The Importance of Inclusion & Diversity in Cybersecurity
- Posted on October 27, 2021
I met with someone with the express purpose of discussing I&D. I was asked what ideas I had on getting more I&D into cybersecurity and more broadly STEM (Science, Technology, Engineering and Mathematics) in general. My response, as someone who grew up a white, middle-class male was, “I’m not really sure.”
Despite growing up in what I would call one of the most diverse cities in the U.S. (Houston, Texas), having been exposed to all ends of the spectrum when it came to race, income, demographics, geography and more, I had not considered a world where someone didn’t consider a STEM career because of their status, race, sexuality, etc. I attended college with Hispanic women studying medicine and computer science, and Muslim women studying biology, etc. There were multiple historically Black colleges and universities (HBCUs) with good programs. So, my world view and experience was not “worldly,” I suppose.
I have considered this question and specifically how do we (as businesses) get more inclusive and diverse around cybersecurity. And I mean across the board; while gender and race are often top-of-mind, there are other status such as veterans, differently-abled, age groups, religion, nationality, etc.
A double win: I&D and skills shortages
My first recommendation is a double win: Along with diversity gaps in security, we also have a gap in available staff and skills in the market.
In my view, we need to hire more entry level or transition people from other industries. Entry level roles require a basic understanding of security and then as a business we can train them to fill the roles we need in the future. The issue today is most “entry level” jobs are looking for 5 or 7+ years of experience in certain skills, when what they should be looking for is passion and ability to learn these skills. When we open the barriers on the roles we need, it makes it easier to bring on individuals from any background.
Now I’m not suggesting a Director of Incident Response role should be filled by a recent college grad, but businesses need to have more roles for entry level positions. We need to grow our own because if we don’t, no one else will.
“Breaking into cybersecurity” is a real discussion topic among entry-level candidates. We are telling constantly telling younger people that this market is booming and it’s where you want to be, but not hiring enough of them. It should be easy to see how this kind of shift in our industry will make the entry point for I&D easier.
Remote work and flexibility make a difference.
I spent more than half my career in consulting. It’s nonsensical to me that any business would not embrace remote work. Throughout my career, as I interviewed for a role, if it was one where I had to “punch a clock at 8 a.m. and 5 p.m.” and be in the office just to be there, I passed on the opportunity. In my view this is an inefficient way to work and it limits your talent pool. By allowing your employees to work remotely, you extend access to regions and areas where you can accelerate I&D hiring.
You can establish relationships with schools, non-profits, or other organizations to promote cybersecurity or STEM in areas that may not be doing so. It’s time we stop looking at our businesses with respect to a particular city or headquarters location and start working nationally and globally. You can influence youth this way and you can get the best talent to fill those hard-to-find roles.
These are another great opportunity to expand the diversity of your workforce. Whether it’s a specific program like the U.S. Department of Defense’s skillsbridge, or organizational specific program, finding passionate individuals who want to work in the industry and working with them opens many doors. These programs take people who have worked in other industries and “reskills” them. You not only get to add diverse hires to your staff while growing the industry, but you also get people who are skilled in other areas. They may have great soft skills for client-facing work, be excellent managers or can use their experience in the medical field to now help secure healthcare organizations. If one of our issues as a society is our youth are not being exposed to STEM or not having the opportunity to do it, we can then investigate the industries where they are going into and build these kind of transition programs.
I believe as an industry, we can do things to increase the diversity of our workforce. We simply need to make diversity a priority and explore the benefits it brings to the success of our businesses and our industry. If you want to read more about how Avanade empower employees to be themselves and build their career visit our Life at Avanade page.