Inclusivity, diversity, and gender equality in cybersecurity
Digital and communication technologies have revolutionised humanity; however, cyber attacks pose a constant threat that transcends national boundaries. As such, collaborative international approaches to cybersecurity are needed. Cybersecurity has traditionally been a male-dominated field. However, at Cardiff Metropolitan University in the UK, Dr Liqaa Nawaf and her colleagues have established a new, British Council-funded initiative to promote improved gender equality in this field. The project, a collaboration with King Abdulaziz University in Saudi Arabia, aims to facilitate undergraduate and graduate-level training courses, research collaborations, and ecosystems for advancing women in cyber.
The rapid development of digital and communication technologies has, in the space of a few short decades, revolutionised the human experience. Today, computers, the Internet, and other forms of digital communication play roles in all facets of society and are the foundation upon which much of human interaction depends. In many ways, these developments have been hugely positive, breaking down barriers and bringing the global community closer together.
However, the Internet is largely unpoliced, and cyber attacks pose a constant threat. Given the nature of the Internet, cyber threats ignore national boundaries. As such, strong, collaborative, international approaches to cybersecurity are needed. The development of successful collaborations relies on understanding the ways in which cyber threats differ around the world. At Cardiff Metropolitan University (CMU) in the UK, Dr Liqaa Nawaf and her colleagues are conducting critical research into this area, aiming to provide much-needed insights and frameworks for more effective international cybersecurity.
Traditionally a discipline dominated by men, Nawaf is one of only a few women working in cybersecurity at CMU. She was part of the team that set up the student chapter Women in Cyber society (WiCys) at CMU and is an active member of the Women in Cyber Wales Cluster. Now, based on her experiences as a woman working in this field, Nawaf and her colleagues have established an ambitious British Council-funded project to support and increase the role of women in cybersecurity.
Partnership for Education and Research Programme
Given the ever-changing threat landscape of cybersecurity, updated knowledge and skills training is critical for those working within the field. The Partnership for Education and Research (PER) Programme for Women in Cyber is a year-long project, that started in 2022. It aims to ‘enhance the knowledge, skills training, and research and innovation opportunities of women in cybersecurity disciplines.’ The project is building bridges between two world-leading higher education (HE) institutes in the UK and Saudi Arabia – CMU and King Abdulaziz University (KAU) – intending to facilitate training courses, research collaborations, and ecosystems for women in cyber, including those in the academic, industry, and regulatory sectors. In this way, PER aims to address the inequalities faced by women accessing cybersecurity career paths.The Internet is largely unpoliced, and cyber attacks pose a constant threat.
With its goal of improved gender equality, Nawaf envisions eight main groups of beneficiaries: (1) female post-graduate (MSc and PhD) students at participating institutions; (2) girls/women with an interest in enrolling in Cybersecurity degree programmes; (3) the Cybersecurity, Information Networks Centre (CINC) of CMU; (4) the two participating institutes themselves, who will benefit economically and from a new influx of talent; (5) members of related cybersecurity and education committees; (6) the UK and Welsh governments, who will also reap economic benefits and secure new incoming talent to the HE sector; (7) female members of WiCys, the Cyber Wales ecosystem, and other related university societies; (8) and finally, all staff involved in the initiative, for whom participation will offer pathways for career development and progression.
Five main objectives
The PER project has five main objectives. First, it aims to promote and design a new curriculum – based on sharing best practices – to attract more women into cybersecurity disciplines. Second, it seeks to improve knowledge, skills, and training in cybersecurity among women working in STEM (science, technology, engineering, and mathematics) industries in Saudi Arabia and the UK. Third, it aims to create a strong collaborative partnership between CMU and KAU, facilitating world-leading research and impactful academic collaborations, with a focus on women in cybersecurity disciplines. Fourth, the project will establish a framework for a joint Saudi British Arabian PhD programme supported by a comprehensive mentorship agenda and senior staff with extensive experience in academic success (eg, securing funding). Finally, the PER leaders hope to establish a robust Women in Cyber ecosystem between CMU and KAU.
Meeting the aims of the PER initiative involves a three-phase approach.
Phase 1 involves the sharing of knowledge and best practices between CMU and KAU. For example, from one perspective, enrolment of women into cyber disciplines is currently higher at KAU than at CMU. It is hoped that KAU partners will effectively share knowledge that will facilitate improvements to the recruitment of women into cybersecurity degree programmes at CMU. Conversely, CMU has particular expertise in providing competition-based learning for female undergraduates, and this knowledge will be shared with KAU partners. Of particular note is the skills and knowledge required to offer Capture the Flag (CTF) training programmes; that is, a type of cybersecurity training in which participants compete to identify ‘flags’ hidden in computer programmes, websites, and networks. Through the initiative, the team have delivered three joint-CTF events open to students from both CMU and KAU, and one competition event.
Phase 2 of PER is focused on research. Firstly, this includes establishing a framework and networks for research collaboration among project members at CMU and KAU. An essential part of this framework will be taking advantage of the various national and international funding opportunities open to the project participants. Secondly, PER will establish a joint PhD programme with research supervision of enrolled students from academics at both CMU and KAU. Together, these research activities will create new knowledge, economically benefit both the host institutions and their host countries, and result in the establishment of joint intellectual property rights.
Phase 3 of PER, the final stage, will stretch beyond the initial one-year project duration – and will focus on strengthening the strategic links between CMU and KAU. Essentially, this will be a phase of capacity building, with the continuation and further development of the initiatives launched in phases 1 and 2. In particular, research collaborations will continue to deepen, with hoped-for success in securing new funding. In addition, Phase 3 will see the establishment of a Women in Cybersecurity ecosystem between the member organisations and their host countries; this ecosystem will also welcome participants from other HE intuitions, industry, and regulatory bodies in both Saudi Arabia and the UK.Given the ever-changing threat landscape of cybersecurity, updated knowledge and skills training is critical for those working within the field.
The project has already achieved many outcomes, including implementation of a joint Saudi-UK PhD programme for cybersecurity; sustained collaborative research between CMU and KAU including development of joint research grant applications; and the establishment of Women in Cyber Ecosystem between the two countries. As Nawaf explains, ‘Through a partnership approach, we have already realised many outputs from this project. We have shown real impact in making a difference to building the confidence of females studying and working in cybersecurity. In turn, cybersecurity will become more diverse which will be of significant value to the Welsh, UK, and SA economy’.
Nawaf and colleagues are conducting critical research into cybersecurity. They aim to provide much-needed insights and frameworks for more effective international cybersecurity.
PER: future goals
In addition to achieving the aims and goals of the three phases, the PER project aims to disseminate knowledge further via conference presentations, peer-reviewed journal articles, and chapters in relevant book volumes. Each of these media will offer a platform to share the lessons learned during the project and present research arising from the new collaborations. More widely, it is hoped that the PER project will get coverage on national and international media platforms, including across traditional news outlets and social media. PER could enhance the knowledge, skills training, research and innovation opportunities for women in cybersecurity. Therefore, should it achieve the goals laid out here, PER will successfully increase the inclusivity and diversity of cybersecurity disciplines at the partner institutions – and, more broadly, enhance the opportunities open to women in technology.
Personal ResponseWhat have been the major successes of the PER project to date?
1. Staff mobilities from two countries and a recommendations document (proposal) highlighting the best practices from both institutes.
2. Four CTF events were run which were attended by 247 students drawn from both institutes.
3. Research collaboration and exchanges engaging five PhD students.
4. The foundations of a joint PhD research degree programme has been established. This project and the student exchange it has supported has highlighted both the benefits but also challenges that are likely to be faced. It has also suggested potential programme content and initiated the drafting of an exchange partnership model.
5. A conference paper publication (Meace, S, et al (2023) In: proceedings for the 17th Annual International Conference of Education, Research and Innovation. INTED 2023 March, Valencia), and an open access journal article have both been published. In addition, a book chapter has been written and published in December 2022.