The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> SHIMONA MOHAN: There's only 25 percent of women in the cybersecurity workforce, so this is a very important conversation for us to have, and I'm very, very glad that us as the United Nations Institute for Disarmament Research along with the organizations that have collaborated on this event with us, which is the International Telecommunication Union, the Global Affairs Canada have joined to us convene this conversation and further build discussions around gender diversity and cybersecurity. We know there's a gender dimension and the digital gender divide with women representing only about 25 percent of the global cybersecurity workforce.
However, specific gender differentiated impacts of cyber threats and strategies have continued to increase when it comes to the global cyberspace at the current moment. This kind of hinders the multi‑stakeholder efforts to enhance cyber resilience and promote inclusive international peace and security in governance models.
Today with our fantastic panel, which is drawn from all kinds of diversities around geographies, around stakeholders, and around substantive expertises, we'll discuss a little bit more on how to make sure that these gender‑specific threats are countered in an effective manner both through substantive measures as well as through governance measures.
Joining us today just to give you a brief introduction is firstly Ms. Aaryn Yunwei Zhou, who is the Deputy Director of the International Cyber and Emerging Technology Policy Division at the Global Affairs Canada. We also have Professor Hoda Al Khzaimi, who is joining us online for now, and is the Director of the Center for Cybersecurity, New York University Abu Dhabi, and also the Founder and Director of the Emerging Advanced Research Accelerations for Technologies, Securities and Cryptology Research Lab and Center.
We have Ms. Yasmine Idrissi Azzouzi, who is the Cybersecurity Program Officer at the International Telecommunications Union in Geneva. We also have Luanda Domi, who is the General Streaming and Cyber Skills Development Manager, Global Forum on Cyber Expertise. We also have online with us Ms. Catalina Vera Toro, who is the Alternative Representative, Permanent Mission of Chile in the Organization of American States.
Myself, I am Shimona Mohan from the UN Institute of Disarmament Research. Joining us online is also my colleague, Mr. Pavel Mraz, who is a cybersecurity researcher at UNIDIR.
So a couple of housekeeping announcements. I'll ask our fantastic panelists to give us a little bit of a brief about the questions that I (silence) ‑‑
We will have a round and then open up the floor for questions. Please come prepared for your questions after you hear our panelists. I would like to also flag that this discussion is part of an ongoing process of collecting recommendations for a compendium of good practices mainstreaming gender and cybersecurity that we as unity are undertaking with the help and collaboration and contribution of our partner organizations who are also on this panel.
With that, I think we'll start off with the interventions for the day, and I will first invite perhaps since we have in the room Aaryn to kind of give us a little bit of a brief around how can governments tackle gendered cyber threats and attacks and what kind of policies and imperatives are required, and how can a government sort of mainstream these gender considerations in their cyber and digital policy?
>> AARYN YUNWEI ZHOU: Thank you so much for inviting me to this panel. I'm pleased to be here.
So for Canada our approach is to mainstream gender considerations in all aspects of our work. Specifically with threats and attacks. We take gender into consideration for both assessments of the threats and our responses to them. I'm sure this audience knows there's a gender dimension to every aspect of cybersecurity, so not taking gender into consideration actually makes our responses far less effective.
A couple of examples I just wanted to share include internet shutdowns, specifically in Iran. For example, women tended to use Instagram much more, and the international shutdown had a much more disproportionate effect on their both social and economic participation, and we need to get rid of this arbitrary divide between online and offline, as offline violence is often preceded by online violence.
So it's not only the right thing to do, but again, will make our responses more effective. In terms of policy imperatives, in Canada all of our policy initiatives and programs have to go through what is called a gender‑based analysis assessment, GBA Plus.
This isn't only about how policies affect women, but also how policies affect men and other gender‑diverse people, and it's not only about gender. It also takes into account race, class, ethnicity, cultural background to really understand how specific policy responses affect people and all their diversity and to make sure that the programs that we're designing are fit for purpose. Yeah, and I'll stop there.
>> SHIMONA MOHAN: Perfect. Thank you so much. I'm also wondering since you are here as a representative of Canada, and we know that Canada has a feminist foreign policy with specific women and security agenda and national action plan that also has several mentions of online harassment and abuse against women and people of diverse gender identities. How have these helped in the prioritization of the inclusion of tech considerations when it comes to gendered harms?
>> AARYN YUNWEI ZHOU: So I think the thing that we do that's top of mind for us is to create a taboo against online gender‑based violence and harassment. So Canada was one of the founding members of the Global Partnership for Action on gender‑based online harassment and abuse. It's grown to about 15 countries to form a community of like‑minded countries that are building norms against online gender‑based harassment and violence at a time when this is increasingly controversial, unfortunately.
What this has meant is we have a community of practice amongst different governments that can share experiences and learnings on how to do this both domestically and in multilateral contexts, notably around the Commission on the Status of Women every year.
Another important thing that we do is sponsor the Women in Cyber Fellowship. Because of this program we've been able to train over 50 women diplomats from around the world. Not only has this meant more diverse voices around the table at the open‑ended working group, it's the first time that any first committee process has reached gender parity at the U.N., and it also creates a community for women diplomats, and they can turn to each other and share learning and support each other to bring more diverse voices to those processes.
>> SHIMONA MOHAN: Fantastic. Thank you so much. In fact, the Women in Cyber Fellowship has been a beacon of hope for all of us. On the basis of the Women in Signer Fellowship we wanted to at unity replicate the same kind of success in AI‑related conversations for are women diplomats as well with women diplomats.
I think that OAWG and cyber has also focused on reducing the gender digital divide to ensure that women get access is and equal opportunities in the online space, and this is also I know something that ITU has worked on extensively.
So how are we currently facing and sort of fairing with the divide, and how do you think this gap can be sort of closed?
>> YASMINE IDRISSI AZZOUZI: Thank you for that, Shimona. The idea for more than 20 years now we've been very active in enclosing the digital gender divide in particular by equipping women with digital skills. So in the most flagship initiatives when it comes to that are equals, which is a global partnership, and also Girls in ICT, which is very much focused on inspiring younger women to pursue careers in technology.
In this context of cybersecurity we are mandated by specific resolution to promote the growth and development of skilled and diverse cybersecurity workforce and in particular to address the skills shortage by including more women and promoting their employment. Based on that, in 2021 we first launched the Women in Cyber Mentorship Program which is different from the fellowship program in three regions, Asia Pacific and Africa. One of the cornerstones of this program was really the soft skills development, the mentorship aspect.
As we were running it for three, four years, we received some feedback from participants that when they often participate in women in cyber‑related programs or women in tech‑related programs there is a strong focus on soft skills and a soft focus on developing leadership and what not. They wanted to go a little bit beyond that and really focus on the technical skills and the hard skills in parallel to this.
Then we decided to take this experience, and we launched Her CyberTracks, which is a highly‑specialized and tailored training. This program puts into practice what I believe to be a holistic approach in capacity‑building. Why holistic? Basically to me I think that capacity‑building is not just about training. Training is, of course, very important, but it also is focusing on other elements.
One, promotion of role models. Definitely elevating individuals that are from underrepresented communities as successful women in cybersecurity, shedding the light on their successes and showcase that basically it is possible to have somebody that looks like me be able to be in a leadership position in cybersecurity.
Second is community‑building. So facilitating peer exchange support networks is key to helping individuals navigate when it comes to being a woman in cybersecurity in a male‑dominated field.
Third is exposure to the reality of the field. We do so through offering study visits to other countries, for example, where women can see how things are being done and learn on the job basically, job placements, and this basically shows career pathways and provides practical advice. We connect aspiring professional with mentor from all over the world and basically guides them through career pathways that have to do with professional life and also their personal life because, of course, we are multi‑facetted beings as well.
With Her CyberTracks we've tailored curriculum to be specifically for women in the public sector, and these are across three tracks, three CyberTracks. One is policy and diplomacy, the second is incident response, and the third is criminal justice or cybercrime. We have decided to go beyond traditional training, incorporate study visits, incorporate networking opportunities, incorporate mentorship, and also focusing very much on interregional exchange so our cohorts have participants from Africa, from Eastern Europe in particular. Very different context where actually people were surprised to be facing similar challenges even if the context is quite different.
So to sum up, basically in order to really close the gender digital divide and really promote what we call the equal, full, and meaningful representation of women in cybersecurity, not just as a check box being checked, but really meaningful and skilled representation, we must adopt holistic approach such as this when it comes to capacity‑building combining training, combining mentorship, combining role modelling, community‑building, and real world exposure. Thank you.
>> SHIMONA MOHAN: Thanks so much, Yasmin. This sounds like a great program for women of all walks of life to join and make sure that they can contribute and learn a lot. I took notes while you were talking, and I really like the fact that you focused on all the different ways of engaging them as tracks and then sort of making sure that all of those tracks are coming together as one holistic program to make sure they're learning as much as they can.
I would also like love to talk about the tech side of things. How are we seeing these harms come up? We've heard a lot about these harms and how they have specific impacts or adverse effects on women and other gender diverse individuals, but we're lucky to have Professor Hoda on the call with us. I will make use of her expertise and also perhaps ask her what kind of gender threats do you see sort of existing in the cyberspace? Who do you think these affect the most? If you could give us some examples that, would be fantastic. I don't see them ‑‑
>> HODA AL KHZAIMI: Thank you, Shimona, for inviting me to this discussion. I think gender cybersecurity threats are becoming increasingly urgent. Especially as ‑‑ (inaudible). Today we'll address two key areas that are threats, including those threats that can be interpreted by (inaudible).
The problem on this force is how do you define harm when it comes to gender and women and vulnerable groups? The problem is being defined on magnified aspects, including intangible harm that comes at reputational risk. We have seen technologies as in deep fakes. For example, technology that is one of the significant emerging threats particularly for women where you can ‑‑ where it has been found in 2019 that 96 percent of all deep content online is non‑consensual sexual content pertaining to target women.
These attacks often aim to silence journalists, politicians, accident and activists, which is an example that we've seen recently within the media for one of Indian journalist who's has been targeted with a deep fake video designed to discredit her work and insight harassment.
Emerging technologies as well, like AI‑based content verification tools, that is being developed, for example, by Microsoft. I'm talking about individual authenticator and block chain initiatives. The one that has been developing are promising solutions for those kind of deep fake aspects as well as other advanced learning and cryptographic signature schemes that aim to identify the origins of the contents and flag manipulated media online.
We really need to encourage platforms to start authenticating every type of messaging that's being created online and also flagging non‑I would say‑integral or non‑authenticated information being exchanged.
When we talk about the biometric interpretation and the AI biases, we know very well that facial recognition systems often exhibit systematic biases. A study that has been generated in 2018 showed that the rate for that system is up to 34.7 percent for darker‑skinned women in comparison to the whiter skinned men. Those can lead to surveillance and action that also targets marginalized groups.
Emerging technologies, such as federated learning, for example, and privacy preserving AI models tend to use biases by ensuring diverse decentralized data training is being deployed. Additionally initiatives by the ITU and UNESCO are pushing for global standards and ethical AI development, for example, as inclusivity is a must. It should be considered a promise of those type of technologies.
I'm talking about the cyber harassments and as well IET devices. We have emerging technologies in the internet of things, which introduce new vulnerabilities, smart home devices and wearables that can be exploited through stalking and harassment. There has been multiple kind of incidents in the United States where female ‑‑ loner females that have been subjected to being tracked by tracker devices and being subjected to targeted attack when they are in specific area. Affected women not just in abusive relationships, but affecting women in general.
According to the UNESCO, it has impacted women in developed nations. Securities by design principles are a must for us when we are developing and designing the next generation solutions. Not just in cybersecurity, but in general and the technology platforms.
Thank you. I'm sorry. I can't hear you, Shimona.
(Silence).
>> LUANDO DOMI: Shimona, if you can hear us, we don't hear you.
(Silence).
We can't hear you. Maybe you are on mute.
>> SHIMONA MOHAN: Can you hear me now?
>> LUANDO DOMI: Yes.
>> SHIMONA MOHAN: Okay.
(Echo with audio).
>> LUANDO DOMI: Unmute the microphone. We see that it's mute online, the room microphone.
>> SHIMONA MOHAN: Unmute the room, please. Okay. Can you hear me now?
>> LUANDA DOMI: Yes.
>> SHIMONA MOHAN: Thank you. Perfect. Okay. There's a saying in tech panel that is there is no tech panels without tech issues, so we're living up to that.
But, Professor, if you can hear me, I would like to come back to you on a follow‑up question that I had. Thank you for giving us a background and especially the exacerbated threats by AI. From a technical perspective I would like to understand what kind of measures we can take both proactive and reactive to sort of lessen these harms and who should employ these measures? If you could speak a little bit to that, that would be fantastic.
(Silence).
>> Dr. HODA ALKHZAIMI: ‑‑
>> LUANDA DOMI: I think maybe because she's on the move she's having challenges. Shimona, you can get back to her later.
>> SHIMONA MOHAN: Okay. So I just want to do get a sense of solutions that we can employ to make sure that we don't come to these gender‑specific harms against women and people of diverse gender identities. From a technical perspective, I wanted to come back to Yasmin and ask, since we want to effectively come back to these gender threats and harms, I know that a variety of internet governance communities perhaps need to be cognizant of these threats and then well‑trained to respond to them. You spoke a little bit about this in your intervention about Her CyberTracks, which ITU is doing. I would like to also understand how do capacity‑building interventions such as CyberTracks or as Aaryn mentioned the Women in Cyber Fellowship help in this effort?
>> HODA AL KHZAIMI: Thanks for that, Shimona. I hope there won't be any sound effects that are unexpected, but I think that including women in the workforce including women in the workforce would be key. As we know, in the cybersecurity field, there is still this persistent challenge. There are issues beyond recruitment, but also retention and meaningful representation of women in cybersecurity.
Since women are disproportionately affected by online risks, this can have one or two affects and can either encourage them to go into the field to be able to face these risks or discourage them on the other hand. But even more so, the programs that we work with are with women in public sectors, so women that are often politicians, diplomats, women in the public eye, which makes them the higher target for gendered harms online, harassment, doxing and what not.
Through the holistic capacity‑building approach that we use for our CyberTracks that I mentioned earlier, we also run these peer exchange sort of platforms or sessions on the challenges of being a woman in cybersecurity. These are intergenerational and interregional. Now participants have actually called them group therapy because they've actually been platforms for them to share experiences and difficulty in overcoming obstacles in the workplace and overcoming obstacles in the workforce at large. Tears have been shed and hugs have been given at these kind of things even though these are very different context, again, from a cybersecurity and maybe socio‑economic perspective as well.
Many of our participants, the reason why I'm telling you this story is that the key sort of conclusion that comes from these exchange sessions is the power of communities, and women are often left out of formal processes are. So what happens at these formal processes, these boys’ clubs oftentimes, they have found strength in actually creating informal communities parallel to the formal ones, and programs like Her CyberTracks and others have actually had the ability to help create these communities.
So now past participants stay in contact. They share with each other and ask each other and learn from shared experiences. This ensures that today's informal communities of women in cyber that are in government, in incident response, or in cybercrime, tomorrow become the formal networks of the women that are leadership that can ultimately result in really real confidence‑building measures and interregional cooperation.
All in all, being able to respond to these threats is not just simply the question of having well‑trained people, but also about creating environments where diverse perspectives are encouraged, are respected, are heard, and leveraged to ideally create these communities of support. Thank you.
>> SHIMONA MOHAN: Fantastic. Thank you so much. It's very eye‑opening to get an insight into how all of this plays out from start to finish, and I think that this ‑‑ I would also like to understand how this happens perhaps on more of a national level. So we're going to go to Catalina on the screen. I hope you can hear me. Just checking because of tech PTSD. I wanted to get a sense of how Chile, which is actually one of the few countries to have a specific focus on gender in its national cybersecurity policy, how does this kind of focus in the cybersecurity policy help both substantively, say, in terms of gendered harms, and also participatorily in terms of the ratio of women cyber professionals in the country? Over to you, Catalina.
>> Catalina VERA toro: Thank you. Hopefully you can hear me as well, without an echo. Wonderful.
First of all, thank you, and I want to say hi to my distinguished fellow panelists and also to the audience and express my appreciation for the opportunity to share a national experience on this important issue.
As you mentioned, Chile has integrated a gender perspective on its national cybersecurity policy, so I will go very briefly on how such focus helps extensively the meaningful participation of women and gender diversity and how the diverse broader implications also beyond, like, in international cybersecurity discussions and governance.
So back in 2023 we became the first South American country to have a feminist foreign policy. That means we joined Canada, the Netherlands, Mexico, and the like that are leading the way on this. Thus, at our core, Chile has advanced on its commitments on human rights and equality, but through this vision of feminist foreign policy we want to be ‑‑ to achieve through policy a more inclusive country and more egalitarian society, you could say.
Particularly in regards to gender perspectives on cyber policy, there are very few countries, as you mentioned, that have this in their national strategies. For instance, in Latin America and the Caribbean 14 include some reference to human rights, but only four incorporate gender perspectives. That will be Argentina, Colombia, Ecuador, and us. However, Chile has updated its cybersecurity policy in 2024 from its 2017 policy that already had gender as a reference, but now we had incorporated a gender‑responsive approach by mainly establishing the obligation of the state to protect and promote the protection of the rights of the people on the internet through strengthening of tech systems, institutions, and cybersecurity measures by capacity‑building and updating frameworks and by gender mainstreaming.
All these initiatives must preferentially consider women both in terms of their protection and inclusion and positive action aimed at correcting the inequalities that continue to exist in our society, as my previous panelists covered very well, and also mainstreaming protection of children and youth, the elderly, and also the environment.
Such focus achieved two major objectives you could say. First, addressing gender‑specific harm in cyberspace, but also promoting the inclusion of women in cybersecurity workforce. How do we address harms? Basically we ensure that this is not only acknowledged but systematically addressed by incorporating specific measures for gender sensitive threat analysis and response mechanisms. That means we have updated our policies and are also in the works to broaden policies that mitigate gender‑aligned harms by developing tailored strategies for prevention and victim support, empower affected groups to report incidents without fear or stigma, build safer, more inclusive online environments where everybody can engage freely. Through measures that are not only ethically imperative, you could say, they can also contribute directly to more robust, inclusive cybersecurity systems that protect all citizens.
When it comes to participation and encouraging women to go into cybersecurity as it was previously stated, women represent around 20 to 24 percent of the global cybersecurity workforce, so policies that prioritize gender inclusivity have a transforming potential. We have initiated scholarship, mentorship programs, and leadership opportunities for women in cybersecurity through our national cybersecurity ecosystem that we're building.
Next year we will have a cybersecurity agency. We are also paving the way for talent pipelines. This improves the ratio of women cyber professionals and enhances cybersecurity outcomes. I want to mention something more. Nowadays we are all talking about technology and how we have to, like, get our people, our workforce, ready for that, right? When it comes to cybersecurity, it's very interesting because it's a very broad ecosystem you could say of professionals. Like, for instance, cyber diplomats, cyber politicians. Not only cyber tech people, right?
So then we need the data actually. How many people are getting into cybersecurity nowadays, not only in the technical field, but in the broader aspects and cybersecurity expanding its scope. Therefore, we need more professionals. On this Chile is trying not only to get young women into cybersecurity, like to go in early stages into STEM and so on, but also, to help women later in their careers to reconvert into cybersecurity through, like, customized programs you could say that are targeted for a specific need. Like women that have already been ten years in the workforce and want to reconvert into cyber field with short programs, short programs with certification, and also to help them leverage their experience to get into the cyber field because most of the times the biggest block, you could say, for this is that they don't have cyber‑specific experience.
That is where the government can come in and help incentivize companies to bring in the women workforce that are being reconverted into this field. For that we have implemented ‑‑ well, not only for cybersecurity for women in STEM and beyond, the WALA Certification that promotes through government incentives parity in the workforce in public sector and those in private sector so that they can also venture into this new cybersecurity opportunities that are at hand and make the most out of it. I'll leave it at that. Thank you.
>> SHIMONA MOHAN: Thank you so much for giving us that snapshot, Catalina. I also know that Chile has often mentioned, and you talked about this in your intervention just now as well about promoting a sort of gender cybersecurity and gender‑sensitive cyber capacity‑building at the policy level. I am really interested in figuring out how does that prioritization help contribute effectively through also your international discussions around cybersecurity? I know Chile is also very active in the streaming aspect of this as well. If you can speak about this, that would be fantastic.
>> Catalina Vera TORO: We're a firm believer in multilateralism, you could say. In regards of cyber space, I think there is a great opportunity at hand to do it more broadly and inclusively, you could say. Chile has been a big promoter on including reference on human rights, and also the need of gender perspective when it comes to the internet, you about also to cybersecurity because harms are differently felt for vulnerable groups, and those need to be represented in those discussions.
Therefore, I must say I'm a woman in cyber fellow, so I'm living testament to how that fellowship can help women come into leadership roles. Now I'm the head of the delegation to the open‑ended working group for Chile, but also to have that sort of network where you can work with women and bring those concepts into the room and also to negotiating languages.
When it comes to, like, for instance, the open‑ended working group, we have consensus language on the progress reports that incorporate gender perspective. I think this is a good way forward on how we build a universal, you could say, framework, whether it's voluntarily or eventually legally‑binding that incorporates a human‑centric approach, but also a gender‑responsive approach.
It's the best way forward, and it's an opportunity that we have nowadays that we need to take very proactively. When it comes to the Organization of American States, yes, we do have a great program through Cytta on our security pillar at the OES. That basically is focused on recommendations for strengthening gender and cybersecurity through the regional organization, you could say. They do this by first institutionalizing gender in national diverse strategies. So member states are encouraged to follow OEWS guidance to formulate gender perspective into the policies and action plans. They also through the organization promote gender sensitivity, capacity‑building. So they have programs that expand training programs specifically targeted towards women, particularly in underserved and marginalized communities to close that gender gap in cybersecurity expertise.
There is also an enhanced regional collaboration, whether that's through the Cert of the Americas or other programs where we foster partnerships among OEWS member states to share practices, experiences in gender sensitivity, cybersecurity initiatives.
For that, for instance, we have 11 confidence‑building measures, and one of those is specifically on gender in the region. We also have programs that combat online gender‑based violence. We developed a regional framework to try to address online harassment, exploitation and abuse and ensuring responses to the cross‑border issues and also there are programs that are targeted to increase representation of women by creating policies to ensure women are provided leadership roles and technical roles in cybersecurity at the national and regional level.
There is a lot of work that we have done regionally as well and that we are trying to collaboratively trying to promote the incorporation of human‑centric and gender perspectives also in negotiations. This is not only something that Chile is doing, but many countries in the region are also promoting the inclusion of these references because having consensus language can also be a way to build through other negotiations and other specific topics, like, for instance, the U.N. cybercrime convention to incorporate human right language and also like the convention on the rights of the child and also gender perspective or gender‑based violence concepts as we build a safer cyberspace for all. Thank you.
>> SHIMONA MOHAN: Thank you so much, Catalina. That was a very good snapshot of how you're seeing it play out, not just in Chile, but in Latin America and then Zooming out internationally as well.
Speaking of gender and mainstreaming, we're also lucky to have Luanda on the panel with us who sort of does this as her entire job. I was wondering if, Luanda, you could help us draw a clearer picture of how this can be achieved in the area of cyber capacity‑building, and what does gender mainstreaming look like in practice? What kind of elements, for example, are particularly important for policy audiences to consider? Here I'm thinking more along the lines of perhaps DEIA principles or perhaps intersectionality. That might also be of interest for policy professionals to consider.
Over to you, Luanda.
>> LUANDA DOMI: Thank you, Shimona. Thank you for the invite. I actually think that my fellow colleagues did the job for me by actually giving some really good examples of what they're doing on their current work on how gender can be mainstreamed in national policies, like Chile or through mentorship programs, like ITU. Then Canada example for WIC fellowship and reaching gender parity in an open‑ended working group, which we are also SGSC are very, very thrilled to facilitate that fellowship.
If I can put it in more just steps to understand, like, what it is about cybersecurity in terms of when we talk about gender mainstreaming that we need to understand that it's not just technical issue. It is also a social issue, which means that gender significantly influences individuals or users' experience and the perception of cybersecurity.
We heard from Dr. Hoda Al Khzaimi give a specific example of what are some gender‑specific threats towards, for example, woman or marginalized group that might significantly change the experience of either participating into public discourse or even taking jobs or even removing themselves completely from online forums.
When we talk about gender mainstreaming, it's important to talk about that it has to happen in two streams. Policies and technologies that govern our digital world. I think this is now so many examples we have with AI that we have to kind of see that these technologies really do not take on biases that are in our real world.
When we talk about foundation of gender mainstreaming, it's very, very important that it's systematically integrated in every step of capacity‑building. That's the only way that it could be successful. How is that in terms of designing implement, a but also evaluation? These are the three key things. For example, we all know that right now in the cybersecurity workforce, and it was mentioned today the percentage of women in cybersecurity professions is quite low globally, but I think also regionally it differs. We need to be intentional about gender‑specific golds that we want to reach like in Chile's case, for example, aiming to increase a woman's employment in cybersecurity role to 35 percent by 2030. This gives us clear policy, clear steps how to implement it, but also, to evaluate it later on whether we actually succeeded in reaching that goal or not. Then when we talk about in terms of capacity‑building, one way or another it was mentioned here today we have to see what are systematic barriers beyond woman leadership that are currently cybersecurity and one to upscale, but what are systematic barriers to woman's participation in educational or training that are available for cybersecurity and capacity‑believe. This is where we talk about why it's important to develop capacity programs intentionally that address gender‑specific needs and how to teach professionals on how to counter online harassment and gender disinformation campaign and how common tactics ‑‑ or what type of common tactics are used to silence women and marginalize the voices online?
Then address social engineering attacks, which we heard about today that clearly disproportionately target women and then I believe Yasmin mentioned more women in politics or leadership perception ‑‑ positions which are more visible to the public. This is something that's more practical to do and quite easy to do. However, I did want to mention why we are here where we are today. I recently came out ‑‑ came across a U.N. woman reporter. It says that only 0.05 percent of development budgets are targeted to gender initiatives. This is simply too low for us to be able to carry successful policies policy implementation and programming for addressing gender and gender parity in a global level.
>> SHIMONA MOHAN: Thank you so much, Luanda. That's a very good sort of spotlight on the report also that you gave for the U.N. women report and the very varying statistic of 0.05 percent. It's truly, truly terrible.
I have another question for you, but before I turn to you, maybe I can come back to Professor Hoda, who has joined us in the room. This is actually taking a thread from what Luanda said about how it's important to have both tech and policy perspectives around this so we can push for meaningful change. Professor, you earlier spoke about the kind of threats that we have. I would like to flip the coin and ask, what kind of measures can we take from a technical perspective both proactive or reactive that can sort of lessen these harms? Who should perhaps take these measures? Over to you.
>> HODA Al Khzaimi: Thank you for the question. I think it's ‑‑ (silence).
>> PAVAL MRAZ: The room is muted.
(Silence).
>> Yes.
(Silence).
>> HODA Al Khzaimi: This required us sitting together and understanding (inaudible) ‑‑
(Silence).
>> HODA Al Khzaimi: ‑‑ inclusive access to digital programs. Are those policies being translated by the big kind of industry partners or not? I think it's very important to bring everybody on board and make sure we have a fool‑proof solution when we are developing for those solutions.
And inclusivity for women and women education on these platforms means that I don't have to only educate them on the fact that they have to access digital platform, but they have to know about the research and development and kind of niche aspects that pertain to science and development of a new technology. We're talking about AI. We're talking about cryptography and cybersecurity. Most of those elements are cross‑sectorial and deep into the analysis of the sector, which means you don't have to do a generic surface‑scratching awareness program for women or kind of women in leadership or woman in cyber kind of sessions. You do need to educate them on the deeper aspects on an academic aspect sometime on the power of developing new technologies.
Think what we are lacking in the moment is the power of the collectives. I would say the power of providing for a consistent champions across the board and as well the power of funding and the power of the collectives in terms of knowledge capital bringing everybody else on the same table and maybe have a co‑creation lab for women to design their own solutions within a digital platform and figure out of those solutions could be championed by different industrial partners on the different platforms as well and within the industries.
So, I mean, creating disruptors within the industry that comes from innovators of the space who understand those needs and who are focusing on solving those gaps and needs, not focusing on commercially building a massive solution that pertains to the public. Then maybe we will be starting to solve all of these kind of niche issues that we have not just for women, but for all other gendered groups and as well for children as well at the same time.
So this is one in terms of technology development, in terms of education, but as well in terms of technology formulation. I think there is a huge gap between the recipient of the policy, which is the woman at the moment and policy developers who are developing these policies sometimes in Global North and impacted in The Global South.
(Inaudible) ‑‑ we have policy lapse within the affected zones ‑‑ (inaudible). We have 25 percent of women that are actually in cyber, right, where both regions have proven high on the number of women in cyber and (inaudible).
I know, for example, of us we have high percent of women in technology and STEM and women in cyber as well. Having the learning curve be on this kind of aspect would mean we would be able to maybe bring them together ‑‑ (inaudible).
>> SHIMONA MOHAN: Thank you for solutions we can work out.
(Inaudible audio).
>> LUANDA DOMI: I think you called my name. We're having a bit of a challenge hearing you. Please intervene if it's not my turn. It's good? Okay. If I heard correctly, also what Dr. Hoda mentioned, I wanted to maybe say one thing about AI because she mentioned a lot of the risks. One thing that is quite interesting about gender and if we talk about gender in education versus ‑‑ I mean, women in education in STEM and cybersecurity versus employment, I think this is where we see human huge differences globally. Now, this is not the case in Middle East. Middle East is doing really great on this area actually. What I wanted to say in terms of statistics is now big issue is AI and gender employment risk. Again to that report from U.N. women we see that ‑‑ they quantified what we actually knew is that 3.7 percent of women's job globally now are at risk of being replaced by AI compared to 1.4 percent of men's jobs. This is only going to echo the importance of training women in AI‑driven roles. Only with technology programs we can help bridge the gap that I will only assume will get higher with the years to come by offering specialized trainings like ethical hacking, secure holding and AI governance. I think this is quite important if we want to look at what are some of the solutions out there for a growing problem, and I'm really happy also to hear of the women fellowship on AI. I think this is the way that we need to approach it.
Now, also whether we talk about gender and its intersection, we really must go beyond it and adopt the principles of diversity, equity, inclusion, and accessibility to ensure that everyone, including women, new diverse individuals, those are disabilities, like visually‑impaired, can really, really thrive in cybersecurity. Why am I mentioning this? Because we're talking about what type of training models should be there ‑‑ separate or hybrid models? When we are looking at what type of models, this has to be adopted to the learners that we are targeting, right? Every learner has different requirements, has different needs, has different pace, and we have to adapt to their unique strengths.
For example, this ‑‑ when we talk about ‑‑ I'm actually lobbying for both, but separate programs need to be tailored for specific needs. For example because they would provide a focused, safe environment for individuals that can learn without distractions. Let's talk about, for example, individuals coming from neurodiversity communities. They can learn much more within excellent pace if they have a highly structured schedule, if they have clear instruction and if, for example, if they have sensory inputs. These are the things we need to check, and they've been quite successful in positions that are, for example, ethical hacking, especially for ethical hacking. I think programs like diversity and pipelines are programs that we need to further scale up for regional and global level.
And then you have, for example programs that could leverage adaptive tools like screen readers, tactile diagrams, or Braille‑friendly resources. So these are very good workshop that is could be done for visually impaired individuals on topics that have been done so far in secure coding or cryptography, and they help achieve successful graduation rate because through these tools, educational aides, they also get to do a lot of hands‑on activities. Now, when we look at hybrid programs, and I would lobby for these programs, and very specific curriculums or purpose, I should say. Not curriculums, but, for example, if we want to do exchange for collaboration in terms of bringing together policymakers and technologists, I think in these cases hybrid cybersecurity training can help in understanding, adapting regulatory implications. This could be, like, very cross‑sector capacity‑building workshop in cybersecurity.
Or another one would be either neurodiverse individuals with traditional learners with visually‑impaired and fully-sighted participants. Those have been good examples where they have to do a joint exercise where maybe visually impaired individuals had an environment that could use the tools easily, and onsite participants had the other aspect that could contribute to better interaction with visually impaired participants. These all foster some sort of teamwork without challenging I think the diversity and the strength, unique strengths, of each player or learner in these type of aspects. I think these are some of the pros and cons of each, but I would say that in cyber capacity‑building both are very important, and they have to be carefully planned so there are inclusive and create unique teams that are successful.
>> SHIMONA MOHAN: Perfect. Thanks so much, Luanda, if you can hear me. Yes. Thank you for that. I think you answered a question that I hadn't even thought to ask, and I should have, but thank you so much for that very, very exhaustive sort of snapshot into the diversity aspect of things, which I think we sometimes sort of skip over or overlook just because we view that lesser. Thank you so much for bringing that up in this panel again.
I think now we'll perhaps have a very quick lightning round of questions. I know that there is one question on the chat ‑‑ or two on the chat. I would also like to perhaps open the floor if there are any questions in the room. Okay. Could you please come up to the mic here and take the questions.
I would urge you to keep the questions very brief because we have the room for a limited time. Thank you.
>> Hello. My name is Josephine. I'm a facilitate every on for BPF on cybersecurity. This year we were focusing on mapping out cybersecurity initiatives, but then we realized that several organizations are also mapping out, but the gap really came in terms of cross‑collaboration. I really would like to tap what Hoda mentioned on building the power of the collective and something else that we also noted while mapping, we did not see any map of women in cyber capacity‑building programs. So do those maps exist anywhere? Even beyond that, how do we harness what you mentioned on the power of the collective?
Lastly, an opportunity to also welcome you to the BPF on Cybersecurity. It's on Tuesday at 4:45 because it will be an extension on this, and I think this topic will be very valuable in building into that mapping exercise as well as building into next year. Thank you.
>> SHIMONA MOHAN: Thanks so much. I think we'll take all the questions together, and then go over it as a panel. Yes, please.
>> I hope you can hear me. Thank you for that lovely and insightful presentation. My name is Paula, and I have a question perhaps to Yasmin. The ITUs track is fantastic, and I speak as a beneficiary of the program. I am currently a cybersecurity policy advisor and a lot of the work that I do is based off what I have learned from the program. What I wanted to find out is, of course, the program can only take a certain number of people paid cohorts. There are so many people that want to be part of the program. Is there a way that the program could be done in collaboration with governments, for instance, where learners could access the platform freely so that we don't have to wait for a new cohort to start for people to join the program, but it would be more distributed? Is there a possibility of that happening? Then, as an after‑thought is there a platform that if I'm interested in ‑‑ cybersecurity, is there a platform that I could find a list of all the fellowships or programs that are open so that all of them can be access from one particular platform? Thank you.
>> SHIMONA MOHAN: Perfect. Thank you. Then the gentleman in the back.
>> Good afternoon. I'm Kosi from Berlin. I'm working in the government also. I chair ONE, an NGO. I want you to know we are a capacity‑building program. In a language like French, for example, is it available? Do you have some tool somewhere ‑‑ is it possible to have some different kind of training you provide if it's possible to have it in French and English and so on?
Now, last question, is it possible to have partnership with your organization directly to provide training for people locally? Is it possible for you to come, for example, to Berlin and provide physically a training for people there? What is your plan? What is your process? Thank you.
>> SHIMONA MOHAN: Perfect. Thank you. I would also just read out a couple of questions that we have from the chat online. One of the questions is about how ‑‑ what are the ethical considerations and challenges associated with emerging tech? How can we prepare the next generations to navigate them? In related questions that we can ‑‑ how do we address the gender divide in Africa so ensure that women and girls benefit equally from AI advancements?
I will invite our panelists to sort of do lightning responses and perhaps club them together with any closing remarks that you have, any final words, comments, et cetera, perhaps to avoid a tech issue. We start from the room and then proceed online back to Catalina and Luanda. I would give the floor to Professor Hoda first and then we'll come together here.
>> HODA Al Khzaimi: This has been amazing. I think you have very, very interesting kind of collective reflection on how we can maybe provide for online tools. As a long‑term asset of this program that we always invest in cyber capacity‑building and capacity‑building at large in different regions of the world, but we also want to make sure that it's not just a repetitive problem where it's exhaustively complex to solve. I think utilizing digital platform where we have a LinkedIn‑like platform where you can put in the profiles of people, different capacities that they have developed and access to courses and material would be very, very kind of powerful to have where the contributors could be different countries from different parts of the world.
So building that kind of platform is a must at the moment I would say. Thank you, Paula, for bringing that up and as well Josephine. As well, considering the different are languages and as well as details that come from different parts of the world is very important. This is what I meant exactly when I said that if we solved ‑‑ started solving for the capacity development problem, for example, in cybersecurity from within the regions, the solutions are not just quite simple. The development of those solutions is not very exhaustive. I think we should have put in some effort to have some traces and some kind of legacy assets that would be created to benefit the public. One of them I think the co‑creation lab, the funding platform, the co‑development platform where we can have the courses and the people, like matching challenges with needs. It's very important.
>> If I may also take maybe those questions together. In particular I have a feeling that they are related to sustainability of programs at local level and localization as well. So really taking advantage, let's say, of that local ecosystem.
So, actually, at the ITU we've piloted last year a similar approach where we actually wanted the program that we had been running for a while, which is the women in cyber mentorship program to then be given, quote, unquote, and ran by a local organization. So we partnered with the organization called Women in Cybersecurity Middle East. It was an active network in this region. They have basically ran the program in the region under sort of the guidance and umbrella of the ITU.
This pilot has also shown us that, of course, we know we've mentioned that funding is an issue in the cybersecurity capacity‑building field as other capacity‑building fields. So having this capacity of sort of multiplier initiatives where then knowledge and resources are given to local organizations can be part of the solution there.
>> SHIMONA MOHAN: Perfect. Thank you so much. I'll go back to the online room. Perhaps to Catalina and then to Luanda, if you have any concluding remarks. Thank you.
>> Catalina Vera TORO: Thank you. There is an echo. For those great questions.
(Audio echo, inaudible).
I'll just go. Basically from a governance and MFA standpoint, what I can say is that we are trying to collaboratively come together within the open‑ended working group full capacity‑building. I think that is going to be a huge negotiation and a huge pillar because specifically for the Global South it's one of those structural elements that need to be well‑addressed within the open‑ended working group and how we transition to the permanent mechanisms. We are trying to come up with something that is obviously inclusive, and that takes into account the needs specifically for developing countries. That will probably entail some sort of repository for the voluntary norms or demand focus of capacity‑building and how we share the best experience throughout the world. I think eventually we're going to have something that's on a global scale that are bring in all the experiences hopefully, the successful experience, so that it will be available not only in English but the official languages that also entails French, for instance. Of resources that can help each other build that safer cyberspace for all. That also comes in also regional instances to great work.
Within the open‑ended work we don't want to duplicate the efforts that regional organizations are doing. If you are part of a regional program, there are great groups that do rotating workshops. For instance, the organization of American states rotates throughout countries to do mentorship programs or gender capacity‑building programs for each of its member states. There are great resources out there as of now, and we're hopeful that by the end of 2025 when we move to the permanent mechanism, for instance, in the open‑ended working group, we will have something similar for in a global scale. Please continue to help us on how to address this.
Very briefly on the question on ethical considerations, I want to say that many countries are coming up with AI policy frameworks. You have great resources for how countries are addressing ethical issues when it comes to AI. The main one is the respect of human rights.
By that ensuring AI systems online and from the mental rights, such as privacy, equality, and nondiscrimination. Luanda went in depth on this and the high risk of this. Also the need of transparency and explainability when it comes to decision‑making processes and that it's transparent to the user as well. For instance, equity so there are no biases and environmental sustainability. I think there are great efforts globally on this. Of course, there is the UNESCO ‑‑ I'm sorry ‑‑ the UNESCO framework for ethical AI. I think that is a great resource to look into. I wanted to mention briefly that back in 2023 Chile was the first host for the high level ministerial authorities on ethical AI for the American ‑‑ the Latin American and Caribbean. ‑‑ for how it aligns with the framework. There is great work being done in there, and, of course, the next step and responsibility of every state is how we bring that back home and provide programs on education for our younger generations that are immersed in technology nowadays. I wanted to mention that very briefly. Thank you.
>> SHIMONA MOHAN: To Luanda, please.
>> LUANDA DOMI: This was a lovely conversation. I don't want to be dim, but I kind of have to. It's my job to point out a couple of things for, I think, the participants that asked the online question. I believe that 67 percent of the global population have access to internet, which leaves 33 percent of global population around 2.6 billion people offline. This was a huge number. I think we also have to be a bit real on the things as a global community that what we have to invest to then not just address gender parity but also this regional I think challenges that we have people without access to internet. And how do we do this? I think accessibility, the digital literacy, and the basic one, providing affordable digital tools. We need to do this as a global community. I think this is not just a strategic thing. It's a moral imperative to include the populations everywhere on internet. And then also teach them about the risks, right?