Day 0 Event #165 From Policy to Practice: Gender, Diversity and Cybersecurity

Summary

This panel discussion focused on gender diversity and cybersecurity, addressing the underrepresentation of women in the cybersecurity workforce and the gender-specific impacts of cyber threats. Participants highlighted the need for gender mainstreaming in cybersecurity policies and capacity-building initiatives. They discussed various national and international efforts to increase women’s participation in cybersecurity, such as Canada’s feminist foreign policy and Chile’s incorporation of gender perspectives in its national cybersecurity strategy.

The panelists emphasized the importance of addressing gender-specific cyber threats, including online harassment, deep fakes, and AI-driven job displacement risks for women. They stressed the need for inclusive technology development and policy formulation that considers diverse perspectives. Capacity-building programs like ITU’s HerCybertracks and the Women in Cyber Fellowship were highlighted as effective ways to empower women in cybersecurity.

The discussion also touched on the intersection of gender with other aspects of diversity, emphasizing the need for inclusive approaches that consider factors like neurodiversity and visual impairment. Panelists called for increased funding and support for successful regional programs addressing gender imbalances in cybersecurity education and training.

The panel concluded with plans to produce a compendium of good practices for mainstreaming gender into cybersecurity efforts, emphasizing the importance of multistakeholder collaboration in addressing these challenges. Overall, the discussion underscored the critical need for gender-responsive approaches in cybersecurity to ensure a more inclusive and secure digital future.

Keypoints

Major discussion points:

– The underrepresentation of women in the global cybersecurity workforce (only about 25%)

– The need to address gender-specific cyber threats and harms

– The importance of gender mainstreaming in cybersecurity policies and capacity building programs

– The role of emerging technologies like AI in exacerbating gender-based online threats

– Strategies for increasing women’s participation in cybersecurity, including targeted training programs

Overall purpose:

The goal of this discussion was to explore ways to increase gender diversity in cybersecurity and address gender-specific cyber threats. The panel aimed to gather insights and recommendations to inform future policy and capacity building efforts.

Tone:

The tone was largely constructive and solution-oriented. Panelists spoke candidly about challenges but focused on sharing positive initiatives and proposing ways to make progress. There was a sense of urgency about addressing these issues, but also optimism about potential solutions. The tone remained consistent throughout, with panelists building on each other’s points collaboratively.

Speakers

– Shimona Mohan: Moderator, from UN Institute for Disarmament Research

– Aaryn Yunwei Zhou: Deputy Director of the International Cyber and Emerging Technology Policy Division at Global Affairs Canada

– Yasmine Idrissi Azzouzi: Cybersecurity Program Officer at the International Telecommunication Union in Geneva

– Hoda Al Khzaimi: Director of the Center for Cybersecurity at New York University Abu Dhabi, Founder and Director of the Emerging Advanced Research Acceleration for Technologies, Security, and Cryptology Research Lab and Center

– Catalina Vera Toro: Alternative Representative, Permanent Mission of Chile in the Organization of American States

– Luanda Domi: General Streaming and Cyber Skills Development Manager, Global Forum on Cyber Expertise

Additional speakers:

– Pavel Mraz: Cybersecurity Researcher at UNIDIR

– Jocelyn Meliza: MUG member and co-facilitator for the BPF on cyber security

– Paula: Audience member, cybersecurity policy advisor

– Kosi: Audience member, student from Benin, chair of NGO called Women Be Free

Gender Diversity and Cybersecurity: Addressing Challenges and Opportunities

This panel discussion, moderated by Shimona Mohan from the UN Institute for Disarmament Research (UNIDIR), brought together experts from various organisations to explore the critical issue of gender diversity in cybersecurity. The conversation centred on the underrepresentation of women in the cybersecurity workforce, gender-specific cyber threats, and strategies to promote inclusivity and equality in the field.

Underrepresentation and Policy Initiatives

The discussion began by highlighting the stark gender imbalance in the global cybersecurity workforce, with women representing only about 25% of professionals in the field. Panellists agreed on the urgent need to increase this representation and shared various national and international efforts to address the issue.

Aaryn Yunwei Zhou, from Global Affairs Canada, emphasised the importance of gender-responsive policies, citing Canada’s feminist foreign policy and the use of Gender-Based Analysis Assessments for all policies. Zhou also mentioned Canada’s involvement in the Global Partnership for Action on Gender-Based Online Harassment and Abuse, demonstrating a commitment to addressing gender-specific cyber threats at an international level.

Catalina Vera Toro from Chile’s Permanent Mission to the Organization of American States highlighted her country’s gender-responsive national cybersecurity policy, which aims to increase women’s participation in cybersecurity to 35% by 2030. Toro also discussed Chile’s feminist foreign policy and its focus on promoting gender equality in international forums, including the Open-Ended Working Group on cyber issues.

Gender-Specific Cyber Threats

The panel delved into the unique challenges women face in the digital sphere, emphasising the need to address gender-specific cyber threats. Aaryn Yunwei Zhou pointed out the disproportionate impact of internet shutdowns on women, while Hoda Al Khzaimi, from New York University Abu Dhabi, presented alarming statistics on deepfake content, revealing that 96% of all deep content online is non-consensual sexual content targeting women. Al Khzaimi noted, “These attacks often aim to silence journalists, politicians, and activists,” highlighting the broader societal implications of these threats.

The discussion also touched on the potential exacerbation of gender disparities due to emerging technologies. Luanda Domi, from the Global Forum on Cyber Expertise, shared a concerning statistic: “3.7% of women’s jobs globally are now at risk of being replaced by AI compared to 1.4% of men’s jobs.” This underscored the importance of training women for AI-driven roles and considering the gendered impact of technological advancements.

Capacity Building and Education Initiatives

A significant portion of the discussion focused on strategies to increase women’s participation in cybersecurity through targeted training programmes and capacity-building initiatives. Yasmine Idrissi Azzouzi from the International Telecommunication Union (ITU) in Geneva highlighted the organisation’s Women in Cyber Mentorship Program, which has transitioned into the HerCyberTracks programme. This initiative aims to empower women in the public sector through a holistic approach combining training, mentorship, role modeling, community building, and real-world exposure.

Aaryn Yunwei Zhou mentioned Canada’s Women in Cyber Fellowship for diplomats, demonstrating the importance of specialised programmes targeting specific sectors. Hoda Al Khzaimi stressed the need for deeper technical education beyond surface-level awareness, while Luanda Domi highlighted the importance of tailoring programmes to address specific needs, including neurodiversity.

The panellists agreed on the necessity of comprehensive and tailored capacity-building programmes to address the diverse needs of women and other underrepresented groups in cybersecurity. They also emphasised the importance of localisation and sustainability in these programmes, ensuring that they are adapted to regional contexts and can continue to have long-term impact.

Challenges and Future Directions

The discussion touched on broader challenges in promoting gender diversity in cybersecurity. Luanda Domi pointed out that only 0.05% of development budgets target gender initiatives, highlighting the need for increased funding and support for successful regional programmes. Domi also mentioned the Cyber Safe Foundation’s program in Africa as an example of effective regional initiatives addressing gender imbalances in cybersecurity education and training.

Catalina Vera Toro discussed the ethical considerations and challenges associated with emerging technologies, emphasising the need for responsible development and deployment of AI and other advanced systems.

The panel addressed the digital gender divide in Africa, recognising the unique challenges faced by women in the region and the importance of tailored solutions. Audience members also raised the need for multilingual training programs and a centralised platform listing available fellowships and programs for cybersecurity capacity building.

Conclusion

The discussion highlighted the critical need for gender-responsive approaches in cybersecurity to ensure a more inclusive and secure digital future. While there was a high level of consensus among speakers on the importance of addressing gender disparities in cybersecurity, the conversation also revealed the complexity of the issue and the need for multifaceted solutions.

The panel emphasised the importance of gender mainstreaming in cybersecurity policies, the development of targeted capacity-building programmes, and the need to address gender-specific cyber threats. The discussion also highlighted the potential of emerging technologies like AI to exacerbate gender-based online threats, emphasising the need for proactive measures to ensure that technological advancements benefit all genders equally.

As the field of cybersecurity continues to evolve, the insights and recommendations from this panel provide valuable guidance for policymakers, educators, and industry leaders working towards a more diverse and inclusive cybersecurity workforce. The panel concluded with plans to produce a compendium of good practices for mainstreaming gender into cybersecurity efforts, as mentioned by Pavel Mraz from UNIDIR, underscoring the importance of sharing knowledge and successful strategies across different regions and organisations.

Shimona Mohan: Kalina on the screen. I hope you can hear us. So we don’t hear you yet, but if you hear me, please give me a thumbs up, or a nod, or something. OK, perfect. You can hear me. Fantastic. So the reason why I can’t hear you is because I don’t have my earpiece on yet. So I should be able to hear you in a couple of minutes as well. OK. OK. OK. So I hope that’s all good to go. And I hope our colleagues in the room can hear me loud and clear. Fantastic. So thank you all for joining us, and for those of us who are joining us online as well, very nice to have you with us to discuss something that we’ve heard a lot about this year, which is gender diversity and cybersecurity. We know that world over, there’s only about 25% of women in the cybersecurity workforce. So this is a very important conversation for us to have. And I’m very, very glad that us, as the United Nations Institute for Disarmament Research, along with the organizations that have collaborated on this event with us, which is the International Telecommunication Union, the Global Affairs Canada, and the Stimson Center, join us to convene this conversation and further the discussions around gender diversity and cybersecurity. So just to give you a little bit of a brief about today’s session, we know that there is a growing acknowledgment of the gender dimension of cyber threats, as well as the persistent digital gender divide, with women representing only maybe about 25% of the global cybersecurity workforce. However, specific gender-differentiated impacts of cyber threats and strategies have continued to increase when it comes to the global cyberspace at the current moment. And this kind of hinders the multi-stakeholder efforts to enhance cyber resilience and promote inclusive international peace and security in governance models. So today, with our fantastic panel, which is drawn from all kinds of diversities around geographies, around stakeholders, and around substantive expertises, we’ll discuss a little bit more about how to make sure that these gender-specific harms and threats are countered in an effective manner, both through substantive measures as well as through governance measures. So joining us today, just to give you a brief introduction, is, firstly, Ms. Aaron Yunwei Zhu, who is the Deputy Director of the International Cyber and Emerging Technology Policy Division at the Global Affairs Canada. We also have Professor Hoda Alkhazaimi, who is joining us online for now, and hopefully also in person, is the Director of the Center for Cybersecurity, New York University Abu Dhabi, and also the Founder and Director of the Emerging Advanced Research Acceleration for Technologies, Security, and Cryptology Research Lab and Center. We also have Ms. Yasmin Itrissi-Izouzi, who is the Cybersecurity Program Officer at the International Telecommunication Union in Geneva. We’ll also have Ms. Lulu Dugumi, who is the General Streaming and Cyber Skills Development Manager, Global Forum on Cyber Expertise. And we also have online with us Ms. Catalina Peratoro, who is the Alternative Representative, Permanent Mission of Chile in the Organization of American States. Myself, I am Shimona Mohan from the UN Institute for Disarmament Research. And joining us online is also my colleague, Mr. Pavel Mraz, who is a Cybersecurity Researcher, also at UNIDIR. So a couple of housekeeping announcements. I’ll ask our fantastic panelists to give us a little bit of a brief about the questions that I would like to ask you about the issue of cybersecurity and cybersecurity. We’ll have a round of introductions for about five to six minutes each, and then we’ll open up the floor for discussions. So please come prepared with your questions after you hear from our panelists. I would like to also flag that this discussion is part of an ongoing process of collecting recommendations for a compendium of good practices around gender and cybersecurity, mainstreaming gender and cybersecurity, that we as UNIDIR are undertaking with the help and collaboration and contribution of our partner organizations who are also on this panel. So with that, I think we’ll start off with the interventions for the day. And I will first invite, perhaps, since we have in the room, Aaron to kind of give us a little bit of a brief around how can governments tackle gendered cyber threats and attacks, and what kind of policy imperatives are required, and how can a government sort of mainstream these gender considerations in their cyber and digital policy?

Aaryn Yunwei Zhou: Thank you so much for inviting me to this panel. I’m pleased to be here. So for Canada, our approach is to mainstream gender considerations in all aspects of our work, specifically with threats and attacks. We take gender into consideration for both assessments of the threats and our responses to them. I’m sure this audience knows there’s a gender dimension to every aspect of cybersecurity, so not taking gender into consideration actually makes our responses far less effective. So a couple of examples I just wanted to share include internet shutdowns, specifically in Iran. For example, women tended to use Instagram much more, and the internet shutdown had a much more disproportionate effect on their both social and economic participation. And we need to get rid of this arbitrary divide between online and offline, as offline violence is often preceded by online violence. So this is not only the right thing to do, but again, will make our responses more effective. In terms of policy imperatives in Canada, all of our policy initiatives and programs have to go through what is called the Gender-Based Analysis Assessment, GBA+. This isn’t only about how policies affect women, but also how policies affect men and other gender-diverse people. And it’s not only about gender, it also takes into account race, class, ethnicity, cultural background, to really understand how specific policy responses affect people in all their diversity, and to make sure that the programs that we’re designing are fit for purpose. Yeah, and I’ll stop there.

Shimona Mohan: Perfect, thank you so much. I’m also wondering, since you’re here as a representative of Canada, and we know that Canada has a feminist foreign policy with a specific Women, Peace and Security Agenda National Action Plan, that also has several mentions of online harassment and abuse against women and people of diverse gender identities. How have these helped in the prioritization of the inclusion of tech considerations when it comes to gendered harms?

Aaryn Yunwei Zhou: So I think the thing that we do that’s top of mind for us is to create a taboo against online gender-based violence and harassment. So Canada was one of the founding members of the Global Partnership for Action on Gender-Based Online Harassment and Abuse. It’s grown to about 15 countries to form a community of like-minded countries that are building norms against online gender-based harassment and violence at a time when this is increasingly controversial, unfortunately. And what this has meant is we have a community of practice amongst different governments that can share experiences and learnings on how to do this both domestically and in multilateral contexts, notably around the Commission on the Status of Women every year. And another important thing that we do is sponsor the Women in Cyber Fellowship. Because of this program, we’ve been able to train over 50 women diplomats from around the world. Not only has this meant more diverse voices around the table at the Open End Working Group, it’s the first time that any first committee process has reached gender parity at the UN, and it also creates a community for women diplomats, and they can turn to each other and share learning and support each other to bring more diverse voices to those processes.

Shimona Mohan: Fantastic. Thank you so much. In fact, the Women in Cyber Fellowship has been a beacon of hope for all of us. And on the basis of the Women in Cyber Fellowship, we’ve also kind of, at Unity, established something called… the Women in AI Fellowship to replicate the same kind of success in AI-related conversations for women diplomats as well. Speaking of the OEWG, if I may turn to Yasmeen now, I think the OEWG on cyber has often also focused on reducing the gender digital divide to ensure that women get access and equal opportunities in the online space. And this is also, I know, something that ITU has worked on extensively. So how are we currently facing and sort of faring with the divide? And how do you think this gap can be sort of closed?

Yasmine Idrissi Azzouzi: Thank you for that, Shimona. So indeed, the ITU for more than 20 years now, we’ve been very active in closing the digital gender divide in particular by equipping women with digital skills. So the most sort of flagship initiatives when it comes to that are Equals, which is a global partnership, and also Girls in ICTs, which is very much focused on inspiring younger women to pursue careers in technology. In the specific context of cybersecurity, we are mandated by a specific resolution to promote the growth and development of a skilled and diverse cybersecurity workforce, and in particular, to address the skills shortage by including more women and promoting their employment. So based on that, in 2021, we first launched the Women in Cyber Mentorship Program, which is different from the Fellowship Program in three regions, so Arab region, Asia, and Asia, sorry, Asia-Pacific, and Africa. And one of the cornerstones of this program was really the soft skills development, the mentorship aspect. And as we were running it for three, four years, we received some feedback from participants that when they often participate in Women in Cyber-related programs or Women in Tech-related programs, there’s a strong focus on soft skills and a strong focus on developing leadership and whatnot. And they wanted to go a little bit beyond that and really focus on the technical skills and the hard skills in parallel to this. So then we decided to take this experience and we launched HerCybertrucks, which is a highly specialized and tailored training. So this program puts into practice what I believe to be a holistic approach to capacity building, and why holistic? Basically, to me, I think that capacity building is not just about training. Training is, of course, very important, but it’s also focusing on other elements. One, promotion of role models. So definitely elevating individuals that are from underrepresented communities as successful women in cybersecurity, shedding the light on their successes, and showcase that basically it is possible to have somebody that looks like me be able to be in a leadership position in cybersecurity. Second is community building. So facilitating peer exchange, support networks is definitely key to help individuals navigate challenges when it comes to being a woman in cybersecurity in a male-dominated field. Third is exposure to the reality of the field. So we do so through offering study visits to certs of other countries, for example, where women can see how things are being done and learn on the job, basically job placements. And this basically shows career pathways and provides also practical advice on the reality of the field. And then, last but not least, of course, mentorship is still very key. So we connect aspiring professionals with mentors from a bit all over the world and basically guides them through career pathways that have to do with their professional life, but also their personal life, because, of course, we are, let’s say, multifaceted beings as well. So with HerCybertracks, we’ve tailored curricula to be specifically for women in the public sector. And these are across three tracks, three cybertracks. One is policy and diplomacy, the second is incident response, and the third is criminal justice or cybercrime. And basically, we have decided to go, let’s say, beyond traditional training, incorporate study visits, incorporate networking opportunities, incorporate mentorship, and also focusing very much on inter-regional exchange. So our cohorts have participants from Africa, from Eastern Europe in particular, very different contexts, where actually people were surprised to be facing similar challenges, even if the context is quite different. So to sum up, basically, in order to really close the gender-digital divide and really promote what we call the equal, full, and meaningful representation of women in cybersecurity, not just as a checkbox being checked, but really meaningful and skilled representation, we must adopt a holistic approach such as this when it comes to capacity building, combining training, combining mentorship, combining role modeling, community building, and real-world exposure. Thank you.

Shimona Mohan: Perfect. Thanks so much, Yasmin. And this sounds like a fantastic sort of program for women of all walks of life to sort of join and make sure that they can contribute and learn a lot. And I took notes when you were talking, and I really like the fact that you focused on all the different ways of engaging them as tracks, and then sort of making sure that all of those tracks are coming together as one holistic program to make sure that they’re learning as much as they can. But I think going forward from here, I would also love to talk a little bit more about the tech side of things. How are we seeing these harms come up? Because we’ve heard a lot about these harms and how they have specific impacts or adverse effects on women and other gender-diverse individuals. But we’re lucky to have Professor Hoda on the call with us. So I will make use of her expertise and perhaps also ask her, what kind of gendered threats do you see sort of existing in the cyberspace? And who do you think these affect the most? And if you could give us some examples, that would be fantastic. I don’t see them on the chat, sorry, on the call, but I hope you can hear me.

Hoda Al Khzaimi: Can you hear me?

Shimona Mohan: Yes, I hear you, I hear you, I hear you, I hear you.

Hoda Al Khzaimi: Perfect. Thank you, Shomona, for inviting me to this important discussion. I think gendered cybersecurity threats are becoming increasingly urgent, especially as emerging technologies such as AI, deep fakes, and quantum computing to shape the digital landscape and today’s reality. Today, we’ll address two key areas, which are the example of these gender-specific threats, including those like threats that can be interpolated by emerging technologies and strategies for designing next generation solutions to mitigate these harms. The problem on the space for us is how do we define harm? When it comes to gender and women and vulnerable groups, harm is being defined on a magnified aspect, including intangible harm that comes with reputational risk. We have seen technologies as in deep fakes, for example, technology, which is one of the significant emerging threats, particularly for women, where it has been found by DeepTrace in 2019 that 96% of all deep content online is non-consensual sexual content pertaining to target women. These attacks often aim to silence journalists, politicians, and activists, which is an example that we’ve seen recently within the Indian media for one of the Indian journalists who has been targeted with a deep fake video designed to discredit her work and incite harassment. Emerging technologies as well, like AI-based content verification tools that is being developed, for example, by Microsoft, where I’m talking about a video authenticator and blockchain initiatives, like the one that Adobe has been developing on Adobe Content Authenticity Initiative, are promising solutions for those kind of deep fake aspects, as well as other advanced machine learning and cryptographic signature schemes that aims to identify the origins of the contents and flag manipulated media online. We really need to encourage platforms to start authenticating every type of messaging that’s being created online, and also flagging non, I would say, integral or non-authentic material that is being exchanged. When we talk as well about the biometric expectations and AI biases within, for example, facial recognition, we know very well that facial recognition systems often exhibit systematic bias against gender in general, but women in particular of color, they have much more kind of weakness for. A study that has been generated in 2018 showed that the error rate for those system is up to 34.7% for darker-skinned women in comparison for less than 1% for lighter-skinned men. Those biases can lead to wrongful surveillance and enforcement action, which often targets marginalized groups. So emerging technologies, such as federated learning, for example, and privacy-preserving AI models can reduce biases by ensuring diverse decentralized data training is being deployed. Additionally, initiatives by the ITU and UNESCO are pushing for global standards and ethical AI development, for example, emphasizing inclusivity is a must, and it should be. be considered in the design premise of those kind of technology. I’m talking about the cyber harassment and as well IOT devices. We have emerging technologies within the Internet of Things, for example, which introduce new vulnerabilities. Smart home devices and wearables can be exploited through stalking and harassment. There has been multiple incidents in the United States where female, loner females who have been subjected to being tracked by tracker devices and being subjected to targeted attack when they are in a specific area, affecting women not just in abusive relationships, but affecting women in general. According to the UNESCO, such misuse has already impacted 10% of women in developed nations. Security by design principles are a must for us when we are developing and designing the next generation solutions, not just in cybersecurity, but in general and the technology platforms.

Shimona Mohan: Thank you so much, Professor. I would also like to sort of, because you mentioned so many threats and especially the ones exacerbated by AI now, from more of a technical perspective, I would really love to understand what kind of measures can be taken, both proactive and reactive.

Hoda Al Khzaimi: I’m sorry, I can’t hear you, Shimona.

Shimona Mohan: Oh, sorry. Are you able to hear me now? So our technical colleagues in the room, if you could please ensure that Professor can hear us, that would be great. I understand we did a little bit of a technical thing to counter the glitch that was occurring in terms of the audio. So maybe in the meanwhile, until we’re resolving this glitch, and then I’ll come back to you, Professor. I assume you can’t hear me, so I’ll come back to you either way. But I actually wanted to ask the Professor first if we could have an overview of the kind of technical solutions that are possible to employ, both proactive and reactive. But I’ll save that question for when Professor Hoda can hear us. And in the meanwhile, because Yasmin spoke a lot about capacity building, I’d like to come back to her. Shimona, if you can hear us, we can’t hear you. Oh, not at all? Okay. I see. So maybe, could we unmute? We can’t hear you. Maybe you are on mute. Yes. Can you hear me now? Yes. I guess too much. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Okay. Could you confirm if you’re able to hear me, with maybe like a thumbs up? No, you can’t?

Luanda Domi: Unmute the microphone.

Shimona Mohan: We see it as mute online, the room microphone. Could we unmute the room, please? Okay. Can you hear me now? Yes. Yes. Okay, perfect. Thank you. So, perfect. Okay. So, there’s always a saying in tech panels, that there’s no tech panels without tech issues. So, we’re living up to that. But, professor, if you can hear me, I would like to come back to you on a follow-up question that I had. Thank you for giving us a background, and especially the exacerbated threats by AI. From a technical perspective, I’d really like to understand what kind of measures we can take, both proactive and reactive, to sort of lessen these harms, and who should employ these measures. So, if you could speak a little bit to that, that would be fantastic. Okay. So, not sure if… No. Okay. Could we unmute, please? Okay. I’m sorry to ask this again, but can you hear me? So, professor Hoda, I’m not sure if you can hear me.

Luanda Domi: I think because she’s on the move, maybe she’s having challenges. Okay. Shimona, you can get back to her later.

Shimona Mohan: Sure. Okay. Sounds good. So, we’ll go back to my previous arrangement of questions, then. Okay. So I just wanted to get a sense of solutions that we can employ to make sure that we don’t counter these gender-specific harms against women and people of diverse gender identities. And after more of a technical perspective, I wanted to come back to Yasmin and ask, since we want to effectively combat these gendered threats and harm, I know that a variety of internet governance communities perhaps need to be cognizant of these threats and then be well-trained to respond to them. And you spoke a little bit about this in your intervention about HerCybertracks, which ITU is doing. I’d like to also understand, how do capacity-building interventions, such as HerCybertracks or, as Aaron mentioned, the Women in Cyber Fellowship, help in this effort?

Yasmine Idrissi Azzouzi: Thanks for that, Shimona. I hope there won’t be any sound effects that are unexpected. But I think that including them in the workforce, including more women in the workforce, would be key. Because, of course, as we know, in the cybersecurity field, there’s still this persistent challenge. There are issues beyond just recruitment, but also retention and meaningful representation of women in cybersecurity. And since women are disproportionately affected by online risks, this can have one or two effects. It can either encourage them to go into the field to be able to face these risks or discourage them, on the other hand. But even more so, the programs that we work with are with women in public sector. So women that are often politicians, diplomats, women in the public eye, which, of course, makes them the higher target for gender harms online, harassment, doxing, and whatnot. So through the holistic capacity-building approach that we use for HerCybertracks that I mentioned earlier, we also run these peer exchange platforms or sessions on the challenges of being a woman in cybersecurity. These are intergenerational and interregional. And now participants affectionately call them group therapy, because they’ve actually been platforms for them to share experiences and difficulty in overcoming obstacles in the workplace and overcoming obstacles in the workforce at large. Tears have been shed and hugs have been given at these kinds of things, even though these are very different contexts, again, from a cybersecurity and maybe socioeconomic perspective as well. So many of our participants, the reason why I’m telling you this story is that the key sort of conclusion that comes from these exchange sessions is the power of communities. And women are often left out of formal processes. So what happens at these formal processes, these boys clubs oftentimes, they have found strength in actually creating informal communities parallel to the formal ones. And programs like HerCybertracks and others have actually have the ability to help create these communities. So now past participants stay in contact, they share with each other, they ask questions, they learn from common experiences, and basically this ensures that today’s informal communities of women in cyber that are in government, in incident response, or in cybercrime, tomorrow become the formal networks of the women that are in leadership, which this can ultimately result in really real confidence-building measures and interregional cooperation. So all in all, being able to respond to these threats I think is not just simply a question of having well-trained people, but also about creating environments where diverse perspectives are encouraged, respected, are heard, and leveraged to ideally create these communities of support. Thank you.

Shimona Mohan: Fantastic. Thank you so much. It’s very eye-opening to get an insight into how all of this plays out from start to finish. And I think with this, I would also like to understand how this happens perhaps on more of a national level. So we’re glad to have with us Catalina on the screen, and I hope, Catalina, you can hear me just checking because of the tech PTSD. But I wanted to get a sense of how Chile, which is actually one of the few countries to have a specific focus on gender in its national cybersecurity policy. How does this kind of focus in the cybersecurity policy help both substantively, say, in terms of gendered harms, and also participatorily, in terms of the ratio of women cyber professionals in the country? So over to you, Catalina.

Catalina Vera Toro: Thank you, Shamana. Hopefully, you can hear me as well without an echo. Yes, all good. So first of all, thank you. And I want to say hi to my distinguished fellow panelists and also to the audience and express my appreciation for the opportunity to share a national experience on this important issue. As you mentioned, Chile has integrated a gender perspective on its national cybersecurity policy. So I will go very briefly on how such focus helps substantively the meaningful participation of women and gender diversity, and how there is broader implications also beyond in international cybersecurity discussions and governance. So back in 2023, I want to mention, we became the first South American country to have a feminist foreign policy. That means we joined Canada, the Netherlands, Mexico, and the like that were leading the way on this. And thus, at our core, Chile has advanced on its commitments on human rights and equality. But through this vision of feminist foreign policy, we want to achieve, through policy, a more inclusive country and a more egalitarian society, you could say. So particularly in regards of gender perspectives on cyber policy, there are very few countries, as you mentioned, that have this in their national strategies. For instance, in Latin America and the Caribbean, 14 include some reference to human rights, but only four incorporate gender perspective. That would be Argentina, Colombia, Ecuador, and us. However, Chile has updated its cyber policy, cybersecurity policy in 2024 from its 2017 policy that already had gender as a reference. But now we had incorporated as a gender responsive approach by mainly establishing the obligation of the state to protect and promote the protection of the rights of the people on the internet through strengthening of the existing institutions in cybersecurity matters by capacity building and updating legal frameworks and by gender mainstreaming. All these initiatives must preferentially consider women, both in terms of their protection and inclusion and positive action aimed at correcting the inequalities that continue to exist in our society, as my previous panelists covered very well, and also mainstreaming protection of children and youth, the elderly, and also the environment. And such focus achieved two major objectives, you could say, first, addressing gender-specific harms in cyberspace, but also promoting the inclusion of women in cybersecurity workforce. How we address harms? Well, basically, we ensure that these risks are not only acknowledged, but systematically addressed by incorporating specific measures for gender-sensitive threat analysis and response mechanisms. That means we have updated our policies, are also in the works to broadening policies and laws that mitigate gender-online harms by developing tailored strategies for protection and victim support, empower affected groups to report incidents without fear or stigma, build safer, more inclusive online environments where everybody can engage freely, and through that, measures that are not only ethical imperatives, you could say, they can also contribute directly to more robust, inclusive cybersecurity systems that protect all citizens. When it comes to participation and encouraging women to go into cybersecurity, as it was previously stated, women represent around 20%, 24% of the global cybersecurity workforce. So policies that prioritize gender inclusivity have a transformative potential, and so we have created initiatives such as scholarships, mentorship programs, and leadership opportunities for women in cybersecurity. Through our national cybersecurity ecosystem that we’re building, next year we will have a cybersecurity agency that will cover nationwide and will collaborate with the MFA for cybersecurity as a whole. We’re also paving the way for more equitable talent pipelines. This inclusivity not only improves the ratio of women and cyber professionals, but also enhance cybersecurity outcomes. And I want to mention something more. Nowadays, we are all talking about technology and how we have to get our people, our workforce, ready for that. When it comes to cybersecurity, it’s very interesting because it’s a very broad ecosystem, you could say, of professionals, like, for instance, cyber diplomats, cyber politicians, not only cyber tech people. So then we need the data, actually. How many people are getting into cybersecurity nowadays, not only in the technical field, but also in those broader aspects? And also, cybersecurity is expanding its scope. Therefore, we need more professionals. And on this, Chile is trying not only to get young women into cybersecurity, like to go in early stages into STEMs and so on, but also to help women later in their careers to reconvert into cybersecurity through, like, customized programs, you could say, that are targeted for a specific need, like women that have already been 10 years in the workforce and want to reconvert into cyber field with short programs, short programs with certification, and also to help them leverage their experience to get into the cyber field, because most of the times, the biggest, like, block, you could say, for this is that they don’t have cyber-specific experience. And there is where the government can come in and help incentivize companies to bring in this women workforce that are being reconverted into this field. And for that, we have implemented, well, not only for cybersecurity, but for women in STEM and beyond, the IWALA certification, you could say, that promotes, you know, through government incentives, parity in the workforce in public sector, but also in private sector, so that they can also venture into this new, you know, cybersecurity opportunities that are at hand and make the most out of it. So I’ll leave it at that. Thank you.

Shimona Mohan: Thank you so much for… So much for… Could we unmute, please? Yes. Thank you so much for giving us that snapshot, Catalina. I also know that Chile has often mentioned, and you talked about this in your intervention just now as well, about promoting a sort of gendered approach to cybersecurity and gender-sensitive cyber capacity building at the policy level. I’m really interested in figuring out how does that prioritization help contribute effectively to also your international discussions around cybersecurity? And I know Chile is also very active in the Organization of American States, so perhaps there’s a regional mainstreaming aspect to this as well. So if you could speak a little bit, that would be fantastic.

Catalina Vera Toro: Yeah, sure. Thank you for that question. Well, we are firm believers that in multilateralism, you could say, and in regards of cyberspace, I think there is… a great opportunity at hand to do it more broadly and inclusively, you could say. So Chile has been a big promoter, along with Canada and like-minded countries, on including reference on human rights and also the need of gender perspective when it comes to the internet, but also to cybersecurity, because harms are differently felt for vulnerable groups, and those need to be represented in those discussions. And therefore, I must say, I’m also a women’s cyber fellow, so I’m living testament on how that fellowship can help, you know, women come into leadership roles. Now I’m the head of delegation to the Open Networking Group for Chile, but also to have that sort of network where you can work with women and bring those concepts into the room and also to negotiate in languages. So when it comes to, like, for instance, the Open Networking Group, we have consensus language on the annual progress reports that incorporate gender perspective. I think this is a good way forward and how we build like a universal, you could say, framework, whether it’s voluntarily or eventually legally binding, that incorporates a human-centric approach, but also a gender. responsive approach. It’s the best way forward and it’s an opportunity that we have nowadays that we need to take very practically. When it comes to the Organization of American States, yes, we do have a great program through CICTE on our security pillar at the OAS that basically is focused on recommendations for strengthening gender and cybersecurity through the regional organization, you could say, and they do this by first institutionalizing gender in national cyber strategies, so member states are encouraged to follow OAS guidance to formally integrate gender perspectives into the national cybersecurity policies and action plans. They also, through the organization, promote gender sensitivity capacity building, so they have programs that expand training programs specifically targeted to women, particularly in underserved and marginalized communities, to close that gender gap in cybersecurity expertise. There is also an enhanced regional collaboration, whether that’s through the search of the Americas, but also other programs where we foster partnerships among OAS member states to share resources, best practices, experiences in gender sensitivity cybersecurity initiatives. For that, for instance, we have 11 confidence building measures and one of those is specifically on gender in the region. We also have programs that combat online gender-based violence. We developed a regional framework to try to address online harassment, exploitation, and abuse, ensuring coordinated responses to the cross-border issues, and also there are programs that are targeted to increase representation of women by creating affirmative policies to ensure women occupy leadership roles and technical roles in cybersecurity at the national and regional level. So there is a lot of work that we have done regionally as well, and we are trying to collaboratively try to promote the incorporation of human-centric and gender perspectives also in negotiations. So this is not only something that Chile is doing, but many countries in the region are also promoting the inclusion of these references, because having consensus language can also be a way to build through other negotiations and other specific topics, like for instance the UN Cybercrime Convention, to incorporate human right language and also like the Convention on the Rights of the Child and also gender perspective or gender-based violence concepts as we build a safer cyberspace for all. Thank you.

Shimona Mohan: Thank you so much, Catalina. That was a very good snapshot of how we’re seeing it play out, not just in Chile but in Latin America, and then moving beyond that, zooming out and internationally as well. And speaking of gender mainstreaming, we’re also lucky to have Luanda on the panel with us, who sort of does this as her entire job. So I was wondering if Luanda, you could also kindly help us draw a clearer picture of how this can be achieved in the area of cyber capacity building, and what does gender mainstreaming look like in practice? What kind of elements, for example, are particularly important for policy audiences to consider? And here I’m thinking more along the lines of perhaps DEIA principles or perhaps intersectionality that might also be of interest for policy professionals to consider. But over to you, Luanda. Thank

Luanda Domi: you, Siobhana, and thanks for the invite. I actually think that my fellow colleagues did the job for me by actually giving some really good examples of what they’re doing on their current work on how gender can be mainstream in national policies like Chile, or through mentorship programs like ITU, and then Canada example for WIC fellowship and reaching gender parity in an open-ended working group, which we’re also as GFC very, very thrilled to facilitate that fellowship. If I can put it in more just steps to understand what it is about cybersecurity in terms of when we talk about gender mainstreaming, that we need to understand that it’s not just a technical issue, it is also a social issue, which means that gender significantly influences individuals’ or users’ experience and the perception of cybersecurity. We heard from Dr. Hoda a specific example of what are some gender-specific threats towards, for example, women or marginalized groups that might significantly change the experience of either participating into public discourse, or even taking jobs, or even removing themselves completely from online forums. So when we talk about gender mainstreaming, it’s important to talk about that it has to happen in two streams, policies and technologies that govern our digital world. And I think this is now so many examples we have with AI, you know, like that we have to kind of see that these technologies really do not take on biases that are in our real world. When we talk about foundation of gender mainstreaming, it’s very, very important that it’s systematically integrated in every step of capacity building. That’s the only way that it could be successful. And how is that in terms of designing, implementation, but also evaluation? So these are the three key things. For example, we all know that right now in the cybersecurity workforce, and it was mentioned today, the percentage of women in cybersecurity professions is quite low globally, but I think also regionally it differs. So our intention, we need to be intentional about very gender-specific goals that we want to reach, like in Chile’s case, for example, aiming that to increase a woman’s employment in cybersecurity role to 35% by 2030. This gives us clear policy, clear steps how to implement it, but also to evaluate it later on whether we actually succeeded in reaching that goal or not. Then when we talk about in terms of capacity building, one way or another, it was mentioned here today, we have to see what are systematic barriers beyond women leadership that are currently in cybersecurity and want to upskill, but what are systematic barriers to women’s participation in educational or training that are available for capacity building in cybersecurity? And this is where we talk about why it’s important to develop capacity programs intentionally that address gender-specific needs and how to teach professionals on how to counter online harassment and gender disinformation. What type of common tactics are used to silence women and marginalized voices online? And then address social engineering attacks, which we heard about today, that clearly disproportionately target women. And then I believe Yasmin mentioned more women in politics or leadership positions, which they are more visible to the public. So I think this is something that it’s quite practical to do and quite easy to do. However, I did want to mention why are we here, where we are today. And I recently came out to, came across to a UN Women report that was just launched and it says that only 0.05% of development budgets are targeted to gender initiatives. This is simply too low for us to be able to carry successful policies, policy implementation and programming for addressing gender and gender parity in a global level.

Shimona Mohan: Yes, thank you. Thank you so much, Luanda. I think that’s a very good sort of spotlight on the report also that you gave for the UN Women report and the very worrying statistic of 0.05%. It’s truly, truly terrible. But I have another question for you, but before I turn to you, maybe I can come back to Professor Hoda who has joined us in the room. And this is actually taking a thread from what Luanda said about how it’s important to have both tech and policy perspectives around this so that we can push for meaningful change. Professor Hoda, you earlier spoke about the kind of threats that we have which are gendered in nature. I’d now like to sort of flip the coin and ask what kind of measures can we take from a technical perspective, both proactive or reactive, that can sort of lessen these harms? And who should perhaps take these measures? Over to you.

Hoda Al Khzaimi: Thank you so much. I think it’s a multifaceted approach. We need to definitely tackle the technological barrier because we’re trying to address the fact that women are targeting on digital platforms. And I think for that kind of measure, we need to change the way we develop the technology. At the moment, technology is being predominantly developed for technicality and functional technicalities, rather than to just take in the consideration of having different groups that are being profiled on the platform for different type of reasons and trying to diffuse harm or eliminate harm of the platform. It’s not easy. We have been working with ITU on multiple kind of global initiatives for children protection, for women protection. Yeah. Yes. We’ve been working on a multiple level with the different platform makers, so I’m talking about Meta and other kind of platform makers as well, to build technological kind of solutions and functionalities within the platform, so they can address security and safety by design for different genders. Yeah. And this required us sitting together and understanding if actually resilience by design and not just security by design is being considered and it’s being taken care of with the form of different functionalities on the platform. I’m not going to get through the rigorous examples, because at the moment, you can see on different platforms that censorship and mass kind of analytics are being considered on a multiple level. But also, if we develop the policies and regulations for inclusive access to digital platform, are those policies being translated by the big kind of industry partners or not? So I think it’s very important to bring everybody on board and make sure that we have a foolproof solution when we are developing for those solutions. And inclusivity for women and women education on this platform is very important, which means that I don’t have to only educate them on the fact that they have to access digital platform, but they have to also know about the research and development and kind of niche aspects that are pertaining to research and development and science and development of new technologies. We’re talking about AI, we’re talking about cryptography, we’re talking about security and cybersecurity. So most of those elements are cross-sectorial and also deep into the analysis of the sector, which means you don’t have just to do like a generic surface-scratching awareness program for women or kind of women in leadership or women in cyber kind of sessions, but you really need to educate them on a deeper aspect, on an academic aspect sometime, on the power of developing new technologies. I think what we are lacking at the moment is the power of the collectives. So I would say the power of providing for the ecosystem champions across board and as well the power of funding and the power of the collectives in terms of knowledge capital, bringing everybody else on the same table. And maybe have a co-creation lab for women to design their own solutions within a digital platform and figure out if those solutions could be championed by different industrial partners to be implemented on the different platforms as well and within the industry. So I mean creating disruptors within the industry that comes from innovators of the space who understand those needs and who are focusing on solving those gaps and needs, not focusing on commercially building a massive solution that pertains to a generic use of the public. And maybe then we will be starting to solve all these kind of issues that we have, not just for women but for all other gendered groups and as well for children as well at the same time. So this is one in terms of technology development, in terms of education, but as well in terms of policy formulation. I think there is a huge gap in between the recipient of the policy, which is the women at the moment, and the policy developers who are developing these policies sometimes in Global North and the impacted pool are in Global South. So how can we redistribute policy creation where we have policy labs within the affected zones actually. If we know that, I don’t know how many we’ve said, we have 25% of women are actually in cyber, right? What regions are predominantly high on the number of women in cyber and what regions are low? I know for example for us in this region we have quite of a high percentage of women in technology and STEM and STEAM and women in cyber as well. So how would the learning curve be viewed on this kind of aspects? Would we be able to maybe bring in together this kind of co-learning labs that are globally developed by those indigenous groups, not just by specific entities within the global kind of narratives? I think trying to solve from grassroots perspective is supposed to be a powerful tool that we should exercise, not just on technology level or education or awareness, but also on the policy aspect. Thanks.

Shimona Mohan: Thank you professor. I think you covered a lot in terms of what kind of solutions we can look at and we’ve been talking about solutions on this entire panel and I think that’s a really… I hope you can hear me. Yes, okay. So talking a lot about solutions on this panel and I think that’s particularly important because we’ve heard a lot about problems around and we continue to hear them in the context of emerging tech like AI as well. But a couple of things that you said really are really really interesting especially about sort of combining the convening power of audiences from different fields, from different walks of life to sort of come together and contribute to these efforts. And I’d like to go back to Luanda here who was earlier talking about a very similar thing when it came to both tech and policy audiences sort of coming together and making sure that these mean streaming efforts are taking place in collection in some. So Luanda, I’d like to also come back to you and perhaps ask if you already have any sort of work streams in place or any projects or ideas around this perhaps where cyber capacity building programs are targeting both tech professionals and policy professionals in perhaps a combined manner. And if this would perhaps be this kind of hybrid model of capacity building might perhaps be a bridge for technologists and policy audiences who we’ve seen do have a little bit of a gap to understanding perhaps the same issue or how to tackle it. Professor also pointed out that there’s a disconnect between the people at the policy level and at the recipient level as well. Perhaps, Luanda, you can speak a little bit more to this when it comes to gender mainstreaming and cyber capacity building. Thank you.

Luanda Domi: I think you called my name. We’re having a bit of a challenge hearing you. But please intervene if it’s not my turn. Excuse me, in the room. Okay. Can they hear us? If I heard correctly, also what Dr. Hoda mentioned, I wanted just maybe to say one thing about AI because she mentioned a lot of the risks and one thing that is quite interesting about gender and if we talk about gender and education versus, I mean, women education in STEM and cybersecurity versus employment, I think this is where we see huge differences globally. Now, this is not the case in Middle East. Middle East is doing really great on this area, actually. But what I wanted to say in terms of statistics is that now a big issue is AI and gender employment risk. So again, to that report from UN Women, we see that, I mean, they quantified what we actually knew. It’s that 3.7% of women’s job globally now are at risk of being replaced by AI compared to 1.4% of men’s jobs. So this is only goes to echo the importance of training women in AI driven roles. So only with capacity building programs, we can help bridge this gap, which I assume will only get higher with the years to come by offering specialized trainings like ethical hacking, secure coding and AI governance. I think this is quite important if we’re trying to see like what is some of the solutions out there for a growing problem. And I’m really happy to also hear of UNIDIRS Women Fellowship on AI. I think this is the way that we need to approach it. Now, also when we talk about gender and its intersection, we really must go beyond it and see, adopt the principles of diversity, equity, inclusion and accessibility to ensure that everyone, including women, new diverse individual, those with disabilities like visually impaired can really, really thrive in cybersecurity. And why am I mentioning this? Because we’re talking about what type of training models should be there, separate or hybrid models. But this is when we were looking at what type of models, this has to be adapted to the learners that we are targeting, right? So every learner has different requirements, have different needs, has different pace, and we have to adapt to their unique strengths. For example, when we talk about, so I’m actually lobbying for both, but separate programs need to be tailored for specific needs. For example, because they would provide a focused, safe environment for individuals that can learn without distractions. Let’s talk about, for example, individuals coming from neurodiversity communities, they can learn much more and within excellent pace if they have a highly structured schedules, if they have clear instruction, and if they have, for example, sensory inputs. So these are the things that we need to check. And they have been quite, quite successful in positions that are, for example, ethical hacking, especially for ethical hacking. And I think programs like cybersecurity, new diversity talent pipeline are programs that we need to further scale up for in regional and global level. And then you have, for example, programs that could leverage adaptive tools like screen readers, tactile diagrams, or braille-friendly resources. So these are very good workshops that can be done for visually impaired individuals on topics that have been done so far in secure coding or cryptography. And they help achieve successful graduation rate because through these tools, educational aids, they also get to do a lot of hands-on activities. Now, when we look at hybrid programs, and I would lobby for these programs, but in very specific curriculums or purpose, I should say, not curriculum, but for example, if we want to do exchange for collaboration in terms of bringing together policy makers and technologists, I think in these cases, hybrid cybersecurity training can help in understanding, adapting, regulatory implications. So this could be like very cross-sector capacity-building workshop in cybersecurity. Or another one would be either neurodiverse individuals with traditional learners versus visually impaired and fully disabled individuals. Visually impaired and fully sighted participants. So they have been very good example where they have to do joint exercises where maybe visually impaired individuals had have an environment that could, they could use the tools easily. And onsite participants had the other aspects that could contribute to better interaction with visually impaired participants. So these all foster some sort of teamwork without challenging, I think, the diversity and the strength, unique strengths of each players or learners in this kind of aspects. So I think these are some of the, I think, pros and cons of each. But I would say that in cybercapacity building, both are very important. And they have to be carefully planned so they are inclusive and create unique teams that are successful.

Shimona Mohan: Perfect. Thanks so much, Luanda. Thanks so much, Luanda. If you can hear me? Yes. Thanks so much, Luanda, for that. I think you answered a question that I hadn’t even thought to ask and I should have. But thank you so much for that very, very exhaustive sort of snapshot into the diversity aspect of things, which I think we sometimes sort of skip over or overlook just because we, is it lesser? So thank you so much for bringing it up in this panel again. I think now we’ll perhaps have a very quick lightning round of questions. So I know that there’s one question on the chat, or two on the chat. But I’d also like to perhaps open the floor if there are any questions in the room. Okay. Could you please come up to the mic here and take the questions? And I’d urge you to keep the questions very brief because we have the room for a limited time. Thank you.

Jocelyn Meliza: Hello, can you hear me? Fantastic. My name is Jocelyn Meliza. I am a MUG member and also a co-facilitator for the BPF on cyber security. This year we were focusing on mapping out cyber security initiatives. But then we realized that several organizations are also mapping out, but the gap really came in terms of cross collaboration. And I really liked what Professor Huda mentioned on building the power of the collective and the power of the collective. And something else that we also noted while mapping, we did not see any map of women in cyber capacity building programs. So do those map exist anywhere and even beyond? that how do we harness what you mentioned on the power of the collective. And lastly, an opportunity to also welcome you to the BPF on cybersecurity. It’s on Tuesday at 4.45, because it will be an extension on this, and I think this topic will be very valuable in building into that mapping exercise, as well as building into next year. Thank you.

Shimona Mohan: Perfect, thanks so much. I think we’ll take all the questions together, and then perhaps we can go with the panel. Yes, please.

AUDIENCE: Okay, I hope you can hear me. Thank you for that lovely and insightful presentation. My name is Paula, and I have a question, perhaps to Yasbin. The ITU’s CyberTracks program is fantastic, and I speak as a beneficiary of the program. I am currently a cybersecurity policy advisor, and a lot of the work that I do is based off of what I’ve learned from the program. What I wanted to find out is, of course, the program can only take a certain number of people per cohort, and there are so many people that want to be part of the program. So is there a way that the program could be done in collaboration with governments, for instance, where learners can access the platform freely so that we don’t have to wait for a new cohort to start for people to join the program, but it will be more distributed? Is there a possibility of that happening? And then, as an afterthought, is there a platform that, if I’m interested in building my capacity in cybersecurity, is there a platform where I can go and I will find a list of all the fellowships or programs that are open so that all of them can be accessed from one particular platform? Thank you.

Shimona Mohan: Perfect, thank you. And then the gentleman in the back.

AUDIENCE: Hello, good afternoon. I’m Kosi, I’m a student from Benin. I’m working for government. Also, I chair one NGO called Women Be Free. And I want to know, your capacity-building program, is it available in some language, like French, for example? Is it available? Do you have some tool somewhere? Is it possible to have some different kind of training you provide, if it’s possible to have it in French, in English, and so on? Now, last question. Is it possible to have partnership with your organization directly to provide training for people locally? Is it possible for you to come, for example, to Benin and provide physically training for people there? What is the plan? What is the process? Thank you.

Shimona Mohan: Perfect, thank you. I will also just read out a couple of questions that we have from the chat online. So, one of the questions is about how, what are the ethical considerations and challenges associated with emerging tech? And how can we prepare the next generations to navigate them? And sort of related questions, which we can perhaps club together is, how can we address the digital gender divide in Africa to ensure that women and girls benefit equally from AI advancements? So, I will invite our panelists to sort of do lightning responses, and perhaps club them together with any closing remarks that you have, any final words, comments, et cetera. Perhaps to avoid tech issues, we start from the room, and then we’ll proceed online back to Catalina and to Luanda. So, I’d give the floor to Professor Hoda first, and then we just come together here.

Hoda Al Khzaimi: Thank you so much for your questions. This has been amazing. Paula and Kusi, and what’s your name, I’m sorry? Josephine? Josephine as well. I think you have very, very interesting kind of collective reflection on how we can maybe provide for online tools as long-term assets of this program. We always invest in cyber capacity building and capacity building at large in different regions of the world, but we also wanna make sure that it’s not just a repetitive problem where it’s exhaustively complex to solve. And I think utilizing digital platform where we have a LinkedIn-like platform where you can put in the profiles of people, different capacities that they have developed, and access to courses and material would be very, very kind of powerful to have where the contributors could be different countries from different parts of the world. So, building that kind of platform effect is a must at the moment, I would say. Thank you, Paula, for bringing that up, and as well, Josephine. And as well, considering the different nonsense and languages and as well details that comes from different parts of the world is very important. And this is what I meant exactly when I said that if we started solving for the capacity development problem, for example, in cybersecurity, from within the regions, the solutions and the nudges are quite simple. And the development of those solutions is not very exhaustive. And I think we should put in some effort to have some traces and some kind of legacy that would be created to benefit the public. One of them, I think, the co-creation lab, the funding platform, the co-development platform where we can have the courses and the people, like matching challenges with needs is very important.

Yasmine Idrissi Azzouzi: If I may also take maybe those questions together, in particular, I have a feeling that they are related to sustainability of programs and localization as well. And so really taking advantage, let’s say, of that local ecosystem. So actually at the ITU, we’ve piloted last year a similar approach where we actually wanted the program that we had been running for a while, which was the Women in Cyber Mentorship Program to be then given, quote unquote, and ran by a local organization. So we partnered with this organization called Women in Cybersecurity Middle East, who is a very, very active network in this region. And they have basically ran the program in the region under sort of the guidance and umbrella of the ITU. And this pilot has also shown us that, of course, we know we’ve mentioned that funding is an issue in the cybersecurity capacity building field as other capacity building fields. And so having this capacity of sort of multiplier initiatives where then knowledge and resources are given to local organizations can be part of the solution there.

Shimona Mohan: Perfect. Thank you so much, Yasmin. And I’ll go back to the online room, perhaps first to Catalina and then to Luanda, if in a couple of minutes you’d like to respond to any questions or have any concluding remarks. Thank you.

Catalina Vera Toro: Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Thank you. Plataish. I don’t know, I’ll just go. So basically from a governance and MFA standpoint, what I can say is that we are trying to collaboratively come together within the open-ended working group for capacity building. I think that is gonna be a huge negotiation and a huge pillar because specifically for the Global South, it’s one of those structural elements that need to be well-addressed within the open-ended working group and how we transition to the permanent mechanism. So we are trying to come up with something that is obviously inclusive and that takes into account the needs specifically for developing countries. And that will probably entail some sort of repository and portals, for instance, for the voluntary norms or demand focus offer of capacity building. And also best experience and how we share best experience throughout the world. So I think eventually we’re going to have something that is on a global scale that will bring in all the experiences, hopefully the successful experience. So that it will be available not only in English, but in all the official languages. That also entails French, for instance, of resources that can help each other build that safer cyberspace for all. And that also comes where, and also regional instances and organizations do great work. So within the open-ended work, for instance, we don’t want to duplicate the efforts that regional organizations are doing. We know that not every country is part of a regional organization, but if you are, there are great programs that do rotating workshops. For instance, the Organization of American States rotates throughout countries to do mentorship programs or gender capacity building programs for each of its member states. So there are great resources out there as of now, and we’re hopeful that by the end of 2025, when we move to that permanent mechanism, for instance, in the open-ended working group, we will have something similar in a global scale. So please continue to help us on how to address this. Very briefly on Raby’s question on ethical considerations, I want to say that many countries are coming up with AI policy frameworks, so you have great resources of how countries are. So, I would like to start by saying that we have a lot of work to do in terms of addressing ethical issues when it comes to AI. Of course, the main one is the respect of human rights, that by that ensuring that AI systems align with and uphold fundamental rights such as privacy, equality, and non-discrimination. Luanda went in depth on this and the risk, the high risk of this. So, I would like to start by saying that we have a lot of work to do in terms of ensuring that, you know, that it’s transparent to the user as well. Fairness and equity, so there is no biases. And also environmental sustainability. So, I think there are great efforts globally on this. Of course, there is the work to do in terms of ethical AI. But also, you know, I think that it’s a great resource to look into. There is great work in that. And I just wanted to mention very briefly that back in 2023, Chile was the first host for the high-level ministerial of authorities on ethical AI for the Latin American and Caribbean, so we had a joint declaration on how regionally we should be doing this. So, there is a lot of work to be done in terms of making sure that it aligns with also with the UNESCO framework. So, there is great work that is being done in there, and, of course, the next step and a responsibility of every state is how we bring that back home. And provide programs and education specifically for our younger generations, you know, that are, of course, immersed in technology nowadays. So, I think that’s it.

Luanda Domi: Thank you. I’ll be very, very brief, and this was a lovely conversation. I don’t want to be dim, but I kind of have to. It’s my job. Just to point out to a couple of the things for, I think, the participants that asked the online question. Last year’s survey, I believe it says that the global population is about 2.6 billion people. So, this is a huge number. So, I think we also have to be a bit real on the things as a global community that what we have to invest to then not just address gender parity, but also this regional, I think, challenge of people without access to the internet. And how do we do this? I think accessibility, digital literacy, and the very basic one, providing affordable digital tools. We need to do this as a global community. This is, I think, not just a strategic thing. It’s a moral imperative. To include the populations everywhere on internet. And then also teach them about the risks, right? And then the second thing I would say very quickly, in Africa specifically, there is a cyber safe foundation which has an amazing program on cyber girls, fellowships, and there is a cyber safe foundation on cyber girls, fellowship. And the women that have been trained, about 67% of the women that graduate from this program get employed. And their salaries increase from 200% to 400%. This year, due to funding, goes back to the report, the fellowship almost closed. And this is where we have to voice out, and this is what we do at GFC through our women in cyber capacity building network, lobby for a regional women’s network to get the funding for successful programs to address gender disbalance and training and education in cyber, STEM, or AI. And we really use this as a call of action to support successful programs out there because there are out there. So we just need to support and scale them up. Thank you.

Shimona Mohan: Thank you so much, Luanda. And to everybody on the panel, to Professor Hoda, to Erin, to Yasmin, to Catalina and Luanda for joining us online, for joining us on Sunday evening in December for this very interesting conversation. I will give the floor now to my colleague, Pavel, for concluding remarks, after which we will close the panel. So thank you again for joining us, everybody. And over to you, Pavel.

Pavel Mraz: Hello, Simona, and hello, everyone. Thank you for the floor. I really want to thank all partners, including the governments of Canada, Chile, ITU, GFC, and the Stimson Center for supporting this event with their contributions and recommendations. I think together today, we have identified at least four key takeaways. The urgent need to increase gender diversity in the global cybersecurity workforce. The necessity of mainstreaming gender considerations both into cybersecurity policy, but also into existing and future capacity-building initiatives. And, of course, the need to address and research gender-based threats amplified by emerging technologies, but rest assured, we have listened very carefully today to all your insights, questions, and recommendations. And in order to ensure that these recommendations are properly captured for policymakers who can take action, Unidear, together with partners, plans to produce a compendium of good practices for mainstreaming gender into cybersecurity efforts. And in terms of next steps, what we plan to do is we will convene a series of online workshops over the year of 2025 with the aim of discussing each of those issues separately. So the gender-based threats, international obligations, women participation in cyber workforce, mainstreaming gender into policy, and capacity-building. And, of course, if these workshops are of interest, please share with us your contact details either in chat or with Simona in the room. We want to capture as broad, as diverse a range of perspectives. We would be more than happy to invite you to continue these conversations. And very lastly, I would just say I would be remiss not to thank the IGF Secretariat for allowing us to have this conversation in a truly multistakeholder fashion by bringing together governments, international organizations, civil society, industry, and technical experts, we can truly assure that our approaches to gender mainstreaming will not be forgotten. So thank you to all of our speakers and participants who have contributed to this dialogue. And rest assured, your insights and recommendations are invaluable, and they will inform our efforts going forward.

Shimona Mohan: So thank you. Back over to the room, and have a wonderful evening in Saudi Arabia. Thank you so much. Thank you. Thank you. Thank you. Thank you.

Agreement Points

Need to increase women’s representation in cybersecurity

speakers

Shimona Mohan

Aaryn Yunwei Zhou

Yasmine Idrissi Azzouzi

Catalina Vera Toro

arguments

Need to increase women’s representation beyond current 25%

Canada’s Gender-Based Analysis Assessment for policies

ITU’s HerCyberTracks program for women in public sector

Chile’s goal to increase women in cybersecurity to 35% by 2030

summary

Speakers agree on the importance of increasing women’s representation in the cybersecurity workforce through various policy and educational initiatives.

Importance of gender-responsive policies and frameworks

speakers

Aaryn Yunwei Zhou

Catalina Vera Toro

Luanda Domi

arguments

Canada’s Gender-Based Analysis Assessment for policies

Chile’s gender-responsive national cybersecurity policy

Need for gender mainstreaming in cyber policies and technologies

summary

Speakers emphasize the need for gender-responsive policies and frameworks in cybersecurity at national and international levels.

Necessity of targeted capacity building and education initiatives

speakers

Yasmine Idrissi Azzouzi

Hoda Al Khzaimi

Luanda Domi

arguments

ITU’s holistic approach combining training, mentorship and networking

Need for deeper technical education beyond surface-level awareness

Importance of tailored programs for specific needs like neurodiversity

summary

Speakers agree on the importance of comprehensive and tailored capacity building programs to address the diverse needs of women and other underrepresented groups in cybersecurity.

Similar Viewpoints

Both speakers highlight the disproportionate impact of AI on women, particularly in terms of bias and job displacement risks.

speakers

Hoda Al Khzaimi

Luanda Domi

arguments

AI systems exhibit bias against women, especially women of color

3.7% of women’s jobs at risk from AI vs 1.4% of men’s

Both speakers emphasize the importance of specialized programs to train and empower women in cybersecurity roles, particularly in the public sector and diplomacy.

speakers

Aaryn Yunwei Zhou

Yasmine Idrissi Azzouzi

arguments

Women in Cyber Fellowship for diplomats

ITU’s HerCyberTracks program for women in public sector

Unexpected Consensus

Importance of addressing neurodiversity in cybersecurity education

speakers

Luanda Domi

arguments

Importance of tailored programs for specific needs like neurodiversity

explanation

While most discussions focused on gender, Luanda Domi unexpectedly highlighted the importance of considering neurodiversity in cybersecurity education, broadening the conversation on inclusivity beyond gender.

Overall Assessment

Summary

The speakers generally agreed on the need to increase women’s representation in cybersecurity, the importance of gender-responsive policies, and the necessity of targeted capacity building initiatives. There was also consensus on the disproportionate impact of emerging technologies like AI on women and the need for more inclusive approaches in cybersecurity education and workforce development.

Consensus level

High level of consensus among speakers, with complementary perspectives on addressing gender disparities in cybersecurity. This strong agreement suggests a clear direction for policy makers and stakeholders in prioritizing gender mainstreaming and inclusive approaches in cybersecurity initiatives.

Different Viewpoints

Approach to capacity building

speakers

Yasmine Idrissi Azzouzi

Luanda Domi

arguments

ITU’s holistic approach combining training, mentorship and networking

Importance of tailored programs for specific needs like neurodiversity

summary

While both speakers emphasize the importance of capacity building, they differ in their approach. Yasmine advocates for a holistic approach combining various elements, while Luanda emphasizes the need for tailored programs addressing specific needs of diverse learners.

Unexpected Differences

Overall Assessment

summary

The main areas of disagreement were subtle and primarily focused on different approaches to implementing gender mainstreaming in cybersecurity, rather than fundamental disagreements on goals or principles.

difference_level

The level of disagreement among the speakers was relatively low. Most speakers shared similar goals and principles, with differences mainly in specific implementation strategies or focus areas. This low level of disagreement suggests a general consensus on the importance of addressing gender issues in cybersecurity, which could facilitate more effective collaboration and policy development in this area.

Partial Agreements

Both speakers agree on the need for gender-responsive policies, but they differ in their specific approaches. Canada uses a Gender-Based Analysis Assessment for all policies, while Chile has incorporated a gender-responsive approach specifically in its national cybersecurity policy.

speakers

Aaryn Yunwei Zhou

Catalina Vera Toro

arguments

Canada’s Gender-Based Analysis Assessment for policies

Chile’s gender-responsive national cybersecurity policy

Similar Viewpoints

Both speakers highlight the disproportionate impact of AI on women, particularly in terms of bias and job displacement risks.

speakers

Hoda Al Khzaimi

Luanda Domi

arguments

AI systems exhibit bias against women, especially women of color

3.7% of women’s jobs at risk from AI vs 1.4% of men’s

Both speakers emphasize the importance of specialized programs to train and empower women in cybersecurity roles, particularly in the public sector and diplomacy.

speakers

Aaryn Yunwei Zhou

Yasmine Idrissi Azzouzi

arguments

Women in Cyber Fellowship for diplomats

ITU’s HerCyberTracks program for women in public sector

Key Takeaways

Resolutions and Action Items

Unresolved Issues

Suggested Compromises

We take gender into consideration for both assessments of the threats and our responses to them. I’m sure this audience knows there’s a gender dimension to every aspect of cybersecurity, so not taking gender into consideration actually makes our responses far less effective.

speaker

Aaryn Yunwei Zhou

reason

This comment highlights the critical importance of incorporating gender considerations comprehensively in cybersecurity, not just as an add-on but as a core element that improves effectiveness.

impact

It set the tone for the discussion by emphasizing the practical benefits of gender mainstreaming in cybersecurity, beyond just ethical considerations. This led to further exploration of specific ways gender considerations can be integrated into policies and programs.

To sum up, basically, in order to really close the gender-digital divide and really promote what we call the equal, full, and meaningful representation of women in cybersecurity, not just as a checkbox being checked, but really meaningful and skilled representation, we must adopt a holistic approach such as this when it comes to capacity building, combining training, combining mentorship, combining role modeling, community building, and real-world exposure.

speaker

Yasmine Idrissi Azzouzi

reason

This comment provides a comprehensive framework for addressing the gender gap in cybersecurity, emphasizing the need for a multi-faceted approach.

impact

It shifted the conversation from discussing the problem to exploring concrete solutions, leading to more detailed discussions about specific programs and initiatives that embody this holistic approach.

96% of all deep content online is non-consensual sexual content pertaining to target women. These attacks often aim to silence journalists, politicians, and activists

speaker

Hoda Al Khzaimi

reason

This statistic starkly illustrates the gendered nature of certain cyber threats and their broader societal implications.

impact

It brought attention to the severity and specificity of gender-based cyber threats, leading to discussions about the need for targeted technological and policy solutions to address these issues.

3.7% of women’s job globally now are at risk of being replaced by AI compared to 1.4% of men’s jobs. So this is only goes to echo the importance of training women in AI driven roles.

speaker

Luanda Domi

reason

This comment introduces a new dimension to the discussion by highlighting the gendered impact of AI on employment, connecting cybersecurity issues to broader economic concerns.

impact

It broadened the scope of the conversation to include the intersection of gender, cybersecurity, and emerging technologies like AI, emphasizing the need for forward-looking capacity building programs.

Overall Assessment

These key comments shaped the discussion by progressively expanding its scope and depth. The conversation evolved from establishing the importance of gender considerations in cybersecurity to exploring specific challenges, comprehensive solutions, and future implications. The comments highlighted the multifaceted nature of the issue, touching on policy, education, technology, and economic aspects. This led to a rich discussion that emphasized the need for holistic, collaborative approaches to address gender disparities in cybersecurity, while also considering the impacts of emerging technologies.

Do maps of women in cyber capacity building programs exist?

speaker

Jocelyn Meliza

explanation

This information could help identify gaps and opportunities in existing programs.

How can we harness the power of the collective in cybersecurity initiatives?

speaker

Jocelyn Meliza

explanation

Collaboration across organizations could enhance the impact of cybersecurity efforts.

Is there a way to make the ITU’s CyberTracks program more widely accessible, possibly through collaboration with governments?

speaker

Paula

explanation

Expanding access to this program could benefit more individuals interested in cybersecurity.

Is there a centralized platform listing all available cybersecurity fellowships and programs?

speaker

Paula

explanation

Such a resource would make it easier for individuals to find and access relevant opportunities.

Are capacity-building programs available in multiple languages, such as French?

speaker

Kosi

explanation

Offering programs in various languages would increase accessibility for non-English speakers.

Is it possible to establish partnerships for providing local, in-person training?

speaker

Kosi

explanation

Local training could better address specific regional needs and challenges.

What are the ethical considerations and challenges associated with emerging tech, and how can we prepare the next generations to navigate them?

speaker

Online participant (Raby)

explanation

Understanding and addressing ethical challenges is crucial for responsible technology development and use.

How can we address the digital gender divide in Africa to ensure that women and girls benefit equally from AI advancements?

speaker

Online participant

explanation

Closing this divide is essential for inclusive technological progress in the region.