In many security organizations, conversations around the pressing issue of diversity in the industry tend to be overlooked. Not only is the world of cybersecurity made up of a highly homogenous group of people at the top, the lack of diversity in the industry creates hurdles and makes the process of securing organizations much harder than it needs to be.
So, how do you increase diversity within your security team? Here are some tips:
The Retention of Diverse Staff is as Important as the Recruitment of Them
Much of the conversation around diversity in cybersecurity often focuses on hiring staff, but if you want to create more diverse security teams, you need to also focus on retaining your diverse staff. While it is important to dramatically increase the number of non-binary, women and people of color, it is just as important to improve your internal processes to help retain them.
Studies show that up to 52% of women leave security careers, as do those with non-traditional backgrounds, and this is nearly double the percentage of men who leave cybersecurity careers. Some say this is because women don’t enjoy their careers in security, but 80%+ of women in the industry say that they love their work. This implies that many from diverse backgrounds leave the industry due to culture.
Don’t Let Conscious Or Unconscious Bias Affect Your Picture of Someone
Too often, we have a mental picture of what a security person is supposed to look like which does not reflect reality. The famous picture of Einstein shows him with tongue out and his hair all over the place, and if you did not know that he was one of the greatest intellectual minds in the world, you might assume that he was not very bright based on how he looked. As this shows, appearances can be very deceptive.
We often do not realise that we have fallen victim to unconscious bias. Acknowledge that your biases may not be explicit or intentional and learn to recognize that they do exist. Listen to what people say, evaluate the work they produce and observe how they collaborate with others – these are all indicators of the value they bring to the organization.
Also, keep in mind that those who have been conditioned to believe that security is not a valid career path for them, or those who are neurodiverse, may not exhibit a level of confidence with their work. It does not mean that they cannot do it, it just means they may need a little more encouragement in their working lives.
Nurture Those who Think Uniquely
Security organizations often think that they want people to shake things up by thinking uniquely, but in practice many are uncomfortable with being challenged and presented with new ways of doing things. When original thinkers do not feel as though they are valued, they are more likely to move elsewhere.
Building a culture of inclusion where everyone has a chance to share their ideas can help hugely when it comes to improving diversity within security organizations. Not every idea will be a great one, but all ideas and opinions should be shared and listened to.
Instil a Culture of Remote and Flexible Working Where Possible
In March 2020, a mass move to get everyone working from home quickly was undertaken when the COVID-19 global pandemic hit. Due to this, many organizations realised that their employees could be just as productive working from home as they could be by working in an office. In addition, those who are neurodiverse often get stressed when a deadline is approaching and undertake their work as far as possible in advance, while others find that they need the adrenaline rush that comes when waiting until (almost) the last minute to deliver a project.
Supporting flexible working hours, a flexible working location, job sharing or three weeks on/one week off enables people to set their own hours and location where they feel at their most productive, while still delivering on deadlines and projects. Trust that people can be productive even if they don’t work in the same way or at the same time as others.
Final Thoughts
To build a strong and diverse security team, you need to build an environment that supports and accepts differences of all kinds. Do not let unconscious bias about gender, the hours someone works, the location that someone works or their appearance get in the way of nurturing all the great security talent available within organizations.
Organizations need to focus on creating cyber security teams that mirror the make-up of their wider workforce. Only then do they stand a chance of warding off the growing cyber-threat.