the gender pay gap in technology is around 18%, which means that women are only getting paid 82% of what men on average are getting paid.

What is slightly worrying is that the gender pay gap gets even wider for employees age 40 and above. We can assume that those employees age 40 and above are the ones who are likely to be in your senior roles. Not only is that gender pay gap there because you have got more women in the lower-paid roles and more men in the higher-paid roles, but even at that senior level, there is a gender pay gap between people on the same level getting paid quite different sums.

CGP 15 | 2022 Gender Pay Gap
2022 Gender Pay Gap: Women remain underrepresented in technology and cybersecurity, particularly in those niches that require disruptive skills.

Hybrid Moves From Concept To Reality

Let’s think about five predictions. I’m going to bring five trends, insights, and predictions for you. The first one doesn’t come as any surprise to anyone who has been living through it since 2020. The hybrid working model is going to move from concept to reality. We have nearly all been working in a hybrid or flexible way. What we want to see and what I expect employers to be doing more is to take that hybrid work model from that concept.

We have ended up doing that forced homework without necessarily having thought about all of the policies and best practices that go along with it. We had to suddenly move one day from working in the office, factory or client sites to working from home. We are moving now from that concept and that put together nuts and bolts to get it moving into reality. Organizations are now doing more work on developing best practices and guidelines. They are making sure that their line managers know how to support their employees in that hybrid world.

What we saw in the 2022 Global Culture Report is that for 64% of workers in the UK, what they have prioritized from their employers is needing clearer guidelines, more clarity about the way that hybrid working is going to work and how it’s going to be implemented, “What does it mean for me as an employee? What does your hybrid working look like?”

Over the last couple of years, we have all introduced hybrid working in many places but perhaps there has been understandably not as much clarity as you would have expected if you implemented that hybrid working from scratch without the pressure of a lockdown and pandemic going on. The UK workers want to see more clarity around the way that hybrid working is implemented.

One of the things that I did in 2021 is I ran a round table on the impact of hybrid working on the gender pay gap. If that’s something that you are looking at doing, getting your hybrid work model black-and-white and creating practices and policies, then check out my white paper on The Impact of the Hybrid Revolution to make sure that you are aware of the potential pitfalls of hybrid working and how that might affect your female talent in a way that’s different to how it affects your male talent.

You get highly motivated employees by creating that positive employee experience.

Moving to that reality and having clarity on the way that’s implemented is going to give you a strong, competitive edge. Particularly, what we are starting to see is salaries are going up because of the Great Resignation and more people are looking to change roles. The clear process and policy around the hybrid work model are going to give you a competitive edge.

Internal Mobility Gives Competitive Advantage

The second insight or trend that I predict over 2022 is that we are going to see more internal mobility. We are going to see employers needing to look inside themselves to find that senior female talent in particular. This is going to give you a competitive retention edge in the market. If you are finding it difficult to recruit good female talent into technology or cybersecurity, look at your current workforce. Look at ways that you can make it easier for people to move sideways inside your organization.

Look at the departments and people that you have. Who could you retrain? Who could you develop the skills more quickly and cost-effectively than buying in that talent from outside? That’s not to say I’m encouraging you to pay people less because they are internal. One of the reasons why people often leave an organization is because they can see that new talent comes in and gets paid at a higher rate. You have got this incredible workforce who already understands your culture, values, policies and best practices.

Look at your internal workforce. “Who could you retrain? Where could you develop skills?” Rethink the career pathway and ladder that are available to your staff. Doing that will help you in many ways. For example, it’s going to increase your retention figures, which means that it’s going to reduce the cost of recruitment. It’s going to accelerate how quickly those new hires become productive because they already know your values and their way around the systems. They already know what learning and development are available. It’s going to increase and speed up how quickly those new hires or internal moves can get productive.

It’s going to reduce the time to recruit, which also means it’s going to reduce the cost of the recruitment process because you do not have to pay for job ads and recruitment agencies. The other fantastic benefit to looking at internal mobility and your current workforce or making it easier to move sideways is it’s going to increase your employee engagement, which means that you are going to build an even stronger employer brand. That in itself will make you more attractive to talent outside.

CGP 15 | 2022 Gender Pay Gap
2022 Gender Pay Gap: Employers who provide exceptional employee experiences have highly motivated employees.

The third prediction or trend that I have for you is more focused on data-driven decisions. When we are looking at the gender pay gap, very often, what we are doing is we are looking at the numbers. It’s not just about the numbers but it’s also the narrative and story behind those numbers. When I work with clients on helping them to develop their gender pay gap narrative, it’s so important to be open, honest and not try to hide the reasons why your gap is large.

If you have made progress in that gender pay gap to be open and honest about what has helped you to get there, you need the numbers but you also need the analysis. You need to understand the narrative and story behind those numbers. Having that information about the numbers, analysis, and data means you are more likely to put into place the right actions and initiatives that will help you to close that gender pay gap.

For your resources in HR, people or talent management team, you need that data literacy. You need people who can understand and work with data. Very often, what I see when I work in organizations is you have got more data than you know what to do with. It’s important that when you are making decisions on what actions and initiatives to take, you are not just making those decisions based on hunches and intuitions. You need to have that backup of the data as well.

Focus On Data-Driven Decisions

Take a moment now to think about, “How many of the people in your team would you say are data literate? How many of your decisions are based on data? What can you do to change that? What can you do to encourage more of your team to become more data literate? How can you make sure that you base your decisions on data, not just on hunches and intuitions?” That was number four. I can predict in 2022 and I have already seen this from companies that I have been talking to in January. It’s going to be more focused on having data-driven decisions and emphasis on having data-literate staff in your team.

One of the number one causes of burnout at work is feeling that you’ve been unfairly treated.

Positive Employee Experience

The trend that I see coming up is how important it is to create a positive employee experience. Many of us have been going through burnout. There’s a study by Gallup and Forrester Research that shows that employers who provide exceptional employee experiences have highly motivated employees. That’s hardly surprising. It means they have got higher engagement and increased productivity. What that means for your clients and customers is increased customer satisfaction. If your employees love working for you and doing the work that they do, that’s going to shine through into the service and products that your clients and customers receive.

It’s about looking at each stage of that employee life cycle for the whole employee experience. It’s about looking at how you do recruitment and onboarding. Remember, first impressions count. I’m sure, like me, you have seen how willingly new employees will share photos of how they have been welcomed into the organization, particularly while we have been in lockdown. That all helps to create and strengthen your employer brand.

The next stage of that employee life cycle is about career and personal development, “What are you doing to enable and empower people to take responsibility and have accountability for their career development? What are you offering to them?” Over the last couple of years, what has been important is the overall employee well-being. We are looking after the staff that we have so that we are more likely to keep those staff. How you get highly motivated employees is by creating that positive employee experience. I can see that organizations are starting to put more emphasis on creating that experience.

Widening Gender Burnout Gap

The final insight that I would like to share with you is the gender gap in burnout. What we have seen is that the burnout gender pay gap has widened. I predict that we are going to continue to see that gap even larger. Women are more likely than men to feel burned out at work. It’s 34% of women versus 26% of men feel burned out at work. That’s from Gallup’s research. What we see is that since the lockdown and pandemic, the burnout gender gap has more than doubled since 2019.

That’s scary because that’s not right. We can all see that there are lots of different factors involved but it’s worrying that women are experiencing this more than men. What we see from the research is women in non-leadership positions are affected especially. Burnout is common. 1 in 4 men experiences burnout regularly. When you do experience burnout, you are more likely to take time off, take sick leave and quit. There has been a disproportionate increase in burnout among women since the pandemic. There’s no one factor at play here.

When women work remotely in individual contributor roles, they are more likely to experience burnout. If they are working in project manager roles, they are working in isolation almost rather than working in specific leadership roles. What was interesting in looking at the research is that when you look at the difference in burnout by gender among workers in managerial positions, there wasn’t that much difference. Where we see it specifically is for those women who are working in those individual contributor roles.

What can you do? You have got to enable the conversation. You’ve got to make that conversation acceptable and available. Talk about the causes of burnout. Educate your managers so that they have the information and resources, so they know how to get the conversation started and the signs to look out for. It’s important that you measure and track employee well-being.

CGP 15 | 2022 Gender Pay Gap
2022 Gender Pay Gap: By having information about the numbers, the analysis, and the data, you’re more likely to put into place the right actions and initiatives that will help you to close that gender pay gap.

One of the number one causes of burnout at work is feeling that you have been unfairly treated. Your alarm bells should start ringing if your conversations or data uncovers a gender gap in burnout. Give your managers the opportunity to manage the burnout conversation. Make sure they have the information, education, and awareness of the signs of burnout. You are being proactive and prompting those conversations rather than waiting for the person to completely burn out, take time off sick or worst, to quit.

Those are my five trends and predictions for what we are going to see in the technology sector. They are going to influence and impact how quickly we are able to close the gender pay gap. The first one was looking at how we are going to be moving from that hybrid work model concept to the hybrid reality. Employees will need more clarity on your practices and policies because that’s what employees feel is missing for them. If you focus on internal mobility, make it easier for people to make a sideways move. That is going to give you a competitive retention edge.

I can predict that we are going to see more focus on data-driven decisions, which means that you are going to need to make sure that your people in your team have that data literacy so that you are making decisions based on data, not just based on hunches and intuitions. If you want a productive and highly engaged staff, it’s all about creating that positive employee experience. I can see employers being able to go back to focusing on doing that. Finally, the last thing is about keeping an eye on that gender gap in burnout because that has widened over the last couple of years. I would hate to see that widen even further.

I would love to hear your thoughts on these key insights and trends in closing the gender pay gap. Now that you have read this, what are the things that you and your organization need to do? What do you need to change to get different results? What do you need to commit to achieving those results? If you want to talk through any of the trends and insights that I have talked about, and if you would like to have an opportunity to talk through with an external objective consultant, then please feel free to give me a call or get in touch with me by email at

If you are interested in that round table on attracting more female talent into cybersecurity, then please do get in touch. The round table takes place on the 24th of March 2022. I still have a few spaces left on that. If this conversation sparked a thought in your mind, let’s talk. An exploratory call with me will give you the opportunity to ask any questions you have about the work that I do. For me to share key insights and trends that I’m seeing from other organizations that I work with that want to do more to attract, develop and retain female talent, which means that you start to close that gender pay gap. I would love to hear from you. I will be back next time. Thank you.

Important Links: