Guest blog: Securing Diversity

We spoke with Sam Rigelsford, Director of Global Cyber Defence & Security Operations within Willis Towers Watson. Sam previously spoke to us on the “Cyber skills gap” discussing his thoughts on the interpretation of the skills gap and what can be done to gradually close the issue. Sam has followed up this conversation with how to secure diversity in the workforce.


Whether you have a genuine interest in diversifying your team, a corporate pledge to achieve a representative workforce mix and don’t know where to start, a team culture that is suffering because of a lack of diversity, or landed here by complete mistake, my hope is to inspire at least one hiring manager into making subtle changes to afford someone a deserved opportunity to break into Information and Cyber Security.

I’ve had the privilege of working within and leading diverse teams through my career. I’ve also seen first hand how a non-diverse team really struggles to think critically, to approach a problem from more than one angle, or just becomes plain unproductive. People are key to culture, and culture is key to service outcomes. Get it right and teams are able to become self-regulating, high performing, and can serve as a great pull-factor to retain your talent to boot.

How can we improve diversity in our security workforce?

The first and easiest thing to do is to stop asking for university degrees. In 2020 in the UK over 80% of computer science students were male. What’s more there was a 22.6% attainment gap for 2:1 degrees between white and black students1. Ultimately, degrees are out of reach for a significant number of highly talented potential employees.

I’ll throw into the mix here that I didn’t go and get a degree after leaving school, nor have many of my most respected colleagues. I have hired people without and with degrees, although never because of their degree. In for a penny, in for a pound; In a straight toss-up between two candidates of equal aptitude, I’d take the one with four years experience over a degree.

Some learn well in that environment, and where you are privileged enough to have the option of getting a degree, go for it, you’ll learn life lessons and theory (but far from everything you need!). It does come down to privilege though, and we mustn’t preclude those who cannot afford it, have huge existing work or care commitments or don’t feel it is the right path for them, from being able to work with us.

Looking at gender diversity specifically, a clear theme emerged a little while back when speaking with my recruiter contacts. I heard many stories of hiring managers asking for ‘female only CVs’. For this question to even get asked, there has to be an acknowledgement of the above introduction. The cynic in me says that either it’s actually their boss who understands the benefits of a diverse team and told them to do it, or that they simply accept the benefits but don’t understand them.

Either way, it completely misses the point.

Why are no women applying for their roles?

Well the simple answer is that your role isn’t attractive.

Common mistakes:

  • Most adverts, especially those written by men, are written with strongly masculine language which may consciously or subconsciously put women off. E.g. ambitious, decisive, driven (yes women are all of these things, but studies have shown that gender coded language affects how much applicants feel they belong in a role, and these are examples where females felt less belonging and males more.) Use a ‘gender decoder’ (see below) to see how biased your job description is. I for one was surprised when I started doing this.
  • The image of your company is also important. Does your company publicly promote a supportive diverse image, publicly support flexible working and shared parental leave, have a diverse board?
  • Finally, and in my opinion the biggest mistake of all, is to ask for a laundry list of things that you don’t need. It is well established that men are much more likely to apply for a role they feel under qualified for. By asking for a laundry list of things you don’t need you could exclude even more women.

Despite never asking for female only CVs, I have double the industry average gender female/male ratio in my team. I’d love to be able to better this over time and find other simple ways to build the best possible team.

This was by no means a definitive guide and there’s some great tools and articles on many of the topics I’ve touched on, a couple I’d recommend are:

  • A great gender decoder, which also gives great insight is here.
  • An excellent blog post which does a great job of expanding on the use of gender-coded language in job adverts is here.

1Advance HE (2020) Equality in higher education statistical reports.


Knowledge on the different types of diversity helps managers mitigate some of its challenges and reap some of its benefits.

Surface-level diversity: Diversity in the form of characteristics of individuals that are readily visible including, but not limited to, age, body size, visible disabilities, race or sex.

Deep-level diversity: Diversity in characteristics that are non-observable such as attitudes, values, and beliefs – such as religion.

Hidden diversity: Diversity in characteristics that are deep-level but may be concealed or revealed at discretion by individuals who possess them, such as sexual orientation.

Acknowledging the benefits of diversity in the workplace will benefit both the company and every single one of its employees.

Increasing your diversity in your business will differentiate you as an employer and allow you to enjoy the benefits of a diverse workforce such as, increased productivity, wider skill sets and improved employee engagement.

InfoSec People are striving to bring Equality, Diversity and Inclusion to the forefront. We have committed to the principles of EDI in both our workplace and throughout our recruitment processes, including the use of gender diverse job descriptions and an EDI panel, consisting of various members of the InfoSec team, to ensure this agenda is at the forefront of everything we do and that we have tangible, accountable actions both in-house and with our clients.


InfoSec People is a boutique cyber security and IT recruitment consultancy, built by genuine experts. We were founded with one goal in mind: to inspire people to find the careers that inspire them. All our actions are underpinned by our core values:

  • Always do the right thing
  • Be the best we can be
  • Add value

Working with exciting cyber and IT scale-ups and FTSE100 corporates, we find the cyber and tech leaders today who enable secure business tomorrow.

www.infosecpeople.co.uk