Cyber security training and accreditation bodies (ISC)² and CIISec have teamed up to release a guide to the use of inclusive language in cyber security, explaining why it is important to use inclusive terminology and language to foster a more inclusive and diverse profession, and offering alternative vocabulary and language guidance to help security professionals end the use of exclusive and potentially offensive terminology.
Designed with input from members of both organisations, the guide is organised into categories around race and ethnicity, gender and sexual orientation, accessibility, military and criminal justice, and age. It offers a number of tips to keep in mind when writing code and documentation, such as avoiding terms with a social history, reducing the use of acronyms, idiom and jargon, being mindful of perpetuating stereotypes and bias, and using automated accessibility checks and authoring tools.
As an example, the terms “blacklist” and “whitelist”, and “master” and “slave”, are rooted in anti-black racism and many organisations have already moved to end their use, with alternatives such as “allow list” and “deny list” increasing in popularity as a result.
Nicola Whiting, founder and co-owner of security software firm Titania, who last year spoke to Computer Weekly about her experience as an autistic cyber professional, said it was important that people in the industry understand the implications of the language they use.
“Language doesn’t define us, but it does shape us and how others perceive us,” said Whiting. “Showing you care about people’s worth by actively choosing empowering language – demonstrating you value and respect others – isn’t only good business, it’s good humanity.”
Nurul Gee Zulkifli, business efficiency and employee engagement lead at Standard Chartered, added: “There is power in words, and you can make a difference with then. Choose inclusive words that acknowledge and enable others to be seen, heard and valued.”
(ISC)² and CIISec said that with the global cyber workforce facing a shortfall of 3.4 million individuals, organisations that take up their recommendations could help fill this gap by attracting a more diverse range of people.
“To attract as many people as possible to the cyber security industry, we need to ensure that the barriers to entry are tackled,” said Dwan Jones, director of diversity, equity and inclusion at (ISC)².
“This means fostering more inclusive environments and changing the negative perceptions of cyber, which allows for more individuals from diverse backgrounds to see themselves in the cyber profession. Inclusive language alone will not solve all of these problems, but it can help change the work culture and avoid alienating those we need to fill the workforce gap.”
Amanda Finch, CEO at CIISec, added: “The cyber security industry is in desperate need for diverse talent. Currently, there’s no shortage of people – the challenge lies in identifying, hiring and correctly supporting skilled employees from any and every background. If the industry doesn’t act, then others will, and we’ll see that talent either go elsewhere or lie completely undiscovered. In the worst-case scenario, these people with such fantastic potential could even end up working for the bad guys, who recognise and support their different needs.
“The industry must ensure this isn’t the case, by doing more to attract these prospective cyber security stars of the future. A big part of this will come down to the language we use, and ensuring we foster a more inclusive culture that the industry needs,” she said.