Author Archives: mxai064

Role Models and Trail Blazers: WISDOM Q&A with Celine Pypaert

Every month, WISDOM highlights the achievements and perspective of inspirational colleagues in the field as part of a Q and A series. Our November role model and trail blazer is Celine Pypaert, an Associate Security Solution Engineer and VMinclusion UK Communications chair at VMware, and part-time mature student finishing her Bachelor’s in Computer Science with Honours at University of Derby.

Celine entered the field after teaching herself cybersecurity skills, leading to a pentesting internship for a few months at a small British cryptography software firm, after which she joined VMware. Previously not being a technical person at all, Celine is also a public speaker and tries to inspire others to go after their dreams in infosec and learn the skills to get to where they want to be! She believes that security should be accessible to all and will continue contributing to initiatives and talks to help “non-techies” become more secure.

1. What do you think is the most challenging aspect of information security?

The most challenging aspect in information security, to me, is the constant challenge of having to stay up to date and learn as much as I can – as low-level as needed, too. Thankfully, I am so interested in it that keeping up to date on the latest hacks, malware, and technology, is no chore for me. Nonetheless, balancing all the self-learning on top of my other work duties, and my university studies (as I am finishing my BSc in Computer Science part-time) can be quite a time-consuming challenge. An additional challenge, of course is having to stay or try to stay one step ahead of the attackers. But I do love a fast-paced job and environment, and if you are a curious person, then staying on top of things and continuous learning can often be a passion and hobby, and not just a job or a chore.

2. What has been the proudest moment of your career to date?

I have a tie between my proudest moments: helping secure a small software company’s web app; giving security training to non-security colleagues in my company; and getting to do my first public talk at Women Driven Development 2020 – highlights in my life and career!

I am happy to help others become more secure, whether that is a client/customer, regular users or friends, companies, or my friends and family – as I believe security should be more accessible to all.

3. What are the most enjoyable parts of your work?

The most enjoyable moments so far have been testing and analysing Linux malware and non-malware attacks (yes, that exists! For Mac, too) and being given permission to “hack” a company or app. It is fun and enthralling trying to find ways in, find vulnerabilities and help secure those holes. I also enjoy talking to customers, learning what their challenges are and how we can help them. The nice thing about being a Solution/Systems Engineer is that it’s often a mixed role of technological focus and customer interaction. I am not just using command-line all day every workday (although I sure enjoy that, too).

4. What are the most challenging parts of your work?

The most challenging parts of working as a Solution Engineer in cybersecurity, is to balance between the technical priorities and the business requirements/ needs. It is trying to find what the business needs and how we can help them. It is also realising that sometimes, budgets can get in the way of what is technically and architecturally more secure. Echoing my answer in question one, another challenge having to continuously learn and keep up with all the latest in infosec and learn the latest tech. In my role, I will forever be learning even as I become an expert, but that is fine by me, as I am a firm believer in lifelong learning!

5. What lessons have you learnt as your progress through your career?

I’ve learned that being honest and saying “I don’t know” is better than trying to ‘BS’ my way around; for example when a customer (or colleague) asks me if I know something technically, but sometimes I don’t. This can sometimes can be hard to admit, especially as I still face impostor syndrome and fear fulfilling the stereotype that “women aren’t as good as men in engineering/cyber/tech.”. But now, I’ve learned that it doesn’t matter: no one comes out of the womb knowing everything, and it’s honest of me to tell the truth and say I will find out and get back to them, rather than try to get away with lying! Authenticity, integrity, and honesty are really important.

I have also learned that even in technical roles, improving communications and people skills, part of “soft skills”, is equally as valuable as technical skills. What use would it be for me to become the best technically if I cannot work in a team, or speak kindly to a customer or work well with?

I have also, technically, learnt a lot about systems administration, hacking attacks/techniques, command line, and networking as well as programming skills too. All things that really help in infosec – getting those strong IT, sysadmin, web development, and networking foundations which enable you to go further in infosec. I am still continuously learning and improving on these.

6. What are your reflections on diversity and inclusion within your field

Women in infosec are still largely underrepresented: I think the latest numbers I saw were around 11%, which is (in some statistics) less than the average of women in game development, also a field notorious for being male-dominant. But I can attest to the fact that, increasingly, large companies especially are making concrete efforts to hire more from underrepresented groups (more than just gender). VMware, for example, are improving in this, as are others. And at the same time, it isn’t based on quota or just for the sake of it. I mean, practically speaking and thinking of the “bottom line”, why would a company hire someone just for their “group” if they don’t have the experience or skill set needed? Overall, you will still get hired based on perceived merit, skills and/or experience. But more companies are trying to reach out to underrepresented groups and making efforts to train managers and talent acquisition teams, how to reduce unconscious bias. I believe we are making improvements and will continue to do so. But overall, it isn’t so much a hiring issue as it is more of a systemic societal problem: it comes down to the fact that most of us women and girls are not encouraged to pursue STEM fields. I can recall for myself, as an example, how I was even discouraged from pursuing university and a career in favour of marrying young and raising a family! These are still issues that plague our society in 2020, and will take significant effort to improve. And it is more than gender. Discrimination is taught. Unlearning it and discouraging it starts in the families and schools – parents/guardians and teachers, as well as media and social media. But we are making some progress.

7. In your view, how can we increase effective diversity and inclusion in information security?

I believe we can increase D&I in infosec by reducing some of the “gatekeeping” that I have seen in job posts: not asking for a CISSP for entry-level jobs in the UK; increasing apprenticeships and paid internships leading to permanent roles; and making infosec friendlier to all. I recall that the thing that scared me the most in the beginning was my lack of technical knowledge and fear of being ridiculed, as well as fear of fulfilling a stereotype: at my first infosec conference, Steelcon in Sheffield, I didn’t even know what those hexadecimal numbers meant (now I know, and I use them in x86 Assembly, doing reverse engineering of malware at CTFs and systems programming at uni). We can increase diversity and inclusion effectiveness by making the field more welcoming to “newbies” – being open to those who are honestly curious and willing and seeing the potential in people, even if they lack the degree, experience, or certification. To quote one of my role models, Heath Adams (@thecybermentor): “I’d hire motivation and passion over education every single time“, “Give me someone who hustles, loves what they do, and is motivated – I’ll educate them myself”.

My degree has helped me a lot, in terms of gaining an internship then a sandwich-year placement, but the cybersecurity and pentesting was almost all stuff I taught myself outside of university, which eventually landed me that first internship. I went from non-techie person to security engineer in two years. Infosec is a field where people who are hard workers, motivated, and passionate can thrive, and so things like class/poverty, gender, ethnic minority, etc., should not be allowed to hold someone back. Grit and determination are more important. I say, give people a chance, just as I was given a chance before even finishing my degree.

So I think making some exceptions and looking past conventions can really help increase effective D&I. We also need to make the field more enticing to entrants, letting girls at school know that tech and infosec is for them!!!

8. What advice would you give to someone just starting their career?

I would tell you: don’t ever give up and know that this can be for you too. I know how scary it is to start out, especially if you stand out as ‘different’ in any way to the average or norm. Do not let fear of fulfilling stereotypes hold you back and try to ignore the naysayers. Try to find mentors and sponsors who will help you and push you up. Keep working at it and you can get to where you want to be. Do not give up. Keep going!

9. What advice would you give to recruiters for your field?

I would tell recruiters to consider not only the degree, but the self-taught technical skills the candidate or potential candidate has taken the initiative to develop. Lots of people in infosec are autodidacts, like in tech in general, and having the passion or willingness and determination to teach oneself says a lot about that person – willingness to learn, improve, and building discipline. I would say do not only look at the current technical skills or experience the person has, but also their soft skills and their attitude. Be willing to make a few exceptions and give people a chance – you never know, you could get someone incredibly skilled and well-matched for the role and team!

You can read more about Celine’s story and motivation in ‘The Rise of the Cyber Women: Volume One: Inspirational Accounts From Women who are Taking the Cyber Security Industry by Storm’ available on Amazon

Do you have someone you’d like to nominate for our next WISDOM Role Model and Trailblazer? Contact amy.ertan.2017@live.rhul.ac.uk. For any questions related to wider diversity and inclusion within the STEM fields (within and beyond Royal Holloway) please contact the WISDOM committee

Role Models and Trail Blazers: Fatimah Adelodun – October 2020

Every month, WISDOM highlights the achievements and perspective of inspiratinoal colleagues in the field as part of a Q and A series. Our very first nominated role model and trail blazer is Fatimah Adelodun, the Cyber Security Engineer at Nigerian Bulk Electricity Trading Plc.

Fatimah has a bachelor’s degree in computer science from the University of Ilorin, Nigeria and graduated from Edhec Business School where she earned an MBA degree. Fatimah started her career as an intern in IT in the year 2012 and over the years she has worked and evolved to become a well-rounded IT professional with immense passion for cyber security. She has worked on numerous projects and applications and has acquired various certifications including CISA, CISM, CEH, ITIL. Fatimah is also well-versed in cloud computing and data analytics. She is a regular speaker at the annual “Girls in ICT Day” where she sensitizes young girls about IT security and careers in IT.

What do you think is the most challenging aspect of information security? 
Fatimah: Information Security is a constantly evolving ecosystem. Earlier security incidents were often contained to individual user’s systems, resulting in little downtimes. However, the complexity of security attacks have increased over the years. With the increasingly interconnected environment, information is exposed to a growing variety of risks such as computer hacking, malwares, denial of services, etc. and the resulting effects range from causing billions of dollars of damage to businesses and completely shutting down others. Even with the proliferation of security solutions in the market, threats have continued to grow in severity making remediation even more challenging. This makes implementing and maintaining information security arduous for any organization.

What has been the proudest moment of your career to date? 
Fatimah: That would be the moment I was confirmed as a full-time staff at my place of work. Having started as an intern with an organization in infancy, I was entrusted with a role to build the IT department from the ground up. I literally had to have a 360-degree understanding of running an IT department and as a fresh graduate then with mostly theoretical knowledge, I had a lot of challenging moments. Summarily, I enrolled in courses, broke a few things, built some, but mostly, I grew as an IT professional. I learnt and became even more passionate about IT. Getting retained as full-time staff (not a common practice in my office) based on my outstanding performance after the completion of my internship made all the hurdles even more worth it.

What are the most enjoyable parts of your work? 
Fatimah: As a firm believer in the advantages offered by technology and information security, I enjoy deploying robust digital protection (firewall, anti-virus, wireless security, etc.) against a cyber diverse range of issues. Ensuring that users can use computer systems and applications as and when needed while reducing the risks from potential threats to the barest minimum enhances productivity at work. I also enjoy a good challenge and working in cyber security ensures to keep me on my toes as protecting critical infrastructure is anything but boring.  Besides protecting systems and data, I love learning new things and because information security is constantly evolving and new technologies emerging, jobs in the domain evolve too and so do the required skills.

What are the most challenging parts of your work? 
Fatimah: Everyday comes with its own challenges. Some unique, others not. While security incidents are almost unavoidable, being proactive and putting necessary measures can help in reducing the risks to an organization. A rather challenging aspect of my work is convincing the management to view information security as an intrinsic part of the business.

What lessons have you learnt as your progress through your career?
Fatimah: 
* Enact a multi-layered defense strategy that covers the entire enterprise (endpoints, data, applications, mobile devices).
* Continuously back-up data to safeguard against incidents and attacks such as ransomware.
* Patch software regularly.
* Problems don’t finish, live a little.

What are your reflections on diversity and inclusion within your field?
Fatimah: The STEM fields and particularly IT is male-dominated. There are moments of awkwardness when I walk into a meeting-room filled with men. Globally, women endure work environments where their contributions are not as valued as much as their male counterparts and so have more to prove. Some people are of the opinion that men are more built for technical roles than women and this type of reasoning discourages young girls and limits our opportunities in the workplace. It is refreshing to have discussions surrounding diversity and inclusion. Although many companies put their efforts towards both on their website, only few actually implement it.

In your view, how can we increase diversity and inclusion in information security? 
Fatimah: At the core of inclusion and diversity should be the deliberate creation of an enabling environment that supports all genders, religion and ethnicities. More importance should be placed on competence than gender, the color of our skin or religious beliefs.

What advice would you give to someone just starting their career? 
Fatimah: I would advise anyone starting their career to dare to dream. The tech industry is a huge one. Take your time in deciding your areas of interests/specialization. Also, invest in self-development; There are loads of useful resources that can help in guiding you to becoming more grounded. Finally, build a network of professionals in the industry. This is really important for future opportunities.

What advice would you give to recruiters for your field? 
Fatimah: I would advise recruiters to let candidates know their status in recruitment processes as soon as possible.

Do you know inspirational colleagues who could be our next WISDOM Trailblazer? If so, please get in touch with wisdom-owner@lists.rhul.ac.uk and/or amy.ertan.2017@rhul.ac.uk.

Author: Amy Ertan

Improvements to UKRI Postgraduate Entitlement to Leave

In June 2019, the UKRI Updated the Standard Terms and Conditions document relating to training grants, introducing improved provisions relating to sick leave.

The update outlines clear requirements that where a medical note is held, the researcher is entitled to continue to receive their studentship for up to 13 weeks (TGC section 8.2 in the document, quoted below):

TGC 8.2 Sick Leave: Payment of a Studentship must continue for absences covered by a medical certificate for up to thirteen weeks within any 12 month period. If the illness lasts for more than thirteen weeks You must suspend the Studentship for the period beyond the thirteen weeks.

In addition to paid leave, a student who has taken sick leave is also entitled to have their funding extended by the same amount of time taken as absence. For example, should a student take four weeks of absence with a note, they are entitled to support payments during that period and will also have their Training Grant support end date extended by four weeks.  illustrated below. These updates also apply to other categories of leave including parental leave and jury service as outlined in TCG 6.1.1.

TGC 6.1.1 The period of a Student’s support must be extended in line with these Training Grant Terms and Conditions, to offset a period of absence for maternity leave, shared parental leave, adoption leave, absences covered by a medical certificate and extended jury service, this must be in line with TGC 8.1 and TGC 8.2. The total period of an agreed extension must not normally exceed 12 months during the lifetime of an award. Please see TGC 8.4 for further information.

The updates affect all UKRI-funded students – including the EPSRC funded students across Maths, Computers Science and Information Security that might be most relevant to our WISDOM members, but also including AHRC, BBSRC, ESRC, MRC, NERC, STFC), Innovate UK and Research England.

The full document can be viewed at:
https://www.ukri.org/funding/information-for-award-holders/grant-terms-and-conditions/

Please ensure your fellow post-graduate research students and faculty staff are aware of these entitlements.

COVID-19 & ROYAL HOLLOWAY SPECIFIC

For Royal Holloway post-graduates concerned about the current impact of COVID-19 research completion within their existing funding period, the university has announced various financial support options as of Friday 3rd April.

Amy Ertan, PhD Student

Looking after your mental health while working remotely: a resource guide for postgraduate students

On the week commencing March 23th 2020, almost every university in the UK will have ceased all in-person activity as a strategy to reduce the spread of the Covid-19. This measure has been coupled with the ‘UK Lock-down’, with significant restrictions on public movement to  maximise social distancing. While these are the right moves to make, it can mean challenging times, especially for those whose work may not naturally involve engaging with team-mates or office colleagues as a part of day-to-day activity. For masters students and PhD researchers, the past few weeks represent a significant change in routine, amid wider uncertainty about how this global societal behavioural change has affected their research. WISDOM is aware that this represents a stressful and uncertain time for everyone and has designed this guide to provide assurance and assistance to UK postgraduate students. This blog post has two parts. The first section will address the (very natural) anxiety around the current circumstances, and provide assurances that students will not be penalised for circumstances outside their control, such as the loss of resources due to Covid-19. The second part takes a pragmatic approach: a mental health resource pack, which will hopefully be of use to those seeking resources for anxiety and other mental health concerns, and to improve their mental well-being.

Part 1A: These are incredibly challenging times. It is natural to feel overwhelmed. 

We are dealing with an unprecedented challenge as both members of the public and as researchers. Many of us will have had our schedules altered, whether that means lectures and teachers schedules, and/or facing research projects that have now been cancelled. With the pressure to work and be social at home, it is normal to experience feelings of uncertainty (and an element of cabin fever!).  For master students questioning how they will be assessed, rest assured that university course leaders are working full-time on this issue, and do not wish to penalise students for these exceptional circumstances. The UK government response and Royal Holloway’s communications confirm that you will be granted qualifications, so your work to date is and will remain valuable. For all post-graduate students, a key part of any dissertation we produce will note the impact of Covid-19, which will be recognised by any examining panel.

A key piece of advice to those feeling overwhelmed and/or panicked is to remember what you can and cannot control. You cannot control what has been cancelled necessarily – but you can adapt research projects, and your routine to ensure you are well-prepared to face both academic and personal tasks.

Lastly, for some of us, the demands on our time will go well beyond academic concerns. Caring for vulnerable friends and family, taking on childcare due to school/nursery closures, and the pressure to adapt routines and research to remote-only structures will consume our energy. Acknowledge this, and be prepared to give yourself time and/or an outlet for your self-care. Likewise, if you know of colleagues that may be feeling overwhelmed, and you feel able to assist, check in on them to see if they need any support.

Part 1B: You do not need to be productive at this very moment. It is okay to look after yourself. 

This is not business as normal, and it is okay if you can’t concentrate. You do not need to be replacing your commute time with additional work, new skills, or ‘side-hustles’ . Conversely, you do not need to spend all your time reading about Covid-19, beyond what information is useful to help you plan your schedule. Post-graduates all over the world have been struggling to transition to a work environment which is either typically very isolated and/or punctuated by distractions in the home, and it is normal to not immediately settle into a routine. It is important to give yourself time to rest and adapt before being able to approach your work with a healthy mindset.

If you are struggling with concentration when trying to approach research:

  • Try the five-minute rule. Whatever the task is, tell yourself you will try it for five minutes. If you don’t get into the swing of things, you’ve still achieved something, and can swap to another task (to try again another time). On the other hand, you may be into the task after five minutes – congratulations!
  • Free-write: Frustrated that you can’t get started, or staring at a blank page? Be strict with yourself in setting a 5 minutes timer and practising freewriting, putting down anything at all that relates to your topic. For example, you may give yourself the theme ‘Why is my dissertation topic interesting?
  • The Pomodoro method: Work for 25, rest for 5. When you know you only need to concentrate for 25 minutes, you can get a surprising amount done! For the 25 minutes, mute any notifications on your phone, and any risk of email notifications. This works particularly well if you are trying to write.

As above, if these methods don’t work, don’t use this to power self-destructive thoughts. There are more important things than academia at this time, so any amount of work is still productive. If you grow concerned over time that you are at risk of jeopardizing either your health, research, or other key parts of your life, know that you can reach out to your academic contacts (e.g. your supervisor/advisor).

Part 2: Practical Steps to look after your mental health

Understand:
It is important for postgraduates to be aware that any anxiety you may be feeling is entirely rational, and any stress is entirely valid. Understanding how and why these reactions are presenting is useful in terms of contextualising emotions and then learning how to face current circumstances. Being aware of your emotions and triggers can help you focus on the activities that will improve your mental health – for example, replace scrolling through news updates with preparing a meal, or going for a walk.

  • Anxiety: Mind has excellent resources on understanding and addressing anxiety.
  • Stress: Global health organisations have already communicated the expected rise in stress across populations as a rational response to the current situation. While not all stress is necessarily negative, all-consuming or overwhelming, stress can cause physical effects and be highly unpleasant for those affected. Once again, Mind is an excellent resource-base on approaching stress. As post-graduates, be aware that there are resources available to help you manage your stress, and focus on the elements in your control. Adjusting your timelines where possible, or adapting your methods to circumvent current challenges (for example, moving from face-to-face interviews to skype calls), can help conserve physical and mental energy.

Routine:
For post-graduates, the lack of an externally-imposed routine is both a blessing and a curse. If you’re like me, it is simultaneously an opportunity to prioritise the tasks I enjoy doing – which unfortunately often don’t correlate to my most pressing research priorities – and an opportunity to end up with a highly irregular routine. Nonetheless, a regular routine is a central part of sustainable self-care, offering yourself the predictability and stability to get along with daily tasks. Developing a routine that helps you prioritise and distribute your time can be extremely beneficial.

  • Research suggests it takes just over two months to build a habit to second-nature status, so don’t be discouraged if things are hard at first – and don’t be discouraged if not every day goes to plan. If you can stick to a start-time, or morning routine, for over a week, each part of your routine is likely to get easier over time. Weekly planners can help you map out your time into hourly segments which may help you manage multiple parts of your research/studies
  • Several blogs can advise you on building up routines. This one contains specific tips on working from home, while this one advises on how to tailor your routine to minimise procrastination.
  • Relatedly, do not underestimate the importance of getting dressed, showering, and daily grooming that may help mentally prepare you for a productive day. Following the same logic  as dressing in smart clothes for a telephone interview, taking time on your hygiene and clothing helps has been shown to improve employee self-perception. This psychological trick may help you feel more confident approaching your tasks, and help you shift into a productive work mindset. Bad news – staying in last night’s pajamas may lead to a lack of motivation, due to the negative connotations associated as explained by a business psychologist here. A change of clothes (author’s note: even if this does mean a change to an equally comfortable outfit) can help you associate this action as part of a routine to settle into productive work.

Calming Exercises:
The below suggestions are for times you may feel overwhelmed by your workload or the reality of the situation our society is facing. Spending 5 minutes on some of these could provide the bridge you need to get through to the next task on your list, or to simply reach the next part of your day with less anxiety:

  • 5-4-3-2-1 technique: this three-minute exercise can help you ground yourself through your senses and can be useful in times where you may feel panic. The technique forces you to consciously acknowledge five things you see around you, four things you can touch, three things you can hear, two things you can smell, and one thing you can taste.
  • Write: For some, writing out your thoughts can help you process, and let go of, worrying thoughts. In this case, having a journal (or word document), that you can tuck away (or minimise) when not in use, may be of use. This does potentially have a secondary, albeit peripheral, benefit. More factual notes on your thoughts around your research and the impact of current events will likely contribute to any dissertation you will provide.
  • Creative self-care activity. If you like to draw, sew or create – now is the time to engage in an activity that brings you joy and feels therapeutic. It may even be listening to music or re-watching a series on netflix. Be mindful during self-care and distinguish between active relaxation, where you’re able to immerse yourself genuinely in a relaxing activity, rather than passive viewing (watching Netflix while scrolling on your phone, and checking the news, with a research word document open in one of 15 tabs…. ).
  • Meditation and Mindfulness: Taking some time for quiet mindfulness practice can help increase sense of wellbeing over time. Calm and Headspace are both apps that offer a number of freely accessible meditation videos, while a quick search for related terms on Youtube brings up hundreds of hours of resources. For beginners, do not worry if meditative calm does not come easily. If this happens, practice counting breaths and focusing on an external sound instead, and do not be frustrated if you cannot clear your mind – simply return another time. Meditation does take practice, but does pay off long-term.
  • Take time for other activities that bring you peace. For example, for many of us, reading any content that isn’t the news may be a relief in itself. Reading for leisure (rather than your research!) offers the chance to ‘check-out’ of your current environment. (Scribd has offered it’s entire ebook and audiobook library for free for a month, no card details required: https://www.scribd.com/readfree)

Fresh air:

  • In the UK we are currently able to leave the house once a day to exercise. A walk, run or cycle can do wonders – not only in terms of a change in scenery, but also in helping get some movement and breeze into your routine. Whether scheduled in the morning, as a break between tasks, or as a way to mark the end of the working research day, getting outside can assist with any anxiety due to confinement, or repetitive tasks within the home. If you can get to a green space, even better. Here’s Thoreau’s take on the benefits of walking (audiobook – 44 mins). 
  • One work-from-home recommended routine involves doing a minimum-5 minute walk outside before returning and settling into work, in order to create a morning transition between ‘home’ and ‘work’ environments.

Exercise:
A significant number of studies have highlighted how physical exercise can help alleviate mental health. While gyms may be closed, there are still ample opportunities to stay healthy. Exercise also provides a way to break up the monotony of a work-day, and home-workouts can be scheduled into work breaks to give your mind a rest. If it’s a day where you are feeling anxious and can’t work, exercise can also help you reach a (justified!) sense of accomplishment – completing a workout is something to be proud of. Yet another benefit to exercise can be the increased quantity and quality of sleep.

There are a number of free/affordable online exercise routines that are available to help you work out from your home: Youtube has an excellent selection of workout videos, while several fitness instructors are running live classes. We have listed a selection of non-exhaustive resources below.

*Yes, I know, there are privacy concerns about using some apps (see Strava in 2018). The author has made the personal judgement that the benefits outweigh the costs given the current circumstances – and advises you to use the apps you are most comfortable with.

Communicate:

  • Social distancing does not mean social disengagement. Especially as students who may now be working predominantly from home, reaching out to friends and work colleagues can make a huge difference to your wellbeing. Scheduling calls with a friend can help – remembering to discuss all the valid parts of your lives that don’t revolve around Covid-19. Perhaps a mental note to discuss topics positive and unrelated to current circumstances, or a ‘5 minute rule’, where after 5 minutes (or an agreed amount of time) you move on to talking about topics distinct from the pandemic (What are you spending your time doing? Are there hobbies you would like to explore? What interesting TV, books, unrelated news have you come across that might be good to share?)
  • Find your community. There are a number of ways that communication with the academic community can help you. Arranging a regular catchup with your PhD or dissertation advisor can help keep you assured, and accountable, about your academic work. Consider daily or frequent calls with coursemates or fellow PhD students to discuss how things are going, and talk through life. This can become a welcome part of routine, and also provide reassurance that you are not alone in the post-graduate home-working struggle!
    • Twitter may also be a way to engage with other academics online, both sharing achievements and frustrations. We recommend users be wary that this doesn’t end up being another source of procrastination or anxiety.
  • If you think your mental health has declined to the extent you may be a danger to yourself or others, don’t hesitate to reach out to NHS on 111 (non-emergency) or 999 (emergency),  or the contacts listed by Royal Holloway, including calling/ messaging the London Nightline (staffed by University of London students) or the Samaritans.

A few last points:

    • Don’t forget healthy eating: A key part of your mental well-being will be the food you eat. This ties in with routine – try to eat a balanced diet at regular intervals, even if you don’t feel like it initially. Remember to drink enough water.
    • Don’t over-read the news: The World Health Organisation advises you to read as much as is useful for you – keeping up to date on potential restrictions and closures, for example. Do not over-consume information as this will only heighten your anxiety around aspects of the news you cannot control. If you are contributing to social-distancing / isolation, and staying safe, then you are doing your part.
    • Lastly – as always, don’t stockpile food. All the evidence, including corroborated, independent research, suggests that UK supply chains are stable. Please do not make life harder for the more vulnerable members of our society by hoarding.

WISDOM is there for all members of the InfoSec & Maths postgraduate community. Please let us know if there are any questions you have during this time, or if there are particular kinds of content you would like to see on the blog / our social media posts in the future.

Amy Ertan, PhD student

Let’s Talk Inclusion

Gender equality is usually considered one of the major forms of ‘diversity and inclusion’. Universities have diversity and inclusion programmes, as do large corporations, governments, and pretty much any formal grouping of people that wishes to codify their approach to underrepresented groups within a particular environment. Diversity is often celebrated as a proxy for equality (for example, hiring an equal number of women to men, or having a STEM course represent an equal female-male split). This blog post argues that this approach is insufficient, and that without well-thought out and robust inclusion programmes, diversity by itself will achieve little. Placing colleagues from underrepresented groups into a non-welcoming, non-inclusive environment sets them up to fail and fails to achieve sustainable meaningful representation.

The failure of inclusion programmes currently is highlighted in a recent study of female scientists in academia. Examining gender inequality across countries and disciplines, a group of researchers found that drop-out rates significantly decrease women’s contributions to the field[1]. More specifically, female academics were found to be 19.5% more likely to leave academia every year compared to their male counterparts. This results in a major significant advantage for male researchers, as despite the number of women increasing over the last 60 years, and despite relative publishing volumes being comparable in number, ultimately females make less of an imprint in their respective fields, as males stay in the field, submitting more research as their careers continue to develop. The issue here is shown through this study to be largely a problem surrounding the retention of female academics. The authors summarise their research findings as follows:

Fig 1: From Huang et al, reference 1.

The challenges in retaining talent from underrepresented groups is not limited to academia. Non-profit organisation ISC2 surveyed over 9,000 information security colleagues, summarising their findings a 2018 report titled ‘Innovation Through Inclusion: The Multicultural Cybersecurity Workforce’[2]. They found significant barriers to entry and advancement in the workplace for underrepresented practitioners including disenfranchisement and discrimination. To quote the results through the following excerpt:

‘Across all races and ethnicities, women experience greater rates of discrimination in the workplace than men, reporting discrimination in much greater proportions than men when viewed as a total U.S. population. Women who identify as Black, Hispanic, Asian or of Native American descent, report the highest numbers of discrimination.’

Such discrimination, coupled with pay discrepancies also noted in the report, create an uncomfortable environment in which to work. LeClair, Shih and Abraham (2014) suggest ‘climate dissatisfaction, pay inequity, pressure from family issues, gender discrimination, lack of social change, lack of support from employers for advancement’ as contributing reasons that encourage women to leave[3]. While hiring practices might reflect diversity strategy targets, looking at retention over time can give a much stronger indicator of how an environment treats underrepresented groups. In the case of information security, ISACA reports a ‘dismal’ retention rate with 44% of women leaving the field mid-career[4].

Fig2. Discriminating reporting by gender, see reference 2. ‘For the purposes of this study, discrimination can take the form of unfair treatment based on gender, age, ethnicity or an employee’s cultural group. The results of the survey reveal that discrimination is most prevalent along two intersecting axes, ethnicity and gender.’

Online discussions around the topic of diversity and inclusion have voiced concerns about how diversity is often seen as a ‘tokenism’ target, attracting and taking on women as an achievable and public-relations-friendly achievement, with less effort into actually ensuring the workplace culture and power dynamics are structured in a way that does not disadvantage women. Diversity is an essential objective, of course, and it is known that due to systemic issues in sexism and other forms of discrimination, initiatives including CodeFirst: Girls and  #WomenInStem, and Ada Lovelace Day can all do incredibly valuable work in engaging talent. That does not mean diversity is sufficient. Retention strategy should be a major consideration by academia and industry.  Equal opportunities should not mean getting a diverse number of candidates to a STEM degree, or graduate programme. It should be about making sure that all those who have the talent, ability and enthusiasm for a field should feel welcome there. It should be about making sure that discrimination of any form, in any environment should be managed swiftly, with a genuine culture that encourages talent to stay. Women should not be promoted into positions where they will fail, or made to feel like an outsider. Initiatives such as mentorship programmes[5], shared parental leave, and a consistent focus on an inclusive culture[6] (reiterated by senior colleagues) are just a few of the ways in which inclusion can be designed into a workplace.

This same argument – and proposal – may be made when speaking about any minority group, whether that is gender, ethnicity, class, sexual orientation, access needs – the list goes on. By showing that an environment is more than the physical presence of diversity, we can highlight the value of inclusion and draw attention to the sustainability of diversity as a women’s (or any minority’s) career progresses. Our research, work environments, and wellbeing will all be richer as a result.

[1] Huang, J., Gates, A.J., Sinatra, R. and Barabási, A.L., 2020. Historical comparison of gender inequality in scientific careers across countries and disciplines. Proceedings of the National Academy of Sciences. Available at: https://www.pnas.org/content/early/2020/02/14/1914221117

[2] ISC2 White Paper, (2018). Innovation Through Inclusion: The Multicultural Cybersecurity Workforce. [online] Available at: https://www.isc2.org/-/media/Files/Research/Innovation-Through-Inclusion-Report.ashx

[3] Peacock, D. and Irons, A., 2017. Gender inequality in cybersecurity: Exploring the gender gap in opportunities and progression. International Journal of Gender, Science and Technology, 9(1), pp.25-44.

[4] Reducing the Gender Disparity in Cyber Security. Available at: https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2016/reducing-the-gender-disparity-in-cyber-security

[5] CSO Online: Women in security: Cultures, incentives that promote retention. Available at: https://www.csoonline.com/article/2992461/women-in-security-cultures-incentives-that-promote-retention.html

[6] DarkReading: Best Practices for Recruiting & Retaining Women in Security. Available at: https://www.darkreading.com/careers-and-people/best-practices-for-recruiting-and-retaining-women-in-security/d/d-id/1331114

Amy Ertan, PhD student