Inclusivity in Cyber Security | An interview with Rob Black

Polly
Hi Rob, how are you?

Rob Black
I'm very well, thanks. Thanks for having me on this chat. It's great.

Polly
No problem, thanks for joining. Do you want to just start off by telling us a little bit about what you do and your role in the cybersecurity industry?

Rob Black
Yeah, of course. I guess I've got quite a unique role. I'm the director of a university student competition that encourages people to explore the benefits of a career in cybersecurity — but not solely focused on traditional deep-tech, pen-testing type roles. Instead, we broaden the definition of cybersecurity to showcase the vast range of roles available. The aim is to help people see how their existing skill sets could apply to cyber, even if they come from different disciplines or backgrounds.

That takes up a lot of my time — that's the UK Cyber Leaders Challenge. On top of that, I have a couple of other roles where I work with different communities to bring people together. I'm an advisor for KPMG’s I4, the International Information Integrity Institute. I help the team there design and create events focused on educating and encouraging CISOs and cybersecurity leaders in multinational organisations. The goal is to bring together the best learning from across the industry to help them in their roles.

I’m also an Associate Programme Director at Wilton Park, part of the Foreign Office on the south coast of England. We hold dialogues between policymakers and subject matter experts. I focus on developing discussions on topics such as responsible behaviour in cyberspace — how we encourage nation-states, private sector entities, and public organisations to act responsibly. We also explore how to manage those that may not be acting appropriately.

Finally, I’m an events host for RANT, where I help vendors build better relationships with potential clients and support CISOs and other cybersecurity leaders in understanding cutting-edge capabilities to tackle industry challenges. I wear a lot of hats, but the common thread is bringing people and communities together rather than deep-diving into one specific area.

Polly
You must be very passionate about it. I thought that list was never going to end!

Rob Black
Sorry, it is a long list. I really need to work on my elevator pitch.

Polly
No, that’s great! How did you get into that? When did your interest in cybersecurity begin?

Rob Black
Great question. A lot of us in the industry are from a generation where there wasn’t a "cybersecurity profession" when we started. It’s amazing to see how far we’ve come — with cybersecurity courses at universities and training programmes offering people a chance to build their skills and passion.

For me, it started when I worked for the Ministry of Defence (MOD) as a strategy analyst. I worked on improving how we fight wars, better understanding enemy leadership, and shaping engagement strategies. I did a variety of projects — I tracked pirates off the coast of Africa (which sounds more exciting than it was; I was actually sitting in a windowless office counting spreadsheets). I looked at roadside bombs in Afghanistan to help build better defensive capabilities. I even worked on risk assessments for the Olympics.

In 2010 or 2011, I was given an opportunity to apply MOD research on understanding and influencing people to cyberspace. Back then, cyberspace was relatively new. I spent time with operational teams exploring the relationship between technology and human behaviour. It was fascinating — getting paid to play on the internet while contributing to national security was a dream!

Around 2014 or 2015, I moved into academia, working with the British military to understand how cyberspace affects military operations. It was fascinating to see how traditional military strategies evolved with the introduction of a digital dimension. From there, I took on roles focused on bringing communities together, tackling complex problems, and finding more effective ways to approach challenges.

Polly
You’ve done so much! Have you worked with lots of different teams?

Rob Black
Yeah, I’ve been very lucky. From the start of my career at the MOD, I worked in multidisciplinary teams. I was collaborating with psychologists, statisticians, deep technical experts — bringing together the best of everyone’s strengths. That approach has stayed with me.

I’m confident I don’t have all the answers, but I believe in bringing people together to tackle complex problems. When you combine different perspectives, you can address biases, think innovatively, and approach problems more effectively. That’s what excites me — being at the cutting edge of these challenges and needing to think differently.

Polly
Do you think it’s important to have a diverse team? What strengths do different kinds of people bring to the table?

Rob Black
I don’t think diversity is just a benefit; it’s an essential need. We live in a complex age with complex threats. Most of the simple problems have been solved, or we know how to approach them. The real challenges now require blending different fields and perspectives. A single-discipline approach just doesn’t cut it anymore.

Multidisciplinary thinking has to be the default — bringing together diverse perspectives is essential for fully addressing today’s problems. Unfortunately, diversity, equity, and inclusion (DEI) programmes are currently being challenged by some individuals, which is a real shame. For me, it’s a no-brainer — diversity is a win for everyone.

Polly
Definitely, well said. What unique strengths do you think women bring to the cybersecurity industry?

Rob Black
It’s hard to pinpoint specific strengths that women bring compared to men — everyone is unique — but it would be naive to ignore the fact that women bring different perspectives. Just having that alternative viewpoint is hugely valuable.

In our competitions, I’ve noticed women-only teams often take a more strategic approach to problem-solving, whereas men, particularly in STEM, may focus more on technical solutions. Of course, I’m wary of generalising, but that strategic thinking has stood out.

Polly
That’s really interesting. Women are obviously interested in cybersecurity, but they’re still underrepresented. What do you think is the biggest barrier for women entering the industry?

Rob Black
There are a few barriers. Some are frustratingly persistent, while others may improve over time. Research shows that women are less likely to promote their capabilities or apply for jobs unless they meet almost all the criteria, whereas men are more likely to give it a shot if they meet just some of the requirements. We need to empower women to feel comfortable taking those chances.

Another challenge is where we’re looking for talent. If we only recruit from traditional STEM fields, where fewer women are enrolled, we’re missing out. In our UK Cyber Leaders Challenge, we have a 50-50 gender split — which is almost unheard of in cybersecurity. Why? Because we reach out beyond STEM — to other university clubs and societies. We show students from all disciplines that cybersecurity could be for them.

Polly
Wow.

Rob Black
Cybersecurity is more than just pen-testing or deep tech. It requires strategic thinking, policy guidance, and a broad range of skills. The more we promote the breadth of opportunities, the more we’ll see diverse talent coming through.

Polly
Absolutely.

Rob Black
UK Cyber Security Council professions and the skills and roles they're developing — you can see where there's a greater spread of opportunity for all individuals, all characters, no matter their background, gender, or the discipline they study. It's about encouraging people to see cybersecurity more broadly. I think that's one of the challenges — we've got to lift the lid on what we mean by cyber and empower people to take roles appropriate to them, regardless of gender or background.

Polly
Yeah, that's amazing. As someone who's trying to encourage people to get into the industry, what steps do you think businesses and other leaders could take to create a more inclusive environment that attracts and retains women in cyber?

Rob Black
I think there's a range of inclusive measures that can be taken, no matter the discipline. Recognising that parenting responsibilities might shape an individual's career path is critical. For example, if you choose to take time out to be a parent, re-entering the profession shouldn't leave you feeling disadvantaged. The opportunity for career transition is also important — people may want to change direction at certain stages of their life and bring transferable skills from one discipline into cybersecurity. Making the industry more open to that transfer process allows individuals to contribute at any stage of life.

Flexible working is another key step. There’s often a greater need for flexibility due to parenting responsibilities, and it's about creating a fair playing field. One thing I find really encouraging in the cyber industry is how inclusive and supportive it already is. Last week, I ran three events for the Cyber Leaders Challenge. We had a large number of volunteers from across industry and government giving up their time to judge, mentor, and support students. No questions asked — they just wanted to help.

Polly
Nice.

Rob Black
It was great to see. Giving people the opportunity to give back is something we're already doing, and we’re starting to see a breadth of initiatives aimed at empowering disadvantaged communities and women in cybersecurity. I think that can only be positive — giving people a fair footing and helping them learn about the opportunities available.

A couple of groups I'd highlight are Seidea — Stephanie and her team are doing fantastic work empowering Black and ethnic minority women to upskill in cybersecurity and transition from other disciplines. Another is the Cyber Women group, started by Sophie and Jenny. They noticed that when they were at university, there weren't many opportunities for women and underrepresented groups to learn about cybersecurity, so they set up a branch network across different universities to change that. It’s a brilliant example of taking action to empower others.

Polly
Yeah.

Rob Black
No matter their background, it's about helping people learn more about opportunities in cyber. We’re seeing a real inclusive mindset being adopted in the industry, and I think we should celebrate that. There's more we can do — the job's not done — but this is a welcoming community. I’m constantly amazed by how many people are willing to support others, offer advice, or just sit down for a chat over a cup of tea to discuss career options. I think we should pat ourselves on the back for the progress made, while also identifying where we can improve.

Polly
That's really nice to hear. It's a testament to how much women are valued in the industry — it's recognised. That feels quite rare sometimes, so it's great to hear that cybersecurity is such a welcoming field.

Rob Black
I’m very conscious that I’m saying this as a white male in cybersecurity, so my perspective could be different to others’. I fully acknowledge that. But I’ve been really impressed with the progress made by initiatives like Women in Cybersecurity in the UK and Ireland. They’ve done amazing work.

Polly
Please.

Rob Black
We’re seeing celebrated awards and recognition for individuals. It doesn’t seem as male-dominated now. I say that as a man, so I could be wrong, but I feel empowered by the number of impressive women in senior cybersecurity roles. For example, the former CISO of the Ministry of Defence (MOD) was Christine, and the new CISO is also a woman. These are just examples, but we’re seeing more role models emerge, and that's crucial. People need to see individuals they can relate to and think, "I can follow that path."

We’re not there yet — it’s not perfect — but we’ve made progress. Cybersecurity has grown from a deep technical speciality within STEM, where there’s been underrepresentation of women, but steps are being taken. We need to recognise the journey so far and keep going.

Polly
Mm-hmm.

Rob Black
It’s not as negative as it was a few years ago. We've made improvements, so let's keep pushing forward.

Polly
Yeah, it sounds like everyone is backing the same sentiment, which is amazing. Everyone's working towards the same goal. Hopefully, people will feel more empowered to go into those roles and won’t feel held back by the perception that it's a male-dominated industry.

Rob Black
Certainly. From what I saw last week, the enthusiasm, energy, and passion of the students were incredible. I couldn't see anything holding them back — even if we wanted to. We had 260 students competing last week. That’s not everyone, but they were all exploring career options. I didn’t get the impression that they felt held back or hesitant to engage.

There's more to be done, but I recognise I’m a white male and have been privileged in that sense. I still don’t know what I want to do when I grow up — I’m still looking for mentors! It’s about being as supportive as we can. The community is taking steps forward, and we should keep pushing.

Polly
Definitely. Finally, for any young women considering a career in cybersecurity, do you have any top tips or a key piece of advice?

Rob Black
I’m trying to think if my advice would be different for women compared to men. I don't think it would — and I think that’s important. My advice is to get out and do. Sign up, say yes, and find out what you do and don’t like. Network with people, learn about their work, and see what sparks your interest. If you have a plan, great — compare opportunities to your plan. If not, just take opportunities as they come.

Polly
Mm-hmm.

Rob Black
Don't worry if you don’t have a plan. Just get out there, volunteer, gain experience, build a network, and broaden your understanding. Before you know it, you’ll be making career decisions without realising it. That advice is universal.

I remember Lee Stevens from BT Group saying, "Don't just write 'I'm passionate about cybersecurity' on your CV — show it." Highlight what you've done: events you’ve helped organise, communities you’ve joined, what you’ve learned, and where you’ve focused your studies. Show evidence of your passion. It's also useful to learn what you're not passionate about, so you don’t go down the wrong path.

We all struggle with imposter syndrome. If stats show that women hesitate to apply for jobs because they don’t tick every box, that’s something we need to overcome. I feel like an imposter because I’m not a deep technical specialist, and I know people who feel the same for different reasons. Recognise those limiting self-beliefs and work on them.

Polly
Yeah.

Rob Black
The opportunities are there — take them, even if they stretch you. That’s how we grow.

Polly
That’s great advice. Thanks, Rob.

Rob Black
No worries at all.