Although there is a gap in cyber talent between the elite and the upcoming generation, experts advise recognising and valuing the benefits of a more diversified workforce.
The labour mix of the cybersecurity business is not representative of the executives leading it, even though women and people of minorities are rapidly entering the field. It is not enough for equity committees to consider the disparity between an employment base that is predominantly white and male and the leadership itself. It may hinder the hiring process, have an adverse influence on employee satisfaction, and eventually hinder a team’s efficacy and efficiency.
Over 14,000 infosec decision-makers and workers worldwide were polled by the industry training and certification association ISC2 for their most current Cybersecurity Workforce Study. The analysis focused on 5,768 cybersecurity professionals in Canada, Ireland, the US, and the UK to examine diversity, equity, and inclusion (DEI). The data indicates a more varied workforce overall, particularly among the newest generation of workers just joining the industry:
- Among cybersecurity professionals under 30, non-White people made up 58%.
- Among those under 30, women made up 24% of cybersecurity workers.
- Non-white individuals made up 66% of cybersecurity professionals who joined the field in the preceding year.
In contrast, more than two-thirds (73%) of infosec professionals between the ages of 50 and 59—those more likely to be executives and managers—were Caucasian, with just 16% being female.
Leaders who are white men are not being called to be removed. Experts are warning cybersecurity leaders to take note of the diversity within their teams, acknowledge it, and capitalise on its advantages.
Fortune 500 CISOs only 13.8% female, 4.7% African American
A similar lack of diversity was seen in CISOs especially, according to a 2023 Fortify Experts report on Fortune 500 CISOs: 13.8% of the population was female, and 4.7% of it was African American. It will be increasingly difficult for companies to attract and retain talent if they don’t address the fact that the next generation of cybersecurity professionals is more diverse than the managers who oversee them, according to Clar Rosso, CEO of ISC2.
“People don’t stay in organisations where they don’t see people like themselves, especially in leadership roles. It may not be overt, but [diverse] people are receiving a subconscious message that says ‘there’s no place for me here,’” Rosso says.
She continues, “Leaders who disregard DEI run the risk of undermining confidence in their cybersecurity arsenal at a time when AI has significantly increased the threat landscape.” The more various experiences you have assisting you in managing complex risks and solving complex challenges regularly, the better off you will be. Problems are viewed differently by different people.
Cybersecurity executives need to think about how they can show leadership that connects with their increasingly diverse staff as the global talent wars continue.
Acknowledge the diversity divide
According to a 2023 analysis by the ASIS Foundation, cybersecurity personnel from underrepresented groups are far more likely to feel discriminated against at work. These are the results of a survey conducted worldwide among 474 cybersecurity experts:
- 22% of men and 60% of women report experiencing discrimination at work.
- 33% of heterosexuals and 60% of LGBTQIA+ people.
- 34% of Caucasians compared to 48% of non-Caucasians.
- 34% of able-bodied workers and 57% of disabled workers.
- 34% of neurotypical workers and 52% of neurodiverse workers.
DEI is not just about hiring more diverse applicants, as those data disprove. Cybersecurity leaders need to carefully consider their options after integrating a variety of individuals into their firms. “That represents the stage of true integration and acceptance,” states M.K. Palmore, the president of Cyversity.
HR isn’t the only department that has to worry about inclusion and belonging. According to Palmore, who is also the director of Google Cloud’s CISO office, CISOs and CSOs are crucial in helping diverse employees feel that their opinions and ideas are valued. To make sure that people feel like they have found a place where they can learn, grow, and be heard and seen in the workplace, he says, “you have to be thinking about that as a leader.”
Collaborating and paying attention are crucial. Including someone at the table is not enough; it also involves what occurs after they arrive. While some organisations do a terrific job of inviting a diverse array of people to their meetings, they fail to listen. Listening to your staff is a key component of inclusion.
DEI mentoring as an executive leader
According to Darden Ford, during the onboarding process, cybersecurity leaders should “set clear expectations” for new personnel from underrepresented backgrounds. This entails letting them know what the organisation expects them to do in their new role, setting up internal resources and success pathways for them, and following up with them regularly. As a leader, guiding them into areas where they can acquire potential abilities is important whilst providing them comments on how they’re doing.
Employee resource groups (ERGs), which some companies establish to support employees from similar ethnic backgrounds, are something that Darden Ford encourages recently hired employees to join. “Some Black, Hispanic, or Asian worker organisations have ERGs,” she notes. It provides a secure environment for them with those who may somewhat relate to what they might be going through. It is very vital to find your tribe within.
Fear of DEI is most times the elephant in the room
Fear hampers DEI efforts in cybersecurity, according to the ASIS Foundation’s report. Palmore underscores this fear, noting reluctance to engage in DEI discussions due to the risk of making mistakes or being perceived as insensitive. He suggests that experienced white males in cybersecurity can support underrepresented groups by becoming mentors through Cyversity.
Palmore stresses the importance of visible collaboration across diverse backgrounds and emphasises the need for collective effort in addressing DEI challenges, stating that diverse leaders cannot do it alone and allies are crucial for education and growth within the industry.
(Tashia Bernardus)