21
Feb
2023:
CREST,
the
global
not-for-profit
community
of
cyber
security
businesses
and
professionals
working
to
keep
our
information
safe
in
a
digital
world,
today
launches
its
latest
best
practice
guide,
describing
how
to
foster
greater
equity,
inclusion
and
diversity
(EID)
as
part
of
national
cyber
security
strategy.
CREST’s
latest
good
practice
guide
delivers
practical
information
for
government
departments
charged
with
developing
not
only
a
National
Cyber
Security
Strategy
(NCSS),
but
a
more
diverse,
inclusive
NCSS.
A
NCSS
is
a
framework
describing
a
nation’s
strategy
to
ensure
a
more
resilient,
trusted
and
robust
cyberspace.
Part
of
that
is
a
clear
plan
to
grow
and
nurture
the
talent
pipeline,
ensuring
people
have
the
right
skills
to
fight
ever-evolving
cyber
threats
to
national
security.
And
yet,
as
CREST
CEO
Nick
Bensonsays:
“It
is
surprising
how
few
NCSS
documents
mention
harnessing
the
benefits
of
a
more
inclusive
and
diverse
cyber
security
workforce.
As
the
gap
between
supply
and
demand
in
the
cyber
security
workforce
grows,
a
clear
course
of
action
exists
to
attract
a
more
diverse
talent
pool
to
the
sector.”
“As
an
industry,
we
must
encourage
more
people
into
the
sector
who
have
different
backgrounds,
influences
and
experiences.
A
more
diverse
workforce
will
deliver
myriad
benefits,
including
fresh,
creative
perspectives
–
on
how
we
can
solve
complex
security
problems.”
The
2021
Cyber
Security
Workforce
Study
from
(ISC)2
suggests
the
number
of
additional
professionals
organizations
need
to
defend
their
critical
assets
adequately
stands
at
2.72
million
people.
The
33-page
free
guide
is
now
available
to
download
on
the
CREST
website:
https://www.crest-approved.org/research-and-reports/
This
latest
guide
includes
up-to-date
descriptions
of
what
equity
inclusion
and
diversity
mean
in
the
context
of
the
cyber
security
sector,
including
age,
disability,
neurodiversity,
gender,
sexual
orientation,
race,
religion
and
socio-economic
background.
“Improving
equity,
inclusion
and
diversity
at
a
national
level
is
essential
for
any
nation
that
wants
to
improve
its
cyber
resilience,”
said
Allie
Andrews,
CEO
of
PRPR
and
author
of
the
report.
“Tapping
into
a
diverse
talent
pool
is
not
just
key
to
alleviating
the
skills
shortage
and
the
right
thing
to
do,
but
it
is
clear
it
also
improves
security
teams.
There
are
a
lot
of
great
initiatives
out
there,
but
what
is
needed
is
greater
guidance
in
NCSS
about
what
works
and
what
doesn’t.”
The
guide
describes
how
to
include
these
crucial
considerations
in
an
NCSS,
with
examples
of
international
strategies
which
have
taken
EID
into
account.
In
addition,
the
report
delivers
examples
of
good
global
practice
and
how
to
measure
the
success
of
a
strategy.
However,
EID
is
about
more
than
simply
including
policies
in
an
NCSS.
Nick
Benson
adds:
“Recruiting
and
retaining
more
diverse
cyber
security
professionals
requires
more
than
policy.
It
needs
genuine
collaboration
with
all
stakeholders
in
the
cyber
security
ecosystem.
It
may
also
need
significant
societal
or
cultural
change
at
a
national
or
workplace
level,
which
takes
time,
but
the
rewards
will
be
worth
it.”
The
report
is
one
of
several
produced
by
the
not-for-profit
organisation
to
help
build
capacity
and
consistency
in
the
cyber
security
industry,
aimed
at
companies
and
individuals
who
need
to
understand
the
importance
of
EID
in
cyber
security
strategy.
In
2020
CREST
received
a
grant
of
US$1.4
million
from
the
Bill
&
Melinda
Gates
Foundation
to
help
increase
cyber
security
capacity
and
cyber
resilience
in
Bangladesh,
Ethiopia,
Indonesia,
Kenya,
Nigeria,
Pakistan,
Tanzania
and
Uganda. This
latest
EID
Guide
is
created
by
CREST
to
assist
in
this
enabling
process.
About
CREST
CREST
is
an
international
not-for-profit,
membership
body
representing
the
global
cyber
security
industry.
Its
goal
is
to
help
create
a
secure
digital
world
for
all
by
quality
assuring
its
members
and
delivering
professional
certifications
to
the
cyber
security
industry.
CREST
accredits
almost
300
member
companies,
operating
across
dozens
of
countries,
and
certifies
thousands
of
professionals
worldwide.
It
works
with
governments,
regulators,
academia,
training
partners,
professional
bodies
and
other
stakeholders
around
the
world.
CREST
members
undergo
a
rigorous
quality
assurance
process
and
employ
competent
professionals.
Organisations
buying
their
cyber
security
services
from
CREST
members
do
so
with
confidence.
About Author
