Bank rewrote ads for infosec jobs to stop scaring away women
Blokes happily bluffed; women played it by the book, leaving the bank struggling to hire
Australia's Westpac bank re-wrote its job ads for infosec roles after finding the language it used deterred female candidates.
The land down under, like most other lands, has a shortage of cyber security professionals.
"We realized our job ads were worded in a way that females deselected because they would look at it literally and think 'Well I don't have five years of [experience in] that'," said Richard Johnson, the bank's chief information security officer."
"A lot of men would just go 'Well, I could do that'. Women would deselect. So we've changed the way we do job ads, to talk more about the experience that we're after and the type of person versus specific technical skills.
"We hire for type," Johnson added. "We're after people who are resilient, problem solvers who network and can socialize well with people and are adaptive and flexible. That describes lots of females I know who are actually very strong in that category."
Johnson said another recruitment challenge the bank faces is "removing myths about cyber that it's all about hoodies, and green screen and coders and it's highly technical."
"There is certainly that [technical] aspect to it," he said. "But in my team, just as an example, I have media specialists, I have project managers, I have communication specialists. I have geologists, I have ex-law-enforcement. I have branch staff. I have ex-tellers. I have several data scientists, several MBAs and economists and accountants, and we use all of them in providing a cyber capability."
- IT depts struggle with skills shortages despite Big Tech layoffs
- Bosses failing to offer hybrid work lose out in recruitment
- Workday sued over its AI job screening tool, candidate claims discrimination
- IT recruiter settles claims it snubbed American workers
Speaking at the AWS Summit in Sydney on Tuesday, Johnson also revealed that infosec is "treated with the utmost importance from the board down right through the executive and it's integral to our risk management, programs and capabilities."
The CISO said he delivers a weekly update to the bank's CEO on infosec matters, and presents to the board each quarter.
"We do things like cyber simulations – not just in the technical layer, but right through the leadership ranks," he said. Those drills practice the operational and business impacts of an incident.
"That goes all the way up to the board." ®