In a 2020 joint report by the NCSC and KPMG UK, entitled ‘Decrypting Diversity’, out of the 1252 cyber professionals interviewed, only 13% identified themselves as part of a minority ethnic group (Black, Arab, Asian or Mixed ethnicity, also known as BAME). Further, “41% of black survey respondents said they had experienced an incident of discrimination in the last year,” as per the findings of the report.
These numbers are telling of the gross misrepresentation of minority communities that is still prevalent in the world of cybersecurity and the high levels of discrimination and exclusion that take place in the industry that we all like to think of as pretty inclusive, diverse and dynamic.
In cognizance of this fact, the UK government launched the Cyber Skills Immediate Impact Fund last year with the goal of encouraging more women, BAME, and neuro-diverse candidates to choose cybersecurity as a career. The idea was to enhance diversity in the industry and ensure that minority groups can compete on an equal footing. With this mission at its heart, the government pumped in an additional £500,000 into the Fund this year.
Laudable as they are, are initiatives such as these adequate? Is funding a good enough impetus to infuse diversity and inclusion in an industry that is now at the very heart of business and government bodies in the UK and the world over?
Turning the spotlight on a BAME Success Story
To explore these questions and more, Cyber Management Alliance spoke with Mahbubul Islam, CSyP, a member of the BAME community himself who has managed to scale great heights in the world of cybersecurity.
This interview is part of our ongoing series called ‘Diversity in Security’ where we aim to unravel stories of those who have fought discrimination and bias to carve their own paths to success in the domain. The idea is simply to turn the spotlight on their impressive journeys so that they may inspire others to follow their passion and make a career for themselves in the world of cybersecurity.
Mahbubul Islam, CSyP, Chief Information Security Officer (CISO) at the HM Courts and Tribunals Service
Mahbubul began his long tryst with cyber in 2007 as an Information Assurance Manager with various government departments, before moving on to take up the role of Head of Information Assurance at the HM Passport Office. Here, he was leading a team of security consultants and gained valuable practical experience in directing a delivery team which he was also able to apply to his next role at DWP’s flagship programme Universal Credit. This led him to the role of Head of Government Transformational Security. Mahbubul now has the accountability of the Chief Information Security Officer (CISO) at the HM Courts and Tribunals Service, an executive agency of the Ministry of Justice.
Experiences as a BAME leader in cyber
Mahbubul believes that a lot remains to be done in the UK as far as diversity in cybersecurity is concerned. Yes, representation of women and members of the BAME community has improved over the years but it’s nowhere near where it should be. He adds that when he started his career, he would be the only BAME person in a security training course he attended. Today, if he were to attend a similar training programme, he’s 80% certain that he won’t be the only BAME person there. Yet there’s a good chance that he might be the only one and that’s precisely why he believes that representation in the industry is still far from satisfactory.
Talking of his experiences with bias and perhaps racial prejudice, Mahbubul feels that he has definitely experienced many instances of confirmation bias in his career. “Many times, things that I have said have been re-evaluated and re-interpreted by people who are not from the BAME background. Or maybe that’s how I felt,” he shares.
The impostor syndrome versus the confirmation bias has definitely caused challenges for Mahbubul over the years.
“I always felt that I had to prove myself more than others and I was always one step behind the role I was actually in and much of this had to do with bias. It’s only in my present organisation that my experience and knowledge has allowed me to build a team that supports me fully in delivery and security. The challenges, then, have gone from being the only BAME person in a training programme, to being the only BAME in the leadership team,” Mahbubul shares.
We always turn the conversation in the direction of the advantage that someone from a minority community, be it based on their gender, colour, faith or race, may have when entering into the world of cybersecurity and we asked Mahbubul for his opinion on the same. He was quick to add that if one can afford to make such a generalisation at all then he would think ‘resilience’ is the one fairly common quality that a lot of BAME persons have that helps them do well in the security industry.
“It is the environment that someone has been raised in and has grown in that makes their skillset. However, in my personal experience, those from the BAME community or those that have faced bias of some sort, are generally more resilient. And resilience is imperative in the world of cybersecurity because it helps you deal with incidents, handle excessive pressure, take a step back if required to evaluate a problem. It also gives you the confidence and wisdom to know that a step back doesn't mean that you’re stuck there.”
Diversity in Cybersecurity today
Today, Mahbubul feels that he’s finally in a place where he can afford to not care about what anyone might say. After long years of proving himself and accumulating extremely valuable knowledge and experience, he feels that he’s at that comfortable juncture in his career where if he sees bias of any sort, he is able to call it out and challenge it. And that, he shares, is how every member of the BAME community (or anyone for that matter) should really feel from the very onset of their professional journeys. That is the ultimate goal!
We asked him to share some advice for young BAME professionals who are ready to chart out their own paths in cybersecurity and Mahbubul is quick to point out that “building confidence is absolutely critical.” He adds, “Knowing what the impostor syndrome is and learning to deal with it effectively is also a crucial skill that everyone from the BAME community has to develop.”
Mahbubul eloquently turns the spotlight on the concept of privilege, even within the BAME community. The whole narrative of privilege must be explored according to Mahbubul and everyone should evaluate their own experiences and their current challenges in the light of privilege vis a vis their peers. Some BAME professionals may have more privilege than others - it could be thanks to something like having private education in Bangladesh, where state education is not normal, which means those who study have a financial advantage. It’s important to understand different types of privilege and to recognise that every level of privilege breaks one barrier of entry into any industry - not just cybersecurity. If you’ve had privilege, your struggle will be a few degrees less intense.
“Understand privilege in the context of your peers and then get rid of the impostor syndrome, build confidence and be motivated to get really good at what you do. That’s the only way to really challenge bias from the get go,” concludes Mahbubul.
We, at Cyber Management Alliance, will continue to reach out to all professionals in our vast network, including women, men and folks from the BAME community amongst others. In a nutshell, everyone in cybersecurity and privacy who has a story to tell and an interesting journey to share, will be featured on cm-alliance.com.
It’s our belief that their stories should be shared with the young and old alike. Their stories can inspire others to widen their horizons and take on challenges that they may not even have imagined confronting otherwise!